Re: small security glitches
On 03/03/12 01:25, brian m. carlson wrote: > It is not true that encryption amounts to XORing the message text > against the secret key. > [snip] > Also, CFB mode, what is XORed is the output of a block cipher > encryption of the previous ciphertext. And the paper exploits exactly this fact by interleaving original ciphertext and chosen ciphertext so they can XOR to get the original keystream for a block of original ciphertext. The paper is only 12 pages, so if the summaries Post Cartner or Tom McCune give are unclear, it won't take forever to read the actual paper to clear it up. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: small security glitches
On Fri, 2 Mar 2012 08:50, d...@fifthhorseman.net said: > I believe that GnuPG had its own implementation of such an integrity > check before the standardization was settled. Right, since version 1.0.2 (2000-07-12). With version 1.1,91 (2002-08-04) gpg even defaults to MDC packets if one of the modern algorithms is used (e.g. AES of Twofish). PGP is able to decrypt and check MDC packages since PGP 7. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
On Fri, 2 Mar 2012 10:49, must...@mustrum.net said: > Can I use my openPGP smartcard to decrypt a file with a empty keyring ? No. Public OpenPGP keys are often pretty lare and would not fit on the card. Thus we decided not to do it at all. My usually advise is to put an URL to the public key into the URL field and then use the fetch sub command of the --card-edit menu to retrieve the key. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems loading an authentication key from a USB Crypto-Stick
On Sun, Feb 26, 2012 at 11:50 AM, Todd A. Jacobs wrote: > > # Prompts twice for password to clearsign. > echo foo | gpg --clearsign; echo foo | gpg --clearsign > > So, the keychain problem seems to be resolved, in that gpg-agent is now > reading the SSH authentication key off the CryptoStick and handing it off > to ssh-agent, but gpg-agent is still not caching passphrases for signing > activities, which seems rather critical to its usefulness. :) > This problem was actually being caused by settings on the smartcard itself. The "Signature PIN" of a new CryptoStick (and the OpenPGP smartcards in general) seems to default to a forced PIN entry on signing, which prevents the gpg-agent from cached authentication of signature tasks. So, to fix this: gpg2 --card-edit -> admin -> forcesig and then make sure that: gpg2 --card-status | egrep '^Signature PIN.*not forced$' is true. Hope that helps someone else out, too! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
Am Samstag, 3. März 2012, 22:14:12 schrieb Werner Koch: > No. Public OpenPGP keys are often pretty lare and would not fit on the > card. Thus we decided not to do it at all. But it the public key technically necessary to decrypt data? I checked what happens if the public key is unavailable (but the secret key in its keyring). The secret key is listed but gpg aborts when decrypting, complaining about the missing public key. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
On Sat, Mar 3, 2012 at 4:23 PM, Hauke Laging wrote: > But it the public key technically necessary to decrypt data? I checked what > I *think* this is either because the key lookup is happening on the public key first, before checking for the matching secret key, or because the stubs aren't being created right in the keyrings. I am having a similar problem with signing, even though I've explicitly imported my public key into the public keyring (using --import, rather than --edit-card), and have the secret key on a cryptostick. If you figure out what's going on, it will probably help me, too. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
On Sat, Mar 3, 2012 at 4:14 PM, Werner Koch wrote: > My usually advise is to put an URL to the public key into the URL field > and then use the fetch sub command of the --card-edit menu to retrieve > the key. > Should it be necessary to use the card-edit menu? I tried something similar, realized I needed the public key, but didn't get any success importing the public key from the command-line and then trying to use the card: I still get a kind of key not found error (I don't have the exact error in front of me at the moment). So, it seems like the key needs to be fetched from card-edit in order to create the right smartcard stubs. Is that right? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
Am Sonntag, 4. März 2012, 00:20:11 schrieb Todd A. Jacobs: > into the public keyring (using --import, rather than --edit-card), IIRC you need both: First import the public key, then make the existence of the secret key on the card known by --card-status. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 03/03/2012 22:14, Werner Koch a écrit : > No. Public OpenPGP keys are often pretty lare and would not fit on the card. Thus we decided not to do it at all. My usually advise is to put an URL to the public key into the URL field and then use the fetch sub command of the --card-edit menu to retrieve the key. Shalom-Salam, Werner Can't we recreate/guess the public part from the private part, at least from off-card keys ? I noticed that importing a private key from en export also create the public one. (Unless the public key is always embeded in the secret export) Regards -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJPUq8jAAoJEEy6/YZf1YOeUgYP/jbMwA2gOE106Ty4dd/dgIwB wzT7k7bZN00GS+4akrBWxUsbnVqpSwr8Iv4faDIR++1uaj+daa1hH4yoI11Uv7gH Ue/LV8ZeB2+UrLbMeXgdrNLF2B5UVDFsSdf5plpml8apzR0riouvhVcno/S0tmSA WjgPzYiDIUhqLFsdLuBWFoDcTUkiu9UOwW0goJy47HhaxVaktnKqCFZqerxbo3Lb tO207hSsUB1Hkm0krLf6+tlDeOJCb1BmhBWxG9X7vMBF2ungUA2JnHbtmNW0QSI7 fFmjyJwD0VFBPtv6fpLEANl0OEjkf79V0WqJK91ffsvByx6RwJ+ghluBk2Q6n6Wj lKq9kjn6QVS2Jhb4ZHTCTvfS7KpWmzsAyF09MqFaO+ifzUi9aPmK2il1gkkuOEGP QYLY8j4T9ntgku/fjnyZ5VtofC0n4UzVpZbBC4KW7FSjsbasLyHz4VcWXWmWz6+A XHsDe/uOiKJU7IEbnKycnZrdPgFJ2QFufZqQ6XoQRHJt/UJjC1L2rDkbG5q72QWA myFaASZkhTQSYnr9o5Ex7NiQKq1mLG6WOrwgn82c2SegOh1j71sxHwrd3OhhCQZm dyR1H7+y5p0kYruZAqAC4uV/elXies0KMuo3o5x5YUGRpjkGdu0fRg/GR6OtH+U4 wTKjNNULopXqrybhBaL5 =4ORW -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using Smartcards without it's public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 04/03/2012 00:20, Todd A. Jacobs a écrit : > I *think* this is either because the key lookup is happening on the public key first, before checking for the matching secret key, or because the stubs aren't being created right in the keyrings. I am having a similar problem with signing, even though I've explicitly imported my public key into the public keyring (using --import, rather than --edit-card), and have the secret key on a cryptostick. To be able to use the private keys from a card, you have to get the "stub" on your key ring. First import the public keys (all of them if you use many subkey) Then use --card-status to get the private stubs, I don't know if --card-edit 'll do the trick. Always worked form my cryptostick. Regards -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJPUrDjAAoJEEy6/YZf1YOeMwsP/1yBCD3pwnMHbTNSPnasQFSk vUiXTFRYPps2EEi8FThF0WrAEERqj+hDCeO5rKsezqMbKzlOatjApBFwbfAPV1nY +pv32Ft+Gzlmbw0MO/XCGJFrn3jgZ8tNZJTCverhRvl2q70UWpnZOB4tlaEqXReT 8mfISbiXIJhZ47ceH2VykBeFGZXGRG1bGhrZinQPdMQr7DbomkUJE0N93SqFsY7y fCqhmAAP8a9nnYStRUsnaZFuXHBe5YLs7bqEMzL+YzIRHWWLlOfKLtI5eaIYRI/b O/tZEJH3sELiUgLH47o7ZQ8k1oa1SAfB+hi8DBJu3vhjOvxpl87tQsIaHG/MgCQZ E8AJlqEIYhMloUoQ3Ggjt8/uyEfeBt0hKisZN/ZmO5aatzR6hY/8wSDy/SEHe3lz 1EUrLNzBES/iHB2wGwYorRW80CsHKbDiwlWzRfVwpytWoTYl9Z3Nr66Q2aROiw/P ODcYiPVLXZUNi/UlxBjZbjr02uue00bWBFR+pQ39fDoGvQB4AZ/Xhg0reEjQCJaa jX6P6aTFyqtJPUhyHex8qYhjJIDn0mpxPC9lyEfPezojgTZnhNP4QmE4kyE+6gta XeXXOCTxB5oy56TcSSvv1yTVSgDAkYqOvnn3X6e0jYx8MchQYOeC4GAJCjxR5rX1 oFzAR5bVB5QNBygLdex4 =e43s -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
