RE: Problem with Gemalto USB Shell Token V2

2010-10-12 Thread Smith, Cathy
I'm running RHEL5.5: php-5.1.6-27 pcsc-lite-1.4.4-4 These are Red Hat's version numbers. Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone:  509.375.2687 Fax:    509.375.2330 Email: cathy.sm...@pnl.gov -Original Message- From: M

RE: Problem with Gemalto USB Shell Token V2

2010-10-12 Thread Smith, Cathy
Does anyone have the Gemalto USB working with Red Hat 5.5? Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone:  509.375.2687 Fax:    509.375.2330 Email: cathy.sm...@pnl.gov -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-use

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Werner Koch
On Tue, 12 Oct 2010 09:05, d...@fifthhorseman.net said: > the kbd and mouse events. It doesn't prevent synthesized events from > triggering those inputs (e.g. clicking "OK" on a button). You are right. However it is the only protection we can use on X; it might be helpful in some cases, but as

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Werner Koch
On Tue, 12 Oct 2010 11:10, mailinglis...@hauke-laging.de said: > There are ways to prevent this. E.g. I protect important and hardly ever > changed files like ~/.gnupg/options with root priviledge (chattr immutable on It doesn't help - you need to protect gpg.conf and gpg.conf-2 and gpg.conf-2.

Re: Encrytped email attachments

2010-10-12 Thread vedaal
There is a workaround to encrypt any e-mail attachment and send it inline as part of the encrypted email message: gpg --enarmor 'attachment file' or gpg -e -a 'attachment file' and then paste the ascii armored text inline, and then encrypt the message. It has the minor advantage of getting t

RE: Scripting

2010-10-12 Thread Lee Elcocks
Im really sorry, i need this in simple terms. Putty command line looks alot better though! this is the script i intend to use SETLOCAL "C:\Program Files\putty" >"%TMP%\~ftplist.txt" DIR /B "C:\encryptedfiles" PUSHD "C:\encryptedfiles" FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~ftplist.txt"

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Robert J. Hansen
On 10/12/2010 1:54 AM, Daniel Kahn Gillmor wrote: > yes, of course this isn't going to be able to protect the user from > someone with full access to their user account or their current session. These two attack modes (root and user access) cover the overwhelming majority of instances today, so al

Re: Encrytped email attachments

2010-10-12 Thread Ben McGinnes
On 12/10/10 8:44 PM, Faramir wrote: > > Well, Enigmail could be seen as an additional library. Programmers > have one definition of libraries, the rest of the world maybe have another. Good point, it has been a while since I've thought of things that way. > But yes, Thunderbird with Enigmail

Scripting

2010-10-12 Thread Lee Elcocks
Hello all. This is my last resort. I know that this is not the realy the correct place to pose such a question. I have now succesfully set up a fully automated GPG solution, with the help of all of you on this list. However my next task is to intergrate the scripts with GPG with WINS

Re: Problem with Gemalto USB Shell Token V2

2010-10-12 Thread Mukund Sivaraman
Hi Tiago I just purchased OpenPGP cards and Gemalto USB Shell Token V2 readers (see ). They work perfectly for me. I'll explain what I use to access them. Maybe you can adapt it to your own use. 1) Start the pcscd service on your distro. This is a daemon that is distrib

OpenPGP card questions

2010-10-12 Thread Mukund Sivaraman
Hi all I just purchased 4 OpenPGP cards and am configuring one of them. Everything is working perfectly so far. I am using the Gemalto USB Shell Token V2 as the reader device with PCSC-Lite. You can see pictures of it here: 1. There is a typo on the printed sheet suppl

Re: Encrytped email attachments

2010-10-12 Thread Faramir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El 11-10-2010 12:04, Ben McGinnes escribió: ... > Most email clients which support OpenPGP/GPG either natively or via a > plug-in do the former automatically. I use Thunderbird with Enigmail > and it will encrypt an attachment to an encrypted email wi

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Hauke Laging
Am Dienstag 12 Oktober 2010 09:05:56 schrieb Daniel Kahn Gillmor: > I think that grabbing mouse and kbd prevents other tools from *reading* > the kbd and mouse events. It doesn't prevent synthesized events from > triggering those inputs (e.g. clicking "OK" on a button). But this may change in th

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Hauke Laging
Am Dienstag 12 Oktober 2010 06:34:48 schrieb Robert J. Hansen: > If my attack gives me unprivileged access I'm going to escalate it to root. "going to", yes. > This is straight out of the malware > playbook, and malware authors have a great many ways to achieve it. I think that it is not usef

Re: Confirmation for cached passphrases useful?

2010-10-12 Thread Daniel Kahn Gillmor
On 10/12/2010 02:26 AM, Werner Koch wrote: > On Tue, 12 Oct 2010 04:44, d...@fifthhorseman.net said: > >> (e.g. one process can send a simulated mouseclick to another process >> pretty easily) but that doesn't mean no one is running with a > > The standard pinentry grabs mouse and keyboard and th