On 09/25/2015 02:55 PM, Marcus Ilgner wrote:
>> You'll see the debug dump of following line:
>>
>> raw apdu: 00 47 81 00 02 B8 00 00
>>
>
> Not sure whether that is significant but there were a few zero bytes more:
> raw apdu: 00 47 81 00 00 00 02 B8 00 08 00
It is also correct. Short form i
Hi,
My understanding is gpg is for embedded systems and servers and gpg2 is for
full fledged desktops. I seem to find documentation only for gpg but not gpg2.
Are there any updated how-to for gpg2? Should I continue to use gpg command
everywhere?
--
Regards,
Sudhir Khanger,
sudhirkhanger.com
On Mon, Sep 28, 2015 at 11:53 AM, Sudhir Khanger wrote:
>
> Are there any updated how-to for gpg2? Should I continue to use gpg command
> everywhere?
For docs of gpg2, check e.g. "/usr/doc/gnupg2-2.0.29" and "info gnupg".
Guan
___
Gnupg-users mailing
On 09/28/2015 09:53 AM, Sudhir Khanger wrote:
Hi,
Should I continue to use gpg command
everywhere?
Unless you have specific reasons for transitioning to gpg2, stick
with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
to use.
___
Gnupg-u
On Monday 28 Sep 2015 11:23:32 AM listo factor wrote:
> Unless you have specific reasons for transitioning to gpg2, stick
> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
> to use.
There is no specific reason for using gpg or gpg2 other than that upstream
recommends gpg2 for deskt
> My understanding is gpg is for embedded systems and servers and gpg2 is for
> full fledged desktops.
Mostly true. Close enough for government work. :)
> I seem to find documentation only for gpg but not gpg2.
Most of the GnuPG 1.4 documentation is still relevant for GnuPG 2.0 and 2.1.
> They are also proposing a HTTPS web interface, I guess this relies on
> trusting the certificate authority?
This has a critical chicken-and-egg problem. Let's say I want to send
you an encrypted email. I send it to the OwnMail box, and it in turn
sends to you, in cleartext, an HTTPS link to th
On Sun 2015-09-27 20:14:20 -0400, SGT. Garcia wrote:
> i use pass to manage my passwords:
> http://www.passwordstore.org/
>
> all passwords are encrypted with one single passphrase which is what i would
> like to have in *sync* with pam's OK on user's successful authentication.
This suggests that
On Sun 2015-09-27 22:04:40 -0400, SGT. Garcia wrote:
> On Thu, Sep 24, 2015 at 11:09:28PM -0400, Daniel Kahn Gillmor wrote:
>> You might be interested in libpam-poldi:
>>
>> http://www.g10code.com/p-poldi.html
>
> i get 'not found' error. google finds me this:
> http://www.schiessle.org/howto/pol
Hello list. I know this isn't exactly on topic, but I think it's
asymptotically close enough to justify asking here. I'm looking for a
way to authenticate myself to PAM (Specifically sudo) on a remote
server over SSH, though possibly also on a local server using
ssh-agent. if my gpg key is unlock
On Mon, Sep 28, 2015 at 01:03:10PM -0400, Daniel Kahn Gillmor wrote:
> On Sun 2015-09-27 20:14:20 -0400, SGT. Garcia wrote:
> > i use pass to manage my passwords:
> > http://www.passwordstore.org/
> >
> > all passwords are encrypted with one single passphrase which is what i would
> > like to have
On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
> Unless you have specific reasons for transitioning to gpg2, stick
> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
^^
That is definitely not the case. All improvements go into 2.1
> Hi I spotted this project: https://www.own-mailbox.com/#HowWork
Looking over their FAQ, I found this entry which makes me doubt them
even further. It downright deserves a fisking, which I'll deliver inline.
"Q: Why shouldn't I trust any cloud email service with JavaScript
encryption on the cli
On 28/09/15 19:00, Robert J. Hansen wrote:
> Cryptography is not like virginity, where once you lose it it's gone
> forever.
I think they mean that your private key material is compromised, meaning
"þey"[1] can decrypt any future messages encrypted to that key. Sloppily
formulated, but I don't thi
>> Cryptography is not like virginity, where once you lose it it's
>> gone forever.
>
> I think they mean that your private key material is compromised,
> meaning "þey"[1] can decrypt any future messages encrypted to that
> key. Sloppily formulated, but I don't think they mean you've lost
> yo
On 28/09/15 20:12, Robert J. Hansen wrote:
> First, I love the Thorn Letter Agency: I'm going to have to steal it.
Hehe, go ahead ;).
> I mean, taken at their word, that's what they seem to be saying, right?
Absolutely. And it's curious that they're sprinkling technical terms in the rest
of what
On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote:
> i think neither is what i'm asking. the following particular use case should
> explain it better.
>
> on my user's first login into this machine i run 'notmuch new' this calls
> mbsync
> to sync my email with gmail but in order for mbsync to d
On Mon, 28 Sep 2015 at 09:04 NIIBE Yutaka wrote:
> On 09/25/2015 02:55 PM, Marcus Ilgner wrote:
>
[...]
> Thanks for the help, I have a feeling we're making some headway towards a
> > solution.
>
> The error code of 6A88 is a kind of strange for me. If it's
> OpenPGPcard v3.x with AES symmetric
On Mon, Sep 28, 2015 at 02:35:58PM -0400, Daniel Kahn Gillmor wrote:
> On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote:
> > i think neither is what i'm asking. the following particular use case should
> > explain it better.
> >
> > on my user's first login into this machine i run 'notmuch new'
On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote:
> On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
>
>> Unless you have specific reasons for transitioning to gpg2, stick
>> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
> ^^
Hi all
maybe they mean well, but you need someone who also knows what
they're doing instead for it to be more than snake oil.
Thanks for your comments, not exactly a ringing endorsement! Some of
their linguistic quirks could be excused given they are French, But
I'm glad I asked the questi
On Mon 2015-09-28 16:00:38 -0400, SGT. Garcia wrote:
> i really want it as the only authentication required that is open password
> from
> user logs him in and decrypts the passwords.
>
>> > that would be my email account not my local user account, correct?
>>
>> The attack i described is an atta
> Most od 2.x "improvements" have little to do with security.
Per NIST, RSA-2048 is believed safe until 2030. That means that if you
need to keep secrets longer than fifteen years, you need to move away
from RSA completely. RSA-3072 is not all that much stronger than
RSA-2048, and RSA-4096 adds
> If PGP implementations aren't too far off topic for this list what do
> you all think of https://www.mailpile.is/
I've run into some of the Mailpile people at various conferences and on
various mailing lists. I've yet to hear anything unusually foolish from
them.[1] I can't recommend them beca
On Mon, Sep 28, 2015 at 01:03:10PM -0400, Daniel Kahn Gillmor wrote:
>
> i send you a file dkg.asc that contains my OpenPGP certificate, and ask
> you to import it into your keyring. you do "gpg --import dkg.asc".
>
> But in that file, in addition to my actual OpenPGP certificate, i've
> include
On 09/28/2015 08:26 PM, Robert J. Hansen wrote:
Most od 2.x "improvements" have little to do with security.
Per NIST, RSA-2048 is believed safe until 2030. That means that if you
need to keep secrets longer than fifteen years, you need to move away
from RSA completely. RSA-3072 is not all tha
> Most of those that use gpg because they really, really need to keep
> their secrets from their adversaries are concerned with this year
> and next, not about A.D. 2030.
Without knowing the basis for this claim, I have to reject it.
> I'm obviously not one of those gentlemen; my "caliber" is tha
On 28/09/15 22:00, listo factor wrote:
> On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote:
> > On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
> >
> >> Unless you have specific reasons for transitioning to gpg2, stick
> >> with gpg (GnuPG) 1.4.16. It is just as secure, and much e
Thank you, dkg for Cc-ing.
On 09/29/2015 02:05 AM, Daniel Kahn Gillmor wrote:
> On Sun 2015-09-27 22:04:40 -0400, SGT. Garcia wrote:
>> On Thu, Sep 24, 2015 at 11:09:28PM -0400, Daniel Kahn Gillmor wrote:
>>> You might be interested in libpam-poldi:
>>>
>>> http://www.g10code.com/p-poldi.html
>>
On 09/28/2015 09:36 PM, Robert J. Hansen wrote:
To paraphrase the movie _A Few Good Men_, it doesn't matter what you
know, it only matters what you can prove.
I'm not here to prove anything.
An Internet mailing list is not about proving things. It lacks
both the procedural rigour and an impart
30 matches
Mail list logo
