Add key to card without substituting stubs for actual private key?

vate key from a computer to a smartcard without replacing the private key on the computer with a stub pointing to the card? Request: If it is not currently possible to do this, I request that such a feature (e.g. "copykeytocard" rather than "keytocard") be added when convenient

Re: Comparison of RSA vs elliptical keys

ther than 512 bits, and has equivalent security to a 256 bit symmetric key. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP card && exporting secret keys

. If you haven't already done this before importing them onto the card, you're out of luck. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Tue, Oct 10, 2017, at 05:39 PM, Whitey wrote: > Pete Stephenson wrote: > > On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote: > >> I read once here on the Mailing List that one should only use > >> trusted USB devices, whatever that means, when using an USB > &

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

in terms of performance and is cheap enough that I have a bunch lying around the house anyway. ;) Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Technical contact for mailing list?

spam as mail servers think the mailing list server is forging messages for those domains. I'd be happy to provide more information but don't want to needlessly add noise to the list. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mai

Re: Creating Unique Fingerprint

It's not as hard as you might think, at least in terms of 32-bit fingerprints: https://evil32.com/ -- Pete Stephenson On Mon, Jun 19, 2017, at 08:00 AM, Lou Wynn wrote: > According to my understanding of crypto theory, your only way is to > generate keys and compare their fingerprin

Re: Paper backup of all keys

On Feb 4, 2017 04:33, "Daniel Kahn Gillmor" wrote: On Fri 2017-02-03 18:28:03 -0500, MyCraigs List wrote: > Also, let's say the key associated with the email address (not a paper > backup) gets corrupted or I delete it or render the key unuseable- can > the paper backup of the key be used to type

Re: Unsubscribe me please

Hi Lynda, Unfortunately, that's not how it works. Essentially all of us are just users and can't unsubscribe you. Instead, your message was sent to the entire mailing list. Thankfully, the self-service process is straightforward: if you wish to unsubscribe, just click the link at the bottom of ev

Re: Installing gnupg

On Jun 9, 2016 09:15, "Alex Franklin" wrote: > > Hi > > I don't know how to install the pgp software. I have downloaded the tarball and signature from the website. I have OSX El Capitan. I have terminal open but it is not clear as to what I need to do, what I need to type in to Terminal. > > Pleas

Re: Installing gnupg

On Jun 9, 2016 09:15, "Alex Franklin" wrote: > > Hi > > I don't know how to install the pgp software. I have downloaded the tarball and signature from the website. I have OSX El Capitan. I have terminal open but it is not clear as to what I need to do, what I need to type in to Terminal. > > Pleas

Re: managing OpenPGP cards in batch mode?

people, etc.), but "don't advocate non-libre software or products" isn't one of them. I understand wanting to keep discussions related to GnuPG and related subjects, so advocating or discussing third-party services may be considered off-topic, but you seem to be refer

Re: All mails identified as spams by Google

On Mar 25, 2016 12:21 PM, "Guan Xin" wrote: > > Hi All, > > All mails from gnupg-users are identified as spams by gmail since yesterday. Google says that the mailing list "is in violation of Google's recommended email sender guidelines". > > Why does it happen? This is the first time that I see 10

Re: Can the NSA Crack GnuPG

On 2/23/2016 9:00 AM, Mercury Rising wrote: > I saw his old disturbing post at: > That post is a joke. It even says so. > I am having a hard time believing it, but if Zimmerman did put in a > backdoor code in PGP and GnuPG is based on that, would

Re: gpg: BAD signature from

t match the data that was originally signed by the author. It's possible this could be due to an error by the signer, a transmission error over the internet, or intentional tampering. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: best practices for creating keys

On 11/17/2015 1:32 PM, James wrote: > All, > > I'm just dipping my toes into GPG and am making a significant effort > to "do things right" out of the gate. Welcome! > Based on my research, it is my understanding that "best practices" > dictate we should have one master key with subkeys for speci

Re: backing up keys

On 11/17/2015 1:39 PM, James wrote: > All, > > I'm new to GPG and am hoping to learn the ropes. Please forgive any > ignorant questions. No need to apologize: that's how we all learn. > (a) are there any recommended methods by which to back up your private > and public keys? I've seen some "pape

Re: failed decryption

tive data, one should encrypt the data first and then generate the PAR2 files -- that way no information about the encrypted content can leak. Cheers! -Pete [1] https://en.wikipedia.org/wiki/Parchive -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enabling and using ECC keys (any reason not to?)

ecurves.cr.yp.to/ for details, I'm hardly an expert). Additionally, GnuPG implements the non-standard Curve25519 (but only for signing at the moment -- encryption will come later after things have been standardized) which should be safe. Cheers! -Pete -- Pete Stephenson _

Re: upgrading v1 to v2

On Mar 26, 2015 4:47 AM, "Dave Kimble" wrote: > > Ubuntu 14.04 with gnupg 1.4.16 installed from Ubuntu repository. > Enigmail says it is about time I upgraded to gnupg v2. > Ubuntu Software Centre says I have the latest version. > > I have git cloned gnupg ?v2.0.26? and attempted to configure. An

Re: Defaults

On 3/17/2015 11:25 PM, Kristian Fiskerstrand wrote: > On 03/17/2015 10:58 PM, Pete Stephenson wrote: >> On 3/17/2015 8:44 PM, Robert J. Hansen wrote: > > ... > >> Is Deterministic DSA only available in 2.1, or do 1.x and 2.0.x >> also have that feature? > &

Re: Defaults

On 3/17/2015 11:25 PM, Robert J. Hansen wrote: >> As long as we're considering "legacy" algorithms like RSA and DSA, >> is there any particular reason for preferring RSA over DSA at such >> key lengths? > > I have reasons to prefer RSA, yes, but whether they'll convince you is a > different matter

Re: Defaults

On 3/17/2015 8:44 PM, Robert J. Hansen wrote: > Given that 2.1 introduces a lot of new capabilities (mostly with respect > to ECC), I think now, early on in the 2.1 series, would be a good time > to discuss changing the defaults for newly-generated certificates. > > In a nutshell: > > * Off

Re: bugs.gnupg.org TLS certificate

have no other interest in those organizations. [1] https://www.godaddy.com/ssl/ssl-open-source.aspx [2] https://www.globalsign.com/en/ssl/ssl-open-source/ [3] https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx [4] https://www.gandi.net/ssl/standard -- Pete Stephenson __

Re: AES-NI, symmetric key generation

of iterations), might one be able to decrypt the message using OpenSSL and other common utilities? I suspect yes, as the encryption and compression methods are standards, but doing so would probably be non-trivial. I could be wrong with both the interpretation of the question and the answer, though.

Re: AES-NI, symmetric key generation

On 3/11/2015 6:55 PM, Maricel Gregoraschko wrote: > Thank you Pete for clearing things up. Makes a lot of sense to store > passphrase-to-key identification data, in addition to actual algorithm > used, in the output message rather than have the decryptor just assume > things. Indeed. The folks who

Re: AES-NI, symmetric key generation

On 3/10/2015 8:28 PM, Maricel Gregoraschko wrote: > Pete, > Very useful info about using --show-session-key to avoid revealing your > private asymmetric key. No worries. > In your example ("gpg --show-session-key < example.txt") , had you > somehow set up gpg to use symmetric by default, rather t

Re: AES-NI, symmetric key generation

On 3/9/2015 6:15 PM, Maricel Gregoraschko wrote: > Hello All, Hi! > 2. When using symmetric encryption and providing a passphrase, I > understand the actual encryption key is generated on the spot, used to > do the encryption, and then discarded from memory and not stored > anywhere, is that cor

Re: Help need to use truecryt + openpgp applet.

On Fri, Feb 20, 2015 at 7:00 AM, Doug Barton wrote: > On 2/19/15 12:16 AM, Pete Stephenson wrote: > >> Considering the way it was abandoned by its developers, TrueCrypt is >> probably not the best choice going forward. > > We don't know the whole story about what

Re: Help need to use truecryt + openpgp applet.

se PKCS #11 libraries. Does the JavaCard you're using support PKCS #11? Does the OpenPGP applet? -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to reset the PIN counter

On Feb 7, 2015 10:36 PM, "Duplicity Mailing List" < duplicitymailingl...@mail.ru> wrote: > > On 07/02/15 20:45, Rainer Keller wrote: > >> I save the reset code block to a text file ("reset.txt") and then run " > >> gpg-connect-agent < reset.txt". Remove and reinsert the card and it should > >> be b

Re: How to reset the PIN counter

On Feb 7, 2015 6:42 PM, "Rainer Keller" wrote: > > Hello, > > while trying to setup gpg smart card to be used for SSH authentication the PIN > retry counter reached 0. > > I tried several things using the admin PIN in order to reset the counter: > 1. "unblock PIN" > 2. "change PIN" > 3. Setting a

Re: Crypto device where I need to confirm every operation?

operation (you can enable by inserting the card and then running'gpg --card-edit', then entering 'toggle', 'admin', 'forcesig'). I'm not aware of any similar option in regards to decryption. -- Pete Stephenson

Re: Thoughts on Keybase

ation. >> (I have no invites to give out, unfortunately.) > > FWIW, I have 3 invites. If you want to grab me off-list. > > https://keybase.io/atoponce At present, I have 10 invites and would be happy to share them with those who are interested. Please contact me off-list as wel

RE: Unable to encrypt file with private/public key

ge requires the sender's (i.e., your) private key to generate the signature. In order to unlock the private key so that it can be used to sign the message, you need to provide the passphrase for your private key. Short answer: no. You need to use your passphrase (and private key) to sign a messa

RE: Unable to encrypt file with private/public key

On Dec 22, 2014 7:30 AM, "Haritwal, Dhiraj" wrote: > > Thank you very much for all the explanation/links. Now things are bit clear. > Now I have to encrypt file with partner's Public Key. I tried with below command which is still showing warning message (gpg: 89709B71: There is no assurance this k

Re: Unable to encrypt file with private/public key

On 12/19/2014 6:05 AM, Haritwal, Dhiraj wrote: > One more thing, this time when I encrypt the file with my private key > (without sign & only with armor switch), it's still asking passphrase > to decrypt it even on my same server. That means it's still using > PassPhrase to encrypt the file. Does

Re: Unable to encrypt file with private/public key

On 12/19/2014 5:36 AM, Haritwal, Dhiraj wrote: [snip] > One more query, partner is saying they are unable to decrypt this > file with my private key which they have trusted & asking to encrypt > this file with my private key & their public key (already trusted on > my server). when I am suing both

Re: Mainkey with many subkeys??

erally, but you are correct in that the information is >> retained. > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: card is permanently locked!

t the smartcard. 6. Run "gpg --card-status": the card should show as factory fresh[2]. Cheers! -Pete [1] http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037414.html [2] Fresh scent of pine is optional. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fermi estimates

ps://en.wikipedia.org/wiki/Long_and_short_scales But yes, avoiding ambiguous words like "billion" is a good idea. Using notation like 10^9, 10^12, etc. would make things more clear to readers regardless of what words they use to describe those numbers. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] The maybe final Beta for GnuPG 2.1

nal" algorithms like DSA/ELG? Cheers! -Pete [1] Cipher: AES256, AES192, AES, 3DES Digest: SHA256, SHA384, SHA512, SHA224, SHA1 Compression: ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] The maybe final Beta for GnuPG 2.1

ologies for not responding earlier. I used the same method, only I used "sudo ldconfig /path/to/PLAY/inst/lib/" rather than installing the beta to /usr/local. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.o

Re: smart card under linux

On Tue, Oct 21, 2014 at 2:50 PM, Philip Jackson wrote: > On 21/10/14 09:25, Pete Stephenson wrote: >> What is the result of running the command: >> >> echo $GPG_AGENT_INFO > > echo $GPG_AGENT_INFO > /tmp/gpg-9S6s3F/S.gpg-agent:1611:1 Interesting, thanks. In the pas

Re: smart card under linux

ike Debian) so I placed a copy of > gnupg-ccid.rules directly in that directory. But that didn't help. > > lsusb shows that the SCM card reader is recognised and present but gpg doesn't > seem to be able to make contact. > > I'd appreciat

Re: [Announce] The maybe final Beta for GnuPG 2.1

On Wed, Oct 15, 2014 at 1:00 PM, Peter Lebbing wrote: > On 04/10/14 00:28, Pete Stephenson wrote: >> To my untrained, non-developer[1] eye, there appears to be several >> things that failed though I'm not sure how to interpret things >> correctly. The full config log is

Re: [Announce] The maybe final Beta for GnuPG 2.1

ad-hoc C programs for my research, but I'm very much a beginner at this sort of thing. I apologize for my lack of knowledge in this regard. Thank you (and others) for your patience and help. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] The maybe final Beta for GnuPG 2.1

rry on this work, they need your support. See > > https://gnupg.org/donate/ Thanks for the reminder. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: NSA, PGP and RSA

ithms used in GnuPG 2.1) are also vulnerable to quantum computers. Of course, it's certainly possible that the NSA or other adversaries have compromised RSA or other algorithms, but there's no publicly-available proof of this. Cheers! -Pete -- Pete Stephenson _

Re: gmail list replies [Re: Keeping .gnupg folder in cloud]

list. I have not observed the behavior that Sudhir reports. Perhaps things behave differently between Gmail and Google Apps? There's some other minor differences, but for everything else the compose/reply options have always seemed to be quite similar. Cheers! -Pete -- Pete Stephenson __

Re: Keeping .gnupg folder in cloud

On 9/18/2014 11:32 AM, Sudhir Khanger wrote: > What are your views on keeping .gnupg folder in cloud? I am working on > a threefold backup system - a local external drive, a local nas server > and a third-party cloud service like S3/CrashPlan. Backup will be > fully encrypted client side. My plan i

Re: Help about GnuPG 1.4.9

On 9/14/2014 11:05 PM, bonn...@sanboa.info wrote: > Hello, > > I'm a completly new possible user of macgpg. > I want to use it but somme security questions don't be resolved : > I've a Mac with Mac OS 10.5.8 Intel Core 2 duo with AppleMail 3.6 and > want to download the free software. Welcome! Ho

Is it possible to sign a message with multiple digest algorithms?

Hi all, Is it possible to sign a message (or certify a key) with multiple digest algorithms? For example, one might wish to sign a message with both SHA256 and RIPEMD160. If so, how would one go about doing this? I would imagine that, if possible, the command would be similar to "gpg --armor --

Re: [Announce] [security fix] Libgcrypt and GnuPG

reminder regarding donations: I really should chip in a bit more this year. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] Libgcrypt and GnuPG

On Fri, Aug 8, 2014 at 11:44 PM, Samir Nassar wrote: > On Friday, 2014-08-08 23:34:30 Pete Stephenson wrote: >> Does this vulnerability apply to gpg4win users? > > It should, since the issues the GnuPG update addresses come after the latest > release of GPG4Win. I assumed as s

Re: [Announce] [security fix] Libgcrypt and GnuPG

Does this vulnerability apply to gpg4win users? There's been no gpg4win updates since October of 2013 and there have been several updates of GnuPG since then. I am somewhat concerned. Is there any information about when an update for Windows users might be released? Cheers! -Pete -- Pete S

Re: CRC error

On Mon, Jul 28, 2014 at 7:53 PM, wrote: > > > Thanks for the answers about the CRC error, i found what i needed, but it > took me now to other questions. Actually i got the CRC error when i modified > some strings of a public key and then i tried to import it. The CRC checksum can't tell the diff

Re: GPG4Win question

On Fri, Jul 11, 2014 at 11:45 AM, da...@gbenet.com wrote: > > Hi All, > > In what folder does gpg4win store it's gpa.conf and pubring.gpg files? > In Windows 7 at least, it's in %appdata%\Roaming\gnupg -- Pete Stephenson ___

Re: Analogien um das Prinzip von PGP zu erklären

; daniel krebs > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: riseup.net OpenPGP Best Practices article

On 6/24/2014 8:47 AM, Werner Koch wrote: > On Tue, 24 Jun 2014 05:55, fr...@frase.id.au said: > >> rounds today. Quite a lot of good info, especially regarding key >> strength and expiry, and digest preferences. > > Just for the records: _I_ do not consider the use of a 4096 bit RSA key > and a

Re: Alice, Blake, Chloe and Dharma.

everal of those names. I'm not sure if that's the origin of their use in this context, though. Anyone else? Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: list packets output & other misc

On 6/5/2014 10:44 AM, Werner Koch wrote: > On Wed, 4 Jun 2014 23:15, shm...@riseup.net said: > >> how can i mandatorily specify using other subkeys for the same primary >> key for 's' or 'e' either on command line or in an email client for >> example ? > > fortune | gpg -ea -r '12345678!' > >

Re: what hardware entropy usb key equivalent Simtec entropy key take ?

; PS: need to be compatible with GNU Linux / Debian > > Thanks in advanced for your return. > > Best Regards > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users --

Re: Access to www.gnupg.org only via TLS

On Apr 30, 2014 9:25 PM, "Doug Barton" wrote: [snip] > ... your whole premise seems to be invalid as there is no clear evidence at this time (that I'm aware of, and I've been paying attention) that any actual secret keys have been compromised by Heartbleed. It was listed as a potential risk when

Re: OpenPGP Smartcard: How to generated (non-exportable) keys on the card?

On Apr 24, 2014 10:35 PM, "privacyfirst" wrote: > > > (The first attempt to send this message failed - so I'm resending it.) > > Hello, > > one of the features of OpenPGP v2 Smartcards is "Key generation on card". > > From this I would expect a high degree of security as the key is only stored on

Re: Heartbleed attack on Openssl

On Apr 10, 2014 12:22 AM, "Felipe Vieira" wrote: > > So going back to the original question as I can see there is no disagreement on its importance: > 1) What are the consequences to the ordinary user? > All the news are lacking information on that. Can you point relevant examples? Any service us

Re: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys

sensitive information) from your first computer and then import it into the second just as you would do if you were importing any other private key. 2. Import only the your public key to the second computer, then insert the smartcard and run "gpg --card-status". This will detect the

Re: Size of client key jumped from 2KB to 25KB

ttp://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Input-and-Output.html for details. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trying to understand the bond between master and subordinate key pairs

On Wed, Feb 12, 2014 at 4:02 AM, Faru Guredo wrote: > I’ve read GNU Privacy Handbook, the FAQ and thought I understood the purpose > of all four keys initially generated with --gen-keys. > But then I found this https://wiki.debian.org/subkeys and lost it. > > tl;dr: There is suggested backup of ~/

Re: Difference between setpref and options in the configuration

On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer wrote: > When reading > , which > advises to use gpg --edit-key and setpref to choose "better" > algorithms, I told myself "Why risking forgetting the right > command-line when you can simp

Re: trying to find a folder

On Sat, Jan 25, 2014 at 1:37 AM, Justin Quakenbush wrote: > wheres my gnupg folder? The folder containing the keyrings and configuration files is typically in ~/.gnupg/ on Linux and in %appdata%/gnupg on Windows, though it may be different on your specific system. -- Pete Stephen

Re: his public key is 5 monitors high, and her same key is 1 ?

nes, though there is a point of diminishing returns. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Revocation certificates [was: time delay unlock private key.]

end the date as needed, it's easier for me to just make revocation certificates and keep them stored off-site. Your mileage may vary, of course. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Spam sent in response to GnuPG-users messages?

course) if that would help identify the offending spammer. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Usage of --symmetric

to specify the passphrase that is used as a key to encrypt and decrypt that file. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

On Jan 21, 2014 5:32 PM, "Hauke Laging" wrote: > > Am Di 21.01.2014, 16:06:36 schrieb Michael Anders: > > > I don't know if hash preference information is additionally attached > > to keys. I would guess it is not, it wouldn't make sense to me. > > Unfortunately that's not a reliable guide. > > ht

Re: Windows editor destroys gpg.conf

derstands Unix and Windows end-of-line conventions and can switch between them as needed. I've had no problems editing my gpg.conf file with it. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org

Re: article about Air Gapped OpenPGP Key

On 11/18/2013 6:21 PM, adrelanos wrote: > Hi, > > An article about air gapped OpenPGP keys has been written by me: > https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key > > Please leave feedback or hit the edit button. Maybe it's useful for > someone. It's under public domain. > > Cheers, > adrel

Re: Duplicating smartcard

On Sun, Nov 10, 2013 at 11:50 AM, Alexander Truemper wrote: > Hello everyone, > > since I could not reveal anything useful on google, here my question. > > I want to have a safe backup of my smartcard which contains my primary > key and two subkeys. Did you generate the keys on the smartcard, or

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

ow so I can avoid it). See https://en.wikipedia.org/wiki/Related-key_attack and https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security for details . According to the Wiki, the best attack on full-round AES-256 not using related keys requires 254.4 operations (see https://research.micro

Re: gpgsm and expired certificates

hat the answer to your question is "yes, gpgsm will select the correct private key for signing" as that's standard behavior for such software. Werner or others could answer authoritatively. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm and expired certificates

t private key will be needed to decrypt a particular message and, so long as you still have the private key on your system, will use it as needed even if the corresponding certificate has expired. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

ually see the signature itself as it's processed automatically by the package manager. In their case, there's no specific reason to *not* use 4096-bit keys. It all depends on your use case, I suppose. Cheers! -Pete -- Pete Stephenson _

Re: trust your corporation for keyowner identification?

On Wed, Oct 16, 2013 at 4:20 PM, Johan Wevers wrote: > On 16-10-2013 15:28, Pete Stephenson wrote: > >> I would be reasonably sure that a key signed by an HR department >> actually belongs to the named person, > > Although I would certainly NOT assume that that person woul

Re: trust your corporation for keyowner identification?

On Wed, Oct 16, 2013 at 2:04 PM, Brian J. Murrell wrote: > If you worked in a corporate environment, would you trust the HR > department there to have verified the identity of employees well enough > to leverage that into signing a GPG key? In general, I'd be fine with that. Corporations generall

Re: New GPLv3 OpenPGP card implementation (on a java card).

On Wed, Oct 16, 2013 at 11:40 AM, Werner Koch wrote: > On Tue, 15 Oct 2013 11:41, p...@heypete.com said: > >> Also, are there any smartcards out there that would support DSA/ELG >> keys? All the cards I've seen and used support RSA only. > > You don't want DSA on smartcards - at least not until th

Re: New GPLv3 OpenPGP card implementation (on a java card).

On Tue, Oct 15, 2013 at 7:42 AM, Ann O'nymous wrote: > If anyone is interested I wrote a java card implementation of the OpenPGP > card and released it under the GPLv3 Excellent! > Features and limitations: > - 2048 bit RSA keys only Is this a hardware limitation, or could it be increased in th

Re: OpenPGP Smartcard + signing email = two signatures?

On 10/11/2013 10:40 PM, John Clizbe wrote: > Nothing nefarious going on, nor is it a bug. Take a look at the source of your > PGP/MIME signed email. > >> This is an OpenPGP/MIME signed message (RFC 4880 and 3156) >> --===0134039850== >> Content-Type: multipart/signed; micalg=pgp-sha512

Re: OpenPGP Smartcard + signing email = two signatures?

On 10/1/2013 7:48 PM, Peter Lebbing wrote: > On 30/09/13 23:10, Pete Stephenson wrote: >> Has anyone else observed this behavior? If so, is there an explanation? > > It's probably a benign bug, but it would obviously also be a reasonably good > way > to get signatures i

OpenPGP Smartcard + signing email = two signatures?

Hi all, I use Thunderbird, Enigmail, and GnuPG on Windows 7 (among others). I have my primary cert/sign key on one smartcard and two subkeys (signature + encryption) on another. I have the "force signature PIN" option enabled for both cards. Tonight I was using the card with the subkeys to sign

Re: Question about a perfect private Key store for today's environment

, and it's difficult with webmail-only services that people use these days. It becomes much more straightforward if one uses a mail client program. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Sign key and export for each UID

lid?" I can't speak for Doug, but I consider UIDs corresponding to no-longer-functioning email addresses to be invalid and won't sign them as I have no idea if the keyholder is the actual owner of that address. -- Pete Stephenson ___ Gn

Re: Pgp key

ve your own PGP key? Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: newbie and smartcard, I'm lost.

, by itself, in a text file) you can program that URL into your smartcard in the "URL of public key" section (gpg --card-edit, admin, url). When you get to a new computer, you can insert the card, run "gpg --card-edit", then run "fetch" and GPG will fetch the public key

Re: Why trust gpg4win?

ce, which converts it to USB and transmits that data to the computer. The device appears as a serial port on the computer. In brief, the device you linked to tunnels serial-over-USB. My thought was to do filesystem-access-over-serial. Mine is probably a very silly idea and I was basically throwin

Re: Problems using 10kbit keys in GnuPG instead of 4kbit keys

On Tue, Sep 10, 2013 at 3:31 PM, Ole Tange wrote: > I have not heard of the primary certification key before. Is it the > 'C' in 'usage: SCEA'? Yes. The certification key is used when signing (more properly, "certifying") other people's public keys. A signing key can be used for signing files or

Re: Why trust gpg4win?

t might work for relatively small file transfers (or for those willing to wait). Is such a thing even possible? -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problems using 10kbit keys in GnuPG instead of 4kbit keys

ysize from the current 4096 to, say 8192 (or 15,360 or 16,384) bits so that users who desired such keys could create them easily. (It'd probably be best to require an "--expert" flag to expose such options, at least for a while.) Thanks again fo

Re: SSL on gnupg.org

The CAcert root isn't (yet -- there's a bunch of work needed to be done to get the CAcert root to pass an audit and be included). Your mileage, of course, may vary. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Some doubts about signature procedure

. You might find more details about digital signatures at https://en.wikipedia.org/wiki/Digital_signature . There may also be a Wikipedia article that describes signatures in your own language. > In this case I can't understand the benefit of signing procedure. > I&

  1   2   >