Question about GPG versions:
Due to CVE-2016-6313, I put out a new version of Confidant Mail where
the Windows and Mac binaries include GPG 1.4.21.
I also put in a pop-up dialog to warn if someone uses it with a
pre-1.4.21 version of GPG. However, Debian and Tails 2.6rc1
have patched 1.4.18 ins
I tried my inputs with eddsa instead of ecdsa and it worked. Not sure if
there is still a bug to report?
Thank you for the workaround.
On 5/6/2016 1:58 AM, NIIBE Yutaka wrote:
On 05/06/2016 05:59 AM, Mike Ingle wrote:
Key-Type: ecdsa
Name-Real: t 6
Subkey-Curve: Curve25519
Subkey-Usage
GPG version 2.1.12 added support for Curve25519 sign and encrypt. I am
trying to support such keys in Confidant Mail.
Installed from gnupg-w32-2.1.12_20160504.exe
If I create a key manually I get:
GOOD
pub ed25519/C850D9A5 2016-05-05 [SC]
uid [ultimate] test 3
sub cv25519/22967908 2
You can use the gpg-agent for ssh auth.
In gpg-agent.conf you put:
enable-putty-support
Than you can run the agent like this:
"c:\Program Files (x86)\GNU\GnuPG.v2\bin\gpg-agent.exe" --daemon
--enable-ssh-support
[assuming that is where your GPG is installed]
Putty will then login using the key
I am building gnupg 2.1.3 to try out, and I ran into a bug in the build
script.
If you run ./configure --help in libgcrypt-1.6.3, it says:
Optional Packages:
--with-PACKAGE[=ARG]use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS]
Both of these worked for me.
F:\>"c:\Program Files (x86)\GNU\GnuPG\gpg.exe" --homedir "f:\abc
def\gpg" --list-keys
F:\>"c:\Program Files (x86)\GNU\GnuPG\gpg.exe" --homedir "\abc def\gpg"
--list-keys
Try dropping the initial double slash.
On 4/6/2015 12:37 PM, Clark Rivard wrote:
Hi
I am r
> Any word on whether confidant mail will support the openpgp smart
cards (or
> yubikey, similar)? -Nick
With GPG 2.1, the gpg-agent handles all the passphrase prompting. I
don't see
why it would not work with a smartcard. Which one do you think I should
get to
test with? I have not played w
At present, there is no key verification built in and
you have to check the key fingerprint (which is always
shown to the right of the address) or check a signature
chain on your key using a GPG key manager.
Or you can Trust On First Use, if it suits your threat model.
That's more or
> From the bit of testing I did with it, it seems the "email address" is
> merely used as a user identifier. The domain is irrelevant. You could
> use nob...@nonexistent-domain.com and it would still work. The email
> address doesn't actually have to exist.
>
> I don't think it does since the emai
The current version of Confidant Mail for Windows includes GPG 1.4.19.
However, the code is written to support version 2.1 and ECC keys. If you
point it to GPG 2.1, it will let GPG handle passphrases, and will let
you create and rotate ECC keys.
Is there any reason not to start using them? I h
Notwithstanding the security compromise from building SMTP gateways,
some people are pretty attached to their favourite MUA. Have you any
thoughts about accommodating them by enabling your Confidant Mail
client or server to function as a local email proxy?
The user interface has to do a lot of
r, or get an account on the test environment to try it out
immediately. More information and downloads at:
https://www.confidantmail.org
Mike Ingle d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
12 matches
Mail list logo
