Am Sa 28.02.2015, 12:27:05 schrieb Neal H. Walfield:
> In that time, OpenLDAP configuration has gotten a lot more
> complicated. I've modernized and significantly expanded his tutorial.
> You can find it here:
>
> http://wiki.gnupg.org/LDAPKeyserver
Doesn't refer to your work but is a general
Am Fr 27.02.2015, 13:11:33 schrieb Kristian Fiskerstrand:
> > We need keyservers which are a lot better that today's. IMHO that
> > also means that a keyserver should tell a client for each offered
> > certificate whether it (or a trusted keyserver) has made such an
> > email verification.
>
> Th
Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing:
> But what about that Man in the Middle who does nothing more than
> receive your message encrypted to their key and forward it to the
> real recipient you are building a trust relationship with?
He does have to do more: He has to intercept the me
Am Fr 27.02.2015, 20:56:00 schrieb Werner Koch:
> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> > that anyone can upload _every_ key to a keyserver is an issue. If
> > keyservers would do some sort of verification (e.g. confirmation of
> > the email addresses) then this would lead to much
Am Fr 27.02.2015, 22:30:41 schrieb Christoph Anton Mitterer:
> Obviously I'll need any intermediate keys (and enough of them that I
> personally decide it's trustworthy).
Once more we see the term that confuses nearly everyone:
You personally decide to trust a key – for it's certifications. That
Am Fr 27.02.2015, 21:25:40 schrieb Christoph Anton Mitterer:
> On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote:
> > So what exactly is the purpose of the keyserver then ?
>
> Find trust paths
What could that be good for? If you do not make very strange assumptions
that could be of any u
Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
> Maybe implementation with an opt-in could preserve publishing of faked
> keys on public keyservers?
We need keyservers which are a lot better that today's. IMHO that also
means that a keyserver should tell a client for each offered certificate
w
Am Fr 27.02.2015, 09:45:36 schrieb gnupgpacker:
> German ct magazine has postulated in their last edition that our pgp
> handling seems to be too difficult for mass usage, keyserver
> infrastructure seems to be vulnerable for faked keys, published mail
> addresses are collected from keyservers and
Am Mi 18.02.2015, 21:29:40 schrieb Xavier Maillard:
> Jesper Hess Nielsen writes:
> >> gpg -u -u --clearsign keytransition.txt >
> >> keytransition.signed2
> >
> > woops, forget about the '> keytransition.signed2' part. Just running
> > with --clearsign will give you a keytransition.txt.asc fi
Am So 15.02.2015, 20:55:05 schrieb Matthias Mansfeld:
> One point for inline vs. MIME: You can easily Ctrl-V the complete
> inline signed or encrypted mail in the clipboard and Ctrl-V it in any
> GnuPG Interface. Doesn't work with a PGP/MIME mail.
Let's hope that changes soon:
https://bugs.kde.o
Am So 15.02.2015, 16:12:01 schrieb Stephan Beck:
> X-GPG-Key-ID: 0xBA4909B78F04DE1B
> X-GPG-Key:
> http://wwwkeys.pgp.net/pks/lookup?search=0xBA4909B78F04DE1B&op=index
> X-GPG-Fingerprint: 9983 DCA1 1FAC 8DA7 653A F9AA BA49 09B7 8F04 DE1B
>
> Obviously, it indicates a key ID 0xBA4909B78F04DE1B a
Am Fr 13.02.2015, 19:54:44 schrieb @bitmessage.ch:
> When generating a uid for a key using gpg2 (2.0.25), and attempting to
> input an email address containing a tilde (~), I receive an invalid
> email error. There seems to be no way I can find to bypass this
> restriction, and use my "invalid" ema
Am Di 10.02.2015, 13:01:17 schrieb Daniel Kahn Gillmor:
> > I can even sit down with the owner of
> > the key and verify his ID and fingerprint and sign it, meaning
> > "this key belongs to this person, but was superseeded a week ago".
> > If actually influences the validity of anything he signed
Am Sa 24.01.2015, 18:14:01 schrieb Andreas Schwier:
> And I want a secure key escrow scheme where I can backup and
> restore sensitive key material - functions the OpenPGPCard
> specification does not provide for.
The OpenPGP card does provide the opportunity to backup the on the card
generated
Am So 21.12.2014, 00:46:40 schrieb Christopher Beck:
I noticed that too late: You shall always reply to the list. Usually I
demand a list reply first before I answer.
> First, I tried to make an alias. This worked well for every
> application which uses gpg als a command line tool: $ alias gpg=
Am Sa 20.12.2014, 19:20:23 schrieb Christopher Beck:
> Third and last, thought it makes sense for gpg to use the newest sub
> key only (especially for the signing sub key), is there a possibility
> to force gpg to use a specific sub key? This question could manually
> solve question number two and
Am Fr 21.11.2014, 20:17:38 schrieb Patrick Schleizer:
> is it possible to update an existing (RSA) gpg key to ECC?
>
> Or would a usual transition process be required?
You can change the subkeys (encryption, signing) easily but not the
mainkey (the one the fingerprint refers to). But hardly any
Am Fr 21.11.2014, 13:58:19 schrieb grantksupp...@operamail.com:
> The obvious difference in usage ...
>
> One says the usage is
>
> throw-keyids
>
> the other says usage is
>
> throw-keyid
That's just a typo. The correct name for the option is "throw-keyids".
You do not have to write the
Am Fr 21.11.2014, 12:16:39 schrieb grantksupp...@operamail.com:
> I see conflicting docs online:
> Do not put the recipient key IDs into encrypted messages.
This
> helps to hide the receivers of the message and is a limited
> countermeasure against traffic analysis.1 On the rec
Am Do 13.11.2014, 22:33:31 schrieb da...@gbenet.com:
> I exported my keys to a USB stick. Then I copied my .gnupg to a new
> Linux laptop. Then I imported my keys. I thought that I would be
> fine.
It is unclear to me what exactly you are talking about.
The terms "export" and "import" usually re
Am Sa 08.11.2014, 20:49:24 schrieb Robert J. Hansen:
> What you're looking at is called an em dash (or an en; the FAQ uses
> both) and is typographically correct.
It is correct if an em dash is meant. It does make absolutely no sense
to use a "–" when code is involved where only "--" works. This
Hello,
there is a common problem (usually with CMS) in the FAQ:
https://www.gnupg.org/faq/gnupg-faq.html
There are three ocurrances of "–"; all of them are destroyed "--"s.
They are correct in the plain text version.
Actually Google pointed me to the outdated version (which has the same
pr
Hello,
on
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
there is a link to the archive
http://lists.gnupg.org/pipermail/gnupg-announce
but that does not work; it's a strange redirect to
http://lists.gnupg.org:8002/pipermail/gnupg-announce/
Hauke
--
Crypto für alle: http://www.openpgp-
Am Di 04.11.2014, 15:14:55 schrieb Kanchan Gobari:
> Urgent help required.
Then you should have subscribed to the list before writing. Would have
saved you 12 hours...
> I have create a UNIX script for encryption but while executing the
> script got the below error:
>
> gpg: cannot open tty `
Am Do 30.10.2014, 23:14:12 schrieb Cpp:
> Is there a way to "query" gpg-agent to
> see whether a correct passphrase has been recently entered for a
> particular secret key, and has not yet been forgotten?
Yes and no.
There is an easy way to find out whether a certain passphrase (make sure
to di
Am Di 28.10.2014, 22:06:36 schrieb Sudhir Khanger:
> I have gpg-agent cache passphrase. When I run gpg -c text.txt it asks
> for passphrase twice like it normally would but Kgpg or KMail don't.
You probably mean that Kgpg asks just once. KMail isn't capable of
creating symmetrically encrypted ma
Am So 26.10.2014, 16:12:15 schrieb Peter Lebbing:
> PS: I didn't quite understand the different "you"s in your mail; they
> all appear to refer to "anyone". But it doesn't seem important.
Kind of important for your argument.
The statement "that you are about to encrypt to that key" does not make
Am So 26.10.2014, 14:14:25 schrieb Peter Lebbing:
> that you are about to encrypt to that key.
And who is "you"? 8-)
THEY do know anyway that you (really you in this case) encrypt to a
certain key as long as SMTP is used (as usual) and the target key ID is
not hidden (as usual, too).
Hauke
Am So 26.10.2014, 08:19:28 schrieb NdK:
> Il 25/10/2014 20:09, Hauke Laging ha scritto:
> > I would like to suggest a new option for GnuPG (mainly intended for
> > the config file) which would automatically try to import an update
> > for the certificate if it has expired (b
Hello,
I would like to suggest a new option for GnuPG (mainly intended for the
config file) which would automatically try to import an update for the
certificate if it has expired (both from the standard key server and
from the preferred one if set).
I guess that many users don't understand th
Am So 19.10.2014, 21:10:20 schrieb Peter Lebbing:
> It is clear you are not working on the same assumption as I did: that
> there were already good passphrases on the keys, because this is
> simply good practice
A good passphrase doesn't help against online attacks. The usual
protection against
Am So 19.10.2014, 13:26:55 schrieb Peter Lebbing:
> > a) save the complete configuration (optionally protexted with a
> > passphrase) to a single file
> I'm not sure how you envision this, but wouldn't it be much easier,
> and sufficient, to have a prompt on startup that read:
>
> ***WARNING***
Am Sa 18.10.2014, 21:08:30 schrieb Robert J. Hansen:
> > I could do this myself – but as a script only (which would not be
> > portable).
>
> It's not hard to make highly portable Perl or Python scripts. I think
> you're overestimating the difficulty here.
I am aware of that. The first point is
Hello,
I am often asked whether (and how) it is possible to use OpenPGP on
several systems with the same keys. You are probably aware that this is
also asked here, not often but regularly. And then the "copy everything
except random_seed" fun begins again.
I just noticed how strange it is that
Am Di 07.10.2014, 02:01:37 schrieb Hauke Laging:
> The first version is for beginners and in German only. Translating
> that should not be too much work thus I will probably make an English
> version myself (if noone else does before me).
And there it is:
http://www.openpgp-co
Am So 12.10.2014, 23:35:16 schrieb Dr. Peter Voigt:
> Can I still use my existing revocation certificate with my key pair
Yes.
> I am supposing the revocation certificate just refers to my main
> key ID regardless of the identities belonging to the key pair.
To the fingerprint (or: the key data
Hello,
a few days ago at a Cryptoparty I noticed that it is not only important
to teach people. Determining how much they have understood is important,
too. After all, the overall security you get from real world crypto is
technical in nature only in a minority share. More important is that you
Am Do 02.10.2014, 22:38:56 schrieb Chris:
> I'm having to put my system back together again after my Mandriva box
> crashed back in August. I'm up to getting my key installed and when
> sending myself a test post I get this:
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg
Am Sa 27.09.2014, 16:11:09 schrieb MFPA:
> If I just try:-
>
> echo "$PW" | gpg --passphrase-fd 0 --symmetric --output file.gpg file
>
> it symmetrically encrypts but I cannot find a passphrase that works
> for decryption.
I quote the man page for "--passphrase-fd n":
"[...] Note that this pa
Am Mi 17.09.2014, 20:54:22 schrieb MFPA:
> Do key UIDs have an expiry date? I never noticed that.
The mainkey expiration date is implemented via the UID expiration date.
This is because you need a signature and the mainkey itself doesn't have
one. The mainkey expires if all UIDs have expired. T
Am Di 16.09.2014, 12:03:20 schrieb Doug Barton:
> On 9/16/14 11:53 AM, Hauke Laging wrote:
> > Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
> >> which further highlights that adding options to make life
> >> easier for people who don't understand what
Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
> which further highlights that adding options to make life easier
> for people who don't understand what key expiry means, or how to
> manage it properly, is probably not a good idea. :)
What I want would make life easier mostly for the contac
Am Di 16.09.2014, 20:36:03 schrieb Sam M:
> --batch cannot be used when generating revocation keys, and
> --password-file and --password-fd are only usable with --batch.
You can use the "echo ... | gpg ... --command-fd" part you know from my
script in order to delete the passphrase (and add it af
Am Di 16.09.2014, 18:38:42 schrieb Sam M:
> For each of the subkeys of interest, I did the following ("a" being
> the looping variable) -
> --export-secret-subkeys
> This gives me 3 files that I want in a separate keyring (listed below
> with MD5) -
>
> a5fcd3e138a869d03a2b398e180ab729
> A6213
Am Mo 15.09.2014, 15:56:04 schrieb Robert J. Hansen:
> There's a half-finished liter of milk in my fridge that's now a week
> past its expiration date. (Yes, yes, I'm going to throw it out once I
> get home...)
>
> If you want, feel free to come by. I'll pour you a glass of milk.
> After all, a
Am Mo 15.09.2014, 15:02:14 schrieb Doug Barton:
> I set an expiration date on my key because
> I felt there was a legitimate concern that myself, my key, or both
> were going to come under the control of a hostile entity.
a) What period do you choose for that? A day, a week, a month, a year?
b)
Am Mo 15.09.2014, 13:19:10 schrieb Robert J. Hansen:
> Yes, OpenPGP is quite permissive about letting people encrypt to
> expired certificates,
Did you really mean that? I am not aware of any way how to do that
within GnuPG (i.e. without faking the time which would affect a
signature). This thr
Am Mo 15.09.2014, 09:47:21 schrieb David Shaw:
> I disagree with this. Expiration is the way the key owner (the person
> who knows best whether the key should be used or not) tells the
> world, "Do not use this key after this date".
Where do you take that from? Neither the RfC uses this descript
Am Mo 15.09.2014, 14:33:55 schrieb Nicholas Cole:
> The
> expiry date is there exactly so that users do not have to explicitly
> revoke keys.
I doubt that this is the common interpretation of this feature.
One of the effects of expiration is that you can recognize (non-
compromised) dead keys.
Am Mo 15.09.2014, 15:12:31 schrieb Martin Behrendt:
> 2 arbitrary use cases:
>
> 1. One uses the expiration date as a reminder, to think about maybe
> updating it to new standards or what so ever. In this case, a warning
> when using an expired case is enough.
>
> 2. One lives in an hostile envi
Am Mo 15.09.2014, 09:48:47 schrieb Nicholas Cole:
> Opportunistic encryption with a fall-back mode to plain text, which
> seems to be your model, is dangerous. Yes, it is always dangerous to
> have a protocol that sends in plain text if encryption is impossible.
This is not about opportunistic e
Hello,
after filing a bug report for my mail client because it does not allow
me to encrypt to an expired certificate (neither does Enigmail) I was
surprised to notice that I didn't manage to encrypt to an expired
certificate with gpg in the console (2.0.22).
Is this not possible (what about g
Am Sa 13.09.2014, 16:20:42 schrieb Werner Koch:
> On Sat, 13 Sep 2014 15:19, mailinglis...@hauke-laging.de said:
> > Try this (shell code, bash):
> That is of course version and configure option specific because it
> uses canned commands. If it works for you, fine but you should be
> aware of that
Am Sa 13.09.2014, 16:53:09 schrieb Sam M:
> Werner,
>
> I'm not a programmer, so I don't know much about source code. But I
> had downloaded the code for GPA. And to try and find an example, I
> did a grep on the option command-fd. I didn''t find anything.
>
> I would be grateful if you could poi
Am Mi 10.09.2014, 15:35:46 schrieb Werner Koch:
> On Wed, 10 Sep 2014 14:36, mailinglis...@hauke-laging.de said:
> > gpg-connect-agent "GET_PASSPHRASE --data --no-ask "\
> > "4F7E9F723D197D667842AE115F048E6F0E4B4494 t1 t2 t3" /bye
>
> Note that this won't anymore with 2.1.
Not at all or just not
Am Mi 10.09.2014, 13:20:01 schrieb Sudhir Khanger:
> Hello,
>
> Is there a way to tell if a GPG key's passphrase is cached or not?
> Just like ssh-add -l prints all the keys that are in current keychain
> ready to be used.
I am working on a Python script which does that as preparation for its
ma
Am Di 19.08.2014, 14:49:37 schrieb Robert J. Hansen:
> > 2. They have a default skeleton gpg.conf with incompatible digest
> > algo etc. (as discussed many times on the list).
>
> Use of cert-digest-algo isn't really a problem unless you're needing
> people running old PGP or GnuPG to be able to v
Am Mi 13.08.2014, 22:43:41 schrieb MFPA:
> > Subkeys and third party signatures are not related
> > (today – one more problem).
>
> Why is that a problem?
Because of that OpenPGP (at least in a useful form) is not compatible
with (probably not only) German signature law. I know that this will b
Am Mi 13.08.2014, 14:54:40 schrieb pze...@hushmail.com:
> Say I add
> some UIDs and some subordinate keys, and then remove a subset of
> those. Only after having done all this, I upload this key's public
> info, for the first time, to a keyserver and tell you about it. Could
> you now, from this o
Am Mi 13.08.2014, 12:23:24 schrieb Peter Lebbing:
> > Can she add a new UID of the same name "Alice " to
> > her gpg key again?
>
> I'm pretty sure that, yes, you can.
Give it a try...
> practice, you'll usually see that it will be encrypted to the last
> created non-expired key.
Not the last
Am Mi 13.08.2014, 11:57:12 schrieb pze...@hushmail.com:
> updated public key to everyone she's in contact with. Then, for some
> reason, Alice joins aforementioned company again, re-gaining control
> of her mail address u...@company.com. Can she add a new UID of the
> same name "Alice " to her gpg
Hello,
I just got more familiar with gpg-agent and had the idea that it might
be nice (i.e. in this case: I should be capable of doing that myself) to
have a background process which notices that gpg-agent has a new
passphrase in it's cache. This process could determine the certificate
to whic
Am Mo 11.08.2014, 09:10:23 schrieb da...@gbenet.com:
> Am getting the following msg now
> Error - key extraction command failed
> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty
> --status-fd 2 -a --export 0x8716853A
> gpg: WARNING: unsafe enclosing directory permissions on c
Am So 10.08.2014, 20:39:26 schrieb da...@gbenet.com:
> david@laptop1:~$ gpg-agent --daemon
> GPG_AGENT_INFO=/tmp/gpg-6uIYXp/S.gpg-agent:1874:1; export
You obviously have not set
use-standard-socket
in the config file gpg-agent.conf
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fue
Hello,
I think there is an error in the description of GET_PASSPHRASE on
https://www.gnupg.org/documentation/manuals/gnupg/Agent-GET_005fPASSPHRASE.html
The synopsis is:
GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--
qualitybar] cache_id [error_message prompt description]
whic
Hello,
echo $GPG_AGENT_INFO
/home/hl/.gnupg/S.gpg-agent:22684:1
why is the gpg-agent PID part of GPG_AGENT_INFO? I just made a test: I
killed gpg-agent and started it again. The applications still connect to
it though the PID is obviously wrong then.
The only effect I can see is that you can
Hello,
Am So 10.08.2014, 08:13:12 schrieb da...@gbenet.com:
> Since this upgrade
I have no idea why the upgrade may have caused this.
> Also KGpg comes up with the following error Gnupg failed to start -
> "gpg: option file `/home/david/.gnupg/gpg.conf': No such file or
> directory."
Does the
Am Di 29.07.2014, 21:25:07 schrieb Smith, Cathy:
> Hi
>
> If you've posted here, are you trying to determine the level of
> interest out-side of the German-speaking community?
Both communities because they would require different reactions by me.
Hauke
--
Crypto für alle: http://www.openpgp-sc
Am Di 29.07.2014, 14:04:13 schrieb Mirimir:
> Are you looking for comments?
Sure but not on this list; I don't want it to be flooded by an OT
discussion. Those who want to contribute should send me an email.
Depending on the number of people I would move that to a dedicated
mailing list or som
Hello,
I would like to abuse this list for something IMHO important though
slightly off-topic...
I think we (and "we" is "the Internet users" not just "those who write
on gnupg-users"...) are missing a culture of secured communication
(which can mean encrypted, signed or anonymous or a combina
Am Sa 19.07.2014, 22:37:24 schrieb Ingo Klöcker:
> > > And what's your threat model, i.e. what do you want to achieve by
> > > your symmetric email encryption scheme?
> >
> > Same answer: This is for users who don't need any threat model
> > consideration.
>
> Huh? Why would those users want to
Am Sa 19.07.2014, 01:42:19 schrieb Ingo Klöcker:
> If we add enough buttons then users will
> eventually start pressing them. (Sorry, for being sarcastic, but I
> really don't see how adding another button can possibly improve the
> users' willingness to use email encryption.)
Yeah and this works
Am Fr 18.07.2014, 22:51:13 schrieb Robert J. Hansen:
> > Are symmetric keys more probable to be compromised than asymmetric
> > ones?
> Immensely. An asymmetric key is a secret held by one person; a
> symmetric key is a secret shared by two or more.
A factor of two is "immense" to you...?
Furthe
Am Fr 18.07.2014, 13:49:54 schrieb Robert J. Hansen:
> If/when a key is compromised, all traffic that has been generated or
> will be generated with that key gets compromised, and there's no
> guarantee about whether you'll know the key is compromised -- so it's
> only sane to have an agreed-upon
Am Fr 18.07.2014, 09:46:14 schrieb Doug Barton:
> Hauke,
>
> I think you skated past a previous question about your idea, and I'm
> also interested in the answer so I'll ask it again. :)
>
> If you have a secure channel of communication by which you can
> exchange the symmetric password (which yo
Am Fr 18.07.2014, 15:40:34 schrieb Ingo Klöcker:
> > And, quite important: It would not require serious
> > development effort as this possibility is built-in with GnuPGP.
>
> I think you underestimate the development effort.
That is easily possible. But what would have to be done (at least)?
Am Do 17.07.2014, 21:02:06 schrieb Robert J. Hansen:
> > I think that would be a nice feature for recipients who don't have
> > an
> > asymmetric key (those 99%).
>
> But given the overwhelming majority of GnuPG users have an asymmetric
> key, this is ... kind of pointless.
You haven't understood
Hello,
is there any OpenPGP mail client which supports symmetric encryption?
I think that would be a nice feature for recipients who don't have an
asymmetric key (those 99%). Many new communication systems have a
fallback option for symmetric encryption in case the preferred way is
unavailable
Am Do 17.07.2014, 23:39:53 schrieb MFPA:
> > in short: use gpgsplit to split the key, then import
> > one part, set passphrase A, export it (encrypted with
> > A), delete it, then import the other part, set
> > passphrase B.
>
> Do you actually need gpgsplit to achieve this? I thought you could
>
Am Mo 14.07.2014, 18:06:37 schrieb martijn.list:
> Unfortunately this won't work.
...with emails which have an attachment.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37
Hello,
first I admit that this is not a GnuPG problem.
AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME
yet. Wouldn't it be nice to have a mail service where you can send a
PGP/MIME mail to and get it back in PGP/Inline format (or more general:
in the other format)?
If
Am So 13.07.2014, 21:06:50 schrieb Schlacta, Christ:
> I've googled, and I've searched, and I've tried and I've screwed up
> and deleted without sending to keyserver... but I can't for the life
> of me figure out how to add my lesser used e-mails to my gpg key as
> secondaries. Every time I try,
Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd:
> The problem is that all the 'users' will have to know the
> pass phrase to the secret key to be able to crypt/decrypt,
That is right.
> which
> means that any of them can make changes to your keys.
And that is wrong.
Hauke
--
Crypto für al
Am Di 08.07.2014, 07:04:05 schrieb Hugo Almeida:
> but batch mode seems not work for --edit-key option,
> I want a unattended way to add subkeys.
It does work. You can have a look at my script which does that:
http://www.openpgp-schulungen.de/scripte/keygeneration/key-generation.sh
The script i
Am So 06.07.2014, 23:18:20 schrieb Matthias Fischer:
> I can achieve something similar, by using:
> $ gpg --no-default-keyring --keyring /tmp/keyring.once --import
> $ gpg --no-default-keyring --keyring /tmp/keyring.once
> --trust-model always --recipient -e
>
> But this requires an additional
Am Do 03.07.2014, 23:54:39 schrieb Robert J. Hansen:
> Bring it close
> to a mobile phone and presto, bang, it can access the 400 bytes.
>
> This is too large to store an RSA or DSA2 certificate, unfortunately.
I don't even have a smartphone... but
1) might it be possible to combine several of
Am Di 01.07.2014, 17:28:36 schrieb Robert J. Hansen:
> The integer factorization problem (the math RSA is built upon) is
> conjectured to be infeasible to break.
Yeah, but someone told us (pointed us at) here some time ago that
breaking RSA was NOT the same like breaking RSA... ;-)
--
Crypto f
Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg:
> somehow i managed to send a key id to a key server that has no
> secret-key. so i would like to remove it.
>
> gpg --output keyrevoke.asc --gen-revoke 0x
>
> doesn't work since there is no secret key.
>
> at a loss as to how to remove/revoke thi
Am Do 26.06.2014, 16:06:25 schrieb Robert J. Hansen:
> Since it's possible to degrade the cipher preference to 3DES,
> we need to assume that's exactly what will happen. (Your next
> objection is "How?". That's a non-sequitur right now. I believe
> serious adversaries can do this because (a) the
Am Di 24.06.2014, 09:50:04 schrieb Nex6|Bill:
> anykind of "best practice", should
> be simple, so that it encourages a sane baseline for people.
That depends on it whether you need security or the illusion of security
is enough for you.
IMHO it is one of the main problems that hardly anyone ca
Am Di 17.06.2014, 13:51:05 schrieb Werner Koch:
> On Tue, 17 Jun 2014 12:58, mailinglis...@hauke-laging.de said:
> > And for those who understand German (or consider the Google
> > translator fun):
> >
> > http://www.crypto-fuer-alle.de/wishlist/mitmach-symbol/
>
> Well, we already decided on a l
Am Di 17.06.2014, 11:36:11 schrieb Werner Koch:
> Hi,
>
> the guy I am working with on a new website, recently asked why we do
> not have a mascot like many other projects.
But something similar to a mascot.
I would like to point at this:
http://lists.gnupg.org/pipermail/gnupg-users/2013-July
Am Mo 16.06.2014, 20:04:14 schrieb john s.:
> Please help me to understand what is going on here when I attempt to
> change the expiry date of a sub key.
> john@erica:~/Desktop$ gpg --edit-key C6A5A9DB
> gpg> expire C6A5A9DB
> Changing expiration time for the primary key.
The command is just "ex
Am So 08.06.2014, 20:59:41 schrieb Peter Lebbing:
> This one seems easy... leakage of the revocation certificate is much
> more benign.
> It all boils down to: "a safe backup" depends on what you are backing
> up.
That would be a good explanation of this aspect but that is usually not
what you
Am So 08.06.2014, 18:51:39 schrieb Suspekt:
> > There is a /lot/ of bad advice out there; I'd be wary of linking to
> > it.
> I understand that. But those links are out there and just by searching
> on the internet you'll find a lot of some, because they seem to quite
> popular on google... Maybe
Am Mo 02.06.2014, 17:30:15 schrieb Suspekt:
> Correct me if I'm wrong but doesn't GPG prefer the keys created last
> over keys created earlier? So it would use the every-day keys by
> default and use the high-security keys only if told specifically?
What can possibly go wrong...
--
Crypto für a
Am So 01.06.2014, 21:12:49 schrieb Suspekt:
> > There are certain risks using the same RSA key for encryption and
> > signing. If you make a blind signature over data someone supplied
> > then you unintentionally decrypt the data (and send it back).
>
> I don't get it. Decrypting data by signing
Am So 01.06.2014, 12:54:30 schrieb Suspekt:
> But I yet have to find someone recommending to use the offline mainkey
> also for encryption/decryption of files, that are so important that
> subkey encryption/decryption is not secure enough.
I do :-)
http://www.openpgp-schulungen.de/kurzinfo/schlu
Hello,
I would like to suggest a probably easier alternative to my proposal
"sign encrypted emails":
http://lists.gnupg.org/pipermail/gnupg-users/2014-January/048681.html
The purpose is that the recipient can be sure that the message has left
the sending system encrypted (and: encrypted for a
Hello,
from time to time when changes to GnuPG's behaviour (about validity and
trust) are suggested, Werner responds kind of: "No, that should be done
on top of GnuPG." This attitude makes sense but in the current situation
I would ask: How? How shall that be done on top of GnuPG without causin
1 - 100 of 575 matches
Mail list logo