On Tue, 1 Mar 2011 14:30:37 +, Guy Halford-Thompson wrote:
> But doesnt GPG generate 2 private keys (as well as public keys) when
> you create a new keypair?
>
> Please select what kind of key you want:
>(1) RSA and RSA (default)
>(2) DSA and Elgamal
>(3) DSA (sign only)
>(4)
On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote:
> Why? Inline is simple and effective. I'm curious as to why you
> feel MIME is so much better.
http://josefsson.org/inline-openpgp-considered-harmful.html
jamie.
pgpha2dSJArgJ.pgp
Description: PGP signature
___
On Thu, 24 Feb 2011 20:22:03 -0500, "Robert J. Hansen"
wrote:
> Just as an FYI to the list --
>
> On Android's mail application, PGP/MIME attachments are nigh-unusable.
> It won't render even the plaintext portions: it has to be downloaded and
> opened with a text reader. If you're concerned ab
On Fri, 4 Feb 2011 20:08:08 +, MFPA wrote:
> IMHO, the comment field is firmly in the "you don't need this at all"
> category. If Heinrich Heine really wants his UID to be
> "Heinrich Heine (Der Dichter) " he can
> type "Heinrich Heine (Der Dichter)" in the name field and
> "heinri...@duesseld
On Thu, 03 Feb 2011 17:54:39 -0500, "Robert J. Hansen"
wrote:
> > But i suspect he would not want to certify this User ID:
> >
> > Daniel Kahn Gillmor (I am really Robert Hansen)
>
> Correct. Because the presence of my signature means something. The
> *absence* means *nothing at all*, and y
On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen"
wrote:
> On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote:
> > my "user survey" is from several years of trying to personally help
> > dozens of people of all skill levels learn how to use OpenPGP for secure
> > messaging. Regardless of the inte
On Mon, 31 Jan 2011 03:41:51 +0100, orionbe...@gmail.com wrote:
> I use a python script to (a) open a file encrypted with a symmetric
> cipher using a passphrase, (b) do some operations on it, and (c)
> re-encrypt it.
You might try using one of the many python gpg interface libraries that
exist
On Sat, 15 Jan 2011 19:17:27 +0100, Bo Berglund wrote:
> THanks, indeed the --with-colons gave a completely different output...
> I was just about to ask of the date format (if it changes between
> operating systems or such) but now I have a different problem in
> understanding the machine readabl
On Thu, 21 Oct 2010 19:58:31 -0600, Aaron Toponce
wrote:
> So, help?
Hi, Aaron. You might be interested in some of the tools that come with
the Monkeysphere [0] package, which deals with a lot of OpenPGP for SSH
stuff. It comes with the utility openpgp2ssh, which translates OpenPGP
keys to SSH
On Fri, 15 Oct 2010 19:12:21 -0400, "Robert J. Hansen"
wrote:
> > Do you use ssh-agent? Do you think their implementation of the same
> > thing is not good? If so, have you complained to them about it, or
> > asked why the implemented it?
>
> This seems to be an argument from implication of hy
On Sat, 16 Oct 2010 01:05:11 +0200, Hauke Laging
wrote:
> I just don't like the idea that access to the agent is "not noticed by
> design".
I strongly agree with this point. Let's think about it another way:
what if the user is themselves doing something that is unintentionally
accessing the ke
On Fri, 15 Oct 2010 18:23:04 -0400, "Robert J. Hansen"
wrote:
> I'm not. This idea isn't good.
Do you use ssh-agent? Do you think their implementation of the same
thing is not good? If so, have you complained to them about it, or
asked why the implemented it?
jamie.
pgph0M2eECPqg.pgp
Descr
On Fri, 15 Oct 2010 15:36:51 -0400, "Robert J. Hansen"
wrote:
> On 10/15/10 2:49 PM, Jameson Rollins wrote:
> > Without use confirmation in the agent, a malicious program running under
> > your account could access your secret key without you knowing it.
>
&g
On Fri, 15 Oct 2010 13:42:05 -0400, "Robert J. Hansen"
wrote:
> On 10/15/10 1:31 PM, Doug Barton wrote:
> > The other problem with the confirmation proposal is that ... the
> > intersection between plausible attack vectors and vulnerabilities
> > that [this proposal] would actually fix seems [ver
On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig Hügelschäfer
wrote:
> Ack. 1.5 seconds is about the limit where a good GUI should issue a
> reaction. This is where the human mind is starting to think there's
> something wrong.
We should be careful not to overstate the impatience of users too much.
I'
On Mon, 27 Sep 2010 16:28:07 +0200, Vjaceslavs Klimovs
wrote:
> 2048 bit keys are suitable - it's "user+sys" what matters in this case,
> but not "real" by all means, as that includes waiting for passphrase
> input too.
I think this is really a UI issue, in which case "real" is what you
really c
On Mon, 27 Sep 2010 15:56:52 +0200, Vjaceslavs Klimovs
wrote:
> I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg
> 1.4.6, here is what I got:
>
> Encrypting and signing, 2048 bit RSA keys:
>
> real0m 2.50s
> user 0m 0.50s
> sys 0m 0.02s
>
> Decrypting and verifying, 20
On Tue, 29 Jun 2010 21:40:37 +0200, Carsten Aulbert
wrote:
> My problem is relatively simple. We provide a (Debian) repository for our
> colleagues as well as ourselves and would like to sign it (for the experts:
> reprepro's export option). Of course one could either copy around the secret
>
On Tue, 22 Jun 2010 09:51:58 -0400, Jameson Rollins
wrote:
> I think the situation Daniel points out is one of the better usages for
> local signatures, and probably the main reason for having them in the
> first place.
Actually, looking at the RFC 4880 now, I see that the original
d
On Tue, 22 Jun 2010 09:27:46 -0400, David Shaw wrote:
> On Jun 22, 2010, at 2:36 AM, Daniel Kahn Gillmor wrote:
> >> Can you elaborate on the usage you're describing?
> >
> > I'm thinking of a situation involving three people: Alice, Bob, and Charlie.
> >
> > Alice has met Bob in person and has
On Sun, 20 Jun 2010 02:50:41 +0100, MFPA wrote:
> > So in order to be safe you need additional CPU load
> > either for TLS or for signing. Signing is superior IMHO
> > because it allows reuse of the data (one crypto action
> > (covering less data) for several users vs. one for each
> > user with T
On Fri, 11 Jun 2010 06:27:12 -0400, Jerry wrote:
> I am assuming that you wanted me to reply to this message. Its intended
> purpose was not overly clear. At least not to me, but then again I have
> not had my second cup of coffee this morning.
I think if he had wanted you to respond to it he wou
Speaking of spam, I'm getting more spam from some sort of automated
ticketing system that seems to be subscribed to this list that I ever
have from a keyserver. The mail seems to come from:
secure.mpcustomer.com
and it often sets the From: to be from someone else. This is totally
uncool. Is th
On Thu, 10 Jun 2010 11:32:05 -0400, Daniel Kahn Gillmor
wrote:
> And i should probably add that it is indeed an infinitesimal drop in the
> bucket compared to the other spam i receive; i'm not concerned about it.
Not to mention that the bother of a couple of extra spams is completely
dwarfed by
On Thu, 03 Jun 2010 16:43:19 +0200, Crypto Stick
wrote:
> Each of the three keys can be up to 3072 bit. In fact they can even be
> 4096 bit long; but GnuPG does currently not support such key length in
> cooperation with the Crypto Stick (but GnuPG can handle 4096 bit
> soft-keys without the Cryp
On Wed, 24 Feb 2010 20:33:14 -0800, "Smith, Cathy" wrote:
> We are migrating from OpenPGP which is a freeware version of PGP. Sorry for
> the confusion.
I'm not familiar with OpenPGP, the software. I'm familiar with the PGP
Corporation's implementation (which I think is just called "PGP"), but
On Wed, 24 Feb 2010 18:46:33 -0800, "Smith, Cathy" wrote:
> We are starting to migrate from OpenPGP to GnuPG.
Just for clarification, GnuPG is software tool that is actually an
implementation of the OpenPGP specification [0]. OpenPGP is not
actually a piece of software itself, nor is GnuPG a spe
On Wed, Jan 13, 2010 at 10:39:28AM +0100, Werner Koch wrote:
> On Tue, 12 Jan 2010 23:41:52 +0100, Piotr Bratkowski wrote:
>
> > I have this code. And when I see output owner_trust = 4, but in gpg
> > from system I get 0. Do I need to somehow save this changes??
>
> This is not directly supported
28 matches
Mail list logo
