WaPo also does have SecureDrop, but I'm not sure how often that gets
used either.
On Tue, Aug 9, 2022 at 10:34 PM Jay Sulzberger via Gnupg-users
wrote:
>
>
> On Sun, 7 Aug 2022, Andrew Gallagher wrote:
>
> >
> >> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users
> >> wrote:
> >>
> >> And
On Tue, Aug 11, 2020 at 05:40:44PM -0400, Brian Minton wrote:
> real 117m26.112s
> user 25m56.486s
> sys 90m31.859s
Sorry about the bad signature. But, the question remains, why would
just listing 13 thousand keys take 2 hours? By comparison, gpg1 takes
just over a second with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Aug 11, 2020 at 5:32 PM Brian Minton wrote:
>
> I have a lot of public keys in my keybox (it's about 45 MB or so).
> I was trying to figure out why seemingly innocent tasks in gpg take
> a very long time. It seems that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Aug 11, 2020 at 5:32 PM Brian Minton wrote:
>
> I have a lot of public keys in my keybox (it's about 45 MB or so).
> I was trying to figure out why seemingly innocent tasks in gpg take
> a very long time. It seems that
I have a lot of public keys in my keybox (it's about 45 MB or so). I
was trying to figure out why seemingly innocent tasks in gpg take a very
long time. It seems that gnupg is making a very long running
transaction to the sqlite3 database ~/.gnupg/tofu.db
laptop:~/.gnupg$ date;ls -last
Tue 11
On Tue, Jun 09, 2020 at 09:40:25AM +0200, Bernhard Reiter wrote:
> If you trust a set of root certificates, like the ones shipped with your
> operating system or a different application, you could just import them all
> and mark them trusted. Of course you would need to sync this, if the set
> c
On 3/23/20 12:52 PM, john doe wrote:
> I'll go back to using havege then as I need to generate a gpg key for
> testing purposes on this VM.
I apologize if I missed it earlier, but where is the VM running? A lot
of hypervisors provide an emulated or pass-through rdrand instruction,
or virtio-rng.
On Mon, Sep 09, 2019 at 11:39:01PM +0200, Ángel wrote:
> On 2019-09-05 at 08:59 +0200, john doe wrote:
> > On 9/4/2019 10:41 PM, Andre Klärner wrote:
> > > I usually use my workstation to do everything, but since I can't
> > > access my mailbox via NFS anymore (different story), I resorted to
> > >
On 10/27/19 3:25 PM, Stefan Claas via Gnupg-users wrote:
> gpg --symmetric --cipher-algo AES256 hw.txt gives me a file
> size of 87 Bytes.
>
> Doing the same with openssl, for example:
>
> openssl enc -aes-256-cbc -pbkdf2 -in hw.txt -out hw.enc
>
> results in 32 Bytes.
>
> Can you please, or somebo
On 9/17/19 12:59 PM, Stefan Claas via Gnupg-users wrote:
> Unfortunately I am no programmer but I was thinking about the following:
> I assume that in order to decrypt a message the secret key data must be
> unlocked and loaded for a very short time into the computers RAM, in order
> to perform the
On 8/30/19 12:41 PM, Brian Minton wrote:
> I am testing signing with multiple keys. However, gpg tells me that my
> own key is a forgery. I know it is not a forgery because I didn't forge
> it. Is there a way to tell gpg that my own key is good? I'm using
> trust model to
gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT
gpg:using EDDSA key EED0158013DC2E6D6E001EA437B9507ACFF2016E
gpg:issuer "brian@minton.systems"
gpg: Good signature from "Brian Minton " [ultimate]
gpg: aka "keybase.io/bjmge
On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote:
> On 4/25/19 9:20 AM, Bernhard Reiter wrote:
> > Wikipedia points out a strong sensitivity of the algorithm to the quality
> > of
> > random number generators and that implementations could deliberately leak
> > information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I've often wondered why the sks software didn't require
cross-certification. It seems like that would solve the key poisoning
issue. It would mean that when signing someone's key, you'd have to
have a way to exchange the signatures first, before su
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain. I suppose this has been discussed to death, but
wouldn't it make sense to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops, forgot to sign it.
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain
On Debian, I use the tool caff from the signing-party package. It
signs the key, then encrypts it to the public key, and sends it via
email.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
other keying material
(e.g., Initialization Vectors).
That usage (data-encryption keys) is exactly what gnupg uses to encrypt a
file. You can go through the document and see the rest of the policies,
whether or not they apply to gnupg as implemented, but at first glance, that
is the case.
--
Brian
you can host
your own server. See for instance
https://www.reddit.com/r/signal/wiki/faq#wiki_can_i_host_my_own_server.3F ).
So in that sense, you could directly connect to the person you want to talk
to, if one of you cares to run your own server.
--
Brian Minton
brian at minton do
for maintaining the trustdb?
Is that handled by gpg itself?
--
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
Descri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, May 22, 2017 at 12:07 PM, David Vallier
wrote:
> Can someone please explain why I am getting a yellow bar on a LOT of
> signed msgs saying that the key type is unknown??
>
> the exact msg is "Part of the message signed with unknown key;
On 01/05/2017 12:35 AM, Roger wrote:
> Test mail to mailing list testing GNUPG signing, appearance and hopefully
> conforming to mailing list standards.
I received your post to the list. I also verified a good signature.
signature.asc
Description: OpenPGP digital signature
_
h inserted into a Merkle
tree. That has the desired properties of being append-only and publicly
auditable.
--
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
De
ignature message so I thought maybe it's for something else -
A signature.asc file is usually for the message itself. See RFC 3156.
https://tools.ietf.org/html/rfc3156 for more details. It's called PGP/MIME
and it allows you to encrypt, sign, or both for messages containing
attachments.
--
On 10/17/2016 11:41 AM, Daniel Kahn Gillmor wrote:
> On Mon 2016-10-17 06:31:16 -0400, Martin T wrote:
>
>> I am aware that one can update all the keys in local-keyring from a
>> keyserver using "gpg --refresh-keys". Are there any disadvantages to
>> simply put this command into user crontab and
On 10/08/2016 02:58 AM, Rohit P wrote:
>
> I am using latest version of GPG. I noticed there is no option to
> generate RSA 4096-bit key. The same goes with DSA.
>
>
It is, but you have to use the "full" key generation option:
$ gpg --full-gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Sof
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
You can use gpg --list-packets to see exactly what OpenPGP packets are
present in the ciphertext. That would show you in great detail exactly what
their software sent you.
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9
On Fri, Jun 10, 2016 at 11:19 AM, Fulano Diego Perez <
fulanope...@cryptolab.net> wrote:
>
> trade-off for larger signature for me worth it
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ed25519 and DSA signatures are both small. The resulting ascii
signature block with 2 keys is still small
can gnupg 2.1.x automatically, compatibly
operate with both RSA and EDDSA/ECDH keys/subkeys ?
This is exactly the situation I'm in with my public key, 0424DC19B678A1A9.
Here's what gpg2 -K shows:
sec rsa4096/0424DC19B678A1A9 2014-10-08 [C] [expires: 2016-10-07]
uid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Debian has gnupg 2.1 in experimental.
If you have the experimental repository
added, it will automatically pull in all the
dependencies including libgcrypt 1.7
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
That was a known bug in that version.
Try the most recent release, 2.1.12.
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXTtYM
AAoJEGuOs6Blz7qpUSEA/1eOzIohTnrAEA2RMIWbRpjeqYAuuoptzBK9zT2D8kNC
AP9WO0ubiiHcMX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Does the speedo make file always build a 32 bit version?
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXH6w4
AAoJEGuOs6Blz7qpzJAA/j3scwJNjftJY/sSw/ADk3YCxDaokrIaOmqqcWoNmHit
AP0S3Hh70UOM56zz30eFqd68x24l+mbD
One idea I've been tossing about: import the whole dump. I read that gpg
2.1 uses a new efficient key database called keybox. It would be
interesting to see if it could handle that much data, and if so, gpg could
do the WoT calculations directly.
On Tue, Mar 22, 2016, 9:33 AM Lachlan Gunn wrote:
Here's a possible reason: suppose your recipient is being targeted by an
enemy who wishes to read their communications. They have determined through
traffic analysis that you are in communication with their target. They may
then attempt to convince/coerce/trick you to decrypt the message. In other
Windows has certutil built-in.
On Fri, Mar 18, 2016, 3:27 AM Werner Koch wrote:
> On Thu, 17 Mar 2016 20:44, d...@fifthhorseman.net said:
>
> > FWIW, the threat model of digest algorithms being published on an HTTPS
> > website that then links to the file to be downloaded is much easier to
> > w
Sounds like CERT (TYPE37) records?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 03/08/2016 11:08 AM, Anthony Papillion wrote:
>
> I'm pretty sure that, if you just send your modified key to the
> keyserver again, it will replace the one that's there.
>
I tried it, deleting some subkeys locally, and adding others. I
submitted it to the keyservers, but now all the keys, old
se that to unambiguously refer to your public key.
regards,
Brian Minton
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iF4EAREIAAYFAlbe6NAACgkQa46zoGXPuqkZDQD/Yk6A2iH+6My2g6hh99ddJ4Fe
YiSt47GEfqvQZY29pqEA/icq+eHimHThS233K2u7J2HTjJb6yA619KfQhalyRg8q
=5nVu
-END PGP
Thunderbird is pretty common. I've used mailvelope with some success
directly in the gmail client.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
The next draft is due soon. How long does it usually take the IETF to
ratify a draft RFC?
On 02/11/2015 05:20 AM, Werner Koch wrote:
> On Tue, 10 Feb 2015 21:56, br...@minton.name said:
>> Is there any way to see the progress of the IETF working group on
>> the draft Werner has submitted? I
On 01/18/2016 08:10 AM, Andrew Gallagher wrote:
> (*) Granted, I don't always sign mine but you can blame the iPhone for
> that.
That's the problem I have too. Not iPhone specifically, but my main
email clients are gmail.com on my desktop and gooogle inbox on my
Android smart phone.I occasi
A pretty good option is to use gpg-agent. It can keep your passphrase
/secret key in (secure) memory for a few minutes so you can use the key in
scripted tasks.
On Thu, Feb 18, 2016, 4:24 PM Harman, Michael
wrote:
> I am attempting to automate a process that decrypts files. The files are
> encry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I got the following message:
rejected by import screener
Here's more detail (gpg 2.1.8 on Windows 8):
C:\Users\mintonb>gpg -vvv --recv 0x1712BC461AF778E4
gpg: using character set 'CP437'
gpg: data source: http://pgp.mit.edu:80
gpg: armor: BEGIN PGP
The 2.1 branch deprecates all pgp v2 keys. My guess is that your old key
was one of those. See https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2
for details.
On Fri, Jul 17, 2015, 4:53 PM Philip Neukom wrote:
> Hello all.
>
> I'm having some problems with my key that was created a long time ag
I've never heard of a spring lock, but I looked it up. It is a lock that
anyone can momentarily be unlocked by a key, but when it is not being held
open, shuts and locks itself.
On Wed, Jun 17, 2015, 5:00 PM Charles Spitzer wrote:
>
>
> Regards,
> Charlie
> 602.420.4123
>
> > -Original Messa
There are approximately 2^2038 primes in the 2048-bit space (source,
https://www.wolframalpha.com/input/?i=log2%282**2049%2Fln%282**2049%29+-+2**2047%2Fln%282**2047%29+%29
). Even allowing that the first bit is 1, that makes 2^2037. Given that,
the chance of p and q having a difference of 2, at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The Debian project solves this by having the secret key shared using
(https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).
https://ftp-master.debian.org/keys.html
On Tue, Apr 7, 2015 at 1:29 PM, Bob (Robert) Cavanaugh
wrote:
> Alfredo,
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Mar 26, 2015 at 3:49 PM, MFPA
<2014-667rhzu3dc-lists-gro...@riseup.net> wrote:
>
> Gmail is an email service provider, not an email client. They provide
> access via a webmail site for those who wish to process their email
> using a web brows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think gmail is the single most popular email client, with 500 million
users. I think that until there is a way to verify pgp signatures from
within gmail, pgp/mime will continue to show up as an attachment.
There are ways to use pgp/mime or i
I thought keyservers strip all punctuation. So becomes
foo example com.
On Tue, Mar 17, 2015, 3:33 PM MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
>
> On Tuesday 17 March 2015 at 5:38:03 PM, in
> , Daniel Kahn Gillmor
> wrote:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
If a key is generated externally, a backup can be taken before the key
is moved to the card. For a key generated on the card, there is (by
design), no way to extract the secret key, including for the purpose of
backing it up
-BEGIN PGP SIGNATURE
Another option that I often use is https://github.com/wesleyd/charade,
which opens a unix domain socket on cygwin, connected to Pageant, so
cygwin programs and windows programs that use PuTTY can share the same
authentication. Another similar program is
http://github.com/cuviper/ssh-pageant
On Th
bugs.gnupg.org (and other sites such as
git.gnupg.org) don't use that certificate. Have you considered a wildcard
certificate? I know this has been discussed before, e.g. at
https://lists.gnupg.org/pipermail/gnupg-users/2013-December/048415.html
thanks,
- --
Brian Minton
br...@minton.name
I would like to second the request for this feature.
On Wed, Mar 11, 2015, 6:23 AM Werner Koch wrote:
> On Wed, 11 Mar 2015 07:18, xav...@maillard.im said:
>
> > I enabled ssh support in the gpg-agent.conf file as usual and I
> > clearly see the socket files for both GNUpg and SSH.
>
> The Unix
It breaks mailpile because gpg-agent is not session aware. A user could
be logged in locally, using mailpile, and a remote attacker could access
the web interface of that locally running mailpile instance, which since
it is talking to the same gpg-agent, would think the remote user is
logged in (o
Mailpile may be useful. https://mailpile.is
It lets you scan in a bunch of messages, and decrypt them, and indexes
them, keeping the index and message store encrypted. It has command
line as well as a gui.
On Sun, Mar 1, 2015 at 9:32 AM, René Puls wrote:
> Hi,
>
> is there a command line utili
Yes, but the colon protocol doesn't support things like passphrase entry, etc.
On Fri, Feb 27, 2015 at 9:09 AM, Peter Lebbing wrote:
> On 27/02/15 12:02, Hans-Christoph Steiner wrote:
>> For example, I think that
>> `gpg --json` is great idea. I ended up using a Java wrapper of GPGME, which
>> i
The wikipedia article on UDF mentions write support in all major OSes.
It also supports POSIX permissions.
On Fri, Feb 13, 2015 at 9:49 PM, Robert J. Hansen wrote:
>> FAT, alas, is the portable filesystem that you're looking for.
>
> NTFS also works. Linux can read/write NTFS through NTFS-3G and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My personal preference is inline, but I
do have a request: if you have a 4096
bit RSA key, please don't sign inline. The signature block is ridiculously
long. That's why I use DSA and
especially ed25519 for signing.
My main email access is on my
pho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I recently got a new Nexus 5, with NFC. Supposedly it supports ISO
7816-4. Is there any possibility of, for instance, porting gnuk to
android? I'd love to use my smartphone as a smartcard. Of course, the
smartphone wouldn't have as many anti-tamp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Feb 11, 2015, 5:33 PM Xavier Maillard wrote:
Thank you for this precision. Are you aware of some "portable" and
well supported by the 3-major OSes filesystem type ?
Just UDF
-BEGIN PGP SIGNATURE-
Version: OpenKeychain v3.1.2
iI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In Debian, the experimental repo has gpg 2.1 with all dependencies. Follow
the instructions at https://wiki.debian.org/DebianExperimental
-BEGIN PGP SIGNATURE-
Version: OpenKeychain v3.1.2
iIAEAREIACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5h
Is there any way to see the progress of the IETF working group on
the draft Werner has submitted? I noticed that the draft expires in
May. In particular, I would like to know if 22 is going to be the IANA
standardized Public-Key Algorithm number.
signature.asc
Description: OpenPGP digital
Showing a hash wouldn't prevent a malicious entity from making a fake token
that prints whatever hash the user expects. There's no way to verify that
the hash is if code actually on the device, or that the hashed code is the
only code on the device. The only way I could see to prevent it is to have
It seemed to me that all Kelly was trying to do was print the
fingerprint of a key from a file.
On Tue, Dec 30, 2014 at 10:59 PM, Ryan Sawhill wrote:
> I disagree with your subject, and propose that you google for a tutorial
> since the man page clearly didn't work for you.
>
> (As far as I can t
On Mon, Dec 22, 2014 at 5:41 AM, pkalluru wrote:
>
> *unknown armor header: \x09Version: GnuPG v2.0.17 (MingW32)*
0x09 is a tab character. That sounds like a whitespace error.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/m
I would just backup the expired and revoked keys, then delete them. I
personally never have used my revoked keys. I mean maybe once in a very
great while, I come across a file encrypted with my old key on my hard
drive, but that's happened maybe twice in the last ten years.
On Dec 27, 2014 1:54
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not to mention the fact that they released technical documents about
their combined keyserver / logger system. I always thought that would
be a good idea, after reading about Certificate Transparency for TLS,
to have a similar thing for OpenPGP, whi
Thanks for the good work! Do you get any income from kernel concepts with
sale of the OpenPGP smart cards? I prefer to buy products from for-profit
companies, and donate only to charities / nonprofit organizations.
On Dec 15, 2014 2:54 AM, "Werner Koch" wrote:
> Hi,
>
> last week I basically fini
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I recently created a key, with a RSA 4096-bit main key (certify only)
and 4 subkeys: one DSA for signing, and one ELGamal for encryption, for
communicating with people who I don't know are using ECC, and one each
of ED25519 and nistp384 for people wh
On Wed, Nov 26, 2014 at 1:59 PM, Daniel Kahn Gillmor
wrote:
> https://bugs.g10code.com/gnupg/index
>
I noticed that my browser complained about the certificate of that
URL. Is that the correct address?
___
Gnupg-users mailing list
Gnupg-users@gnupg.
I put in a bug report: issue 1769 on http://bugs.g10code.com/gnupg
On Thu, Nov 20, 2014 at 2:11 PM, Werner Koch wrote:
> On Thu, 20 Nov 2014 17:12, br...@minton.name said:
>> ECDSA/EDDSA subkeys. The encryption and signing seems to work, so
>> it's mainly just an informational message:
>
> Actua
oops, I meant to say I have an ECDH and EDDSA subkey, but no ECDSA.
On Thu, Nov 20, 2014 at 11:12 AM, Brian Minton wrote:
> I'm seeing an interesting message when encrypting and signing with my
> ECDSA/EDDSA subkeys. The encryption and signing seems to work, so
> it&#x
ypted with 384-bit ECDH key, ID EA49CFDB55D113E9, created 2014-10-12
"Brian Minton "
hi
gpg: Signature made Thu Nov 20 11:06:18 2014 EST
gpg:using EDDSA key 37B9507ACFF2016E
gpg: Good signature from "Brian Minton " [ultimate]
gpg:
74 matches
Mail list logo
