Hi Cyrus,
1. This is the SHA256 checksum I get for GnuPG-2.2.20.dmg:
39970099819616d4b66a4e471ce26db97384948d0f375e02aae9d9de1d69baa5
2. The signature (GnuPG-2.2.20.dmg.sig) checked out for me:
gpg: Signature made Sat Mar 21 12:42:46 2020 CET
gpg:using RSA key 4F9F89F5505AC1D1A2
On 2020-05-25 at 03:13 -0400, Robert J. Hansen wrote:
> If you can convince the list that the FAQ needs updating, I'll update
> it. But otherwise, I'm going to consider this yet another opinion on
> what the right thing to do is, and although I certainly think it's on
> topic for the list, I'm not
There are 2 files in that gnupg directory that I'm not sure the purpose
of. I know private keys are stored in a directory called
private-keys-v1.d and public keys are stored in pubring.kbx.
I have a file called PAPubring.gpg (111 bytes) and PAsecring.gpg (113
bytes) I'm guessing they are too small
That is what I had figured. Like I said I was just bored and the though
popped in my head if that was something ever discussed.
On 5/25/2020 12:06 AM, Robert J. Hansen wrote:
>> Obviously I know you can install it an encrypted volume (depending on
>> your OS) but was curious if the program or eve
If someone does not want to remember a passphrase then it goes to
something they have. Either some sort of key digital or "analog" or
biometric. Granted changing that is more limited but some get
creative, 10 fingers and 10 toes to choose from.
I don't think there is any perfect system. Passwor
I'd like to see it updated. I think it would be useful utility to have.
On 5/25/2020 2:49 PM, Robert J. Hansen wrote:
>> Having only heard of it just now, I was surprised it's not included in
>> Debian,
>> until I saw the word of caution and lack of commit history.
> The word of caution is becaus
> Having only heard of it just now, I was surprised it's not included in
> Debian,
> until I saw the word of caution and lack of commit history.
The word of caution is because I'm not actively maintaining it: the lack
of commit history is because it's literally a project I threw together
over a
John Scott via Gnupg-users wrote:
> On Sunday, May 24, 2020 12:18:51 PM EDT Robert J. Hansen wrote:
> > > But using Sherpa is probably a good bet.
> >
> > Good Lord, it's been a while since I wrote that. The Windows MSI
> > installer should still work, though. If there's interest in other
> >
On Sunday, May 24, 2020 12:18:51 PM EDT Robert J. Hansen wrote:
> > But using Sherpa is probably a good bet.
>
> Good Lord, it's been a while since I wrote that. The Windows MSI
> installer should still work, though. If there's interest in other
> formats, I'll see about updating it.
Having onl
On 25/05/2020 09:47, Michał Górny wrote:
> ...and that's really a good thing they can do that instead of choosing
> a more painful way of getting your fingerprints.
How is that an advantage compared to passphrases? As soon as someone
threatens to go all XKCD 538 on you[1], just give them your pass
On Mon, 2020-05-25 at 10:01 +0200, Peter Lebbing wrote:
> On 25/05/2020 09:47, Michał Górny wrote:
> > ...and that's really a good thing they can do that instead of choosing
> > a more painful way of getting your fingerprints.
>
> How is that an advantage compared to passphrases? As soon as someon
On Mon, 2020-05-25 at 09:36 +0200, Peter Lebbing wrote:
> On 24/05/2020 21:39, Mark wrote:
> > I know there are other options maybe even some that use
> > biometrics to decrypt the database.
>
> I am very wary of biometrics for authentication purposes. There are so
> many examples where the vendor
On 24/05/2020 21:39, Mark wrote:
> I know there are other options maybe even some that use
> biometrics to decrypt the database.
I am very wary of biometrics for authentication purposes. There are so
many examples where the vendor assured us it was working really well,
and researchers easily crack
> Would that be okay?
>
> Would that be worthwhile?
By all means, go for it! And if you can get the community to say "yeah,
that's a good idea" I'll happily merge 'em in.
I know I keep on saying "if the community wants it...". That's the hard
and fast rule for the FAQ: it represents the consen
> The point is, if I met you as Raubritter, a government-issued id showing
> a different name is unlikely to help.
I refer you back to the part of the FAQ which says the certificate
signing process is controversial because every Tom, Dick, and Harry has
their own idea on how to do it.
If you can
> Obviously I know you can install it an encrypted volume (depending on
> your OS) but was curious if the program or even the "pgp standard" took
> that into consideration or am I just too bored and that it's a stupid idea?
The OpenPGP standard dates back to the mid-1990s, when PGP 3 was first
bei
16 matches
Mail list logo
