Hi,
I am a relative newbie at using gnupg. I've tried it over the years, but
never really committed to using it fully until now. Now, I plan to use
gnupg for email and additional information security on a daily basis. I
have read quite a few books and feel like I have a pretty good grasp of
the ba
Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge):
On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote:
> 1. It seems that the keyservers never forget. In creating keypairs while
> trying to figure this out every few years and then forgetting the
> passwords or losing the priv
> Do I just move on and try not to do that in the future, or is there any
> hope for cleaning up?
Move on. It's okay, everybody makes this mistake in the beginning. :)
> 2. In everyday use, what is the norm for folks to publish their keys to
> get other folks to use them? Do y'all put the finge
On 4/1/17 11:22 AM, Francesco Ariis wrote:
> Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge):
>
> On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote:
>> 1. It seems that the keyservers never forget. In creating keypairs while
>> trying to figure this out every few years and
Robert,
On 4/1/17 3:08 PM, Robert J. Hansen wrote:
>> Do I just move on and try not to do that in the future, or is there any
>> hope for cleaning up?
> Move on. It's okay, everybody makes this mistake in the beginning. :)
I thought this might be the case. On the one hand, bummer, on the other,
Some answers below, and you've already received some good answers, but I
have some more fundamental questions. :)
First, and an important question for security-related stuff generally,
what is your threat model? In other words, what dangers are you guarding
against by using PGP? You mention ev
At Sun, 2 Apr 2017 11:20:16 -0700,
Doug Barton wrote:
> On 04/01/2017 07:10 AM, Will Senn wrote:
> > 3. I've read
> > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> > and other such pieces proclaiming the value of having the master key in
> > a safe place an
On 4/2/17 1:20 PM, Doug Barton wrote:
> Some answers below, and you've already received some good answers, but
> I have some more fundamental questions. :)
>
> First, and an important question for security-related stuff generally,
> what is your threat model? In other words, what dangers are you
>
On 4/2/17 2:00 PM, Neal H. Walfield wrote:
> At Sun, 2 Apr 2017 11:20:16 -0700,
> Doug Barton wrote:
>> On 04/01/2017 07:10 AM, Will Senn wrote:
>>> 3. I've read
>>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>>> and other such pieces proclaiming the value
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2017-04-02 16:18, Will Senn wrote:
> On 4/2/17 1:20 PM, Doug Barton wrote:
>> Some answers below, and you've already received some good answers, but
>> I have some more fundamental questions. :)
>>
>> First, and an important question for security-r
Hi,
At Sun, 2 Apr 2017 18:23:14 -0500,
Will Senn wrote:
> but at the end of
> the day, I don't seem to be able to sign anything with the signing
> subkey if the master key is not present (with sec instead of sec#). Do
> you know how I get it to use the subkey (the manual says it will default
> to
On 03/04/17 08:25, Doug Barton wrote:
> That said, as long as you have a suitable passphrase your risk of key
> compromise is really, really minimal, even if they did get total control
> over your device. Barring coercion, the chances of someone guessing your
> passphrase is near zero. And currentl
On 02/04/17 21:00, Neal H. Walfield wrote:
> In short, the main key acts as a level of indirection, which separates
> your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one
important somewhat-caveat, which is that you can't delegate the C
On 04/03/2017 04:16 AM, Peter Lebbing wrote:
On 03/04/17 08:25, Doug Barton wrote:
That said, as long as you have a suitable passphrase your risk of key
compromise is really, really minimal, even if they did get total control
over your device. Barring coercion, the chances of someone guessing yo
On 04/03/2017 04:20 AM, Peter Lebbing wrote:
On 02/04/17 21:00, Neal H. Walfield wrote:
In short, the main key acts as a level of indirection, which separates
your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one
important somewhat-c
On 4/3/17 1:25 AM, Doug Barton wrote:
>
> > but
> > I'm not having much luck signing with subkeys, so I'm not convinced this
> > is worth the headache and increased complexity of key management.
>
> It's not really that hard to do, what kind of problems are you having?
> The instructions at https:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 02-04-2017 a las 20:23, Will Senn escribió:
...
>> In short, the main key acts as a level of indirection, which
>> separates your identity from your encryption/signing keys.
> Sounds like what I was led to believe to be the case, but at the
> end
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 03-04-2017 a las 20:04, Will Senn escribió:
...
> Actually, I appreciate all of the detail. I will start off with a
> simple keypair that I am careful with. Based on my current
> understanding, if my passphrase is known only to me, is
> sufficient
On Sun, Apr 02, 2017 at 06:23:14PM -0500, Will Senn wrote:
> Sounds like what I was led to believe to be the case, but at the end of
> the day, I don't seem to be able to sign anything with the signing
> subkey if the master key is not present (with sec instead of sec#).
At a guess, you may need t
19 matches
Mail list logo
