On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the opposite:
feign helping the spy agency by giving them a compromised ROM and then
substituting a secure one on the real product. In either case, we are
assuming the company would try to
On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the opposite:
feign helping the spy agency
By the way, there's a big difference. In the scenario that they install a
backdoor but don't show it to the certification entities and such, they do
On 02/12/13 15:24, NdK wrote:
Who can you really trust? If you don't trust NXP, then you can't use any
of their JCOP chips... What would stop 'em from adding an undocumented
command to the card manager that dumps the whole memory?
Exactly the point I was going to make when I read your mail up
On 02/12/13 20:37, Andreas Schwier (ML) wrote:
Wait a second - you can not simply hide a backdoor in a Common Criteria
evaluated operating system. There are too many entities that would need
to be involved in the process
Why couldn't the manufacturer simply put a different, backdoored firmware
On 30/11/13 23:42, Klaus wrote:
Ok, this will fix the WoT from my perspective. What about other users
importing my work key?
Yes, you are of course correct. I forgot the other side for a moment :).
How about this:
- On your work PC, you only have the secret subkeys (signing and encryption) of
On 01/12/13 11:12, Peter Lebbing wrote:
- You ask people, when they certify you, to certify both keys. It's a rare
event, it's not that big of a burden all in all.
A small detail I forgot to mention: people sign key/UID pairs. Obviously when
you have an UID Klaus kl...@employer1.de and you go
On 01/12/13 12:42, Klaus wrote:
Will it harm to have the same email-part of an UID for two keys? e.g.
- Klaus (secure) kl...@employer1.de
- Klaus (unsecure) kl...@employer1.de
I suppose it depends on how the mail client handles the case of multiple valid
UIDs on different keys matching the
On 30/11/13 18:58, Klaus wrote:
So my question is: Is there some mechanism that allows me to have the
features mentioned above, or do I really have to build multiple separate
WoTs?
You could build the WoT only on your personal key (which survives switching
jobs), and set your personal key as
On 27/11/13 21:15, NdK wrote:
Found:
http://www.lightbluetouchpaper.org/2006/12/24/chip-pin-terminal-playing-tetris/
Meh. They just replaced all hardware inside and only re-used the shell of the
device.
While it illustrates the point they're making in the article, it's not nearly as
cool as
On 27/11/13 20:56, Einar Ryeng wrote:
I'm guessing that one of two things is happening here, due to the use of STDIN
both to provide the encrypted message and as the way to enter the password:
Yes, that is what I was thinking, that it tries to read the password from stdin
as well. No matter the
On 26/11/13 22:46, Michael wrote:
Hi, I am a new GPG user. (New to the command line, that is.) I know that
if you type gpg without any arguments in a command line it starts a
primitive sort of text editor where you can type a message that you later
encrypt, sign, etc.
I'm pretty sure this
On 19/11/13 10:15, Laurent Jumet wrote:
In my opinion, this is a symetric crypted message. You need the exact
password (called passphrase as well) to decrypt it, but it's not a double key
cipher.
You're only partly correct. Letting 'gpg2 --list-packets --list-only' inspect
the message, I
On 19/11/13 18:14, ved...@nym.hush.com wrote:
Why does gnupg give these types of error message, as opposed to simply
stating 'decryption failed: bad passphrase' ??
What kind of relationship is there between the number listed for the
'unknown algorithm' and the passphrase string that was
On 19/11/13 20:47, ved...@nym.hush.com wrote:
This is still unusual, as gnupg already identified it as TWOFISH, not as an
unknown algorithm,
TWOFISH was used to encrypt the session key. What was used to encrypt the
data is still unknown, since that knowledge is encrypted. (With TWOFISH. Are
On 19/11/13 22:37, ved...@nym.hush.com wrote:
But this isn't the way hybrid gnupg messages work.
Gnupg does not use one symmetric algorithm to encrypt the session key, and
then another to encrypt the message. The user can choose 'which' symmetric
algorithm to use, but it will be the same for
On 14/11/13 17:42, Ruslan Sagitov wrote:
I’m looking for a combo of a SCM SCR3500 card reader and a NXP JCOP J3A
smart card. I want to know whether this combo works with GnuPG or not.
You can't just take some smartcard and expect it to function as an OpenPGP card,
because the OpenPGP card is a
On 07/11/13 20:19, Leo Gaspard wrote:
(I know, I'm slow to understand, but I think I'm OK no.)
Actually, I think the whole Web of Trust business is deceptively
complicated, even though at first glance it seems not to be.
So there's no need to be apologetic about it.
Peter.
--
I use the GNU
On 06/11/13 23:28, Leo Gaspard wrote:
The fact that others could get just the same effect by twisting their WoT
parameters is not an issue to me. Firstly, because there are few trust
signatures (according to best practices I read, that said trust signatures
are mainly made for closed-system
On 2013-11-07 17:09, Leo Gaspard wrote:
If I understood correctly, the depth parameter you are talking about
is useless, except in case there are trust signature. And you agreed
with me for
them to be taken out of the equation.
Of course it's not useless. You seem to misunderstand the Web of
On 02/11/13 12:26, Werner Koch wrote:
Or better: pull off the card and take it with you.
I unplug my reader (USB) when I don't use it; I leave the card in. I now have
OpenPGP v2 cards, but I earlier had v1 cards that started to malfunction after
some time. I had the impression that they were
On 02/11/13 19:48, Uwe Brauer wrote:
So either you claim to have evidence that this modules have been hacked
and the key pair is transferred to some of these evil organisations or I
really don't see your point.
I think the most common way for an X.509 CA to be deceitful is by giving someone
Hi Johannes,
Is there any way to explicitly tell gpg-agent to forget the pin as well?
Based on a post once made by Werner, I have this script:
---8-8---
#!/bin/sh
gpg-connect-agent 'SCD RESET' /bye
---8-8---
It's called
On 31/10/13 16:37, ved...@nym.hush.com wrote:
The advantage is, that if it should ever be possible to brute force the
keyspace of one key, then NONE of the possible elements of the keyspace
(including the *correct* key) will result in an identifiable *correct*
plaintext. It will only result in
On 31/10/13 22:02, Hauke Laging wrote:
But this http://eprint.iacr.org/2009/317 (mentioned by the German Wikipedia
article for AES) claims that AES-256 was down to 99.5 bits.
I just glanced over the abstract, but didn't you glance over the term related
key? I.e., not generally applicable.
On 30/10/13 20:25, Philipp Klaus Krause wrote:
If we have plenty of randomness available, we could do this a different
way: XOR the message M with a random one-time pad P to obtain N. Encrypt P
with A, and N with B.
Why are you inventing new crypto primitives? Symmetric crypto is already good
On 27/10/13 12:15, Johan Wevers wrote:
The only one I can think of is less dependence of a correctly functioning
RNG.
I think this is a very important one, as we've seen with the debacle with
OpenSSL in Debian where DSA keys were compromised even when just used to create
a signature[1].
But I
On 2013-10-27 12:30, Peter Lebbing wrote:
I think this is a very important one
Hmmm you press Send and you think: I might have overstated that.
Where's unsend? I think it's a real advantage of RSA. I don't think it's
a very important one, because other broken parts can compromise stuff
just
Yes, which leads to another question: why has the default switched from
ElGamal/DSA to RSA after the RSA patent expired?
Okay, first of all, I'm doing something wrong here, I should group my responses
and think a little longer about it. This is mail, not chat. My apologies.
I think RSA has
On 27/10/13 13:11, Peter Lebbing wrote:
A signature by a 2048-bit DSA key is twice as large as a signature by a
2048-bit
RSA key, but offers the same order of strength.
Oops. I just read Werners message, and I had it reversed :). Taking a look at
RFC 4880, I see that a 2048-bit key has a 256
On 27/10/13 13:21, Johan Wevers wrote:
Which makes me think, is it possible to generate a 2048 bit RSA signing
key combined with a 3072 or 4096 bit encryption key?
Yes, although I don't think it makes sense to create an X-bit primary key with a
Y-bit subkey if X is smaller than Y as the
On 27/10/13 12:53, Johan Wevers wrote:
But the few encrypted messages people get via email can easily be handled by
a much slower CPU than I have now. My reading speed is the limiting factor
there, not the computers decrypting speed.
I was thinking of automated systems doing verifications,
On 27/10/13 19:09, Filip M. Nowak wrote:
1) Specialized microcontrollers with crypto capabilities are available
and used for years now (AVR XMEGA which is 8 bit for example)
AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I think the market
of XMEGA is phenomenally tiny compared to
On 24/10/13 01:15, Stan Tobias wrote:
No, there's no paradox. Any liar will screw your parameters.
The paradox was very clear in my post where I still called it a dichotomy. There
was a paradox in my thoughts and conclusions, why do you suddenly state there is
no paradox?
And my original
On 2013-10-24 19:27, Stan Tobias wrote:
Because these are verifications outside the Web of Trust.
Is that the only requirement?
*Sigh*. No, it's the other way around. The Web Of Trust should never be
a basis for your signature, because anyone else can simply trust the
people who already
On 23/10/13 19:26, Stan Tobias wrote:
Later someone discussed a paradox (they used the word dichotomy,
but I think it's a wrong word here - maybe they wanted dissonance):
Paradox would be the best and is what I should have used. Not dissonance.
The paradox is removed when we realize that the
On 18/10/13 22:26, Brian J. Murrell wrote:
Right. They key signing party relies on a means of communication that
can be considered authenticated. It could be e-mail (closed corporate
e-mail system, not an across the Internet e-mail) or it could be
credentials required (again, closed,
On 18/10/13 08:41, Werewolf wrote:
Now what if the Company/HR department had a Notary public, for their
documents, and this same Notary had a gpg key he/she treated same his/her
stamp equipment, and used the same standards before signing a gpgkey?
Then you could simply sign the notary's key
On 18/10/13 11:37, Peter Lebbing wrote:
The moral: I think it is a really bad idea to sign keys because you trust
already made signatures. That's what your trust database is for, use that. You
should sign keys because you verified the identity *outside* the Web of Trust.
However, here
On 12/10/13 00:22, Robin Kipp wrote:
I only put the --expert flag because I wanted to take advantage of having a
main key that can only sign and certify, and which I can then store offline.
The defaults are an RSA primary key for certification and signing, and an RSA
subkey for encryption. Even
On 09/10/13 01:15, MFPA wrote:
Another suggestion is to store the files on an encrypted disk instead of
using GnuPG. This would require disk encryption software, of which one
example is TrueCrypt (see http://www.truecrypt.org/).
I think this is the best suggestion so far, if I understand the
On 07/10/13 20:44, Peter Humphreys wrote:
Firstly I'm not 100% sure your getting my replies if I reply directly from
my mail client (new to mailing lists).
As long as you send it to gnupg-users@gnupg.org, people on the list will get the
mail. Additionally, you can add specific people to To: and
On 03/10/13 06:46, mightymouse2045 wrote:
Is this possible with gpg2? I like this because I can use random files taken
from the 100,000's+ static non-changing files
100,000 tries for an attacker amounts to 17 bits of security. This is as little
as nothing at all.
There are some files I don't
On 03/10/13 13:35, Peter Pentchev wrote:
a smartcard that caches the PIN for a limited
amount of time
Small detail: this feature is not working in the current stable versions. GnuPG
2.1 will support this.
I use the following script to make the card forget its PIN:
On 30/09/13 23:10, Pete Stephenson wrote:
Has anyone else observed this behavior? If so, is there an explanation?
It's probably a benign bug, but it would obviously also be a reasonably good way
to get signatures if somebody had compromised your PC. Put a payload in GnuPG
such that when you try
On 29/09/13 22:28, Bob (Robert) Cavanaugh wrote:
Peter, I usually lurk on this group, but I have to give kudos for this. This
is the best introductory explanation I have seen in a long time. Well done.
Thanks! :) I appreciate the compliment!
(I was doubting whether to send this to the list,
On 27/09/13 21:28, Paul Taukatch wrote:
Was just hoping you could help clarify one more thing. Why exactly are the
numerical values for skey[0] and skey[1] equal to pkey[0] and pkey[1]?
RFC 4880 really is the place to look for this stuff. All your questions can be
answered by carefully reading
On 24/09/13 02:21, Chuck Peters wrote:
https://alexcabal.com/creating-the-perfect-gpg-keypair/
Let me quote what Hauke wrote one and a half month ago, because I fully agree
:). Oh, and it's relevant.
On 03/08/13 14:51, Hauke Laging wrote:
To me this seems to be a really strange article. My
On 23/09/13 11:01, Jörg Deckert wrote:
(1) C080E663512A54C29D1D1108308AF44D28A0EBAE OPENPGP.1
(2) F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2 OPENPGP.2
(3) 719D81D0405AF65B1BEC322725CB23DCECE389C4 OPENPGP.3
Your selection? 3
Possible actions for a RSA key:
(1) sign, encrypt
(2)
On 18/09/13 22:00, NdK wrote:
I think stability is what most newbies (and probably experienced users
too) use.
Alternatively, if you use a Linux distro: simply install it with the package
manager. You already implicitly trust that anyway. If somebody got inside the
package manager, they don't
On 16/09/13 23:27, Ingo Klöcker wrote:
The independent paths need to be completely disjoint (except for start and
end point) _and_ they all need to start with Philip's key.
AFAIK, there is no such requirement in the Web of Trust. I've never heard of it.
HTH,
Peter.
--
I use the GNU Privacy
On 17/09/13 00:02, Philipp Klaus Krause wrote:
1) They require the user to be familiar with the command-line,
I've found the GUI tool that I mentioned:
http://lists.gnupg.org/pipermail/gnupg-users/2013-September/047407.html
My biggest feature request for caff is Debian Bug 680136[1]:
On 17/09/13 11:07, Peter Lebbing wrote:
The independent paths need to be completely disjoint (except for start and
end point) _and_ they all need to start with Philip's key.
AFAIK, there is no such requirement in the Web of Trust. I've never heard of
it.
Euh... apart from the part where
On 17/09/13 15:21, Daniel Kahn Gillmor wrote:
Again, please see Monkeysign [0]
Thank you, bookmarking it now. That was the one I couldn't remember.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is
Hello Mike,
First of all, /please/ fix your mail client. You are breaking the threads and
inserting non-sensical Subject:-lines where you apparently reply to the digest
instead of a mail inside the digest. Similary, lines like
On 09/15/2013 05:05 PM, gnupg-users-requ...@gnupg.org wrote:
are
On 15/09/13 21:11, Philip Jägenstedt wrote:
In very concrete terms, how can I determine which keys I need to
import so that the GnuPG dist sig (4F25E3B6) has full validity?
There are two ways to answer this. One:
Did you read my post from April I linked to? I know it sounds like
On 16/09/13 17:45, Philip Jägenstedt wrote:
However, it's not possible to proceed deeper than 1 step without assigning
at least marginal trust in people I haven't met.
If you actually don't know these people, I'd say it would be unwise to assign
them trust. Why trust a stranger? However, it is
On 16/09/13 15:32, atair wrote:
I also discovered, that there's a sign, lsign,
... in the interactive mode with --edit-key -- what are they for/how
do they differ from normal --sign?
sign is for signatures that can be exported to other people and to keyservers.
lsign is for local signatures,
On 16/09/13 22:37, Philip Jägenstedt wrote:
Too bad. I guess one could do it by starting at the destination and
following signatures back using a shortest path algorithm and a lot of
requests to the keyserver, though.
Dijkstra's shortest path algorithm would amount to a breadth first search.
Hello Philip,
There is no such thing as a trust path. There are signature paths, but trust is
not transitive in the normal Web Of Trust. Only with trust signatures, which
according to the man page is generally only useful in distinct communities or
groups. I've replied to a similar request last
On 12/09/13 22:03, NdK wrote:
Nope. W/ Vinculum module you send it commands like open mickey.txt and
then read 1024. The filesystem driver is in the module and your interface
only receives expected data.
I hadn't looked at the Vinculum module[1]; that would indeed be a way to remove
the
On 13/09/13 09:19, NdK wrote:
PS: I'll tell you a secret: there are USB keys with a write protect
switch :)
Since people were concerned about hacking the USB key, you need to define the
scenario.
First of all, if we are talking about hacking through a rogue firmware update
for the USB key: is
On 2013-09-13 14:24, Nicholas Cole wrote:
The correct way would be to have keyservers
honour the no-modify flag, or perhaps have some notation on the ID
that prevents uploading to a public keyserver. I myself would favour
the latter approach.
The latter has the same problem as the no-modify
On 12/09/13 15:55, Jan wrote:
Do you see any reasonable attack vectors? What do you think?
The moment someone plugs in a mass storage device and we're talking about
attacking his computer, I think of a manipulated file system, exploiting an
error in the file system driver of the kernel (which
On 09/09/13 04:06, Jose Luis Rivas wrote:
I have seen some worrisome about downloading stuff from a site without a
proper SSL certificate, specially nowadays with the NSA issues which
include them in the middle of the internet pipes.
SSL is precisely /not/ the technology to use to escape the
On 09/09/13 19:49, Avi wrote:
All he says on the matter is http://www.jumaros.de/rsoft/faq.html:
[...]
General: Do you sell your source-codes?
Yes! It's just a matter of price. Send me an offer. :-)
Remember that this would make it open source[1], but not free software. It can
come
On 27/06/13 18:55, Jack Bates wrote:
except that I am using the key id of a subkey, with an exclamation
mark, to export just one subkey instead of all the subkeys belonging to the
primary key. The subkey with that key id definitely doesn't already exist in
the
destination keyring, although
(from the first mail)
I was able to successfully create a private key with stubs pointing to
both cards as follows
Yes, that is how I ended up doing it back when I started using the same setup
years ago (two smartcards, certifying key on one, signing on another).
Only shortly ago, I got the
On 04/09/13 05:37, Henry Hertz Hobbit wrote:
I won't answer the other questions because you have grossly misinterpreted
me.
I never deliberately twist people's words, I hate that[1]. I always try to see
what the person means to say, even if it's not literally what they wrote. But I
often find
My main point is furtheron because I reply inline
On 02/09/13 06:04, Henry Hertz Hobbit wrote:
CAST5 is a good last choice because some of the time that is all others can
handle. Make sure CAST5 is always a last or next to last choice because that
may be all that they can do with a limited
I try to reply Peter. But it has bounced from his email id.
The mail got delivered to me without generating a bounce, or as my primary mail
server liked to put it:
2013-08-21 02:48:53 1VBwbV-00021r-DK = prvs=93857aca4=snehendu.gh...@tcs.com
H=inmumg02.tcs.com [219.64.33.222]
On 15/08/13 09:45, ix4...@gmail.com wrote:
But with this setup it seems like the process to sign someone else's keys
(which
needs to be done with the offline mainkey) will be complicated.
How would I do that?
You would use an offline system which has the offline main key. Just copying the
we are searching for binary for GPG 1.2.1 version for Red Hat Enterprise
Linux 5.8
You're trying to install a version released in 2002 on an OS released in 2012.
I'm not surprised you can't find binaries! Why do you want to do this? 1.2.1 has
known issues and should not be used these days. It's
On 20/08/13 22:37, Jean-David Beyer wrote:
You're trying to install a version released in 2002 on an OS released in
2012.
True, but Red Hat support their major releases for 10 years, so implying
that the O.P.'s release is obsolete is a bit extreme.
I didn't mean to say the OS is old or
On 11/08/13 23:11, adrelanos wrote:
I could think of a way to export the key, change --homedir, create a new
keyring, and import a the key. But is there a more elegant way?
gpg --export 0xDEADBEEF | gpg --no-default-keyring --keyring \
/etc/apt/trusted.gpg.d/meat.gpg --import
(one long command
On 12/08/13 14:04, Henry Hertz Hobbit wrote:
gpg --export 0xDEADBEEF | gpg --no-default-keyring --keyring \
/etc/apt/trusted.gpg.d/meat.gpg --import
Assumes /etc/apt/trusted.gpg.d exists and is a folder (good assumption for
Debian based, not so good for RPM based)
I simply took his own
On 06/08/13 12:38, Kenneth Jones wrote:
Is it normal to refer to the private key by its own keyID, or by the KeyID
of the mating public key?
Key IDs are /always/ based on the public key, not the private counterpart. So
the private key is also identified by the ID of the related public key. Can
On 27/07/13 12:45, Randolph D. wrote:
We all need to evaluate this and will come back to you
In case there is a file or txt missing, this have to be corrected.
You're one of the devs of the project, or otherwise affiliated with it?
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination
On 26/07/13 17:31, Jan wrote:
I'm thinking of someone how uses windows and wants to install gnupg for the
first time. How can he/she rely on OpenPGP?
By running a Linux Live CD to do the verification. How does he know the CD is
genuine? The thing is, somewhere the trust has to start. It's a
On 13/07/13 11:01, Lorenz Wenner wrote:
gpg: DBG: ccid-driver: failed to open `/dev/cmx0': Device or resource busy
Do you have pcscd running? If pcscd and GnuPG's internal CCID driver both
try to claim the device, they'll get in eachothers way.
Which distro do you use? You could try to stop
On 13/07/13 14:54, Lorenz Wenner wrote:
I know that one can use fuser to get information about the
processes using specific file(-system). So by doing fuser -vm
/dev/cmx0 I get
USERPID ACCESS COMMAND /dev/cmx0: root kernel
swap /dev/sda5 root kernel mount /dev
On 13/07/13 15:43, Thorsten Steinbrenner wrote:
Wow that was quick! THX a lot for your answer! I thought it was possible
to only verify an encrypted message without decrypting it
The way it is implemented, only the recipient can see who actually
signed the message, so the person who signed
On 11/07/13 16:23, Henry Hertz Hobbit wrote:
I imagine it would if I used the keys on Windows
for either signing or enciphering it may have created the random_seed
file but since I but I don't use them that way but only for verifying
detached signature files for what ever reason they never got
On 07/07/13 18:50, Hauke Laging wrote:
If you want to be sure you may create the mainkey without the flag for
encryption (--expert --gen-key).
The keys GnuPG creates by default have signature and certification capabilities
on the primary key and encryption on a subkey.
With an offline main
On 07/07/13 21:53, Henry Hertz Hobbit wrote:
I did the same there but I do modify the random_seed file with hexedit for
each key-ring which some people object to. From my point of view that is far
better than just having each key-ring having the same random_seed file.
As one of the people to
On 02/07/13 19:16, John Clizbe wrote:
gpg --check-sigs| grep User ID not found|cut -b 14-21| sort -u| \
xargs gpg --recv-keys
Hm that can't be right, can it? --check-sigs normally doesn't complain
about missing User IDs. I think it should be --list-sigs.
Also, I think this is
On 29/06/13 17:24, Pete Stephenson wrote:
as I don't really see why gpgsm would magically make things work as it
doesn't seem really related to the Crypto Stick).
On Ubuntu 12.04, the gpgsm package contains the scdaemon, the smart card daemon.
So that's understandable that it needs to be
On 21/06/13 12:34, Michael Tokarev wrote:
It says validity: unknown
I just thought of something. If for some reason your /own/ key is no longer
trusted, you can make signatures all day but it won't increase validity.
If you do --edit-key A8983CE7, what does its trust say?
Your own keys should
On 21/06/13 12:00, Henry Hertz Hobbit wrote:
Who or what is gconf? If that is what is actually used then
it is neither an email address or the keyid.
I don't think that's the problem, gpg is picking the key the OP wants, since it
complains about key 468E35BC having insufficient validity.
On 19/06/13 00:10, Hauke Laging wrote:
gpg --with-colons --fingerprint | awk -F: '$1 == fpr {print $10;}'
when the output ever changes
It won't (it's designed not to change).
At the risk of sounding pedantic, let me point out that the output you get with
--with-colons is designed not to
On 07/06/13 21:40, Tom Nakamura wrote:
What is the equivalent operation for gpg-agent?
$ gpg-connect-agent
help
# NOP
# CANCEL
[...]
# KEYINFO [--list] [--data] [--ssh-fpr] keygrip
[...]
help keyinfo
# KEYINFO [--list] [--data] [--ssh-fpr] keygrip
#
# Return information about the key specified
I thought of another way to get the key on the card. During on-card key
generation, you're prompted if you want to make a backup in a file.
Such a backup is just a bare OpenPGP secret key material packet. It doesn't
have key usage flags, so they can't be in the way either.
We can create an
Hello Werner and list,
I could reproduce the problem the user Mustrum had with moving his
certification-only primary key to a smartcard. If you have a primary key with
sign and certify abilities, you can keytocard it to the Signature slot of an
OpenPGP card, and it will issue certifications just
On 05/06/13 22:57, Mustrum wrote:
how can we change a key capability ?
Hmmm. Good point. No idea :)
If you use a hex editor to change flags, the signature will not check out.
Possibly --edit-key and then expire will allow you to re-issue a signature.
But I simply hadn't realised it's not a
On 03/06/13 20:10, Mustrum wrote:
Note that there is NO valid choice.
Stick it in signature, that works.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
On 03/06/13 14:41, Branko Majic wrote:
Does anyone utilise this kind of schema?
I do this as well. The primary key is on a different card than the subkeys.
Unlike Pete, I had to resort to some key splitting and recombination tricks to
get GnuPG to recognise the situation. Perhaps this has since
On 05/06/13 12:55, Mustrum wrote:
The keytocard command displays the 3 slots, but none of them are listed as
a valid choice. I've to choose from an empty list.
Ah. I hadn't noticed that. I believe the problem is that the Key attributes
(displayed on --card-edit) force a specific keylength and
On 05/06/13 19:37, Mustrum wrote:
I'm quite sur the root cause is the certification only capacity of my
key:
I'm quite sure I never had data signature capability on my primary key. And I
moved it to an OpenPGP v2 card, so it worked for me. I did use a 2048-bit key,
but I don't see why that
Personally, I /am/ interested in why people use their keys (the original
question), and not in the relevance of e-mail.
So I changed the Subject:-line to indicate a split in the thread, in the hope
that people pick up this Subject:-line (or do the same) and that I can recognise
future relevance
On 24/05/13 18:49, irak wrote:
I don't understand your answer.
If I understand correctly, it is the /sender/ who chooses how /you/ will see the
line endings. If they send it using the --textmode switch or the PGP equivalent
option, the .pgp file will be marked to instruct your GnuPG to convert
On 02/05/13 02:51, 儒風管理部-潘右文 wrote:
I believe I downloaded this version gpg4win-1.1.4.exe17-Feb-2009
17:46
9.5M . It is a little bit old but I have a hard time to install newer
version on my windows XP SP3. It simplely doesn’t work on my windows XP. I
googled it . Some people said ,
1001 - 1100 of 1316 matches
Mail list logo