Re: NXDOMAIN for hkps.pool.sks-keyservers.net

ps pool due to expiry of the CRL -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -

Re: libgcrypt license

nse acceptance information in the package. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F

Re: Future OpenPGP Support in Thunderbird

On 14.10.2019 22:45, Werner Koch wrote: > On Mon, 14 Oct 2019 20:43, Kristian Fiskerstrand said: > >> was suggested by Kristian and Andre: talking to SCDaemon (scd) with IPC. >> Details need to be discussed, but it would be an optional solution, that > > Given that

Re: Future OpenPGP Support in Thunderbird

Unix socket or TCP/IP (windows) with usual user system protection? Or... extend the RNP library to talk to scd? Needs discussion and contributors, but that should wait until we're certain what library TB will use. """ References: [notes] https://wiki.gnupg.org/OpenPGPEmailSummit

Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?

On 30.08.2019 01:02, Brian Minton wrote: > On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote: >> On 4/25/19 9:20 AM, Bernhard Reiter wrote: >>> Wikipedia points out a strong sensitivity of the algorithm to the quality >>> of >>&g

Re: was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"

[cross-certification section] https://gnupg.org/faq/subkey-cross-certify.html -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keys

Re: New keyserver at keys.openpgp.org - what's your take?

On 7/3/19 3:20 PM, Andrew Gallagher wrote: > On 03/07/2019 13:45, Kristian Fiskerstrand wrote: >> There are various ways this can be used for other >> attack vectors as well, so they are mostly just ignored. > > Any of those attack vectors applicable to keyservers attempting

Re: New keyserver at keys.openpgp.org - what's your take?

relying on specification of TPK URI for refresh is privacy issues related to callbacks and/or DoS. There are various ways this can be used for other attack vectors as well, so they are mostly just ignored. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Tw

Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?

keys. This isn't really a major point given rfc6979 ( https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuousca

Re: Why Signing key part of Master key

-capable anyways by updating the flags on its self-signature) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E

Re: [openpgp-email] 4th OpenPGP Email Summit - Update

> On 17 Oct 2018, at 14:26, Sandro Knau� wrote: > > Hey, > >> - Friday evening: we will meet at the Winery (Trois Tilleuls Street 1, 1170 >> – Brussels, www.winery.be ). People from Mailfence will be there from >> 19:30, I will arrive a little later. I’ve arrived in brussels and checked into h

Re: Issue with pinentry GUI agent

On 9/7/18 9:19 PM, Daniel Kahn Gillmor wrote: > On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote: >> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >>> I'm unable to replicate this. here's a transcript of my session, >>> testing pinentry-qt 1.

Re: Issue with pinentry GUI agent

On 9/7/18 2:31 PM, Kristian Fiskerstrand wrote: > On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >> I'm unable to replicate this. here's a transcript of my session, >> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian >> testing/unstable: > > whic

Re: Issue with pinentry GUI agent

debian testing with Cinnamon selected during install. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA

Re: Issue with pinentry GUI agent

On 9/5/18 9:39 AM, Kristian Fiskerstrand wrote: > without DISPLAY env var, qt version automatically falls back to curses > variant despite the argument Wrote too quickly there; This is actually wrong, it never actually falls back to curses, it just

Re: Issue with pinentry GUI agent

lso on pinentry 1.1.0 on gnupg 2.2.10 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---

Re: Issue with pinentry GUI agent

On 08/29/2018 12:41 AM, Kristian Fiskerstrand wrote: > On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote: >> On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote: >>> Hi all, since some days I'm having an issue with pinentry, I've set the >>> default

Re: Issue with pinentry GUI agent

ough... but something is possibly off with the handling of DISPLAY (as far as I've gotten in my debugging that is the only diff in the env vars between the direct invocation and the bash propmpted one, it might not be ultimately relevant) -- Kristian Fiskerstrand B

Re: keys.gnupg.net is blocked by Palo Alto Wildfire

rver, but why would it respond to such a host on port 80? it responds to keys.gnupg.net on 11371 (default HKP port) as it should. Fut for HKPS/HTTPS there aren't any expectations for certificates for the SNI etc, hkps.pool.sks-keyservers.net is used for that by default. -- ---

Re: Won't recognize my secret key

only the secring that needs converting to the new format to begin with. I don't see any benefit in changing the method here -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyb

Re: Upgrading 2.0.20 to 2.2.24

tely, in case there is sync issue and that has been updated without secring being updated. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB A

Re: Web of Trust and validation of keys

. > two marginally-trusted keys or one fully-trusted key is needed to > validate another key. The maximum path length is three." >   > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/ma

Re: pinentry problems

On 04/17/2018 10:48 PM, Paul H. Hentze wrote: > > > On 17.04.2018 17:48, Daniel Kahn Gillmor wrote: >> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote: >>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote: >>>> Actually those commands >>>

Re: gpgme_op_verify regression with gnupg 2.2.6?

er version if needed. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 &qu

Re: pinentry problems

wn: The owner of data XXX is going to be > changed. This is not allowed." and it did that with every file in that > folder. Seems like a mixup of chmod and chown there, although make sure the user is correct as well. -- Kristian Fiskerstrand Blog: https

Re: having trouble checking the signature of a downloaded file

On 02/22/2018 11:13 PM, Kristian Fiskerstrand wrote: > On 02/22/2018 11:03 PM, Henry wrote: >> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand >> : >>> On 02/21/2018 11:53 AM, Peter Lebbing wrote: >>> Touché :) Indeed, didn't notice it was an old file

Re: having trouble checking the signature of a downloaded file

On 02/22/2018 11:03 PM, Henry wrote: > 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand > : >> On 02/21/2018 11:53 AM, Peter Lebbing wrote: >> Touché :) Indeed, didn't notice it was an old file/signature , then >> gnupg 1.4 is the recommended official suggestion pres

Re: having trouble checking the signature of a downloaded file

On 02/21/2018 11:53 AM, Peter Lebbing wrote: > On 21/02/18 10:48, Kristian Fiskerstrand wrote: >>>gpg: Signature made Tue May 4 23:03:11 2004 JST >> [...] >> >> The author should sign the package using a more modern and secure keyblock. > Note that not the ke

Re: having trouble checking the signature of a downloaded file

doing > wrong. Any help or suggestions much appreciated. TIA The author should sign the package using a more modern and secure keyblock. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public Op

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

ularly. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Manus manum lavat On

Re: Can't import public key

On 02/03/2018 04:15 PM, Pijus Kar wrote: > Is it something for the version incompatibility or in the key? As far as I can see the keyblock referenced is DSA2, which is specified in FIPS-186-3 from 2009, and you're using a gnupg version from 2002. -- ----

Re: [OT] Re: failed to convert unprotected openpgp key: Checksum error

On 01/22/2018 06:31 PM, Daniele Nicolodi wrote: > On 1/22/18 5:31 AM, Kristian Fiskerstrand wrote: >> On 01/22/2018 08:33 AM, Werner Koch wrote: >>> That is an acceptable user-id. I would have used a dot as delimiter but >>> that is a personal taste. >> >>

[OT] Re: failed to convert unprotected openpgp key: Checksum error

On 01/22/2018 08:33 AM, Werner Koch wrote: > That is an acceptable user-id. I would have used a dot as delimiter but > that is a personal taste. Dot is a permitted part of username in POSIX though, while : is not :) -- ---- Kristian Fiskerstrand Blog:

Re: gnupg-2.2.4: how to deal with failed tests

is used by gpgscm by default. * Parallel tests fail if building without tofu support * sparc architecture has a failure in tests/openpgp/quick-key-manipulation.scm:219 on assert -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk --

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 01/17/2018 01:20 AM, Daniel Kahn Gillmor wrote: > On Tue 2018-01-16 22:56:58 +0100, Kristian Fiskerstrand wrote: >> thanks for this post Daniel, my primary question would be what advantage >> is gained by this verification being done by an arbitrary third party >> rathe

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

action doing this would just shift responsibilities to a third party for something better served (and already happens) locally. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at h

Re: DRM?

On 01/16/2018 10:33 PM, Matthias Mansfeld wrote: > On 16 Jan 2018 at 20:08, Kristian Fiskerstrand wrote: > >> On 01/16/2018 07:50 PM, Andrew Gallagher wrote: >>> Agreed. I was thinking more along the lines of having some method of >>> causing signature vandalism t

Re: Remove public key from keyserver

On 01/16/2018 11:40 AM, Stefan Claas wrote: > Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand: > >> On 01/15/2018 09:23 PM, Stefan Claas wrote: >>> No? I for one would like to be sure that i am the only person who >>> can upload my public key to a key server

Re: Remove public key from keyserver

at a governmental issued ID at some point. But yes, this comes back to security != privacy -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers

Re: DRM?

nces: ["funny sks"] https://sks-keyservers.net/pks/lookup?op=vindex&search=0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock a

Re: DRM?

not aware of any production rollout, although I believe a proof of concept was written based on it for a thesis. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyserv

Re: DRM?

ld help privacy is also a questionable matter, as the full data store is downloadable, so anyone can download it containing the data wanting to be hidden. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk -

Re: DRM?

mit201512/EmailValidation?action=AttachFile&do=get&target=EmailValidation20151207.pdf -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-key

Re: DRM?

On 01/16/2018 06:05 PM, Peter Lebbing wrote: > On 16/01/18 17:47, Kristian Fiskerstrand wrote: >> I'm somewhat interested in hearing how this scheme would work in the >> case of a compromised private key. Mainly; > I was merely using the description of the basics of it as a

Re: DRM?

een added (b) before a revocation has been added (as measured on the specific keyserver). (iii) iff (ii)(a) and (ii)(b) differ; how would you handle a sync conflict of said data? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk --

Re: Remove public key from keyserver

specific CA is left to the user performing the trust calculation, incidentally also allowing for signatures from multiple CAs. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp

Re: Modernizing Web-of-trust for Organizations

On 01/06/2018 12:23 AM, Lou Wynn wrote: > On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 05:29 PM, Lou Wynn wrote: >>> The auditing key is certified by the root key and stays with the latter >>> in my design. Only the administrator can make policy

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 05:29 PM, Lou Wynn wrote: > On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: >> There are easily scenarios where a customer forgets to add the "auditing >> key", making the data unavailable to the organization, in particular in >> context of loss

Re: How do you find out the Keygrip of a v3 key?

art with libgcrypt's gcry_pk_get_keygrip() -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---

Re: Modernizing Web-of-trust for Organizations

primary the individual can create new subkeys, and the primary will always have signing capability (if not always specified as usage flag). In most setups the employee won't need/shouldn't have the private key info for the primary for this (and a few other) reasons. -- ---

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 09:41 AM, Lou Wynn wrote: > On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: >> Businesses have reasonable need to access their data, so they need to >> have access to his private keys, which contradicts "which >> is meant to prevent others from using h

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:46 AM, Lou Wynn wrote: > On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 01:12 AM, Lou Wynn wrote: >>> I guess that you've missed somewhere I said in my previous posts that >>> the end user chooses his own password to protec

Re: Modernizing Web-of-trust for Organizations

out your priorities, if the corporation doesn't have access to the data (without the specific encryption key being included) what is the value? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:04 AM, Lou Wynn wrote: > On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote: >> On 01/04/2018 11:24 PM, Lou Wynn wrote: >> but you add the requirement that all end users sending email to you >> require to validate the auditing key as well (auditing is

Re: Modernizing Web-of-trust for Organizations

proposal would require client handling of e.g notation data? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109

Re: Modernizing Web-of-trust for Organizations

o validate the auditing key as well (auditing is likely wrong word, archiving is more likely relevant). for auditing you certainly want gpg-agent monitoring of assuan channel in separate domain. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twi

Re: Modernizing Web-of-trust for Organizations

l or re-initialize user's email > client, which includes the client plugin. I don't see this as disagreeing, this means you don't have any benefit from storing the email in encrypted form once it hits the corporate network, so you're better off decryption

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 10:38 PM, Lou Wynn wrote: > On 01/04/2018 03:02 AM, Kristian Fiskerstrand wrote: >> On 01/04/2018 02:34 AM, Lou Wynn wrote: >>> No, there is no business unit level certifying key. An enterprise only >>> has one root key, which is the ultimate certificat

Re: Modernizing Web-of-trust for Organizations

y is still alive) ? That never exposes key material to client, i.e always operates within corporate infrastructure and removes a lot of complexity and allows for easier indexing/searching. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com T

Re: Modernizing Web-of-trust for Organizations

ey material (but it would require some setup to ensure they don't have it, so smartcard is generally easier) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks

Re: How to batch generate ECC key

:) > > - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“) > not work? Algorithm IDs are not directly tied to curves, so that would be more related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs. -- ---- Kristia

Re: How to batch generate ECC key

ame Name-Email: m...@example.com Creation-Date: 20170801T18 Expire-Date: 0 %commit -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3

Re: Houston, we have a problem

a new device. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Expect the bes

Re: Houston, we have a problem

3 neo on NFC works quite well with K9Mail from OpenKeychain.. Not that it should be used too much, a smartphone is one of the least secure devices around. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Pu

Re: Houston, we have a problem

he picture, maybe you can elaborate a bit on that? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B

Re: Houston, we have a problem

mple reason that SOME users can't do things right, it has to destroy any chance of a proper security for others. Which incidentally is similar to a lot of other over-simplification and interconnections throughout the world, but that is a separate discussion. Finding the least common denomin

Re: Houston, we have a problem

nce userbase the protocol has to be a binary obfuscated mess instead of trying to re-use well-established protocols in text form, just in case the user walks into the maze for some reason. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: Signing failed -- "No secret key", even though I have the key

ally, they are stubs, as indicated by the "#"-sign, so not available on the computer you're executing the signature operation on. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenP

Re: Houston, we have a problem

On 09/22/2017 10:48 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote: >>> And in place of the fake sigs it says erroneous MPI value. :-) >> >> And what happens if you do gpg --import-options import-clean >> --recv-key ? is

Re: Houston, we have a problem

On 09/22/2017 10:29 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote: >> On 09/22/2017 10:08 PM, Stefan Claas wrote: >>> Thanks for the information! Can you tell me please how to import >>> a pub key with a local client, so that

Re: Houston, we have a problem

gpg --check-sigs report? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --

Re: Houston, we have a problem

On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote: > So all is as it is supposed to be Just to add, the alternative if not considering WoT is a direct validation structure, a user in this case should only (locally) sign keyblock information of communication peers after a direct fingerpr

Re: Houston, we have a problem

ch point invalid data, including invalid signatures, results in discarding of the data, which would filter out the signature in this case. So all is as it is supposed to be -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: Prince Jones v US

COURT OF APPEALS No. 15-CF-322 09/21/2017 P RINCE J ONES , A PPELLANT , V . U NITED S TATES , A PPELLEE . Appeal from the Superior Court of the District of Columbia (CF1-18140-13) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com T

Re: Automating and integrating GPG

a scenario I'd likely use a custom pinentry, that'd be the same recommendation for a password manager etc, as for security info is passed in the socket that is protected using regular unix user permissions / ACLs and anyways same as regular pinentry uses. -- ---- K

Re: Operation not supported by device

On 07/27/2017 05:29 PM, Stefan Claas wrote: > On Wed, 26 Jul 2017 23:41:23 +0200, Kristian Fiskerstrand wrote: >> On 07/24/2017 04:27 PM, Stefan Claas wrote: >>> The file is signed and can be verified. Just wondering (after >>> googling) what this means, because i h

Re: Operation not supported by device

5c80f2 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Amantes sunt a

Re: gpg-agent cache keygrip

cular keys (as well as protecting against several other threat vectors)? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA

Re: Access denied when using gpg4win via command prompt

system directory? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "

Re: Technical contact for mailing list?

upg-users/2017-March/057877.html -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Better to keep

Re: Cannot choose specific signing key with option --default-key

On 06/14/2017 07:38 AM, Yanzhe Lee wrote: > Maybe there was a priority when sign files with RSA and ECC keys? How > can I override it? Try adding a "!" suffix to the fingerprint specification of the subkey -- ---- Kristian Fiskerst

Re: Question for app developers, like Enigmail etc. - Identicons

nspection, you'd want the tofu model in gpg 2.1? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E

Re: Question for app developers, like Enigmail etc. - Identicons

be lsigned by a local CAkey anyways? Doing a manual graphical verification doesn't seem to provide anythin in terms of security here. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public O

Re: Reviving a userid with revoked key

res from other users, those got lost at the revocation point, but your new contacts can sign the new UID without issue. Deleting the old UID will have no practical effect if it has been distributed to a keyserver historically. -- Kristian Fiskerstrand Blo

Re: Newbie can't get --passphrase option to work

and the likes , in earlier versions of 2.1 this requires allow-pinentry-loopback for the gpg-agent but in recent versions that is defaulted to on. Can you provide the information when this argument is used and the scenario that fails including explicit error messages? --

Re: Newbie can't get --passphrase option to work

assphrase. I'm using a default installation of GnuPG 2.1.19 on Windows 7 (it > may go on a Win Server 2012 box for production). look into --pinentry-mode loopback -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk -

Re: GPG Signature Verification

On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote: > On 04/20/2017 09:17 PM, Paul Taukatch wrote: >> I've attached my public key and debug log but please let me know if there >> is any other information that might be helpful. > > The first reference that springs to

Re: GPG Signature Verification

4880] https://tools.ietf.org/rfc/rfc4880.txt -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6

Re: Security doubts on 3DES default

cus on algorithms in general likely so, the likelihood of operational security being the issue is far greater -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.n

Re: Verify with missing public key: unexpected returncode

more details -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui audet vincit W

Re: GPG, subkeys smartcard and computer

On 02/21/2017 03:15 PM, Peter Lebbing wrote: > If Kristian Fiskerstrand says it's okay for SSH servers to refresh their > keyring every 20 or 30 minutes from the public keyserver netowrk, then I > guess it really is :-). I had estimated it as inappropriate. Keep in mind, the keyrin

Re: GPG, subkeys smartcard and computer

on't do. This looks to be the > painful step in the process. ... it depends... -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3

Re: GPG, subkeys smartcard and computer

from non-compromised devices. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui

Re: GPG, subkeys smartcard and computer

ly to avoid having to revoke all if one is compromised. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6

Re: Download of public keys

On 02/17/2017 09:46 PM, si...@web.de wrote: > Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand: >> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote: >> >> That change would also be consistent with >> https://git.gnupg.org/cgi-bin/gitweb

Re: Download of public keys

On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote: > On 02/17/2017 07:00 PM, si...@web.de wrote: >> keyserver hkps://jirk5u4osbsr34t5.onion >> keyserver hkps://keys.gnupg.net >> >> would solve this I guess. > > No, that'd result in certificate errors an

Re: Download of public keys

On 02/17/2017 07:00 PM, si...@web.de wrote: > keyserver hkps://jirk5u4osbsr34t5.onion > keyserver hkps://keys.gnupg.net > > would solve this I guess. No, that'd result in certificate errors and non-responsive servers -- ---- Kristian Fiskers

Re: Download of public keys

ges this behavior. Whether that is intended or not is a question for your distribution's package maintainer. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://

Re: Expanding web-of-trust with subkey

On 02/15/2017 03:27 PM, Adam Sherman wrote: > On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote: >>> Do I need access to my master key in order to expand my web of >>> trust? This seems like quite a restriction. >> Yes, although you can generate a local CA key to

Re: Expanding web-of-trust with subkey

(non-exportable) signature -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

  1   2   3   4   >