Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On Wednesday 12 November 2014 at 21:55:10, Nicholas Cole wrote: > The --with-colons > --command-fd --status-fd interface has been remarkably stable. True, Werner went a long way to keep it stable. > The stability and utility of this interface is one of my favourite > aspects of the gnupg project, and I really admire Werner for his work > here. Still it is a bit of a pain to keep it this way and a better interface is called for anyway, because this has limitations to build good interface. This is whey we have gpgme for more than 10 years, Werner also did a very good job there. Gpgme needs to get more popular, probably improved along the way, but it also would help to make the crypto-experience with GnuPG a lot better for developers and users alike. -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnome-keyring problem section in the wiki (Re: gnupg privicy assistant - card manager.)
On Monday 01 September 2014 at 08:37:45, Werner Koch wrote: > On Sun, 31 Aug 2014 16:00, paul.le...@quadensemble.com said: > > I'd like to use the card manager function, but whenever I invoke it the > > application returns the error "Error accessing the card", and the > > status bar reports "Checking for card .. " > > I have actually thank you for raising this issue: > > gnome-keyring-daemon[5531]: unrecognized command: SCD > > The problem is that the gnome-keyring-dameon hijacks the inter process > communication (IPC) between gpg and gpg-agent. It implements a very > limited set of commands of gpg-agent but nothing more. Recent versions > of GnuPG detect this and show a warning message or pop-up to tell you > just this. Because I ran into the issue analysing why an gpgsm installation on Ubuntu did not work, I think this warrants a section in the wiki: http://wiki.gnupg.org/PlatformNotes If would be nice if you (all) could help me and GnuPG and look up the problem reports within Ubuntu or Gnome and linke them from there. > Depending on the version of gnome-keyring-daemon, it is possible to > disable the gpg-agent hijacking component. Unfortunately it is hard to > convince the maintainer to disable this mis-features. > > > Otherwise if I run gpg --card-status with a card in the USB card reader > > I get the following: > > You are using gpg 1.4.x which can directly talk to the card. However, > latest card features are not supported by 1.4 but only by GnuPG 2.x. > > See the mail thread starting with this mail for details: > > http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/028689.html > > > I presume, the system is misconfigured is some way. Any one got any > > suggestions? > > You may want to bring this to the attention of your Linux distribution. > The solution could be easy: The gpg-agent component needs to be disabled > when build gnome-keyring-daemon: > > ./configure --disable-gpg-agent > > > Shalom-Salam, > >Werner -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On Thu, 13 Nov 2014 10:08, bernh...@intevation.de said: > job there. Gpgme needs to get more popular, probably improved along the way, > but it also would help to make the crypto-experience with GnuPG a lot better > for developers and users alike. Actually I see 88 Debian projects depending on libgpgme11. A good step forwad would be the integration of lnaguage bindings into the gpgme package. That should make it easier to use it from languages other than C, C++ (, and CL). However, someone needs to feel reponsible for such a language binding and try to keep it up to date. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On Thursday 13 November 2014 at 11:54:57, Werner Koch wrote: > A good step forwad would be the integration of lnaguage bindings into > the gpgme package. That should make it easier to use it from languages > other than C, C++ (, and CL). Because of possible dependencies, they should end up in different Debian packages. You are talking the source package I guess? http://wiki.gnupg.org/APIs starts to have an overview about language bindings, help appreciated to complete and maintain the list and possible links to tutorials. > However, someone needs to feel reponsible > for such a language binding and try to keep it up to date. Pyme has a debian package. pygpgme has an Ubuntu package. And there are more. Mostly we need more packagers. :) Bernhard -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
A good step forward would be the integration of language bindings into the gpgme package. Not to beat a broken drum, but making it easier to use GPGME from a Microsoft environment would also be nice. MSVC++ needs a .lib file for each DLL you're going to link against, and GPGME/Win32 doesn't ship with one. Although workarounds exist (making your own .lib file, dynamically opening the DLL, etc.), it would be nice if GPGME could be released with a .lib file. I'm not particularly keen on Microsoft environments for a lot of reasons. However, they do have 85%-90% marketshare. If our goal is ideological purity, MS should be avoided; if our goal is to provide privacy tools to the most people possible, we need to consider MS environments to be a high priority. That should make it easier to use it from languages other than C, C++ (, and CL). However, someone needs to feel responsible for such a language binding and try to keep it up to date. Given the announcement yesterday from MS about how they're opening up the .NET server stack, I think we might see a resurgence of C# in the UNIX space. I have to say, it'd be really nice to see C# bindings for GPGME. There's already one set of them, gpgme-sharp, but I believe they're unmaintained. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detached signature ambiguity
On Fri, 7 Nov 2014 22:21, si...@sinic.name said: > I've attached an exemplary signature file (named gnupg-2.1.0.tar.bz2.sig > for your convenience) that demonstrates the problem: Thanks that was useful for testsing. What I did is: commit 69384568f66a48eff3968bb1714aa13925580e9f (HEAD, refs/heads/wk-master) Author: Werner Koch Date: Thu Nov 13 17:39:31 2014 +0100 gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch Now waiting which tools or scripts will break. I checked a few (including dpkg) and they do the Right Thing. Shall this be ported to 2.0 and 1.4 and fixes released? I guess yes. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On Thu, 13 Nov 2014 16:02, r...@sixdemonbag.org said:
> Not to beat a broken drum, but making it easier to use GPGME from a
> Microsoft environment would also be nice. MSVC++ needs a .lib file for
> each DLL you're going to link against, and GPGME/Win32 doesn't ship with
Looking at the Gpg4win source I see
SetOutPath "$INSTDIR\lib"
File /oname=libgpgme.imp "${prefix}/lib/libgpgme.dll.a"
File /oname=libgpgme-glib.imp "${prefix}/lib/libgpgme-glib.dll.a"
which means that an import file for the DLL is installed. No library
for static linking but a DLL is anyway better. Actually I added this on
your request:
commit c5404abb7cc8c284c2a8184a529fb0fdb82d8b50
Author: Werner Koch
Date: Wed Dec 5 10:18:43 2012 +0100
Install development files for the GnuPG related libraries.
* src/inst-gpgme.nsi: Install gpgme import lib and header file,
* src/inst-libassuan.nsi: Likewise.
* src/inst-libgcrypt.nsi: Likewise.
* src/inst-libgpg-error.nsi: Likewise.
* src/inst-libksba.nsi: Likewise.
* src/uninst-gpg4win.nsi: Remove the new files.
* src/uninst-gpgme.nsi: Ditto.
* src/uninst-libassuan.nsi: Ditto.
* src/uninst-libgcrypt.nsi: Ditto.
* src/uninst-libgpg-error.nsi: Ditto.
* src/uninst-libksba.nsi: Ditto.
> ideological purity, MS should be avoided; if our goal is to provide
> privacy tools to the most people possible, we need to consider MS
> environments to be a high priority.
It is and that is why I consider to separate GnuPG proper from Gpg4win
and provide a core installer with just the core. This has not yet
happened because building a side-by-side assembly needs some more
experimenting or help.
The next installer for 2.1 should fix the major flaws from the first try
and be usable. I will add the dev file too. However, it still carries
the Pinentry and GPA which should be removed from the core installer.
Di you want to test a beta installer?
> Given the announcement yesterday from MS about how they're opening up
> the .NET server stack, I think we might see a resurgence of C# in the
> UNIX space. I have to say, it'd be really nice to see C# bindings for
> GPGME. There's already one set of them, gpgme-sharp, but I believe
> they're unmaintained.
Any volunteer to maintain one?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detached signature ambiguity
On 11/13/2014 07:01 AM, Werner Koch wrote: > gpg: Make the use of "--verify FILE" for detached sigs harder. thanks for doing this, Werner. > Now waiting which tools or scripts will break. I checked a few > (including dpkg) and they do the Right Thing. i'm glad to hear this. > Shall this be ported to 2.0 and 1.4 and fixes released? I guess yes. yes, please. This is an important security hardening, and it shouldn't depend on which branch people are using. If people have tools that break because of this change, those tools were probably vulnerable to even worse breakage (silent breakage where things they thought were validated weren't actually validated), so this is a valuable fix, even if there's short-term difficulty. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detached signature ambiguity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/13/14 9:22 AM, Daniel Kahn Gillmor wrote: | On 11/13/2014 07:01 AM, Werner Koch wrote: |> gpg: Make the use of "--verify FILE" for detached sigs harder. | | thanks for doing this, Werner. | |> Now waiting which tools or scripts will break. I checked a few |> (including dpkg) and they do the Right Thing. | | i'm glad to hear this. | |> Shall this be ported to 2.0 and 1.4 and fixes released? I guess |> yes. | | yes, please. This is an important security hardening, and it | shouldn't depend on which branch people are using. | | If people have tools that break because of this change, those tools | were probably vulnerable to even worse breakage (silent breakage | where things they thought were validated weren't actually | validated), so this is a valuable fix, even if there's short-term | difficulty. +1 to all of dkg's points. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUZQOdAAoJEFzGhvEaGryE8csIAILZzFlDXwELtfN7OHUXLqTZ 5H6Zzebx5c+DcxsF/7Yks/jzPUQ+AnMCWE52DEuRSQTPTRAhTei+sWueNlF2b/1h Yh6WwfLONtoX+Axk7crgjGkHANJaLN/tb7EllNxUsTOtHK84T7k2X5wf8acmgW0a L0C9pXQ/piK7XZCMB0wuqcjaShdorD0GRUne+5h5+p3KHP4eb8qSYfORdL10l/lk fu3/4ARGqIf1rIIEFQc2OP5KX+ElD3K84SX1ff915S07bdPlTnYTKZUWxmqROgOw UP96HjHdSwVXmo50hizozzfHj4S59tq1ttmes0YUe3E+eDhieg7/wqTqEm5Xwi4= =dT7B -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg4usb: Portable GUI for GnuPG
Please consider adding gpg4usb to the GnuPG website. https://www.gnupg.org/related_software/frontends.html >gpg4usb is a very easy to use and small portable editor to encrypt and >decrypt any text-message or -file you want. >Our aim is, to give anyone the possibility to send and receive secure >encrypted messages anywhere - on any computer out there, no matter if >Microsoft Windows(TM) or Linux is running on it. Therefore it's usage is >self-describing, and the user-interface as simple as possible. >gpg4usb is free software, and it is licensed under the GNU General Public >License (GPL). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg4usb: Portable GUI for GnuPG
gpg4usb is a very easy to use and small portable editor to encrypt and decrypt any text-message or -file you want. I mean no offense, but this seems like a really bad idea. Putting it on CD-ROM might be a pretty cool idea, but USB is just ... scary. According to Vint Cerf, roughly one in five desktop PCs is already pwned by malware. Plug your USB token into three different computers and you've got 50/50 odds of your crypto hardware being plugged into a machine that's under the control of a malicious adversary who wants to use your USB token as an infection vector. Our aim is, to give anyone the possibility to send and receive secure encrypted messages anywhere - on any computer out there, no matter if Microsoft Windows(TM) or Linux is running on it. Therefore it's usage is self-describing, and the user-interface as simple as possible. It's a great goal, but the way you're going about it makes me shiver. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help needed
Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. But I get the following error when signing my mail: "Key 0xAAd8C47D not found or not valid. The (sub-)key might have expired." The key is visible in Enigmail Kgpg Kleopatra GPA I'm not able to edit my key I can't enter my passphrase. Any help to resolve this issue gratefully appreciated. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
Am Do 13.11.2014, 22:33:31 schrieb da...@gbenet.com: > I exported my keys to a USB stick. Then I copied my .gnupg to a new > Linux laptop. Then I imported my keys. I thought that I would be > fine. It is unclear to me what exactly you are talking about. The terms "export" and "import" usually refer to the commands gpg --export[...] gpg --import But it also sounds like you have copied the whole directory ~/.gnupg/ If you have copied the directory then maybe the file permissions have not been preserved. Check whether secring.gpg has 600. And delete the file random_seed. If you have exported and imported instead then you are missing the trust database. You should either copy trustdb.gpg or export and import this data, too: gpg --export-ownertrust gpg --import-ownertrust Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On 11/13/2014 12:17 PM, Werner Koch wrote: > Did you want to test a beta installer? Sure, I'm up for that. > Any volunteer to maintain one? Can't. I'm a forensics researcher who's received some USG funding; in the eyes of a lot of people, especially post-Dual_EC_DRBG, I'd be suspect. It's best for the overall trustworthiness of GnuPG if I stay away from development tasks. I wish it was otherwise, but ... there you have it. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 13/11/14 22:42, Hauke Laging wrote: > Am Do 13.11.2014, 22:33:31 schrieb da...@gbenet.com: > >> I exported my keys to a USB stick. Then I copied my .gnupg to a new >> Linux laptop. Then I imported my keys. I thought that I would be >> fine. > > It is unclear to me what exactly you are talking about. > > The terms "export" and "import" usually refer to the commands > gpg --export[...] > gpg --import > > But it also sounds like you have copied the whole directory ~/.gnupg/ > > > If you have copied the directory then maybe the file permissions have > not been preserved. Check whether secring.gpg has 600. And delete the > file random_seed. > > If you have exported and imported instead then you are missing the trust > database. You should either copy trustdb.gpg or export and import this > data, too: > > gpg --export-ownertrust > gpg --import-ownertrust > > > Hauke > Hauke I have my trustdb.gpg And I still get the same error message. Perhaps the correct question to ask is: "How do I transfer ALL files in my .gnupg onto another Linux laptop so that ALL functions work as before - i.e it works the same on both machines. I hope that is within the bounds of your understanding. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 13/11/14 22:42, Doug Barton wrote: > On 11/13/14 2:33 PM, da...@gbenet.com wrote: >> Hi All, >> >> Background: >> >> I exported my keys to a USB stick. Then I copied my .gnupg to a new >> Linux laptop. Then I imported my keys. I thought that I would be >> fine. > > Why did you perform the second step? Just copy ~/.gnupg to the new system, > delete > random_seed, and you're done. > > Doug > Doug, I just did that - and I get the same error message. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 11/13/14 3:59 PM, da...@gbenet.com wrote: On 13/11/14 22:42, Doug Barton wrote: On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug Doug, I just did that - and I get the same error message. Did you fix the permissions on the ~/.gnupg directory to be 0700? What happens when you do 'gpg --list-keys' at the command line? BTW, please stop attaching your key to your posts. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 00:55, Doug Barton wrote: > On 11/13/14 3:59 PM, da...@gbenet.com wrote: >> On 13/11/14 22:42, Doug Barton wrote: >>> On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. >>> >>> Why did you perform the second step? Just copy ~/.gnupg to the new system, >>> delete >>> random_seed, and you're done. >>> >>> Doug >>> >> >> Doug, >> >> I just did that - and I get the same error message. > > Did you fix the permissions on the ~/.gnupg directory to be 0700? What > happens when you do > 'gpg --list-keys' at the command line? > > BTW, please stop attaching your key to your posts. :) > > Doug > > > Doug, Permissions: View content: Only owner Change content: Only owner Access control: Only owner When I do gpg --list-keys: pub 4096R/AAD8C47D 2014-08-17 uid postmaster (There's always light at the end of the tunnel) sub 4096R/FDDA1EF2 2014-08-17 gpg list all keys 198 of them David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fermi estimates
A while ago Hauke asked if the statement in the FAQ about a brute-forcer leaving the Earth uninhabitable was correct. I said it was, but I didn't break out the math. Now that I have a few minutes to breathe, here's the full answer. It's a Fermi estimate, which means it's not going to be perfectly accurate. It's going to be in the ballpark, but more than that isn't guaranteed. The Landauer bound: you can't flip a bit using less than 10**-29 joules of energy. The Margolus-Levitin theorem: at 10**-29 joules of energy, you can't make it flip faster than 10**-5 seconds. Let's estimate the bitflips needed to check a key at a cool one million. That covers loading the new key, populating key schedules, doing a trial decryption, the whole nine yards. 10**6 operations per key. Let's also say your computer can flip 100 bits at a time (10**2). 10**6 bits per key, processed 10**2 at a time, means a total elapsed time of (10**6 / 10 **2 = 10**4 bitflips per thread, multiplied by 10**-5 seconds per bitflip, equals 10**-1 seconds) a tenth of a second per key. Now, before you say "but my computer's much faster than that!", your computer also isn't running on less power than you generate by scuffing your feet on the carpet. We'll be exploring faster computers in a bit. Breaking a 128-bit cipher by brute force requires about 10**38 key attempts. 10**38 attempts times 10**-1 seconds per attempt equals ... uh ... a lot of seconds. 10**37. A year is more or less 10**7 seconds, so 10**30 years. The universe is about 10 billion years old, or 10**13 years, so ... our brute-force key cracker takes 10**17 times longer than the age of the universe in order to brute-force a 128-bit key. Clearly, we need to speed things up a bit. We need to upgrade from a carpet-scuffing system to two hamsters running on a treadmill. Unfortunately, that's only a few thousandfold power improvement, so we're going to have to give the hamsters amphetamines to get them the rest of the way. Now, with 10**30 times the power input (these are some *good* amphetamines), our brute-forcer will be finished in a single year. 10**38 attempts at 10**6 bitflips per attempt equals 10**44 bitflips total. At carpet-scuffing power, that's about 10**15 joules of energy, or about a single one-megaton nuclear bomb. Admittedly, that energy gets released over 10**13 times the age of the universe, so that's not a big problem. But to make our brute-forcer 10**30 times faster (so it can run in one year), our brute-forcer also has to release 10**30 times as much heat. I'm not an astrophysicist, but that's the kind of energy levels one normally associates with phrases like "perturb the false vacuum" and "unmake the universe at the speed of light." Look at the time, I must be going. Also: I'm hiring for a minion. (Lackey, lickspittle, graduate student. Call it what you like.) The pay is almost nothing, but somebody's got to clean the hamster cage while I'm gone. I'm moving to the nearest convenient parallel dimension. It's getting weird and dangerous around here... smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fermi estimates
Whoops! > so 10**30 years. The universe is about 10 billion years old, or > 10**13 years, so ... our brute-force key cracker takes 10**17 times > longer than the age of the universe in order to brute-force a 128-bit > key. 10 billion is 10**10, so it takes 10**20 times the age of the universe. But at some point, who's counting? > Admittedly, that energy gets released over 10**13 times the age of > the universe... 10**20. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 00:55, Doug Barton wrote: > On 11/13/14 3:59 PM, da...@gbenet.com wrote: >> On 13/11/14 22:42, Doug Barton wrote: >>> On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. >>> >>> Why did you perform the second step? Just copy ~/.gnupg to the new system, >>> delete >>> random_seed, and you're done. >>> >>> Doug >>> >> >> Doug, >> >> I just did that - and I get the same error message. > > Did you fix the permissions on the ~/.gnupg directory to be 0700? What > happens when you do > 'gpg --list-keys' at the command line? > > BTW, please stop attaching your key to your posts. :) > > Doug > > > Doug, Even when I use a backup programme and restore I still get the same error message. So no-one has ever copied their .gnupg folder to another laptop. No one has ever done this with any success. You have all failed. Clearly there's something wrong with gnupg that does not like being backed up copied whatever. If it were another programme say Thunderbird no one would use Thunderbird. They would say Thunderbird was crap. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
Hi David-- You sound frustrated. hopefully we can help you figure things out. Some of the details of what's happened on your machine(s) sound unclear to me, and we'll be able to help you better with more precise information. On 11/13/2014 04:31 PM, da...@gbenet.com wrote: > Even when I use a backup programme and restore I still get the same error > message. What backup program did you use? What version of gnupg were you using on your old computer? what platform was your old machine? what platform is your new machine? If you feel comfortable sharing any of this information, i'd be curious to see the outcome (on both old and new machines) of any of the following series of commands: uname -a ls -la ~/.gnupg gpg --version gpg --list-secret-keys 0xAAD8C47D echo test | gpg --clearsign -u 0xAAD8C47D If it looks like this information is too sensitive to post to the list, but you feel ok sending it to me privately, you're welcome to send it to me privately (my OpenPGP fingerprint is at the bottom of this mail if you wish to encrypt it). > So no-one > has ever copied their .gnupg folder to another laptop. No one has ever done > this with any > success. I can say based on personal experience that this is not the case. I have done several such transfers, for myself and for other people. > You have all failed. Clearly there's something wrong with gnupg that does not > like > being backed up copied whatever. If it were another programme say Thunderbird > no one would > use Thunderbird. They would say Thunderbird was crap. I'm going to treat this paragraph as you expressing your frustration, instead of reading it as an attack on the developers of GnuPG. Other people might read it differently, and may find it demotivating in terms of helping you with your current situation. Please remember that there are human beings on the other side of your e-mail, people who are remarkably committed to helping others, but who also have their own feelings. Regards, --dkg OpenPGP Fingerprint: 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.1.0 Merging secret key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, >My guess would be the option "--try-secret-key name" where "name" might be the >subkey's new ID followed by an exclamation mark. Nope I got the error "no secret key available". I'm wondering : what is the planned usage for that feature ? -BEGIN PGP SIGNATURE- iJ4EARMKAAYFAlRlDdgACgkQduVShR3cXu8gzgH+M0ZxuU6D8NfotRxW+D0PFdP3 zn34TNeuRiRfgYTL0bScZ1YrvYaJM0nW8ULWMnoK/i8NvXLBJ2s9xrEhyfyFZQIA p8LbtduQ9eO/x24LHNs5hYeP2uRP8zqdIkr/MYxO2Ux2MjLXi2joeV2UZWygTLpl h3ejCQwBC8RQ1Ht9Pi8vRA== =VolJ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
