what is "correct" for users' Preferred keyserver ?

i've seen a multitude of ways people input data into this pref for example, some people put a link to their public key .asc or .txt file some others put a link to an actual keyserver from the name of the actual pref, it states a keyserver, so shouldn't users input a link to their Preferred keyse

[2] cipher when viewing key prefs

i recently saw [2] listed as the last cipher in somebody's public key the key didn't specify 3DES neither - that goes against the RFC but how is that possible ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinf

gpg --verify email.eml

lately some recipients have not been able to decrypt some emails ie. some can decrypt them; some can't every time i send a signed+encrypted email, enigmail reports signature verification failed but the status bar is green ! but when i send just signed emails, no problem with sig verification (st

Re: Different signing & encryption keys

On Wed, 13 Aug 2014 06:29, r...@sixdemonbag.org said: > Look at the right hand side. For each subkey (including the main > signing key) there will be an entry for "usage". This field can contain > the letters S, C, A, or E. Using --edit-key is a bit cumbersome and --with-colons is hard to read.

Re: [openpgp] SHA-2 support should be mandatory – change defaults

On Wed, 13 Aug 2014 08:09, ved...@nym.hush.com said: > Otherwise, all our encrypted messages will not be able to be decrypted in > later versions of GnuPG, and if the encrypted messages were signed, they > would no longer be able to be verified, Being abke to decrypt is important and thus this

Re: Requesting public key with GnuPG 1.4.18

On Wed, 13 Aug 2014 06:24, laurent.ju...@skynet.be said: > I see key 0x05E136A0 is about to be requested from server, but what's > that > secundary number "FC3B17DE05E136A0"? That is the same key. The first is the short and the second the long key id: 05E136A0 FC3B17DE05E136A0

Re: [openpgp] SHA-2 support should be mandatory – change defaults

On Wed, 13 Aug 2014 05:41, ds...@jabberwocky.com said: > How about remove the functions in 2.1, and add a warning (in the docs, > and perhaps upon use in the code) that the functions will be going > away in 2.0? That might be aggressive, but then, 2.1 isn't officially > released yet, so it's not

Re: [2] cipher when viewing key prefs

On Wed, 13 Aug 2014 09:01, shm...@riseup.net said: > i recently saw [2] listed as the last cipher in somebody's public key > > the key didn't specify 3DES neither - that goes against the RFC but how > is that possible ? 2 actually is 3DES. However it is not required because OpenPGP always uses 3D

Re: Different signing & encryption keys

On 12/08/14 21:05, Werner Koch wrote: > On Tue, 12 Aug 2014 19:50, ps...@ubuntu.com said: >> We used to use different keys for signing and encrypting ( DSA & El >> Gammel ), but these days just seem to use a single RSA key by default. > > That is not the case. GnuPG creates an RSA signing key and

Re: Gnupg-users Digest, Vol 131, Issue 15

> I'm not sure, but didn't discrete-logarithm keys scale > roughly equivalently to RSA? I think so, but I'm not sure... and > The guidance from NIST is: > > [1] shannons of entropy needed > [2] bits of symmetric key > [3] bits of RSA/DSA/ELG > [4] bits of ECDSA/ECetc. > > > [1] [2] [3

Re: gpg: checking created signature failed: Bad signature

The plot thickens. I have just generated a new keypair on the Arch Linux box where I'm having the problem and I can use this new key (repeatedly) to "gpg2 --clearsign doc" and it works every time. So, it seems that the 'Bad signature' issue is related solely to my 'primary' key, which would sugge

keys.gnupg.net - Refresh all public keys never completes in Enigmail, some servers down?

Please CC me in etc, I'm not subscribed to the list. Haven't been able to 'refresh all public keys' on keys.gnupg.net in Enigmail for a while now (only have two keys), so I had a look at the servers responsible (host keys.gnupg.net) - the following appear to be bad for me accessing from the UK: 1

Re: Requesting public key with GnuPG 1.4.18

Hello Werner ! Werner Koch wrote: >> I see key 0x05E136A0 is about to be requested from server, but what's >> that secundary number "FC3B17DE05E136A0"? > That is the same key. The first is the short and the second the long > key id: > 05E136A0 > FC3B17DE05E136A0 I had a d

Seeking clarification with a few GPG concepts

Hello, I'm new to GPG, and after having read the documentation, I still have a few questions: Suppose Alice generates a new master signing key, and along with it the UID "Alice ". Then, she issues adduid to add "Alice ", her company mailing address. After some time, she leaves the company, in

Seeking clarification with a few GPG concepts

Hello, I'm new to GPG, and after having read the documentation, I still have a few questions: Suppose Alice generates a new master signing key, and along with it the UID "Alice ". Then, she issues adduid to add "Alice ", her company mailing address. After some time, she leaves the company, in

Re: Different signing & encryption keys

On 13/08/14 10:56, Philip Jackson wrote: > I don't recall having been prompted by gpg to specify a sub-key so I could say > that gpg produced a single key 'by default'. You say you generated it with the --batch command, and go on to say you weren't prompted. Since --batch, unattended key generatio

Re: Different signing & encryption keys

On 13/08/14 09:37, Werner Koch wrote: > Thus what about this new option: That sounds like a nice thing to have. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at

Re: Seeking clarification with a few GPG concepts

Hello, > Can she add a new UID of the same name "Alice " to > her gpg key again? I'm pretty sure that, yes, you can. > In another scenario, Alice not only has a master key, but also > subordinate keys, say for her notebook and mobile phone. First, can > she say that the mobile phone should be

Re: Seeking clarification with a few GPG concepts

Am Mi 13.08.2014, 11:57:12 schrieb pze...@hushmail.com: > updated public key to everyone she's in contact with. Then, for some > reason, Alice joins aforementioned company again, re-gaining control > of her mail address u...@company.com. Can she add a new UID of the > same name "Alice " to her gpg

Re: Seeking clarification with a few GPG concepts

Am Mi 13.08.2014, 12:23:24 schrieb Peter Lebbing: > > Can she add a new UID of the same name "Alice " to > > her gpg key again? > > I'm pretty sure that, yes, you can. Give it a try... > practice, you'll usually see that it will be encrypted to the last > created non-expired key. Not the last

Re: Seeking clarification with a few GPG concepts

Thanks for your helpful answers, Hauke and Peter! I have a followup question, if you don't mind: How much history is saved in a gpg key? Say, for example, I have a gpg key with uid1 associated, and I publish that. Then, I add uid2, but before handing out my updated gpg key to anybody, I decide

Re: Seeking clarification with a few GPG concepts

On 13/08/14 12:30, Hauke Laging wrote: > the same string is the same UID The signature is newer than the > revocation thus the UID is valid again. Unfortunately you cannot rely > on this as the RfC does not enforce using the newest signature but > GnuPG behaves this way. The RFC says very little o

Re: Seeking clarification with a few GPG concepts

On 13/08/14 12:37, Hauke Laging wrote: > Give it a try... OK. $ gpg2 --homedir gpgtest -k DCDFDFA4 pub 1024R/DCDFDFA4 2012-03-17 [expires: 2014-08-15] uid [ full ] Test Teststra uid [ full ] Test Teststra (Koning van Wezel) sub 1024R/77A3395A 2012-03-17 Revoking the work UI

Re: Seeking clarification with a few GPG concepts

On 13/08/14 13:30, pze...@hushmail.com wrote: > How much history is saved in a gpg key? Pretty much everything. You can edit what you give others to your heart's content, but old data will still linger in a lot of places and can recombine with your new data. Keyservers in particular never throw an

Re: Seeking clarification with a few GPG concepts

On 13/08/14 14:22, Peter Lebbing wrote: > Okay, the UI doesn't let us do it that easily. Delete that old one. Alternatively, delete only the revocation signature and the self-signature using "delsig" and resign using "sign". That way, you keep certifications in your local copy. The "delsig" interf

Re: Seeking clarification with a few GPG concepts

Hi, and thanks again for your answer. I have the feeling I may have formulated my question badly. I do know that data that has been out in the open cannot be made forgotten. What I wanted to ask was this, basically: Assume I generate a completely new gpg key and play around with it. Say I add so

Re: Gnupg-users Digest, Vol 131, Issue 15

On 8/13/2014 4:38 AM, Michael Anders wrote: > Baltimore published: Fort Meade is actually closer to Laurel than it is to Baltimore. > (http://www.nsa.gov/business/programs/elliptic_curve.shtml) > > symm. RSA ECC > 801024160 > 112 2048224 > 128 3072256 > 192 768038

Re: Seeking clarification with a few GPG concepts

Am Mi 13.08.2014, 14:54:40 schrieb pze...@hushmail.com: > Say I add > some UIDs and some subordinate keys, and then remove a subset of > those. Only after having done all this, I upload this key's public > info, for the first time, to a keyserver and tell you about it. Could > you now, from this o

Re: Seeking clarification with a few GPG concepts

On 13/08/14 14:54, pze...@hushmail.com wrote: > Could you now, from this one snapshot, tell which UIDs and subkeys I > added and then deleted again? Ah, right. It depends a bit. Especially self-signatures, which include key preferences, do normally accumulate. But if you use export-minimal or the

James Mickens on security

Microsoft Research's James Mickens wrote several humorous columns for USENIX in which he interspersed brilliant insights with side-splitting humor. I just found his "This World We Live In," which has a good bit about PGP in it. You can find his original at: http://research.microsoft.com/en-u

RE: Gnupg-users Digest, Vol 131, Issue 15

Hi Robert, You are both correct. The hash strength=512 curve is called P-521. Thanks, Bob Cavanaugh -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Robert J. Hansen Sent: Wednesday, August 13, 2014 6:08 AM To: gnupg-users@gnupg.org Subject: Re:

Back to normal now

Hauke, Yesterday whilst figuring out what to do, I found that I was logged out - my Linux box refused to accept my password. Anyway having copied the contents of my home directory - I reinstalled LXDE. Then slowly configured. I installed gpg2 - created the directory and associated files and th

RE: FAQ change, final draft

Hi Robert, This looks great. One very minor point (possibly not germane, please comment): Are you discussing the reliability of the NIST P curves for ECC? What is GPG planning as the default curves? NIST, Brainpool or ? Thanks, Bob Cavanaugh -Original Message- From: Gnupg-users [mailt

Re: FAQ change, final draft

Hi Robert, This looks great. One very minor point (possibly not germane, please comment): Are you discussing the reliability of the NIST P curves for ECC? No, because that's the first time anyone's asked that question on the list -- so it's not a frequently asked question. :) What is GPG pl

Re: Back to normal now

You could have just booted in from the lxde DVD and reset your password... On Aug 13, 2014 11:22 AM, "da...@gbenet.com" wrote: > Hauke, > > Yesterday whilst figuring out what to do, I found that I was logged out - > my Linux box > refused to accept my password. > > Anyway having copied the conten

Re: FAQ change, final draft

On Wed, 13 Aug 2014 19:46, robe...@broadcom.com said: > This looks great. One very minor point (possibly not germane, please > comment): Are you discussing the reliability of the NIST P curves for > ECC? What is GPG planning as the default curves? NIST, Brainpool or ? For signing Ed25519 which us

Re: Seeking clarification with a few GPG concepts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 13 August 2014 at 9:44:59 AM, in , pze...@hushmail.com wrote: > she issues adduid to add "Alice ", > her company mailing address. After some time, she > leaves the company, invalidating her email address. > Consequently, she revok

Re: Seeking clarification with a few GPG concepts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 13 August 2014 at 1:45:20 PM, in , Peter Lebbing wrote: > On 13/08/14 14:22, Peter Lebbing wrote: >> Okay, the UI doesn't let us do it that easily. Delete that old one. > Alternatively, delete only the revocation signature and >

Re: keys.gnupg.net - Refresh all public keys never completes in Enigmail, some servers down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/12/2014 09:21 PM, OmegaPhil wrote: > Please CC me in etc, I'm not subscribed to the list. > > Haven't been able to 'refresh all public keys' on keys.gnupg.net > in Enigmail for a while now (only have two keys), so I had a look > at the servers

Re: Seeking clarification with a few GPG concepts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 13 August 2014 at 11:30:00 AM, in , Hauke Laging wrote: > i.e. the same string is the same UID and cannot be > created twice in a certificate. Interesting. When I tested, GnuPG allowed me to add another UID with exactly the same

Re: Seeking clarification with a few GPG concepts

Am Mi 13.08.2014, 22:43:41 schrieb MFPA: > > Subkeys and third party signatures are not related > > (today – one more problem). > > Why is that a problem? Because of that OpenPGP (at least in a useful form) is not compatible with (probably not only) German signature law. I know that this will b

Re: Seeking clarification with a few GPG concepts

On Aug 13, 2014, at 8:22 AM, Peter Lebbing wrote: > It is precisely as you said, GnuPG does allow reinstigating a revoked > UID. However, there is a slight hitch in the UI that means you can't do > it completely straight-forwardly. You need to delete the offending UID > before re-adding it, but o

HP-UX and GnuPG

We are on HP-UX ver 11.11 U 9000/800. GnuPG 2 was installed at /usr/local/bin, we have to call it with the at path to do anything with it: /usr/local/bin/gpg2. I can list keys and import keys. However, when trying to generate keys or encrypt, we get this error: "no entropy gathering module detected

Re: FAQ change, final draft

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 13.08.2014 um 20:43 schrieb Robert J. Hansen: >> Hi Robert, This looks great. One very minor point (possibly not >> germane, please comment): Are you discussing the reliability of >> the NIST P curves for ECC? > > No, because that's the first ti

Re: FAQ change, final draft

On 8/13/2014 5:22 PM, Martin Behrendt wrote: > Because they probably will become frequently asked questions in the > future. The questions experts think will be frequently asked are usually rarely asked. :) smime.p7s Description: S/MIME Cryptographic Signature _

Re: what is "correct" for users' Preferred keyserver ?

On 08/12/2014 11:27 PM, shm...@riseup.net wrote: i've seen a multitude of ways people input data into this pref for example, some people put a link to their public key .asc or .txt file some others put a link to an actual keyserver from the name of the actual pref, it states a keyserver, so sh

Re: [openpgp] SHA-2 support should be mandatory – change defaults

On 08/12/2014 08:41 PM, David Shaw wrote: Maybe the answer is to remove the things to generate PGP 2 messages specifically, and leave the other stuff? Yes please. :) Not being able to encrypt/sign with PGP 2 at this point is totally reasonable. Not being able to decrypt/verify leads to toolc

gpg --recv-key rejects a key

Hello, $ gpg --version gpg (GnuPG) 1.4.18 (&c.) $ gpg --recv-key 0x3DBDDC68 gpg: requesting key 3DBDDC68 from hkp server keys.gnupg.net gpg: key 35853032: rejected by import filter gpg: Total number processed: 1 When I get the key from keys.gnupg.net using a web browser, $ gpg --import 3DBDDC68