me answer from a little different perspective. Anyone can generate
some piece of text and encrypt it using your public key. There is
nothing special about encrypting your mails vs encrypting arbitrary
data. So if that were a problem, access to your mails would be entirely
irrelevant to it.
--
Be
; failed:
> Datenübergabe unterbrochen (broken pipe)
> 2020-08-28 21:21:13 gpg-agent[23604] DBG: chan_10 -> ERR 67141741
> Datenübergabe
> unterbrochen (broken pipe)
>
> I went back to 2.2.21.
>
Maybe it's the same root cause as https://dev.gnupg.org/T5039
--
Best reg
a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.
>
I suppose I'm hitting the same problem. With 2.2.22, I need to manually
run 'gpg --card-status' after rebooting to get Nitrokey working.
--
Best regards,
Michał Górny
signature.asc
Descrip
the idea to use an additional offline laptop[1]
> connected to my smartphone via a USB OTG cable
> and an FTDI USB to USB cable, costs for both less then 20 USD. When both
> devices are connected one uses on the laptop
> CoolTerm (cross-platform) and on the Android device serial usb t
m
keyservers, someone who used it, etc...
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Mon, 2020-05-25 at 10:01 +0200, Peter Lebbing wrote:
> On 25/05/2020 09:47, Michał Górny wrote:
> > ...and that's really a good thing they can do that instead of choosing
> > a more painful way of getting your fingerprints.
>
> How is that an advantage compared
hat instead of choosing
a more painful way of getting your fingerprints.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-keyservers.net,
> hkps://pgp.mit.edu
>
> The keyserver that is used in Kelopatra (GPG4Win) is:
>
> hkp://keys.gnupg.net
$ host keys.gnupg.net
keys.gnupg.net is an alias for hkps.pool.sks-keyservers.net.
--
Best regards,
Michał Górny
signature.asc
Description: This is a
older one or
> ??
>
This depends on the keyserver implementation. Generally, the new key
gets merged into the old one. Sometimes the stale data is cleaned up,
sometimes it remains. The same happens when you fetch updated key
from the keyserver.
--
Best regards,
Michał Górny
signature.asc
production? I'm
> not a python programmer (the python2/3 migration catastrophe has put me
> off ever wasting my brain cells on it) but I might be willing to suffer
> it for this one project.
>
Gentoo has removed it back in 2018. It says:
| Please use caff from app-crypt/signing-
id a quick test and GPG is entirely happy with
the result after rewrapping at 50 chars, as well as after cheap
rewrapping with uneven lines.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
hem revoked
and the other not? Is GnuPG refusing to make a new signature when
the old one is revoked a bug?
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users
anged to proceed as if no DNS records were
received, and attempt to perform the request via proxy? TIA.
[1] https://bugs.gentoo.org/661376
[2] https://bugs.gentoo.org/661376#c31
--
Best regards,
Michał Górny
signature.asc
Description: This is a digital
server, because it requires users to authenticate
> their keys against the keyserver with an received encrypted email
> and it also allows keeping third party signatures, compared to
> Hagrid.
>
> https://keys.mailvelope.com
>
This domain seems not to resolve with DNSSEC-capa
2030"
>
> or
>
> "Your existing RSA-2048 keys are fine, you don't need to take any action"
>
> (Again, third, fourth, and fifth ways are welcomed.)
>
The latter. Let's wait a bit how things emerge. It would be silly to
have people redo their key
ogle Pay installed.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ity of small and medium
> businesses, and cripple the base of normal human communication.
>
Exactly. Some companies just close, some live hoping their non-
compliance won't be caught. And by 'non-compliance', I'm not talking
about personal data abuse, just not meeting t
On Wed, 2019-07-03 at 03:01 -0700, Mirimir via Gnupg-users wrote:
> On 07/02/2019 11:42 PM, Michał Górny wrote:
> > Then, they may decide to start mass poisoning other keys just to
> > prove this is not the right solution.
>
> If what I propose is workable, attackers can p
> Sincerely,
>> Konstantin Boyandin
>>
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>
>___
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
(I'm replying from phone, sorry about lack of line wrapping and uncut quote)
--
Best regards,
Michał Górny
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
assume that if the e-mail address is present, then it is reliably
confirmed.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
one
signature per certifying key (i.e. pruning old signatures), it should be
'good enough'. That is, as long as attackers won't decide to create
and verify humongous number of e-mail addresses.
This could work fine alongside 'first-party attested bl
nguages and then
become defunct because few years later nobody wants to touch them.
Presuming you're still able to build them. It's ironic people still
don't see that even though SKS has just proven an example of that.
--
Best regards,
Michał Górny
si
precisely why we've decided it for syncing
distribution keys in Gentoo. However, the main problem with WKD right
now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
-- we had to employ a large hack to do it.
--
Best regards,
Michał G
malicious entity to set multiple new keyservers up, and gain advantage
over other servers in the pool. In fact, this is probably easier than
corrupting the single central server.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
__
ler to install it in the hardware and go
straight for the unencrypted data? In fact, I'm pretty sure they would
actually encourage you to use strong encryption just to let your guard
down!
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally
ashes, we can detect re-use of phone number or email addresses for
> human verification."
>
Don't you think that brute-forcing a hash of a phone number would be
trivial?
--
Best regards,
Michał Górny
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
if you require password containing one digit
and one special character, you replace trivial passwords with trivial
passwords followed by '1!'.
--
Best regards,
Michał Górny
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
;
> Are there any advantages of disadvantages either way?
>
Gentoo policy [1] requires split signing subkey. The main advantage is
that you can then store primary key offline, and not have it exposed
the same way subkeys are.
[1]:https://www.gentoo.org/glep/glep-0063.html
--
Best regard
the revocation signature separately.
>
> Can you please enter a feature request at dev.gnupg.org?
>
https://dev.gnupg.org/T4370
Thanks.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
___
Gnu
the key with subkey revoked, and use that for the purpose. However,
I think it would be much more convenient if had an option to generate
the revocation signature separately.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally
30 matches
Mail list logo
