Re: lost private key password
--- Kurt Fitzner <[EMAIL PROTECTED]> wrote: > Realos wrote: > > What would you suggest in this case? A brute force > attack with some > > software if I know part of the password? What tool > is suitable for that? > > There isn't any software that I know of to > brute-force a GnuPG password. Actually, there is this, which might do what you need. But I've never tried it. Worth a go, perhaps. http://www.vanheusden.com/nasty/ Best, N. ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: updating a key's self-signature
David Shaw wrote: >Anyway, do this: > >gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid) > > Is this possible with the selfsigs on subkeys, too? Chris. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: updating a key's self-signature
David Shaw wrote: >If an attacker compromises the keyserver or in any way distributes >your key himself, he can remove the new self-sig, leaving the old one >behind. > > Isn't it possible to revoke the older selfsig? Of course, it's still possible for an attacer to compromise the keyserver and/or distribute the key himself, but that risk exists always (e.g. when revoking the whole key - which is the same as revoking all the 0x13 selfsigs) Chris. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: updating a key's self-signature
On Wed, Jan 04, 2006 at 07:01:17PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >If an attacker compromises the keyserver or in any way distributes > >your key himself, he can remove the new self-sig, leaving the old one > >behind. > > > > > Isn't it possible to revoke the older selfsig? Sure, but you have exactly the same problem as before: an attacker can simply unrevoke it by removing the revocation packet. > Of course, it's still possible for an attacer to compromise the > keyserver and/or distribute the key himself, but that risk exists always > (e.g. when revoking the whole key - which is the same as revoking all > the 0x13 selfsigs) Revoking the whole key is not the same as revoking all selfsigs. One revokes the key. The other makes the key completely untrusted and untrustable. They're not at all the same. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: updating a key's self-signature
On Wed, Jan 04, 2006 at 04:20:20PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >Anyway, do this: > > > >gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid) > > > > > Is this possible with the selfsigs on subkeys, too? No. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hard-copy backups
On Thu, Jan 05, 2006 at 12:21:00AM -0500, Atom Smasher wrote: > has anyone given any thought to what would be the difference between > carefully and carelessly making hard-copy backups of secret keys? > > i mean, it would be stupid to print a copy of ones secret key (with a weak > passphrase) and leave it lying on a table next to a window. OTOH, a > printed copy of a secret key (with a strong passphrase) would probably be > "secure" in a 10 ton safe. > > so how strong should a passphrase be when printing out a secret key in the > first place? what are the pros/cons of hiding versus securing a hard-copy? > what other factors should be considered? > > bear in mind, these are philosophical questions with philosophical > answers... i'm not looking for absolutes. from my experience, all keys for long-term, _safe storage_ (and after revocation) should be kept with no passphases at all human memory is very volatile and some day you gonna need to decrypt an old email encrypted with the key you revoked in 1993[1], and there's is no way you'll remember the old, long time not used, non-trivial passphrase alex [1] Thats actual thing that happened to me two weeks ago. -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
BZIP2 algorithm isn't supported after compiling gnupg from source code
Hello. I downloaded GnuPG source and checked its signature (under Windows): ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2.sig Then I rebooted into recently installed Debian GNU/Linux 3.1r0a system and built program from source: $ cd /home/[user]/ $ bunzip2 gnupg-1.4.2.tar.bz2 $ tar xvf gnupg-1.4.2.tar $ cd ./gnupg-1.4.2 $ ./configure $ make # make install After these steps command "gpg --version" displays the following: gpg (GnuPG) 1.4.2 [...] Compression: Uncompressed, ZIP, ZLIB Before compiling (there was default gnupg installation from Debian package) output of "gpg --version" was: gpg (GnuPG) 1.4.1 [...] Compression: Uncompressed, ZIP, ZLIB, BZIP2 Windows version (installed from official binaries) also supports BZIP2: gpg (GnuPG) 1.4.2 [...] Compression: Uncompressed, ZIP, ZLIB, BZIP2 Thus BZIP2 algorithm isn't supported after compiling GnuPG 1.4.2 from source code under Linux. How can I enable BZIP2 support using last version of GPG under Linux? Regards and thanks for advice -- My current OpenPGP key ID: 0x500B8987 Key fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: BZIP2 algorithm isn't supported after compiling gnupg from source code
lusfert wrote: > $ cd /home/[user]/ > $ bunzip2 gnupg-1.4.2.tar.bz2 > $ tar xvf gnupg-1.4.2.tar tar xjvf will combine the tar extract operation with the bunzip > $ cd ./gnupg-1.4.2 > $ ./configure > $ make Thus is normally the point where one tests the built code *before* 'make install'. > # make install > > After these steps command "gpg --version" displays the following: > > gpg (GnuPG) 1.4.2 > [...] > Compression: Uncompressed, ZIP, ZLIB > Thus BZIP2 algorithm isn't supported after compiling GnuPG 1.4.2 from > source code under Linux. > How can I enable BZIP2 support using last version of GPG under Linux? What was the output from configure? You should have seen lines like (near top) checking whether to enable the BZIP2 compression algorithm... yes (near bottom) checking for bzlib.h... yes checking for BZ2_bzCompressInit in -lbz2... yes './configure 2>&1 | tee configure.log' will save the output from configure for diagnostic purposes. BZIP2 support won't be built if configure cannot find the bzlib.h include file and the libbz2 library. You may need to 'help' configure find the bzip2 library. configure's --help will tell you: --with-bzip2=DIRlook for bzip2 in DIR Finally, what version does apt-get install? Mostly just curious, I don't use Debian. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?"/ "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hard-copy backups
On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote: from my experience, all keys for long-term, _safe storage_ (and after revocation) should be kept with no passphases at all human memory is very volatile and some day you gonna need to decrypt an old email encrypted with the key you revoked in 1993[1], and there's is no way you'll remember the old, long time not used, non-trivial passphrase and then keep the printout in a very safe place? a very well hidden place? very safe, well hidden place? hehe... the problem then isn't remembering the passphrase, but remembering where you put the paper ;) -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - "WAR IS PEACE, FREEDOM IS SLAVERY, IGNORANCE IS STRENGTH" The two minutes hate ended with this message which is the slogan of the Party. -- George Orwell ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hard-copy backups
On Thu, Jan 05, 2006 at 02:07:17PM -0500, Atom Smasher wrote: > On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote: > > >from my experience, all keys for long-term, _safe storage_ (and after > >revocation) should be kept with no passphases at all > > > >human memory is very volatile and some day you gonna need to decrypt an > >old email encrypted with the key you revoked in 1993[1], and there's is > >no way you'll remember the old, long time not used, non-trivial > >passphrase > > > and then keep the printout in a very safe place? a very well hidden place? > very safe, well hidden place? > > hehe... the problem then isn't remembering the passphrase, but remembering > where you put the paper ;) In Sweden people with weapon licenses are required to either keep their weapons locked up in a safe that is non-trivial to move or store them with the "vital part" and ammunition removed and hidden in different places. Might be applicable? //Samuel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hard-copy backups
On Thu, 5 Jan 2006, Samuel ]slund wrote: In Sweden people with weapon licenses are required to either keep their weapons locked up in a safe that is non-trivial to move or store them with the "vital part" and ammunition removed and hidden in different places. Might be applicable? = hhmm the first part is analogous to physically or cryptographically securing data. the second part, taken to a cryptographic extreme, leads me to consider making a one-time-pad of two or more parts, and leaving the parts under the care of different "trusted" persons and/or in different "secure" locations... that's a backup scheme i hadn't considered... -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - "A good many observers have remarked that if equality could come at once the Negro would not be ready for it. I submit that the white American is even more unprepared." -- Martin Luther King, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
WinPT
I hope I'm not off-topic but I have a question about WinPT. It seems that I can refresh or add to the public keyring from the CLI with gpg but I can't refresh the keys using the same server from within WinPT. I keep getting an error about WinPT not able to access the server. I tried the other pre-installed servers with the same result. I have tried shutting down firewalls and anti-virus programs also. I have also tried setting up a dmz on the router and placing one PC in that zone with its firewall and AV program turned off. Windows XP, SP2. WinPT 0.10.1, GnuPG 1.4.2 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
