Re: SSH generic socket forwarding for gpg-agent

I got the forwarding working, gpg-connect-agent says "connection to agent is in restricted mode" and gives me a prompt. So am I all set? Doesn't seem like that. My GPG_AGENT_INFO is empty, as it is on my local machine where everything works as expected (once my gpg-agent is running, has a key, an

Re: SSH generic socket forwarding for gpg-agent

Werner Koch gnupg.org> writes: > Are you sure that the gpg version at the remote site is also >= 2.1? > Given that you used the option "--use-agent" I assume that this is a gpg > 1.4. > > For that feature to work you need GnuPG 2.1 local and remote. The > reason is that only since 2.1 gpg diver

Newbie: Installing Build Dependencies to gnupg-2.2.13 update from gnupg 2.0.22 on Ubuntu 14.04 LTS failed

dear members of gnupg-users, prolog: hello my name is daniel. if i may introduce myself, i'm not an entirely sophisticated or seasoned unix/linux user and usually dependend on whatever snippets of information i can find in forums and on the web that give me usually a ballpark idea of w

Re: Newbie: Installing Build Dependencies to gnupg-2.2.13 update from gnupg 2.0.22 on Ubuntu 14.04 LTS failed

r your reply, you've all been very helpful and I appreciate it greatly. Sincerely, daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- pgp fingerprint: 02EF 1CA4

What is 'CA fingerprint 1' on Smartcard

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Hope this question is OK on this list. What is the CA fingerprint on FSFE-Smartcard? A gpg2 --car-status gave the information: CA fingerprint 1 .: C485 A6CD 7EC6 6E9E EC33 65F2 70F2 75E4 C32F 6CA5 This is a smartcard issued by the FSFE. After

Re: What is 'CA fingerprint 1' on Smartcard

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 02.04.2015 um 04:40 schrieb NIIBE Yutaka: > It seems that it's intended to be hold a fingerprint of OpenPGP, > but it is not clear what/how this fingerprint is used for. > > From a view point of scdaemon developer, I don't have any > experience

Re: What is 'CA fingerprint 1' on Smartcard

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 03.04.2015 um 13:14 schrieb Werner Koch: > Back in 2005 the idea was to setup our own OpenPGP "CA" and the > FSFE prepared the cards for this (this is also one of the the > reasons for the PIN letter). However, the folks responsible for > the

--with-sig-check silently ignored when used with --import and --recv-keys

> sub 2048R/0BE64ECE 2015-04-01 > sig! A5452207 2015-04-01 Alice User (Signature Test) > > > 1 bad signature ==What Should Happen== When importing public keys, --with-sig-check should not get silently ignored when added to --import or --recv-keys. Alternatively,

Re: --with-sig-check silently ignored when used with --import and --recv-keys

Gotcha. Would it be possible to throw an error when --with-sig-check is included with --import or --recv-keys? When silently ignored, it is very easy for a user to assume that the signature checks passed. Daniel On Sun, May 3, 2015 at 2:02 AM, Werner Koch wrote: > On Sun, 3 May 2015 01

Re: Incorrect general key info, for key on Yubikey NEO

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > This made me notice that my --card-status does the same thing, it > shows my signing subkey at "General key info" (although I thought > at some point it used to show the master...). That said, everything > works fine and my card is usable (v2.1.3).

What Linux kernel configuration options are required by GPG for --refresh-keys?

I'm using Arch Linux and running a custom kernel (version 4.0.2) and I'm unable to use the --refresh-keys function. I know the kernel is the problem because when I reboot into the ARCH distribution kernel (also version 4.0.2) it works fine. It's only my custom kernel that has this issue. I need

Receiving keys by PKA or OpenPGP

Hello, maybe I’m blind, but how can I receive a key from a pka- or OpenPGP-DNS-entry without encrypting a (dummy-)file? Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What Linux kernel configuration options are required by GPG for --refresh-keys?

y left it out. On Thu, May 14, 2015 at 1:33 AM, mark hellewell wrote: > Smells like something to do with IPv6 > > On 14 May 2015 at 12:41, Daniel Bomar wrote: >> I'm using Arch Linux and running a custom kernel (version 4.0.2) and >> I'm unable to use the --refresh-key

Re: What Linux kernel configuration options are required by GPG for --refresh-keys?

Hello, Am 15.05.2015 um 16:20 schrieb Daniel Bomar: > If I ping either of those hostnames it sends only an A query that’s normal, because the ping-command works only for IPv4. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org h

Re: What Linux kernel configuration options are required by GPG for --refresh-keys?

I verified this to be the case in Wireshark. It's sending both A and queries for hostname vod.ohai.su (not sure how it got that from pool.sks-keyservers.net but whatever probably not relevant.) However it's only GPG that seems to do this. If I ping either of those hostnames it sends only an

Re: Receiving keys by PKA or OpenPGP

Hello, Am 15.05.2015 um 13:33 schrieb Werner Koch: > gpg2 --auto-key-locate clear,nodefault,pka --locate-key ADDRESS ah ok, thanks. I forgot to consult the man-page for gpg2, sorry. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.or

Install of GnuPG beside a production version

are confidentials. Professionnal tools don't need this historical workaround to compensate for Outlook lack of E-mail history managment. daniel AzuelosR.S.S.I. - C.I.S.O. - Institut Pasteur ___ Gnupg-users mailing list Gnu

Re: [Announce] GnuPG 2.1.5 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thanks for the new release, > * Support for the forthcoming version 3 OpenPGP smartcard. Is there any further information you can provide regarding version 3 of the smartcard? Searching the web didn't give me any useful results. Thanks DK -BE

Re: [Announce] GnuPG 2.1.5 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 12.06.2015 um 02:34 schrieb NIIBE Yutaka: > And please follow the link "OpenPGP Card version 3.0", then you > can get the specification. > > http://www.g10code.com/docs/openpgp-card-3.0.pdf > > That's all I know of. Thanks for pointing me ther

Re: General brute force attack question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 17.06.2015 um 01:45 schrieb Robert J. Hansen: >> Is this a correct interpretation? > > Pretty close. > >> My understanding of en-/decryption is that there is no >> indication of progress toward finding a successful key match of a >> given encryp

Re: Secure Private Key Synchronization (RFC)

Will the proposal require support private subkey stubs generated from gpg --export-secret-subkeys? Daniel On Thu, Jul 2, 2015 at 6:48 AM, Tankred Hase wrote: > Hi, > > I'm Tankred from Whiteout (https://whiteout.io). Me, Werner and other > PGP projects discussed a secure way

Re: Secure Private Key Synchronization (RFC)

; perhaps be better. > SKS keyservers accept lookups for both short and long key ids, fingerprints, and word searches on user ids[1]. Perhaps the Message-ID should be the fingerprint + user ids (i.e. "0xf75be... Daniel Roesler "), so that a client can easily index/search their mailbox

Re: [Enigmail] Really weird behavior with fresh install

ttacks outburst. daniel AzuelosR.S.S.I. - C.I.S.O. - Institut Pasteur ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Python GPG libraries

g/) https://github.com/isislovecruft/python-gnupg (what runs https://python-gnupg.readthedocs.org/) I also have a super-duper experimental and completely unfinished and unsafe OpenPGP parser[1] that I use to learn the format and to dump the sks-keyserver pool to json[2]. Daniel [1]: https://github.c

Re: Proposal of OpenPGP Email Validation

Hello, Am 27.07.2015 um 14:15 schrieb Neal H. Walfield: > This approach is not going to stop a nation state. A nation state can > intercept the mail, decrypt it and follow the link. > > For the same reason, it is not going to stop a user's ISP. Given > Microsoft's et al.'s willingness to coopera

Re: protecting pub-keys from unwanted signatures

On Sun, Aug 16, 2015 at 4:15 AM, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi > > > On Sunday 16 August 2015 at 9:10:28 AM, in > , Stefan Claas wrote: > > > >> after seeing Facebook's public key a couple of days >> ago, i was wonde

Re: Facebook and OpenPGP

On Fri, Sep 25, 2015 at 7:24 PM, Christian Heinrich wrote: > > So as far as I am aware there is no integration with the Facebook > GraphAPI yet :( I asked a while back, and they are considering it. https://twitter.com/sweis/status/605440779406974976 _

Re: Seperate Session Key and Encrypted Data

You can use the --show-session-key and --override-session-key option for gpg. $ gpg --encrypt <<< "Test Message" > msg $ gpg --decrypt --show-session-key msg $ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you' Note that you do not need your private key for the last operation. H

Re: Sign/verify openssl RSA signatures

culate the public key pem (without an ASN.1 parser) and raw data payload. Maybe that can give you some ideas on how to make gpg signatures compatible with openssl. Daniel On Oct 4, 2015 4:44 PM, wrote: > > Hi, > > i've googled a lot and i guess it is just not possible but i want to ask

Re: Just published a browser-based PGP tool

just download the source and open it locally for a quick, cross-compatible OpenPGP user interface without having to install anything or get admin privileges. I should work anywhere you can open it in a browser (which is what I love about unhosted apps). Really sad to see it isn't open source yet.

Re: Generating 4096 bit key fails – why?

Hello, Am 27.10.2015 um 11:11 schrieb Felix E. Klee: > As already mentioned in the October 2015 thread “Bad secret key” on > , I cannot generate a 4096 bit on > my [OpenPGP card][1]. What could be the issue? AFAIK the card doesn’t support 4096 bit keys. The webpage given by you says the same AFAIS

Re: TOFU for GnuPG

Hello, Am 29.10.2015 um 15:06 schrieb Neal H. Walfield: > First, some > statistics are displayed, namely, that we've verified 5 messages > signed by this key in the past last hour. isn’t it a little bit problematic that GPG now logs how often I received emails by someone else? Sincerely, DaB.

Re: Trusting other keys a message was encrypted to

Hello, Am 07.11.2015 um 12:10 schrieb MFPA: > But we *could* check to see if any of them gives > us cause for concern. I don’t really understand what is the earn here. If I send a encrypted message to you and EvilPerson (together in the same eMail), you receive the email and gpg would warn you “

Re: GnuPG 2.1: --auto-key-locate dane

Hello, Am 26.11.2015 um 16:00 schrieb Felix Seip: > Clearly I am doing something wrong and was wondering if someone could > help me with this problem. Hello, Am 26.11.2015 um 16:00 schrieb Felix Seip: > Clearly I am doing something wrong and was wondering if someone could > help me with this probl

Re: GnuPG 2.1: --auto-key-locate dane

Hallo, Am 27.11.2015 um 07:58 schrieb Werner Koch: >> The OpenPGPKey-DNS-entry for my mail-adress works, if you like to test gpg. > Not for me: sorry, this is a misunderstanding. I meant: My entry is correct in the DNS, while Felix’ is not. I have no such recent version of gpg to test if it is wor

How important are Admin PIN and Passphrase in this scenario?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm thinking about the following scenario: There is a smartcard with subkeys for encryption, signing and authentication. The secret primary key is stored encrypted (eg. a truecrypt container) and only used on an airgapped, offline machine when si

Re: character encoding differs in gpg and gpg2

Hello, Am 16.12.2015 um 11:51 schrieb Fabian Stäber: > My name has a special character. 'gpg --edit-key' shows it correctly, > 'gpg2 --edit-key' does not. either gpg or gpg2 show the umlaut in your key correct here. My locale is LC_ALL=de_DE.UTF-8. Sincerely, DaB. signature.asc Description

SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

n APT + SHA1 https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-a pt-sha1/ "...note that SHA1 support is not dropped, we merely do not consider it trustworthy." thanks! - -- Daniel Villarreal http://www.youcanlinux.org youcanli...@gmail.com PGP key 2F6E 0DC3 85E2 5EC0

Re: EasyGnuPG

is born knowing this stuff. Should we not strive to use gnupg v2x ? I always try to use gpg2 on the command-line, whereas documentation seems to show gpg. example... Encrypting and decrypting documents https://gnupg.org/gph/en/manual.html#AEN111 - -- Daniel Villarreal http://www.youcanlinux.org

Re: EasyGnuPG

ch a big deal, so long as I'm otherwise following best practice and using the software as appropriately as I can, but I figure I'm on the right track by using gpg2 on the CL. - -- Daniel Villarreal http://www.youcanlinux.org youcanli...@gmail.com PGP key 2F6E 0DC3 85E2 5EC

Re: How to interprete the output of --export-ownertrust?

Hello, Am 05.04.2016 um 06:37 schrieb Doug Barton: > I learned to check the headers, and look for References: (sometimes > spelled In-Reply-To:) with one or more message Ids after. while it is off-topic: The In-Reply-to and References-header are not the same. The in-reply-to-header tells you, for

making a Debian Live CD for managing GnuPG master key and smartcards

There has been some discussion on debian-devel[1] about making a bootable Debian Live CD specifically for GnuPG The benefit is that everything on the CD is self-contained, it can't be tampered with, it can run without network support in the kernel and the workflow would be controlled by a script.

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 12:52, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 9:53 AM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > > There has been some discussion on debian-devel[1] about making a > bootable Debian Live CD specifically for GnuPG > >

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 14:16, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 1:16 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > Could you add a section to the wiki about this, with an itemized list of > the tasks that need to be done, e.g. > > * pack

Re: making a Debian Live CD for managing GnuPG master key and smartcards

.debian.net and upload a package they created: http://mentors.debian.net/ Regards, Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 17:29, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 4:57 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > > > On 26/04/16 15:40, Dashamir Hoxha wrote: > > On Tue, Apr 26, 2016 at 3:11 PM, Robert J. Hansen <mailto:r...@s

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 27/04/16 11:53, Werner Koch wrote: > On Tue, 26 Apr 2016 22:51, r...@sixdemonbag.org said: > >> Well, there's a little bit of a chicken-and-the-egg problem here. If >> new projects are told "don't evangelize here", how will they let users >> who might be interested in their project know it e

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 27/04/16 15:39, Peter Lebbing wrote: > On 26/04/16 09:53, Daniel Pocock wrote: >> There has been some discussion on debian-devel[1] about making a >> bootable Debian Live CD specifically for GnuPG > > I think this is interesting, and I would probably use it. But I

Re: Top-posting

ent. I often quote differently anyway... MfG, Daniel - -- Daniel Villarreal http://www.youcanlinux.org youcanli...@gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -BEGIN P

Reiner SCT cyberJack Secoder 2 / PIN pad support?

I've got this device with a built-in PIN pad: Reiner SCT cyberJack Secoder 2 / PIN pad support? $ lsusb -v ... idVendor 0x0c4b Reiner SCT Kartensysteme GmbH idProduct 0x0400 ... $ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0NoPIN pad R

managing OpenPGP cards in batch mode?

I tried this with GnuPG 2.0.26 on Debian: $ gpg2 --card-edit --batch gpg: can't do this in batch mode Is this supported in newer versions or can it be done with GPGME? In particular, I would like the user to be able to do things like: - set PINs - set language - set name - set URL

Re: managing OpenPGP cards in batch mode?

On 03/05/16 15:55, Dashamir Hoxha wrote: > On Tue, May 3, 2016 at 3:04 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > I tried this with GnuPG 2.0.26 on Debian: > > $ gpg2 --card-edit --batch > gpg: can't do this in batch mode > &

Re: managing OpenPGP cards in batch mode?

flash drive and copy the signed keys back into the other system later. The other system they use may be running 1.4.x or 2.0.x Regards, Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: managing OpenPGP cards in batch mode?

On 05/05/16 08:11, Robert J. Hansen wrote: >> Out of curiosity, where are these rules defined? > > The Free Software Foundation requires them for all FSF-sponsored mailing > lists. Thou Shalt Not Advocate Proprietary Software. I wish I had a > link but I don't -- I was told about this Thou

Re: (OT) FSF involvement

rds-to-avoid.html or some such page? At the same time, I wouldn't want a "Chilling effect" [1] [1] Dr.Ian Goldberg Battling Internet censorship and surveillance Privacy Enhancing Technologies for the Internet Cryptography, Security, and Privacy (CrySP) Research Group University Researc

Re: Help needed - again

Thanks. I hope someone can tell me what I might be doing wrong. > On May 7, 2016, at 3:51 AM, Brad Rogers wrote: > > On Fri, 6 May 2016 16:59:32 -0700 > Daniel H. Werner wrote: > > Hello Daniel, > >> I sent the following message several days ago and am not su

Having issues with dirmngr in gpg 2.1

gnupg instead of under C:\Windows. Any suggestions where I should look for a mistake in my configuration? -- Best regards, Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Go gpg, guess, what I want

stop the export of the complete key. If there are several keys to export, gpg should still process the other keys. If I would have wanted to export the subkey only, I would have used the exclamation mark syntax. -- Best regards, Daniel Ranft ___ Gnupg

storing private key on multiple SD cards / SD card RAID

offline Regards, Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Unsubscribe

Please remove me from this list. * Daniel H. Werner Hillsdale Corporation 9 Oregon Yacht Club Portland, Oregon 97202 USA Cell: +1-503-709-0950 www.hillsdalecorp.com signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Online-Entschlüsselung

f.) --- ich würde das nicht tun, aber vielleicht https://www.webpg.org/ ? - -- Daniel Villarreal http://www.youcanlinux.org youcanlinux at gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -BEGIN PGP SIGNAT

Serve up ssh key *and* gpg key?

Long-time GPG user here, thanks so much for everyone's help and work on it. I really like the feature GPG 2.1 has, where it can serve up a subkey of a private key to SSH and act as an SSH agent. I use a particular subkey of my master key for SSH authentication and I really like it. But, at

short list of recommended card readers?

Can anybody make recommendations for a short list of card readers, preferably with PIN pads? I've got the SPR532[1] and found it works fine but it is no longer listed on the vendor's web site[2], I've previously tested Reiner SCT cyberJack Secoder 2 and found it didn't[3] work. I'm looking at

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 09:53, Daniel Pocock wrote: > > There has been some discussion on debian-devel[1] about making a > bootable Debian Live CD specifically for GnuPG > This can now be used, command line only for the moment, as described in my blog[1] about it If anybody wants to he

mentors needed for the PGP Clean Room project in Outreachy/GSoC

unity be interested in collaborating as a co-mentor on this project? If so, please feel free to email me and/or subscribe to the pki-clean-room mailing list[3]. Regards, Daniel 1. https://danielpocock.com/outreachy-gsoc-2017-pki-clean-room 2. http://lists.alioth.debian.org/pipermail/pki-clean

reviewing wiki / shortlist PIN-pad readers

I was looking at this page: https://wiki.gnupg.org/CardReader/PinpadInput Are any of these more outstanding than the others, or it doesn't matter which one somebody chooses? Could anybody comment on which of those are easily available in small quantities for developers, or suppliers who are co

Re: reviewing wiki / shortlist PIN-pad readers

> On 10/18/2016 04:51 PM, Daniel Pocock wrote: >> I was looking at this page: >> >> https://wiki.gnupg.org/CardReader/PinpadInput >> >> Are any of these more outstanding than the others, or it doesn't matter >> which one somebody chooses? >>

Re: smartcard reader

liminate some of those from the list, is anybody able to update the wiki? Are there any new options that weren't listed already? I also added another blog about choosing hardware today: https://danielpocock.com/choosing-smartcards-readers-hardware-for-outreachy-2016 Regards, Daniel ___

Decrypting a non-mdc encrypted message results in Exitcode 0 but also in status DECRYPTION_FAILED

instead? Thanks, Daniel Ranft gpg4o developer -- Verschlüsseln Sie Ihre E-Mails mit gpg4o für Outlook | Encrypt your email with gpg4o Meinen PGP-Schlüssel finden Sie auf hkp://pgp.mit.edu. Key-ID: B8DAE2A2

Re: [Announce] GnuPG 2.1.17 released

Hello, Am 20.12.2016 um 13:46 schrieb Christoph Moench-Tegeder: > SHA1 (gnupg-2.1.17.tar.bz2) = d83ab893faab35f37ace772ca29b939e6a5aa6a7 > SHA1 (gnupg-2.1.17.tar.bz2.sig) = 34cea3e6d139cb340bf14f04ff217cb6960cf36d > > Or is that just me and a local issue? it works for me (see below), but the sig-

Re: GPG cannot import public key

y binding you wanted. If you really wanted to, you could delete the second user id and signature after importing the key. Hope this helps, Daniel On 24/04/2014, at 11:15 PM, helices wrote: > Thank you, for your response. > > [1] > -BEGIN PGP PUBLIC KEY BLOCK- &

Re: GPG cannot import public key

stood your earlier email. I'm trying to compile a local version of GnuPG to poke around at it, but I'm having some trouble. I'll let you know if I make any further progress. Daniel > I do appreciate your analysis. I hope that a GPG developer can use it to > advance gpg. >

Re: GPG cannot import public key

I can confirm that - I compiled GnuPG against the latest version of libgcrypt in git, and it imported the second key fine. gpg2 --version gpg (GnuPG) 2.0.22 libgcrypt 1.7.0-beta61 Daniel On 25/04/2014, at 7:57 PM, Werner Koch wrote: > On Thu, 24 Apr 2014 19:55, ds...@jabberwocky.com s

Re: Trying to compile gnupg 2.1 on OSX

I had this error as well. I eventually fixed it by going with the latest stable version of libgpg-error rather than the git HEAD. Yours, -- d On 20/05/2014, at 10:56 PM, Colin Davis wrote: > Good Morning, > > I'm trying to compile/test gnupg git master on OS X 10.9, but I've been > running i

Re: Docs central, with 'Email Self-Defence'

>please add a link or a comment. Does the column "language" imply, that you are also looking for links to non-english sites? -- kind regards daniel krebs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

problems after changing primary UID

I recently changed my primary UID from dan...@pocock.com.au to dan...@pocock.pro I've been able to sign from one machine but not from another. The second machine only has subkeys. On the second machine, I would always get "secret key not available" errors from git tag, signing packages, etc. I

Re: Mascot_p

ht be more attracting to new users that a rather 'cold' robot. unless you can crate a really cute robot of course! something like wall-e from that disney (?) picture. -- kind regards daniel krebs ___ Gnupg-users mailing list Gnupg-users

Analogien um das Prinzip von PGP zu erklären

ln: Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit meinem geheimen. Signieren: Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit meinem öffentlichen. Anregungen, Meinungen? -- kind regards daniel krebs ___ Gnupg-use

This time in English: How to explain the principles of PGP, looking for metaphors

imprint. https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ -- kind regards daniel krebs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Analogies to explain the basic principles of encryption as used by OpenPGP

t must "do something" BEFORE anyone can send anything (secured by that means) to him. Everyone knows what happens if you snap the lever into the lock - you're only able to unlock it if you have the key (or a big tool, OK). But how would you explain signing from that point of v

Re: Analogien um das Prinzip von PGP zu erklären

of using the terms "key, lock, seal and imprint". They differentiate between signing & encryption but are rather intuitive if you are not familiar with the technical details of PKI. -- kind regards daniel krebs ___ Gnupg-users m

gpg-preset-passphrase

rget command doesn't appear to change anything at all. Am I doing it wrong? Any help is appreciated, -- Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Secure unattended decryption

experience with this sort of situation? I realize that anything short of requiring a user with the passphrase at the terminal is inherently less secure, but uptime is king, and I'm looking for an "as secure as possible while not requiring human inte

Re: Secure unattended decryption

On Thu, Mar 18, 2010 at 10:37 AM, Grant Olson wrote: > On 3/18/2010 7:50 AM, Daniel Eggleston wrote: > > ..., with the ultimate goal > > that if somebody does somehow walk out with the storage containing the > > databases, there will be no way to gain access to the data. &g

Re: Secure unattended decryption

se at boot. It sounds like gpg is probably not more qualified than any other encryption tool for this job, because the solutions thrown out here are quite feasible without gpg. On Thu, Mar 18, 2010 at 7:04 PM, Philipp Gühring wrote: > Hi Daniel, > > > I'm trying > > to co

Re: gpg output to a filename ending with .pgp

On Tue, May 25, 2010 at 10:03:30AM -0400, Jeremy Bennett wrote: >I have been googling for an answer on how to have gpg encrypt a file to a >file with a pgp extension. It looks like maybe the only way is via a >output redirect (> ?). I'm trying this via a command line on a windows >

Re: ...key belongs to ...

On Sun, 30 May 2010 00:58:57 + (UTC) "Michael D. Berger" wrote: > On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote: > > > Michael D. Berger wrote: > >> On a Linux box, in encrypting a file with gpg, I get this query: > >> > >>It is NOT certain that the key belongs to the person nam

Re: OpenPGP for Android

(in case the device is stolen or confiscated). Is there ? Cheers Daniel On Tue, Jan 18, 2011 at 04:22, Kosuke Kaizuka wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sun Jan 16 2011 14:12:42 GMT+0900, Malte Gell wrote: >> In the Android Market there is APG.

Problems to migrate keys between two windows pcs

file from our partner, I get the error message above. Same behavior when I enxrypt a file and try to decrypt this one directly. Is there any mistake I oversee? Thanks for the help Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Encrypting using gpgsm and self-signed certificates

Hello list, I've been integrating GPG into a backup utility, and while OpenPGP works as expected, I'm having some trouble with trying to also enable self-signed x509 certs via gpgsm as a mechanism for encryption. Unfortunately all I get back from gpgsm is "No Value". The output of a gpgsm invocat

A usability gap in fingerprint rendering and parsing

Hello list, I was recently trying to encrypt a payload using fingerprints in my keyring to most unambiguously identify a key, when I encountered the following confusion. After giving up trying to find resolution via search engine I played with it a bit more I got it to work, but the head-scratchi

Re: A usability gap in fingerprint rendering and parsing

On Mon, Jan 2, 2012 at 5:49 PM, Jerome Baum wrote: > On 2012-01-03 02:43, Daniel Farina wrote: >> Thoughts? > > --with-colons Should that become the default? What's the use of nibbles that cannot be parsed by --recipient? I also prefer to read the whitespace, but in that

Re: A usability gap in fingerprint rendering and parsing

On Fri, Jan 6, 2012 at 2:17 AM, Werner Koch wrote: > On Fri,  6 Jan 2012 00:12, drfar...@acm.org said: > >> Should that become the default?  What's the use of nibbles that cannot > > No, --with-colons is not for humans.  OTOH, humans are not able to > properly read and compare 40 digits hex string

Re: A usability gap in fingerprint rendering and parsing

On Fri, Jan 6, 2012 at 5:18 AM, Jerome Baum wrote: > Is this necessary for a technical reason? I'm just thinking about the > scenario where transmits his human-readable fingerprint in a medium that > collapses repeated spaces (think e.g. HTML). If there's no security implication (it's hard for me

Re: [META] The issue of the unwelcome CC (please email me if you receive a CC from me)

On Tue, Jan 31, 2012 at 11:35 AM, Jerry wrote: > On Tue, 31 Jan 2012 12:26:07 -0500 > Christopher J. Walters articulated: > >> It was my understanding that this bug had been fixed in Thunderbird, >> but I may be mistaken.  I know that in a GNU/Linux user mailing list >> I have long been signed up

using OpenPGP card as an X.509 CA?

I understand the OpenPGP card can hold one X.509 certificate Can this be used in practice to run an in-house CA to sign other X.509 certificates, e.g. for small VPN setups? Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as a client or server cert for VPN)?

using OpenPGP card as an X.509 CA?

I understand the OpenPGP card can hold one X.509 certificate Can this be used in practice to run an in-house CA to sign other X.509 certificates, e.g. for small VPN setups? Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as a client or server cert for VPN)?

Re: using OpenPGP card as an X.509 CA?

On 25/06/13 15:28, Werner Koch wrote: > On Tue, 25 Jun 2013 12:43, dan...@pocock.com.au said: >> I understand the OpenPGP card can hold one X.509 certificate > Actually the card does not hold any certifciate but merely the keys and > OpenPGP fingerprints of the certificates. You can very well use

subkeys on smartcard?

I understand this is a bit old, but I believe the concept is still current: http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507429 Essentially, can anyone confirm why it is recommended to only store subkeys on a smart card? a) is it because of the risk that the card mi

Re: subkeys on smartcard?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/06/13 15:30, Hauke Laging wrote: > Am Mi 26.06.2013, 15:10:19 schrieb Daniel Pocock: > >> Essentially, can anyone confirm why it is recommended to only store >> subkeys on a smart card? > > That has little to do with sma

  1   2   3   4   5   6   7   8   9   10   >