Re: libgcrypt & passphrase
On Wed, 27 Jul 2005 15:21:22 +0200, Claudia Reuter said: > Similar to GnuPG I like to encrypt the secrete key with a passphrase. > libgcrypt seems not to implement a function to encrypt a key with a > passphrase or am I wrong? Any suggestions would be appreciated. That is correct. At some point we might move some of this code into Libgcrypt as it is useful for other applications too but I doubt that this will happen in the near future. You might also want to look at the agent/protect-tools.c which is a program to use the GnuPG 1.9 style key protection. It should not be too hard to use it along with libgcrypt. The format is described in agent/keyformat.txt and the basic code is in agent/protect.c. Basically it is the same algorithm as used by OpenPGP but modified to work with S-expressions. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libcrypt and RC2 revisited
Werner Koch wrote: > On Tue, 26 Jul 2005 19:22:06 +0200, Zeljko Vrba said: > >> Ugh, I hope that you'll _never,ever_ allow such low-grade insecure >> algorithms in gpg or anything related to it, no matter what the public >> demand is. > > For sure not in an application like gpg. However for certain tools > (e.g. a crypto workbench) it makes sense to have even very simple > ciphers. Also, it isn't our fault, that M$ does use such simple crypto algorithms. I personally share this opinion, but only for the encryption side. For decryption, I don't understand why it should be a problem. A problem is, that an user new to the Unix world wants to decrypt the messages sent to them, regardless of the encryption system the sender used. And since the gnupg solution is used by the popular KMail of KDE, no KMail user is able to decrypt this Outlook crap sent to them. Is telling the Outlook users to use another mail program or use no encryption at all the solution? I don't think so. I even tried to convince Outlook to use 3des, but couldn't figure out how to do that. So, thanks for the explanation, keep up the good work. Greetings, Sven -- Sven Fischer -- Moitzfeld 47, 51429 Bergisch Gladbach, Germany Tel./Fax: +49-(0)2204-480985 [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libcrypt and RC2 revisited
Sven Fischer wrote: Also, it isn't our fault, that M$ does use such simple crypto algorithms. I personally share this opinion, but only for the encryption side. For decryption, I don't understand why it should be a problem. For decryption there is no problem, of course. As for encryption.. it is impossible to misuse a feature (even accidentaly!) which simply is not present :) that was my reasoning behind the comment. user is able to decrypt this Outlook crap sent to them. Is telling the Outlook users to use another mail program or use no encryption at all the solution? I don't think so. I even tried to convince Outlook to use 3des, but couldn't figure out how to do that. that setting is hidden deep somewhere in account settings. but are you talking about S/MIME or GPG? IMHO, outlook users that are using GPG are pretty 'advanced' users (compared to rest of them). AFAIK, Outlook makes it easy to use X.509 but you have to have some kind of plugin for GPG, no? and GPG (except the experimental one) can't yet handle S/MIME. So linux mail readers have to use something else besides GPG for S/MIME.. and then I don't see how not incorporating RC2 into GPG even for decryption is a problem.. am I missing something here? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libcrypt and RC2 revisited
On Thu, 28 Jul 2005 10:36:11 +0200, Zeljko Vrba said: > For decryption there is no problem, of course. As for encryption.. it is Well not supporting it _might_ help the sender to realize that he is doing something strange (i.e. using a weak algorithm) > but you have to have some kind of plugin for GPG, no? and GPG (except > the experimental one) can't yet handle S/MIME. So linux mail readers I won't declare the S/MIME support experimental in any way. It is actually stable and in production use at several sites. It is just that gpgsm is distributed in the development branch of gpg - which is unfortunately but currently there is no solution for it. Let me repeat: gpgsm, gpg-agent and gpgconf as available in gnupg 1.9.x are stable and ready for use. You may install GnuPG 1.9 along with GnuPG 1.4 to get both: OpenPGP and S/MIME. MUAs supporting gpgsm are at least KMail and Mutt (1.5.x). Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Best/correct way to back up keys and configuration?
What's the best way to back up my GnuPG keyrings -- just a tar.gz of the ~/.gnupg directory? Or is there any advantage to producing additional files with the "--export" and "--export-secret-keys" commands? (I know that the backups then need to be stored securely.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best/correct way to back up keys and configuration?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Adam Funk wrote: > What's the best way to back up my GnuPG keyrings -- just a tar.gz of the > ~/.gnupg directory? > > Or is there any advantage to producing additional files with the > "--export" and "--export-secret-keys" commands? > > (I know that the backups then need to be stored securely.) > Not sure if there is any advantage, but ASCII-armored files are always nice :) I keep a log of what keys I import (by date, including expiration & revocation status) and date my keyring backups - just in case it gets corrupted, but I want to rebuild my keyring from some saved point. Make sure *before you do anything else* that you have a backup of your secret key *and a revocation certificate*, in case anything bad happens... - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6PFt/RxM5Ph0xhMRAxA9AJwPKaOFkfGaa52fTyzJ8A6SJlnjogCgoLRO +OWW6tIvDGx5ixx1FBGp0kE= =tt61 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best/correct way to back up keys and configuration?
On Thu, Jul 28, 2005 at 02:31:44PM +0100, Adam Funk wrote: > What's the best way to back up my GnuPG keyrings -- just a tar.gz of the > ~/.gnupg directory? > > Or is there any advantage to producing additional files with the > "--export" and "--export-secret-keys" commands? > > (I know that the backups then need to be stored securely.) One advantage to using --export-secret-keys and --armor is that you can print the secret key out and in a worst-case scenario, type it back in again. Not a replacement for regular backups of course, but unlike CDR and floppies, ink on paper in the dark can last longer than you and I will. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Key Ring Questions
I have a couple questions around the maintenance/clean up of gnuPG key rings. 1) We have gnuPG installed and used by 3 users on one Unix type server. One of the 3 users was used for initial setup and testing of the gnuPG software and is no longer used. Is it possible to remove the key, and key ring from this user? Is it as simple as deleting the .gnupg directory under that users home directory? 2)Is it possible to remove keys from the key ring if they are no longer used? Example: a key was imported for use a year ago, but is no longer used for encryption/decryption. Is there a way to remove it? Thanks for the help. Scott Thanks Scott Seidl Electronic Communication Services [EMAIL PROTECTED] Tel) 920-592-2163 This document, and any attachments therein, contains proprietary and confidential information that may not be disclosed without the prior written permission of Schneider National, Inc. and its subsidiaries. Unauthorized use or misuse of this information and its contents is strictly prohibited. Schneider National, Inc. vigorously protects its rights. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Ring Questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > I have a couple questions around the maintenance/clean up of gnuPG key > rings. > > 1) We have gnuPG installed and used by 3 users on one Unix type server. > One of the 3 users was used for initial setup and testing of the gnuPG > software and is no longer used. Is it possible to remove the key, and key > ring from this user? Is it as simple as deleting the .gnupg directory > under that users home directory? That'll do it > 2)Is it possible to remove keys from the key ring if they are no longer > used? Example: a key was imported for use a year ago, but is no longer > used for encryption/decryption. Is there a way to remove it? gpg --delete-key 0xDecafBad - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Be part of the £33t ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6ZzZHQSsSmCNKhARAvXqAKDcqhjS3ygBiIG31S0pOIGGsB8RwQCfaTq6 YtEsAVKenIO2NhxOMNzqnTc= =1Pk2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I have the public key, but not the private...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Travis C Newman wrote: > On Wed, 2005-07-27 at 02:29 -0400, Atom Smasher wrote: > >> you did follow the instructions and created a revocation certificate, >> right? and stored it in a safe place? > > Nope. the howto I followed had nothing about it. I'm admittedly quite > green with GPG. I just needed it to sign something once, now I need it > to sign something else, and I don't have the revocation cert. > *bangs head on desk* The old key is toast. There is nothing you can do to retrieve it. Create a new key. And this time, create a revocation certificate THEN save the pubkey, seckey, and revcert offline somewhere safe. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Be part of the £33t ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6Z9mHQSsSmCNKhARAo/LAJ0XHLXwOkf6EgLntsGDS/8aLHUrLgCfTBcT WhU+JvNtvSGMbouxmJJWeNM= =37R6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
