Re: Restarting gnupg-agent inside X session

On 02/28/2011 08:59 PM, Daniel Kahn Gillmor wrote: > On 02/28/2011 08:41 PM, David Tomaschik wrote: >> Other than on systems where $HOME is on a filesystem that does not >> support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with >> the use of --use-standard-socket? Seems like it wo

Re: Security of the gpg private keyring?

On 02/28/2011 09:08 PM, Robert J. Hansen wrote: >> There are probably many more issues like that tucked away once you start >> to think seriously about implementing the feature properly. > > There's a lot of stuff in the literature on this subject. This sort of > behavior is usually called ORCON

Re: hashed user IDs [was: Re: Security of the gpg private keyring?]

On 02/28/2011 08:54 PM, Daniel Kahn Gillmor wrote: > On 02/28/2011 07:44 PM, Grant Olson wrote: > > You can pull a copy of a stalled/never-submitted Internet-Draft from here: > > git://lair.fifthhorseman.net/~dkg/openpgp-hashed-userids > > If anyone wants to push this further, please let me kn

Re: Restarting gnupg-agent inside X session

On 02/28/2011 08:41 PM, David Tomaschik wrote: > Other than on systems where $HOME is on a filesystem that does not > support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with > the use of --use-standard-socket? Seems like it would make restarting > GPG an easier task. I occasionall

Re: Security of the gpg private keyring?

> There are probably many more issues like that tucked away once you start > to think seriously about implementing the feature properly. There's a lot of stuff in the literature on this subject. This sort of behavior is usually called ORCON, for "ORiginator CONtrolled" -- referring usually to i

Re: Security of the gpg private keyring?

On 02/28/2011 08:15 PM, Hauke Laging wrote: > Am Dienstag 01 März 2011 01:32:05 schrieb Grant Olson: > >> If I upload a key to >> pool1.sks-keyservers.net, and it tries to sync with >> pool2.sks-keyservers.net, how do you maintain the custody chain? > > Can you explain what custody chain means in

hashed user IDs [was: Re: Security of the gpg private keyring?]

On 02/28/2011 07:44 PM, Grant Olson wrote: > I think something similar could be done with hashed emails. Just some > (non)standard like: > > hashed_uid://$SHA1_OF_EMAIL/$RIPEMD_OF_EMAIL > > But using something better than my obviously naive hash-collision > prevention algorithm. this is (very r

Re: Restarting gnupg-agent inside X session

On 02/28/2011 08:20 PM, Daniel Kahn Gillmor wrote: > On 02/28/2011 06:49 PM, David Tomaschik wrote: >> Each process has its own copy of the environment inherited from its >> parent, so it's not possible to change the GPG_AGENT_INFO variable for >> all processes. You could start gpg-agent with --us

Re: Restarting gnupg-agent inside X session

On 02/28/2011 06:49 PM, David Tomaschik wrote: > Each process has its own copy of the environment inherited from its > parent, so it's not possible to change the GPG_AGENT_INFO variable for > all processes. You could start gpg-agent with --use-standard-socket, > and programs should fall back to th

Re: Security of the gpg private keyring?

Am Dienstag 01 März 2011 01:32:05 schrieb Grant Olson: > If I upload a key to > pool1.sks-keyservers.net, and it tries to sync with > pool2.sks-keyservers.net, how do you maintain the custody chain? Can you explain what custody chain means in this context? My simple thought about that is that on

Re: Security of the gpg private keyring?

On 2/28/11 7:32 PM, Grant Olson wrote: > Both problems are, as they say in engineering-speak, non-trivial. And this isn't even getting into the ways such a feature could/would be abused. Once you create an enforceable mechanism to say "this key cannot be propagated by anyone but the owner," someo

Re: Security of the gpg private keyring?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 28 February 2011 at 11:38:31 PM, in , David Shaw wrote: > I think the problem here is the large size of the > deployed infrastructure that expects user IDs to have > email addresses in them Apart from email clients, what infrastructu

Re: Security of the gpg private keyring?

On 2/28/11 7:09 PM, Daniel Kahn Gillmor wrote: > On 02/28/2011 06:38 PM, David Shaw wrote: >> I think the problem here is the large size of the deployed infrastructure >> that expects user IDs to have email addresses in them combined with the >> relatively few people who are asking for this featu

Re: Security of the gpg private keyring?

On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote: >> I think key UIDs generally reveal more information than I am >> comfortable with. For example, why does your UID need to contain your >> email address in plain text rather than as a hash? Searching for that >> email address would need to retur

Re: Question regarding shared keys

On Mon, Feb 28, 2011 at 5:38 PM, Denise Schmid wrote: > Thanks all for your help. > > Now, the story gets even more funny: They claim to have used PGP split-key, > then encrypted the files with a randomized key, then encrypted the key with > individual keys. > > So far so bad. But now comes the b

Re: Security of the gpg private keyring?

On 2/28/11 7:09 PM, David Tomaschik wrote: > On 02/28/2011 05:40 PM, MFPA wrote: >> >> I think key UIDs generally reveal more information than I am >> comfortable with. For example, why does your UID need to contain your >> email address in plain text rather than as a hash? Searching for that >> em

Re: Question regarding shared keys

> Is this a movie? lol... worse: it is reality. I hope I'll be able to post the docs one day soon... -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl ___ Gnupg-users mailing list Gnupg-users@gn

Re: Security of the gpg private keyring?

On 02/28/2011 05:40 PM, MFPA wrote: > Hi > > > On Monday 28 February 2011 at 3:47:16 PM, in > , > Guy Halford-Thompson wrote: > > >> Thanks for the help, didnt really occur to me how much >> info is available in the public keyring, guess you cant >> do much about it tho. > > > I think key UID

Re: Restarting gnupg-agent inside X session

On 02/28/2011 06:17 PM, Marco Steinacher wrote: > Hi, > > I use a OpenPGP smartcard with gnupg 2.0.14 and Ubuntu for different > tasks. From time to time I face the following problem: The gpg-agent > crashes for some reason after entering the PIN, 'ps' reports the daemon > process as a zombie > >

Re: Security of the gpg private keyring?

On 02/28/2011 06:38 PM, David Shaw wrote: > I think the problem here is the large size of the deployed infrastructure > that expects user IDs to have email addresses in them combined with the > relatively few people who are asking for this feature. To make this change, > you'd have to have a ke

Re: Question regarding shared keys

On 02/28/2011 05:38 PM, Denise Schmid wrote: > Thanks all for your help. > > Now, the story gets even more funny: They claim to have used PGP split-key, > then encrypted the files with a randomized key, then encrypted the key with > individual keys. > > So far so bad. But now comes the best: Th

Re: Security of the gpg private keyring?

On Feb 28, 2011, at 5:40 PM, MFPA wrote: > On Monday 28 February 2011 at 3:47:16 PM, in > , > Guy Halford-Thompson wrote: > > >> Thanks for the help, didnt really occur to me how much >> info is available in the public keyring, guess you cant >> do much about it tho. > > > I think key UIDs gen

Restarting gnupg-agent inside X session

Hi, I use a OpenPGP smartcard with gnupg 2.0.14 and Ubuntu for different tasks. From time to time I face the following problem: The gpg-agent crashes for some reason after entering the PIN, 'ps' reports the daemon process as a zombie STAT START TIME COMMAND Zs Feb26 0:01 [gpg-agent] and '

Re: PGP/MIME considered harmful for mobile

On 2/28/11 12:10 PM, David Shaw wrote: > Well, I suppose that's up to you whether you want to trust RM or not. > A question on trustworthiness is outside crypto, and not what the > discussion was about here in any event. First it was, "even signatures from non-validated keys belonging to non-trust

Re: Security of the gpg private keyring?

On 2/28/11 5:40 PM, MFPA wrote: > For example, why does your UID need to contain your email address in > plain text rather than as a hash? It doesn't. User IDs are freeform text fields. Put Morse code in there for all I, or anyone else, cares. Just don't expect others to do likewise, or for the

Re: PGP/MIME considered harmful for mobile

On Feb 28, 2011, at 5:47 PM, Robert J. Hansen wrote: > On 2/28/11 12:10 PM, David Shaw wrote: >> Well, I suppose that's up to you whether you want to trust RM or not. >> A question on trustworthiness is outside crypto, and not what the >> discussion was about here in any event. > > First it was,

Re: Security of the gpg private keyring?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 28 February 2011 at 3:47:16 PM, in , Guy Halford-Thompson wrote: > Thanks for the help, didnt really occur to me how much > info is available in the public keyring, guess you cant > do much about it tho. I think key UIDs generally

Re: Question regarding shared keys

Thanks all for your help. Now, the story gets even more funny: They claim to have used PGP split-key, then encrypted the files with a randomized key, then encrypted the key with individual keys. So far so bad. But now comes the best: They claim that, because one of the managers wasn't able to

Re: PGP/MIME considered harmful for mobile

On Feb 28, 2011, at 4:59 PM, MFPA wrote: >> It is reasonable >> that if someone was being masqueraded, that person >> would speak up and challenge the forger (e.g. "Hey, >> you're not Martin! I'm the real Martin, and I can >> prove it by signing this message with the same key I've >> used all alo

Re: PGP/MIME considered harmful for mobile

On 2/28/11 4:59 PM, MFPA wrote: > I'm sure Martin would have something to say *if* he > spotted his key's signature on messages he didn't write... Yes: but I suspect that may be a big "if." If you see a message is signed by an unknown key 0xDEADBEEF, do you really notice the 0xDEADBEEF and go, "h

Re: request information about symetric crypto

On 2/28/11 11:01 AM, florent ainardi wrote: > as regards symetric cipher algorithm, does algorithm included in the > library manage key with a size greater than 128 bits Yes. > in asymetric mode for the RSA, does the size of the module are > greater or equal to 2048 bits Yes (up to 4096). > do

Re: PGP/MIME considered harmful for mobile

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 28 February 2011 at 3:02:08 AM, in , David Shaw wrote: > It is reasonable > that if someone was being masqueraded, that person > would speak up and challenge the forger (e.g. "Hey, > you're not Martin! I'm the real Martin, and I can

Re: PGP/MIME considered harmful for mobile

On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote: > On 2/28/11 10:13 AM, Aaron Toponce wrote: > > If a key has falsified signatures, it should be easy enough to find out. > > Why? > > I have never understood the tendency of people, particularly on this > list, to assume that peopl

Re: plateform supported ?

On 2/28/11 12:42 PM, Benjamin Donnachie wrote: > On 28 Feb 2011, at 17:29, florent ainardi > wrote: >> >> i have a simple question >> > May I suggest that you consolidate all your queries into a single email? > And perhaps invest 15-20 minutes giving the software a b

Re: plateform supported ?

On Mon, 28 Feb 2011 17:42:26 + Benjamin Donnachie articulated: > On 28 Feb 2011, at 17:29, florent ainardi > wrote: > > i have a simple question > > May I suggest that you consolidate all your queries into a single > email? And while you are at it, lose the HTML formatting. Plain ASCII te

Re: plateform supported ?

On Mon, Feb 28, 2011 at 12:42 PM, Benjamin Donnachie wrote: > On 28 Feb 2011, at 17:29, florent ainardi wrote: > > i have a simple question > > May I suggest that you consolidate all your queries into a single email? > Ben How about all lists? http://groups.google.com/group/cryptopp-users http:/

plateform supported ?

hello i have a simple question do you confirm that the library is supported for 32/64 bit windows systems and 32/64 bit linux system regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: plateform supported ?

On 28 Feb 2011, at 17:29, florent ainardi wrote: i have a simple question May I suggest that you consolidate all your queries into a single email? Ben Sent from my iPhone ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mail

Re: Question regarding shared keys

On 2/28/11 2:07 AM, Denise Schmid wrote: >> It depends on what you mean by a "shared key". There is just giving a >> copy of the key to multiple people (in which case any one of them can use >> it), >> or there are various key splitting algorithms where a key is broken into a >> number of pieces,

question on random number ?

hi for the generation of random number, does the library has its own algorithm or does it call another library like GMP regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

need information about block cipher

hi as regards block cipher, does the algorythm included in the library has a resolution greater than 128 bit regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME considered harmful for mobile

On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote: > On 2/28/11 9:12 AM, David Shaw wrote: >> In this particular case, though, key signatures aren't even necessary >> - RM just needs to prove that he is the same entity that signed the >> other messages to the list. That is, he's "real" in the

vulnerability check and test ?

hello do you know if at this time, the libray has vulnerability referenced in the CVE ? and if yes is there any patch available ? regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

is there any test on prime number generation in the lib

hello again if p and q are two primes numbers, is there any test during the generation of these numbers ? some tests like : does p = q ? do you apply the standard and recommandation for the generation of prime number regards ___ Gnupg-users mailing li

random number specification ??

hello does the internal state for re-treatment of random number is greater than 128 bits regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

request information about symetric crypto

hi as regards symetric cipher algorithm, does algorithm included in the library manage key with a size greater than 128 bits regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME considered harmful for mobile

On 2/28/11 9:12 AM, David Shaw wrote: > In this particular case, though, key signatures aren't even necessary > - RM just needs to prove that he is the same entity that signed the > other messages to the list. That is, he's "real" in the sense that > he is the Martin that the list knows and has be

random number information question ??

hi for random number, do you know if the re-treatment algorythm has a non volatil memory as specify in the standard for the generation of big random number regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinf

request information about RSA

hi in asymetric mode for the RSA, does the size of the module are greater or equal to 2048 bits regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME considered harmful for mobile

On 2/28/11 10:13 AM, Aaron Toponce wrote: > If a key has falsified signatures, it should be easy enough to find out. Why? I have never understood the tendency of people, particularly on this list, to assume that people who are technologically skilled and up to no good will not devote more than th

prime number generation question ?

hello as regards prime number generation, do you have more detail on how are built prime number regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Security of the gpg private keyring?

On 2/28/11 9:09 AM, David Shaw wrote: > You can do quite a lot with stuff like this. Who signed who can > tell you who this person has met, and often where. It should be emphasized that *can* is not the same thing as *does*; and it doesn't necessarily allow you to do it with a high degree of conf

Re: Security of the gpg private keyring?

Thanks for the help, didnt really occur to me how much info is available in the public keyring, guess you cant do much about it tho. -- Guy Halford-Thompson - http://www.cach.me/blog ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnup

Re: Question regarding shared keys

On 02/28/2011 07:07 AM, Denise Schmid wrote: ...The background of my question is that a company claims that one of their > managers has forgotten the key and therefore, they can't decrypt some files. Do you know what program was used to encrypt the files? Mark R. _

Re: PGP/MIME considered harmful for mobile

On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote: > Unfortunately, barring the case where you have an actual trust path to either > Martin, key signatures don't tell you much. After all, FM could easily make > up dozens of fake people keys and use them to sign his key. Yes. Understood

Re: Question regarding shared keys

>Date: Mon, 28 Feb 2011 08:07:03 +0100 >From: "Denise Schmid" >To: gnupg-users@gnupg.org >Subject: Re: Question regarding shared keys >Message-ID: <20110228070703.164...@gmx.net> >Content-Type: text/plain; charset="utf-8" >Does this mean that, if you want to encrypt >a file, everybody has to use

Re: PGP/MIME considered harmful for mobile

On Feb 28, 2011, at 8:18 AM, Aaron Toponce wrote: > On 02/27/2011 08:27 PM, Robert J. Hansen wrote: >> FM: [message] >> RM: Hey, that's not me! I'm me. See? I've signed this with the same cert >> I've used for everything else on this list. >> FM: No, I'm the real Martin. I didn't sign up for

Re: Security of the gpg private keyring?

On Feb 28, 2011, at 6:47 AM, Guy Halford-Thompson wrote: > Assuming I have password protected secret keys, can I assume that the > gpg private keyring is secure? I.e., if my private keyring was to > fall into malicious hands, would the aforesaid hands be able to > extract any useful information f

Re: Question regarding shared keys

On Feb 28, 2011, at 2:07 AM, Denise Schmid wrote: >> It depends on what you mean by a "shared key". There is just giving a >> copy of the key to multiple people (in which case any one of them can use >> it), >> or there are various key splitting algorithms where a key is broken into a >> number

Re: Security of the gpg private keyring?

On 02/28/2011 04:47 AM, Guy Halford-Thompson wrote: > Assuming I have password protected secret keys, can I assume that the > gpg private keyring is secure? I.e., if my private keyring was to > fall into malicious hands, would the aforesaid hands be able to > extract any useful information from my

Re: PGP/MIME considered harmful for mobile

On 02/27/2011 08:27 PM, Robert J. Hansen wrote: > FM: [message] > RM: Hey, that's not me! I'm me. See? I've signed this with the same cert > I've used for everything else on this list. > FM: No, I'm the real Martin. I didn't sign up for this mailing list until > last week. You signed up here

Re: Security of the gpg private keyring?

Am Montag 28 Februar 2011 12:47:24 schrieb Guy Halford-Thompson: > I am not taking about super-hackers cracking the keys here here... > just things like metadata associated with the keys... email addresses, > who has signed them, expiry date etc... All that is contained in the public keyring. H

Re: Android PGP/MIME test results

On Sunday February 27 2011 15:26:43 Grant Olson wrote: > Provider: Boost > Manufacturer: Motorola > Model: I1 > Droid version: 1.5 > > This phone has two mail applications by default, one called 'email' > and another called 'gmail'. Both displayed PGP/MIME messages > without any trouble. Neither

Security of the gpg private keyring?

Assuming I have password protected secret keys, can I assume that the gpg private keyring is secure? I.e., if my private keyring was to fall into malicious hands, would the aforesaid hands be able to extract any useful information from my password protected keys? I am not taking about super-hacke

Re: Android PGP/MIME test results

> - The service provider Telekom.de 9.0 > - The make and model of the phone Apple iPhone 4 (modell: MC603DN) > - The iOS version 4.2.1 (8C148) > - The email application(s) installed iPhone Mail (8C148) Mime-Version: 1.0 > - If said application(s) displayed the text of a PGP/MIME message so

Re: PGP/MIME considered harmful for mobile

On 28/02/11 4:35 PM, Grant Olson wrote: > On 02/27/2011 11:48 PM, Ben McGinnes wrote: >> >> Heh. Are you aiming for some kind of simultaneously expired and >> accepted key? Schrödinger's Key, if you will. >> > > Yep, basically I will set my key to expire one day later and push it > to the keyser