Hi.
When I use the command: gpg --armor --output
--export-secret-keys
shouldn't I be asked for the secret key's password before Export is allowed to
complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never
asked for a password. This doesn't seem secure to me. I would thin
tmail.com
> Subject: Re: no password needed to export secret-keys?
> Date: Mon, 4 Jun 2012 17:22:05 +0200
>
> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
>
> > When I use the command: gpg --armor --output
> > --export-secret-keys
> >
> > shouldn't I
emonbag.org
> To: gnupg-users@gnupg.org
> Subject: Re: no password needed to export secret-keys?
>
> On 6/4/12 11:57 AM, Sam Smith wrote:
> > No, the exported file is NOT protected by the passphrase.
>
> Yes, it is.
>
>
ailinglis...@hauke-laging.de
> To: gnupg-users@gnupg.org
> CC: smick...@hotmail.com
> Subject: Re: no password needed to export secret-keys?
> Date: Mon, 4 Jun 2012 18:06:08 +0200
>
> Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith:
>
> Please take care that you reply to the
Can someone please verify that I have the legit public key to verify GnuPG
with? I checked the website but the Fingerprint is not given anywhere.
I got this Fingerprint for the Public Key I downloaded
D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Wed, 6 Jun 2012 09:31:15 -0400
> From: shavi...@gmail.com
> To: gnupg-users@gnupg.org
> Subject: Re: can someone verify the gnupg Fingerprint for pubkey?
>
> Sam Smith June 6, 2012
> 9:25:37 AM wrote:
> Sam Smith wrote on 6/6/12 8:54 AM:
> > Can someone please veri
yes, impersonation of the UID [Werner Koch (dist sig)] is what I'm trying to
guard against.
My efforts to verify the fingerprint are the best way to do this, correct?
> Date: Wed, 6 Jun 2012 21:54:01 +0200
> From: pe...@digitalbrains.com
> To: gnupg-users@gnupg.org
> Subject: Re: can someon
rg website.
> Date: Thu, 7 Jun 2012 05:23:43 +0100
> From: da...@gbenet.com
> To: gnupg-users@gnupg.org
> Subject: Re: can someone verify the gnupg Fingerprint for pubkey?
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/06/12 00:15, Sam Smith wrote:
>
id not find the link that you provided.
> Date: Thu, 7 Jun 2012 05:23:43 +0100
> From: da...@gbenet.com
> To: gnupg-users@gnupg.org
> Subject: Re: can someone verify the gnupg Fingerprint for pubkey?
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> O
the emails to me. means a lot to me.
> Date: Sat, 9 Jun 2012 06:09:54 +0100
> From: da...@gbenet.com
> To: smick...@hotmail.com
> CC: gnupg-users@gnupg.org
> Subject: Re: can someone verify the gnupg Fingerprint for pubkey?
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SH
I wasn't going to say anything, but I had no idea what Mr. Koch was talking
about with that "finger" stuff. I studied his email and the email header
looking for clues. Couldn't decipher what he meant.
> Date: Sat, 9 Jun 2012 10:28:04 +0100
> From: markr-gn...@signal100.com
> To: gnupg-users@gnu
I have to agree with Peter. I mean, everyone has to trust someone/something at
some point. I mean you trust Windows OS or your Linux Distro that it is not
doing bad things. It is calling up all these APIs etc. Have your verified
everything your OS does? Have your verified every signing key used
Mr. Koch, can you (or anyone else) recommend a book that is good for novices
like myself that covers GPG public keys and can help me learn how to verify
identity based on the chain of trust (self-signatures and other signatures as
you said in your email ) and covers other aspects of how GPG wor
Hi.
The GUI I like the best for GnuPG is GNU Privacy Assistant. It is "gpa" in
synaptic. [sudo apt-get install gpa].
I don't know if GPA does encrypt/decrypt though (I use command line for most
everything).
Another option is the plugins for Seahorse ("seahorse-plugins"). You can add
[sudo a
I tried every GUI I could find for GPG over the past 2 years. My absolute
favorite is GNU Privacy Assistant (GPA).
I do believe I have tried every GUI option there is for Windows and Ubuntu.
Originally, I couldn't find anything I liked on Windows and consequently was
forced to learn the comma
.
> Date: Mon, 11 Jun 2012 16:29:09 +0100
> Subject: RE: Need a GUI for e ncrypt/decrypt in Ubuntu 11.10
> From: mick.cr...@gmail.com
> To: gnupg-users@gnupg.org
>
>
> On Mon, June 11, 2012 4:11 pm, Sam Smith wrote:
> >
> > I tried every GUI I could find for GPG o
Gnu Privacy Guard has everything I want and need. Unfortunately it's not
available in Ubuntu 12.04. So I'd say all that needs to be done is make GPA
available for Ubuntu 12.04 :) Then a GPG GUI that does everything is available.
or is the discussion about a GUI for use on Windows?
> From: a
I see that --edit-key > pref lists out preferences. I'm assuming the first S is
default cipher, first H is default algo, etc? so if a key is generated it will
use the first S, first H, etc. But why are all those other S and H options
listed? when would they ever be used to create keys?
Lastly,
Curious as to why the encryption standard AES is not used to encrypt secret
keys for GPG?
It appears users have the option to use AES for sec key encryption, but it's
not default. Do people generally change the cipher to AES when generating their
secret key?
Doesn't the IETF openPGP standard call for 256-bit key for TWOFISH?
Could someone verify that the TWOFISH cipher uses 256-bit key length in GnuPG?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists
Does anybody know a way to learn what cipher & hash was used to create the
secret key?
Also, does anyone know a way to make AES256 & SHA256 the default cipher/hash
combo for --symmetric encryption? I can create these using --cipher-algo etc
but is there a way to make them default for if I use
t: way to see what cipher/algo was used to create your key?
> From: ved...@nym.hush.com
>
> Sam Smith smickson at hotmail.com wrote on:
> Tue Jun 19 01:30:44 CEST 2012
>
> >a way to learn what cipher & hash was used to create the secret
> key?
>
>
>
gt; CC: ved...@nym.hush.com; gnupg-users@gnupg.org
> Subject: Re: "SHA1 Protection" from way to see what cipher/algo was used to
> create your key?
>
> On 21/06/12 15:00, Sam Smith wrote:
> > when running the command: gpg --list-packets
> >
> > there is an
Here's the result of ShowPRef for my key:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
SHA1 is showing up second. So when I sign a message, why isn't SHA256 used? The
headers on my emails appear to sho
From: mailinglis...@hauke-laging.de
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used?
Date: Mon, 9 Jul 2012 23:56:11 +0200
Am Mo 09.07.2012, 17:45:37 schrieb Sam Smith:
> Here's the result of ShowPRef for my key:
> Cipher: AES256, AES192, AES, CAS
Yeah, there's still people on Internet Explorer 6 & 7 too and they cause all
kinds of problems for web developers. If people using really old versions can't
read something, that's really their burden to update their software. SHA1 is no
longer secure. I'm not going to cater to people using real
> I'd much rather fail to generate a signature than generate
> one using an algorithm which is very weak.
My feelings as well.
Date: Tue, 10 Jul 2012 23:59:45 +
From: sand...@crustytoothpaste.net
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used?
On T
I've added the following 3 lines to my gpg.conf file:
1) to use stronger hash when supported by others, I added this line =
personal-digest-preferences SHA256
2) to use the SHA256 hash when I Sign a message, I added this line =
cert-digest-algo SHA256
3) to change what is used when a new key
pital.com
> Subject: Re: How to "activate" gpg.conf entries?
> Date: Wed, 11 Jul 2012 16:54:27 +0200
>
> -----BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 2012-07-11 16:09, Sam Smith wrote:
> > I've added the following 3 lines to my gpg.conf file:
1 Jul 2012 17:50:25 +0200
From: kristian.fiskerstr...@sumptuouscapital.com
To: smick...@hotmail.com
CC: gnupg-users@gnupg.org
Subject: Re: How to "activate" gpg.conf entries?
On 2012-07-11 17:46, Sam Smith wrote:
> Thanks. The clearsign "test"
wor
..@sumptuouscapital.com
To: smick...@hotmail.com
CC: gnupg-users@gnupg.org
Subject: Re: How to "activate" gpg.conf entries?
On 2012-07-11 17:46, Sam Smith wrote:
> Thanks. The clearsign "test"
worked.
>
> What does "cer
g.org
> To: smick...@hotmail.com
>
> On Jul 11, 2012, at 1:06 PM, Sam Smith wrote:
>
> > To make sure I understand correctly:
> >
> > 1) cert-digest-algo SHA256 = will use SHA256 to sign KEYS with regardless
> > of what preferences the key holder has stipulate
RE: cert-digest-algo clarification
> Date: Thu, 12 Jul 2012 16:04:43 +0200
>
>
> Hello Sam !
>
> Sam Smith wrote:
>
> > regarding #1: you said there are no preferences. Assuming I don't set
> > cert-digest-algo, what is the HASH that is used to sign k
When I use "personal-digest-preferences", should I be inputting a list? Or is a
single entry all that's necessary?
> To: smick...@hotmail.com
> From: laurent.ju...@skynet.be
> Subject: RE: cert-digest-algo clarification
> Date: Thu, 12 Jul 2012 17:08:46 +0200
>
&
overrides this?
From: mailinglis...@hauke-laging.de
To: gnupg-users@gnupg.org
Subject: Re: cert-digest-algo clarification
Date: Thu, 12 Jul 2012 17:32:27 +0200
Am Do 12.07.2012, 11:27:03 schrieb Sam Smith:
> When I use "personal-digest-preferences", should I be inputting a list? O
would get used.
> Date: Thu, 12 Jul 2012 11:52:17 -0400
> From: r...@sixdemonbag.org
> To: gnupg-users@gnupg.org
> Subject: Re: cert-digest-algo clarification
>
> On 7/12/2012 11:39 AM, Sam Smith wrote:
> > Say I want to tell everyone, "Hey, I prefer you use SHA256 wh
ert-digest-algo clarification
Date: Thu, 12 Jul 2012 17:58:20 +0200
Am Do 12.07.2012, 11:39:44 schrieb Sam Smith:
> It's overriding the recipient key preferences.
And sets the value for non-encrypted signatures.
> So "default-preference-list" is embedded into the public k
is used for --symmetric encryption
From: mailinglis...@hauke-laging.de
To: gnupg-users@gnupg.org
Subject: Re: cert-digest-algo clarification
Date: Thu, 12 Jul 2012 18:39:19 +0200
Am Do 12.07.2012, 12:11:11 schrieb Sam Smith:
> The "setpref" and "showpref" commands appear
On Ubuntu, config file found at: ~/.gnupg/gpg.conf
On WinXP, config file found at: C:\Documents and
Settings\\Application Data\gnupg\gpg.conf
On Win7, config found at: C:\Users\\AppData\Roaming\gnupg\
If you do not find the file at the specified location, you can just create it.
For example,
I read recently about Elliptic Curve Cryptography and how it provides much
stronger security with much smaller public key sizes.
Does anybody know if Public Key Crypto has any plans to move to this with an
update to the standard?
So will it be possible for me to generate an ECC key when the beta becomes
stable? I use S/MIME for everything when I use GPG with Enigmail. Seems like I
should create an ECC key and start using that. Will the manual be updated with
the commands for creating an ECC key?
> From: w...@gnupg.org
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/13/2012 03:42 PM, Sam Smith wrote:
> > So will it be possible for me to generate an ECC key when the beta
> > becomes stable? I use S/MIME for everything when I use GPG with
> > Enigmail. Seems like I should
42 matches
Mail list logo