vate key from a computer to a
smartcard without replacing the private key on the computer with a stub
pointing to the card?
Request:
If it is not currently possible to do this, I request that such a feature (e.g.
"copykeytocard" rather than "keytocard") be added when convenient
ther than 512 bits, and has equivalent
security to a 256 bit symmetric key.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
. If you haven't already
done this before importing them onto the card, you're out of luck.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Tue, Oct 10, 2017, at 05:39 PM, Whitey wrote:
> Pete Stephenson wrote:
> > On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote:
> >> I read once here on the Mailing List that one should only use
> >> trusted USB devices, whatever that means, when using an USB
> &
in terms of performance and is cheap enough that I have a bunch
lying around the house anyway. ;)
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
spam as mail servers
think the mailing list server is forging messages for those domains.
I'd be happy to provide more information but don't want to needlessly
add noise to the list.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mai
It's not as hard as you might think, at least in terms of 32-bit
fingerprints: https://evil32.com/
--
Pete Stephenson
On Mon, Jun 19, 2017, at 08:00 AM, Lou Wynn wrote:
> According to my understanding of crypto theory, your only way is to
> generate keys and compare their fingerprin
's not hideously inconvenient to
restore the QR codes using nothing more than a webcam.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
bottom of every message sent to the
list and follow the directions to unsubscribe.
Cheers!
-Pete
On Aug 24, 2016 18:51, "lynda.har...@sympatico.ca" <
lynda.har...@sympatico.ca> wrote:
> I have contacted you several times to unsubscribe me please.
>
>
>
>
&
need to
type in to Terminal.
>
> Please help?
Hi Alex,
The tarball is for if you want to compile GnuPG from source. This is
probably not what you want to do.
The GPGtools project has a nice, easy-to-use installer for GPG on OS X.
Their site is at ht
need to
type in to Terminal.
>
> Please help?
Hi Alex,
The tarball is for if you want to compile GnuPG from source. This is
probably not what you want to do.
The GPGtools project has a nice, easy-to-use installer for GPG on OS X.
Their site is at ht
people,
etc.), but "don't advocate non-libre software or products" isn't one
of them. I understand wanting to keep discussions related to GnuPG and
related subjects, so advocating or discussing third-party services may
be considered off-topic, but you seem to be refer
t happen? This is the first time that I see 100% false positive
of the gmail spam filter.
I've observed the sane thing here on a Google Apps-hosted mail service
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
at Apple or the Feds can't load modified software onto the
phone that disables the auto-erase, delay, and lockout functionality. It
is, after all, just software.
Even if the functionality is baked into hardware, hardware can be taken
apart, examined, and modified. It's expensive, risks losing
t match the data
that was originally signed by the author. It's possible this could be
due to an error by the signer, a transmission error over the internet,
or intentional tampering.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
yption subkey can always decrypt messages that were
encrypted to it. However, other users cannot encrypt new messages to a
revoked encryption subkey (assuming the sender knows its revoked, which
is not always the case).
> Any thoughts / clarification appreciated.
I hope this helps a bit. If I can clarify things more, please let me know.
Again, welcome to the world of GnuPG.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
RSA keys can get positively massive.
Paperkey adds some checksums that help identify errors.
QR codes have redundancy and error correction and can be (relatively)
quickly scanned with a common webcam. This helps reduce the possibility
of error and speeds up recovery.
> Thoughts, ideas and real world experience on securely handling backups
> of your sensitive GPG data would be _greatly_ appreciated!
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
tive data, one should encrypt the data first and then
generate the PAR2 files -- that way no information about the encrypted
content can leak.
Cheers!
-Pete
[1] https://en.wikipedia.org/wiki/Parchive
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ecurves.cr.yp.to/ for details, I'm hardly an expert).
Additionally, GnuPG implements the non-standard Curve25519 (but only
for signing at the moment -- encryption will come later after things
have been standardized) which should be safe.
Cheers!
-Pete
--
Pete Stephenson
_
at takes care of all the dependencies and compiling?
Compiling from source is not for the faint of heart. Fortunately, the
gnupg2 package exists on Ubuntu and makes the installation easy.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 3/17/2015 11:25 PM, Kristian Fiskerstrand wrote:
> On 03/17/2015 10:58 PM, Pete Stephenson wrote:
>> On 3/17/2015 8:44 PM, Robert J. Hansen wrote:
>
> ...
>
>> Is Deterministic DSA only available in 2.1, or do 1.x and 2.0.x
>> also have that feature?
>
&
- but, at the same time, it's freaking enormous. From
> here on out, every improvement is going to reduce the effective strength
> of IDEA. We're no longer playing games of trying to extend things to
> the full cipher: for the last three years we've been watching the fu
, let's see about making these other
> overdue changes.
Alas, a lot of Linux distributions are quite slow-moving: it's unlikely
that distributions like Debian and Ubuntu will have GnuPG 2.1.x
available (let alone installed by default) for several years.
Yes, the cha
jects. Resellers[3][4] also offer quite
reasonably-priced ($9 USD/year) certs as a standard price.
Cheers!
-Pete
Full disclosure: I'm a paying customer of StartSSL, Gandi, and
NameCheap, and have several certificates from each for different
purposes. Other than being a customer, I
of
iterations), might one be able to decrypt the message using OpenSSL
and other common utilities? I suspect yes, as the encryption and
compression methods are standards, but doing so would probably be
non-trivial.
I could be wrong with both the interpretation of the question and the
answer, though.
On 3/11/2015 6:55 PM, Maricel Gregoraschko wrote:
> Thank you Pete for clearing things up. Makes a lot of sense to store
> passphrase-to-key identification data, in addition to actual algorithm
> used, in the output message rather than have the decryptor just assume
> things.
Indee
On 3/10/2015 8:28 PM, Maricel Gregoraschko wrote:
> Pete,
> Very useful info about using --show-session-key to avoid revealing your
> private asymmetric key.
No worries.
> In your example ("gpg --show-session-key < example.txt") , had you
> somehow set up gpg to use
n.
Here's an example of text I encrypted with "gpg --symmetric":
-BEGIN PGP MESSAGE-
Version: GnuPG v1
jA0EAwMCYFod0NxVEONgySM6oLcax81PoXTPKk2R+zdP2XZ+rA1ILbKy3+sg0xs8
B8SW2A==
=Iz40
-END PGP MESSAGE-
The passphrase is "test" (no quotes).
pete@kaylee:~$ g
On Fri, Feb 20, 2015 at 7:00 AM, Doug Barton wrote:
> On 2/19/15 12:16 AM, Pete Stephenson wrote:
>
>> Considering the way it was abandoned by its developers, TrueCrypt is
>> probably not the best choice going forward.
>
> We don't know the whole story about what
se PKCS #11
libraries. Does the JavaCard you're using support PKCS #11? Does the
OpenPGP applet?
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
,
> > Rainer
>
> What version was your card? It should work fine on a 2.0 smart card,
> but, it's by design made to brick 1.X cards. Pete probably should have
> warned you about this first.
In retrospect I should have, but the output of gpg --card-edit Rainer
posted showed
t < reset.txt". Remove and reinsert the card and it should
be back to factory defaults.
It is worth pointing out that this completely nukes any keys on the card.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
operation (you can enable by
inserting the card and then running'gpg --card-edit', then entering
'toggle', 'admin', 'forcesig').
I'm not aware of any similar option in regards to decryption.
--
Pete Stephenson
ation.
>> (I have no invites to give out, unfortunately.)
>
> FWIW, I have 3 invites. If you want to grab me off-list.
>
> https://keybase.io/atoponce
At present, I have 10 invites and would be happy to share them with
those who are interested. Please contact me off-list as wel
ge requires the sender's (i.e., your) private key to
generate the signature. In order to unlock the private key so that it can
be used to sign the message, you need to provide the passphrase for your
private key.
Short answer: no. You need to use your passphrase (and private key) to sign
a messa
r
keys. The default is for trust to be set to "marginal".
By combining signatures and trust, one forms a "web of trust":
https://en.wikipedia.org/wiki/Web_of_trust
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Art of the Problem"
video series on cryptography[3] to be interesting.
Mozilla also has an introduction to cryptography[4] which might also
help clarify things. While it focuses on the use of cryptography in a
general web browser-server system, many of the concepts apply to GnuPG.
Cheer
message to your
partner's public key, your partner needs to use their private key to
decrypt the message.
They can use your public key for verifying your signature on the
encrypted file.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gn
e encrypted to my ElGamal subkey they could use "gpg --encrypt
--armor -r 19DF6C14!"
Cheers!
-Pete
> And what's about backward compatibility?
>
> Thanks for any hint, regards, Chris
>
>
>> -Original Message-
>> From: Gnupg-users [mailto:gnupg-users-bo
t the smartcard.
6. Run "gpg --card-status": the card should show as factory fresh[2].
Cheers!
-Pete
[1] http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037414.html
[2] Fresh scent of pine is optional.
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ps://en.wikipedia.org/wiki/Long_and_short_scales
But yes, avoiding ambiguous words like "billion" is a good idea. Using
notation like 10^9, 10^12, etc. would make things more clear to
readers regardless of what words they use to describe those numbers.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
tized over SHA512 by default in the key prefs, an
error occurs.
Here's an excerpt of the terminal output, where AF25682B is a primary
test key using brainpoolP512r1 while D74B165F is a test encryption
subkey using the same curve:
=
pete@kaylee:~/gpg/gnupg-2.1.0-beta895/PLAY/inst/bin$ ./gpg2 --h
ologies for not responding earlier.
I used the same method, only I used "sudo ldconfig
/path/to/PLAY/inst/lib/" rather than installing the beta to
/usr/local.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.o
On Tue, Oct 21, 2014 at 2:50 PM, Philip Jackson
wrote:
> On 21/10/14 09:25, Pete Stephenson wrote:
>> What is the result of running the command:
>>
>> echo $GPG_AGENT_INFO
>
> echo $GPG_AGENT_INFO
> /tmp/gpg-9S6s3F/S.gpg-agent:1611:1
Interesting, thanks.
In the pas
ike Debian) so I placed a copy of
> gnupg-ccid.rules directly in that directory. But that didn't help.
>
> lsusb shows that the SCM card reader is recognised and present but gpg doesn't
> seem to be able to make contact.
>
> I'd appreciat
On Wed, Oct 15, 2014 at 1:00 PM, Peter Lebbing wrote:
> On 04/10/14 00:28, Pete Stephenson wrote:
>> To my untrained, non-developer[1] eye, there appears to be several
>> things that failed though I'm not sure how to interpret things
>> correctly. The full config log is
ad-hoc C programs for my research,
but I'm very much a beginner at this sort of thing. I apologize for my
lack of knowledge in this regard. Thank you (and others) for your
patience and help.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
nd
***
configure: error:
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***
make[1]: ***
[/home/pete/gpg/gnupg-2.1.0-beta864/PLAY/stamps/stamp-gnupg-01-configure]
Error 1
make[1]: Leaving directory `/home/pete/gpg/gnupg-2
ithms
used in GnuPG 2.1) are also vulnerable to quantum computers.
Of course, it's certainly possible that the NSA or other adversaries
have compromised RSA or other algorithms, but there's no
publicly-available proof of this.
Cheers!
-Pete
--
Pete Stephenson
_
list.
I have not observed the behavior that Sudhir reports. Perhaps things
behave differently between Gmail and Google Apps? There's some other
minor differences, but for everything else the compose/reply options
have always seemed to be quite similar.
Cheers!
-Pete
--
Pete Stephenson
__
ecting the key is strong, and
your system has not been compromised (e.g. there's no keylogger),
there's very little to worry about. Still, probably not a good idea.
Cheers!
-Pete
[1]
<https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/>
but might not be
installed on 10.5. If it's not installed, you could install it but
that's typically not a trivial thing to do.
Check if it's installed by running:
openssl version
from the terminal.
As for your other questions, I'm not sure. Hopefully someone else can
answer.
Cheers!
-Pete
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
er
clients while providing greater security for modern ones).
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
reminder regarding donations: I really should chip in a
bit more this year.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Fri, Aug 8, 2014 at 11:44 PM, Samir Nassar wrote:
> On Friday, 2014-08-08 23:34:30 Pete Stephenson wrote:
>> Does this vulnerability apply to gpg4win users?
>
> It should, since the issues the GnuPG update addresses come after the latest
> release of GPG4Win.
I assumed as s
Does this vulnerability apply to gpg4win users?
There's been no gpg4win updates since October of 2013 and there have
been several updates of GnuPG since then. I am somewhat concerned.
Is there any information about when an update for Windows users might
be released?
Cheers!
-Pete
--
Pete S
nerated as needed from the private key.
If you import a private key and there is no corresponding public key in the
keyring, GPG automatically recreates the public key and puts it in the
keyring. As far as I know there is no way to import only a private key
without the corresponding public key.
Che
On Fri, Jul 11, 2014 at 11:45 AM, da...@gbenet.com wrote:
>
> Hi All,
>
> In what folder does gpg4win store it's gpa.conf and pubring.gpg files?
>
In Windows 7 at least, it's in %appdata%\Roaming\gnupg
--
Pete Stephenson
___
; daniel krebs
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
(e.g. 512-bit RSA) is a
problem, but key size is not an issue with the defaults.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
everal of those names. I'm not sure if that's
the origin of their use in this context, though. Anyone else?
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t; numbers are specified in RFC-4880.
Specifically, that information is available at
<http://tools.ietf.org/html/rfc4880#page-62>, in sections 9.1 through
9.4, inclusive.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
rated
entropy if it drops below 90%.
# You can change these values to whatever you feel would work best for you.
RNGDOPTIONS="--fill-watermark=90% --feed-interval=1"
###
Please note this assumes that the HWRNG has not been subverted,
broken, or doing something unexpected.
I hope this h
modo costs $49/year, but
the same cert purchased via NameCheap is only $9/year.
Gandi.net, a French registrar, also offers certs chained to Comodo at a
reasonable price, though they're slightly more expensive than US-based
NameCheap.
Cheers!
-Pete
[1] http://www.godaddy.com/s
ard with a specific serial number (to distinguish it from other
smartcards you might use for other keys).
It does not contain any private data.
If you were to go to a different system, import your public key (say, from
a keyserver), insert your smart
ss of what browser
clients use.
> 3) How about Ubuntu and other OSs? Do they use openssl to update
themselves? (as in "apt-get update && apt-get upgrade").
Ubuntu and Debian use GnuPG to sign packages but updates typically take
place over unencrypted connections. Th
sensitive information) from your
first computer and then import it into the second just as you would do
if you were importing any other private key.
2. Import only the your public key to the second computer, then insert
the smartcard and run "gpg --card-status". This will detect the
ttp://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Input-and-Output.html
for details.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
specifically use them (GnuPG will sign
messages with the newest signing subkey by default).
In short: your subkeys are linked to your primary key and GnuPG will
handle subkeys automatically and transparently without your needing to
worry about their KeyIDs.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
it-key KEYID", "setpref" with an
empty string for the preferences, and "save" on an existing key) will
set the key preferences to that string.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Sat, Jan 25, 2014 at 1:37 AM, Justin Quakenbush
wrote:
> wheres my gnupg folder?
The folder containing the keyrings and configuration files is
typically in ~/.gnupg/ on Linux and in %appdata%/gnupg on Windows,
though it may be different on your specific system.
--
Pete Stephen
nes, though there is a point
of diminishing returns.
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t
their key is, in fact, revoked.
Also, not all keys have expiration dates. I, for one, tend not to set
expiration dates on my primary keys, but instead rotate encryption and
signing subkeys (which do have expiration dates) for day-to-day use.
While I could put an expiration date on the primary and ext
course) if that would help
identify the offending spammer.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
to specify the
passphrase that is used as a key to encrypt and decrypt that file.
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Jan 21, 2014 5:32 PM, "Hauke Laging"
wrote:
>
> Am Di 21.01.2014, 16:06:36 schrieb Michael Anders:
>
> > I don't know if hash preference information is additionally attached
> > to keys. I would guess it is not, it wouldn't make sense to me.
>
> Unfortunately that's not a reliable guide.
>
>
ht
derstands
Unix and Windows end-of-line conventions and can switch between them
as needed. I've had no problems editing my gpg.conf file with it.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org
isolated
computer, back them up safely, then copy the keys to the smartcard. You
can then use the smartcard on your everyday system without risk of
exposing the private keys. I have an RSA primary key on one smartcard
and RSA signing/encryption subkeys on another smartcard. (I also have a
thir
rivate keys according to pgpdump.
>
> How can this be? (I see no smartcard activity on the terminal and no
> PIN is asked)
It exports the "stub" private keys that, in essence, say "The actual
private keys exist on the smartcard with $SERIAL_NUMBER". These stubs
ow so I can avoid it).
See https://en.wikipedia.org/wiki/Related-key_attack and
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security
for details .
According to the Wiki, the best attack on full-round AES-256 not using
related keys requires 254.4 operations (see
https://research.micro
hat the answer to your
question is "yes, gpgsm will select the correct private key for
signing" as that's standard behavior for such software.
Werner or others could answer authoritatively.
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t private key will be
needed to decrypt a particular message and, so long as you still have
the private key on your system, will use it as needed even if the
corresponding certificate has expired.
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ually see the signature itself as it's processed
automatically by the package manager. In their case, there's no
specific reason to *not* use 4096-bit keys.
It all depends on your use case, I suppose.
Cheers!
-Pete
--
Pete Stephenson
_
On Wed, Oct 16, 2013 at 4:20 PM, Johan Wevers wrote:
> On 16-10-2013 15:28, Pete Stephenson wrote:
>
>> I would be reasonably sure that a key signed by an HR department
>> actually belongs to the named person,
>
> Although I would certainly NOT assume that that person woul
one, recognize their voice, and they read
me their key fingerprint).
I would be reasonably sure that a key signed by an HR department
actually belongs to the named person, but I wouldn't publicly assert
that by signing their key.
Your mileage may vary. :)
Cheers!
-Pete
_
RNG built in.
I'm not familiar with RFC 6979. Thanks for the link. It's good to see
people taking that issue into account.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t be increased in the future?
Also, are there any smartcards out there that would support DSA/ELG
keys? All the cards I've seen and used support RSA only.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
;m again prompted for two signature PINs
on the first PGP/MIME message but only one on following messages.
Does Enigmail cache the hash type used for the signature for a length of
time (say, the duration that Thunderbird remains open) so it doesn't
need to prompt for two signature PINs?
> HTH,
>
> -John
It does indeed. Thank you.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 10/1/2013 7:48 PM, Peter Lebbing wrote:
> On 30/09/13 23:10, Pete Stephenson wrote:
>> Has anyone else observed this behavior? If so, is there an explanation?
>
> It's probably a benign bug, but it would obviously also be a reasonably good
> way
> to get signatures i
ed for a while, it's only happened
intermittently and I can't reproduce it on demand (e.g. it happened to
the first signed message I sent today, but not the second. It occurred
when I tried signing this message.) Has anyone else observed this
behavior? If so, is there an explanation?
in a text editor like Notepad or something similar), then perform
the encrypt/sign operations, then copy-paste the encrypted/signed
output into the webmail compose window.
> What are your opinions about the thought above?
> What are your solution which you use?
Usability is a big concern
lid?"
I can't speak for Doug, but I consider UIDs corresponding to
no-longer-functioning email addresses to be invalid and won't sign
them as I have no idea if the keyholder is the actual owner of that
address.
--
Pete Stephenson
___
Gn
ve your own PGP key?
Cheers!
-Pete
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
, by
itself, in a text file) you can program that URL into your smartcard
in the "URL of public key" section (gpg --card-edit, admin, url). When
you get to a new computer, you can insert the card, run "gpg
--card-edit", then run "fetch" and GPG will fetch the public key
;> So what about using that free USB stack for AVR's to implement a flash
>>> device? You would be able to audit about everything; flylogic even has
>>> these nice pictures of the ATmega88 masks...
>>
>> Sorry, I don't follow your reasoning here.
>>
owly when needed.
Unfortunately not. It is the primary key and its properties (e.g. key
length) cannot be changed.
Cheers!
-Pete
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
t might work for relatively small file
transfers (or for those willing to wait).
Is such a thing even possible?
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ysize from the current
4096 to, say 8192 (or 15,360 or 16,384) bits so that users who desired
such keys could create them easily. (It'd probably be best to require
an "--expert" flag to expose such options, at least for a while.)
Thanks again fo
The CAcert root
isn't (yet -- there's a bunch of work needed to be done to get the
CAcert root to pass an audit and be included). Your mileage, of
course, may vary.
--
Pete Stephenson
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
.
You might find more details about digital signatures at
https://en.wikipedia.org/wiki/Digital_signature . There may also be a
Wikipedia article that describes signatures in your own language.
> In this case I can't understand the benefit of signing procedure.
> I&
1 - 100 of 138 matches
Mail list logo
