I've exported a crippled version of my private keyset for use at
work...I did not include the primary/master key in the export, only a
signing subkey and an encryption subkey. Now I've imported them on a
different system and want to sign a co-workers key with the subkey,
but gpg complains that:
gp
Hey, I'm relatively new to PGP and I just wanted to get some feedback
on the proper etiquette for quoting signed messages in responses.
Clearly, it's inappropriate to edit a person's response if they're
signed it, but is it considered rude to remove their signature from
the message in the response?
On Thu, Apr 16, 2009 at 3:38 AM, Incomex wrote:
>
> I want to be able to call a shell from within a development environment
> and pass a string of data to it to be de/en/crypted. The idea would look
> like
> this:
>
> read from file "data.txt" line z and put it into variableY
> variablex = call s
On Fri, Apr 17, 2009 at 8:23 AM, Jan Banan wrote:
> Hi, and thanks for answering!
> Well, just to avoid misunderstandings, I have a form on a secure HTTP page
> on a third-party server. The form data is sent secured from the browser to
> the server. When it reaches the server it is to get encrypte
On Thu, Apr 23, 2009 at 5:47 AM, Werner Koch wrote:
>
>> A platform independent set of data files means no matter what o/s you
>
> They are already platform independent. However they are bound to a
> specific gpg version. In practise there was only on minor format change
> with version 1.0.7, bu
On Thu, Apr 23, 2009 at 10:28 AM, Werner Koch wrote:
>
>> Anyone know if there's a specific reason the OpenPGP standard doesn't
>> cover key ring file formats?
>
> The standard defines cares only about the format on the wire and not
> about specific implementations. You may want to use an SQL DB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I just wanted to let people know that I finally woke up and realized that
messages I was signing and sending with Gmail are bad because the mail client
is inserting linebreaks in order to wrap lines. This is standard behavior for
a lot of MUAs so that
On Thu, Apr 23, 2009 at 4:24 PM, Werner Koch wrote:
> On Thu, 23 Apr 2009 18:12, bmea...@ieee.org said:
>> I just wanted to let people know that I finally woke up and realized that
>> messages I was signing and sending with Gmail are bad because the mail client
>
> That is why PGP/MIME is the only
So I've been "advertising" keys.gnupg.net as the place to get my key
for a while now, but the round-robin DNS is kind of bugging me. I
understand the purpose of it, but it's kind of a crap shoot: not
infrequently, the address maps to a server that's down or buggy. I'd
rather have one dedicated addr
On Wed, Apr 29, 2009 at 11:21 AM, John Clizbe wrote:
> Brian Mearns wrote:
>> So I've been "advertising" keys.gnupg.net as the place to get my key
>> for a while now, but the round-robin DNS is kind of bugging me. I
>> understand the purpose of it
On Tue, May 12, 2009 at 9:38 AM, David Shaw wrote:
> On May 11, 2009, at 12:44 PM, Sanjeev Gupta wrote:
>
>> All,
>>
>> I have 2 different vendors an dI would like to sign their keys using 2
>> different private keys. I don't want to share my public key between them.
>> When ever I try to sign
Are there any known vulnerabilities associated with an attacker who
can provide plaintext and receive a signature for it? I'm planning a
simple computer-auth system where a client sends a random token to the
server, and then the server signs and returns it to prove that the
server has the private k
On Tue, Jun 16, 2009 at 9:11 AM, Daniel Kahn
Gillmor wrote:
> On 06/16/2009 06:44 AM, Brian Mearns wrote:
>> Are there any known vulnerabilities associated with an attacker who
>> can provide plaintext and receive a signature for it? I'm planning a
>> simple computer-
I'm looking for an automated way to verify that a signature was made
by a specific key. It's not sufficient to just verify that the
signature is valid and known to my keyring, I want to confirm who it
belongs to. I was hoping the -u option would work, but it doesn't seem
to. The only work-arounds I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey folks,
Sorry, this is off-topic, but I thought all the security folks who
lurk and participate on this list might be interested.
I'm doing a little investigation, and I could use some experimental
data. For those who would like to participate, I'
On Wed, Jun 24, 2009 at 9:59 AM, Peter Pentchev wrote:
> On Wed, Jun 24, 2009 at 02:21:29AM -0700, littleBrain wrote:
>>
>> Does anyone have the UNIX API documentation for GPG?
>>
>> Please reply to this thread. That would be very much helpful..
>
> What exactly are you looking for?
>
> If you want
On Wed, Jun 24, 2009 at 2:33 PM, Morten Gulbrandsen wrote:
[clipped 6/24/2009 3:11:09 PM by Brian Mearns]
> Dear Brian
>
> This is the core math of OpenPGP
>
> bash-3.00$ gpg --version
>
> Supported algorithms:
>
>
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> C
On Wed, Jun 24, 2009 at 12:28 PM, Daniel Kahn
Gillmor wrote:
> On 06/24/2009 11:06 AM, Brian Mearns wrote:
>> GPGME just invokes gnupg in a subshell, right? And parses the
>> response? Not that this won't work, it just seems so inelegant.
>
> Communicating a well-defin
I'd like manually verify attached application/pgp-signature signatures
in email. I have access to the raw (undecoded) email, and I read
through RFC 3156, but I'm still getting BAD signatures. I've tried
verifying a couple of different signatures from various lists, and the
example given in the RFC,
I'm considering making my default hash RIPEMD160: does anyone have any
opinions on how this compares to SHA-2 algorithms in terms of both
security and availability? I like the idea that RIPEMD was developed
in an academic community instead of the NSA, but if there are genuine
benefits to using SHA,
On Wed, Jul 8, 2009 at 3:33 PM, Werner Koch wrote:
> On Wed, 8 Jul 2009 18:56, bmea...@ieee.org said:
>
>> I'm considering making my default hash RIPEMD160: does anyone have any
>> opinions on how this compares to SHA-2 algorithms in terms of both
>
> Don't do that. RIPEMD160 is a pure European a
Sorry, this is a bit of topic. But I wonder if anyone knows of a
public key system that can realistically be done by pencil and paper.
I realize anything a computer can calculate could conceivably be done
by hand, but I'm looking for something realistic. I don't consider
raising very large numbers
On Thu, Jul 30, 2009 at 8:44 AM, Harry Rickards wrote:
[clipped 7/30/2009 9:26:46 AM]
> Brian Mearns wrote:
>> Sorry, this is a bit of topic. But I wonder if anyone knows of a
>> public key system that can realistically be done by pencil and paper.
>> I realize anything a c
On Thu, Jul 30, 2009 at 2:06 PM, Brian Mearns wrote:
> On Thu, Jul 30, 2009 at 2:02 PM, gerry_lowry (alliston ontario canada
> (705) 250-0112)
> wrote:
>> Robert wrote in part that "We've known since '99 that Solitaire is weak,
>> thanks to the work of
On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Bruni wrote:
[clip]
> http://www.securityfocus.com/news/11556
>
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of your
> country.
[clip]
Has everyone seen the
On Thu, Aug 13, 2009 at 8:40 AM, the dragon wrote:
>
> oops, didn't reply all...
>
> And if you look at the cases reported, these are not system admins refusing
> to divulge data, or even regular people trying to protect their privacy -
> they are child molestors and wanna-be terrorists.
>
> encr
In case you missed it, using 15 as a key value is no longer a viable
option:
http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Fortunately, people are working on it:
http://spectrum.ieee.org/computing/software/cryptographers-take-on-quantum-computers
-B
2009/9/10 Christoph Anton Mitterer
:
> On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
>> In case you missed it, using 15 as a key value is no longer a viable
>> option:
>> http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
&
Just a quick question on the --status-fd output from a --verify
operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could
VALIDSIG or GOODSIG also show up? In other words, are these just for
more information on why a signature failed, or can they qualify the
"GOOD" and "VALID" outputs?
Thanks
On Tue, Sep 22, 2009 at 11:19 AM, Werner Koch wrote:
> On Tue, 22 Sep 2009 16:26, bmea...@ieee.org said:
>> Just a quick question on the --status-fd output from a --verify
>> operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could
>> VALIDSIG or GOODSIG also show up? In other words, are the
Sorry, I know this is only somewhat on topic: if someone can suggest
an appropriate mailing-list or news group, that'd be great.
I want to use rngd to increase my entropy pool for use with GnuPG, but
I don't have a hardware random device. I've seen a lot of references
to using /dev/urandom as the
On Wed, Sep 23, 2009 at 4:20 AM, Werner Koch wrote:
> On Tue, 22 Sep 2009 17:50, bmea...@ieee.org said:
>
>> Thanks for the response. So EXPKEYSIG doesn't mean the key was expired
>> when the signature was made, right? If that shows up along with
>
> It means that the key has expired by now.
>
>>
Sorry, sent to author instead of list again. Message below.
On Thu, Nov 19, 2009 at 11:02 AM, Brian Mearns wrote:
> On Thu, Nov 19, 2009 at 10:26 AM, wrote:
>> There is no way (yet, ;-) ), to do what you want in gnupg, as a
>> gnupg encrypted file will show that it was e
Sorry for such a simple question, but I can't find a simple answer. My
signing and encryption subkeys have expired, so do I just create new
subkeys, and upload to the SKS servers? Do I have to delete the
subkeys, or revoke them?
Thanks,
-Brian
--
Feel free to contact me using PGP Encryption:
Key
34 matches
Mail list logo
