sign emails on untrusted computer but keep key material on a separate computer?
Hi, I'd like to use my MUA on an a regular desktop computer that also runs web browsers and other potentially buggy software. I don't want to have my PGP keys on that computer. However, would it still be possible for the MUA to ask a separate computer to sign emails for me? (The separate computer has its own keyboard and display so that I can see what I am about to sign.) gpg-agent listens on a unix socket. There's a patch to add unix socket forwarding support to openssh. However, the gpg-agent protocol only transmits hash of the message to be signed. This is not enough, I have no way of knowing what I am actually signing. 1) Could gpg-agent protocol be extended to support sending the complete message to be signed and not just its hash? 2) Is there already some existing protocol that I could use? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is it possible to decide what is a gpg file?
Hi everyone! Sorry if you get two of these, I screwed up while subscribing to the list. I have a question relating to the symmetric encryption. If I do gpg -c foo-file and enter a passphrase, I get an encrypted foo-file.gpg. Is there a way to tell that it is an encrypted file just by looking at the contents? I mean, is there a reliable way to tell that something is _not_ an encrypted file? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Melikamp The Medley writes: > and enter a passphrase, I get an encrypted foo-file.gpg. gpg seems to be able to determine the cipher used: $ gpg foo-file.gpg gpg: CAST5 encrypted data ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
On Tue, Nov 17, 2009 at 10:52:29AM -0500, Melikamp The Medley wrote: > Sorry if you get two of these, I screwed up while subscribing > to the list. > > I have a question relating to the symmetric encryption. If I do > > gpg -c foo-file > > and enter a passphrase, I get an encrypted foo-file.gpg. > Is there a way to tell that it is an encrypted file just by > looking at the contents? I mean, is there a reliable way to > tell that something is _not_ an encrypted file? Depends on what you mean by "reliable"... I'm sure if you read RFC-4880, you could work out a byte pattern that would give a very good indication, for most practical purposes. However, it would probably be possible for someone to generate a file artificially in a deliberate attempt to fool the filetype detection mechanism. So, it's not "reliable" because it can be fooled intentionally, but for most likely scenarii (i.e. where people aren't deliberately trying to fool it), it would work. If you're running on UNIX (particularly Linux), look at 'man file'. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Thanks for your answers, David, Timo. A somewhat related question: is there a tool that is designed to produce "undetectable" encryption, i.e. something that is very plausibly random? I gather from your answers that gpg does not do that. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 November 17th for David SMITH Linux do not have a file command, that belogs to the rest of the OS. Linux is only a kernel than is commonly used with the GNU Operating System, but the name for that system is GNU or GNU/Linux. In advance thanks by your understanding. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksDDTEACgkQZ4DA0TLic4h7rQCePxYym6G2KLhhdiNxCZR3U17S 7YUAnA88xhLNkHO/LsTXLBWsR6Ed9+s2 =Wzjs -END PGP SIGNATURE- 2009/11/17 David SMITH : > On Tue, Nov 17, 2009 at 10:52:29AM -0500, Melikamp The Medley wrote: >> Sorry if you get two of these, I screwed up while subscribing >> to the list. >> >> I have a question relating to the symmetric encryption. If I do >> >> gpg -c foo-file >> >> and enter a passphrase, I get an encrypted foo-file.gpg. >> Is there a way to tell that it is an encrypted file just by >> looking at the contents? I mean, is there a reliable way to >> tell that something is _not_ an encrypted file? > > Depends on what you mean by "reliable"... > > I'm sure if you read RFC-4880, you could work out a byte pattern that > would give a very good indication, for most practical purposes. > > However, it would probably be possible for someone to generate a file > artificially in a deliberate attempt to fool the filetype detection > mechanism. So, it's not "reliable" because it can be fooled > intentionally, but for most likely scenarii (i.e. where people aren't > deliberately trying to fool it), it would work. > > If you're running on UNIX (particularly Linux), look at 'man file'. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 November 17th for gnupg-users@gnupg.org I need GNU PG 2 because i want to get out of the 1024 bits limit and SHA forced for DSA, i want my next key (2010-2012) to be more secure and accept some SHA2. Charly Avital: Please note than Linux is a Kernel mixed commonly with the GNU Operating System, a correct name for that mix is GNU/Linux, but only "Linux" is not correct. In advance thans by your understanding. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksDD4MACgkQZ4DA0TLic4j9sgCbBG1tEGBnJ1aZ2OKt0owqXRYQ jToAnRHmLg0TUxCdKr7LbyZqJCJbTctO =L9WA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Melikamp The Medley wrote: > I mean, is there a reliable way to tell that something is _not_ an > encrypted file? If you mean, "a reliable way to tell that something is not an OpenPGP-encrypted file," then yes: check the OpenPGP header at the beginning of the message. If you mean, "a reliable way to tell that something is not an encrypted file, period," then no, not really. There are a lot of qualifiers on the "no, not really." A lot of Ph.D. theses have been written on this subject: it ties into some really deep areas of theoretical computer science. If you want to learn more about the qualifiers, I'd suggest reading up on algorithmic randomness and Kolmogorov-Chaitin complexity. It won't be easy reading, but speaking personally, I find this stuff fascinating. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
Mario Castelán Castro wrote: > I need GNU PG 2 because i want to get out of the 1024 bits limit and > SHA forced for DSA, i want my next key (2010-2012) to be more secure > and accept some SHA2. GnuPG 1.4.7 or later (? on the precise version #) supports longer DSAs and better hash algorithms. You don't need GnuPG 2.x for that. > Charly Avital: Please note than Linux is a Kernel mixed commonly with > the GNU Operating System, a correct name for that mix is GNU/Linux, > but only "Linux" is not correct. You are free to call it GNU/Linux if you wish. Likewise, Charly is free to just call it "Ubuntu" or "Fedora" or "Linux Mint" or whatever else is clear and unambiguous, depending on what he wishes. Let's not start a holy war over what the One True Name of the operating system is. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mario Castelán Castro escribió: > November 17th for gnupg-users@gnupg.org > > I need GNU PG 2 because i want to get out of the 1024 bits limit and > SHA forced for DSA, i want my next key (2010-2012) to be more secure > and accept some SHA2. You don't need to change to GnuPG 2 for that, GnuPG 1.4.9 (and probably other earlier versions) already supports DSA2 and RSA keys, even if the defaults for new key generation is DSA 1024 /ElGamal 2048. You can enable DSA2 at gpg.conf file, which would allow you to use DSA 2048, or you can chose RSA keys, which can be 1024, 2048 and 4096. GnuPG 1.4.10 already uses RSA 2048 as default for generation of new keys. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJLAxutAAoJEMV4f6PvczxAw54IAJTrqSNePv0VpvoO2H7nTiRa 4Y6MNTmNlU9uT5YsV4VUuSbidwMsLsCBT3fu8u3Mpuen0bwfFiN45g1t2lAmqtiR AmvpaXrVzXQxzqNxkJPkctEX3Nrt93Sd2I9S2RyP+novGo3Nc3oNo/8/c4SZT6H9 W25hKSyefM+c5F2Tcu5k8Cia3up5J/nNJfGeqH6M1Loktlj5KoiqDDUNmqJpNIB6 FMA6D2utuHMPAnbyaFvwbS1lNTSeHghAu2cHclp+2ZdDZpfyHVTU8hzAhhMW/zd/ ibqSPXvaMg3pe1nVV19KjnXa3iDDq995ViAVgV/2utMvzuehXzuOwYSRN07y6EU= =+jpi -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
On Nov 17, 2009, at 4:29 PM, Robert J. Hansen wrote: Mario Castelán Castro wrote: I need GNU PG 2 because i want to get out of the 1024 bits limit and SHA forced for DSA, i want my next key (2010-2012) to be more secure and accept some SHA2. GnuPG 1.4.7 or later (? on the precise version #) supports longer DSAs and better hash algorithms. You don't need GnuPG 2.x for that. 1.4.4, to be precise. That's mid-2006, so it's been supported for a good long time. DSA2 is not, incidentally, the default, which might be the root of the confusion here. You need to run with --enable-dsa2 to get longer DSA keys with larger hash support. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
On Nov 17, 2009, at 12:38 PM, Melikamp T. Medley wrote: Thanks for your answers, David, Timo. A somewhat related question: is there a tool that is designed to produce "undetectable" encryption, i.e. something that is very plausibly random? I gather from your answers that gpg does not do that. That is correct, GPG does not do that. In theory, you could transform GPG output in such a way to make it (plausibly) appear random. The difficulty in practice is that my plausible and someone else's plausible may not match up - and you also would need a plausible reason why you chose to hang on to a bunch of large "random" files on your machine ;) If you did some OpenPGP packet manipulation, you could probably do fairly well here... but you'd have to do some work on the receiving side to re-create a valid OpenPGP message so GPG could decrypt it. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
On Nov 17, 2009, at 3:54 PM, Mario Castelán Castro wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 November 17th for David SMITH Linux do not have a file command, that belogs to the rest of the OS. Linux is only a kernel than is commonly used with the GNU Operating System, but the name for that system is GNU or GNU/Linux. Please stop doing this. Some people call it "GNU/Linux". Some people (the vast majority, at least in the US) call nearly any machine running a Linux kernel "Linux". Some people genuinely don't care. The important thing here is that it's not particularly relevant to the discussion of GnuPG. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [gpgol] bug in GPA during decryption
benoit.an...@orange-ftgroup.com wrote: > Hello, > > have installed Gpg4win 2.0.1 (2009-09-28). Default setup. > am running windows XP SP2 > outlook 2003 -(11.8206.8221) SP3 > > I managed to create the keys and import someelse key. > No pbm sending encrypted email - they are ok at the destination, but > cannot view them in the sent items folder locally (see error in the > capture). You most likely need to add your own key to the list of recipients See --encrypt-to and --default-recipient in the documentation -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Timo Juhani Lindfors wrote: > Melikamp The Medley writes: >> and enter a passphrase, I get an encrypted foo-file.gpg. > > gpg seems to be able to determine the cipher used: > > $ gpg foo-file.gpg > gpg: CAST5 encrypted data When I try this with gpg2 I get the following: gpg2 bunsen_honeydew.jpg.gpg gpg: error reading key: No public key I get the same result with a file encrypted to a public key (as this one was) and with a symmetrically encrypted file. Am I doing something wrong here? Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
Mario Castelán Castro wrote: > November 14th 2009 for gnupg-users@gnupg.org subject "Problem with the > agent, gpg2" > > Hi, I sucefulle compiled and installed GNU PG 2.0.12 but when i do > some operation than requires a password i get a message like the > following. It was never clear to me from the ensuing thread whether or not you had gpg-agent running, if so, what command line options did you use, etc. It's also not clear to me if you installed a pinentry program of any kind. If you still want help with this (as opposed to just using gpg 1 which I think would be a better option) you should probably post some more details about your setup. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trust reference
Susan Stewart wrote: > Greetings, > > I'm filing a bug for my IM client (Gajim) because it currently only > allows sending of encrypted and/or signed presence or messages to > contacts whose keys I trust ultimately (trust level 5). The > documentation at http://gnupg.org/gph/en/manual.html#AEN346 appears out > of date, as it does not mention level 5 (ultimate trust) at all. Not sure what you're requirements are, but if you're looking for reliable encrypted communication you might want to consider a combination of pidgin and pidgin-OTR (http://www.cypherpunks.ca/otr/). It works well, is pretty easy to set up, and has the added benefit of being enabled by default in adium. hth, Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
Mario Castelán Castro wrote: > November 17th for gnupg-users@gnupg.org > > I need GNU PG 2 because i want to get out of the 1024 bits limit and > SHA forced for DSA, i want my next key (2010-2012) to be more secure > and accept some SHA2. GnuPG 2.0 is not needed for DSA > 1024 GnuPG 1.4.x has supported DSA2 for some time, since 1.4.4 (2006-06-25). See "--enable-dsa2" in the manual for more information. > Charly Avital: Please note than Linux is a Kernel mixed commonly with > the GNU Operating System, a correct name for that mix is GNU/Linux, > but only "Linux" is not correct. Ahh, the Naming Controversy Holy War[0]. Some of us oldsters were using "Linux" back when RMS & others were still trying to get the Hurd kernel up, running and into active use[1]. The controversy even has it's own fairly good-sized Wikipedia page[2]. I like the closing remark on the Wikipedia page: Many users and vendors who prefer the name "Linux" point to the inclusion of non-GNU, non-kernel tools such as the Apache HTTP Server, the X Window System or the K Desktop Environment in end-user operating systems based on the Linux kernel. As stated by Jim Gettys, originator of X: "There are lots of people on this bus; I don't hear a clamor of support that GNU is more essential than many of the other components; can't take a wheel away, and end up with a functional vehicle, or an engine, or the seats. I recommend you be happy we have a bus." The distros I use most often are 'Slackware Linux' and 'Red Hat Enterprise Linux', no 'Gnu' there and no amount of fervent pedantry is likely to get it inserted. You are free to call it GNU/Linux if you wish. Likewise, others are free to just call it "Slackware" or "Redhat" or "SuSE" so long as it's clear and unambiguous. No one is likely to get total agreement over "The One True Name™®" of the operating system. See final paragraph of [3]. > In advance thanks by your understanding. And yours ;-) [0] http://www.catb.org/jargon/html/H/holy-wars.html [1] http://en.wikipedia.org/wiki/GNU_Hurd#Development_history [2] http://en.wikipedia.org/wiki/GNU/Linux_naming_controversy [3] http://www.catb.org/jargon/html/L/Linux.html -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Thank you, Robert. OK so I looked it up and I think what I want is called "deniable encryption". I was just hoping that people here would recommend some FOSS tool to deniably encrypt individual files. If there is no such tool, I am just going to write one. The rest of this message describes the kind of "deniable encryption" that I want. The tool should meet these practical goals: (0) FOSS license (1) Can encrypt individual files (3) Can add salt (like a passphrase) (2) Deniable encryption: Given a file A with random data and a ciphertext B (cleartext is unknown), it should be impossible to guess which is which more than half the time. (3) Deniability is robust: Given a file A with random data and a ciphertext B (cleartext is *known*), it should be infeasible to prove with certainty much above 0.5 that B is the ciphertext. This implies that obtaining the passphrase is impractical and actually feels like a much stronger property. I know a bit about information theory, and it seems to me that there is at least one elementary way to encrypt a file in a way that is "undetectable". One can xor the cleartext by a large pad. Decrypting requires the same pad: anything else will produce garbage. Almost every ciphertext looks like random data. The downside is that (partially) knowing the cleartext would allow to reconstruct the pad, and hence other ciphertext constructed with the same pad would be compromised. A more advanced way to achieve the same goal is to take a passphrase and to use it to construct a ciphertext. The hardest part, as far as I understand, is in showing that it is infeasible to reconstruct the passphrase, even when one has cleartext-ciphertext pairs, and that is where the math becomes very useful. But enough of me rambling. Thank you all in advance :) > There are a lot of qualifiers on the "no, not really." A lot of Ph.D. > theses have been written on this subject: it ties into some really deep > areas of theoretical computer science. If you want to learn more about > the qualifiers, I'd suggest reading up on algorithmic randomness and > Kolmogorov-Chaitin complexity. It won't be easy reading, but speaking > personally, I find this stuff fascinating. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Melikamp T. Medley wrote: > OK so I looked it up and I think what I want is called "deniable > encryption". What you've described here isn't deniable encryption, not as I know it to be. This shouldn't be too surprising, given there are tons of things I don't know about. :) > (3) Can add salt (like a passphrase) Salting is something that's done to hash functions. Are you sure you mean that you want to add salt to a cipher? > (2) Deniable encryption: Given a file A with random data and a > ciphertext B (cleartext is unknown), it should be impossible to guess > which is which more than half the time. This will be supported by effectively any modern cipher, especially for small files. If you can distinguish ciphertext from random noise, that's usually considered to be a strong sign the cipher is weak. (Note that I'm talking about modern symmetric ciphers. Asymmetric ciphers may very well be distinguishable. I *think* they are, but I can't summon up a reference now for the life of me -- take this as unsubstantiated speculation.) > (3) Deniability is robust: Given a file A with random data and a > ciphertext B (cleartext is *known*), it should be infeasible to prove > with certainty much above 0.5 that B is the ciphertext. This implies > that obtaining the passphrase is impractical and actually feels like > a much stronger property. See above remarks: this is a fairly basic test for symmetric ciphers. Note that I'm talking only about pure cipher algorithms. Once you add headers, magic numbers and so on -- all of which OpenPGP does, as will many other crypto applications -- then both #s 2 and 3 fail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 November 17th 2009 for gnupg-users@gnupg.org Hi, I suggest to search for steganography, the cience/art of hidding messages. I never used a program than do steganography but search for one, there must be a lot of free (as in freedom) ones. LSB steganography is very easy to implement. Remeber than a lot of (Wath appears to be) random data is incriminatory and you will be forced to say the cipher and key used. Depending of the -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksDXe8ACgkQZ4DA0TLic4gBagCgh8QaOzqX5kpbJtNznIiFD6AL mVwAmgLQprgxQaC/fYNWB7BlfM4tyt/L =XjGI -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 November 17th for gnupg-users@gnupg.org Thanks by the --enable-dsa2 tip. Someone can tellme wath line should i put on my gpg.cong?. BTW I also want to remove sha1 from my key preferences. I understand than the standard requires to support sha1 but i do not want to that. Maybe soon the computing power becomes cheap enougth so sha1 is in the range. PD: I will not loose my time repeating why GNU/Linux should be called "GNU/Linux", it is alredy explained very well in http://www.gnu.org/gnu/gnu-linux-faq.html. Is pointless to discuss with obstinate people who do not admit his mistrakes. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksDVG0ACgkQZ4DA0TLic4hQngCeK4QrWOWsvrvtU1MoK/XfgjgI yrMAn0+rJcKX+5U2vwX43qwTezGP9AlC =HWeP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
* Mario Castelán Castro wrote: > I need GNU PG 2 because i want to get out of the 1024 bits limit > and SHA forced for DSA, i want my next key (2010-2012) to be more > secure and accept some SHA2. You don't need gpg2 for that. -- left blank, right bald pgpdWVrO5XZaK.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with the agent, gpg2
Mario Castelán Castro wrote: > Thanks by the --enable-dsa2 tip. > > Someone can tellme wath line should i put on my gpg.cong?. enable-dsa2 > BTW I also want to remove sha1 from my key preferences. Can't be done. The OpenPGP standard requires that it be present. Even if you explicitly remove it, any OpenPGP-conformant application will silently add it to the end of your preference list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
digital signature primary key and encryption subkey
Hi list, one lame confusion I'm facing now. I was reading GnuPG's "Signing Subkey Cross-Certification" page [1], and as a matter of fact, these two simple doubts did arise. Suppose one provides the command: gpg --gen-key and chooses the default "DSA and Elgamal" option. 1st doubt: DSA will be the basis for the primary key and Elgamal, the basis for the encryption subkey, is this assertion correct? if so, 2nd doubt is: both my public and private keys will be built upon my DSA primary key and my Elgamal encryption subkey? That's all. Regards, Marcio Barbado, Jr. [1] http://www.gnupg.org/faq/subkey-cross-certify.en.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: digital signature primary key and encryption subkey
On Nov 17, 2009, at 10:00 PM, M.B.Jr. wrote: Hi list, one lame confusion I'm facing now. I was reading GnuPG's "Signing Subkey Cross-Certification" page [1], and as a matter of fact, these two simple doubts did arise. Suppose one provides the command: gpg --gen-key and chooses the default "DSA and Elgamal" option. Note that the default is "RSA and RSA" now, but "DSA and Elgamal" are still available. 1st doubt: DSA will be the basis for the primary key and Elgamal, the basis for the encryption subkey, is this assertion correct? Yes. if so, 2nd doubt is: both my public and private keys will be built upon my DSA primary key and my Elgamal encryption subkey? I'm afraid I don't really understand what you are asking. Your primary key (DSA) has a public and private part, and uses the DSA algorithm. Your subkey (Elgamal) has a public and private part, and uses the Elgamal algorithm. Your subkey is signed by your primary key to indicate that they belong together. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
