SMTP is not end-to-end,
but it turns out to be "good enough" for most daily usage, particularly
within a domain or with a few business partners.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
:
email-encrypt-by-default: yes
email-encrypt-by-default: no
and then if not present, then the intent is unspecified. We would then
add "email-encrypt-by-default: no" and then the WKD draft could clarify
as an implementation consideration that "availability of the key does
he only key I can find for 91C1262F01EB8D39 claims to have been made in
2020 and yet is using SHA1 for the self-signature. That is worrying.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
thub.com/canterberry/nodejs-keys
`git describe --tags --always` for the field (haven't yet had to
escape colons in tags)
public-acco...@pennock-tech.com=${_MM_DD}:${SERVICE}:${ACCOUNT}
-- eg, github:foo -> <https://githu
back if there's nothing better.
I might even just want `trust-model pgp+federated` if I'm feeling more
cautious. But in reality tofu helps a little.
Does this make sense to people? Is there a security problem with this?
Does this seem like a reasonable feature request?
Thanks,
-Phil
af3anhb75xpzx9m6hgw6589ozf1b9?l=spam'
| gpg --import
works. So you return the data just fine to curl, but when dirmngr asks
for it, it's getting a "403 Forbidden" response.
That smells to me of a web-server which is trying to block user-agents
it dislikes.
mbiguous).
If you're looking up purely by key id, then you need a working global
key-lookup facility. It doesn't federate.
If you look up by email address, then federation becomes available and
efforts such as WKD pay off.
-Phil
hings that _can_ be done without it, but life is just easier when the
support is baked in for the common interchange format.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
pdates make it across to the doc repo in a timely
manner, but it's still a useful feed: the docs site is almost entirely
updated only for new releases so this is high signal/noise. I have this
in my #feed-releases channel.
-Phil
___
Gnupg-u
and
don't know if the current version will also fix preference lists.
(I look forward to this sort of functionality being part of GnuPG
natively, as part of key lifecycle maintenance for long-lived keys.)
-Phil
___
Gnupg-users mailing list
gital Signature Algorithm)
Public-key size: 1024 bits
Creation time: 2001-08-03 17:34:53 UTC
UserID: Phil Pennock [censored email address in this list post]
Invalid: Policy rejected non-revocation signature
(PositiveCertification)
because: SHA1 is not cons
configuration files
reveals a lot of problems and in day-to-day use you will have to
periodically comment it back out again. I know, because I've been doing
this since January. It has helped me with pushing people I need to
exchange private mail with to update their keys.
-Phi
On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > recipient. That's fine. I'd rather create pressure for people to fix
> > their systems to use modern cryptography than cater to their brokenness
&g
ix
their systems to use modern cryptography than cater to their brokenness
with sensitive messages.
Thanks,
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2020-09-19 at 11:44 +0100, MFPA via Gnupg-users wrote:
> On Friday 18 September 2020 at 4:32:55 PM, in
> , Phil
> Pennock via Gnupg-users wrote:-
>
>
> > keys.gnupg.net is a CNAME for
> > hkps.pool.sks-keyservers.net -- which is
> > now returning zero re
ot;.
Within a few years we _might_ be able to get SRV-like distribution for
HTTPS with the proposed new `HTTPS` RR-type for DNS:
https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https
but that's not something you can rely on today.
-Phil
___
G
s nothing which fits all needs, but various
solutions for some scenarios. See my first reply in this thread with
suggestions of particular servers.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2020-09-18 at 10:08 +0200, Franck Routier (perso) wrote:
> Le jeudi 17 septembre 2020 à 18:13 -0400, Phil Pennock via Gnupg-users
> a écrit :
> > If publishing keys, I do recommend setting up WKD for your
> > domain, which helps a little.
>
> What is the status
us with Ubuntu's and Dan Gillmor's (DKG's) mayfirst.org
server.
You can still look over https://sks-keyservers.net/status/ to see if
there are any working there, if the pool hostnames are broken for you at
the time you check. The stat
-passphrase-pattern to point to
a dictionary -- a common security pattern for 8-12 "random" character
passwords but unlikely to be helpful with a diceware approach.
There are other relevant options in the gpg-agent man-page in the area
around those options, worth reviewing.
-Phil
_
7;s one of
the bullet points for the `optgnupg-gnupg` package. It talks about how
to change the gpg-agent which systemd will launch for you.
Those are the steps I use on an Ubuntu system to swap out
/usr/bin/gpg-agent in favour of /opt/gnupg/bin/gpg-agent.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
g` as a set of TXT records
could provide one domain each which are equivalent.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
;m thinking that with dirmngr already
having some Tor support, it's a better place to automatically do so.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
raphy of one key or two keys. All of
this is around the social and legal constructs within which any keys get
used.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
which are still safe but which don't use calls which cause Linux to get
its knickers in a twist about too many calls for entropy.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
something is not configured
right to invoke the pop-up correctly.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
don't have that sub-key, you'll need to find it
and import it too.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
s://git.zx2c4.com/password-store/tree/contrib/emacs>.
(It's been 25 years since I last seriously used Emacs so I can't comment
on that, and I don't actually use pass myself, as I independently
created the same general thing in Python at about the same time as Pass
was create, but th
Friday, November 8, 2019 at 7:39:18 PM
Expires On Thursday, February 6, 2020 at 7:39:18 PM
Regards,
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
bkeys, I'm looking really at signing subkeys: it
seems useful to make sure that existing signatures can continue to be
verified.
How do I re-sign the subkey binding for a [S] signing subkey, to keep
the same key but make the association from the main key be with SHA256
please?
Thanks,
-Ph
bit to show that I don't think it's any of my tuning
causing this.
GnuPG 2.2.17
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
x27;t per the spec, so gives
false negatives. It only supports the 'direct' method, where the key
has to be hosted on `example.org` instead of `openpgpkey.example.org`.
Just a limitation to be aware of.
-Phil
___
Gnupg-users mailing list
Gnupg-
y
except via NAT state for established connections.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
/ layout, so I gave up and went with HKP, at least pointing
folks towards what at the time was the more reliable option, the HA
pool. Using http:/https: didn't help, HKP was still used.
I got around it later by specifying a `finger:` URL. :)
It's been 30-40 yea
rs or the local
signatures for "yeah, I grabbed these fingerprints from a web-page, I'll
trust them locally but won't attest to them publicly".
-Phil
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ks-devel/2019-03/msg00060.html
It appears that CRL expiration led to all HKPS hosts failing
verification so they all dropped out of the pool.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
the responsibility of that account to manage the directory.
If one account is trying to use both system and current GnuPG, that's a
logic error elsewhere which should be cleaned up.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
s not a concern, you're
probably looking at Curve25519 and, if eager, keeping half an eye on the
news about post-quantum cryptography for the next step after that.
If you need more specific guidance than that, pay a professional
cryptographer
h just the hostname
shown in that table.
Configure a keyserver which works for you until such time as GnuPG's DNS
resolution on Windows manages to handle pools correctly. Werner?
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ool.sks-keyservers.net
S # . hkps.pool.sks-keyservers.net
S # . --> 1*
S # 1 4 216.66.15.2 (hkps.pool.sks-keyservers.net)
OK
I suspect that you have an old dirmngr and the problems are fixed with a
newer release of gpg4win.
-Phil
_
dark" approach
would be to use:
KEYSERVER --dead IP.ADD.RE.SS
to mark the one with a "*" as "bad" and see what happens. If that fixes
it, then you know that the IP address which was "responding" and so
selected was actually failing. You can drop a note to
sks-
ion is warranted when using the `z` mount option,
you'll need to test carefully to make sure that GnuPG _outside_ of
Docker still works afterwards. (If not ... `gpgconf --kill gpg-agent`
and continue on).
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2018-06-05 at 17:17 -0400, Phil Pennock wrote:
> Shell 2:
> $ docker run -it --rm -v /var/run/pdp.gnupg:/root/.gnupg/S.gpg-agent.ssh
> alpine
> / # chmod 0700 /root/.gnupg && chown root:root /root/.gnupg/S.gpg-agent
> / # apk update && apk add --no-cache gnupg
I
On 2018-06-05 at 20:18 +0200, Peter Lebbing wrote:
> Have you tried by hand whether the concept of communicating over a
> socket to a container works at all? You could use socat to create a
> socket and communicate, one socat on your host system and one inside the
> container.
>
> I have no experi
crypted message. Advocating for MUAs to default to "efail-proofed
memoryhole format" for encrypted mail _might_ gain traction?
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t if
there's anything sane the MTA side can do to help, I can work to get
Exim doing it.
If there's anything I can do to help, please let me know.
-Phil
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
hould be able to grab the
famous poem from the URL above and verify my signatures upon the text.
-Phil
-BEGIN PGP ARMORED FILE-
Comment: Use "gpg --dearmor" for unpacking
iQEzBAABCAAdFiEEq4gt1kA1okdY9paI0jG9pqefzuAFAlq1nX4ACgkQ0jG9pqef
zuAKlgf+P+trdLPknA/sNy
On 3/16/2018 9:16 AM, Steven Maddox wrote:
> I get the impression they want the decryption happening on the end users
> machines.
>
> Presumably so that if any users got the idea to just 'upload' a file
> online - it'd be the encrypted version of that file. Course someone can
> just get around th
On 3/16/2018 9:15 AM, Andrew Gallagher wrote:
> How does that work when the decryption key is on the client?
I don't think it is on the client. The private key is stored on the
server and is decrypted when you log in. At least I think that's how it
works. I've never actually tried using EFS on
On 3/16/2018 4:11 AM, Steven Maddox wrote:
> Yeah I just use LUKS on my PC to protect local files, but this is (as
> above) for files on SMB/Windows shares... sorry for not mentioning that
> sooner.
I believe you can enable EFS on the windows server and it will handle
decrypting the file before se
On 3/15/2018 11:26 AM, Steven Maddox wrote:
> The desktop portion of that software has an OS/kernel level driver that
> watches if you're trying to open a PGP encrypted file... then decrypts
> it on the fly and finally passes it to the application that'd normally
> open it.
> Anyway I can ei
address the issue seem to focus on SRV records, so
repaired one way in which the problem manifested, but either didn't fix
the underlying issue, or there's been a regression.
I've opened a new ticket for the maintainers to track this.
https://dev.gnupg.org/T3755
-Phil
to me like it really is an incorrect
checksum, exposing unfortunate edge-case handling in GnuPG.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 1/15/2018 3:00 PM, Robert J. Hansen wrote:
> It's from 2003. It doesn't need modernization.
>
> Keyservers are designed the way they are for a reason. If keyservers
> *never ever discard or modify existing data*, then you can easily
> identify any code which theoretically might be able to dis
On 1/15/2018 10:24 PM, listo factor via Gnupg-users wrote:
> If there is merit to the principle that an Internet server operator
> can not keep publicly serving private data over the objections of
> the owner (the same as today, after many battles, he can no longer
There isn't merit. It became pu
On 2018-01-10 at 11:39 +, Damien Goutte-Gattat wrote:
> On 01/10/2018 09:25 AM, Henry wrote:
> > There are five libraries required to build gnupg2: libgpg-error,
> > libgcrypt, libassuan, libksba and npth.
> >
> > Is there a preferred order in which they should be built?
>
> Libgpg-error shou
safely lose this, right?
Thanks,
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2017-12-03 at 12:19 +0100, Werner Koch wrote:
> On Sun, 3 Dec 2017 02:20, gnupg-us...@spodhuis.org said:
> > Anyone else seeing major slowdowns with keyring dumping in recent GnuPG
> > on Linux?
>
> By recent do you mean 2.2.3 or a Git version (2.2 branch or master)?
2.2.3.
The dump on Linux
3.5.16-pt2
ii optgnupg-libassuan 2.4.5-pt1
ii optgnupg-libgcrypt 1.8.1-pt1
ii optgnupg-libgpg-error 1.27-pt1
ii optgnupg-libksba1.3.5-pt1
ii optgnupg-nettle 3.4-pt1
ii optgnupg-npth
he https://public-packages.pennock.tech/ packages (Xenial,
Trusty, Jessie, Stretch; amd64; all installing into /opt/gnupg) using
Vagrant on macOS, VirtualBox driver. The repos are maintained with
aptly.)
-Phil
___
Gnupg-users mailing list
Gnupg-use
On 11/2/2017 3:04 PM, Peter Lebbing wrote:
> On 02/11/17 16:58, Phil Susi wrote:
>> Why is this?
>
> What version of GnuPG is this? It's a well-known limitation of GnuPG 1.4
> and 2.0, but my 2.1.18 allows me to add secret subkeys through --import.
Looks like I've sti
Whenever my subkeys expire and I have to generate a new one, I try to
import the keys on my less secure machines and gpg stupidly refuses to
update the already existing key with the new subkey. I have to delete
the key, then import to get the new subkey into the keyring. Why is this?
__
nths...
I'm using the stock version that's installed with 16.04.3 LTS & have
encountered no problems at all FWIW.
Cheers,
Phil.
--
"For 50 years it was like being chained to an idiot"
Kingsley Amis on his loss of libido when he turned fifty
https://www.linuxc
firm that Bob _can_ decrypt it, since that goes into a lot
of assumptions about competence, not lost keys, possession of devices,
whatever. But in normal use, it'll tell you if Bob should be able to
decrypt it.
Privacy-sensitive environments concerned about metadata analysis will
set the `throw-
describe.
It's unfortunate really that the default is to make public attestations,
telling the world "trust me, this key belongs to this person" instead of
locally useful data and then, only once someone knows what they're
doing, offering them the option to act as a No
rop everything and help me out Right Now. Not unless lives are on
the line and to date, I've been fortunate that they never have been.
It's called good manners.
-Phil
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
- might this be your problem?
> I have not done any these, though.
Ugh, yes. Thanks, I explored everything I could see and kept running
into roadblocks. Thanks for clearing a new path through.
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ducate me please?
Is there a reason beyond "nobody asked for it yet" why there's no
"expired" filter for drop-subkey/drop-sig?
Thanks,
-Phil
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
hing about disabling SHA1 does nasty things to GnuPG's
performance, as scanning two more depth levels takes 12 minutes
instead of 222 minutes for just two depth levels
Regards,
-Phil
signature.asc
Description: Digital signature
___
Gnupg-user
print and ID separately
> then, in order to verify control of email address and private key, send the
> signed ID encrypted to the provided email address.
>
>
>
> On Wed, Nov 13, 2013 at 11:49 AM, Phil Calvin wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA
decrypt an
encrypted message using the key in question. This would ensure they
have access to the secret half of the keypair in question.
Is verifying proof of possession necessary or good practice, or is
checking fingerprints (and, when you don't know the person, photo ID
or similar) enough?
try an HTTP/1.1 POST with an
Expect: header and exclude from the main pools any server where this
fails.
(Similarly, need to figure out what to do about nginx/FreeBSD/KQUEUE for
GnuPG curl-shim ... harder to deterministically detect. For myself, I
might suck it up and rebuild without KQUEU
On 2013-02-28 at 09:12 +0100, Niels Laukens wrote:
> On 2013-02-28 00:50, Phil Pennock wrote:
> > The best fix is to use gpg with a real cURL library.
>
> I'm currently using a downloaded binary from gpgtools.org. I don't see
> libcurl in the list of shared objects
iably fixed going
forward.
(2) means people encountering it can work around it now.
(1) sucks, because I for one like the signalling done and the model used
in TCP and used by the GnuPG developers. It's very clear, "we're
not going to send anything else". Unfortunat
on: libgpg-error, libgcrypt, libksba, libassuan, pinentry, pth,
gpg-agent, dirmngr, libusb-compat
Not installed
https://github.com/mxcl/homebrew/commits/master/Library/Formula/gnupg2.rb
"Not installed" because I didn't install with brew. Myself, I&
08794654
or redirector:
http://gplus.to/keyservers
Regards,
-Phil, occasional SKS coder and pesterer of GnuPG devs on HKP issues
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I...L
0x0040: e6e7 24a3 3b1e 017c 4361 6368 652d 436f ..$.;..|Cache-Co
0x0050: 6e74 726f 6c3a 206e 6f2d 6361 6368 650d ntrol:.no-cache.
0x0060: 0a50 7261 676d 613a 206e 6f2d 6361 6368 .Pragma:.no-cach
0x0070: 650d 0a0d 0a e
keytest.spodhuis.org
Command:GET
* HTTP proxy is "null"
* HTTP URL is
"http://keytest.spodhuis.org:11371/pks/lookup?op=get&options=mr&search=0x403043153903637F";
* HTTP auth is "null"
* HTTP method is GET
gpg: key 0x403043153903637F: "Phil Pen
On 2012-12-02 at 10:23 -0500, David Shaw wrote:
> On Oct 6, 2012, at 10:20 PM, Phil Pennock wrote:
> > GnuPG folks (since this is cross-posted, if my mail makes it through):
> >
> > there is a bug in GnuPG's SRV handling, I've identified where I think
> > it
On 2012-12-02 at 23:46 -0500, David Shaw wrote:
> I tried talking to keytest.spodhuis.org to test, but all the ports
> returned in the SRV were not listening. Or at least, not listening to
> me ;)
*blush*
Fixed, sorry.
-Phil
___
Gnupg-user
On 2012-10-06 at 22:20 -0400, Phil Pennock wrote:
> So, there's a `port` and an `opt->port`; the SRV lookups set `opt->port`
> but not `port`, while the URL given to curl uses `port`.
>
> It seems like changing 537 to:
> port = opt->port = newport
>
uest,":");
270 strcat(request,port);
271 strcat(request,opt->path);
[...]
294 curl_easy_setopt(curl,CURLOPT_URL,request);
So, there's a `port` and an `opt->port`; the SRV lookups set `opt->port`
but not `port`, while the URL given to curl uses `port`.
It seems like changing 537 to:
port = opt->port = newport
should fix it as a stop-gap.
-Phil
pgpuY3TNNNPWS.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
rest just uploaded them to a keyserver. I can't be critical of anyone
who did that. It seems to be the most common practice.
We are very lucky to have an open standard (OpenPGP) and a free/open-source
implementation (GnuPG) to work with. The really hard problems are trying
to get people to
ils I sent earlier)
appears to be attachments.
Overall, it makes signed emails just so unreliable. But I guess we
already knew that.
Cheers,
Phil.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
On Fri, 28 Oct 2011, Jerry wrote:
On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated:
Nothing relating to encrypted data, but I've seen an MS Exchange
system rewrite signed emails (both PGP/MIME and S/MIME) with the
obvious effect of causing failed verifications.
Coul
27;ve seen an MS Exchange system
rewrite signed emails (both PGP/MIME and S/MIME) with the obvious effect
of causing failed verifications.
Cheers,
Phil.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t; What you want is gpgv or gpgv2:
That seems to do what I want if I include --homedir /dev/null. No default
keyring and the environment variable for GNUPGHOME is ignored.
Thanks!
Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gn
like this will work with both gpg and gpg2 even though all of
the options aren't necessary. Are there any other options I should use?
Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
similar to, for example, the policy URL
signature subpacket.)
Thanks,
Phil.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
with no reader
serialno
scdaemon[7573]: PC/SC RESET failed: invalid value (0x80100011)
ERR 100663404 Card error
# Crypto Stick inserted
reset
OK
serialno
ERR 100663404 Card error
It appears that once scdaemon decides there is no reader, it needs to
be restarted.
Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ing.
> As well, anything sent to a public list like this may be archived on
> web pages, inviting harvest for spam.
Yes, that was another thing I knew could happen. It just strikes me as a little
strange that this one was the first hit.
--
Phil Reynolds
o mail:
just change this address?
--
Phil Reynolds
o mail: [EMAIL PROTECTED]
|L_ \ / Web: http://www.tinsleyviaduct.com/phil/
(_)- \/ Waltham 66, Emley Moor 69, Droitwich 79, Windows 95
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
Therefore, should it prove necessary, I will presumably have to add such
uids as necessary to the key.
On the whole, I think this will probably only rarely, if ever, be
needed. But, if it is, at least I know now.
--
Phil Reynolds
o mail: [EMAIL PROTECTED]
|L_ \ / Web: http://www.tin
On Wed, Jun 04, 2008 at 01:08:40PM -0400, David Shaw wrote:
> On Wed, Jun 04, 2008 at 04:13:00PM +0100, Phil Reynolds wrote:
> >
> > I have recently started using suffixed e-mail addresses and am wondering
> > if I might need to add suffixes I am using to my key - or if I c
catch-all is possible, please advise
me as to how I need to specify it.
--
Phil Reynolds
o mail: [EMAIL PROTECTED]
|L_ \ / Web: http://www.tinsleyviaduct.com/phil/
(_)- \/ Waltham 66, Emley Moor 69, Droitwich 79, Windows 95
___
Gnupg-users
e notation part of the signed data (whereas the comment headers aren't)
so that tampering with the notation is evident?
Thanks,
Phil.
__
Sent from Yahoo! Mail - a smarter inbox http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Why not use MD5?
- --
Phil Helms
[EMAIL PROTECTED]
David Shaw wrote:
>
>> And how can I choose the hash method (sha1 or md5) when signing?
>
> --personal-digest-prefs takes a list of hash algorithms. It will pick
> the first
Hi,
A quick question regarding the recently discovered
vulnerability to the injection of unsigned data :
>From the description, it wasn't completely clear to me
whether this vulnerability also applied to
verification of clearsigned text. Does it?
Thanks
ys using normal sigs, it wouldn't have any effect; I'm rather
surprised that a keyring problem could be caused by it.
Thanks,
-Phil
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2006-02-28 at 13:07 +0100, [EMAIL PROTECTED] wrote:
> Ok, now it works, but can you send me any information that could be
> interesting? For example how you create the 0xC9541FB2,
It's a public key for someone else, imported with --recv-key, because
it's in a trust path I need.
I do have a ra
1 - 100 of 102 matches
Mail list logo