Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread Werner Koch
On Thu, 21 May 2015 23:14, ved...@nym.hush.com said: > When GnuPG creates and RSA keypair, is there a minimum *low* for > primes it will ignore? Yes. If you create an RSA key you generate two primes of the same size. Libgcrypt as well as GnuPG 1.4 will only consider candidates with the two high

Re: [Enigmail] Popescu and keys

2015-05-22 Thread Werner Koch
On Thu, 21 May 2015 23:58, b...@adversary.org said: > Is it possible that a keyserver running the old, buggy PKS code > (v. 0.9.something) mangled these keys? Yes, but that won't explain why the key binding signature is valid. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen reg

Re: gpg-agent override to import secret keys in 2.1

2015-05-22 Thread Werner Koch
On Thu, 21 May 2015 21:52, b...@adversary.org said: > Does anyone know whether or not there is an override command > or option to force -agent to read/import secret keys after the initial > migration to version 2.1? If you want to migrate the keys from a secring.gpg again to the 2.1 secret

Re: [Enigmail] Popescu and keys

2015-05-22 Thread Ben McGinnes
On 22/05/2015 5:00 pm, Werner Koch wrote: > On Thu, 21 May 2015 23:58, b...@adversary.org said: > >> Is it possible that a keyserver running the old, buggy PKS code >> (v. 0.9.something) mangled these keys? > > Yes, but that won't explain why the key binding signature is valid. Okay, there's cle

Re: gpg-agent override to import secret keys in 2.1

2015-05-22 Thread Ben McGinnes
On 22/05/2015 5:14 pm, Werner Koch wrote: > On Thu, 21 May 2015 21:52, b...@adversary.org said: > >> Does anyone know whether or not there is an override command >> or option to force -agent to read/import secret keys after the initial >> migration to version 2.1? > > If you want to migrate

Re: OPENPGP URI PROPOSAL

2015-05-22 Thread Ben McGinnes
On 22/05/2015 5:21 am, Daniel Kahn Gillmor wrote: > On Thu 2015-05-21 11:59:07 -0400, mofo syne wrote: >> You might see a few copies around. This one is edited and streamlined with >> some advice from Hasimir to help keep this proposal focused. This is >> mirrored in here >>

Re: OPENPGP URI PROPOSAL

2015-05-22 Thread Daniel Kahn Gillmor
On Thu 2015-05-21 18:46:52 -0400, Hugo Osvaldo Barrera wrote: > On 2015-05-21 15:21, Daniel Kahn Gillmor wrote: >> The example you give toward the end of the spec (uri handlers in web >> browsers) is an important example for arguing why something like this is >> concretely useful. Have you tried t

Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread vedaal
On 5/22/2015 at 3:01 AM, "Werner Koch" wrote: >Yes. If you create an RSA key you generate two primes of the same >size. Libgcrypt as well as GnuPG 1.4 will only consider candidates with >the two high bits set so that the final modulus will have the exact >size. = Approximately what int

Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread Daniel Kahn Gillmor
On Fri 2015-05-22 11:38:36 -0400, ved...@nym.hush.com wrote: > https://primes.utm.edu/howmany.html (The Prime Number Theorem, Consequence > Two: The nth prime is about n log n ) > > So, to give a trivial example, If the interval of primes chosen is from > 2^2047 to 2^2049, then this interval

Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread vedaal
On 5/22/2015 at 12:03 PM, "Daniel Kahn Gillmor" wrote: >I think you're calculating the wrong thing. That same link points >out >that the number of primes less than x can be approximated as >pi(x) = x/(log(x)-1). > >Very rough approximation below, dealing with this stuff in integer >so i >don't

Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread Daniel Kahn Gillmor
On Fri 2015-05-22 12:49:22 -0400, ved...@nym.hush.com wrote: > On 5/22/2015 at 12:03 PM, "Daniel Kahn Gillmor" > wrote: [ vedaal wrote: ] >>> does GnuPG automatically reject twin primes ( p, p+2) , and >>> Sophie-Germain primes (p, 2p+1) ? > >> Why should GnuPG reject these primes? Surely, it w

Help with GPG agent forwarding

2015-05-22 Thread Ben Warren
Hi, I’m trying to set things up so that I can sign files on a remote Linux machine using keys on my mac. It looks like the new agent forwarding should fit the bill, and it feels like I’m really close, but missing something critical. Setup details: local machine: * OSX Yosemite * OpenSSH 6.8p1

Re: Lower Bound for Primes during GnuPG key generation

2015-05-22 Thread Brian Minton
There are approximately 2^2038 primes in the 2048-bit space (source, https://www.wolframalpha.com/input/?i=log2%282**2049%2Fln%282**2049%29+-+2**2047%2Fln%282**2047%29+%29 ). Even allowing that the first bit is 1, that makes 2^2037. Given that, the chance of p and q having a difference of 2, at