Re: [openpgp] Unuploadable Keys

2015-07-22 Thread Daniel Kahn Gillmor 
On Tue 2015-07-21 23:36:45 +0200, ved...@nym.hush.com wrote:
> There could be a workaround, where the key is uploaded to the keyservers,
> but functionally unusable except to individuals whom the key-creator wants to 
> use it:
>
> [1] Encrypt part of the public key symmetrically, the same way that the 
> private key is symmetrically encrypted.
>
> [2] Send the passphrase to whomever you want to send the public key, 
> encrypted to their public key.
>
> [3] Upload the key to keyservers.  It will be usable only by those whom you 
> choose to give the passphrase.
>
> (* Unless*  you misjudged someone to whom you sent the passphrase, and he 
> turns maliciously on you, and uploads the decrypted form  )
>
> If such a key-type were implemented, would it need a change in 4880, other 
> than a notice to allow it?

if we were to have a cryptographically-validating keyserver, there's no
way that the certificate could be verified.

I'm not clear what the use case for this is. people who "want their
public key to be not-public" probably actually care more about:

 * avoiding publication of their User ID, and

 * avoiding publication of a persistent identifier that can link
   communications together

both of these things would probably fail if the key (even obscured) was
published to the public key servers.

I don't see how this proposal solves the identified concern (though it's
possible that i'm misunderstanding the identified concern).

  --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

no valid user IDs after changing key expiration time

2015-07-22 Thread flapflap 
Hi list,

I have a key for some years which did not have an expiration time.  Now,
I finally want to change this and changed the expiration time (via
--edit-key then expire, save).

To test if everything is now working as it should, I exported the keys
(--export, --export-secret-keys), deleted the key from my keyring
(--delete-secret-keys, --delete-keys).

Afterwards, I imported my public key and the output is fine.
But when I import the secret key gpg says:

gpg: key $MYKEY: secret key imported
gpg: key $MYKEY: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:   w/o user IDs: 1
gpg:   secret keys read: 1
gpg:   secret keys imported: 1

So, it says "no valid user IDs".

However, --list-keys and --list-secret-keys both show my UIDs.

Should I be worried by the warning or is this normal behaviour?

(GnuPG version is 2.0.25 and libgcrypt is 1.5.0)

Thanks in advance,
~flapflap

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1

2015-07-22 Thread Werner Koch 
On Tue, 21 Jul 2015 19:31, r...@sixdemonbag.org said:

> Right now, I wouldn't recommend ECC for production use.  We're still
> getting the kinks worked out of it, and it isn't beyond the realm of
> possibility to think we might see significant changes by GnuPG 2.2.

Nope, you won't see changes here - at least not for the standard NIST or
Brainpool curves.  The problem with ECC is that the software supporting
ECC is not not yet widely deployed and thus people either can't verify
your messages or not send you encrypted messages.  This is also the
reason why ECC requires the --expert option.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: no valid user IDs after changing key expiration time

2015-07-22 Thread Ludwig Hügelschäfer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 22.07.15 16:36, flapflap wrote:

> Should I be worried by the warning or is this normal behaviour?

You should set ultimate ownertrust on your own key after
(re-)importing. Then it will become valid again.

Ludwig

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJVr62DAAoJEDrb+m0Aoeb+SEgP/1PwV9FXKBD+J6tWPcmJFWXl
dQU5swWU4TsZgqPRdfspalexjDWUlntO5a+TQzVuF6eCLSuu7XaqMCMQ02cmgUXM
SkOAWi+IKJhqDbWJhfX/7XiN5EpQOu7fcIXujNBGaPPbr4k3cga2/DTghhlcQx8F
Lqo/fvttrWGSaeJYjv82KFx65Oauf6wyjaalxygr2IMRtUV17g9zmZJr/Xgo8Rbu
NPx9a+GnnpgNyT6N0fAPE6PjGQKX/T/dk5nLF4k6wwQEHmRKVNdOyqrkARAOtH8S
4h9cie8YqPOB1UfrXhQENX2xnkMfu/VRm67Of12Gx6ACrO/VMY83zK+vbmF+DMxb
OddRLi/aK4CeZGgr7mn0/eYShOx8B47o3eUKhbJUPhXOz2iARSRB6uAKbz2wqjo1
PUgZyR86lNpeKYOscFMSiF+/aqT5fZgBEhdoLfK/zi2VYR1Jlpgf2Ps3E8kJwlS/
uqb4xzSkjNJqlQOW8nkE3GTK3I695s2uxG0IkDfj9ekM9n+yDV5gnXP9WDJY6nc6
SD96abtNeZVCEcry0m/LWnRUnE9dqm3t7sMxAodMJVbd68/SRpkcSwadoKKpzpfp
F3uPJKj26HBZtsJzcoZYNKqinJDYm7rw8h8n9HXXFKc9W2kFK4QJmdSoxp0VmxnN
6HlI9gD9sEcfkT8Ds+Fq
=XoBt
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: no valid user IDs after changing key expiration time

2015-07-22 Thread flapflap 
Ludwig Hügelschäfer:
> On 22.07.15 16:36, flapflap wrote:
> 
>> Should I be worried by the warning or is this normal behaviour?
> 
> You should set ultimate ownertrust on your own key after
> (re-)importing. Then it will become valid again.

My key still looked/looks valid, even without changing the ownertrust
(in that case its ownertrust is just shown as unknown).  All UIDs are
present.

What seems strange to me is that I do not see the warning message when I
import the previous version of my key (exported about a year ago).
The warning only appears when I change the expiration time of that key,
export it, delete it, and then re-import it (including secret key).

~flapflap

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openpgp] Unuploadable Keys

2015-07-22 Thread MFPA 
Hi


On Tuesday 21 July 2015 at 10:36:45 PM, in
, ved...@nym.hush.com
wrote:


> (* Unless*  you misjudged someone to whom you sent the
> passphrase, and he turns maliciously on you, and
> uploads the decrypted form 

It could easily be accidental rather than malicious.

-- 
Best regards

MFPA  

Coffee doesn't need a menu, it needs a cup.

pgp3RD4dNCShc.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1

2015-07-22 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Wednesday 22 July 2015 at 3:48:15 PM, in
, Werner Koch wrote:


> Nope, you won't see changes here - at least not for the
> standard NIST or Brainpool curves.

Is the format for encryption keys using Curve 25519
finalised/implemented yet?



- --
Best regards

MFPA  

Ballerinas are always on their toes.  We need taller ballerinas!
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJVsCQMXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw4TwH/1otuYBgAPZtKAKWv3hoJgXe
ItJvVGR3V747X20PK0FY8ZYPv4sFP/txgCjdd5fydlmmo/jnpuONlwSTyhpzoBHu
5nRd75v9+7UEgPdck31jmRqxoS5wdubz92YtD1HCDP8//5iUM9avyDD4oUJZZf7U
1HdGXEID4w7TeziIIqy/C3Mvka99qKaaPelkrAzvxgxP9xDJJoKhDXZDunX7cB45
eR8yDFDqezAchNc4TYe88sbxVF470Kcv2K2qNJwzdrTVz5bX8JFX4yDpICeN8gXP
ZnW5cBQgxRsQC48pykr3HvxsQOdhGgBwqF7kJuSPrW+Tk76mwzyjnlirfCMR8RyI
vgQBFgoAZgUCVbAkEl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45AvqAQCefexf2zbT+6iUir9WolI6rDgn
4gOZPQD4xgc1KKbuWQD9Eo7zEsbjfpRqPV3eUt8E/Pbvq9i9KH3d57BSDEnw8gE=
=bQVB
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users