Re: can someone verify the gnupg Fingerprint for pubkey?

Hi! >> Perhaps it would be worthwhile to add a question to the signing >> process: "Have you met this person face-to-face and verified >> his/her identity? (y/N)" If the user answers no, display a warning >> that the user probably wants to lsign, not to sign, and give the >> option of making an l

Re: displaying decrypted plaintext on screen instead of output to file

Am -10.01.-28163 20:59, schrieb ved...@nym.hush.com: > Is there an option in gnupg like the '-m' option in pgp which > allows the display of decrypted plaintext on the screen instead of > saving to file, Use "-" as the output filename and pipe that into more/less/..., as in gpg -o - file.gpg |

Re: Re: Which release should we be using?

Hi! Am 20:59, schrieb Anthony Papillion: > My passphrases are > stored in a Keepass database that resides in a TrueCrypt container. It's > protected well. My actual key is protected by a 62 character passphrase One could argue that this is equivalent to having a passphrase-less keyring within the

Re: Re: secring and dropbox

Hi! Am 20:59, schrieb Aaron Toponce: > [snip] > > Am I the only one who can't decrypt this message? Is there something I'm > missing? I *could* decode it, but since I'm reading the list in "digest" and "MIME" mode (i.e., I get one combined email for every 10 postings and each posting is a separate

Re: Re: Passphrase

Hi! Am 20:59, schrieb Mark H. Wood: > someone probably could suggest a brute-force tool I tried to respond to this thread already, but somehow mixed up email settings and my relies appear to be lost, so let's try again: There's a tool called "nasty" that does 'pure' brute forcing:

Re: Re: Signing a key (meaning)

Hi! Am -10.01.-28163 20:59, schrieb takethe...@gmx.de: > I wonder how I can check whether the email address in the ID realy belongs to > the keyowner. You can only check whether the key owner "has access" to the email address. You cannot check whether this access is in any way exclusive, legit

Re: What's the best way to test a long list of passphrases?

Hi! Am -10.01.-28163 20:59, schrieb Will McDonald: > what's the best way for me to test my 30,000 possible > passphrases? No idea whether it's the best way for you, but there is a small tool called "rephrase" which might do the job: cu, Sven ___

Re: Re: batch program to find my password - help please!!!

Hi! Am -10.01.-28163 20:59, schrieb wegwe...@gmx.de: > Just a repetition of my question, in a different way: > Does anybody out there know of any script to brute force a > list of passphrases? Something called "rephrase" may be of help for you: I have no detail

Re: Re: distributing ones public key (email)

Hi! Mark H. Wood schrieb: > I too would like to find some way to get the word > out about what it is and why my correspondent might find it desirable. What about inline signatures when emailing people that do not yet use OpenPGP? Enigmail, for example, has per-recipient rules that are supposed t

Re: How to use an "offline" primary key

Hi! Peter Lebbing schrieb: > By exchanging the order of the keyrings, hopefully this will mean it looks for > the key in secring2.gpg first, where the primary key is included too. Works fine for certifying other people's keys, thank you! However, since all updates to the my key would be done to

How to use an "offline" primary key

Hello GnuPG-Users! With a new year comes a new keypair and this time I tried to use subkeys to separate my secret primary key from the "day-to-day" encryption/signing keys. Using options "--no-default-keyrings --secret-keyring secring2.gpg --public-keyring pubring2.gpg" I generated the primary ke

Re: Mismatch between binary and ASCII-armored output for encrypted message

Hi! Chris Sutton schrieb: > What doesn't work > - > > I was under the impression that exactly the same process should work for > a message encrypted using GPG. I pass in a plaintext file with the -e > and -r options, and generate the binary and ASCII-armored versions as > above. H

Re: Re: Exposing email addresses on key servers

Hi! Jesse Cheung schrieb: >> You can also use a freeform UID, which contains name and comment, but >> leave the email field empty. > Yeah I found it a good idea! There is, however, a drawback to this (which is why an email address is required by default)... Most (email-)clients will do automati

Re: Keyserver doesn't honour signature removal

Hi! David Shaw schrieb: >> With PKA, you can even get automatic key retrieval without a keyserver. > > That's not quite right. PKA records in DNS can point to a keyserver, > but you still need the keyserver in the mix somewhere (though, like the > "preferred keyserver" feature, that "keyserver"

Re: Re: Keyserver doesn't honour signature removal

Hi! John Clizbe schrieb: > You can remove any cruft you wish and distribute that key yourself. You > just can't use the keyserver networks to do it. Also anyone who > refreshes that key from a keyserver will pick up all the pieces you > decided needed deleting. If you distribute the key yourself,

Re: GNUPG install help

Hi! mukta_agar...@readersdigest.com schrieb: > I want to install GNUPG on my machine, I am not able to locate which one > to install. Please help. I use a windows machine. I'd suggest to check out www.gpg4win.org and use the most recent non-beta from there. Apart from GnuPG itself (which is "onl

Re: cloudy understanding of asymmetric cryptography

Hi! Felipe Alvarez schrieb: > Someone today shook my understanding of asymmetric ciphers. > > _Bob performs symmetric encryption on message with_ > _key "K" (generated randomly). He then encrypts "K" _ > _with Alice's public key, and sends both the symetrically _ > _encrypted message and asymmetri

OT: file operations atomicity (was: Re: Re: gpg doesn't fail on target file existing when decrypting)

Hi! Andrew Flerchinger schrieb: >> 1. Use mktemp to safely create a new, unique file >> 2. Send the decryption output to that file >> 3. Test if the "real" file exists, and if so unlink it >> 4. mv $newfile $realfilename >> > You're right, I could do that to make my work-around act atomic. Be

Re: future proof file encryption

Hi! Robert J. Hansen schrieb: > After a little thought, it occurred to me that perhaps Sven meant there > are three errors and it's not known where. I also meant something like some 512 bytes of the file being unreadable because of failure of the corresponding disc sector. But I agree that singl

Re: Re: future proof file encryption

Hi! Robert J. Hansen schrieb: > GnuPG conforms to the OpenPGP standard for cryptography. That means > there are ... what ... 14 or so compatible implementations. You don't > have to rely on GnuPG; there are a lot of other options out there. This > is very good for purposes of long-term storage.

Re: Re: How secure asymmetric encryption to yourself?

Hi! gerry_lowry (alliston ontario canada) schrieb: > Sven Radde wrote, in part: > > "... there are more usable ways of managing one's passwords > than storing them in a GnuPG file". > > I'm curious what "more usable ways" there are

Re: How secure asymmetric encryption to yourself?

Hi! Chris Poole schrieb: > How secure is it to use my own public key as the encryption method > (rather than symmetric), given that the password file is stored on the > same drive as my public and private keys? The simple answer is: It doesn't matter, both methods are equally secure (with the sec

Re: JAVA Standard API for GnuPG v1.80?

Hi! Tanu schrieb: > Is there any Standard JAVA API from SUN or Apache for GnuPG v1.80? > > Any inputs on this will be highly appreciated. This might not be exactly what you want, but have a look at bouncycastle.org. They do not utilize GnuPG, but rather implement OpenPGP (RFC2440) in Java. cu,

Re: Re: Hibernation and secret keys

Hi! Michael Kesper schrieb: >> Of course. The idea is that you can encrypt everything but the kernel >> +initrd, which is needed in order to decrypt the partition (better said, >> to set up the dm-crypt mapping). >> And an USB stick could be always with you. > > What is the additional gain to hav

Re: Re: Hibernation and secret keys

Hi! David Shaw schrieb: > Hence the > question: "When you wake the machine, is the encrypted disk still > mounted?" See the last paragraph of : "Finished. During boot the

Re: Re: paperkey // ? feature request

Hi! David Shaw schrieb: > If you can't remove the redundant parts, then you're basically storing > a secret key, unchanged. Apart from the encoding and line-wise checksums which paperkey adds, that is... Maybe this posting from a thread when I asked to extend paperkey for use with revocation ce

Re: What do if forgot password?

Hi! Am Freitag, den 06.02.2009, 19:16 +0100 schrieb Matthias Mansfeld: > > even if the rumours are true that "the government" may have such an > > ability, we'd never know. > > Then they would need brute force against key AND password or they > know about weaknesses in algorithms which nobody el

Notations / PKA

Hi GnuPG-Users! Is there anywhere a list of notations that do currently have any kind of "canonical" meaning (or, rather, are interpreted by GnuPG and/or popular MUAs in any way)? I found out about "pka-adr...@gnupg.org=..." and a quite old notation that tells the commercial PGP about PGP/MIME cap

Re: Selection of digest algorithm

Hi! David Shaw schrieb: >> First, when sending a signed email from Evolution, SHA1 seems to be >> chosen, no matter what "personal-digest-preferences" or even >> "digest-algo" is set in the gpg.conf file (other parts of gpg.conf are >> honored, however). >> Is this a limitation of the PGP/MIME sta

Selection of digest algorithm

Hi gnupg-users! I noticed some "oddities" (to me) with the selection of a hash algorithm by GnuPG. I assume that the particular use-cases have additional limitations which are not obvious to me, so could you please clarify? First, when sending a signed email from Evolution, SHA1 seems to be chose

Re: Paperkey for Revocation Certificates? (Feature-Request :-)

Hi! Am Sonntag, den 05.10.2008, 20:11 -0400 schrieb Faramir: > Also, if the key is reconstructed (and provided the passphrase can be > found somewhere), it should be easy to revoke it... Actively revoking a key requires the passphrase and it requires a trustworthy PC. When I'm currently trying

Re: Paperkey for Revocation Certificates? (Feature-Request :-)

Am Sonntag, den 05.10.2008, 19:49 -0400 schrieb David Shaw: > A revocation certificate, on the other hand, doesn't > have all that much that can be removed. Luckily revocation > certificates are pretty short to begin with. The only real advantage > that paperkey could bring to revocation ce

Re: Paperkey (some questions about its usage)

Hi! Am Sonntag, den 05.10.2008, 17:50 -0400 schrieb Faramir: > 2.- Well... I am really newbie with ubuntu (I am starting to think I am > a noob in ubuntu, since time is passing, and I am not improving at all), > so I have some doubts about how to install the tool in ubuntu... It's in the reposito

Paperkey for Revocation Certificates? (Feature-Request :-)

Hi! Although David's awesome little tool [1] reduces the chance of losing a secret key, I am still a fan for pre-generated revocation certificates in case a key is irrecoverably lost. David, is there a chance that you will extend paperkey so that it encodes and decodes revocation certificates? Ad

Re: Re: Changing preferences

Robert J. Hansen schrieb: > Right, but where is this preference actually used? personal-*-prefs > seems to rule the roost. > Now, as the sender is the one that creates the message, you would have a hard time to force him doing something. Therefore it is quite reasonable to have the sender's pre

Re: Removing UIDs?

Hi! Am Montag, den 15.09.2008, 16:36 -0700 schrieb Chris De Young: > I have a UID on my key for an email address that I no longer use. Is it > generally considered good practice to remove that sort of thing when no longer > current, or should I leave old UIDs in place? Revoke it using the "revui

Re: Someone has harvested my address

Hi! Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen: > The conversation we're not having, which I think we should be having, is > "how can we have trusted communications on a hostile network when we > don't know if we really control our own PCs?" I guess we're not having this disc

Re: Securely delete files...

Hi! Am Mittwoch, den 20.08.2008, 21:09 -0400 schrieb Faramir: > The idea is > to make deleted files (not whole drives) unrecoverable to commercial > recovery software. The german IT-magazine c't did such a test quite some time ago (in 2003, IIRC) and found that a data recovery firm was unable to

Re: Problem with default key

Hi! andrea giovannoni schrieb: I have a problem with my default key. gpg --default-key 0x12345578 gpg: Go ahead and type your message ... Maybe, there was a misunderstanding, about what this call does..? If you want to set your default-key permanently, you would have to do this by editing y

Re: Armor Icon Associated with 7-Zip Executable

Hi! Am Dienstag, den 17.06.2008, 15:23 -0400 schrieb John W. Moore III: > Ostensibly, next to or below the Application You downloaded was a Link > to Download the Signature for the file. When looking at 7-zip.org and their Sourceforge site, I did not find anything like a separate detached sign

Re: WARNING: unsafe ownership on homedir `/m/a/etc/naclient/ppcbackup

Hi! Am Mittwoch, den 28.05.2008, 21:27 +0200 schrieb Josef Wolf: > homedir is readable only by myself:myself. Why is this directory > considered to have unsafe permissions? How do I get rid of this warning? I would suggest to remove any access rights except for the *user* "myself". In other wor

Re: Am I Missing Something?

Carlos Williams schrieb: You can see below exactly what I did and I am now unclear once I created this key how to start using it with my email client. Am I missing something? Everything is fine. The key was generated and is ready for use. You do not seem to have generated a revocation certifica

Re: First Time Setup Confusion

Carlos Williams schrieb: What does this list recommend for Windows / Outlook clients sending encrypted email using GNUPG? Cannot speak for the list as a whole, but I would recommend gpg4win (www.gpg4win.org) which comes with a plugin for Outlook - and some other useful GUIs. Unfortunately, it

Re: what if they have my sec key?

Hi! Ramon Loureiro schrieb: Is it possible for these users to hack my secret key? If they have got it, can they use some kind of brute force system to guess my pass phrase? Yes. If they can read your private keyring, they can start to brute-force your passphrase. You should make sure that 1) t

Re: Erroneous/Varied encryption results

Hi! YetAnotherGUser schrieb: psexec -i \\[machine] -u [domain\user] -p [pwd] -n 4 -high "C:\GnuPG\gpg.exe" --recipient "[EMAIL PROTECTED]" --yes --output [out_path\file].pgp --encrypt [inpath\file] In all instances the encryption succeeds, but the file contents vary. Regards. This is the inte

Re: Linux crypto killer apllication

David Picón Álvarez schrieb: Well, I'm pretty sure if GnuPG had the limit you suggest (2048) it would be legally unusable for some purposes, due to legal guidelines, "best practices", and all that tosh. FWIW, german digital signature laws AFAIK mandate a key length of exactly 1024 bits even for

Re: Protecting private key on USB flash drive: how to?

Hi! Am Freitag, den 09.05.2008, 12:56 -0500 schrieb Robert J. Hansen: > I am not a fan of TrueCrypt's hidden volume feature, and I think most > people who are fans haven't thought things through. I agree. All the "plausible deniability" stuff (Truecrypt or whatever else) is only good if 'they'

Re: confused about public key strength

Hi! Matt Kinni schrieb: Hello, I can't seam to figure out how the different bitstrengh of my public key effects anything. If someone encrypts something to my private key, isn't the strength of the private key that matters? The length of the public key equals the length of the private key. And

Duplicity

Hello all, Following, in a way, the discussion about "How long should a passphrase be?", I am currently trying to come up with a sensible backup scheme using duplicity. Duplicity creates full and incremental backups of local files, encrypts them using GnuPG and moves them to a (remote) locatio

Re: how long should a password be?

Hi! Am Montag, den 05.05.2008, 22:58 -0400 schrieb Faramir: > >> So there are only 64 bits in an 8 character password, which can be > >> cracked quite quickly using rainbow tables for any password. > > > > That is unlikely to work because gpg uses a random 64 bit salt as well > > as extended hashi

Re: How trust works in gpg...

Faramir schrieb: I was reading again this message, and I'd like to know: is there any point about signing a key _but not giving any trusted status_ ? Yes. Signing the key makes it valid for you (i.e. you believe that the person indicated in the key's User-IDs is the person who actually has cont

Re: how long should a password be?

Hi! Matt Kinni schrieb: Everyone says it should be as long as possible (...) What do you think? You might find this interesting read: Also keep in mind that in order to attack your password, an attacker would first have to

Re: filtering signed email with thunderbird

Hi! Am Freitag, den 02.05.2008, 12:55 +0200 schrieb Ramon Loureiro: > Is it possible to make a thunderbird filter that save my signed msgs > in > some folder? I don't think it's trivially possible (i.e. without coding something yourself), but I think it would be a great feature to add (to Enigmai

Re: Naming of GnuPG

Hi! Am Freitag, den 25.04.2008, 09:29 -0400 schrieb Chris Walters: > | Do people find the 1.4.x / 2.0.x thing confusing? > > I can only speak for myself. I don't find the 1.4.x / 2.0.x version numbering > thing confusing at all. (...) > I have compiled both on both GNU/Linux and Win32... Which

Re: Naming of GnuPG

Hi! Am Sonntag, den 20.04.2008, 05:54 -0400 schrieb Faramir: > Does it means Enigmail adds to 1.4.x most of the features of 2.0.x? Absolutely not. Enigmail is a Frontend/GUI for some of GnuPG's functions. In fact, Enigmail does not use any of the added functions that GnuPG 2.x offers, as Enigmai

Re: Naming of GnuPG

Hi! Am Sonntag, den 20.04.2008, 00:40 -0400 schrieb Bill Royds: > the present GNUPG 2.x line should be called GNUPG-SMIME y.x > While the GNUPG 1.x line should be GNUPG-OpenPGP y.x This would imply that 2.x could not do OpenPGP anymore, which simply isn't the case. cu, Sven __

Re: Naming of GnuPG

Hi! Am Sonntag, den 20.04.2008, 03:45 +0200 schrieb Christoph Anton Mitterer: > That's even true for different branches like Apache's http server. One > should probably only use the 1.x branch if using the 2.x is impossible > for some reason. While it isn't directly true for GnuPG, interpreting t

Re: Miscellaneous questions

Hi! Am Dienstag, den 15.04.2008, 20:35 -0500 schrieb Robert J. Hansen: > > Even if those subpacktes would be used in my suggested way, each > > implementation would know "Nanana, 3DES is a fallback, so in each case I > > can find my algorithm match", but in addition to that a user could force > >

Re: Need Help

Hi! Am Dienstag, den 15.04.2008, 11:03 -0500 schrieb John Clizbe: > There is nothing to backport. David Shaw answered this exact same post last > Friday on both GnuPG-Users and GnuPG-Devel. I felt already last Friday that this was only a partial answer to the question. Although it might not be

Re: How trust works in gpg...

Mark H. Wood schrieb: The safest thing for gpg to assume is that I assign no trust at all until I have instructed it otherwise. AFAIK this is the default behaviour, isn't it? You have the option of specifying "trusted introducers" (i.e. keys signed by those are automatically considered valid by

Re: How trust works in gpg...

Peter Lewis schrieb: Because you do not know whether the owner of UID1 is also the owner of UID2. Let's say, someone trusts my key and my user-id on that key. Now, I add another ID: "Stan Tobias <[EMAIL PROTECTED]>"... No good idea to trust that without checking, is it? But isn't that the

Re: How trust works in gpg...

Stan Tobias schrieb: If a public key has a UID1, which I already trust, and a new UID2 is added, why can't I infer trust for the new uid? (...) So the only person that could have added UID2 is the one that is in control of UID1 (supposedly, it's the same person). Why is there a need to check a

Re: Miscellaneous questions

Herbert Furting schrieb: But imagine the following: Yours: 3DES, AES256 Mine: AES256, 3DES Which one is chosen now? But when I only include AES256 I can at least somewhat control it. If *you* send, it is AES; if RJH sent, it would be 3DES. It doesn't matter if your key indicates a preference

Re: Miscellaneous questions

Herbert Furting schrieb: Ah you think cryptography is engineering? Always thought it would be math. Implementing crypto is purest engineering. Not even algorithm design is pure math if you think of timing or power consumption attacks that might have to be considered. Anyway if we always say

Re: Accessing the private DOs of the smartcard

Hi! Am Mittwoch, den 09.04.2008, 15:50 -0600 schrieb Allen Schultz: > I have either a 256 or a 512 MB USB Flash drive that I am not using. > Is there anyway I can turn that into a smartcard for GNUPG and other > security stuff? I was talking about the chip card, as seen here: http://www.g10code.d

Accessing the private DOs of the smartcard

Hello GnuPG users, Is there a convenient way to access the data objects of the OpenPGP smartcard? The best thing I know is to use "gpg --card-edit" to get at the PIN-protected DOs, which is cumbersome and does not give a very machine-friendly output... What I am thinking of is the following:

Re: GnuPG v2.x?

Hi! Am Donnerstag, den 03.04.2008, 18:41 +0200 schrieb Werner Koch: > The real reason for GnuPG-2 is the support for S/MIME. I'm just curious and do not mean to be offensive or to belittle the effort to implement S/MIME, but is GnuPG's S/MIME implementation actually used somewhere? As far as I se

Re: Decrypting 2 files which were merged into 1

Hi! Am Donnerstag, den 03.04.2008, 22:06 +0530 schrieb ravi shankar: > Once the file has been fetched, we get the merged file(if there are 2 > files present with same name on the client machine) directly. How can > we separate the 2 encrypted files from the merged file? Is there a way > to specifi

Re: Decrypting 2 files which were merged into 1

Hi! Well apart from the fact that this whole thing sounds rather strange, I would assume that you should include a step to separate those two files again before decrypting both separately (and saving to two different names ;-). The message from GnuPG suggests to me that the files are ASCII arm

Re: gpg for symmetric key encryption: cipher mode of operation?

Hi! Stephen Fromm schrieb: I'd like to use gpg for symmetric key encryption, but I cannot find anything that tells me the mode of operation GnuPG does "a variant of CFB mode". The exact details are specified in the OpenPGP standard: HTH, Sve

Re: Office Outlook 2003 and GnuPG

Hi! Am Dienstag, den 01.04.2008, 17:29 -0600 schrieb Allen Schultz: > What is the recommended frontend/plugin to Office Outlook 2003 I think the one coming with gpg4win is fine? I am running Office 2007 at work in the meantime but AFAIR I used it when we still had 2003. And I definitely did never

Re: OpenPGP card stopped working

Hi! Am Donnerstag, den 27.03.2008, 08:34 -0700 schrieb Harvey Muller: > If you decide not to remove seahorse-agent, for any reason, > you can workaround the issue by using the --no-use-agent option with gpg. Thanks, putting "no-use-agent" into gpg.conf did the trick. Now I have the nice things o

Re: gpg code problem

manoj schrieb: i am trying this using php on windows $res=shell_exec("echo $passphrase | $gpg --passphrase-fd 0 --clearsign 'd:\gp_test\tt.inmp'"); but is not working What "is not working"? Can you call the GPG executable at all? I.e. try to print the output of "gpg --version" in your PHP p

Re: Question about Smart Cards and GPG

Hi! Am Mittwoch, den 19.03.2008, 09:59 -0400 schrieb James P. Howard, II: > Can I put an old SMS card (I have piles from T-Mobile) in this device, > blank it, and load a new key? Or does this require a different kind of > card? The OpenPGP smartcard is totally different from mobile phone SIM car

Re: OpenPGP card stopped working

Hi! Am Sonntag, den 09.03.2008, 15:05 +0100 schrieb Sven Radde: > Apart from applying the regular patches, the only action I remember that > could possibly have an impact on GnuPG was installing the "seahorse" > package. However, removing it again did not change anything. Upd

Re: OpenPGP card stopped working

Hi! Albert Dengg schrieb: i don't know if it is changed..but last time i looked it did set the permission through a shell script Yes. It is a script that runs chgrp and chmod on 'something'. i rewrote the rules file to do it directly and it know works flawlessly on instant on all machines i

Re: OpenPGP card stopped working

Hi! Werner Dittmann schrieb: I've the same problem with an SCM 535. By running the pcscd in forgroung with debug enabled I got the follwoing messages: As far as I can tell from its output, pcscd is running normally. Inserting and removing the OpenPGP card prints the appropriate messages. I don

Re: OpenPGP card stopped working

Hi! Michael Kesper schrieb: pcscd sometimes gives trouble, for example when you try to create keys on the card. No problem with that, I created my keys off-card and then moved them. I thought this would be the easiest way to have a backup key ready if the card breaks. For best effect try thi

Re: OpenPGP card stopped working

Hi! Thanks for your ideas, Harvey. Am Sonntag, den 09.03.2008, 10:56 -0700 schrieb Harvey Muller: > If pcscd is running, Yes, it is. > then my guess is that there is something wrong with the smartcard driver. > (...) > I'm using a GemPC Twin usb card reader. To get it to work, I only have to

OpenPGP card stopped working

Hello! I was quite happy with my OpenPGP smartcard under Ubuntu until to the point where it simply stopped working. This is what I currently get: $ gpg -v --card-status gpg: selecting openpgp failed: unknown command gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler Apart from applying t

Re: Command to decrypt the file

Hi! Elmer Espinosa schrieb: I used the command gpg -s file to encrypt the file. First of all, I am not quite sure whether you just spelled it wrongly here or whether you made a potentially serious mistake. "gpg -s" does *not* encrypt. It signs your file. "gpg -e" encrypts. While the outputs o

Re: _almost_ working, now a command line question...

Hi! John Clizbe schrieb: Using the Gnu version of echo with the suppress newline option 'echo -n' to create passfile is also an option, probably the best. FWIW, I just created a text file using *notepad*, containing "1234567890" (without pressing enter after that line, and without the qu

Re: GnuPG (win32) on a USB stick

Hi! nunzky schrieb: However, GPG, when run, creates the keyrings and conf files on the HDD (documents and settings\appdata). Is it possible to avoid this behavior and have GnuPG write those files, say, in its own dir on my usb stick? How would I do this? Try using "--homedir U:\path\to\your\k

Re: _almost_ working, now a command line question...

Hi! Am Freitag, den 29.02.2008, 15:10 -0500 schrieb Maury Markowitz: > O:\Utilities>echo o:\apricing\pass.txt | ... Try "type o:\apricing\pass.txt | ..." if you really want to do it this way. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.or

Re: Signing people with only one form of ID?

Hi! Am Donnerstag, den 28.02.2008, 01:38 +0100 schrieb Richard Hartmann: > after creating a new key and getting back into 'serious' gpg usage, > I attended a key signing party where the overwhelming portion of > people had only one form of ID with them. What do you define as "form of ID"? Being

Re: How know who is a file encrypted for ?

Hi! Dirk Traulsen schrieb: b. some keys do not belong to me in a common keyring. I am really not sure whether that is a good idea at all. Granting other people (write!) access to my secret keyring would be a troubling thought, even though I am not currently aware of any practical exploits.

Re: Corporate use of gnupg

David Shaw schrieb: >> Looks like this is ADK. Is there any way to do this on gpg? >> > Yes. Put "encrypt-to (the-adk-key)" in everyone's gpg.conf. I thought that ADKs would work whenever encrypting to a key with that feature enabled (i.e. also for incoming emails)? I.e. it is per-key and no

Re: Are DSA2 signing keys backwards compatible?

David Shaw schrieb: > No. Preferences, including the digest preferences, are not relevant > here at all. This is a signature *you* are making. The digest > preferences are consulted when someone *else* is making a signature, > and wants to know if you can handle it. How would "someone else" (i.e

Re: keypair to/from armor format

Hi! Steven Woody schrieb: > I don't trust any electrical medium ( USB disk, DVD-R and so on ) as > backup copy of my keypairs. I think I want hardcopy of my keys. You may want to have a look at David Shaw's Paperkey : HTH, Sven

Re: Redistributing the GnuPG Windows Binary

Hi! Brad Tilley schrieb: > Hope this isn't too inappropriate. It is OK to redistribute the GnuPG > Windows binary installer? IANAL, but given that GnuPG is GPLed, it should be perfectly OK. However, you probably have to GPL your additions to the binary (i.e. the customized scripts). > We'd lik

Re: Encryption keys: RSA vs. ElGamal

Hi! [EMAIL PROTECTED] schrieb: > I know that "A disadvantage of > the ElGamal system is that the encrypted message becomes very big, > about twice the size of the original message", This may be true, but mind you that the "message" the ElGamal (or RSA) encrypts is only the symmetric (=256bit) k

Re: Revoke a key - What is with the decrypted messages?

Hi! Wolf Canis schrieb: > I have a revocation > certificate. Great! ;-) > But what is with the decrypted messages to me, can I still encrypt this > messages? Or is the secret key invalid too? You will be able to decrypt messages and others will be able to verify signatures which were issued by

Re: PGP encryption: block or stream cipher?

Hi! Jim Cook schrieb: > Does anyone know which type of cipher is used? GnuPG uses a number of block ciphers in a variant of CFB mode. See RFC 4880, section 13.9 for more details on the mode of operation. btw, can someone explain to me what the design rationale for that "variant" is? I did not fi

Re: key-restoration problem // secret sharing

[EMAIL PROTECTED] schrieb: > > is there a section of the ascii-armored secret key block, > > that by itself, is enough to reconstruct the secret key, > > > Based on the knowledge that paperkey exists, I would believe so. Somewhere on your key will be the, e.g., 2048 bits that make it 'intere

Re: Meaning of "sig! N" self-signature

Hi! David Shaw schrieb: > A notation allows the issuer of > the signature to add special instructions or general information to be > seen by whoever verifies the signature. Are there any conventions/suggestions for these notations? I mean, something like "signer-key-url=http://..."; or the like?

Re: RSA Weak?

Alexander W. Janssen schrieb: >> In fact, some mathematician has proven that factoring is a polynomial >> problem, IIRC. > > A P-problem? Really?! Factoring primes is a polynomal problem nowadays? > Are you SURE about that? Umm, no, not sure (hence the IIRC). Apparently, I am nearing an age where

Re: RSA Weak?

Hi! Alexander W. Janssen schrieb: > How do you come to that figure? A keyspace of 1024 is the double > amount of 1023 bit, so I'm curious how you come to that figures. While this is true for symmetric ciphers, there are far more efficient attack methods on asymmetric ciphers (factoring - instead

Re: GNuPG Newb

Hi! jramro schrieb: > I'm trying to send a php mail form and not able to get it to encrypt or do > much of anything. First of all, make sure that you have access to the gpg executable from your php script and that safe mode and similar restrictions do not cause problems. Make also sure that the

Re: ECC - how does it compare

Hi! Hardeep Singh schrieb: > Its a tool for public key encryption using ECC rather than > prime number factoring. AFAIK, some of the really efficient algorithms for the required math are patented. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg

Re: Multiple recipients encryption

Hi! Noiano schrieb: > I was wondering about how gnupg works when I encrypt a message for > multiple recipients. As long as I know public-key encryption works as > described in this image > http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg. This image is a simplified vie

  1   2   >