Hey.
I really cannot understand why ct/heise and some others run these
Anti-OpenPGP campaigns recently, while at the same time hypocritically
claiming they'd be in favour of cryptography for people.
- Per se, users will need to have at least some basic understanding of
cryptography - otherwise a
On Fri, 2015-02-27 at 20:56 +0100, Werner Koch wrote:
> There is no trust in keyservers by design. As soon as you start
> changing this you are turning PGP into a centralized system.
Well not necessarily - at least not in the sense of exactly one power
having control over the whole key network (a
On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote:
> So what exactly is the purpose of the keyserver then ?
Find trust paths, signature updates, self signature updates, key
revocation certs (but beware of the issues I've described in my mail a
few seconds before)...
Cheers,
Chris.
smime.
On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote:
> Most people run Windows or Android (or use Lenovo stuff) and thus have
> anyway no control over their boxes.
To be honest, I don't think that anyone using Windows, Android, MacOS or
any other [semi-]proprietary system actually wants to be sec
On Fri, 2015-02-27 at 22:25 +0100, Hauke Laging wrote:
> > Find trust paths
> What could that be good for? If you do not make very strange assumptions
> that could be of any use only if you assign certification trust to
> unknown keys which would be completely crazy.
I meant in the sense that I
On Fri, 2015-02-27 at 22:40 +0100, Martin Behrendt wrote:
> At what point is a system a [semi-]proprietary system?
> How many computers are out there where not even a single part of the
> hardware (and firmware) is proprietary?
I rather meant Android here, which may have an open source core, but i
On Sat, 2015-02-28 at 07:01 +0100, Marco Zehe wrote:
> So like everywhere, different opinions, and that one journalist’s
> opinion definitely doesn’t speak for all of the folks at c’t or Heise
> in General.
Well, that might be... but with respect to this question, there is only
one correct opinion
On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote:
> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number.
"In practise"... I guess that's also what most "normal" people believed
about their security before Snowden.
And a phone number is really no secur
On Sat, 2015-02-28 at 18:39 +0100, Johan Wevers wrote:
> OR, in case a key belongs to a well-known person, you've seen it
> mentioned in enough places and seen it used to sign gpg packages to be
> rather certain that if it were a forgery someone would have noticed by
> now and made noise about it.
On Sat, 2015-02-28 at 18:45 +0100, Johan Wevers wrote:
> OK, not cryptographically. They could always try to bribe/threat/torture
> someone to cooperate. But that model fails if you want to perform
> unnoticed mass surveillance.
Admittedly, when it comes to "unnoticed mass surveillance" anonymous
On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote:
> No it's not, it is much simpler. When I call my wife and are in fact
> connected with a computer or agent impersonating her, they are unlikely
> being able to copy her voice so good that I don't hear it.
I guess you've missed some developmen
On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote:
> The PGP keyservers need email validation
no it's pretty useless from a security POV and they don't need it.
> not as a way to provide any kind of "trusted" status of that key, but
> rather so enable people to delete keys that should no l
On Thu, 2017-02-23 at 13:58 -0500, Robert J. Hansen wrote:
> > "Migrating to SHA256"
> section in
> the FAQ?
What I always kinda wonder is, why crypto or security experts, at least
in some sense never seem to learn.
When MD5 got it's first scratches, some people started to demanded for
it's ASAP r
On Thu, 2013-10-24 at 21:05 +0200, Sylvain wrote:
> Is this zealotry on the Debian front, or something to update in gnupg?
As they write,... they don't see a specific (i.e. technical or
performance) reason not to do so.
Some people may argue that 2048 is secure enough for many many years to
come.
On Sat, 2013-10-26 at 14:13 +0200, Werner Koch wrote:
> Now, if
> you want to protect something you need to think like the attacker - what
> will an attacker do to get the plaintext (or fake a signature)? Spend
> millions on breaking a few 2k keys (assuming this is at all possible
> within the ne
On Fri, 2009-04-24 at 11:28 -0700, bkumfer wrote:
> Thank you again. Is there a difference between encrypting a file vs.
> encrypting an email?
Not really,... but with eMail,.. there mail be "additional" standards
used (PGP for MIME).
Chris.
smime.p7s
Description: S/MIME cryptographic signature
On Mon, 2009-05-04 at 13:39 +0200, Werner Koch wrote:
> The only real crypto use in the protocol is with the revocation key
> (designated revoker) which uses a 20 byte fingerprint to specify the
> key. However I cannot see where there is a threat.
Ok,.. but most people do not exchange they key-dat
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
> It's important to remember that this isn't a completely SHA-1 free
> key, as that is not currently possible in the OpenPGP protocol, but it
> is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the finge
On Mon, 2009-05-04 at 13:39 +0200, Werner Koch wrote:
> The forthcoming new keyring
> format will cope with that by not allowing a second key with the same
> fingerprint.
Ah,.. I've always thought this would be already the case ^^
When will we see this new format?
Chris.
smime.p7s
Description
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
> I believe that's it. Fingerprints, revocation signatures (which use
> fingerprints internally), and the MDC.
> While I would start (did start, actually, a few years ago) using
> SHA-256 to certify other people's keys, I wouldn't bother r
On Tue, 2009-05-05 at 22:16 -0400, David Shaw wrote:
> > I'm not sure if this leads to the same discussion that we had some
> > time
> > ago on the WG-list (about explicitly revoking previous self-sigs),...
> > but if a key has self-sigs with different hash-algos,... does this
> > "allow" downgra
In principle it is possible by issuing new self-sigs, but gnupg
doesn't support this AFAIK.
Chris.
This message was sent using IMP, the Internet Messaging Program.
___
Gnupg-users mai
For me, pool.sks-keyservers.net seems to work right now:
$ dig any pool.sks-keyservers.net
; <<>> DiG 9.6.1-P1 <<>> any pool.sks-keyservers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11901
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 2,
On Thu, 2009-09-10 at 10:29 -0400, Brian Mearns wrote:
> > Thank God! I've used 17 ;)
> No you didn't, 17 is prime. =D
*D'Ohh* ... caught me ;)
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
> In case you missed it, using 15 as a key value is no longer a viable
> option:
> http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Thank God! I've used 17 ;)
Cheers,
Chris.
smime.p7s
Description
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th key
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th ke
Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote:
> Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?
> The people behind OpenPGP are working on a new OpenPGP proposal that
> will u
On Thu, 2009-09-10 at 22:35 -0400, David Shaw wrote:
> Yes. It's not that gpg has a driver for it though. The developers of
> the entropy key were clever and instead of making programs write new
> code to use the key, they made a program that reads the key and feeds
> the Linux entropy pool
On Thu, 2009-09-10 at 22:52 -0400, David Shaw wrote:
> I suspect you are more in danger of being hit by meteors several times
> in a row as you walk to your friend's house with the USB stick, than
> you are in danger from SHA-1.
I was watching Armageddon yesterday evening... so watch out what y
On Thu, 2009-09-10 at 20:38 -0400, Daniel Kahn Gillmor wrote:
> Worse than this: the devices could produce measurably "good" entropy
> that happens to be predictable to a malicious individual in control of a
> special secret.
>
> For example, if such a key were to contain a copy of the secret, and
On Thu, 2009-09-10 at 22:23 -0400, David Shaw wrote:
> Sure, but your computer vendor "could" have a relationship with the
> NSA and put some special code in the BIOS to capture keyboard input
> and periodically send it to a central server. Your disk drive vendor
> "could" keep a few extra s
On Thu, 2009-09-10 at 22:55 -0400, Daniel Kahn Gillmor wrote:
> There is also open hardware for random number generation, for whatever
> that's worth:
>
> http://warmcat.com/_wp/whirlygig-rng/
I think David already pointed me to this one some time ago,.. but
they're not yet selling it, right?
C
Hi.
I just wanted to fresh up my knowledge on trust signatures and have it
confirmed whether I've understood it correctly.
So first of all, level 0 TSigs are identical to normal non-trust-sigs.
e.g.:
[my self] --normal sig--> [person A] +-normal sig--> [person B]
On Thu, 2009-09-10 at 22:46 -0400, David Shaw wrote:
> The place for all such suggestions is the IETF OpenPGP working group:
> http://www.imc.org/ietf-openpgp/
Yeah I know,.. and if you remember, most of what I've mentioned before
was already discussed at that list... but with no very big support
Hi.
One additional question:
Is it possible to give multiple trust signatures to the same subject,
but with different levels and trust amounts.
e.g.
[myself] +-trust 1 sig / value=120-+> [some person or trustworthy CA] --trust 1
sig --> [some sub CA, which is "less" trustworthy]
`-trus
Hi.
I have a case where I need to enter both, the passphrase and a message
(that should be decrypted), via standard input.
(Well, in principle it another non-interactive way for the passphrase
would be ok, too, but not --passphrase-fd and neither --passphrase
string).
It seems that the fo
You simply should not use such a key (without signed UIDs),.. except you
really really know what you're doing.
The key is probably damaged, or it might be even an attack.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-us
On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote:
> then could you plz explain why it is not giving me any error on server
> B that has a gpg version 1.4?
I'm not sure, but it's likely that the older version did simply not
check for this.
Using a key with UIDs that are not signed by that key is da
So let's hope the ECC draft makes it soon to be finished :)
... and implemented in gpg ;)
Cheers,
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I'd personally prefer having a real OpenPGP plugin for gpg,...
Wouldn't that be the real solution?
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/l
On Mon, 2010-04-26 at 08:57 +0200, Werner Koch wrote:
> Actually the working group informally agreed on this draft after we
> changed a few US centric things.
Nice to read. I was just about to reply, that it might make sense to
start implementation in gpg even if standardisation has not yet fully
f
On Wed, 2010-04-28 at 19:37 +0200, Joke de Buhr wrote:
> Is there any way of transferring my existing 4096 bit keys to the card.
> Generating new 3072 bit keys worked fine but it would be a lot better if I
> could stick to my 4096 keys.
Obviously not...
Cheers,
Chris.
smime.p7s
Description: S
On Fri, 2010-04-30 at 19:44 -0400, David Shaw wrote:
> Looks very interesting. I'm curious how this differs from the
> SIM-sized card in a SIM-sized USB reader? For example, the regular
> 2.0 OpenPGP card in a SCR3320 USB stick reader
> (http://www.scmmicro.com/security/view_product_en.php?PID=6)
http://www.roguedaemon.net/rephrase/
or google.com
Cheers,
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi.
I've just realised that policy URLs (--set-policy-urls) seem to be not
set on self-sigs (e.g. when resigning the key via changing the prefs or
so).
If that's not a bug,... why have you chosen not to put it on self-sigs?
AFAIU RFC4880 it's just the policy under which a signature was made.
So o
Hi.
Just found out, that a policy _is_ actually set when using
--set-policy-urls when creating a key (--gen-key)
But it seems there is no way of changing that later..
I've looked through the code but could not find the place why it's
ignored when just e.g. changing the keyserver/prefs/etc.
Hi.
That's fairly easy by hacking the code and resigning.
Have a look the the archive, it was mentioned before how it works.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
On Wed, 2010-11-10 at 14:58 -0500, Daniel Kahn Gillmor wrote:
> hrm, even if i can do this, it probably isn't very convincing for most
> people following gnupg-users :(
It was suggested before, to ad such functionality, but declined IIRC.
> > Have a look the the archive, it was mentioned before h
On Wed, 2011-01-26 at 15:37 -0500, Avi wrote:
> As someone who uses GnuPG on a USB stick under Windows, I sincerely
> hope that elliptical curves get added to the 1.4 trunk.
I know this won't happen,... but I'd rather see a roadmap to phase out
1.x...
Maintaining to branches is not only a big eff
Hi.
This pops up over and over again...
>From a technical point of view that seems to be not only a intended
limitation,... at least it's not enough to change the max size in the
code,... there seem to be several buffers one would need to enlarge in
order to make bigger keys.
Personally I'd pref
On Tue, 2012-05-22 at 17:50 +0200, Peter Lebbing wrote:
> Or bugs only affecting large keys are not found because so few people use it,
> and it becomes an attack vector affecting only those using large keys.
While this could happen, I'd guess it would be rather vice versa
And eventually large
Hi David.
Long time ago, the following[0] ;)
I recently stumbled across that question again,... when I deployed
haveged on our faculty's HPC cluster...
So I've asked[1] around at lkml, whether a malicious (or just bad)
entropy source could spoil the kernel's RNG.
Ted Ts'o, who currently maintain
On Mon, 2013-03-25 at 15:30 -0700, Jack Bates wrote:
> How do I dump all the properties of a key?
pgpdump
Cheers,
C.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailma
I think heise is generally becoming more and more part of the rainbow
press in gerneral.. but their repeated fake news about crypto and weird
claims "crypto must become easy" (in the sense of: people shouldn't
need to mutually authenticate) starts to get really dangerous for the
unaware people beli
Hey.
I have the following scenario:
I'd like to archive private data to e.g. some cloud storage for backup
reasons.
Basically I'd see two ways to move on from here:
1) Put the data in on or more disk images which are encrypted with dm-
crypt/LUKS (e.g. using aes-xts-plain64)
2) Put the data i
y.
Thanks and best wishes,
Christoph Anton Mitterer.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat
ings in the UID are true (more
questions about the different kinds of signatures from others to my UIDs
later)
Ok,.. I told you I'd use my key as long as possible. But sometimes my
email address changes, so I'll defenitely have more than one UID.
Big problem:
When I change my UID all s
Hi again.
First of all: Sorry for those many writing mistakes I've made in my
initial post,... my English is better indeed, but it was pretty late
when I wrote that mail ;-)
Ok,..
In the meantime I've received several replys,... most of them haven't
been posted to the list. I'll do that as s
John Clizbe wrote:
Well, first it has to make it into the OpenPGP Standard. And usually to do
that, it would likely need to be part of some governmental or business
standard so that large numbers of end-users would want/need it.
I think that should be implemented despite of the way goverments
Hi.
This is perhaps a stupid question but how far are these two standards
interoperable?
I've seen a document that proposes some things in that area
(http://www.imc.org/ietf-openpgp/mail-archive/msg09930.html).
My question now:
Can X.509 certificates be used to sign/certificate OpenPGP UIDs
David Shaw wrote:
That would work if GnuPG stood alone, but it doesn't. New algorithms
or message constructions need to be discussed and worked out as part
of a standard so that all programs can interoperate.
I know that, of course, but I think that perhaps we'll have no ECC the
next 10 yea
Alaric Dailey wrote:
CAcert offers a GPG signature if your persona has been verified, and I
wrote this as well.
http://wiki.cacert.org/wiki/ConvertingCertificateToPgp
Uhm,.. but that way I create a NEW key,... correct?
I was looking for a signature for my EXISTING key.
if this doesn't an
Hi...
This is just a short question,... (I'll ask a lot of other things
regarding signatures as part of "my" "Lots of questions" thread :-) )..
What is the "best type of signautre someone can give to my UIDs?
Ok,.. I think there are the following types:
local, non-revocable, trust, normal
So
David Shaw wrote:
It is not suggested. NR signatures are useful in very specific
circumstances, and regular people signing other people's keys are not
one of those circumstances.
Can you tell me one of these circumstances, I can't imagine one *g*
It's not necessarily a benefit to you
that s
strongest hash)? And/or should I sign others UIDs only with SHA512 (..) ?
Best wishes,
Christoph Anton Mitterer.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted
Werner Koch wrote:
Can X.509 certificates be used to sign/certificate OpenPGP UIDs?
No. You can add a private extension to do so.
What do you mean by "private extension"?
Chris.
(from now on,.. imply my "best wishes" =) )
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christop
Werner Koch wrote:
I know that, of course, but I think that perhaps we'll have no ECC the
next 10 years or so,.. if noone makes the step,...
Uhm,.. I probably have not that detailed knowlegde as you,... but when
I've read the comparisions of cryptographical strength it seemed that
ECC wit
markus reichelt wrote:
* Christoph Anton Mitterer <[EMAIL PROTECTED]> wrote:
What about using that uhm,.. libecc
(http://libecc.sourceforge.net/)?
do you know of an application that uses this lib?
No I don't but that shouldn't be a reason to forget about it,...
i
Alex Mauer wrote:
Christoph Anton Mitterer wrote:
Do you remember when, I think it was BBC, claimed they had a patent in
the US which would cover hyperlinks?
It was British Telecom. google:"british telecom" hyperlink patent
Ah,.. ok *g*
But you see my point? Well,.. I i
markus reichelt wrote:
* Christoph Anton Mitterer <[EMAIL PROTECTED]> wrote:
do you know of an application that uses this lib?
No I don't but that shouldn't be a reason to forget about it,...
Now why is that? I didn't imply anything to such extent.
David Shaw wrote:
If so,... should I (for security/cryptography reasons) ask users to sign
my key only with SHA512 (or whatever is considered as the currently
strongest hash)? And/or should I sign others UIDs only with SHA512 (..) ?
This is up to you, but note that most OpenPGP programs d
David Shaw wrote:
First, read this:
http://download.cryptoex.com/documents/whitepaper/cex2003-pgp-in-unternehmen-en/Tech%20White%20Paper%202002%20-%20Using%20OpenPGP%20in%20Corporations.pdf
Then, read this:
http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html
Thanks :-)
bits /keyIDDate User ID
pub 1024D/6B6EEFC9 2004/03/22 Martin Roll <[EMAIL PROTECTED]>
sig6EF2BDF5 Rainer W. Gerling <[EMAIL PROTECTED]>
sigBE8DC15F Michael Decker <[EMAIL PROTECTED]>
sig 67B82F43 Christoph Ant
Jean-David Beyer wrote:
Is it because you think they have so much computer power at Ft. Meade that
they can use exhaustive search? Or do you think their mathematicians
are so
much better than the general public (including math professors who
specialize in this stuff) that they have discovered
David Shaw wrote:
It's a countermeasure against an attack against signing subkeys.
Basically, the primary key signs all subkeys. With backsigs, the
signing subkey also signs the primary key.
Without this, an attacker can "steal" a signing subkey from someone
else and try and pretend that a sig
David Shaw wrote:
I'm afraid I don't understand what you're asking here. How backsigs
work?
And what is the "theory" behind them,... e.g. how do they improve security?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied S
Hi.
As you probably know, one can set his prefered algorithms for a OpenPGP
key using setpref.
How is the priority specified? Is it from left to right, meaning that an
algorithm a left from another (b) is preferd in favour of b?
setpref --->--->--->---> ?
Best wishes,
Chr
David Shaw wrote:
How is the priority specified? Is it from left to right, meaning that an
algorithm a left from another (b) is preferd in favour of b?
setpref --->--->--->---> ?
Correct, it's left to right. The algorithm works by eliminating any
algorithm that isn't usable by all reci
Hi folks!
Ok,.. I know that you can set at least the following flags to specify
the purpose of a key:
A - authorsation
C - certification
E - encryption
S - signation
Ok,.. as far as I understood, if a key is C-only that this indicates
that it is used solely for signing other keys, but not for
David Shaw wrote:
So I think it would be better to have the following:
primary: C, RSA-S, 4096 bit
secondary: S, RSA-S, 4096 bit
secondary: E, ElGamal, 4096 bit
Ok...
1) Is it advisable at all?
Yes. Many people do it this way, including myself. It's not actually
an RSA-S key (that's dep
David Shaw wrote:
On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
Yes. Many people do it this way, including myself. It's not actually
an RSA-S key (that's deprecated), but a regular RSA key with the S
flag set. However, you don't actually wan
Alphax wrote:
>What would be the disadvantages?
You could end up with conflicting copies of the same key for one...
What does that mean?
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Compute
lusfert wrote:
What does type "A" mean and where is it used?
It means that the key can be used for authentication,... e.g. for ssh or so.
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer
David Shaw wrote:
If such a feature existed in GnuPG, yes.
David
Uhm,.. I rethought the whole thing,... and I came to the reason that I
gave up too fast ;-)
Ok,.. you told me that the disadvantage of C-only keys would be that you
can't response to challenges. Is this the only reason?
As
Or is there perhaps another software that I could use for chaging the
key usage flags (without damaging my key or changing the format or so).
Of course I'd prefer using GnuPG because I trust this the most :-)
Once again,.. I'm only going to do this,.. if it wouldn't have
disadvantages for the
Alphax wrote:
It means, the "expected" behaviour for what the keyservers/PGP/GPG will
do when it finds that the usage flags have changed on a primary key is
completely undocumented, because they are *not supposed to change*. I
don't think they're protected by the fingerprint/selfsignature (altho
David Shaw wrote:
And what is the "theory" behind them,... e.g. how do they improve security?
Current signing subkeys have a weakness in that they can be moved from
one key to another without the key owner's approval.
This means that if I sign a message with a signing subkey, someone
else
Ok,.. my answer to this is a little bit late but here it is ... ;-)
It's not that I see a desperate need for the feature,
it just seemed an interesting omission, and I wondered
what the reason was.
I'm surprised that compatibility is a problem - I
assumed it would be done by having the self-sig
David Shaw wrote:
No, they have their own type. They are 0x19.
I should have read on before asking,.. sorry ;-)
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-pri
Hi.
Took a while but now I've time to answer.
David Shaw wrote:
Ah,... I see,.. but is this problem only limited to signing subkeys? It
should be, right? Because the primary is protected by the selfsigned
user id? Or is there another reason? (just want to check if I'm slowly
understand how
I've just found out that 0x19 is not specified by rfc2440...
Isn't that a dangerous way if gnupg add its own things to it?
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quote
Hi.
When I use an USB token instead of a "normal" smartcard reader do I
still need special software (e.g. pcscd and so on) or is gnupg enough.
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathema
Ivan Boldyrev wrote:
Which SSH implementation does support it? It seems OpenSSH does not
(at least I can't understand how to do it).
I think you can do it via gpg-agent. Unfortunately I couldn't find any
documentation right now. :-(
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitter
Olaf Gellert wrote:
When I generate an RSA key, GPG provides the capabilities
sign, encrypt and authenticate (in expert mode), but
not certification.
Certification is always used automatically for the primary (signing) key.
If you edit your key (gpg --edit-key ) you'll see a "Usage: CS" for
Hi.
Somewhere (unfortunately I've lost the URL) I've read about forging
fingerprints and/keyIDs (not sure)
Meaning that an attacker could create a key (but as far as I remember
with a different keysize onlz) that has the same fingerprint and/or
keyID as another key.
Is that true?
Are the
gt; showpref
pub 4096R/5BB9A53D created: 2005-10-28 expires: never usage: CS
trust: unknown validity: unknown
[ unknown] (1). Christoph Anton Mitterer
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, RIPEMD160
Compression: ZLIB, ZIP, Uncompressed
F
Hi :-)
Ok,.. it took some time,.. but now I came back to that issue ...
David Shaw wrote:
On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote:
Or is there perhaps another software that I could use for chaging the
key usage flags (without damaging my key or changing
David Shaw wrote:
On Tue, Nov 08, 2005 at 11:41:43PM +0100, Christoph Anton Mitterer wrote:
Ok,.. you told me that the disadvantage of C-only keys would be that you
can't response to challenges. Is this the only reason?
As far as I know a challenge/response is used by some users to v
Ah,.. tanks :-)
So it sould be completely enough to verify Name/eMail and the
Fingerprint when signing another key,... and I don't have to compare
creation date/keysize/algorithm/etc., right?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich Uni
1 - 100 of 167 matches
Mail list logo
