On Sunday, 9 April 2023 20:13:46 BST John Scott via Gnupg-users wrote:
> You're a genius!
Hardly. :D
> I actually had a hard time getting Scute 1.7.0 to compile, so I built it from
> Git instead
If you have some time to spare I’d be interested to know which problem(s) you
ran into when trying
Hi,
On Sunday, 9 April 2023 03:35:18 BST John Scott via Gnupg-users wrote:
> Note that GnuPG 2.3 is not available in Debian, not even in Debian
> experimental yet, but as soon as the packagers provide it I will give it a
> try. Perhaps I'll install GnuPG 2.3 myself in /usr/local
Note also that
Hi,
On Friday, 18 November 2022 02:35:24 GMT Michaela Tilson via Gnupg-users wrote:
> I'm looking forward to updated advice from security experts on this. What is
> the safest/most reliable way to get GnuPG as a command line application on
> macOS?
Not pretending to be any kind of security expe
Hi,
On Sunday, 20 November 2022 04:59:32 GMT John Scott via Gnupg-users wrote:
> I'd like to try writing a program for my libreCMC router that feeds the
> Linux entropy pool with data from the token's true RNG.
FYI, I wrote a similar program a few years ago: scdrand [1]. It uses
Scdaemon’s RANDOM
Hi
On Friday, 23 September 2022 12:01:18 BST Tsilimigkras Athanasios wrote:
> MY QUESTION: is there any way of changing the settings on GPGv2.2.4 to allow
> this environment variable to be set and therefore allow passwords to be
> cached as in earlier versions?
No. But if you are using other pro
On Wednesday, 7 September 2022 23:09:54 BST Robert J. Hansen via Gnupg-users
wrote:
> Does anyone know what happened to PGP?
It is *supposedly* still available from Broadcom, under the name “Symantec
Desktop Email Protection” [1].
How you can *actually* get it is another question. My understandi
On Wednesday, 22 June 2022 17:34:45 BST theaetetos--- via Gnupg-users wrote:
> unset SSH_AGENT_PID
> if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
> export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
> fi
>
> I don't understand the condition being checked, but I gather the whole
>
On Tuesday, 15 February 2022 20:32:50 GMT Dan Mahoney (Gushi) via Gnupg-users
wrote:
> Worse still, if you know a key exists via something like DANE (dayjob
> makes DNS software, we like the idea of it being available via DANE),
> there's no way to do gpg --search via DANE, only via a keyserver.
>
Hi,
On Mon, Nov 08, 2021 at 02:45:53PM +1000, Stuart Longland via Gnupg-users wrote:
The HTTP request I need to perform is this one:
https://www.vaultproject.io/docs/auth/cert#via-the-api
I tried using Firefox, it can see the certificate presented by `scute`,
but it seems Vault isn't designed t
Hi,
On Fri, Oct 29, 2021 at 04:04:11PM +0200, Romain LT via Gnupg-users wrote:
dirmngr.conf :
configuration for dirmngr (keyserver access)
Dirmngr is also used for fetching the Certificate Revocation Lists
(CRLs), if you’re using GpgSM (the X.509/SMIME part of GnuPG).
crls.d/DIR.t
On Tue, May 11, 2021 at 02:03:21PM +, mailinglis...@posteo.de wrote:
I´m not that familiar with the TPM in general
Me neither.
is the TPM owner (and SRK) password safe against brute force attacks?
Or do you need a complex password for the TPM?
My understanding is that the TPM offers th
Hi,
On Sun, May 09, 2021 at 10:00:25AM +, mailinglisten--- via Gnupg-users
wrote:
I wasn´t aware the TPM has that much space, does the TPM hold really a
complete key? Does it make sense to use ECC keys to save space on the TPM?
Keys are actually not stored *in* the TPM. When you use the `
Hi,
On Sun, Apr 11, 2021 at 10:07:08PM +0200, karel-v_g--- via Gnupg-users wrote:
Another question: why donˋt you use GCM as a possible mode for AEAD?
This kind of questions should rather go to the IETF OpenPGP mailing list
[1], where the OpenPGP format iself (not its implementations) is
dis
Hi,
The GnuPG project is pleased to announce the availability of the latest
release of the collection of PIN or passphrase entry dialogs for GnuPG,
Pinentry 1.1.1.
Noteworthy changes in version 1.1.1 (2021-01-21)
===
* A Pinentry for the Enlightenment environ
On Sun, Jan 17, 2021 at 06:53:29PM +0100, Erich Eckner via Gnupg-users wrote:
And I assume, it's non-trivial or even impossible to start proper DNS
queries (for a SRV record) from within JS?
Apparently not, at least that what folks on the IETF openpgp mailing
lists said when the issue had been
On Tue, Jan 12, 2021 at 09:25:15AM +0100, Stefan Claas via Gnupg-users
wrote:
It would be nice to know why the advanced method was added.
To give more flexibility for people setting up a WKD for more than one
domain.
Let’s say that I manage example.org and example.net, and I want to serve
k
On Mon, Jul 27, 2020 at 10:00:07PM +0200, Stefan Claas wrote:
For testing my new Nitrokey I have just install Enigmail for
Thunderbird on a fresh Ubuntu system and when clicking on
a signed message from a friend, which has properly set-up
WKD Thunderbird/Enigmail can not fetch the pub key. :-(
On Sat, May 23, 2020 at 09:35:54PM -0700, Mark wrote:
I'm sure this is a pretty stupid question
No, it’s not.
I'm trying to figure out which files I need to backup to safeguard my
keys.
I’m assuming you are using GnuPG 2.2 on Windows here (based on your
User-Agent).
Everything that need
On Sat, May 16, 2020 at 04:28:58PM -0400, Robert J. Hansen wrote:
With judicious use of the various -clean options, the key spamming bug
is effectively dead...
I’d like to point out that the options you are referring to are actually
enabled by default nowadays (since 2.2.17). So from an user’s
On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via Gnupg-users
wrote:
RJH's answer sounds like a good piece of advice, but still, at the end,
we HAVE to to choose which algorithm to use when creating new key
pairs.
No you don’t.
You can simply use `gpg --gen-key` and let GnuPG cr
On Fri, May 08, 2020 at 12:49:03PM +0200, Grzegorz Kulewski wrote:
Does anybody here have Curve25519 enabled Yubikey and did/could do such
benchmarks?
I have the following tokens:
* a Yubikey NEO with a RSA-2048 key;
* a Yubikey 5 with a Ed25519 key;
* a FST-01G/Gnuk token with a Ed25519 key.
On Wed, Feb 05, 2020 at 03:59:01PM -0700, Mark wrote:
Is there anyway to revoke an OLD LOST PGP key? I no longer have either
the public or private keys but can find the KeyID. I'm guessing not but
figured I'd ask just in case.
The revocation certificate needs to be signed by the private key, so
On Fri, Jan 31, 2020 at 12:55:05AM +0100, mailing list wrote:
I hoped these objects may have been (read) protected by the PIN, but
they´re world readable if you have the card, a bit sad...
Only Private DOs #1 and #2 are readable without any PIN. Reading the
private DO #3 requires the user PIN,
On Fri, Jan 31, 2020 at 12:39:11AM +0100, mailing list wrote:
By the way, is mcl3 the length of the key currently living on the
smartcard or the maximum key length supported by this card?
Neither of those. It's the maximum length of the "Cardholder certificate
DO". This is another data object
Hi,
On Thu, Jan 30, 2020 at 11:24:54PM +0100, mailing list via Gnupg-users wrote:
How do you write to these objects? Can GnuPG do this? I didn´t found
any way with --card-edit or --card-status.
You can use the (undocumented) command "privatedo" from GnuPG's
--card-edit menu. For example, to w
On Mon, Jan 06, 2020 at 04:42:40PM +0100, azbigd...@gmx.com wrote:
I'm still a bit confused on the changes in secring. How does it come up
with the names for those "new" keys as it doesn't seem to corrolate
with anything I can see on the keys.
Files under the $GNUPGHOME/private-keys-v1.d direct
On Sat, Dec 14, 2019 at 08:05:04PM -0500, Dave via Gnupg-users wrote:
I can’t recall encountering any similar complaints about OpenSSL. I
find this somewhat curious, and am wondering if there are OpenSSL
detractors out there that I simply haven’t come across
OpenSSL definitely has its detracto
On Sat, Dec 14, 2019 at 11:18:32PM +0100, Defiant wrote:
Hey, I recall back in the days there were lots of online tutorials about
how to strengthen your GnuPG configuration.
I don’t know which tutorials exactly you’re referring to, but I have
seen several of them myself, and I have always had
On Sun, Dec 08, 2019 at 10:48:47AM -0700, Joseph Bruni via Gnupg-users wrote:
I recall from the early days of PGP that there was a way to create a
corporate key, fragmented into a certain number of potions, which would
require some quorum to be able to perform decryption. [...] Is this
still po
Hi,
On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
Can you please, or somebody else, explain in laymen terms why this is
so?
Simply put, gpg and openssl enc don’t use the same file formats.
Different formats may encode the same data differently, so you can’t
e
Hi,
On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote:
... Those were the high-priority changes that needed to be made. If
anyone has other suggestions, speak up: I'm listening. :)
A while ago (I can’t find the e-mail anymore) I suggested a few changes
that somehow didn’t fin
On Sat, Oct 12, 2019 at 08:07:58AM -0400, Mark H. Wood wrote:
Humph, I was already grumpy about Mozilla products' insistence on
having their own insular X.509 store, meaning that I have to install
certificates twice (once for Firefox, again for *everything else*.)
Slightly off-topic for this li
On Tue, Sep 17, 2019 at 06:59:34PM +0200, Stefan Claas via Gnupg-users wrote:
I assume that in order to decrypt a message the secret key data must be
unlocked and loaded for a very short time into the computers RAM, in order
to perform the decryption
No. The secret key data remains on the smart
Hi,
On Mon, Sep 16, 2019 at 11:29:19AM +0200, Daniel Bossert wrote:
I need recommendations:
- Which version of software shall I install?
The latest version available for your system, which should in any case
be a version from the 2.2 branch. (If your system is Windows, that would
be Gpg4Win
Hi,
The GnuPG Project is pleased to announce the availability of Scute
1.6.0.
Scute is a PKCS#11 module built around the GnuPG Agent and the GnuPG
Smart Card Daemon. It allows you to use an OpenPGP or a PIV smart card
for TLS client authentication and S/MIME mail and document signing.
Not
Hi,
On Fri, Jun 14, 2019 at 10:12:51AM +0200, Oscar Carlsson via Gnupg-users wrote:
I'm generally curious on your opinions on the latest new keyserver,
this time running a new software than the normal keyservers.
For what it's worth, my main concern is that it is a centralized
service.
This
On Sun, May 26, 2019 at 11:30:18PM -0700, Procopius via Gnupg-users wrote:
What is the encryption engine for the current GnuPG.
There’s no single symmetric encryption algorithm. OpenPGP allows a set
of algorithms: 3DES, IDEA, CAST5, AES, Blowfish, Twofish, and Camellia
[1,2]. GnuPG supports a
Hi,
On Sun, Mar 10, 2019 at 01:25:41AM -0500, Konstantin Boyandin wrote:
> Question: how do I keep several GnuPG versions installed, every
> version with its own gpg-agent?
A Gpg-agent is tied to a specific home directory (as specified in the
GNUPGHOME environment variable or through the --homedi
On Wed, Jan 09, 2019 at 11:29:06PM +0100, dirk1980ac via Gnupg-users wrote:
> > I only wanted to know why such a large image size in the first
> > place was chosen, when GnuPG suggest a much much smaller
> > size. :-)
>
> I think the 16M are from times, where RAM was nbot measured in GB.
Not quit
Hi,
On Wed, Jan 02, 2019 at 04:02:03PM +1100, gn...@raf.org wrote:
> For some dumb reason I think I was hoping that the RSA
> algorithm wasn't really used to encrypt all the data. I
> thought it was probably used to encrypt a per-file
> randomly-generated symmetric key which was then used to
> enc
On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users wrote:
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.
You do realize that, in the case of e-
On Tue, Dec 11, 2018 at 12:35:57PM +0100, Alessandro Vesely wrote:
> Is it possible to get OpenPGP functionality on one of those
> contactless cards?
I know of at least one NFC-enabled OpenPGP card, the "Fidesmo
Card" [1].
I never tested it, but from what I remember when I delved into
their site,
On Mon, Dec 10, 2018 at 02:25:08PM +0100, Wiktor Kwapisiewicz via Gnupg-users
wrote:
> On 09.12.2018 20:48, Stefan Claas wrote:
> > Mind you in the 90's PGP key servers accepted also email and Usenet
> > submissions, if i remember correctly. The keyword was then simple
> > the word "add" in the su
Hi GnuPG folks,
The current version of the FAQ recommends creating a revocation
certificate at several places.
§ 7.17
"We recommend you create a revocation certificate immediately
after generating a new GnuPG certificate."
§ 8.5
"What should I do after making my certificate?
Genera
Hi,
First, a warning: I am by no means a "security expert" and I have
very little experience with Mac OS X, which I only use at my
workplace (and only because my employer didn't let me use a
GNU/Linux workstation...).
However and for what it's worth:
On Tue, Nov 06, 2018 at 06:48:07AM -0500, Nic
On Mon, Nov 05, 2018 at 09:30:48PM +0200, Viktor wrote:
> Because of Google or because of "only one user ID" ?
Both, even though the requirement of using only one user ID would
be more acceptable if the address did not have to be associated
with a Google account.
Damien
signature.asc
Descriptio
Hi,
On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
> I just tried to register with a key who has several user-ID's
> (e-mail-adresses) and I always got the error that the user-ID is not the
> same as in log-in/registered e-mail.
From what they say on the home page [1] this is e
On 08/24/2018 07:47 AM, Martin T wrote:
> One more small question- in the output of "gpg --list-keys" or "gpg
> --list-secret-keys" I see two keys, but in the output of
> "gpg-connect-agent 'keyinfo --list' /bye" or "ls
> ~/.gnupg/private-keys-v1.d/" I see four keys with different hashes.
> Why is
Hi,
On 08/23/2018 10:54 AM, Martin T wrote:
> When I start the "gpg --list-secret-keys" with "strace -e open",
> then ~/.gnupg/secring.gpg file is not searched.
GnuPG >= 2.1 does not use ~/.gnupg/secring.gpg anymore. Secret keys are
now stored in the ~/.gnupg/private-keys-v1.d folder (one file pe
On 08/14/2018 12:05 PM, Ralph Corderoy wrote:
> That was my conclusion after having searched a bit this morning,
> but I didn't notice it explicitly documented?
Maybe not in GnuPG's manual, but it is explicitly documented in the
specification of the OpenPGP format (RFC 4880, §12.2 [1]):
> A [V4]
On 08/14/2018 05:20 AM, Damian Rivas wrote:
> Is there a reason why the fingerprints for my public and private keys are
> exactly the same?
Actually there's no such thing as a private key fingerprint.
Fingerprints are only calculated on public keys.
(Theoretically you *could* compute a fingerprin
Hi,
On 06/11/2018 09:30 AM, Max-Julian Pogner wrote:
> *) should i revoke the uid on the old key? => However, as far as i
> know, the secret key is not / was never compromised.
This is probably the best option in my opinion, since you will no longer
use that key with this email address.
Revokin
On 06/06/2018 08:50 PM, Philipp Klaus Krause wrote:
> See https://www.aisec.fraunhofer.de/en/FirmwareProtection.html for
> some research on breaking STM32 readout protection published in
> January.
For what it's worth, STMicroelectronics claims that the attack described
in this paper "affects on
On 05/22/2018 07:58 AM, Konstantin Boyandin via Gnupg-users wrote:
> primary-keyring ~/mounted/gnupg/pubring.gpg
> secret-keyring ~/mounted/gnupg/secring.gpg
> trustdb-name ~/mounted/gnupg/trustdb.gpg
> keyring ~/mounted/gnupg/pubring.gpg
> but I see no obvious directives to relocate pubring.kbx
On 05/21/2018 04:07 AM, Mark Rousell wrote:
> I think you mean that support for 2.0.y has been dropped, surely?
No, I do mean that support for all PGP 2-related stuff has been dropped
from the current stable branch. Modern GnuPG (≥ 2.1) can neither read
nor write anything that has been generated b
On 05/21/2018 06:20 AM, Robert J. Hansen wrote:
> 2. End-of-life 2.0.
That one at least is already done. The 2.0 branch reached EOL with the
2.0.31 release on December 29, 2017. I believe Werner stated clearly
enough that there will be *no* further point release on that branch, not
even for criti
On 05/20/2018 08:45 PM, Mark Rousell wrote:
I presume that one day the 1.x.y code will reach end of life.
There's no plan to terminate the 1.x branch. It will not gain any new
features, but as stated by Werner Koch a few months ago, it "will be
kept alive for use with PGP 2 encrypted and sign
On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote:
It would be possible to implement something like --legacy to
re-enable the old functionality.
For information, for the problem at hand, two things have been done in
that direction:
In GnuPG itself: GnuPG will now error out when a
Hi,
On 05/10/2018 11:42 PM, Dirk Gottschalk via Gnupg-users wrote:
Where shoult I send this a suggested feature?
Patches should be sent to gnupg-de...@gnupg.org, prefixing the subject
with a "[PATCH scute]" tag. Same for feature requests.
Alternatively, you may also create a Task in the Gnu
On 04/21/2018 05:32 PM, Wink Saville wrote:
Comments on the security of what I'm doing?
Can't really tell anything without knowing your adversary (is it Mossad
or not-Mossad? [1]), but here are a few remarks.
You do not say which version of GnuPG you are using. Assuming you are
using the la
Hi,
On 04/19/2018 03:12 AM, Evan Klitzke wrote:
Later Alice learns about subkeys, so she creates a new signing subkey
for signing her mail/git commits/whatever. How does this work when Bob
sees the new subkey?
For most purposes, the use of subkeys is "transparent" from the user's
point of vi
On 04/02/2018 01:10 AM, NIIBE Yutaka wrote:
Most likely, the length of certificate matters. If you can minimize
your certificate, please try. I don't know the limitation for the card.
I don't know for the v3.3 card, but v2.1 cards allow for a 2048 bytes
certificate (at least mine does, but m
62 matches
Mail list logo