I personally try to update my keyring every few weeks.
David Manouchehri
On 8/24/2011 1:46 PM, Grant Olson wrote:
> On 8/24/11 11:47 AM, Mike Acker wrote:
>> given that I have loaded my public key to a key-server ( e.g.
>> keys.gnupg.net )
>>
>> when
ompiled version for windows...
>
> Best Regards
I don't see a windows binary, but it looks to be written in pure C with
no external dependencies, so I would assume you could easily build it
under Cygwin.
David
___
Gnupg-users m
Better use only digits - if you need to use a keypad you can't do that
> instantly.
>
>
> Shalom-Salam,
>
> Werner
Thanks Werner!
David
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
da...@sys
s for my regular PIN. (The
admin PIN is somewhat longer.) Would this be considered a reasonable
length?
(Someone who can read the memory on a smart card by opening it up is
NOT in my threat model -- if they can do that, they have much easier
ways to coerce me into giving up my PIN.)
--
; forum, please feel free to point me in that direction. I couldn't find
> one, so I posted here.
You might also try the ietf-openpgp list: http://www.imc.org/ietf-openpgp/
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
key).
There is really no practical difference between the two in the default trust
model of GPG - either way, you're not giving key signatures made by that key
any weight in your web of trust.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
think
HKLM\Software\GNU\GnuPG\HomeDir will work for those cases.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
mething the sender sets. On the recipient
side, GPG follows the encoding inside the message. If that message is not
textmode (i.e. no transformation) then GPG won't touch the content, so you need
to break out the sed.
David
___
Gnupg-users ma
t you have to tell it that the input file is text.
So, on the *encrypting* side, add "--textmode" to the command, and that will
tell GPG to store things appropriately, and the decrypting side will recognize
this and use the appropriate li
rriage return character. (Aka \r.)
David
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
da...@systemoverlord.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://li
is still 8+ hours away for me right now. Am I
> missing something? Decimal values are not accepted, nor seconds,
> minutes, or hours.
When GPG asks you for the value, enter "seconds=X". You can go down to as low
as a single second.
David
___
ters
any, I carry my wallet in a front pocket -- I know some people sit on
theirs which might be a bit worse for it.)
David
On Wed, Jul 27, 2011 at 11:56 PM, Robert J. Hansen wrote:
> Are there any particular problems the durability of a smartcard,
> particularly an OpenPGP card? Are ther
t to be somewhat impolite (just as any 32+ line .sig file would
be), especially when a simple link to the keyserver is so easy to include.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
he "methods" links under
www.keysigning.org. That site has some event info as well.
There are other sites, but those are good starting points.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ed) drive, he can just replace the whole file with whatever he likes
(since he just needs your public key to encrypt a new file), with no fussy
message tampering needed. That may or may not be an issue in your situation.
Signing does help there since Fred presumably doesn't have acces
Sorry, this was intended to be sent to the entire list, but I composed
it in a hurry my apologies.
On Tue, Jul 12, 2011 at 4:24 PM, David Tomaschik
wrote:
> assert() kills the program if the value in the parentheses evaluates
> to FALSE. In this case, that means that "data&qu
n top of that there is a bunch of general OpenPGP overhead
(encrypted session key, etc).
The cipher does make a difference here, but it's small and dwarfed by other
factors.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gn
On Jul 8, 2011, at 2:35 PM, Chris Poole wrote:
> On 8 Jul 2011, at 17:31, David Shaw wrote:
>> Yes. Note that the list-packets output shows the internal packed value:
>> 6553600 should come out to 201. The default of 65536 would encode to 96.
>
> I do indeed get 201. Ou
l packed value:
6553600 should come out to 201. The default of 65536 would encode to 96.
You might file an enhancement bug to print the decoded value in --list-packets.
We already print it for symmetric encryption, and it's reasonable to print it
for secret keys as well.
David
___
On Jul 3, 2011, at 12:15 PM, Chris Poole wrote:
> On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote:
>> There are some obscure edge cases where you must have a 3DES or AES encrypted
>> private key, but for the overwhelming majority of people, no, there is no
>> reason to
On Jul 3, 2011, at 10:58 AM, MFPA wrote:
> On Sunday 3 July 2011 at 3:24:15 PM, in
> , David Shaw
> wrote:
>
>
>
>> This will set your private key cipher to AES:
>
>> gpg --s2k-cipher-name aes --edit-key (thekey) passwd
>> save
>
> Is there
rom 1024 to
65011712, and the default is 65536. Note that not all possible values are
legal, and if you pick an illegal value, GnuPG will round it up to the next
higher legal value.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t's up to you if the change you made
to the preferred list is important enough. Some people refresh their keys
periodically anyway.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ue in the PGP Desktop - PGP command line calls it Elgamal.
That which we call a rose by any other name would smell as sweet...
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
you automatically, but you can call it yourself if you like.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On May 27, 2011, at 8:24 AM, Pramod.R wrote:
> Hi David,
>
> Thanks so much for your response on this.
>
> Now, when I tried decrypting a pgp encrypted file through a gpg (using the
> gpg --decrypt command), I'm running into this problem of "idea encryption (0)
On Jun 16, 2011, at 10:38 AM, Daniel Kahn Gillmor wrote:
> On 06/16/2011 09:31 AM, David Shaw wrote:
>> Line 9 is just a key count. You have 17 valid keys. All of them ("u") are
>> ultimately trusted, which suggests that you have 17 keys that you have
>>
met with hostility and condescension.
I'm out. I have better things to spend time on.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
to be a round-robin of all EU keyservers. In
practice, it's only one server at the moment, which does seem to be down. I
think your best bet is to mention this on sks-devel where most of the keyserver
operators hang out. See http://lists.nongnu.org/mailman/l
lear semantics. If you need timestamping for a project, you can
> simply do it for that particular project without any problems.
>
> Will you be so kind and re-explain for what this notation is to be used?
>
> David, is that okay for you?
I got into this discussion becau
e to the standard. This is
not adversarial! The goal is to have the best possible design that considers
how this new thing fits in to the OpenPGP standard as a whole and that there
aren't any gotchas or "Ugh, I wish we would have done " later.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
have
generated as ultimate trust is generally used for people's own keys. (If you
can't trust yourself, who can you trust?)
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
y like.
Pick critical or not depending on the semantics you want: critical means more
or less "the receiving system needs to understand this notation to properly
understand/handle the signature". It causes (intentional) incompatibility with
all deployed code. If those are the desired semantics, then you have no
choice, but it's a bit of a hamper (months to years) to adoption.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
efore, you can more or less create this by sending hashes around
and timestamp-notation signing them, but 0x50 is cleaner and easier to machine
parse.
It doesn't matter in any event. 0x50 isn't implemented in any deployed code
any more than 0x40 is. I'd use a notation.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
his signature a "Third-Party Confirmation signature". It is
>> merely a signature on a signature for whatever purpose is desired by the
>> signer.
>
> So, is it interpretation-dependent?
No more than any other signature in the standard, no.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Because as already noted, the 0x40 signature is not fully specified in the
standard. There is not enough information to know how to generate one.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Jun 15, 2011, at 5:33 PM, Daniel Kahn Gillmor wrote:
> On 06/15/2011 05:19 PM, David Shaw wrote:
>> I'm not sure I agree with that. Essentially, this notation is a way for a
>> user to say "This is what I mean by this signature". Meaning and intent is
&g
On Jun 15, 2011, at 3:50 PM, Daniel Kahn Gillmor wrote:
> On 06/15/2011 03:10 PM, David Shaw wrote:
>> That said I'd probably suggest notations for this, even though 0x40 exists
>> in the standard. 0x40 signatures are a bit of a leftover tail in the
>> standard,
On Jun 15, 2011, at 3:30 PM, Hauke Laging wrote:
> Am Mittwoch, 15. Juni 2011, 21:10:45 schrieb David Shaw:
>> and are not well specified (0x40 sigclass - is it a binary
>> signature? a text signature?).
>
> How is this a problem? Does it matter for that purpose
than an IETF notation.
For example, the PGP people saw the need for a notation to hint whether a
person can understand PGP/MIME or only inline. They drew up a spec for the
preferred-email-encod...@pgp.com notation, and published it. It's their
standard.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
class - is it a binary signature? a text
signature?). Using notations also gives you more flexibility since you can do
key=value stuff and specify different variations on timestamp signatures.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
make good signatures to make a key
valid.
For signatures on data, this doesn't directly apply. A signature from a valid
key on data is valid.
So the web of trust seeks to give you a), and you have the ability to customize
the web of trust based on your opinion of how well the keyholders make
generated
> digest?
No, it's the other way. A PGP signature does embed information about all sorts
of things, including whether it is the signature of a file or signature over a
certificate.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg
The standard doesn't say yes or no on the subject, but there is
no code that does it today.
Trust models aren't really dealt with in any real depth in the standard - there
were discussions at one point of making a different trust model RFC for that.
David
__
t encryption, such as by using gpg, will not be a defense
from "attacks" of this kind.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jerseyhttp://counter.li.org
^^-^^ 17:50:01 u
On May 7, 2011, at 11:04 PM, Jerome Baum wrote:
> On Sun, May 8, 2011 at 04:53, David Shaw wrote:
> I knew a man (a lawyer, as it happened) who always signed documents with
> several loops in a row. When I asked him why he didn't use a "real"
> signature (i.e. why h
natures being posted anymore. Can anyone confirm this?
They're certainly still coming up on alt.security.pgp. Here is the one for
last week:
http://groups.google.com/group/alt.security.pgp/browse_thread/thread/8f29de04c2ddd19b#
David
___
Gnu
On May 7, 2011, at 10:21 PM, Robert J. Hansen wrote:
> On 05/07/2011 09:50 PM, David Shaw wrote:
>> Incidentally, speaking of bitmap signatures - a "signature" made via
>> a rubber stamp of a signature can be binding under certain
>> circumstances as well (at
de via a rubber
stamp of a signature can be binding under certain circumstances as well (at
least in the US - I don't know about elsewhere).
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
lds on to it until the date.
As treasurer of a tax deductible organization, I use the date on the
check as the date of the donation except sometimes I do not. I do not
when it is dated something late in December, but postmarked mid January
or later. In that case, I use the postmark date.
So people
t that would be fine too.
You're looking for the "--trust-model always" option. Add that to your
options, and the trust model becomes "if it's on my keyring, it's fully
trusted". It's up to you to make sure that only keys that are fully trusted
are on yo
g keys written at one
point. I can't seem to find the link at the moment, but if someone has it
handy, please do post it.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
y-public-keyring.gpg
It's an export plus an import, but you don't need to explicitly state which
key(s) you want to play with. Just bring the whole ring over.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
"-user" switch in your encryption command.
>
> Is that the way it works or am I barking up the wrong tree here? Maybe I'm
> missing something fundamental?
Nope, that's exactly how it works. Note that the option is "--local-user" (or
"-u"), an
8ACgkQS/NNXDZDAccnJAD/Qeck95CG/1feZrnEILzWIMRt
kbHn0zSl6mP5lyxW1ZoBAI8/ptcE0jXNH7lRCpnAmLoBXhKj4K0PnNdmBmbYpFqg
=TcLe
-END PGP SIGNATURE-
- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury,
ral
years.
There is SELINUX on my machine, but I have never enabled it.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jerseyhttp://counter.li.org
^^-^^ 09:20:01 up 1
ims very fast
distributed brute forcing. I haven't tried it myself.
http://www.elcomsoft.com/edpr.html
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Apr 27, 2011, at 1:25 PM, Kevin Kammer wrote:
> On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw:
>
>> Incidentally, it is possible to tweak the trust calculations to take
>> signature level into account. GnuPG supports reading a trust "map"
>>
x27;t bother to set one.
Incidentally, it is possible to tweak the trust calculations to take signature
level into account. GnuPG supports reading a trust "map" generated by an
external process that can use whatever trust rules it likes. I don't know of
anyone using this ability off
better in practice. The semantics are slightly different
for the two cases, but the end result is the same. In the revocation case, you
have sig1+revoke1+sig2, so the end result is to use sig2. In the superseding
case, you have sig1+sig2, and the end result is also to use sig2.
David
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MFPA wrote:
> Hi
>
>
> On Thursday 21 April 2011 at 2:20:51 PM, in
> , Jean-David Beyer wrote:
>
>
>> I do not think it is entirely not wanting to be
>> educated. But if the education takes several hours a
>>
ome allow only letters and digits, and so
on. Who can keep up?), then management would have to budget the time so
I could do it, and they will not. There has to be a better way, and I do
not know what it is.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A
it'll do just fine. Against First World intelligence
> agencies it might take a few seconds.
Are you asserting that there exists a group that can brute-force a 64-bit key
in a few seconds?
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
the value which was
> used during the last passphrase change?
Yes, the --s2k-count is written in the key. It doesn't matter what you set it
to in the config file/command line when reading an existing key, since the copy
in the key is what is used.
David
__
r and secring.skr files and do:
gpg --import /path/to/pubring.pkr
gpg --import /path/to/secring.skr
That will import all of the keys at once.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
"cert"?.
"cert" is short for certification. "sig" is short for signature. Basically,
cert applies when signing keys, and sig applies when signing data (i.e.
anything that isn't a key).
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Apr 11, 2011, at 11:23 AM, Daniel Kahn Gillmor wrote:
> On 04/09/2011 10:48 AM, David Shaw wrote:
>> I agree that include-subkeys should be on by default. That only makes
>> sense, especially now that subkeys are frequently used for signing.
>
> yep.
>
>>
ser is doing a --refresh-keys, then yes, revoked keys are necessary.
If the user is searching by name for a key they don't currently have, then
including revoked keys is noisy and potentially confusing (remember that anyone
can fake a revocation for any one else's key on a keyserver).
not even know what they are voting for or against.
Then there are state and municipal laws and regulations.
While ignorance may be no excuse, there is now way to be informed
either. The turkeys that pass the laws do not even know that, and there
is no way we could keep up even if we tried.
--
.~.
docs/openpgp-card-2.0.pdf
It gives all of the details of what is stored, which operations are available
and how they are called.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
here
is at least one reader out there (SCM MAXX lite) that combines a SIM-sized
reader with 2GB of flash storage in a single USB stick. I haven't tried it,
but it would seem to be a reasonable solution to have everything together in
one pl
rd or is pubring.gpg created and
> populated?
That just stores the fetched key in your pubring. The card is not modified.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ouldn't be signed by the right key). That would probably cause as many
headaches as it solves.
Why not talk to the RIPE people and ask them to support subkeys? They're a
standard part of OpenPGP and have been for a long time.
David
___
Gn
referencing and data mining across multiple databases that were
(strictly speaking) possible a hundred years ago, but also extremely
unrealistic.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
a way to get at
your key (or rather, your plaintexts).
The ability to "casually" decrypt even 1024-bit keys is nowhere near.
(And by "casually", I mean a difficulty similarly to what it takes to
wiretap a phone.)
[1] http://eprint.iacr.org/2010/006
--
David Tomaschik, RH
On Mar 22, 2011, at 3:17 PM, Jerome Baum wrote:
> David Shaw writes:
>
>> Hmm. I'm not sure you and I are on the same page with this attack. I
>> don't think that Alice's rigged message to Baker necessarily needs to
>> be forged to come from the
On Mar 22, 2011, at 12:01 PM, Jerome Baum wrote:
> David Shaw writes:
>
>> On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote:
>>
>>> Would that be by reusing the session key? Or are there other properties
>>> that we can mess with?
>>
>>
On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote:
> David Shaw writes:
>
>> In addition to the size and type information, there is also an
>> interesting attack that can be done against speculative key IDs. It
>> doesn't (directly) help a third party kno
place, for example), but it's just a tool. It's important not to rely solely
on it.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
n a very top-down way), which example.com keys are valid and
which, by omission, are not. This makes sense in the corporate world, as it's
not up to Alice to decide which corporate keys are valid. It *is* up to Alice
to decide which non-example.com keys are valid, of course.
David
_
On Mar 21, 2011, at 4:18 PM, Daniel Kahn Gillmor wrote:
> On 03/21/2011 04:05 PM, David Shaw wrote:
>> While the common usage for regular users is to sign based on checking
>> identity, signatures can be just as well used as a token to indicate
>> membership. For example
On Mar 21, 2011, at 3:46 PM, Martin Gollowitzer wrote:
> * David Shaw [110321 20:28,
> mID <387f8326-47af-419e-a9a7-7c37d048a...@jabberwocky.com>]:
>
>> On Mar 21, 2011, at 3:02 PM, Mike Acker wrote:
>>
>>> Scenario thus far:
>>> • Tom N
my signature to
> other members of the group
> • now Tom has left the group
> Object: to revoke my signature from Tom Newguy's key
gpg --edit-key (newguyskey)
revsig
save
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
h
lows the user to pick particular key
types for particular purposes. For example, a common usage is to use the
primary key for signing things and the subkey for encrypting things.
As to your other question, it was asked earlier this week. See
http://www.gossamer-threads.com/lists/gnupg/us
On Mar 16, 2011, at 10:05 AM, Jeffrey Walton wrote:
> On Wed, Mar 16, 2011 at 9:41 AM, wrote:
>> David Shaw dshaw at jabberwocky.com wrote on
>> Wed Mar 16 00:42:48 CET 2011 :
>>
>>
>>> GnuPG does the MDC by default whenever all the keys can handle it
>
On Mar 16, 2011, at 9:41 AM, ved...@nym.hush.com wrote:
> David Shaw dshaw at jabberwocky.com wrote on
> Wed Mar 16 00:42:48 CET 2011 :
>
>
>> GnuPG does the MDC by default whenever all the keys can handle it
>
> What kind of key can't handle it in gnupg?
None
On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote:
> On 16/03/11 10:42 AM, David Shaw wrote:
>>
>> GnuPG does the MDC by default whenever all the keys can handle it
>> (or if the chosen cipher is 256 bits)
>
> Is that 256 bits only or 256 bits and larger?
Strictly spe
On Mar 15, 2011, at 11:41 PM, David Shaw wrote:
> On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote:
>
>> On 16/03/11 10:42 AM, David Shaw wrote:
>>>
>>> GnuPG does the MDC by default whenever all the keys can handle it
>>> (or if the chosen cipher is 25
On Mar 15, 2011, at 6:51 PM, ved...@nym.hush.com wrote:
> David Shaw dshaw at jabberwocky.com wrot on
> Tue Mar 15 22:28:23 CET 2011 :
>
>> I'm not quite sure what you mean.
>> The MDC can be used on any OpenPGP cipher, no matter what the
> size.
>
> Yes,
On Mar 15, 2011, at 4:24 PM, ved...@nym.hush.com wrote:
> David Shaw dshaw at jabberwocky.com wrote on
> Tue Mar 15 15:34:47 CET 2011 :
>
>> would like to see IDEA included once the various patents expire
>
> As long as the non-256 bit symmetrical algorithms (IDEA, CAS
a possible cipher for v4 keys as well, but given that PGP
made it a non-default to use IDEA in v4, and given that GPG never supported
IDEA without a special plugin, a v4 key using IDEA is rare).
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
It's the default for various little fiddly
operational reasons, none of which are relevant to the question of "which is
more secure".
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
good bit of non-key
data and other inefficiencies. A dump of just key data is around 3.5G nowadays.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
examine it. I'm not sure if a
single-number answer is available even then. Basically, if you can get the
level from a regular compressed .gz or .bz2 file, then you can get it here, but
either way, GPG does not have visibility into that.
David
_
his:
:compressed packet: algo=2
Algo 1 == ZIP
Algo 2 == ZLIB
Algo 3 == BZIP2
If there is no "compressed packet" line at all, then the message is
uncompressed.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
rt" would not be as gpg
can't tell if you mean export-local-sigs, or export-attributes, or...)
If you're documenting or scripting things, it's good practice to give the full
name since you never know if we're going to add a "export-lovely-sigs" option
or some such, and thus make "export-l" non unique.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
s.net will probably improve things.
Incidentally, the keyserver timeout is configurable. If you want to stop
waiting earlier, you can change this by sticking "keyserver-options
timeout=" ( is in seconds) in your config file.
David
___
hey are only up to gnupg-1.4.5-14.el5_5.1, They will probably not move
up until RHEL 6 (that I believe has just recently come out). It looks as
though that one is: gnupg2-2.0.14-4.el6.i686 (for my 32-bit machines);
unless I am confused.
--
.~. Jean-David Beyer Registered
the delay is unacceptable (my android phone included).
I don't believe that GPG alerts on key lengths at all, but it does
have suggested lengths at key generation time.
David
On Mon, Mar 7, 2011 at 4:41 PM, Charly Avital wrote:
>> GPG Keychain Access 0.8.4 shows a red warning
I suppose this begs the question -- since the card has access to raw
keys, how confident can we be that no back doors exist in the card?
(I don't think there are, this is more of an academic question.)
David
On Thu, Mar 3, 2011 at 1:40 PM, Werner Koch wrote:
> On Thu, 3 Mar 20
401 - 500 of 2232 matches
Mail list logo