Re: EasyGnuPG

[Dashamir Hoxha]

On Tue, Mar 22, 2016 at 11:56 PM, Andrew Gallagher 
wrote:

> On 22 Mar 2016, at 22:10, Dashamir Hoxha  wrote:
>
> On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing 
> wrote:
>>
>> And why is your primary key capable of encryption? One of the reasons for
>> subkeys is so you don't have to use the same key material for both
>> encryption
>> and signing, since this opens up some subtle points of attack that are
>> easily
>> avoided.
>>
>
> What is wrong with that? As long as there is a subkey for encryption, gpg
> will use the subkey for encryption, even if the primary key is capable of
> encryption.
>
>
> Please please for the love of all that is sweet and beautiful in the world
> don't make an encryption-usage primary key. If you ignore everything else
> Peter has said, please don't ignore this. There are no benefits whatsoever
> to making an E-usage primary key, and plenty of reasons not to. And unlike
> expiry dates which can be fixed later, once you have E enabled on a primary
> key you can't remove it without hacking the innards of the data structure.
>
> IMHO the only thing to do with E-usage primary keys is revoke them and
> start again from scratch. The only reason they are even still allowed in
> GPG is for backwards compatibility, right...?
>

I fixed it:
https://github.com/dashohoxha/egpg/commit/d21ccdb42de6f48f316a19aadec93bfd9b7d55ca
Is it OK to have a signing primary key? Is it useful?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Dashamir Hoxha]

On Wed, Mar 23, 2016 at 6:04 AM, Viktor Dick  wrote:
>
> Then there is the problem that the user might not notice that his key is
> expired. I remember vagely spending a day trying to find the error until
> I noticed that my subkeys were expired. But this might have been a
> problem with Enigmail, which did not give a clear error message.
>

In egpg you get warnings before and after the key has expired:
https://github.com/dashohoxha/egpg/blob/master/src/auxiliary.sh#L46-L60
However I am not sure how well this works in practice.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[flapflap]

Viktor Dick:
> In this case, I think you have got a point. I think the gnupg default of
> 'expires: never' is not the best solution, since people who just try it
> out might end up with a public key published to keyservers where they
> have lost the private key.
[...]
> But I still think it might be
> better to set a default expiry of, let's say, 1 year and two months for
> the primary key and one year for the subkeys.

o  IMHO, users of the terminal gpg program should be well aware of the
   existence of expiration of a key, because they were asked for it
   during key generation.
o  "People who just try it [gpg] out" should (and most likely will) not
   use the terminal interface.
o  "People who just try it [gpg] out" should use Enigmail or another
   GUI.  And when using Enigmail, the expiry default is 5y, a revocation
   certificate is generated by default so that the user can revoke the
   key if s/he lost the passphrase/secret key.  Also, the user is
   advised to make a copy to an external medium (CD/USB) or print it
   out.  It is already 'fail safe' so to say.

~flapflap


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent scdaemon + yubikey smartcard on Windows not asking for PIN with PUTTY

[Bowlers Bloody]

Hello,

I'm using my yubikey 4 as a smartcard to log on remote SSH with PUTTY,
under Windows.
Putty have a little software called pageant that keep your keys
available for putty to use. Unfortunately, it is not smartcard
compatible.
Fortunately, it works if I use a modified pageant.exe found here :
http://smartcard-auth.de/ssh-en.html

Now, back to my problem : I read that recent version of
gpg4win/gpg-agent are compatible with putty and can replace pageant to
talk to putty. So I tried but the problem is, when I use gpg-agent, it
does not ask for a PIN (no PIN entry window) and then it fails in
putty.

This guy seems to have the same kind of problem :
http://lists.wald.intevation.org/pipermail/gpg4win-users-en/2015-October/001263.html

I'm using Windows 7 64 bits with GnuPG 2.0.29 and Gpg4win 2.3.0. Using
putty 0.67.

I ran scdaemon and gpg-agent with logging in "guru" mode, and I can
post the results here if it helps.
It appears the card is read correctly, putty query is detected by
gpg-agent, only the PIN entry is not asked/triggered...

Any help appreciated, thank you
Regards

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

[Werner Koch]

On Wed, 23 Mar 2016 03:20, m...@tankredhase.de said:

> wanted to get the GnuPG community's thoughts. Making GCM the new
> standard mode for symmetric encryption would give us a modern and
> performant alternative to OpenPGP's CFB mode. Especially with regards

As I mentioned on the WG list, I would really like to see OCB used for
OpenPGP.  OCB is far superior over any other AE modes.  There are no
software patent issues even for closed source software with the
exception for those whose business it is to kill people.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Werner Koch]

On Tue, 22 Mar 2016 20:35, dashoho...@gmail.com said:

> I still think that the colons format is a bit difficult to process and not

The colon format difficult?  I can do almost everything on the command
line.  awk(1) is your friend.

> not as easy as that. For example there is also --passphrase-fd,
> --command-fd, --logging-fd etc. and sometimes I still don't manage to

Well, if you need interaction you need to have a way to pass the
passphrase.  Interaction and unattended use are mostly orthogonal
requirement.

Agreed, the required status-fd/command-fd FSM can get quite complex.
However gpg 2.1 has the new --quick* commands which can replace most
common usages of command-fd in scripts.

What is the problem with a logging-fd?  Being able to specify a file
descriptor instead of a file is a very useful feature and can easily be
used by a script.  If you really want to log something.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Andrew Gallagher]

> On 23 Mar 2016, at 07:27, Dashamir Hoxha  wrote:
> 
> Is it OK to have a signing primary key? Is it useful?

A signing primary key is fine. I prefer making single-use subkeys for each of 
A,E,S but only the E subkey is strictly necessary. You can always generate the 
A,S subkeys later if you find you need them (e.g. if you buy a smartcard), and 
since you can always enforce use of your A,S subkeys (unlike E, where it's out 
of your hands) this shouldn't cause you any issues if you change your mind. 

If you are aiming your tool at beginners then single-use subkeys are probably 
overkill, so the GPG defaults are fine. In general, you should stick to the 
default behaviour unless you can justify doing otherwise. 

A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

[Tankred Hase]

Hi Werner,

thanks for quick response.

> Am 23.03.2016 um 22:56 schrieb Werner Koch :
> 
> As I mentioned on the WG list, I would really like to see OCB used for
> OpenPGP.  OCB is far superior over any other AE modes.  There are no
> software patent issues even for closed source software with the
> exception for those whose business it is to kill people.

Could you kindly point me to the discussion on the WG list? I’m new to the IETF 
world. Thanks.

I have no objections against supporting multiple authenticated modes, including 
OCB. Like I said, the reason I would advocate for GCM is because of its support 
in the WebCrypto api [1]. Until now, OpenPGP.js has relied on JavaScript 
implementations of crypto primitives. These are are not only slower, but are 
also subject to well known side channel attacks. WebCrypto is now widely 
supported [2] and browsers also offer hardware acceleration for GCM [3].

Several application like Mailvelope and ProtonMail use OpenPGP.js and with the 
emergence of frameworks like electron and Microsoft’s Universal JS apps on 
Windows 10, probably more application will in the future.

Tankred

[1] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
[2] http://caniuse.com/#feat=cryptography
[3] 
https://security.googleblog.com/2014/04/speeding-up-and-strengthening-https.html
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Paolo Bolzoni]

There is a way to know how many "hops" are a key from anything I trust
and see the path?

On Tue, Mar 22, 2016 at 7:43 PM, Andrew Gallagher  wrote:
> On 22/03/16 18:30, Peter Lebbing wrote:
>> On 22/03/16 19:14, Andrew Gallagher wrote:
>>> All this is true. But this does not help *me* one iota.
>>
>> It sounds to me like you're not looking for the Web of Trust, which is indeed
>> very limited in its options. Instead, you are probably looking for something
>> more like TOFU, in the sense that this developer whose signature you see is 
>> the
>> same one whose signature you saw last time.
>
> Only for a project with one developer! Otherwise, the person who signs
> it could legitimately change between releases. Large projects often have
> a separate release signing key, but not apache it seems...
>
> And at the risk of getting shot down (again), TOFU doesn't work. Not
> because TOFU is broken (it's a perfectly valid method), but because
> *people* are broken. How many times have you blithely clicked through an
> ssh "WARNING: the remote host key has changed!" prompt? ;-)
>
> A
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Andrew Gallagher]

On 23/03/16 16:49, Paolo Bolzoni wrote:
> There is a way to know how many "hops" are a key from anything I trust
> and see the path?

PGP pathfinder will tell you what paths exist between any two specific
keys, so long as they are both in the strong set.

http://pgp.cs.uu.nl/mk_path.cgi

A



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Paolo Bolzoni]

Sigh.. it seems I am not yet part of the strong set.

Thanks anyhow!

On Wed, Mar 23, 2016 at 5:54 PM, Andrew Gallagher  wrote:
> On 23/03/16 16:49, Paolo Bolzoni wrote:
>> There is a way to know how many "hops" are a key from anything I trust
>> and see the path?
>
> PGP pathfinder will tell you what paths exist between any two specific
> keys, so long as they are both in the strong set.
>
> http://pgp.cs.uu.nl/mk_path.cgi
>
> A
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Peter Lebbing]

On 23/03/16 16:35, Andrew Gallagher wrote:
> [...] and since you can always enforce use of your A,S subkeys (unlike
> E, where it's out of your hands) this shouldn't cause you any issues if you
> change your mind.

I haven't tried it (it's more work than most "let's try this" things), but I
think if you have a smartcard with your primary key inserted, and your primary
key can do A, GnuPG would be quite happy to negotiate that key for SSH auth and
subsequently do that authentication.

Smartcard keys are automatically considered for SSH authentication, which is
where it differs from on-disk keys, which need to be added to sshcontrol 
explicitly.

> If you are aiming your tool at beginners then single-use subkeys are probably
> overkill, so the GPG defaults are fine.

Yes, an on-disk authentication subkey seems really uncommon to me. I would
completely omit an A subkey.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Daniel Kahn Gillmor]

On Tue 2016-03-22 15:11:23 -0400, Dashamir Hoxha wrote:
> On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch  wrote:
>
>> FWIW: We even consider to extend gpgme-tool to be a Native Messaging
>> Server for Browsers.
>
> In this case, "gpgme-tool" should be packaged on its own, not inside the
> package "*libgpgme11-dev*".
> I am refering to this message:
> https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029206.html

I'm entirely open to packaging gpgme-tool separately from the -dev
package, if there is a clear and compelling argument for it.

If you feel that this is something particularly useful that you want to
happen for debian, please file a debian bug report against the gpgme1.0
source package (e.g. "reportbug gpgme1.0").

Regards,

--dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Daniel Kahn Gillmor]

On Wed 2016-03-23 13:42:11 -0400, Peter Lebbing wrote:
> Yes, an on-disk authentication subkey seems really uncommon to me. I would
> completely omit an A subkey.

the monkeysphere project encourages the creation of on-disk
authentication subkeys.  While that may be uncommon, i don't think it's
"really uncommon".

   --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Peter Lebbing]

On 23/03/16 19:30, Daniel Kahn Gillmor wrote:
> the monkeysphere project encourages the creation of on-disk
> authentication subkeys.  While that may be uncommon, i don't think it's
> "really uncommon".

Fair enough :). Things like monkeysphere are exactly where it makes
sense. I have no idea how many people deploy monkeysphere for SSH.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: EasyGnuPG

[Dashamir Hoxha]

On Wed, Mar 23, 2016 at 6:48 PM, Daniel Kahn Gillmor 
wrote:
>
> > In this case, "gpgme-tool" should be packaged on its own, not inside the
> > package "*libgpgme11-dev*".
> > I am refering to this message:
> > https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029206.html
>
> I'm entirely open to packaging gpgme-tool separately from the -dev
> package, if there is a clear and compelling argument for it.
>

If I write a tool that uses and depends on `gpgme-tool`, it doesn't seem
right to me to depend on a -dev package. This is just a feeling, maybe I am
wrong.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Doug Barton]

On 3/22/2016 11:14 AM, Andrew Gallagher wrote:

the question most useful to a user is "given this particular
signature, how much confidence should I invest in it?".


No, the question *most* users that bother to use the signature at all 
ask about it is, "Did it validate?"


The answer to *your* question, "How much confidence should I invest in 
it?" is, "Very little."


Except in certain specialized situations the only utility for a PGP 
signature is, "Does it show that the thing signed arrived unchanged?" 
You cannot reasonably place more confidence in it than that, regardless 
of the number of known signatures the key has.


1. You don't know if the key was in full control of the 
person/organization it purports to represent before, during, or after 
the signatures you are trusting were applied.


2. You don't know if the person in control of the key at the time the 
thing you care about was signed was being coerced, or not.


And as Robert pointed out, for organizational keys there is no way that 
you can associate control of the key with a known, trusted individual.


So trying to validate a key in the manner you described in your e-mail 
is at best a fool's errand. If you enjoy the work, by all means help 
yourself. But let's please stop pretending that signatures mean more 
than they really do.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Andrew Gallagher]

On 23 Mar 2016, at 21:07, Doug Barton  wrote:
> 
>> On 3/22/2016 11:14 AM, Andrew Gallagher wrote:
>> the question most useful to a user is "given this particular
>> signature, how much confidence should I invest in it?".
> 
> No, the question *most* users that bother to use the signature at all ask 
> about it is, "Did it validate?"

You're contradicting something I didn't say.

> The answer to *your* question, "How much confidence should I invest in it?" 
> is, "Very little."

"Very little" is still better than "nothing", which is the only alternative on 
offer. 

> Except in certain specialized situations the only utility for a PGP signature 
> is, "Does it show that the thing signed arrived unchanged?"

Unchanged compared to what? ;-)

> You cannot reasonably place more confidence in it than that, regardless of 
> the number of known signatures the key has.
> 
> 1. You don't know if the key was in full control of the person/organization 
> it purports to represent before, during, or after the signatures you are 
> trusting were applied.
> 
> 2. You don't know if the person in control of the key at the time the thing 
> you care about was signed was being coerced, or not.
> 
> And as Robert pointed out, for organizational keys there is no way that you 
> can associate control of the key with a known, trusted individual.

All true. And all beside the point that I was making, which is that a validated 
signature may not be much, but it's a) all that we have, and b) better than 
nothing. 

> So trying to validate a key in the manner you described in your e-mail is at 
> best a fool's errand. If you enjoy the work, by all means help yourself. But 
> let's please stop pretending that signatures mean more than they really do.

Spending a lot of bandwidth refuting straw man points that I didn't actually 
make is also a fools' errand. ;-)

A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

[Tankred Hase]

Hi again,

> Am 23.03.2016 um 22:56 schrieb Werner Koch :
> 
> On Wed, 23 Mar 2016 03:20, m...@tankredhase.de said:
> 
>> wanted to get the GnuPG community's thoughts. Making GCM the new
>> standard mode for symmetric encryption would give us a modern and
>> performant alternative to OpenPGP's CFB mode. Especially with regards
> 
> As I mentioned on the WG list, I would really like to see OCB used for
> OpenPGP.  OCB is far superior over any other AE modes.  There are no
> software patent issues even for closed source software with the
> exception for those whose business it is to kill people.

I've done some research concerning patents. It seems OCB is not unencumbered by 
patents [1][2] while GCM is patent free [3][4]. A least according to Wikipedia 
and Matthew Green’s blog...

"GCM. Galois Counter Mode has quietly become the most popular AE(AD) mode in 
the field today, despite the fact that everyone hates it. The popularity is due 
in part to the fact that GCM is extremely fast, but mostly it's because the 
mode is patent-free. GCM is 'on-line' and can be parallelized, and (best): 
recent versions of OpenSSL and Crypto++ provide good implementations, mostly 
because it's now supported as a TLS ciphersuite. As a side benefit, GCM will 
occasionally visit your house and fix broken appliances."

Would this change your perception of GCM in regards to GnuPG adoption?

Thanks,
Tankred

[1] https://en.wikipedia.org/wiki/OCB_mode#Patents
[2] 
http://crypto.stackexchange.com/questions/5639/why-is-ocb-aes-mode-not-becoming-a-standard-for-authenticated-encryption
[3] https://en.wikipedia.org/wiki/Galois/Counter_Mode#Patents
[4] 
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Doug Barton]

On 03/23/2016 04:38 PM, Andrew Gallagher wrote:

On 23 Mar 2016, at 21:07, Doug Barton  wrote:



On 3/22/2016 11:14 AM, Andrew Gallagher wrote:
the question most useful to a user is "given this particular
signature, how much confidence should I invest in it?".


No, the question *most* users that bother to use the signature at all ask about it is, 
"Did it validate?"


You're contradicting something I didn't say.


Yes, I am. I'm trying to make a point. One which I think you failed to 
grasp.



The answer to *your* question, "How much confidence should I invest in it?" is, 
"Very little."


"Very little" is still better than "nothing", which is the only alternative on 
offer.


Except in certain specialized situations the only utility for a PGP signature is, 
"Does it show that the thing signed arrived unchanged?"


Unchanged compared to what? ;-)


I'm assuming that this is not a serious question.


You cannot reasonably place more confidence in it than that, regardless of the 
number of known signatures the key has.

1. You don't know if the key was in full control of the person/organization it 
purports to represent before, during, or after the signatures you are trusting 
were applied.

2. You don't know if the person in control of the key at the time the thing you 
care about was signed was being coerced, or not.

And as Robert pointed out, for organizational keys there is no way that you can 
associate control of the key with a known, trusted individual.


All true. And all beside the point that I was making, which is that a validated 
signature may not be much, but it's a) all that we have, and b) better than 
nothing.


No, it's *not* beside the point. You keep saying "better than nothing," 
which is technically correct, but not sufficient. We need to understand 
and discuss exactly *how much* better than nothing a valid signature is 
before we can seriously discuss how much weight to put on it, or how 
much spelunking through the WOT we're willing to perform, or (more 
importantly) recommend.



So trying to validate a key in the manner you described in your e-mail is at 
best a fool's errand. If you enjoy the work, by all means help yourself. But 
let's please stop pretending that signatures mean more than they really do.


Spending a lot of bandwidth refuting straw man points that I didn't actually 
make is also a fools' errand. ;-)


Ok, so let me be more direct, since I was obviously too subtle the first 
time. You described downloading keys and validating signatures in an 
effort to validate a key which signed a random software package that you 
downloaded from the Internet which is, by and large, a colossal waste of 
time. Further, you seem dangerously misinformed about what value to 
place on the work that you performed (that is, any actual increase in 
trust or validity that you placed on the key after you were done ... 
hint: It's zero).


Because of the three points I listed above, any work spent validating 
they key that made the signature is simply a waste of time. You cannot, 
and more importantly should not, impart any additional "trust" in 
signatures made by that key due to the work you performed.


Now it's your time to spend, so if you want to spend it thusly, that's 
great. More power to you. But before you create any grand plans or 
recommend that others do the same kind of work you really need to 
understand the situation better.


hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users