On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote:
> Ah,.. tanks :-)
> So it sould be completely enough to verify Name/eMail and the
> Fingerprint when signing another key,... and I don't have to compare
> creation date/keysize/algorithm/etc., right?
Not unless you're sign
On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> Somewhere (unfortunately I've lost the URL) I've read about forging
> fingerprints and/keyIDs (not sure)
> Meaning that an attacker could create a key (but as far as I remember
> with a different keysize onlz
On Tue, Nov 29, 2005 at 04:08:06AM +0100, Christoph Anton Mitterer wrote:
> If you look at professional CAs (e.g. DFN-PCA) they clearly state in
> their Policies that e.g. they'll NEVER use their root keys for signing
> data but only for signing keys (DFN does this with its root-PGP-keys for
>
On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> Hi all,
>
> I was wondering whether the following feature does exist within gpg
> or related programs: the possibility to check a signature via a
> (longer) trust path from my key to the signer's key.
>
> I am no expert in the use o
Ah,.. tanks :-)
So it sould be completely enough to verify Name/eMail and the
Fingerprint when signing another key,... and I don't have to compare
creation date/keysize/algorithm/etc., right?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich Uni
On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> Somewhere (unfortunately I've lost the URL) I've read about forging
> fingerprints and/keyIDs (not sure)
> Meaning that an attacker could create a key (but as far as I remember
> with a different keysize onlz
David Shaw wrote:
On Tue, Nov 08, 2005 at 11:41:43PM +0100, Christoph Anton Mitterer wrote:
Ok,.. you told me that the disadvantage of C-only keys would be that you
can't response to challenges. Is this the only reason?
As far as I know a challenge/response is used by some users to verify
t
Hi :-)
Ok,.. it took some time,.. but now I came back to that issue ...
David Shaw wrote:
On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote:
Or is there perhaps another software that I could use for chaging the
key usage flags (without damaging my key or changing the
Hi
I've got some questions ;-)
About the differences between what OpenPGP (RFC2440) specifies and what
GnuPG does:
1) I've created my key with "openpgp" in the config file,... so
everything should have been absolutely rfc2440 confomant, right?
Ok, but:
Command> showpref
pub 4096R/5BB9A5
Hi.
Somewhere (unfortunately I've lost the URL) I've read about forging
fingerprints and/keyIDs (not sure)
Meaning that an attacker could create a key (but as far as I remember
with a different keysize onlz) that has the same fingerprint and/or
keyID as another key.
Is that true?
Are the
Werner Koch <[EMAIL PROTECTED]> writes:
> On Sun, 27 Nov 2005 11:32:03 +0100, Markus Plail said:
>
>> CA certificates into gpg, but I can't get my private/public key into
>> gpg. Originally I have a p12 certificate. Is it possible to extract
>> the keys in the needed format for gpg?
>
> A
>
> gpg
David Shaw wrote:
> Bob Proulx wrote:
> > If a key has been signed with a default-cert-level of 0 is it possible
> > to go back and edit the key signature and increase the level on a key?
> > I could not find a way to do this. The best I could find was to
> > delete the key plus signature and sign
On Sun, 27 Nov 2005 11:32:03 +0100, Markus Plail said:
> CA certificates into gpg, but I can't get my private/public key into
> gpg. Originally I have a p12 certificate. Is it possible to extract the
> keys in the needed format for gpg?
A
gpgsm --import foo.p12
should be all you need. Make s
13 matches
Mail list logo
