Re: Decryption fails with 4096bit key on SmartCard

2015-09-28 Thread NIIBE Yutaka 
On 09/25/2015 02:55 PM, Marcus Ilgner wrote:
>> You'll see the debug dump of following line:
>>
>> raw apdu: 00 47 81 00 02 B8 00 00
>>
> 
> Not sure whether that is significant but there were a few zero bytes more:
> raw apdu: 00 47 81 00 00 00 02 B8 00 08 00

It is also correct.  Short form is 02 and extended form is 00 (the prefix)
and two-byte (00 02).

> Also some slight differences: it says
> 7F 49 82 *02* *0A* 81 82 *02* 00

That's no problem.  It is correct for RSA-4096 key.

> That part looks ok again. Although my public exponent is different, too but
> I guess that's expected :) Yet 527 bytes total sounds plausible for a
> 4096bit key.
> You can find the full output at
> https://gist.github.com/milgner/b823685c8a5960f1f13b#file-public_key_read-log

Thanks.  It looks no problem at all (other than the specific error of
decryption).

> I would assume that the key was indeed transferred successfully then.

Yes.  I think so, too.

> Thanks for the help, I have a feeling we're making some headway towards a
> solution.

The error code of 6A88 is a kind of strange for me.  If it's
OpenPGPcard v3.x with AES symmetric key decryption support, I think
that we could see the error of 6A88, though.

It would be possible this error occurs on other Nitrokey Pro (or other
OpenPGPcard v2.1 implementation), if this were firmware issue.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Should I be using gpg or gpg2?

2015-09-28 Thread Sudhir Khanger 
Hi,

My understanding is gpg is for embedded systems and servers and gpg2 is for 
full fledged desktops. I seem to find documentation only for gpg but not gpg2.

Are there any updated how-to  for gpg2? Should I continue to use gpg command 
everywhere?

-- 
Regards,
Sudhir Khanger,
sudhirkhanger.com.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Guan Xin 
On Mon, Sep 28, 2015 at 11:53 AM, Sudhir Khanger  wrote:
>
> Are there any updated how-to  for gpg2? Should I continue to use gpg command
> everywhere?

For docs of gpg2, check e.g. "/usr/doc/gnupg2-2.0.29" and "info gnupg".

Guan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread listo factor 

On 09/28/2015 09:53 AM, Sudhir Khanger wrote:

Hi,

Should I continue to use gpg command
everywhere?


Unless you have specific reasons for transitioning to gpg2, stick
with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
to use.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Sudhir Khanger 
On Monday 28 Sep 2015 11:23:32 AM listo factor wrote:
> Unless you have specific reasons for transitioning to gpg2, stick
> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
> to use.

There is no specific reason for using gpg or gpg2 other than that upstream 
recommends gpg2 for desktop. I have mildly used gpg and if I have to invest my 
time I might as well start with gpg2. 

-- 
Regards,
Sudhir Khanger,
sudhirkhanger.com.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Robert J. Hansen 
> My understanding is gpg is for embedded systems and servers and gpg2 is for 
> full fledged desktops.

Mostly true.  Close enough for government work.  :)

> I seem to find documentation only for gpg but not gpg2.

Most of the GnuPG 1.4 documentation is still relevant for GnuPG 2.0 and 2.1.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Robert J. Hansen 
> They are also proposing a HTTPS web interface, I guess this relies on
> trusting the certificate authority?

This has a critical chicken-and-egg problem.  Let's say I want to send
you an encrypted email.  I send it to the OwnMail box, and it in turn
sends to you, in cleartext, an HTTPS link to the OwnMail box.  But Eve,
who's listening in on communications between us, who is the adversary I
want to foil ... well, she gets the HTTPS link, too, and she's able to
use it to view my message to you.  End result: Eve is not foiled.

Okay, so let's say the HTTPS link goes to a page protected by some kind
of authentication, some kind of login method.  How do I communicate to
you the credentials to login?  Eve gets to eavesdrop on those, too.  End
result: Eve is not foiled.

So let's say that you create a username/pw on someone else's OwnMail box
early on, before Eve starts listening in.  Now you can go fetch those
HTTPS-secured pages securely.  Eve is foiled.  *But*, you have to set up
the username/PW ahead-of-time, before Eve comes into play.  And now you
have to keep track of yet another username/PW.  End result: Eve is
foiled but it's a usability nightmare because you're stuck tracking 25
different OwnMail username/PWs for 25 different OwnMail users.

Further, they're not doing *anything* that we haven't already been able
to do for 20+ years.  Seriously.  Every mail administrator on the planet
has been able to do this sort of thing for 20+ years.  They don't.  We
rarely if ever see OwnMail-like setups.  It's worth asking the question,
"Why?"

My initial thoughts after reviewing the page: I'm not optimistic.  I
might be wrong!  But I'm definitely not optimistic.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread Daniel Kahn Gillmor 
On Sun 2015-09-27 20:14:20 -0400, SGT. Garcia wrote:
> i use pass to manage my passwords:
> http://www.passwordstore.org/
>
> all passwords are encrypted with one single passphrase which is what i would
> like to have in *sync* with pam's OK on user's successful authentication.

This suggests that you're interested in a pam module that verifies that
you can unlock any secret key associated with the ID stored in
~/.password-store/.gpg-id, then the user can log in.  Does that sound
right?

Or maybe you want your PAM module to test that given ~/.gnupg and
~/.password-store, the user-supplied password is capable of decrypting
some specific entry in pass?

either way, i think you're asking for something that is custom to your
setup.

>> Potentially even scarier, if i can convince you to import key material,
>> i could give you a secret key that is set with a passphrase that i
>> know.  Once you've done that, if the PAM module allows me to connect
>> if i can unlock any key, then i could use it to unlock your account!
>
> import where? i'm not sure if i follow. pass only manages passwords for my 
> email
> accounts, so far at least, and i don't see how this comes into play. would 
> care
> to elaborate please?

i send you a file dkg.asc that contains my OpenPGP certificate, and ask
you to import it into your keyring.  you do "gpg --import dkg.asc".

But in that file, in addition to my actual OpenPGP certificate, i've
included an additional certificate that has your own user ID on it
("SGT. Garcia "), uses a novel secret key, and
that secret key is encrypted by a password i know (let's say it's a
terrible password, like "bananas").

Now, if your proposed setup is in place, and ~/.password-store/.gpg-id
contains "SGT. Garcia ", i will be able to log
in to your account with the password "bananas".

Does this attack make sense?

 --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

An update on poldi? [was: Re: unlock keychain with pam authentication]

2015-09-28 Thread Daniel Kahn Gillmor 
On Sun 2015-09-27 22:04:40 -0400, SGT. Garcia wrote:
> On Thu, Sep 24, 2015 at 11:09:28PM -0400, Daniel Kahn Gillmor wrote:
>> You might be interested in libpam-poldi:
>> 
>>  http://www.g10code.com/p-poldi.html
>
> i get 'not found' error. google finds me this:
> http://www.schiessle.org/howto/poldi.html
>
> assuming they're the same thing it mentions gnupg smartcards; not sure what 
> that
> is but i'm guessing the module can be used with pam regardless even without 
> the
> card; correct?

Cc'ing gniibe, who might be able to give us some feedback on the state
of poldi.

   --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

PAM authentication with gpg or ssh key

2015-09-28 Thread Schlacta, Christ 
Hello list.  I know this isn't exactly on topic, but I think it's
asymptotically close enough to justify asking here.  I'm looking for a
way to authenticate myself to PAM (Specifically sudo) on a remote
server over SSH, though possibly also on a local server using
ssh-agent. if my gpg key is unlocked.  This is particularly relevant
as I store my gpg key in a smart card, and use it to authenticate to
the servers initially.  It would be nice if, while I was out and about
doing remote administrative tasks, I didn't have to take the security
risk of typing in my password where people could shoulder-surf it.  As
I'm using a hardware crypto token (Yubikey Neo actually), I could
actually enable static passwords, or other crypto measures alongside
my yubikey, however, the two best alternative options have less
desirable side-effects.  namely the yubikey-pam module requires
communication with the yubico servers to authenticate a key, and the
static password option can easily accidentally dump the plaintext
password into, say, an e-mail or notepad.  Therefore, I'm looking for
a way to have PAM query the ssh-agent remotely, or optionally locally
in rare instances if possible, for authentication.  I've tried
googling for this, but was unable to come up with anything, and was
hoping someone here would know a way.

If it's possible to redirect gpg-agent over ssh as a gpg agent instead
of an ssh agent, it would also be more than sufficient, if not
preferable, so long as it can authenticate to PAM effectively.  It's
worth noting that my primary use case is connecting from windows +
gpg2.1 + putty --> Linux + whatever version of gpg comes from repos.
Current platforms include deb 7,8, and ubuntu 14.04 and 15.04, but in
the future plan to incldue freebsd and openbsd.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread SGT. Garcia 
On Mon, Sep 28, 2015 at 01:03:10PM -0400, Daniel Kahn Gillmor wrote:
> On Sun 2015-09-27 20:14:20 -0400, SGT. Garcia wrote:
> > i use pass to manage my passwords:
> > http://www.passwordstore.org/
> >
> > all passwords are encrypted with one single passphrase which is what i would
> > like to have in *sync* with pam's OK on user's successful authentication.
> 
> This suggests that you're interested in a pam module that verifies that
> you can unlock any secret key associated with the ID stored in
> ~/.password-store/.gpg-id, then the user can log in.  Does that sound
> right?
> 
> Or maybe you want your PAM module to test that given ~/.gnupg and
> ~/.password-store, the user-supplied password is capable of decrypting
> some specific entry in pass?
> 
> either way, i think you're asking for something that is custom to your
> setup.

i think neither is what i'm asking. the following particular use case should
explain it better.

on my user's first login into this machine i run 'notmuch new' this calls mbsync
to sync my email with gmail but in order for mbsync to do so it has to get my
password from pass. pass in turn has encrypted all my passwords and for that i
have to provide the passphrase *manually*. i would like it to happen
automatically on user login. hence the pam integration. note that i already have
a user systemd service to run 'notmuch new' on user login. it of course fails
until i run the command first to unlock my email passwords.

> >> Potentially even scarier, if i can convince you to import key material,
> >> i could give you a secret key that is set with a passphrase that i
> >> know.  Once you've done that, if the PAM module allows me to connect
> >> if i can unlock any key, then i could use it to unlock your account!
> >
> > import where? i'm not sure if i follow. pass only manages passwords for my 
> > email
> > accounts, so far at least, and i don't see how this comes into play. would 
> > care
> > to elaborate please?
> 
> i send you a file dkg.asc that contains my OpenPGP certificate, and ask
> you to import it into your keyring.  you do "gpg --import dkg.asc".
> 
> But in that file, in addition to my actual OpenPGP certificate, i've
> included an additional certificate that has your own user ID on it
> ("SGT. Garcia "), uses a novel secret key, and
> that secret key is encrypted by a password i know (let's say it's a
> terrible password, like "bananas").
> 
> Now, if your proposed setup is in place, and ~/.password-store/.gpg-id
> contains "SGT. Garcia ", i will be able to log
> in to your account with the password "bananas".
> 
> Does this attack make sense?
> 
>  --dkg

that would be my email account not my local user account, correct?


sgt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Werner Koch 
On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:

> Unless you have specific reasons for transitioning to gpg2, stick
> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
 ^^

That is definitely not the case.  All improvements go into 2.1 and some
are backported to 2.0.  We only add necessary fixes to 1.4.  The crypto
code in 1.4 is way older than what we use in 2.0 - over there we use
Libgcrypt which has received a lot more attention than the old code in
1.4 and it is much faster for large data.

BTW, the close to 2 years old 1.4.16 misses a couple of security fixes
and should asap be updated to 1.4.19.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Robert J. Hansen 
> Hi I spotted this project: https://www.own-mailbox.com/#HowWork

Looking over their FAQ, I found this entry which makes me doubt them
even further.  It downright deserves a fisking, which I'll deliver inline.

"Q: Why shouldn't I trust any cloud email service with JavaScript
encryption on the client-side ?

A: These services cannot be trusted, because they still give power to
companies to spy on you.

Why is it not secure?

1-Encryption is done in JavaScript, and therefore relies on your
browser's JavaScript engines, which 80% of the time are proprietary
software coming from Google, Microsoft, Apple, and most eminent NSA
collaborators."

Nice allegation there about Google, Microsoft, and
Apple all being NSA collaborators.  It's pretty
strange, though, that *all of these* companies are
currently pushing crypto in a big way, to the point
that the USG is currently pushing for legislation
requiring back-doors into crypto... why, it's almost
as if they're not collaborating at all, and are
responding to what they see as overreaching government
practices by introducing technologies to make those
overreaches more difficult.

Second, these guys are flat factually wrong about
JavaScript engines.  Internet Explorer's Chakra engine
is proprietary code.  Apple Safari's Nitro engine,
Mozilla Firefox's Spidermonkey engine, and Google
Chrome's V8 engine (also used in Chromium) are all
open-source.  Let me repeat that: the *only* proprietary
JavaScript engine in common use today is in Internet
Explorer.

"It leaves 4% chances that both you and your correspondent don't use any
of them, (because even if you don't use them, your correspondent might,
and he would compromise your security). Using these browsers for
cryptography, even once, leaves these companies full power to forever
break your cryptography."

Cryptography is not like virginity, where once you
lose it it's gone forever.  I have a hard time believing
that anyone could believe this crap -- I've had boxes
compromised before, and guess what, I wasn't "forever"
compromised.  Talk about how "using these browsers for
cryptography, even once, leaves these companies full
power to forever break your cryptography" is scaremongering,
plain and simple, full stop.

Somebody really ought to write a FAQ entry about
scaremongerers.

https://www.gnupg.org/faq/gnupg-faq.html#fraudsters

"By extension any cryptography done on a proprietary operating system
like Mac or Windows can be considered as doomed, since Microsoft and
Apple can then access your keys."

"Doomed" is such a scaremongering word.  It may be unwise,
but it's certainly not *doomed*.  Further, where is there
any evidence that Microsoft or Apple has ever turned over
a user's encryption keys?  Has this ever happened?  Do they
even have that capability?  Or is the author just trying to
scare you?

"2-The JavaScript code may be changed at any time by the email service
provider. So except if you check the JavaScript code sent to you each
time before entering your password (which is impracticable), you leave
the email service provider open to breaking your cryptography at any
time they want, without you even necessarily knowing it (since you don't
check it)."

Mostly true.

"3-These services don't and cannot have a strong private key encryption.
They rely on a much weaker private password that can be remembered by a
human being. Therefore, they either use a much weaker algorithm than
openPGP, or they use openPGP but store YOUR private key on THEIR
servers, in clear form or encrypted with a simple password. In the movie
citizenfour, Edward Snowden quoted saying "A 10 character password can
be broken by the NSA in few days". So in practice, using a simple
password for encryption make those services easily breakable. In
comparison GPG was initially designed to work with 2048 or 4096 bits
long private keys. GPG and SSL use this kind of strong private key
encryption, as simple passwords are too weak and can be easily broken."

This one makes my head hurt.  Yes, a 10-character passphrase
can be broken in a few days.  It can probably be broken in a
few *milliseconds*.  Rainbow tables are awesome and there's
not enough entropy in a 10-character passphrase to really do
the trick.  But that's why we recommend longer passphrases
with higher entropy.  My Google login, for instance, is
literally 128 bits of random noise put into Base64.

Second, they seem to be completely missing the distinction
between the length of an asymmetric key and the entropy of
that asymmetric key.  My 128-bit Google passphrase, which I've
committed to memory and have no trouble i

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Peter Lebbing 
On 28/09/15 19:00, Robert J. Hansen wrote:
> Cryptography is not like virginity, where once you lose it it's gone
> forever.

I think they mean that your private key material is compromised, meaning
"þey"[1] can decrypt any future messages encrypted to that key. Sloppily
formulated, but I don't think they mean you've lost your crypto virginity 
.

I agree with the rest of what you say, they are full of crap. Just nitpicking 
here.

Peter.

[1] Hey, I just thought of a way to ominously spell "they" as a sort of
three-letter agency thingy; just use a thorn!

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Robert J. Hansen 
>> Cryptography is not like virginity, where once you lose it it's 
>> gone forever.
> 
> I think they mean that your private key material is compromised, 
> meaning "þey"[1] can decrypt any future messages encrypted to that 
> key. Sloppily formulated, but I don't think they mean you've lost 
> your crypto virginity .

First, I love the Thorn Letter Agency: I'm going to have to steal it.  I
don't know whether it should be used sincerely as an "insert agency
here", or snarkily as a "oh, right, *þey* are out to get you".  Maybe
both.  :)

Second, I dunno, man.  I read that paragraph a few times just trying to
understand what they meant before I tore into them, and I came up with
realizing that not only didn't I know what they meant, but I doubted
they knew either.

The troubling line for me was, "Using these browsers for
cryptography, even once, leaves these companies full power to forever
break your cryptography."

So if I use Google Chrome, and it's not compromised, and I use it only
once, after that I switch to Firefox and use that for all my web
needs... and then, later on, Google decides to toggle the evil bit...
suddenly Google Chrome is going to jump in the TARDIS, travel back to
when it was trustworthy, and become evil then, and send my key material
forwards in time?

I mean, taken at their word, that's what they seem to be saying, right?

You could be right.  Absolutely you could be.  But their language is so
weird that I don't think I'm willing to give them the benefit of the doubt.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Peter Lebbing 
On 28/09/15 20:12, Robert J. Hansen wrote:
> First, I love the Thorn Letter Agency: I'm going to have to steal it.

Hehe, go ahead ;).

> I mean, taken at their word, that's what they seem to be saying, right?

Absolutely. And it's curious that they're sprinkling technical terms in the rest
of what they say, yet completely dumb it down there. It doesn't matter what they
meant; the rest of what they write completely disqualifies their ramblings
anyway. Just another company jumping on the Snowden revelations bandwagon. I
don't know, maybe they mean well, but you need someone who also knows what
they're doing instead for it to be more than snake oil.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread Daniel Kahn Gillmor 
On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote:
> i think neither is what i'm asking. the following particular use case should
> explain it better.
>
> on my user's first login into this machine i run 'notmuch new' this calls 
> mbsync
> to sync my email with gmail but in order for mbsync to do so it has to get my
> password from pass. pass in turn has encrypted all my passwords and for that i
> have to provide the passphrase *manually*. i would like it to happen
> automatically on user login. hence the pam integration. note that i already 
> have
> a user systemd service to run 'notmuch new' on user login. it of course fails
> until i run the command first to unlock my email passwords.

if you want it to happen on user login, you're asking for an additional
PAM module that would authenticate you to the local system.

With PAM, you could configure your system to do this as an additional
authentication step (in which case it's the same as your current
scenario, but you're prompted by the login greeter instead of your own
shell initialization scripts) or as the only authentication required
(in which case my attack against your local user account applies).

> that would be my email account not my local user account, correct?

The attack i described is an attack against your local user account,
though i suspect it could be leveraged into an attack against your
e-mail account as well.

   --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Decryption fails with 4096bit key on SmartCard

2015-09-28 Thread Marcus Ilgner 
On Mon, 28 Sep 2015 at 09:04 NIIBE Yutaka  wrote:

> On 09/25/2015 02:55 PM, Marcus Ilgner wrote:
>
[...]

> Thanks for the help, I have a feeling we're making some headway towards a
> > solution.
>
> The error code of 6A88 is a kind of strange for me.  If it's
> OpenPGPcard v3.x with AES symmetric key decryption support, I think
> that we could see the error of 6A88, though.
>
> It would be possible this error occurs on other Nitrokey Pro (or other
> OpenPGPcard v2.1 implementation), if this were firmware issue.
>

Ok, I'm not sure whether someone from the Nitrokey team is following this
list, so I'll contact them and ask them to reproduce this. The card claims
to support 4096bit and since the key is on the card it should be possible
to use it, too... Fingers crossed... ;)

All the best and thanks again for the assistance so far
Marcus
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread SGT. Garcia 
On Mon, Sep 28, 2015 at 02:35:58PM -0400, Daniel Kahn Gillmor wrote:
> On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote:
> > i think neither is what i'm asking. the following particular use case should
> > explain it better.
> >
> > on my user's first login into this machine i run 'notmuch new' this calls 
> > mbsync
> > to sync my email with gmail but in order for mbsync to do so it has to get 
> > my
> > password from pass. pass in turn has encrypted all my passwords and for 
> > that i
> > have to provide the passphrase *manually*. i would like it to happen
> > automatically on user login. hence the pam integration. note that i already 
> > have
> > a user systemd service to run 'notmuch new' on user login. it of course 
> > fails
> > until i run the command first to unlock my email passwords.
> 
> if you want it to happen on user login, you're asking for an additional
> PAM module that would authenticate you to the local system.
> 
> With PAM, you could configure your system to do this as an additional
> authentication step (in which case it's the same as your current
> scenario, but you're prompted by the login greeter instead of your own
> shell initialization scripts) or as the only authentication required
> (in which case my attack against your local user account applies).

i really want it as the only authentication required that is open password from
user logs him in and decrypts the passwords.

> > that would be my email account not my local user account, correct?
> 
> The attack i described is an attack against your local user account,
> though i suspect it could be leveraged into an attack against your
> e-mail account as well.
> 
>--dkg

how does it work, does gnupg phone home? i suspect not. i did not agree to
import anything but apparently my mail client (mutt) and/or gnupg took the
initiative to do so. if that's true then that's a misconfiguration or bad
default configuration of mutt and/or gnupg, i think.


sgt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread listo factor 

On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote:
> On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
>
>> Unless you have specific reasons for transitioning to gpg2, stick
>> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
>   ^^
>
> That is definitely not the case.  All improvements go into 2.1
> and some are backported to 2.0.  We only add necessary
> fixes to 1.4.

Most od 2.x "improvements" have little to do with security.

I can't offer any conclusive evidence for this, but it is my
honest estimate that more real-world sensitive traffic volume
is generated by 1.4.x than 2.x. Consequently, if 1.4.x is in any
was insecure, this would be of significantly greater benefit to
a whole class of large institutional web-traffic attackers than
if 2.x was insecure. So, if 1.4.x is indeed in any way insecure,
that should merit more serious and immediate attention that if
2.x was insecure.





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread sam_uk 

Hi all


maybe they mean well, but you need someone who also knows what
they're doing instead for it to be more than snake oil.


Thanks for your comments, not exactly a ringing endorsement! Some of  
their linguistic quirks could be excused given they are French, But  
I'm glad I asked the question before backing them..


If PGP implementations aren't too far off topic for this list what do  
you all think of https://www.mailpile.is/


Another attempt to hasten PGP use amongst non-techs but with a  
software rather than hardware approach:


Mailpile is an e-mail client!
Mailpile is a search engine and a personal webmail server.
Mailpile is an easy way to encrypt your e-mail.
Mailpile is software you run yourself, on your own computer.
Mailpile is an effort to reclaim private communication on the  
Internet. A project to rescue our personal lives from the proprietary  
cloud and prevent our conversations from being strip-mined for  
corporate profit and government surveillance.


Thanks

Sam





Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 




binjQxQXVEfZ5.bin
Description: PGP Public Key
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread Daniel Kahn Gillmor 
On Mon 2015-09-28 16:00:38 -0400, SGT. Garcia wrote:
> i really want it as the only authentication required that is open password 
> from
> user logs him in and decrypts the passwords.
>
>> > that would be my email account not my local user account, correct?
>> 
>> The attack i described is an attack against your local user account,
>> though i suspect it could be leveraged into an attack against your
>> e-mail account as well.
>
> how does it work, does gnupg phone home? i suspect not. i did not agree to
> import anything but apparently my mail client (mutt) and/or gnupg took the
> initiative to do so. if that's true then that's a misconfiguration or bad
> default configuration of mutt and/or gnupg, i think.

There is no phoning home.  Do you ever import keys that other people
send you?  or keys you find on the web?  or keys attached to e-mail
messages?  Are you sure the things imported can't include a secret key?

Apparently i'm not doing a great job at communicating this scenario to
you.  sorry about that.  Maybe someone else can try to explain it more
clearly than i can.

I understand what you're asking for, and i see how it would be a useful
thing.  However, i think you should constrain it much more tightly than
what you appear to be asking for, and i don't think that such a thing
already exists.  It would be a bit of engineering work to make sure that
it's functional, but i'd be happy to review something like this if
somebody wants to propose it.

 --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Robert J. Hansen 
> Most od 2.x "improvements" have little to do with security.

Per NIST, RSA-2048 is believed safe until 2030.  That means that if you
need to keep secrets longer than fifteen years, you need to move away
from RSA completely.  RSA-3072 is not all that much stronger than
RSA-2048, and RSA-4096 adds even less.

The future is clear: 512-bit ECC, which is about as resistant to
brute-forcing as AES256.

GnuPG 2.1 has it.  GnuPG 1.4 *will never get it*.  That means each day
that moves forward is one day closer to GnuPG 1.4's obsolescence.

Other major improvements: the codebase is cleaner.  There's more
separation of code.  Most crypto operations are now handled by
libgcrypt, which is a great move.  The more libgcrypt gets used by
outside people, the better a chance we have of spotting bugs before they
become problems.

There are a lot of important improvements in 2.0.  I'm not saying I'm a
fan of all the decisions the development team made, but on balance I
think it's a much better product than 1.4 ever was.

> I can't offer any conclusive evidence for this, but it is my
> honest estimate...

If your name were Vint Cerf, Admiral Mike Rogers, Whit Diffie, or
someone of that caliber -- then yes, I might be able to look at who you
are, your professional history, your accomplishments, and come to a
reasoned evaluation of how much credence I should lend to your honest
estimates.  But I don't know you.  I don't know your reputation, I don't
know who's worked with you that will vouch for you... nothing.  Without
that, why should I consider your estimates to be any more reliable than
a Ouija board?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Own Mail: PGP running on local server; Is it secure

2015-09-28 Thread Robert J. Hansen 
> If PGP implementations aren't too far off topic for this list what do
> you all think of https://www.mailpile.is/

I've run into some of the Mailpile people at various conferences and on
various mailing lists.  I've yet to hear anything unusually foolish from
them.[1]  I can't recommend them because I haven't looked at their
product very much, but so far I've yet to find anything to make me
suspect them, either.



[1] Usual foolishness is, of course, expected.  We're all human.  I'm as
usually foolish as the next person.  It's only unusual degrees of
foolishness that are cause for concern.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unlock keychain with pam authentication

2015-09-28 Thread SGT. Garcia 
On Mon, Sep 28, 2015 at 01:03:10PM -0400, Daniel Kahn Gillmor wrote:
> 
> i send you a file dkg.asc that contains my OpenPGP certificate, and ask
> you to import it into your keyring.  you do "gpg --import dkg.asc".
> 
> But in that file, in addition to my actual OpenPGP certificate, i've
> included an additional certificate that has your own user ID on it
> ("SGT. Garcia "), uses a novel secret key, and
> that secret key is encrypted by a password i know (let's say it's a
> terrible password, like "bananas").
> 
> Now, if your proposed setup is in place, and ~/.password-store/.gpg-id
> contains "SGT. Garcia ", i will be able to log
> in to your account with the password "bananas".
> 
> Does this attack make sense?
> 
>  --dkg

hmm, it pinenty asked me for passphrase, how did that happen? gnupg imports the
new key automatically?


sgt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread listo factor 

On 09/28/2015 08:26 PM, Robert J. Hansen wrote:

Most od 2.x "improvements" have little to do with security.


Per NIST, RSA-2048 is believed safe until 2030.  That means that if you
need to keep secrets longer than fifteen years, you need to move away
from RSA completely.  RSA-3072 is not all that much stronger than
RSA-2048, and RSA-4096 adds even less.


Most of those that use gpg because they really, really need to keep
their secrets from their adversaries are concerned with this year
and next, not about A.D. 2030. Their enemy is mistakes caused by
overly complex interfaces, much more than residual differences
in the cryptographic primitives. (Kind of AK-47 vs M16 thing).


If your name were Vint Cerf, Admiral Mike Rogers, Whit Diffie, or
someone of that caliber...


I'm obviously not one of those gentlemen; my "caliber" is that of a
half-educated practitioner toiling in the trenches. But sometimes
those can offer observations that escape the admirals and generals...



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Robert J. Hansen 
> Most of those that use gpg because they really, really need to keep
> their secrets from their adversaries are concerned with this year
> and next, not about A.D. 2030.

Without knowing the basis for this claim, I have to reject it.

> I'm obviously not one of those gentlemen; my "caliber" is that of a
> half-educated practitioner toiling in the trenches. But sometimes
> those can offer observations that escape the admirals and generals...

To paraphrase the movie _A Few Good Men_, it doesn't matter what you
know, it only matters what you can prove.  You could tell us all what
the winning lottery numbers would be, but unless you had some way to
prove your accuracy ahead of the drawing your prediction would mean little.

You may very well have excellent insights to share, but without having
any way to evaluate their likelihood of correctness how can we have any
confidence in them?  This week's lucky numbers may very well be 7, 8,
24, 29 and 31, but how can we know?  How can we have confidence?  Why
should we listen?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread Daniele Nicolodi 
On 28/09/15 22:00, listo factor wrote:
> On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote:
>  > On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
>  >
>  >> Unless you have specific reasons for transitioning to gpg2, stick
>  >> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
>  >   ^^
>  >
>  > That is definitely not the case.  All improvements go into 2.1
>  > and some are backported to 2.0.  We only add necessary
>  > fixes to 1.4.
> 
> Most od 2.x "improvements" have little to do with security.

Even assuming that this is true, there "most" in not all, thus there are
some improvements in the 2.0 ad 2.1 release series that are not in the
1.4 one. That alone is a good reason to move to the modern GPG
implementations.

> I can't offer any conclusive evidence for this, but it is my
> honest estimate that more real-world sensitive traffic volume
> is generated by 1.4.x than 2.x. Consequently, if 1.4.x is in any
> was insecure, this would be of significantly greater benefit to
> a whole class of large institutional web-traffic attackers than
> if 2.x was insecure. So, if 1.4.x is indeed in any way insecure,
> that should merit more serious and immediate attention that if
> 2.x was insecure.

As much as I like conclusions based on anecdotal evidence, I don't
really see what you want to say with that statement. GnuPG 1.4 receives
all the bug fixes it needs based on known bugs, however, code
improvement and architectural changes that make the system more secure
are implemented only in 2.1 and partially in 2.0. I don't see anything
wrong or worrisome with that.

Cheers,
Daniele


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: An update on poldi? [was: Re: unlock keychain with pam authentication]

2015-09-28 Thread NIIBE Yutaka 
Thank you, dkg for Cc-ing.

On 09/29/2015 02:05 AM, Daniel Kahn Gillmor wrote:
> On Sun 2015-09-27 22:04:40 -0400, SGT. Garcia wrote:
>> On Thu, Sep 24, 2015 at 11:09:28PM -0400, Daniel Kahn Gillmor wrote:
>>> You might be interested in libpam-poldi:
>>>
>>>  http://www.g10code.com/p-poldi.html
>>
>> i get 'not found' error. google finds me this:
>> http://www.schiessle.org/howto/poldi.html
>>
>> assuming they're the same thing it mentions gnupg smartcards; not sure what 
>> that
>> is but i'm guessing the module can be used with pam regardless even without 
>> the
>> card; correct?
> 
> Cc'ing gniibe, who might be able to give us some feedback on the state
> of poldi.

Poldi works with smartcard, specifically OpenPGPcard compatible.  It
doesn't work without OpenPGPcard compatible smartcard.

I maintain Poldi and Scute for Debian.  Since those two projects are
orphaned by upstream, I only do small changes.

Last year, I did small changes for Poldi, when a person asked me if
Poldi can still work on Fedora.  Those changes are in the repository:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git;a=summary

He said that he would be able to have a little budget for further
development of Poldi, but it seems that my unpaid work of last year
was just enough for him, and it didn't proceed further.

Personally, I think that the use case for Poldi for login
authentication is fundamentally different than the use case of
OpenPGPcard for SSH authentication.  I tend to assume ownership of
computer and OpenPGPcard is by its users, but in some (or most) cases,
Poldi is used in the situation where computer owner is a company and
OpenPGPcard owner is also a company (and a company let employees use
their computers).  Who controls what, is different.

Thus, in my opinion, Poldi is an experimental project, just for
seeking the technical possibility, which doesn't go anywhere.

*   *   *

For authentication of sudo on remote machine, I think that we can use
pam_ssh_agent [0] together with GnuPG, if we can configure correctly.
I don't have any experiences, though.  It would be good if we can also
do similar thing directly by gpg-agent remote access.

[0] pam_ssh_agent: http://pamsshagentauth.sourceforge.net/
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Should I be using gpg or gpg2?

2015-09-28 Thread listo factor 

On 09/28/2015 09:36 PM, Robert J. Hansen wrote:

To paraphrase the movie _A Few Good Men_, it doesn't matter what you
know, it only matters what you can prove.


I'm not here to prove anything.

An Internet mailing list is not about proving things. It lacks
both the procedural rigour and an impartial umpire; two things that
are sine qua non for the concept of "proving". The observations I'm
offering here are simply that; observations of a user of the product.
The only reason they might be worth reader's time is that they come
from someone familiar with the world of end-users with limited
resources combined with a real need for the facilities this product
has to offer.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users