On 1/12/2015 at 1:50 PM, "Patrick Schleizer"
wrote:
>> gpg --verify --output OUT SIGNEDDATA
-
>gpg --output ./out --verify ./sha512sums.asc
>
>When it exits 0, then this approach is sound, sane and fine?
-
There is a way of addition to clearsigned messages that is not detectable:
Add
On Mon, 12 Jan 2015 19:46, r...@sixdemonbag.org said:
> ... What's going on here? It seems like an alarming regression if
> GnuPG 2.1.1 is unable to decrypt symmetrically-encrypted files made
> with GnuPG 2.0.x.
I did some quick tests by encrypting to one symmetric key and two public
keys using
Just thought I'd make you aware of this horrendous website, which is charging
people for pre-generated GnuPG key pairs with "vanity" key ids:
https://vanitykeys.io/
I read about it earlier today on the following thread, where the author of the
website has been talking about it:
https://news.
> Robert already gave you a method to deal with non-text items.
Yeah, except that I think I screwed up the order of arguments to tar.
Been using UNIX for over 20 years and I still do that from time to time.
"tar cf foo-1.7 foo-1.7.tar" should be "tar cf foo-1.7.tar foo-1.7".
smime.p7s
Descript
On 1/12/15 10:44 AM, Patrick Schleizer wrote:
When using "gpg --armor --detach-sign some-file-version-c" a file:
some-file-version-c.asc will be created.
But an adversary position to arbitrarily change file names on a mirror
or so could rename it to some-file-version-d and some-file-version-d.as
> On a Fedora 20 box running GnuPG 2.0.20-something (.25?), I made a
> backup of several sensitive files -- including my keyrings -- and used
> GnuPG to symmetrically encrypt the archive. I can decrypt this archive
> on every 2.0.whatever installation I have, but my one GnuPG 2.1.1
> installation,
> Have you considered these two options:
> 1) gpgconf says the ttl is a 32-bit unsigned number. Have you tried entering
> the value 4294967295 and making a mental note to rethink that strategy when
> your system reaches an uptime of more than 136 years? (I got the impression
> you didn't have t
On 12/01/15 18:45, Rob Fries wrote:
> I believe the proper way to do this would be through gpg-connect-agent.
You're mistaken; it's as Patrick said through gpgconf, the program to
programmatically query the configuration.
$ gpgconf --list-options gpg-agent|grep ^max-cache-ttl: |cut -d: -f 10
But
On 12/01/15 21:48, Rob Fries wrote:
> But I am not looking for the value in the "configuration", I am looking for
> the "time remaining" until a passphrase expires.
Oh ah!
Have you considered these two options:
1) gpgconf says the ttl is a 32-bit unsigned number. Have you tried entering the
valu
> At the moment one has to remember a passphrase for each keypair,
> which becomes more difficult as you have several emails each
> associated with different key pairs. Would it be possible to have
> one passphrase for the whole bunch of keypairs?
Sure, just use the same passphrase for each cert
Peter,
Thanks for the reply, but this is what Patrick and I discussed of ticket.
> You're mistaken; it's as Patrick said through gpgconf, the program to
> programmatically query the configuration.
But I am not looking for the value in the "configuration", I am looking for the
"time remaining"
Added Hauke, because he seems interested in OpenPGP notations [1] that I
will talk about below.
Robert J. Hansen:
>> Is there a way to make gnupg sign the name of the file as well? So
>> verification would fail if file names were renamed?
>
> Drop version 1.7 of your 'foo' program into a director
Hi
At the moment one has to remember a passphrase for each keypair,
which becomes more difficult as you have several emails each associated
with different key pairs. Would it be possible to have one passphrase for
the whole bunch of keypairs?
Sandeep Murthy
s.mur...@mykolab.com
signature.asc
Is there a way to make gnupg sign the name of the file as well? So
verification would fail if file names were renamed?
Drop version 1.7 of your 'foo' program into a directory called
'foo-1.7'. Now:
tar cf foo-1.7 foo-1.7.tar && gpg --sign foo-1.7.tar
Congratulations. Even if someone changes
Werner Koch:
> On Mon, 12 Jan 2015 03:19, patrick-mailingli...@whonix.org said:
>
>> Suppose a file has been `--clearsign`ed. Then an adversary pretended or
>> appended extraneous content.
>
> That is what the signature is all about ;-). Use
>
> gpg --verify --output OUT SIGNEDDATA
>
> to wr
On a Fedora 20 box running GnuPG 2.0.20-something (.25?), I made a
backup of several sensitive files -- including my keyrings -- and used
GnuPG to symmetrically encrypt the archive. I can decrypt this archive
on every 2.0.whatever installation I have, but my one GnuPG 2.1.1
installation, on a
Hi!
When using "gpg --armor --detach-sign some-file-version-c" a file:
some-file-version-c.asc will be created.
But an adversary position to arbitrarily change file names on a mirror
or so could rename it to some-file-version-d and some-file-version-d.asc.
That could trick the verifier into beli
After some off list communication, I wanted to circle back here with my
findings.
To recap, and perhaps more clearly:
I am attempting to query from gpg-agent the time remaining before a passphrase
expires for a key due to the max-cache-ttl setting. I believe the proper way
to do this would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Is it possible to have one masterkey with two subkeys (sbind), one for
encrypt only and one for sign only, and each of them to have different
passphrases?
Additionally, how can I select in enigmail which userID I want to sign
when signing a key w
Hi Nicolai,
> So, please watch it completely at:
>> http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html#video:43:10
It would've been better not to induce to scripts. Video file here:
http://c3media.vsos.eth
On Wednesday 07 January 2015 at 03:30:55, MFPA wrote:
> > But I have seen some of the more
> > paranoid privacy folks doing 4096 key pairs.
>
> I'm sure I have even seen discussions about 16384-bit. I seem to
> recall somebody posting where the code would need changing to allow
> this, but cautioni
On Mon, 12 Jan 2015 03:19, patrick-mailingli...@whonix.org said:
> Suppose a file has been `--clearsign`ed. Then an adversary pretended or
> appended extraneous content.
That is what the signature is all about ;-). Use
gpg --verify --output OUT SIGNEDDATA
to write the _verified_ content of t
Hi!
Suppose a file has been `--clearsign`ed. Then an adversary pretended or
appended extraneous content.
How can such a situation be detected? Any gpg built in way or would one
have to use a third party solution or invent one?
Perhaps code talks more:
https://gist.github.com/adrelanos/defdf9d693
23 matches
Mail list logo
