Am Freitag, 12. Juli 2019, 10:30:30 CEST schrieb Werner Koch via Gnupg-users:
> On Wed, 10 Jul 2019 21:47, johan...@zarl-zierl.at said:
> > ...except it isn't installed by default. Will this be part of
> > gpg-wks-client?
> Ooops. I meant gpg-wks-client. There is no gpg-wks-tool.
Thanks for the
Am Mittwoch, 10. Juli 2019, 19:34:41 CEST schrieb Werner Koch:
> On Tue, 9 Jul 2019 23:33, johan...@zarl-zierl.at said:
> > Now that I have done it once, I think the setup without
> > /usr/lib/gnupg/gpg-
>
> > wks-client isn't that complicated either:
> Please use gpg-wks-tool instead; it is much
Hi,
On Dienstag, 9. Juli 2019 15:02:26 CEST Bernhard Reiter wrote:
> please make suggestions (or help with improving)
> https://wiki.gnupg.org/WKD
I think the problem with that page is that it is handed out as a starting
point to users asking "how can I enable WKD for my key?". To give credit, t
On Sonntag, 7. Juli 2019 20:48:12 CEST Wolfgang Traylor via Gnupg-users wrote:
> > is there a service or similar where I can check if this email address is
> > properly WKD-enabled?
> https://metacode.biz/openpgp/web-key-directory
Thank you! This is so much easier to comprehend than the official
Hi,
I've just spent half an hour scratching my head over an issue that should have
been simple:
I initialized a new OpenPGP card (v2.1 from Zeitcontrol) and changed the
(user) pin.
After this, I used the verify command to check whether the pin was working: I
put my pin into the pinentry dialo
On Tuesday 26 April 2016 12:44:44 Robert J. Hansen wrote:
> Please note: since CMake doesn't have a plugin (yet) to automatically
> detect GPGME
The usual way is for a library to provide a PackageConfig.cmake file. The old-
style FindPackage.cmake "plugins" are very much deprecated and it's hard t
Hi Neal,
Thanks for the heads-up on this. TOFU seems like a really big feature for
everyday use!
Out of curiosity: Does the TOFU implementation for gpg already allow for key
transition statements / is this planned for some point in the future?
Cheers,
Johannes
On Sunday 19 July 2015 01:42:34 Daniel Kahn Gillmor wrote:
> I suspect what's taking a long time is an update to the trustdb. one
> workaround is to put no-auto-check-trustdb in ~/.gnupg/gpg.conf, and
> then have a nightly cronjob that runs "gpg2 --check-trustdb".
...and sure enough "gpg2 --check
Hi,
I've noticed that sometimes gpg2 will take around 1-2 minutes on my desktop PC
attempting to verify an email signature.
At first, I thought that maybe the increasing prevalence of really big keys
would increase the computational complexity, or that the keyserver
communication is taking so
> >> But I still have the impression about smartcards are supposed to prevent
> >> an
> >>
> >> attacker from stealing the private keys from the cards, right?
> >
> > Yes, I agree.
> >
> > Peter.
>
> But the threat is not fully mitigated if, as you said yourself in
> another message on this th
> Is it possible to change the smartcard state after PIN is entered, so it
> would be back in the same state as it was when first inserted into the
> reader (and would require the PIN to be entered again also for
> decryption)? So without removing and re-inserting the card, possibly
> using some A
On Thursday 22 January 2015 17:00:44 Felix E. Klee wrote:
> However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
Are you sure? On my setup, the sma
Hi,
On Saturday 15 November 2014 11:52:02 da...@gbenet.com wrote:
> Laptop-1 and laptop-2 are a mirror image of each. They contain the same
> software. I copied programmes like Thunderbird Firefox from laptop-1 to
> laptop-2 without any problems.
It seems like the mirroring of laptop-1 to laptop-
On Friday 14 November 2014 17:05:12 da...@gbenet.com wrote:
> david@laptop-1:~$ sudo pkg install pinentry-gtk2
> [sudo] password for david:
> sudo: pkg: command not found
> david@laptop-1:~$ sudo apt-get install pinentry-gtk2
> Reading package lists... Done
> Building dependency tree
> Reading sta
On Thursday 21 August 2014 11:41:40 Robert J. Hansen wrote:
> If it escalates to an intrusion, then yes, that's definitely
> surveillance in my book. Compiling a collection of publicly available
> information is not.
"Compiling a collection of publicly available information" is an almost
perfect
On Friday 27 June 2014 19:35:12 Robert J. Hansen wrote:
> On 6/27/2014 6:31 PM, Johannes Zarl wrote:
> > 1. legacy PGP implementations in closed corporate environments
>
> Be careful about that phrase "legacy." Too often it's used as a slur.
> It's more
On Saturday 28 June 2014 08:09:10 Johan Wevers wrote:
> On 28-06-2014 0:31, Johannes Zarl wrote:
> > The way I see it compatibility between those two groups is a non-issue -
> > they simply don't exchange messages.
>
> Why not?
My assumptions were as follows:
- Whe
On Friday 27 June 2014 20:51:00 Werner Koch wrote:
> On Fri, 27 Jun 2014 19:46, pe...@digitalbrains.com said:
> > I however have no clue what you expose yourself to when you still use PGP
> > 8.x. It could be possible that these guys take irresponsible risks, I
> > don't know.
> They will tell you
> Learn something new every day.
Indeed. Thank you both for teaching me about the subtleties of the English
language *and* some biology!
Johannes
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-user
Hi,
A project mascot is certainly a great idea. In my opinion a mascot and a logo
have different purposes and can beautifully complement each other. The logo
stands for the product and has to follow certain rules in its design. A
mascot, on the other hand stands more for the whole community and
Hi,
It looks like you use an offline master key and use subkeys for signing and
decryption. You can check this by looking at your secret keyring:
gpg2 -K
sec# 4096R/DEADBEEF 2013-10-25 [expires: 2018-10-24]
uid Some Body
ssb> 2048R/08152323 2013-10-25
ssb> 2048R/42424242 20
On Friday 31 January 2014 16:09:39 Steve Jones wrote:
> Well I was thinking of exporting at first, but it's too fraught with
> problems. I would in general like to see more use of persona
> signatures as certifying keys as good enough. Essentially I see the
> requirements for certifying keys as a
Hi,
I've meanwhile seen that others assumed the automatic-persona certification to
use exportable signatures. To clarify:
As far as I understood the original idea, it would use local signatures only
(preferably done with a special purpose local key only used for these
signatures).
If one woul
On Friday 31 January 2014 01:28:20 MFPA wrote:
> , Johannes Zarl wrote:
> > If the same email-address is used together with the
> > same key for a long time, it effectively ties the
> > email-address to a person for all practical concerns.
> > After all, you are c
[resent, this time to the mailing list]
Hi,
On Thursday 30 January 2014 21:09:45 MFPA wrote:
> , Steve Jones wrote:
> > The advantage you have here though is the web of trust.
> > 1 level 1 signature would probably be not enough, but
> > 5, 10, 100..?
>
> If the signatures are made automatically
On Thursday 30 January 2014 11:49:47 Peter Lebbing wrote:
> If you're trying to achieve by the 744 what I think you're trying to
> achieve, namely that users can't change the files, I think you're
> mistaken[1]. Look at the following session I just did[2]:
> The thing is, you're not allowed to cha
On Wednesday 29 January 2014 10:52:26 Robert J. Hansen wrote:
> > Well, it could be semi-automatic. I'm only talking about persona
> > certifications, which appear to be understood as verifying that the key
> > and the email address are under the control of the same person.
>
> I suspect the major
On Thursday 23 January 2014 15:34:17 Uwe Brauer wrote:
> A Long time ago, IBM's proprietary OS, called CMS had a particular
> feature for the login:
>
> It gave you three attempts to login in. If you failed there was a time
> delay of 20 min, if you failed again, the time delay was prolonged to
>
On Friday 17 January 2014 14:33:25 Daniel Kahn Gillmor wrote:
> I think you're conflating revocation of the primary key with revocation
> of a user ID.
>
> Revocation of a primary key is permanent and cannot be overridden.
> Revocation of a user ID can be overridden as long as the primary key
> (t
On Friday 17 January 2014 13:28:50 Hauke Laging wrote:
> IIRC then GnuPG accepts a later self-signature (overriding the
> revocation). IMHO that makes most sense. As long as the mainkey isn't
> revoked or expired why shouldn't one "change one's mind"?
Wouldn't that have huge implications for the s
On Sunday 05 January 2014 03:10:48 Leo Gaspard wrote:
> Well... I, personally, would attach more importance (no more validity, just
> importance, like in "listen to me very well" or whatever english people say
> to others to get them to listen carefully) to a message signed to an
> offline main key
On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > In your example, the fact that a message was encrypted makes the
> > recipient treat it as though the sender had indicated something specific
> > about the message beca
On Thursday 19 December 2013 10:09:22 Robert J. Hansen wrote:
> > Maybe my English is a little rusty, but what exactly is a "spanking
> > server"?
> They omitted the word "new".
Ah! I should have thought of this. The phrase as a whole is known to me, but
without the "new" it was only nonsense to
Hi,
Maybe my English is a little rusty, but what exactly is a "spanking server"?
>From the goteo page:
> The world's most trusted data encryption tool gets a new website with
> spanking server, platform and design.
Johannes
___
Gnupg-users mailing
On Wednesday 04 December 2013 00:20:10 Hauke Laging wrote:
> Am Mi 04.12.2013, 00:00:21 schrieb Johannes Zarl:
> > Sorry for asking a possibly stupid question, but how exactly does a
> > shorter
> > validity period get you more security?
>
> This is the security a
On Tuesday 03 December 2013 23:44:20 Hauke Laging wrote:
> Expiration serves two purposes:
> 1) Passively revoke a key if you have lost access to the secret mainkey
> (i.e. to the key itself or to its passphrase).
> 2) Force your communication partners (people are lazy) to update your
> certificate
Thank you both for your detailed answers - they were really helpful for me!
Johannes
On Friday 08 November 2013 19:01:34 Peter Lebbing wrote:
> On 08/11/13 18:07, Tapio Sokura wrote:
> Nope, OpenPGP uses EMSA-PKCS1-v1_5, which is completely deterministic.
>
> I /think/ GnuPG doesn't need any r
> On Fri, 08 Nov 2013 00:11:38 +0100 Johannes Zarl
>
> wrote:
> > I'm currently thinking about using a raspberry pi as a non-networked
> > stand- alone system for signing keys. Since I haven't heard anything
> > to the contrary, I'm pretty sure that entr
Hi,
I'm currently thinking about using a raspberry pi as a non-networked stand-
alone system for signing keys. Since I haven't heard anything to the contrary,
I'm pretty sure that entropy is relatively scarce on the pi.
How is GnuPG affected by such a low-entropy system? Will operations just tak
On Wednesday 30 October 2013 11:58:56 Sam Tuke wrote:
> I'll collect them and pick the best for use now and in future.
>
> Stimuli:
> You trust GPG with what?
> It's the only app that does what for you / your business?
> Without it you couldn't do what?
I wonder why not more respondents have writ
Thanks! That was exactly what I was looking for.
Johannes
On Friday 01 November 2013 20:17:41 Peter Lebbing wrote:
> Hi Johannes,
>
> > Is there any way to explicitly tell gpg-agent to forget the pin as well?
>
> Based on a post once made by Werner, I have this script:
>
> ---8<-
Hi,
I'm trying to get gpg-agent to automatically forget my credentials as soon as
I leave the PC/the screen is locked. So far, I only got it half working:
When I send a SIGHUP to the gpg-agent, it correctly forgets cached
passphrases. The cached PIN of my OpenPGP card, however remains available
I know what
part is unclear.
If it's the latter: What is the right place to ask questions regarding card
reader support in gpg?
Kind regards,
Johannes
P.S.: I did try again with gpg version 2.0.22, but the results are the same.
On Friday 27 September 2013 13:36:44 Johannes Zarl wrote:
>
Hi,
I recently got my fellowship card and now try to get a working setup. My first
tries with a ReinerSCT cyberjack that I had lying around did not get me
anywhere, so I bought a Cherry ST-2000U which looked like it should work with
the internal CCID driver. The reader is "mostly" working, i.e.
44 matches
Mail list logo
