Re: plausibly deniable

2010-07-23 Thread Faramir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ted Smith escribió: > On Fri, 2010-07-23 at 02:07 -0400, Faramir wrote: ... >> Well, I suppose in most countries nobody is going to torture you, but >> there are other countries where you can't be so sure... Also, an ... > Nobody in any country is

Re: plausibly deniable

2010-07-23 Thread Robert J. Hansen
On 7/23/2010 6:08 PM, Ted Smith wrote: > Nobody in any country is going to torture you for your key, because > keyloggers are much less expensive than torturers + torturing equipment. This is not true. There are documented instances where people have been tortured to turn over crypto keys. You a

Re: plausibly deniable

2010-07-23 Thread Andre Amorim
On 23 July 2010 23:08, Ted Smith wrote: > On Fri, 2010-07-23 at 02:07 -0400, Faramir wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Ted Smith escribió: >> ... >> >> Deniable encryption is a useful tool, but it is not a universally good >> >> idea. >> > >> > An interrogator as

Re: plausibly deniable

2010-07-23 Thread Ted Smith
On Fri, 2010-07-23 at 02:07 -0400, Faramir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted Smith escribió: > ... > >> Deniable encryption is a useful tool, but it is not a universally good > >> idea. > > > > An interrogator as described in this thread is a movie plot threat. I

Where is FAQ?

2010-07-23 Thread Jean-David Beyer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have what I am sure is a frequently asked question, but I cannot find a FAQ. I can find the archives, but I know no good way to search them. It is the question about the order of signing and encrypting a message. I am pretty sure that is the correct

GPG2 SSH SmartCard Private Key Auth

2010-07-23 Thread Frank Stefan Sundberg Solli
Hi Guys. I am currently running OpenSolaris 2010, I got GPG2 set up and my (OpenPGP) Smartcard. I have no problems accesing the smartcard from GPG2 (e.g gpg2 --card-status) everything shows up fine, I am able to edit and view my keys and so on. The problem though is when I'm trying to get S

Re: Using pinentry-curses interactively in Linux boot process fails (SOLVED)

2010-07-23 Thread Grant Olson
On 7/23/10 2:52 AM, Malte Gell wrote: > > > Yes and the boot partition is not encrypted, only /home But I solved it. > > Regards > Malte > Just keep in mind that if you're not encrypting the whole disk, your sensitive data can leak to /tmp and swap. I'm only bringing this up because it seems

Re: User ID without email address

2010-07-23 Thread Faramir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw escribió: > On Jul 23, 2010, at 11:51 AM, war_is_pe...@privatdemail.net wrote: ... >> I'm planning on finally uploading my key to a keyserver. Now I had the >> idea to add a primary user ID which contains only my name and no email >> addre

Re: plausibly deniable

2010-07-23 Thread Doug Barton
On Fri, 23 Jul 2010, Faramir wrote: Doug Barton escribió: On Thu, 22 Jul 2010, Faramir wrote: ... I don't see the signature, nor the claim about it being signed. I saw an attachment, but Thunderbird didn't say it was a signature... If you navigate to the message in Thunderbird and then typ

Re: Using pinentry-curses interactively in Linux boot process fails (SOLVED)

2010-07-23 Thread Malte Gell
tux.tsn...@free.fr wrote > > Yes and the boot partition is not encrypted, only /home But I solved it. > > It was an init script issue. On openSUSE there is an init script > > "earlyxdm" and it has overridden so to say the pinentry-ncurses program. > > I have now edited earlyxdm and have added my

Re: User ID without email address

2010-07-23 Thread David Shaw
On Jul 23, 2010, at 11:51 AM, war_is_pe...@privatdemail.net wrote: > Hi, > > I'm planning on finally uploading my key to a keyserver. Now I had the > idea to add a primary user ID which contains only my name and no email > address. The reason would be that i won't "lose" any signatures if I > cha

Re: User ID without email address

2010-07-23 Thread James P. Howard, II
On 7/23/10 11:51 AM, war_is_pe...@privatdemail.net wrote: > Does that make sense? Are there known problems if a (primary) user ID > doesn't contain any email address? Nope! Check out 0xE6602099 for my key with a primary uid of "James Patrick Howard, II". James -- James P. Howard, II, MPA MBCS

User ID without email address

2010-07-23 Thread war_is_peace
Hi, I'm planning on finally uploading my key to a keyserver. Now I had the idea to add a primary user ID which contains only my name and no email address. The reason would be that i won't "lose" any signatures if I change my email address and revoke the then obsolete user id. Does that make sense

Re: gpg --batch --yes --edit-key trust

2010-07-23 Thread Daniel Kahn Gillmor
On 07/23/2010 07:35 AM, m...@proseconsulting.co.uk wrote: >> On Fri 23/07/10 11:48 AM , David Smith dave.sm...@st.com sent: >>> I need to be able to ultimately trust a public key >>> in batch mode, that I have downloaded automatically with wget from an >>> internal server over HTTPS. >> >> I think

Re: plausibly deniable

2010-07-23 Thread vedaal
Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on Fri Jul 23 16:32:17 CEST 2010 : > There is no way to "prove that you did not encrypt" a message. Agreed. But it is very simple to either give up a session key to an encrypted message, or show that that the message was not encrypted to any k

Re: plausibly deniable

2010-07-23 Thread Daniel Kahn Gillmor
On 07/23/2010 09:51 AM, ved...@nym.hush.com wrote: >> From: Andre Amorim >> Do we have a "plausibly deniable" option ? > > [1] hiding the identity of the encryption: > > The 'throw-keyids' option hides which keys the message is encrypted to [...] > The government can claim, that in order to pro

re: plausibly deniable

2010-07-23 Thread vedaal
vedaal at nym.hush.com wrote on Fri Jul 23 15:51:38 CEST 2010 >and since you really didn't >encrypt the message, you can't give up the session key, and now the >government wants *all* your keys and passwords to prove you didn't >encrypt the message. Sorry :-) meant to say: and since you r

Re: plausibly deniable

2010-07-23 Thread vedaal
>Message: 4 >Date: Thu, 22 Jul 2010 21:19:50 +0100 >From: Andre Amorim >To: GnuPG Users >Do we have a "plausibly deniable" option ? GnuPG can be used for plausible deniability both for encrypting and for signing: [1] hiding the identity of the encryption: The 'throw-keyids' option hides whic

[Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM

2010-07-23 Thread Werner Koch
Realloc Bug with X.509 certificates in GnuPG == 2010-07-23 Summary === While trying to import a server certificate for a CDN service, a segv bug was found in GnuPG's GPGSM tool. It is likely t

Importing/Merging (secret) subkey into existing secret key

2010-07-23 Thread Aaron Whitehouse
Hello, How do I import a subkey into an existing secret key? I use a DSA key with El-Gamal encryption keys that I regenerate every year. At some point my keyrings got out of sync and I ended up carrying on with an older key. There was a secret subkey in the middle there that got lost and I only n

Re: Re: gpg --batch --yes --edit-key trust

2010-07-23 Thread mark
> On Fri 23/07/10 11:48 AM , David Smith dave.sm...@st.com sent: > > I need to be able to ultimately trust a public key > > in batch mode, that I have downloaded automatically with wget from an > > internal server over HTTPS. > > I think that you might be confusing "trust" with "validity". > > If

Re: gpg --batch --yes --edit-key trust

2010-07-23 Thread David Smith
m...@proseconsulting.co.uk wrote: > I need to be able to ultimately trust a public key in batch mode, that I > have downloaded automatically with wget from an internal server over HTTPS. > > I don't want to do --trust-model always, apart from the fact I want to > use a trusted key anyway, gpg --tr

gpg --batch --yes --edit-key trust

2010-07-23 Thread mark
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }I need to be able to ultimately trust a public key in batch mode, that I have downloaded automatically with wget from an internal server over HTTPS. I don't want to do --trust-model always, apart from the fact I want to use a trust

Re: Using pinentry-curses interactively in Linux boot process fails (SOLVED)

2010-07-23 Thread tux . tsndcb
> Yes and the boot partition is not encrypted, only /home But I solved it. It > was an init script issue. On openSUSE there is an init script "earlyxdm" and > it has overridden so to say the pinentry-ncurses program. I have now edited > earlyxdm and have added my own script to Requried-Start, th

Re: plausibly deniable

2010-07-23 Thread Simon Ward
On Thu, Jul 22, 2010 at 08:03:25PM -0700, Doug Barton wrote: > Can anyone else verify messages sent by Andre? His message claims to > have a PGP signature, but what's in what should be the signature > block isn't. Mutt isn’t verifying these either. The message Content-Type appears to be multipart/

Re: plausibly deniable

2010-07-23 Thread Faramir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Robert J. Hansen escribió: ... >> An interrogator as described in this thread is a movie plot threat. In >> reality, nobody is going to torture you for your key... > > The point is not about torture. The point is about interrogation. > > Imagine t