Re: a Question about Key Servers

I personally try to update my keyring every few weeks. David Manouchehri On 8/24/2011 1:46 PM, Grant Olson wrote: > On 8/24/11 11:47 AM, Mike Acker wrote: >> given that I have loaded my public key to a key-server ( e.g. >> keys.gnupg.net ) >> >> when

Re: Extract numbers from a key // wrong pgpdump link :-(

ompiled version for windows... > > Best Regards I don't see a windows binary, but it looks to be written in pure C with no external dependencies, so I would assume you could easily build it under Cygwin. David ___ Gnupg-users m

Re: Smartcard PIN may be shorter than passphrase?

Better use only digits - if you need to use a keypad you can't do that > instantly. > > > Shalom-Salam, > >   Werner Thanks Werner! David -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@sys

Smartcard PIN may be shorter than passphrase?

s for my regular PIN. (The admin PIN is somewhat longer.) Would this be considered a reasonable length? (Someone who can read the memory on a smart card by opening it up is NOT in my threat model -- if they can do that, they have much easier ways to coerce me into giving up my PIN.) --

Re: Implementation question: validating left two of signatures

; forum, please feel free to point me in that direction. I couldn't find > one, so I posted here. You might also try the ietf-openpgp list: http://www.imc.org/ietf-openpgp/ David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trust model - trust level 1 and 2

key). There is really no practical difference between the two in the default trust model of GPG - either way, you're not giving key signatures made by that key any weight in your web of trust. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Scripting GPG Encryption

think HKLM\Software\GNU\GnuPG\HomeDir will work for those cases. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt adding ^M characters at the end of each line

mething the sender sets. On the recipient side, GPG follows the encoding inside the message. If that message is not textmode (i.e. no transformation) then GPG won't touch the content, so you need to break out the sed. David ___ Gnupg-users ma

Re: decrypt adding ^M characters at the end of each line

t you have to tell it that the input file is text. So, on the *encrypting* side, add "--textmode" to the command, and that will tell GPG to store things appropriately, and the decrypting side will recognize this and use the appropriate li

Re: decrypt adding ^M characters at the end of each line

rriage return character. (Aka \r.) David -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://li

Re: Creating a quickly expiring signature

is still 8+ hours away for me right now. Am I > missing something? Decimal values are not accepted, nor seconds, > minutes, or hours. When GPG asks you for the value, enter "seconds=X". You can go down to as low as a single second. David ___

Re: Smartcard durability?

ters any, I carry my wallet in a front pocket -- I know some people sit on theirs which might be a bit worse for it.) David On Wed, Jul 27, 2011 at 11:56 PM, Robert J. Hansen wrote: > Are there any particular problems the durability of a smartcard, > particularly an OpenPGP card?  Are ther

Re: Including public key

t to be somewhat impolite (just as any 32+ line .sig file would be), especially when a simple link to the keyserver is so easy to include. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: keysigning parties

he "methods" links under www.keysigning.org. That site has some event info as well. There are other sites, but those are good starting points. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why sign as well as encrypt files stored on untrusted drives?

ed) drive, he can just replace the whole file with whatever he likes (since he just needs your public key to encrypt a new file), with no fussy message tampering needed. That may or may not be an issue in your situation. Signing does help there since Fred presumably doesn't have acces

Re: Assertion failure from gnupg with enigmail 1.2

Sorry, this was intended to be sent to the entire list, but I composed it in a hurry my apologies. On Tue, Jul 12, 2011 at 4:24 PM, David Tomaschik wrote: > assert() kills the program if the value in the parentheses evaluates > to FALSE.  In this case, that means that "data&qu

Re: Calculating ciphertext sizes

n top of that there is a bunch of general OpenPGP overhead (encrypted session key, etc). The cipher does make a difference here, but it's small and dwarfed by other factors. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gn

Re: Check that s2k-count has changed

On Jul 8, 2011, at 2:35 PM, Chris Poole wrote: > On 8 Jul 2011, at 17:31, David Shaw wrote: >> Yes. Note that the list-packets output shows the internal packed value: >> 6553600 should come out to 201. The default of 65536 would encode to 96. > > I do indeed get 201. Ou

Re: Check that s2k-count has changed

l packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. You might file an enhancement bug to print the decoded value in --list-packets. We already print it for symmetric encryption, and it's reasonable to print it for secret keys as well. David ___

Re: Change key prefs; few questions

On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >> There are some obscure edge cases where you must have a 3DES or AES encrypted >> private key, but for the overwhelming majority of people, no, there is no >> reason to

Re: Change key prefs; few questions

On Jul 3, 2011, at 10:58 AM, MFPA wrote: > On Sunday 3 July 2011 at 3:24:15 PM, in > , David Shaw > wrote: > > > >> This will set your private key cipher to AES: > >> gpg --s2k-cipher-name aes --edit-key (thekey) passwd >> save > > Is there

Re: Change key prefs; few questions

rom 1024 to 65011712, and the default is 65536. Note that not all possible values are legal, and if you pick an illegal value, GnuPG will round it up to the next higher legal value. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Change key prefs; few questions

t's up to you if the change you made to the preferred list is important enough. Some people refresh their keys periodically anyway. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: DH Key

ue in the PGP Desktop - PGP command line calls it Elgamal. That which we call a rose by any other name would smell as sweet... David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Understanding the "--refresh-keys" output

you automatically, but you can call it yourself if you like. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question regarding the migration of the pgp keyring to gpg

On May 27, 2011, at 8:24 AM, Pramod.R wrote: > Hi David, > > Thanks so much for your response on this. > > Now, when I tried decrypting a pgp encrypted file through a gpg (using the > gpg --decrypt command), I'm running into this problem of "idea encryption (0)

Re: Understanding the "--refresh-keys" output

On Jun 16, 2011, at 10:38 AM, Daniel Kahn Gillmor wrote: > On 06/16/2011 09:31 AM, David Shaw wrote: >> Line 9 is just a key count. You have 17 valid keys. All of them ("u") are >> ultimately trusted, which suggests that you have 17 keys that you have >>

Re: Problem with faked-system-time option

met with hostility and condescension. I'm out. I have better things to spend time on. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with "hkp server wwwkeys.eu.pgp.net"

to be a round-robin of all EU keyservers. In practice, it's only one server at the moment, which does seem to be down. I think your best bet is to mention this on sks-devel where most of the keyserver operators hang out. See http://lists.nongnu.org/mailman/l

Re: Problem with faked-system-time option

lear semantics. If you need timestamping for a project, you can > simply do it for that particular project without any problems. > > Will you be so kind and re-explain for what this notation is to be used? > > David, is that okay for you? I got into this discussion becau

Re: Problem with faked-system-time option

e to the standard. This is not adversarial! The goal is to have the best possible design that considers how this new thing fits in to the OpenPGP standard as a whole and that there aren't any gotchas or "Ugh, I wish we would have done " later. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Understanding the "--refresh-keys" output

have generated as ultimate trust is generally used for people's own keys. (If you can't trust yourself, who can you trust?) David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

y like. Pick critical or not depending on the semantics you want: critical means more or less "the receiving system needs to understand this notation to properly understand/handle the signature". It causes (intentional) incompatibility with all deployed code. If those are the desired semantics, then you have no choice, but it's a bit of a hamper (months to years) to adoption. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

efore, you can more or less create this by sending hashes around and timestamp-notation signing them, but 0x50 is cleaner and easier to machine parse. It doesn't matter in any event. 0x50 isn't implemented in any deployed code any more than 0x40 is. I'd use a notation. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

his signature a "Third-Party Confirmation signature". It is >> merely a signature on a signature for whatever purpose is desired by the >> signer. > > So, is it interpretation-dependent? No more than any other signature in the standard, no. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

Because as already noted, the 0x40 signature is not fully specified in the standard. There is not enough information to know how to generate one. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

On Jun 15, 2011, at 5:33 PM, Daniel Kahn Gillmor wrote: > On 06/15/2011 05:19 PM, David Shaw wrote: >> I'm not sure I agree with that. Essentially, this notation is a way for a >> user to say "This is what I mean by this signature". Meaning and intent is &g

Re: Problem with faked-system-time option

On Jun 15, 2011, at 3:50 PM, Daniel Kahn Gillmor wrote: > On 06/15/2011 03:10 PM, David Shaw wrote: >> That said I'd probably suggest notations for this, even though 0x40 exists >> in the standard. 0x40 signatures are a bit of a leftover tail in the >> standard,

Re: Problem with faked-system-time option

On Jun 15, 2011, at 3:30 PM, Hauke Laging wrote: > Am Mittwoch, 15. Juni 2011, 21:10:45 schrieb David Shaw: >> and are not well specified (0x40 sigclass - is it a binary >> signature? a text signature?). > > How is this a problem? Does it matter for that purpose

Re: Problem with faked-system-time option

than an IETF notation. For example, the PGP people saw the need for a notation to hint whether a person can understand PGP/MIME or only inline. They drew up a spec for the preferred-email-encod...@pgp.com notation, and published it. It's their standard. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with faked-system-time option

class - is it a binary signature? a text signature?). Using notations also gives you more flexibility since you can do key=value stuff and specify different variations on timestamp signatures. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Aspects of trust

make good signatures to make a key valid. For signatures on data, this doesn't directly apply. A signature from a valid key on data is valid. So the web of trust seeks to give you a), and you have the ability to customize the web of trust based on your opinion of how well the keyholders make

Re: Generate digest and signature seperately

generated > digest? No, it's the other way. A PGP signature does embed information about all sorts of things, including whether it is the signature of a file or signature over a certificate. David ___ Gnupg-users mailing list Gnupg-users@gnupg

Re: Generate digest and signature seperately

The standard doesn't say yes or no on the subject, but there is no code that does it today. Trust models aren't really dealt with in any real depth in the standard - there were discussions at one point of making a different trust model RFC for that. David __

Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading

t encryption, such as by using gpg, will not be a defense from "attacks" of this kind. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 17:50:01 u

Re: Best practice for periodic key change?

On May 7, 2011, at 11:04 PM, Jerome Baum wrote: > On Sun, May 8, 2011 at 04:53, David Shaw wrote: > I knew a man (a lawyer, as it happened) who always signed documents with > several loops in a row. When I asked him why he didn't use a "real" > signature (i.e. why h

Re: Best practice for periodic key change?

natures being posted anymore. Can anyone confirm this? They're certainly still coming up on alt.security.pgp. Here is the one for last week: http://groups.google.com/group/alt.security.pgp/browse_thread/thread/8f29de04c2ddd19b# David ___ Gnu

Re: Best practice for periodic key change?

On May 7, 2011, at 10:21 PM, Robert J. Hansen wrote: > On 05/07/2011 09:50 PM, David Shaw wrote: >> Incidentally, speaking of bitmap signatures - a "signature" made via >> a rubber stamp of a signature can be binding under certain >> circumstances as well (at

Re: Best practice for periodic key change?

de via a rubber stamp of a signature can be binding under certain circumstances as well (at least in the US - I don't know about elsewhere). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Best practice for periodic key change?

lds on to it until the date. As treasurer of a tax deductible organization, I use the date on the check as the date of the donation except sometimes I do not. I do not when it is dated something late in December, but postmarked mid January or later. In that case, I use the postmark date. So people

Re: scripting gpg

t that would be fine too. You're looking for the "--trust-model always" option. Add that to your options, and the trust model becomes "if it's on my keyring, it's fully trusted". It's up to you to make sure that only keys that are fully trusted are on yo

Re: Offline Master Key

g keys written at one point. I can't seem to find the link at the moment, but if someone has it handy, please do post it. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Syncing Keys between multiple computers?

y-public-keyring.gpg It's an export plus an import, but you don't need to explicitly state which key(s) you want to play with. Just bring the whole ring over. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Centralizing Private and Public Keys From Multiple Boxes with "-user" Switch

"-user" switch in your encryption command. > > Is that the way it works or am I barking up the wrong tree here? Maybe I'm > missing something fundamental? Nope, that's exactly how it works. Note that the option is "--local-user" (or "-u"), an

Re: OFF LIST - Your signed posts.

8ACgkQS/NNXDZDAccnJAD/Qeck95CG/1feZrnEILzWIMRt kbHn0zSl6mP5lyxW1ZoBAI8/ptcE0jXNH7lRCpnAmLoBXhKj4K0PnNdmBmbYpFqg =TcLe -END PGP SIGNATURE- - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury,

Re: Keylogers

ral years. There is SELINUX on my machine, but I have never enabled it. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 09:20:01 up 1

Re: Passphrase

ims very fast distributed brute forcing. I haven't tried it myself. http://www.elcomsoft.com/edpr.html David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Updating signature cert-level

On Apr 27, 2011, at 1:25 PM, Kevin Kammer wrote: > On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw: > >> Incidentally, it is possible to tweak the trust calculations to take >> signature level into account. GnuPG supports reading a trust "map" >>

Re: Updating signature cert-level

x27;t bother to set one. Incidentally, it is possible to tweak the trust calculations to take signature level into account. GnuPG supports reading a trust "map" generated by an external process that can use whatever trust rules it likes. I don't know of anyone using this ability off

Re: Updating signature cert-level

better in practice. The semantics are slightly different for the two cases, but the end result is the same. In the revocation case, you have sig1+revoke1+sig2, so the end result is to use sig2. In the superseding case, you have sig1+sig2, and the end result is also to use sig2. David _

Re: A better way to think about passwords

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MFPA wrote: > Hi > > > On Thursday 21 April 2011 at 2:20:51 PM, in > , Jean-David Beyer wrote: > > >> I do not think it is entirely not wanting to be >> educated. But if the education takes several hours a >>

Re: A better way to think about passwords

ome allow only letters and digits, and so on. Who can keep up?), then management would have to budget the time so I could do it, and they will not. There has to be a better way, and I do not know what it is. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A

Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

it'll do just fine. Against First World intelligence > agencies it might take a few seconds. Are you asserting that there exists a group that can brute-force a 64-bit key in a few seconds? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: --s2k-count: correct value in config file needed?

the value which was > used during the last passphrase change? Yes, the --s2k-count is written in the key. It doesn't matter what you set it to in the config file/command line when reading an existing key, since the copy in the key is what is used. David __

Re: Question regarding the migration of the pgp keyring to gpg

r and secring.skr files and do: gpg --import /path/to/pubring.pkr gpg --import /path/to/secring.skr That will import all of the keys at once. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Creating signatures with expiration time

"cert"?. "cert" is short for certification. "sig" is short for signature. Basically, cert applies when signing keys, and sig applies when signing data (i.e. anything that isn't a key). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: default keyserver-options [was: Re: keys not available for signed messages in this maillist]

On Apr 11, 2011, at 11:23 AM, Daniel Kahn Gillmor wrote: > On 04/09/2011 10:48 AM, David Shaw wrote: >> I agree that include-subkeys should be on by default. That only makes >> sense, especially now that subkeys are frequently used for signing. > > yep. > >>

Re: default keyserver-options [was: Re: keys not available for signed messages in this maillist]

ser is doing a --refresh-keys, then yes, revoked keys are necessary. If the user is searching by name for a key they don't currently have, then including revoked keys is noisy and potentially confusing (remember that anyone can fake a revocation for any one else's key on a keyserver).

Re: Deniability [SIC]

not even know what they are voting for or against. Then there are state and municipal laws and regulations. While ignorance may be no excuse, there is now way to be informed either. The turkeys that pass the laws do not even know that, and there is no way we could keep up even if we tried. -- .~.

Re: Public keys on smartcard

docs/openpgp-card-2.0.pdf It gives all of the details of what is stored, which operations are available and how they are called. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Public keys on smartcard

here is at least one reader out there (SCM MAXX lite) that combines a SIM-sized reader with 2GB of flash storage in a single USB stick. I haven't tried it, but it would seem to be a reasonable solution to have everything together in one pl

Re: Public keys on smartcard

rd or is pubring.gpg created and > populated? That just stores the fetched key in your pubring. The card is not modified. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: export a public subkey isolated

ouldn't be signed by the right key). That would probably cause as many headaches as it solves. Why not talk to the RIPE people and ask them to support subkeys? They're a standard part of OpenPGP and have been for a long time. David ___ Gn

Re: Deniability

referencing and data mining across multiple databases that were (strictly speaking) possible a hundred years ago, but also extremely unrealistic. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 4096 bit keys

a way to get at your key (or rather, your plaintexts). The ability to "casually" decrypt even 1024-bit keys is nowhere near. (And by "casually", I mean a difficulty similarly to what it takes to wiretap a phone.) [1] http://eprint.iacr.org/2010/006 -- David Tomaschik, RH

Re: Deniability

On Mar 22, 2011, at 3:17 PM, Jerome Baum wrote: > David Shaw writes: > >> Hmm. I'm not sure you and I are on the same page with this attack. I >> don't think that Alice's rigged message to Baker necessarily needs to >> be forged to come from the

Re: Deniability

On Mar 22, 2011, at 12:01 PM, Jerome Baum wrote: > David Shaw writes: > >> On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote: >> >>> Would that be by reusing the session key? Or are there other properties >>> that we can mess with? >> >>

Re: Deniability

On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote: > David Shaw writes: > >> In addition to the size and type information, there is also an >> interesting attack that can be done against speculative key IDs. It >> doesn't (directly) help a third party kno

Re: Deniability

place, for example), but it's just a tool. It's important not to rely solely on it. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Revoke signature from key

n a very top-down way), which example.com keys are valid and which, by omission, are not. This makes sense in the corporate world, as it's not up to Alice to decide which corporate keys are valid. It *is* up to Alice to decide which non-example.com keys are valid, of course. David _

Re: Revoke signature from key

On Mar 21, 2011, at 4:18 PM, Daniel Kahn Gillmor wrote: > On 03/21/2011 04:05 PM, David Shaw wrote: >> While the common usage for regular users is to sign based on checking >> identity, signatures can be just as well used as a token to indicate >> membership. For example

Re: Revoke signature from key

On Mar 21, 2011, at 3:46 PM, Martin Gollowitzer wrote: > * David Shaw [110321 20:28, > mID <387f8326-47af-419e-a9a7-7c37d048a...@jabberwocky.com>]: > >> On Mar 21, 2011, at 3:02 PM, Mike Acker wrote: >> >>> Scenario thus far: >>> • Tom N

Re: Revoke signature from key

my signature to > other members of the group > • now Tom has left the group > Object: to revoke my signature from Tom Newguy's key gpg --edit-key (newguyskey) revsig save David ___ Gnupg-users mailing list Gnupg-users@gnupg.org h

Re: what are the sub keys

lows the user to pick particular key types for particular purposes. For example, a common usage is to use the primary key for signing things and the subkey for encrypting things. As to your other question, it was asked earlier this week. See http://www.gossamer-threads.com/lists/gnupg/us

Re: GPG and PGP

On Mar 16, 2011, at 10:05 AM, Jeffrey Walton wrote: > On Wed, Mar 16, 2011 at 9:41 AM, wrote: >> David Shaw dshaw at jabberwocky.com wrote on >> Wed Mar 16 00:42:48 CET 2011 : >> >> >>> GnuPG does the MDC by default whenever all the keys can handle it >

Re: GPG and PGP

On Mar 16, 2011, at 9:41 AM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrote on > Wed Mar 16 00:42:48 CET 2011 : > > >> GnuPG does the MDC by default whenever all the keys can handle it > > What kind of key can't handle it in gnupg? None

Re: GPG and PGP

On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: > On 16/03/11 10:42 AM, David Shaw wrote: >> >> GnuPG does the MDC by default whenever all the keys can handle it >> (or if the chosen cipher is 256 bits) > > Is that 256 bits only or 256 bits and larger? Strictly spe

Re: GPG and PGP

On Mar 15, 2011, at 11:41 PM, David Shaw wrote: > On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: > >> On 16/03/11 10:42 AM, David Shaw wrote: >>> >>> GnuPG does the MDC by default whenever all the keys can handle it >>> (or if the chosen cipher is 25

Re: GPG and PGP

On Mar 15, 2011, at 6:51 PM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrot on > Tue Mar 15 22:28:23 CET 2011 : > >> I'm not quite sure what you mean. >> The MDC can be used on any OpenPGP cipher, no matter what the > size. > > Yes,

Re: GPG and PGP

On Mar 15, 2011, at 4:24 PM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrote on > Tue Mar 15 15:34:47 CET 2011 : > >> would like to see IDEA included once the various patents expire > > As long as the non-256 bit symmetrical algorithms (IDEA, CAS

Re: GPG and PGP

a possible cipher for v4 keys as well, but given that PGP made it a non-default to use IDEA in v4, and given that GPG never supported IDEA without a special plugin, a v4 key using IDEA is rare). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: RSA Versus DSA and EL GAMAL

It's the default for various little fiddly operational reasons, none of which are relevant to the question of "which is more secure". David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: hashed user IDs [was: Re: Security of the gpg private keyring?]

good bit of non-key data and other inefficiencies. A dump of just key data is around 3.5G nowadays. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compression used in an encrypted message

examine it. I'm not sure if a single-number answer is available even then. Basically, if you can get the level from a regular compressed .gz or .bz2 file, then you can get it here, but either way, GPG does not have visibility into that. David _

Re: Compression used in an encrypted message

his: :compressed packet: algo=2 Algo 1 == ZIP Algo 2 == ZLIB Algo 3 == BZIP2 If there is no "compressed packet" line at all, then the message is uncompressed. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]

rt" would not be as gpg can't tell if you mean export-local-sigs, or export-attributes, or...) If you're documenting or scripting things, it's good practice to give the full name since you never know if we're going to add a "export-lovely-sigs" option or some such, and thus make "export-l" non unique. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: signed messages take an eternity to be formatted by evolution

s.net will probably improve things. Incidentally, the keyserver timeout is configurable. If you want to stop waiting earlier, you can change this by sticking "keyserver-options timeout=" ( is in seconds) in your config file. David ___

Re: "This key may be unsafe"

hey are only up to gnupg-1.4.5-14.el5_5.1, They will probably not move up until RHEL 6 (that I believe has just recently come out). It looks as though that one is: gnupg2-2.0.14-4.el6.i686 (for my 32-bit machines); unless I am confused. -- .~. Jean-David Beyer Registered

Re: "This key may be unsafe" - Redux

the delay is unacceptable (my android phone included). I don't believe that GPG alerts on key lengths at all, but it does have suggested lengths at key generation time. David On Mon, Mar 7, 2011 at 4:41 PM, Charly Avital wrote: >> GPG Keychain Access 0.8.4 shows a red warning 

Re: OpenPGP Card source

I suppose this begs the question -- since the card has access to raw keys, how confident can we be that no back doors exist in the card? (I don't think there are, this is more of an academic question.) David On Thu, Mar 3, 2011 at 1:40 PM, Werner Koch wrote: > On Thu,  3 Mar 20

<    1   2   3   4   5   6   7   8   9   10   >