There's an important distinction to be made between using this approach
and using a SmartCard. The encrypted USB drive approach leaks the keys
into the machine you're using it from; they're accessible by simply
reading the filesystem (thus the claim that "When you unplug the USB,
your keys are gone
Hi!
The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.5. This is a maintenace release.
Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG. It does not provide any
implementation of OpenPGP or oth
Hi,
i've made a keypair with a comment in the userID. Is it possible to
delete this part of the key or do I have completely delete the key and
make a new one?
I also uploaded it to the sks keyserver. What effect will it have on the
keyserver?
Thanks.
> i've made a keypair with a comment in the userID. Is it possible to
> delete this part of the key or do I have completely delete the key and
> make a new one?
> I also uploaded it to the sks keyserver. What effect will it have on the
> keyserver?
You can simply edit key. and upload it again with
On 12/15/2016 08:03 PM, unknown wrote:
> i've made a keypair with a comment in the userID. Is it possible to
> delete this part of the key or do I have completely delete the key and
> make a new one?
> I also uploaded it to the sks keyserver. What effect will it have on the
> keyserver?
Please not
Hi,
i'm running Mint with gpg 1.4
I'd like to upgrade to the newer version of gnupg. Do I have to delete
the old one? What about my configuration file, is this only for the
older version?
I don't know how to build from the source.
Greetings.
___
Gn
Dear mailing list,
right now I have a working workstream that gets paths from a text file and:
tar -> compress -> encrypt -> split (over each line/entry)
Probably there is a security issue here as some of the paths are dozens of
gigabytes in size.
I would like to swap the 'encrypt -> split' par
> Do I have to delete the old one?
No.
> What about my configuration file, is this only for the
> older version?
Most older configuration files will work just fine with GnuPG 2.0 and 2.1.
>From the Mint command line:
sudo apt-get install gnupg2
It'll install GnuPG 2.0 (2.1 in Sarah) a
If the host machine is compromised, what's the purpose of doing
encryption on the SmartCard? Attackers don't need to know the key to get
your plaint ext, because it is on the host machine.
I guess that what you meant was signing, using a SmartCard to sign has
the benefits you mentioned, but not en
Am 15.12.2016 um 02:35 schrieb NIIBE Yutaka:
> sivmu wrote:
>> One question remaining is what is the difference between the openpgp
>> smartcard and the USB based tokens.
>
> I think that the OpenPGP card (the physical smartcard) is included in
> Nitrokey Pro USB Token. So, it's exactly same f
Hi Martinho,
After I thought about it more, I have kind of drawn the conclusion that
even for signing, only using a SmartCard cannot achieve authenticity.
With a write-only SmartCard which computes signature on the card, it's
true that it can protect the signing key. However, if it's used in a
ha
On 12/15/2016 08:35 PM, sivmu wrote:
From what I understand, a malicious token can e.g. perform encryption
operations with weak randomness to create some kind of backdoor that is
hard to detect.
The token is normally not used to perform any *encryption*. You encrypt
with the public key of your
Let me analyze your steps to see what you'd like to achieve in each of them.
0. Alice and Bob knows each other's email addresses: alice@A and bob@B.
1. Bob sends Alice his public key at Alice email address alice@A.
2. Alice relies to Bob with her public key.
3. Alice calls B's support and asks
Hello,
since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning:
using insecure memory!' (and hence refuses to run, since my config file
includes 'require-secmem').
Any hints for debugging this issue would the greatly appreciated.
Regards,
Luis Ressel
_
> On 15 Dec 2016, at 19:24, Lou Wynn wrote:
>
> If the host machine is compromised, what's the purpose of doing encryption on
> the SmartCard? Attackers don't need to know the key to get your plaint ext,
> because it is on the host machine.
The difference is that if you use a smart card in a
sivmu writes:
> it seems using those specific devices actually decreases
> security, assuming it is easy to manipulate specialised vendors of
> security hardware compared to manipulating electronic hardware in general.
Exactly, that's my point. This is the reason why my approach of Gnuk
and NeuG
Am 15.12.2016 um 22:17 schrieb Damien Goutte-Gattat:
> On 12/15/2016 08:35 PM, sivmu wrote:
>> From what I understand, a malicious token can e.g. perform encryption
>> operations with weak randomness to create some kind of backdoor that is
>> hard to detect.
>
> The token is normally not used to
Le 2016-12-14 à 04:34, Peter Lebbing a écrit :
> Oh, not at all, I hadn't even noticed one could see it that way.
My bad; such is the life of the email-user.
> Or hang a truly huge printout on the wall and at the start of the
> session, together observe that it is correct. Any latecomers can be t
Luis Ressel wrote:
> since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning:
> using insecure memory!' (and hence refuses to run, since my config file
> includes 'require-secmem').
>
> Any hints for debugging this issue would the greatly appreciated.
I think that you need to debug
19 matches
Mail list logo
