Robert J. Hansen wrote:
> On 2020-01-06 18:26, Christoph Groth wrote:
> >
> > But then he also mentions his 128-bit passphrase and that he would
> > be OK to publish his (passphrase-protected) private key in
> > a newspaper. Why then not store it on the disks of multiple
> > computers?
>
> Hint:
Wiktor Kwapisiewicz wrote:
> There is one feature of smartcards that's hard to reproduce otherwise:
> once you pull the smartcard out of the port the attacker can't use it.
>
> (...)
Thanks, that’s a good point! So if one’s concern is signing or
authentication, this is indeed useful. However,
On 07/01/2020 22:58, Christoph Groth wrote:
> How about the alternative of keeping small USB keycards (like a Yubikey
> nano) permanently plugged into the machines that you are using?
> Assuming that you trust the keycards to keep their secrets, wouldn’t
> that provide at least the advantage of a m
On Mon, Sep 09, 2019 at 11:39:01PM +0200, Ángel wrote:
> On 2019-09-05 at 08:59 +0200, john doe wrote:
> > On 9/4/2019 10:41 PM, Andre Klärner wrote:
> > > I usually use my workstation to do everything, but since I can't
> > > access my mailbox via NFS anymore (different story), I resorted to
> > >
On 2020/01/08 17:29, Franck Routier (perso) wrote:
> Notice that some features, like the metal contact toggle on some yubikey
> can mitigate the problem of having an attacker with full local access.
> You then have to touch the key each time you want to use it, so
> illegitimate access would be not
Notice that some features, like the metal contact toggle on some yubikey can
mitigate the problem of having an attacker with full local access. You then
have to touch the key each time you want to use it, so illegitimate access
would be noticed.
Le 8 janvier 2020 13:51:58 GMT+01:00, Andrew Gall
I think this can be configured:
ykman openpgp touch enc on
ykman openpgp touch sig on
Franck
Le 8 janvier 2020 18:35:20 GMT+01:00, Andrew Gallagher a
écrit :
>On 2020/01/08 17:29, Franck Routier (perso) wrote:
>> Notice that some features, like the metal contact toggle on some
>yubikey
>> can
So, this SHA-1 mess is "fun".
To get a fresh self-sig user ID signature on the main key, I can do
this:
gpg --expert --cert-digest-algo SHA256 --sign-key ${KEYID:?}
The `--expert` overrides the "already signed" safety check, letting you
confirm that yes you really want this. Alas, it seems th
> On 8 Jan 2020, at 20:05, Phil Pennock via Gnupg-users
> wrote:
>
> How do I re-sign the subkey binding for a [S] signing subkey, to keep
> the same key but make the association from the main key be with SHA256
> please?
Have you tried changing the subkey expiry? Or does that reuse the same
