Re: GPG and Mailinglists using IBCPRE

2016-07-17 Thread Neal H. Walfield 
Hi,

On Sat, 16 Jul 2016 16:38:27 +0200,
Martin Konold wrote:
> what is currently the recommended setup for running encrypted mailing lists.
> 
> I am thinking about some IBCPRE mechanism. see also https://en.wikipedia.org/
> wiki/Identity-based_conditional_proxy_re-encryption
> 
> I think this would allow the mailing list software act as a proxy 
> reencrypting 
> without directly having the private key of the mailing list on the mailing 
> list server.
> 
> What do you think about IBCPRE.

There is some highly experimental support in a GnuPG branch for
mailing list support that doesn't require that the server access the
plain text.  You can read about it here:

  http://hssl.cs.jhu.edu/~neal/encrypted-mailing-lists.pdf

Thanks,

:) Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpgscm

2016-07-17 Thread ng0 
Hi,

I'm one of the developers involved in Guix.

While doing the update of gnupg from 2.1.13 to 2.1.14 I found out
that you now include a modified version of tinyscheme for running
your tests/opengpg/ tests.

Are the changes you apply to tinyscheme generic enough to
contribute to upstream, so that we can just include a modified
tinyscheme software to run tests/opengpg/ tests during the check
phase of GnuPG?
If they aren't, could you move the gpgscm binary outside of the
source of gnupg to not include bundled dependencies, or in some
more convinient way for you?

As there seems to be no general developer list for GnuPG I'll use
this list, we can move the discussion elsewhere if it does not
fit in here.
--
♥Ⓐ  ng0
For non-prism friendly talk find me on http://www.psyced.org
SecuShare – http://secushare.org

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG and Mailinglists using IBCPRE

2016-07-17 Thread Richard Höchenberger 
Hi,

we've been using Schleuder2 for many years now, and it has always
worked flawlessly on a medium-traffic mailing list as long as everyone
used OpenPGP/MIME. Inline PGP will cause trouble from time to time.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG and Mailinglists using IBCPRE

2016-07-17 Thread Neal H. Walfield 
On Sun, 17 Jul 2016 15:53:47 +0200,
Richard Höchenberger wrote:
> we've been using Schleuder2 for many years now, and it has always
> worked flawlessly on a medium-traffic mailing list as long as everyone
> used OpenPGP/MIME. Inline PGP will cause trouble from time to time.

Scleuder requires that the mail server decrypt the messages.  My
solution doesn't, which is what I think the OP was looking for.  Of
course, Schleuder is straightforward to deploy whereas mine is still a
prototype.

:) Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

SSH hangs when using GPG2 + Yubikey on OS-X

2016-07-17 Thread Ben Warren 
Hello,

I’ve found similar issues on the mailing list, but wasn’t able to find a 
resolution.

I’m using a Yubikey 4 hardware token on OS-X “Yosemite”.  I’m connecting to a 
remote Linux VM and am using GPG agent-forwarding in order to sign git commits 
using the Yubikey.  I also forward SSH through GPG, but find that with one or 
two SSH sessions open, they hang after a couple of hours. This time frame is 
sometimes shorter, but rarely longer.  In order to recover, I need to kill 
scdaemon on the Mac using SIGKILL.  I’ve tried SIGHUP, but that doesn’t help.

I’m able to tolerate this, but colleagues who have more open SSH connections 
open see it hang much more often to the point where this is unusable.

===
Software versions:

ben ~ $ gpg2 --version
gpg (GnuPG) 2.1.12
libgcrypt 1.7.0
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later >
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
   CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

ben ~ $ ssh -V
OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015


GPG configurations:

ben ~/.gnupg $ cat gpg-agent.conf
default-cache-ttl 1
ignore-cache-for-signing
no-allow-external-cache
max-cache-ttl 1
extra-socket /Users/ben/.gnupg/S.gpg-extra-agent
debug-all
log-file /Users/ben/.gnupg/mygpglogfile.log
enable-ssh-support

ben ~/.gnupg $ cat scdaemon.conf
log-file /Users/ben/.gnupg/scdaemon.log
verbose
debug-level guru
#jdebug-all
debug ipc,cardio

I have the full scdaemon log file saved, but can’t post it to this mailing list 
because of size limitations.  If there’s anything in it you need, I’ll be happy 
to provide.


Timeline:
2016-07-13 16:20:58 : started SSH connection
2016-07-13 16:30  : I noticed the SSH connection was hung and killed 
scdaemon

Here’s an interesting snippet from the log file:

2016-07-13 16:28:00 scdaemon[32523] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=3
2016-07-13 16:28:01 scdaemon[32523] DBG: enter: apdu_get_status: slot=0 hang=0
2016-07-13 16:28:01 scdaemon[32523] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=3
2016-07-13 16:28:01 scdaemon[32523] DBG: chan_6 <- RESTART
2016-07-13 16:28:01 scdaemon[32523] O j: trying to release an already 
released context
2016-07-13 16:30:40 scdaemon[32745] listening on socket 
'/Users/ben/.gnupg/S.scdaemon'
2016-07-13 16:30:40 scdaemon[32745] handler for fd -1 started
2016-07-13 16:30:40 scdaemon[32745] DBG: enter: apdu_open_reader: portstr=(null)




thanks,
Ben




smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg-users Digest, Vol 154, Issue 8

2016-07-17 Thread FoxΔΣ 
>
> Message: 3
> Date: Fri, 15 Jul 2016 16:52:57 -0400
> From: "Robert J. Hansen" 
> To: gnupg-users@gnupg.org
> Subject: Re: Threefish cipher in GnuPG?
> Message-ID: 
> Content-Type: text/plain; charset=windows-1252
>
> > Anyway, just out of curiosity, are there plans on including Threefish in
> > GnuPG? Or reasons why it hasn't been nor will be?
>
> RFC4880 has identifiers for the following symmetric ciphers:
> Unencrypted, IDEA, 3DES, CAST5-128, Blowfish-128, AES in three key
> sizes, and Twofish-256.  Supplemental RFCs (5581) have added identifiers
> for Camellia in three key sizes.
>
> If you can get the IETF to release an RFC for Threefish in OpenPGP, it's
> very likely GnuPG will include Threefish support.  But without that,
> it's very unlikely.
>

That was a straight and simple answer. Thanks!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users