On 04/28/2016 11:30 PM, Viktor Dick wrote:
> On 2016-04-29 06:54, Paul R. Ramer wrote:
>> Personally, I would rather not have to hit the "Page Down" button
>> *every* time I wrote an email (provided I have full-size keyboard). If
>> you are always varying from t
On 04/26/2016 05:24 AM, Dashamir Hoxha wrote:
> On Tue, Apr 26, 2016 at 2:20 PM, Daniel Pocock wrote:
>> You can use the wiki to link to the Github tasks that are relevant to
>> using epgp in the Live CD, you don't have to copy the details of each
>> task, just link to them
>>
>
> It doesn't seem
On 04/28/2016 02:49 AM, Paolo Bolzoni wrote:
> However, you can move around with keyboard even in "modern" mua. When
> using normal keyboards I think you are exagerating a bit. The problem
> is indeed annoying with limited keyboards, though.
Personally, I would rather not have to hit the "Page Dow
On 04/26/2016 07:20 PM, Eric Pruitt wrote:
> On Tue, Apr 26, 2016 at 07:13:29PM -0700, Paul R. Ramer wrote:
>> I didn't see any indication of such a feature from the man page, but you
>> could just look at the gpg-agent.conf file.
>
> It's not that simple. I would
On 04/26/2016 02:31 PM, Eric Pruitt wrote:
> Is it possible to query the configuration of a running gpg-agent? In
> particular, I would like to query the running agent to see what
> values are being used for default-cache-ttl and max-cache-ttl. I have
> reviewed the documentation for gpg-connect-a
On 04/24/2016 10:59 AM, Peter Lebbing wrote:
> As for the OP's other questions, I can't answer them very well because I
> don't know MacOS, but I can give you advice: could you please indicate
> what software you are using? What mail client, what other GnuPG-related
> software? You say you compose
On 04/24/2016 09:51 AM, Daniel H. Werner wrote:
> I downloaded GPGTools on my Mac laptop (I have not done it on my Mac desktop
> yet
> as I want to be sure I know what I am doing!!!) and did the Install.
> I Imported my existing keys.
> And I have several question/problems:
First off, I can't an
On 04/01/2016 01:21 AM, mick crane wrote:
> from what I read I don't think I can use gpg2 because
> Debian GNU/Linux 8 (jessie)apt uses gpg1 at present.
> I'm certain private-keys-v1.d was there before I attempted to use
> enigma/roundcube.
Debian has a package for GnuPG 2, which is gnupg2. If it
On 03/31/2016 04:12 AM, Werner Koch wrote:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2.0
> release: Version 2.0.30. This is a maintenance release which fixes a
> couple of bugs.
The subject line is about v2.0.29 instead of v2.0.30. Just FYI.
-Paul
On 03/16/2016 12:11 AM, Dashamir Hoxha wrote:
> On Wed, Mar 16, 2016 at 7:30 AM, Dashamir Hoxha
> wrote:
>>> You can stop it by --no-auto-check-trustdb option.
>>>
>>
> Actually, there is no problem if GnuPG checks trustdb periodically, I just
> don't want it to spill the output on stdin. Maybe it
On November 15, 2014 10:02:44 AM PST, Samir Nassar
wrote:
>For those of you who come to David's post in the future through the
>mailing
>list archive: Disregard this misconception. Many of us, myself
>included, use
>gpg2 on a 64bit system without a problem.
Personally, I have used gpg2 and gpg
On November 15, 2014 3:52:02 AM PST, "da...@gbenet.com"
wrote:
[snip]
>david@laptop-1:/media/david/store$ gpg -ao --import
>--allow-non-selfsigned-uid david-public.key
>gpg: armour header: Version: GnuPG v1.4.11 (GNU/Linux)
>pub 4096R/AAD8C47D 2014-08-17 postmaster (There's always light at the
>
On August 29, 2014 11:37:27 AM PDT, Jonathan Brown
wrote:
>Is the crypto stick which is fully open source and open hardware more
>secure than a Gemalto smart card reader with pin pad built in? Which of
>these would make you more of a hard target and increase security.
I would say that they are b
On August 11, 2014 10:18:33 AM PDT, "Robert J. Hansen"
wrote:
>A few weeks ago on -devel I made a proposal for a FAQ change. So far
>I've received feedback from three people, all of it fairly positive,
>all
>suggesting mild changes. The following represents a final draft, which
>
>I'm now pre
On July 9, 2014 11:40:06 AM PDT, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>Hi
>
>
>On Wednesday 9 July 2014 at 5:54:36 PM, in
>, Hauke Laging wrote:
>
>
>> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd:
>>> which means that any of
On July 6, 2014 4:40:13 PM PDT, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>Hi
>
>
>On Sunday 6 July 2014 at 3:25:57 PM, in
>, Johan Wevers wrote:
>
>
>
>> Since I don't know when I will consider a key
>> compromised or weak, I don't w
On June 26, 2014 8:26:16 AM PDT, Daniel Kahn Gillmor
wrote:
>As for arguments about use on smartcards -- if you plan to get a
>smartcard, and you have a primary key that is too large for it, you can
>always generate and publish new subkeys that will fit in your
>smartcard.
>If that's the tradeof
On June 1, 2014 10:45:45 AM PDT, frank ernest wrote:
>Hi again, I have been browsing and downloading gpg signed files and I'm
>acctually been downloading the sigs! However, I'm having trouble
>figuring out who signed what. Is there some way to determin this using
>the sig? Perhaps it has the keys
On January 30, 2014 1:15:08 PM PST, "Donald Morgan Jr."
wrote:
>If you know a user has a signature that they use to always end a
>message
>with, does that data aid in the decryption of the file? Would this
>exploit
>be applicable to symmetric encryption methods as well?
A common form of cryptana
On 01/21/2014 03:23 AM, Peter Lebbing wrote:
> TL;DR: I think you might be helped by [4]. Do an "scd killscd" from
> gpg-connect-agent, install and start pcscd, install the Python module pyscard
> and run the script from [4]. By the way, if you have an OpenPGP v.1 card,
> you're
> screwed, they se
Hello,
I am having trouble reseting an OpenPGP card on which I locked the admin
PIN. Running gpg2 --card-status gives me the following error:
gpg: OpenPGP card not available: Not supported
When I try the instructions to reset the card from
http://lists.gnupg.org/pipermail/gnupg-users/2013-March
Werner Koch wrote:
>On Sat, 7 Dec 2013 11:29, ein...@pvv.org said:
>
>> AFAIK, the US has no import restrictions on cryptography, and the RSA
>patent
>> ran out years ago, so e.g. shop.kernelconcepts.de should be able to
>ship it to
>> you.
>
>IIRC, Petra of kernelconcepts told me that there is n
Peter Lebbing wrote:
>On 05/12/13 13:20, Paul R. Ramer wrote:
>> On that note, why assume that the manufacturer would not do the
>opposite:
>> feign helping the spy agency by giving them a compromised ROM and
>then
>> substituting a secure one on the real prod
Peter Lebbing wrote:
>On 02/12/13 20:37, Andreas Schwier (ML) wrote:
>> Wait a second - you can not simply hide a backdoor in a Common
>Criteria
>> evaluated operating system. There are too many entities that would
>need
>> to be involved in the process
>
>Why couldn't the manufacturer simply put
Johan Wevers
>I communicate with someone whose key tells me it supports IDEA, and
>since that's my prefered algorithm my gpg uses it to encrypt the
>message. However, het setup does not in fact support it (any more, it
>used to do in the past). Re-signing the key is no option, this is as
>computer
adrelanos wrote:
>When one uses a Live system for its air gapped OpenPGP key, one would
>have to constantly remember re-creating this that gpg.conf. (Gone after
>reboot.)
Not necessarily. You can plug in a USB drive with your custom gpg.conf file on
it, for example. A more elegant solution wou
adrelanos wrote:
>- [b] and [c] for convenience, communication which isn't that important
>- [c] to sign software / apt repository
>- [a] to sign important messages (key transition etc.)
>- [f] little convenience, for receiving important messages
>
>What is the best way to make key [b] the default
Leo Gaspard wrote:
>However, to come back to the initial problem, I still believe the key
>change
>problem (ie. owner of K1 switchs to K2) does not require re-verifying
>ownership
>etc. (BTW, isn't this also why transition statements, like
>https://we.riseup.net/assets/77263/key%20transition were
Stan Tobias wrote:
>> > IIUC, your point is that verification would enable one to avoid
>collusion, as it
>> > is the only flaw I can see in this verification scheme.
>> > Except collusion can not be avoided in any way, AFAIK.
>>
>> No. Avoiding collusion is impossible here. It just comes down t
"Griffin Cheng [CLIB]" wrote:
>Hello,
>
>I am new to GPG, especially writing programs to decrypt stuff. Is this
>the right mailing list to ask?
gnupg-users is for most discussions and gnupg-devel is for
programming/development specific questions. HTH.
Cheers,
--Paul
--
PGP: 3DB6D884
__
>On Tuesday 5 November 2013 at 11:03:19 PM, in
>, Paul R. Ramer wrote:
>
>> But if you sign it with an exportable
>> signature, you are saying to others that you have
>> verified the key.
>
>In the absence of a published keysigning policy, isn't tha
On 11/05/2013 09:26 AM, Leo Gaspard wrote:
> On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote:
>> I don't know how I can explain it any better than I have. I think you are
>> confusing assertion with verification. Unless you can differentiate between
>&g
Leo Gaspard wrote:
>> You are right. Decryption is sufficient to demonstrate control of
>the private key, because if he can decrypt, he can also sign. What I
>said, "decrypt and sign," was redundant.
>
>Well... I still do not understand why decryption is sufficient to
>demonstrate
>control of th
MFPA wrote:
>Why do we need to establish they can also sign? Isn't it enough to
>demonstrate they control the email address and can decrypt, by signing
>one UID at a time and sending that signed copy of the key in an
>encrypted email to the address in that UID?
You are right. Decryption is suffi
On 11/02/2013 07:34 PM, Leo Gaspard wrote:
> Well...
> 1) Checked by the other key's message. Because signed (K1) message from
> Alice,
> saying she has access to K2, means any UID on K2 named Alice is as right
> as
> the equivalent UID on K1. So the UIDs are correct.
> 2) Checked by th
On 11/02/2013 02:25 PM, Leo Gaspard wrote:
> On Sat, Nov 02, 2013 at 11:02:57AM -0700, Paul R. Ramer wrote:
>> Stan Tobias wrote:
>>> Yes, but by remote communication. The reasoning goes like this: The
>>> signature is validated by my certificate (or, in case 2a, by
Stan Tobias wrote:
>Yes, but by remote communication. The reasoning goes like this: The
>signature is validated by my certificate (or, in case 2a, by my
>friends'
>whom I trust fully). The message is authenticated by X's valid
>signature,
>therefore the message has not been tampered with and its
Sam Tuke wrote:
>Hi all,
>
>I'm working with Werner to promote GnuPG and raise awareness. To that
>end we're
>collecting quotes from users - endorsements from people who know and
>trust GPG,
>people like you.
>
>If you want to help us, send your own statement about why GPG is
>important to
>you. P
"Robert J. Hansen" wrote:
>Let's say that tomorrow I lose my passphrase and make a new keypair.
>Then in 25 years someone approaches me with a signed OpenPGP message
>dated Christmas 2013, saying "I agree to pay you one million dollars at
>Christmas 2038." I scream it's a forgery, they scream it'
On 10/26/2013 07:36 AM, Robert J. Hansen wrote:
> On 10/26/2013 12:16 AM, Paul R. Ramer wrote:
>> I am not saying that any one should use 2048 bit RSA because the DoD
>> uses it. It is just a data point. That being said, I am doubtful that
>> classified discussions are
On 10/24/2013 04:46 PM, Robert J. Hansen wrote:
>> Is this zealotry on the Debian front, or something to update in gnupg?
>
> Mostly zealotry. According to NIST, RSA-2048 is expected to be secure
> for about the next 25 years.
To add further to this, the U.S. military uses 2048 bit RSA keys for
Johan Wevers wrote:
>On 25-10-2013 1:46, Robert J. Hansen wrote:
>
>> Mostly zealotry. According to NIST, RSA-2048 is expected to be
>secure
>> for about the next 25 years.
>
>The authority of NIST is of course severely reduced since the Snowden
>revelations and their own suspicious behaviour wit
Stan Tobias wrote:
>Peter Lebbing wrote:
>> On 24/10/13 01:15, Stan Tobias wrote:
>> > , then why do we believe WoT authenticates anything? Why do we
>accept, for
>> > example, a conversation by telephone to validate a key fingerprint?
>>
>> Because these are verifications outside the Web of Tru
"Robert J. Hansen" wrote:
>On 10/22/2013 11:01 AM, Stan Tobias wrote:
>That phrase, "to a sufficient degree," is important. You cannot ever
>verify someone's identity 100%, not even with DNA testing -- it's
>always
>possible they have an identical twin, always possible the lab work was
>sloppy an
Sylvain wrote:
>Hi,
>
>I saw a lot of activity in the Debian project about upgrading to a
>4096 RSA key,
>e.g.
>http://lists.debian.org/debian-devel-announce/2010/09/msg3.html
>
>However GnuPG's default is 2048.
>
>Is this zealotry on the Debian front, or something to update in gnupg?
Hi,
If
"Diaz, John, A" wrote:
>Good morning Paul. Instead of having the mainframe run a process to
>call the script on the server, I was able to get an answer from 'them'
>regarding when the file would be available, and I've scheduled the
>process to run on the server. All is well now.
Well, that is
On 09/25/2013 09:36 AM, Diaz, John, A wrote:
> Spoke too soon. The wrong path was part of the problem, but I’m still having
> the issue:
>
>
> Mainframe calls .bat file that calls C# application that calls second .bat
> file to call GnuPG to decrypt a file. Once decrypted, other stuff happens,
On 09/10/2013 06:41 AM, Diaz, John, A wrote:
> Spoke too soon. The wrong path was part of the problem, but I’m still having
> the issue:
>
>
> Mainframe calls .bat file that calls C# application that calls second .bat
> file to call GnuPG to decrypt a file. Once decrypted, other stuff happens,
Philipp Klaus Krause wrote:
>I wonder if it would be a good idea to have an option to combine
>symmetric ciphers, e.g. users could state a preference list like this:
>
>TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES
>
>The meaning of A+B would be to encrypt using A first, and then encrypt
>the result u
Anthony Papillion wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>Is there a good way to add authentication capabilities to an existing
>RSA key? I see how to toggle it if I create a new subkey but not how
>to add it to an existing key.
[snip]
Hello Anthony,
As far as I know, there i
"Diaz, John, A" wrote:
>Paul, got it figured out. Programmer too stupid. The path to gpg.exe
>had changed, and I didn't catch it.
>
>-Original Message-
>From: Paul R. Ramer [mailto:free10...@gmail.com]
>Sent: Saturday, September 07, 2013 2:22 PM
&g
On 09/04/2013 01:54 PM, Diaz, John, A wrote:
> Mainframe calls .bat file that calls C# application that calls second .bat
> file to call GnuPG to decrypt a file. Once decrypted, other stuff happens,
> e-mails are sent, blah, blah, blah.
>
> Here's the issue: When the mainframe calls the .bat fil
On 09/06/2013 03:08 PM, Pete Stephenson wrote:
> On Thu, Sep 5, 2013 at 8:35 PM, Pete Stephenson wrote:
> Quick followup: I was also able to create the correct private key with
> stubs pointing at both smartcards by loading the actual private keys
> onto the smartcard using "keytocard", as expecte
On 03/29/2013 11:17 AM, adrelanos wrote:
>> Using your real identity would be the alternative. The trade-off is
>> easier key signatures vs. identity obscurity.
>
>> It would only be safer in
>> the sense that there won't be a scandal when/if your identity is
>> uncovered.
>
> Why would that be a
On Mon, 2009-09-28 at 09:46 -0700, kearney wrote:
> I am trying to export a secret key created on my local box to multiple
> servers. Let's say the key is 12345678.
>
> The goal is to have 1 script which runs on all the servers to encrypt and
> backup the data to S3. And 1 script to decrypt the
55 matches
Mail list logo
