Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 22:35 -0400, David Shaw wrote:
> Yes.  It's not that gpg has a driver for it though.  The developers of  
> the entropy key were clever and instead of making programs write new  
> code to use the key, they made a program that reads the key and feeds  
> the Linux entropy pool.  Thus, anything that uses /dev/random (like  
> gpg) benefits without code changes.
Nice nice :)

Apart from that,.. I've just read that they support even having more of
those devices added,.. for an even higher entropy bandwidth :D

> Not completely useless given the Linux random design, but certainly an  
> evil source of entropy would be a serious problem.  Do you have any  
> reason to believe this device is evil?
_Not at all_ ... But the problem is,.. how could I know? Nor would I
have the technical knowledge to verify their implementation,.. nor the
elecetron microscope that I'd probably need for the verification.


> There are many random number  
> generators on the market.  Knowing which ones are evil would be handy ;)
Well,.. as soon as I got a list,.. I promise that I'll tell you ...
EXCEPT... I'm already detained in Guantanamo, Diego Garcia,.. or
something like this ... for knowing that list ;)
But in this case we might probably meet anyway,.. as _all_ people I've
ever had contact to,.. will be detained, too ;)


> > So my question is basically,..
> > If gpg would use this,... does it only improve the already existing
> > entropy and randomness of the kernel PRNG? I mean that gpg somehow
> > "merges" the different sources?
> > Or is it more or less a,.. either use the kernel PRNG or the hardware
> > RNG.
> 
> The kernel merges several sources of entropy into the /dev/random  
> pool.  The entropy key would just be another source (though a very  
> prolific source) of entropy.
So this basically means:
Use such devices (as much as possible), they practically can only
improve security, but not weaken?


Grüße,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 22:52 -0400, David Shaw wrote:
> I suspect you are more in danger of being hit by meteors several times  
> in a row as you walk to your friend's house with the USB stick, than  
> you are in danger from SHA-1.
I was watching Armageddon yesterday evening... so watch out what you're
saying ;P (and never forget you anti-meteor-shower-umbrella)


Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 20:38 -0400, Daniel Kahn Gillmor wrote:
> Worse than this: the devices could produce measurably "good" entropy
> that happens to be predictable to a malicious individual in control of a
> special secret.
> 
> For example, if such a key were to contain a copy of the secret, and
> somehow retain the current time (e.g. a battery and a clock?), it could
> produce a new output stream each second with:
> 
>  AES(secret + time())
> 
> (first cleartext block is just "secret + time", and next cleartext block
> for that second is just the previous ciphertext block XOR'ed with
> "secret + time" -- reset every second as time() changes)
> 
> This would produce a predictable stream that (like all good ciphers) has
> high-entropy output.
> 
> Then, if this was used to provide random numbers to the kernel, which in
> turn provided them to gpg, an attacker who knows the secret associated
> with your entropy key, and the time you generated the key (that
> information is published with your public key) could probably reproduce
> the stream of "randomness" that was used for your key generation, and
> therefore stumble upon your private key.

Ok,... now you've made me unsecure :-/ (on whether to use such a thingy
- ok I've already ordered one ^^ - or not)


Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 22:23 -0400, David Shaw wrote:
> Sure, but your computer vendor "could" have a relationship with the  
> NSA and put some special code in the BIOS to capture keyboard input  
> and periodically send it to a central server.  Your disk drive vendor  
> "could" keep a few extra sectors hidden from the reallocation pool,  
> and use them to store copies of things that match the byte signature  
> of a PGP key.  Your wifi AP vendor "could" have a hidden secret WPA  
> key that makes your home network available to a malicious individual  
> in control of the special secret.
This is exactly what keeps me awake at nights ;P


Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 22:55 -0400, Daniel Kahn Gillmor wrote:
> There is also open hardware for random number generation, for whatever
> that's worth:
> 
>  http://warmcat.com/_wp/whirlygig-rng/
I think David already pointed me to this one some time ago,.. but
they're not yet selling it, right?


Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

workings of trust signatures

[Christoph Anton Mitterer]

Hi.

I just wanted to fresh up my knowledge on trust signatures and have it
confirmed whether I've understood it correctly.

So first of all, level 0 TSigs are identical to normal non-trust-sigs.

e.g.:
[my self] --normal sig--> [person A] +-normal sig--> [person B]
 `-trust5 sig--> [person C] --normal sig--> 
[person D]

=> I only trust A,.. but nothing "below" A (at any level).



Level 1 TSigs would mean, that I signed that key (as with normal
signing) but in addition I also trust (with the specified value 60 or
120 e.g.) keys he signed (regardless of whether he used a normal sig or
a TSig for that.

e.g.:
[my self] --trust1 sig--> [person A] +-normal sig--> [person B]
 `-trust5 sig--> [person C] --normal sig--> 
[person D]
 `-trust5 sig--> [person E] --trust2 sig--> 
[person F] --normal sig--> [person G]

=> I only trust A, B, C and E,.. but nothing "below" B, C or E (at any level) 
because of my own level 1 tsig to A.


If I give higher levels of TSigs... the level is always the maxmium number of 
hops that can occur,..
But only further Tsigs on the keys I've signed with it,... will make this 
usable,.. so it cannot jump over normal sigs:

e.g.:
[my self] --trust6 sig--> [person A] +-normal sig--> [person B] --normal sig--> 
[person C]
 `-trust5 sig--> [person D] --normal sig--> 
[person E] --trist1 sig--> [person F]
 `-trust1 sig--> [person G] --trust5 sig--> 
[person H] --normal sig--> [person I]

=> I trust
- A
- B (because of my trust5 sig to A)
- not C as, B signed it only with a normal sig
- D
- not E or F (even though my own trust to A and the trust from A to D
were H, but D didn't sign E with a trust sig, the fact. that E signed F
with a trust sig is irrelevant, as there was a "hole" in the chain
- G
- H
- but not I, as G was only given a trust1 sig by A

Right so far?

So the chain of trust sigs can be "aborted" at any level, by a signature
"before",.. even if signatures that came even more earlier specified a
high enough level.



Thanks,
Chris.




smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto secure older keys after the recent attacks

[Christoph Anton Mitterer]

On Thu, 2009-09-10 at 22:46 -0400, David Shaw wrote:
> The place for all such suggestions is the IETF OpenPGP working group: 
> http://www.imc.org/ietf-openpgp/
Yeah I know,.. and if you remember, most of what I've mentioned before
was already discussed at that list... but with no very big support ;)

So either these ideas were not improving strictness, security or
functionality (as with the additional attributes)... or people are just
to scared to break existing things or do not want to put a too high
burden on the implementations.


Anyway,.. don't believe that much (if any) of the above would be added
in (near) future releases,.. and I don't wanna start the same
discussions again ;)


Best wishes,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: workings of trust signatures

[Christoph Anton Mitterer]

Hi.

One additional question:
Is it possible to give multiple trust signatures to the same subject,
but with different levels and trust amounts.

e.g.

[myself] +-trust 1 sig / value=120-+> [some person or trustworthy CA] --trust 1 
sig --> [some sub CA, which is "less" trustworthy]
 `-trust 2 sig / value= 60-´

So I'd allow the CA to be trusted introducer with full trust,.. but being 
meta-introducer only with partial trust.


Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: BZIP2

[Noiano]

Henrik O A Barkman ha scritto:
> 
> What is the reason for the Windows build of 1.4.10 (both the pulled and
> fixed binaries) not supporting BZIP2?
> 
> 
[cut]

I can see the bzip2, windows vista SP2


C:\Users\noiano>gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: [cut]
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

C:\Users\noiano>

Strange, isn't it?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do I use gpg to decrypt encrypted files????

[Morten Gulbrandsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

BosseB wrote:
> I have a number of encrypted files, which I need to decrypt. I have
> installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary
> keyrings and they work with Thunderbird and Enigmail.
> 
> But as I said I need to decrypt files that are on my hard disk, not in
> an email
> 


like this  symmetric only  to any password  to any key, if the
passphrase is known


bash-3.00$ ls -l   filename.txt
- -rw-r--r--   1 morten   other 12 Sep 11 19:31 filename.txt
bash-3.00$ cat  filename.txt
hello world
bash-3.00$ file  filename.txt
filename.txt:   ascii text
bash-3.00$ gpg  -c filename.txt
bash-3.00$ ls -l  filename.txt*
- -rw-r--r--   1 morten   other 12 Sep 11 19:31 filename.txt
- -rw-r--r--   1 morten   other 63 Sep 11 23:59 filename.txt.gpg
bash-3.00$ gpg  --decrypt  filename.txt.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
hello world
gpg: WARNING: message was not integrity protected
bash-3.00$


this is the easiest way and gives some security. There are options to
enforce   --cipher-algo AES256


http://gnupg.org/documentation/manuals/gnupg/CMS-Options.html#index-cipher_002dalgo-272

- --cipher-algo oid
Use the cipher algorithm with the ASN.1 object identifier oid for
encryption. For convenience the strings 3DES, AES and AES256 may be used
instead of their OIDs. The default is 3DES (1.2.840.113549.3.7).




like this

 gpg  -c  --cipher-algo  aes256  filename.txt


However decrypting a binary or ascii file to a certain key the result
may be binarty or ascii armored  like this


gpg --encrypt --armor   --recipient  AAA651B  filename.txt
#  AAA651B is example for the target key ID


or if you are happy with a binary result,  like this

gpg --encrypt   --recipient  AAA651B  filename.txt


On my system it works  easy, there are some videos on facebook and
perhaps youtube also explaining this more,

you will also need to sign it.


sincerely yours,

Morten
0x81802954

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header

iEYEARECAAYFAkqqyzQACgkQ9ymv2YGAKVTWKQCg9rFJFGEAh9/nYAlyHq1ZBuiL
w6kAnAn8CBlelb7I04mxhoSjY5q6IyCp
=Voii
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users