display a PGP/MIME-signed message at all than I am about having support for
message verification. Message verification is very useful, but if the mail
client can't display the message at all, then it is not compliant with MIME,
much less PGP/MIME.
David
On 2/25/2011 12:56 PM, Martin Gollowitzer wrote:
* Avi avi.w...@gmail.com [110225 19:21]:
For those of us who use webmail, inline signatures are rather
useful.
There are webmail applications supporting PGP/MIME. If yours doesn't, it
is not a good one. Inline signatures are not a good thing
anyway.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
. This isn't a gpg error -
gpg never even got executed here.
The fix is to either figure out where you have libusb and include that in your
path, to get libusb, or rebuild gpg to not require libusb.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
...
http://www.mailinglistarchive.com/html/ietf-open...@imc.org/2011-01/msg00027.html
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
to and it would just generate keys over and over until it
hit it. Given the improvements in CPU speed since then, this should be even
easier now.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
attempt to decrypt the signature using your public key.
If they are able to, they know your private key was used to produce the
signature, and if you have kept control of your private key, it must
have been signed by you.
Hope that helps.
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open
m...@vp.pl wrote:
Hello
I have a question. I want to encrypt file that consists of one word for
example 'home with AES'. When I did encryption I got file that is 49
bytes. How can I separate my encrypted 4-byte word from the rest of
file. I need only encrypted part of my word, I don't want to
unsubscribe
--
David Topping
e: m...@david-topping.com
This message may contain information which is confidential or
privileged. If you are not the intended recipient, please advise the
sender immediately by reply email and delete this message and any
attachments without retaining a copy
griffmcc wrote:
Although I can encrypt a file using a script, when crontab runs the same
script, it returns the error message “no default secret key: No secret
key”. I have one secret key:
sananselmo backupscripts.d # gpg --list-secret-keys
/root/.gnupg/secring.gpg
in GPG is --batch --key-gen, and it is documented as such.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
of the readers.
(I'm going to be using my card for a subkey-only card, as I keep my
master key in an offline-only configuration.)
Thanks,
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
in use there is probably a need for ECC for server applications
as well.
The smaller size of ECC is also useful for embedded systems, which tend to be
both memory and CPU constrained.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
with any import taxes/customs trouble.
--
David Tomaschik, RHCE, LPIC-1
GNU/Linux System Architect
GPG: 0x5DEA789B
da...@systemoverlord.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
the
symetric algo the weaker point), is 3k not an option for RSA?
Yes, it is. In fact, 3k is the maximum size for a RSA key on the OpenPGP
smartcard.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
this, take one of your truncated files and
run:
gpg --list-packets the-truncated-file.asc
Look for a line that reads mdc_method: 2. If you see that, you are protected
from truncation no matter what your transport system does.
David
___
Gnupg
On Jan 19, 2011, at 12:09 PM, Kavalec wrote:
David Shaw wrote:
On Jan 19, 2011, at 10:46 AM, Kavalec wrote:
Is there a way to force the decrypt to fail on a missing 'END PGP
MESSAGE' ?
... take one of your truncated files and run:
gpg --list-packets the-truncated-file.asc
remember correctly, GPG only complains for invalid CRC. A missing CRC is
legal, as the CRC is a MAY.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
the
--with-colons option to enable machine parsing.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
As usual, it all depends on your threat model. If you're really paranoid,
don't use gpg-agent. :)
--
David Tomaschik, RHCE, LPIC-1
GNU/Linux System Architect
GPG: 0x5DEA789B
da...@systemoverlord.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
on my keyring and it does not say
anything about any groups.
Is there an actual command that can be used to list the groups that
have been defined for GPG?
gpg --with-colons --list-config group
David
___
Gnupg-users mailing list
Gnupg-users
, (b) from an invalid key, or (c) from someone you believe is
utterly untrustworthy.
With (c), you can then have some assurance that their untrustworthiness has
been faithfully maintained in the message since it was signed... ;)
David
___
Gnupg
.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent to
dump its passphrase, etc.
This is similar in many ways to the old key material ending up in swap
problem, though that was considerably easier to deal with since userspace had
the necessary tools so GnuPG could handle the whole problem by itself.
David
jimbob palmer wrote:
In Firefox I can sign or encrypt or encrypt+sign an e-mail.
In what case would I want my encrypted emails also signed? Does it
provide any additional benefit over a pure encrypted email?
Signing and encrypting serve different purposes.
Encrypting a mail ensures that
export to a text file. Can you guys please provide some
guidance on how to accomplish this? Thanks
You'll have to patch the code. GnuPG won't do this by itself.
What are you trying to accomplish? Those keys are insanely large.
David
___
Gnupg-users
://www.mail-archive.com/cryptography@wasabisystems.com/msg00261.html
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-embedded-filename option if you want to use that, but
read the caveats in the man page about that option.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
gives you the necessary hooks to do it yourself
(i.e. the --output) option, but does not do it for you.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Jan 2, 2011, at 2:43 PM, Daniel Kahn Gillmor wrote:
On 01/02/2011 10:01 AM, David Shaw wrote:
The only significant use of the direct-key signature is for key owners
to add designated revokers to their key. Designated revokers are carried
in a subpacket on a direct key signature.
I
for user IDs.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
is strong), but it avoids the question, which has a benefit all its own. Maybe
in V5
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
, but it is not related to the
fact that you are using a v2 card.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Dec 14, 2010, at 6:43 PM, Faramir faramir...@gmail.com wrote:
I know I asked before, but I can't remember if I saw an answer. Is
TwoFish implementation the 256 bit key version?
Yes it is.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
is somehow off-limits. (And mind you, we
haven't even reached step 1 yet!)
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
over or any interruption whatsoever?
Personally, I suspect a changeover would take somewhere between 5 and 10 years,
just as the v3-v4 changeover did.
It is premature to try and force a particular format into the design before we
even have a SHA-3 to talk about.
David
On Dec 13, 2010, at 4:40 PM, Daniel Kahn Gillmor wrote:
On 12/13/2010 01:13 PM, David Shaw wrote:
Why is it that using the method you advocate, there is a graceful
changeover between fingerprint formats, but a change in the
certificate format requires a hard cut-over with global
interruption
My guess is that it has something to do with the fact that this list
(bizarrely, IMO) uses reply to sender by default rather than reply to list.
Some MUAs may mangle the Message ID in such a case (when the list email is
manually specified).
Just a guess.
David
2010/12/12 Łukasz Stelmach
and simplicity: there is no
interoperability. Which doesn't mean that you couldn't have V4 alongside V5
for a period of time, just as we had V3 alongside V4 for at least a decade.
The WoT would survive this just as it survived the V3-V4 transition. As V4
ramped up, V3 died out.
David
, certificate
fingerprints, etc. I just grepped through the RFC looking for any
hardcoded SHA-1; David is probably a much better reference than I am on
this.
Probably the most annoying -- to me, at least -- is the fingerprint
requirement. If a preimage collision is discovered in SHA-1 then it's
On Dec 11, 2010, at 4:15 AM, Ben McGinnes wrote:
On 10/12/10 2:33 PM, David Shaw wrote:
A good way to look at this is to pick what you want your primary key
to be. The subkeys don't really matter that much, as the primary is
the one that gathers signatures, and the one that makes (i.e
the primary key
can be used to revoke the old subkeys and make new ones, this is a very safe
way to handle keys.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
?
Right. Since only the primary can certify, it will be automatically chosen
whenever you try to sign another key.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
certificate, since my
encryption subkey hasn't changed, right?
Just send it to the keyserver, and you'll be fine. The revoke certificate
applies to the key as a whole, so it doesn't matter what you do with subkeys.
Whatever happens with subkeys, the revoke certificate will work.
David
On Dec 11, 2010, at 3:06 PM, Ben McGinnes wrote:
On 12/12/10 7:00 AM, David Shaw wrote:
If you were forced to disclose your encryption key, you could give
them just that particular subkey and not give them the signing
subkey at all. What some people (me, among others) do in addition
keyserver/no-greeting/etc. settings):
personal-digest-preferences SHA512
cert-digest-algo SHA512
Are there any other settings (or changes to these) that would be considered
more forward looking?
I appreciate everyone's help on this -- trying to make sure I get it
right.
David
On Sat, Dec 11
can properly deal
with it.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-bit
hash. Think of it as a non-broken SHA-1: it's theoretically as strong as SHA-1
once was thought to be, but not stronger.
(i.e. it's a great SHA-1 alternative, but it's not as strong as a full-sized
SHA-2).
David
___
Gnupg-users mailing list
Gnupg
data, and a (different) subkey for
encryption. This has a few advantages, such as that you can leave this primary
key offline altogether (since you only actually need it to make more subkeys).
It's hard to compromise a key that isn't actually on your computer most of the
time :)
David
of
this group might be useful in my next steps. Your help is appreciated.
--
David Tomaschik, RHCE, LPIC-1
GNU/Linux System Architect
da...@systemoverlord.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo
into the armor.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
should I organize, and protect the IDs?
There isn't a simple answer here, since people who sign keys can each decide
what they want before signing. Personally, I'll sign with two government
issued IDs, and wouldn't bother to bring more than that to a party.
David
the
GPG encrypted file directly with the strong passphrase that I know ?
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
you in case you
lose access (forget the passphrase, delete the key, etc, etc) to your secret
key. Storing it in an encrypted bundle doesn't really help you if you forget
the passphrase to the bundle.
David
___
Gnupg-users mailing list
Gnupg-users
there are any trust signatures on the key.
Just making it ultimately trusted (or the presence of a secret key) doesn't
change the minimum.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
- just include the
appropriate pk_enc before the encrypted file
You can see RFC-4880 for the internals of how packets are put together, if
you're interested in the file details.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
issue. I'm not sure I see any benefit in looking at or changing the GPG code
in an effort to not trigger a bug in a quite old - and long since replaced -
version of gcc.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org
sn...@thyservice.com
sub 1024g/6820 2010-10-11
Just run gpg on the file (i.e. gpg my-base-64-exported-key.asc). No special
arguments needed.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I will be out of the office starting 11/12/2010 and will not return until
11/15/2010.
**
This message and any attachments contain information from Union Pacific which
may be confidential and/or privileged. If you are not the intended recipient,
be aware that any disclosure, copying,
=$finalvalue\n;
?
With this code I get: Invalid Option -BEGIN which I understand why.
regards
David J.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
How do I turn off all messaging form the gpg program
Eg.
gpg: encrypted with 2048-bit ELG-E etc...
gpg: Warning: message was not integrity protected
Thanks
David J.
attachment: winmail.dat___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
,
David j.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Nov 7, 2010, at 6:19 PM, Morten Gulbrandsen wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote:
Hi folks,
This isn't a GnuPG bug per se, but given that many (most?) people using
GnuPG have it linked against libbz2, please read
http://www.ubuntu.com/usn/usn-986
://www.rfc-editor.org/rfc/rfc5581.txt specifies the IDs for the
Camellia cipher.
If you ever need a handy reference for which algorithm maps to which number,
just run gpg -v --version. It will print out which ciphers it has support
for, and their algorithm numbers.
David
On Oct 21, 2010, at 5:26 PM, MFPA wrote:
Is there a maximum length for an OpenPGP UID?
Yes, but it's huge: 4,294,967,295 characters long. That's the OpenPGP answer.
In practice, however, using GnuPG, the maximum is 2048 characters.
David
specific to stripping a single key from a file.
The same problem exists when re-encrypting to the remaining people. Either
way, if Alice makes a copy before you strip or re-encrypt, she has the file and
can decrypt it.
David
___
Gnupg-users mailing
Jameson Rollins wrote:
We should be careful not to overstate the impatience of users too much.
I've seen plenty of people wait many seconds for google maps to load on
phones without giving up on the whole process. I also have an extremely
slow machine were I routinely have to wait a long time
*disables*
ask-sig-expire, sig-policy-url, etc.
The attached patch clarifies things to my current understanding of them
(but i might be wrong!)
I've applied something similar (also fixing ask-sig-expire which had a similar
problem).
David
___
Gnupg
Daniel Kahn Gillmor wrote:
On 09/24/2010 09:54 AM, David Shaw wrote:
It won't work with the current generation of OpenPGP smartcards. It also
will be dreadfully slow if you (or someone you are communicating with) ever
uses the key on a small machine (think smart phone). If you are usually
don't just verify
signatures :)
Dreadfully is a difficult thing to enumerate anyway. For me, FWIW, it would
be over 1-2 seconds.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Smith wrote:
Daniel Kahn Gillmor wrote:
On 09/24/2010 09:54 AM, David Shaw wrote:
It won't work with the current generation of OpenPGP smartcards.
It also will be dreadfully slow if you (or someone you are
communicating with) ever uses
Jean-David Beyer wrote:
David Smith wrote:
Not truly quantitative, but I notice a significant difference
between encrypting emails to people with 1024-bit keys vs people with
4096-bit keys. I'd say that the difference is in the order 3-6
seconds.
I'm running GnuPG 1.4.x on a Sun Ultra10
on a full
power computer, then they generally have the CPU to spare for this sort of
thing, and you'll rarely if ever notice a difference.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
for me. I even cut and paste your exact command line.
hashed subpkt 20 len 28 (notation: t...@example.org=test)
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Sep 24, 2010, at 12:47 PM, Daniel Kahn Gillmor wrote:
On 09/24/2010 11:53 AM, David Shaw wrote:
There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
Signer's User ID). I don't think anyone implements it though.
Ah, so there is! Thanks, David.
However
--version). If you see BZIP2 on the Compression line, then you are
linked with libbz2.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I can do this?
Do you have the public key corresponding to the card key on that box? You need
the public key plus a run of --card-status to generate the stubs.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman
On 08/27/2010 04:36 AM, Chris Knadle wrote:
On Thursday 26 August 2010 16:52:24 David Mohr wrote:
Hi,
I recently bought a gnupg smart card (kudos to the organizers of
Froscon). I own an internal smart card reader made by akasa (AK-ICR-05).
Unfortunately it doesn't work with gnupg out
:
SCardEstablishContext failed: 0x8010001d
[opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No
readers found
Readers known about:
Nr.Driver Name
0 openct OpenCT reader (detached)
1 openct OpenCT reader (detached)
Any help would be greatly appreciated!
Thanks,
~David
the
keyserver, N is used to go to the next page of responses. The maximum number
of results on a page varies depending on the window size, but it will never be
smaller than 24.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org
the encryption algorithm on a file? Any help
with these questions is appreciated.
Try gpg --list-packets, or decrypting with -v set.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
be about the same size as the unencrypted file. However,
it's usually about 55 bytes longer than that. What other information is
stored in the Data Packet and what is the format?
Read RFC-4880. Specifically, section 11.3, which gives the various legal
packet combinations.
David
a policy
URL or notation after it has been issued, you can simply delete the old sig
(even a self-sig can be deleted) and re-issue it.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
have been an illusion of actual
functionality.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
not pretend otherwise.
The only way to properly implement the flag is on the server side. I'd rather
work towards that real answer than do something weak on the client side.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org
to gpg2. Much simpler and you don't
need to deal with renaming keyserver helpers, or re-patching the code every
time a new release is made, etc.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Snaky Love wrote:
Hi David,
thank you very much for your explanation!
May I ask a few final questions about this issue:
- are there any tools at all that handle the group crypto + archive
use-case satisfactory? (Yes, PM me your ads :)
- what is the current state of research regarding
Snaky Love wrote:
Hi,
thank you very much for the interesting discussion.
About GSWoT - does this cover my described use-case? I don´t quite get
it from a first glance on the website...
Well, I've only just learned about it by reading the website, but...
Not really.
From what I can
possible, then --no-mdc-warning will make the warning on the recipient side go
away.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I will be out of the office starting 07/29/2010 and will not return until
08/02/2010.
**
This message and any attachments contain information from Union Pacific which
may be confidential and/or privileged. If you are not the intended recipient,
be aware that any disclosure, copying,
version 6.5 is beyond
antique at this point. You might try adding the --pgp6 flag to your gpg
invocation, which enables some workarounds for various PGP 6-isms, but
basically the problem is that PGP 6.5 predates the standard that GnuPG follows.
David
m...@proseconsulting.co.uk wrote:
I need to be able to ultimately trust a public key in batch mode, that I
have downloaded automatically with wget from an internal server over HTTPS.
I don't want to do --trust-model always, apart from the fact I want to
use a trusted key anyway, gpg
check the email address, you can't really affirm that.
Not everyone checks. I believe they should.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
that is the correct order, but a while ago there was a
thread about this and I would like to find it.
- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jerseyhttp://counter.li.org
^^-^^ 17:10:01 up 16 days, 1
.
By that logic, no program can be said to provide plausible deniability ;)
(Not that I necessarily disagree - I tend to get stuck on the plausible part
of the deniability. If things reach the point where you're relying on
plausible deniability to save you, you're already in deep trouble.)
David
-server. Then notify whoever sent you the
original message of the problem and to send it again with the new key.
You might wish to revoke the old key-pair if you have a revocation
certificate on your machine.
I do not know how you lost your secret key.
- --
.~. Jean-David Beyer Registered
at CentOS 4, the binary for it is gnupg-1.2.6-9.i386.rpm
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jerseyhttp://counter.li.org
^^-^^ 14:45:01 up 12 days, 23:31, 3 users, load average: 4.47
.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Breen Mullins wrote:
* Jean-David Beyer jeandav...@verizon.net [2010-07-20 14:53 -0400]:
John Espiro wrote:
Greetings...
My google skills must not be working lately... Can anyone help point me
to the 2.0.16 binary for GnuPG / RHEL4?
Thanks
501 - 600 of 1823 matches
Mail list logo