ver tinkered
with it, but BouncyCastle can be found here [1].
[0] https://github.com/guardianproject/gnupg-for-java
[1] http://bouncycastle.org/java.html
--
--
Antony Prince
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
nd it unless you
use MinGW or something like it, but that will only further
complicate the process.
--
--
Antony Prince
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
You need to verify the key that signed it. A valid signature means nothing. A
malicious actor could sign any message or days with a valid, verifiable key and
send it to you. The heart of the matter is the key that signed it. Gnupg tells
you which key signed the data, usually by long key ID IIRC.
use via compile time flags. If I'm wrong
there, I'm sure someone else on the list can point you in the right
direction.
--
--
HTH,
Antony Prince
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 4/13/2017 1:40 PM, Antony Prince wrote:
> On 4/13/2017 7:06 AM, Jerry wrote:
>> On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated:
>>
...
>>> When I try to connect to the server with putty using the "Attempt
>>> authentication using Pageant
On 4/13/2017 7:06 AM, Jerry wrote:
> On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated:
>
...
>>
>> OS: Windows 7 SP1 x64
>> Putty: 0.63
>>
...
>> When I try to connect to the server with putty using the "Attempt
>> authentication usin
My old key is expiring at the beginning of next month, so I've generated
a new set of keys. Dropped down to 2048 from 4096 RSA since 4096 seemed
a bit of overkill and have the master key in a single location. That's a
different discussion. Anyway, using my new Authentication key on Linux
with SSH s
On 2/6/2017 6:01 PM, Miroslav Rovis wrote:
> Maybe just if anybody can confirm whether another key is or is not
> available from the common keyservers, as that is the only one that I
> haven't managed to receive yet, this one:
>
> 3F533109A9509B14
$gpg --keyserver hkp://pool.sks-keyservers.net --
e private key(s) is/are
all you need since it contains all information associated with that key.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19
si
On 1/25/2017 4:36 PM, sivmu wrote:
> Basically if you can collect a few hundred GB of data, it is trivial to
> calculate the key. There is a prove of concept for https connections,
> although I believe this is especially relevant for VPN connections
> (openvpn uses a 64 bit ciphers (blowfish) by de
On 1/20/2017 8:39 AM, unknown wrote:
> Hi,
>
>
> it worked fine, altough i got this message on the terminal:
>
> process@process ~ $ tar cf gnupg-backup.tar .gnupg/
> tar: .gnupg/S.gpg-agent: socket ignored
>
> Is this important?
No. It just means that tar skipped the socket file for gpg-agen
On 1/12/2017 5:35 PM, Antony Prince wrote:
> On 1/12/2017 6:14 AM, Ali Hassan Hamed Al Ajmi (eChannels) wrote:
>>
>> Does *"GnuPG" *support creating CR (CSR) that is compatible with
>> Microsoft CA (from command line/ other tools with GUI)?
>
> Not sure on th
On 1/12/2017 6:14 AM, Ali Hassan Hamed Al Ajmi (eChannels) wrote:
>
> Does *"GnuPG" *support creating CR (CSR) that is compatible with
> Microsoft CA (from command line/ other tools with GUI)?
Not sure on that one.
> If Yes, how to generate a certification request that is compatible with
> Micro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On October 7, 2016 11:52:09 AM EDT, "Robert J. Hansen"
wrote:
>A while ago someone was trying to update gnupg-for-java to work with a
>more
>modern environment. Does anyone remember who did that work, or where I
>could find it? The version of gnu
5-05-06 [expires: 2017-05-05]
uid Antony Prince
uid Antony Prince
uid Antony Prince
uid Antony Prince
ssb 4096R/ADB13E99 2015-05-06 [expires: 2017-05-05]
NOTE: uids have been altered here. They show correctly in the actual output.
a
26 Sep 12 13:51 /usr/local/bin/pinentry ->
/etc/alternatives/pinentry
antony@050415:~$ /etc/alternatives/pinentry
OK Your orders please
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup
On September 12, 2016 6:58:08 AM EDT, Kristian Fiskerstrand
wrote:
>
>I'd suggest creating another primary key for explicit local
>certification purposes you never use anywhere else, and can rotate that
>as often as wanted to start fresh from time to time.
That's what I do. I have a separate key
I know this has got to be something simple. When invoking gpg2 normally
to decrypt, I get:
gpg: encrypted with 4096-bit RSA key, ID 0E98CD22ADB13E99, created
2015-05-06
"Antony Prince "
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
I hav
to the remote machine so you get a curses pinentry or some such. To get
it to perform a call to pinentry on your local machine would require the
call to be routed back through the tunnel.
Neither response is much help, I know, but just my thoughts on what the
issue is. Hopefully, one of the gurus on the
GPGME is an interface to access the functions of gpg. You can do
this directly with your program and gpg without GPGME, but it would
likely be fairly cumbersome which is why GPGME came about. That's merely
my understanding of it and I could be wrong.
--
Antony Prince
Key ID: 0xAF3D40873
On 5/28/2016 6:04 PM, Bjoern Kahl wrote:
>
> Because I have *tons* of mails (and other archived data files) that
> have been signed and / or encrypted with such keys and I (I have to
> use such a strong word here) *insist* on being able to continue to
> read these mails and files whenever the
gt;
I just realized the project I linked was the exact one you were talking
about. :-) In this case though, I'd say there's no need to re-invent the
wheel. They've already got it ported to Android and if you can fit it to
your needs, then I'd go with that.
--
Antony Princ
gt;
Guardianproject has a port of gnupg to android[1] that might be of some
use to you.
[1]https://github.com/guardianproject/gnupg-for-android
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks
On March 25, 2016 9:24:00 AM EDT, Brad Rogers wrote:
>On Fri, 25 Mar 2016 11:11:28 +0100
>Guan Xin wrote:
>
>Hello Guan,
>
>>Why does it happen?
>
>Google are a law unto themselves.
May be a reverse lookup issue. Werner mentioned he added a V6 address to the
server yesterday. Some MTA's do a r
On March 25, 2016 12:34:51 AM EDT, Antony Prince wrote:
>On March 24, 2016 11:17:58 PM EDT, "Marcio Barbado, Jr."
> wrote:
>>Not sure if it's counterintuitive once tossing can be seen as
>>abandoning inertia.
>>
>>
>>Marcio Barbado, Jr.
>&g
On March 24, 2016 11:17:58 PM EDT, "Marcio Barbado, Jr."
wrote:
>Not sure if it's counterintuitive once tossing can be seen as
>abandoning inertia.
>
>
>Marcio Barbado, Jr.
>
>
>
>On Fri, Mar 18, 2016 at 9:18 AM, Peter Lebbing
> wrote:
>> On 14/03/16 10:37, Fulano Diego Perez wrote:
>>>
>https://
>On February 26, 2016 2:23:12 PM EST, Anthony Papillion
> wrote:
>
>I recently compiled the latest version of GnuPG 2 from source
>(.29, I believe) and, when I tried to use it, was told that I had
>invalid options in my .conf file. Specifically, it told me that ZLIB
>and ZLIB2 weren't supported
On 1/28/2016 4:32 AM, Robert J. Hansen wrote:
...
>
> Antony Prince was the guy updating Guardian Project's code. See the
> thread at:
>
> http://www.gossamer-threads.com/lists/gnupg/users/73146
>
> According to Antony, you can grab his updates from:
>
>
On 1/28/2016 12:45 AM, Antony Prince wrote:
> F:\Downloads>gpg --version
> gpg (GnuPG) 2.1.10
I also just realized that you said BAD signature with gnupg _stable_ and
my test was not with stable. My apologies.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A
Standard Time
gpg: using RSA key 0x249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [full]
Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482
anproject/gnupg-for-java
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19
signature.asc
Description: OpenPGP digi
ated and do not share
keys to other keyservers. The largest pool of public keyservers that I
know of is the SKS pool, but there may be others that I'm unaware of.
[1]https://sks-keyservers.net/
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 40
the chain for the offending IP, as
long as you have a LOG rule before the packet is dropped of course.
[1]http://cipherdyne.org/psad/
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://keyserver.blazrsoft.com/pks/lookup?op=g
#x27;m assuming it is fine. Haven't looked at the iptables
in a while, so I don't remember specifically. Thanks for the heads-up
though.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://keyserver.blazrso
h: 1 valid: 2 signed: 0 trust: 1-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2016-10-28
gpg: Total number processed: 1
gpg: imported: 1
[1]https://sks-keyservers.net/overview-of-pools.php
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591FF17F7A4AA8D0F65
igned by that one as well. My name may or may not
really be "Antony Prince", but the keys created with that UID are
chained together by their signatures. I could go even further and make a
short web page listing the previous and current fingerprints and why I
revoked the previous key (call
For those who'd prefer a TLS encrypted download over plain FTP, the
compiled binaries can be found at
https://www.blazrsoft.com/gnupg-for-java . They are the exact same files
as the ftp downloads, just symlinked into the web server.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Finger
during the Travis build in case
anyone wants to verify that the hosted files are genuinely the ones
created from the source by Travis.
[1]ftp://blazrsoft.com/gnupg-for-java/
[2]https://github.com/HellUnit/gnupg-for-java
[3]https://travis-ci.org/HellUnit/gnupg-for-java
--
Antony Prince
Key ID
On 09/10/2015 05:17 PM, Antony Prince wrote:
> without gpgme installed). I'm not 100% sure how to test the
> functionality of the binary and library, so if anyone wants to give it a
> go, I'd be glad to hear the results. The ftp server[2] allows for
> anonymous download.
&g
On 09/09/2015 10:45 PM, Antony Prince wrote:
> since maven is actually controlling the ant build. My objective
> currently is to produce the binaries for Linux since the default maven
> build creates the *.jar and *.so files needed to make this process
> easier for those who prefer
On 09/09/2015 01:39 PM, Antony Prince wrote:
> On 09/09/2015 10:10 AM, Robert J. Hansen wrote:
>> Other stuff that needs to be done: verify it works on Java 1.8, clean up
>> the OS X build (which is really hackish), and consider distributing
>> pre-built jarfiles containing
certainly look into it
and then if the changes look good, I'll get in touch with the guys from
guardianproject and see about submitting a pull request if they feel the
changes are a benefit to the project.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591FF17F7A4AA8D0F659C48
On 09/08/2015 05:52 PM, Antony Prince wrote:
> On 09/08/2015 05:29 PM, Robert J. Hansen wrote:
>> The offender seems to be jUnit. The gnupg-for-java code uses a lot of
>> imports like "junit.framework", and the current jUnit drops everything
>> in the org.junit
rn/fix. Considering I'm not a professional, expectations here should
be pretty low. ;-)
- --
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591FF17F7A4AA8D0F659C482AF3D4087301B1B19
URL: https://keyserver.blazrsoft.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJV7
f apt. There's no need to uninstall it. Just modify your system path
to find the new version first. In my case, I altered /etc/environment
so that /usr/local/bin comes before /bin in the PATH. After reading
the other replies though, I'm not sure whether this will cause any
keyring issues.
by adding -llber to
the LDAPLIBS variable in the Makefile for dirmngr.
root@050415:/usr/local/src/dirmngr-1.1.0/src# diff Makefile.bak Makefile
160c160
< LDAPLIBS = -lldap
- ---
> LDAPLIBS = -lldap -llber
Just a heads-up as I'm not sure if anyone else has run into this issue.
- --
he email
address is just a more human readable way of referring to their
identifier on the server. I could be wrong though and I'm sure Mike can
explain it better.
--
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft
recognized fine
> and no attachment. So a bug, i.e. the extra attachment, in Enigmail's
> reading of mails that have gone through Mailman even though Mailman
> produced MIME should be valid?
>
FWIW, I use Thunderbird 31.5.0 and Enigmail 1.8.1 (2015-03-23) and the
signatures veri
I admit I didn't check. Seemed odd that they wouldn't since Ubuntu is
known for keeping its repositories pretty up-to-date.
--
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft.com
signature.asc
Desc
s. gnupg2), but its easy to see
how that could be confusing. Easier than compiling it and all its
dependencies from source, that's for darn sure.
--
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft.com
signature.a
the server,
compiling and packaging the software, etc.) especially for software that
has a one man development team.
--
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft.com
signature.asc
26e0c917d02d1847dfecfcd0c2
Wow... this is a great concept. I'm looking forward to trying it out.
--
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft.com
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/13/2015 9:28 PM, Antony Prince wrote:
>> As far as I know, most if not all of the DNS resolvers
>> immediately
>>> available on a client system don’t perform DNSSEC validation.
> I use BIND(named) as my DNS server and
f I can do it, anyone can.
Its disheartening to see something so promising pushed to the side for
so long when it could be a major benefit as far as internet security is
concerned. Thanks for your reply BTW. :)
- --
Antony Prince
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B
se proposals become official standards.
I'm also interested on anyone else's thoughts who might have more
insight into the downsides or repercussions of relying strictly on such
a system (if external CA's no longer existed, for example).
[1]https://tools.ietf.org/html/rfc4035
[2]https:
attention :)
>
> Cheers,
> Daniele
>
I'm no expert on the subject, but it seems the simplest and safest
solution would be to use a subkey of a dedicated key and rotate it
periodically if you're concerned about the key being compromised,
especially since the key will not be
_
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
I wasn't aware TrueCrypt had been abandoned. I also haven't visited their site
for some time. That's a shame though. Its a useful piece of software. I hope
someone continu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/16/2015 12:39 PM, Stephan Beck wrote:
> Hi, Christopher,
>
> Am 16.02.2015 um 13:01 schrieb Christopher Beck:
>>
>
>>
>>> Hi,
>>
>>> now I'll use the inline format. If you can now verify my
>>> signature, this still could be the same bug (or
58 matches
Mail list logo
