Re: [cygwin] gpg-agent with ssh support ?

On 3/11/15 11:30 PM, Xavier Maillard wrote: Doug Barton writes: Otherwise, there is an easy way to solve your problem on the Windows platform, you should strongly consider it. I fear I do not understand. Did I miss something ? Off course I'd rather go the easy way ! :D Try reading my prev

RE: [cygwin] gpg-agent with ssh support ?

Hi, I am curious on how/if gpg4win integrates with Windows credential providers. We at SafeNet have smart cards and middleware for our smartcard, SAC, registers itself as a credential provider any Windows application that leverages MS crypto libraries can integrate with it. Can anyone help me

Re: AES-NI, symmetric key generation

On Wed, 11 Mar 2015 20:39, p...@heypete.com said: >> One more question: Is there any standardization in output formats >> between encryption programs and libraries, for example say you encrypt >> with AES128 in CBC, with the same key (directly or via passphrase), and >> since the output will have

Re: [cygwin] gpg-agent with ssh support ?

On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said: > PuTTY also has its own agent support, which works quite well. I'm not > sure why it's necessary to reinvent the wheel here. :) Because that integrates seemless with GnuPG. For example you can use your OpenPGP card (or other supoorted smar

Re: AES-NI, symmetric key generation

On Thu, Mar 12, 2015 at 10:56 AM, Werner Koch wrote: > On Wed, 11 Mar 2015 20:39, p...@heypete.com said: > >>> One more question: Is there any standardization in output formats >>> between encryption programs and libraries, for example say you encrypt >>> with AES128 in CBC, with the same key (dir

Re: AES-NI, symmetric key generation

On Thu, 12 Mar 2015 11:08, p...@heypete.com said: > I (perhaps incorrectly) interpreted the question as "If GnuPG makes > backwards-incompatible changes in the future, would it be possible for > one who knows the encryption algorithm used, key, etc. of a message to > decrypt that message with othe

Re: Enigmail speed geeking

> As to your enigmail essay, point 1, would you go that far that > keeping keys on hard disk is unsafe and using a smart card is a > must? For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill. Frankly, they have

Re: Enigmail speed geeking

On 03/12/2015 04:51 PM, Robert J. Hansen wrote: > For many users, smart cards are a good idea. (I've got one myself.) > But for just as many users, smart cards are inconvenient and overkill. > Frankly, they have awful usability, just terrible. When I receive an > email message encrypted to my sma

Re: Enigmail speed geeking

> There are USB-Sticks with an embedded smart card controller that > take away the burden to find a working card reader (which _is_ a real > pain). The one we use has a standard CCID interface that works > without driver installation on the majority of operating systems. Yeah -- back in 2000 I use

Re: Enigmail speed geeking

> But for just as many users, smart cards are inconvenient and overkill. > Frankly, they have awful usability, just terrible. … > finding the smart card is > easy -- it's in my wallet -- but finding the smart card *reader* is the > sort of thing that leads me to crazed conspiracy theories. That's

Re: Enigmail speed geeking

Am 12.03.2015 um 16:51 schrieb Robert J. Hansen: >> As to your enigmail essay, point 1, would you go that far that >> keeping keys on hard disk is unsafe and using a smart card is a >> must? > > If email crypto makes it hard to read email, few people will adopt the > technology. We want technolo

Re: Enigmail speed geeking

> That's quite a personal issue to count as a failing of smart cards. Sure! And I even said that. "For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill." Your use case isn't my use case. That said, I've hear

Re: Whishlist for next-gen card

> > On 20/02/15 09:32, NdK wrote: > > 1 - support for more keys (expired ENC keys, multiple signature keys) > At the very least, adding expired ENC keys to the card spec is a really great suggestion. I'm trying to pitch people on using smart cards to secure their email, and one common question I g

Re: Enigmail speed geeking

On 12.03.15 19:21, Robert J. Hansen wrote: > If you think I'm portraying them as "completely unusable," then I think > you didn't bother to read my message very closely. I read both of your messages quite closely. Had you merely pointed out the downsides of having to carry a card, a reader etc. I

Re: Enigmail speed geeking

> My point was that you wrote multiple paragraphs worth of stories on > two emails from which I really got the impression that people should > just not bother. In response to someone who was thinking that storing keys on your hard drive was categorically unsafe, and that smart cards were categori

Re: Enigmail speed geeking

> Yes, thanks a lot. From your answer I deduce that a single-user, > non-professional environment may not require use of a smart card, or > may not require it with the necessity it may have in high-security > environments. Yep! And just as importantly: it may require it. It depends on your th

Re: [cygwin] gpg-agent with ssh support ?

On 3/12/15 2:59 AM, Werner Koch wrote: On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said: PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Because that integrates seemless with GnuPG. For example you can use you

Re: Enigmail speed geeking

On 3/12/15 8:51 AM, Robert J. Hansen wrote: For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill. I would go so far as to say for the vast majority of users they are totally unnecessary. It's cool to play wit

Re: Enigmail speed geeking

> I would go so far as to say for the vast majority of users they are > totally unnecessary. It's cool to play with smart cards, and I'm all > in favor of that sort of thing ... but for the overwhelming number of > PGP users the threat model just isn't there. I dunno. I think there are some good

Re: Enigmail speed geeking

On 12.03.15 20:52, Robert J. Hansen wrote: >> My point was that you wrote multiple paragraphs worth of stories on >> > two emails from which I really got the impression that people should >> > just not bother. > In response to someone who was thinking that storing keys on your hard > drive was cat

Re: [cygwin] gpg-agent with ssh support ?

Another option that I often use is https://github.com/wesleyd/charade, which opens a unix domain socket on cygwin, connected to Pageant, so cygwin programs and windows programs that use PuTTY can share the same authentication. Another similar program is http://github.com/cuviper/ssh-pageant On Th

Question concerning OpenLDAP PGP Keyserver setup guide (wiki.gnupg.org)

Hi, reproducing the OpenLDAP PGP keyserver setup guide on http://wiki.gnupg.org, published by Neal, I get the following error message: ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}hdb,cn=config" I am reproducing the guide on debian stable (main sources only), which uses "hdb"

Re: bugs.gnupg.org TLS certificate

On 2015-03-11 17:38, Werner Koch wrote: > On Wed, 11 Mar 2015 15:12, br...@minton.name said: > > > git.gnupg.org) don't use that certificate. Have you considered a wildcard > > certificate? I know this has been discussed before, e.g. at > > Too expensive ;-). To stop all these complaints I wil

Re: bugs.gnupg.org TLS certificate

On Fri, Mar 13, 2015 at 12:21 AM, Hugo Osvaldo Barrera wrote: > On 2015-03-11 17:38, Werner Koch wrote: >> On Wed, 11 Mar 2015 15:12, br...@minton.name said: >> >> > git.gnupg.org) don't use that certificate. Have you considered a wildcard >> > certificate? I know this has been discussed before,

Re: bugs.gnupg.org TLS certificate

>> On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera wrote: >> >> On 2015-03-11 17:38, Werner Koch wrote: >> On Wed, 11 Mar 2015 15:12, br...@minton.name said: >> >>> git.gnupg.org) don't use that certificate. Have you considered a wildcard >>> certificate? I know this has been discussed before

Re: bugs.gnupg.org TLS certificate

I have no opinion one way or the other re: StartSSL, but there are those who do: < https://danconnor.com/post/50f65364a0fd5fd1f701/avoid_startcom_startssl_like_the_plague_ > < https://www.techdirt.com/articles/20140409/11442426859/shameful-

Re: bugs.gnupg.org TLS certificate

It's quite disingenuous to say you don't have an opinion, when obviously you do. This topic was debated at length on this list when Heartbleed happened. There are two camps: 1. Those who think that if you offer any kind of free service, you have to offer all related services for free as well

Re: bugs.gnupg.org TLS certificate

No, Doug, I really don't have an opinion. To do so, I would have had to given some thought to the relative merits of both sides and crystallized an opinion. Since SSL certificates do not directly apply to me at this moment, I have not given it the attention it deserves, and so I cannot in good fait

Re: [cygwin] gpg-agent with ssh support ?

Doug Barton writes: > On 3/12/15 2:59 AM, Werner Koch wrote: >> On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said: >> >>> PuTTY also has its own agent support, which works quite well. I'm not >>> sure why it's necessary to reinvent the wheel here. :) >> >> Because that integrates seemless w