On 07/04/2014 12:08 AM, Robert J. Hansen wrote:
> Bob is all about "I must have at least 256 bits of keyspace in all my
> email!" But Bob can't do that, because Alice can *always* degrade him
> to 112 bits by choosing 3DES.
Of course. And Alice can always send Bob cleartext too. does that mean
On 07/03/2014 11:54 PM, Robert J. Hansen wrote:
> the ability to store 400 bytes, to
> access it quickly and easily, and all in a tag that costs less than a
> dollar and can be read with almost any modern smartphone, is kind of cool.
it is cool indeed.
You can also get all of the above properties
On 07/13/2014 10:42 PM, alittlephoenix wrote:
> Hi!
> I found a critical bug of GPG4win,which may cause data loss.It's
> that,when I select several files that with Chinese character names,right
> click and select encrypt and/or sign,and do it ,then these several
> files can not packaged and encrypt
On 07/19/2014 09:29 AM, John Clizbe wrote:
> Debian/Ubuntu users will need to wait until Enigmail 1.7 has been packaged for
> your use.
Enigmail 1.7 is already packaged and present in debian unstable and
debian testing.
I'll look into backporting it to debian stable later this week.
--dk
On 07/21/2014 04:33 AM, war.dhan wrote:
> i have created a key pair using the defaults at first.
> et the owners trust as ultimate using enigmail 1.7.
> then i realised about not adding :
> personal-digest-preferences SHA256
> cert-digest-algo SHA256
> default-preference-list SHA512 SHA384 SHA256 S
On 08/22/2014 09:13 AM, Nicolai Josuttis wrote:
> THAT IS, the key server would automatically certify the correctness
> of the association between the key and the email address as casual signing.
as others have noted in this thread, this behavior is what the "PGP
Global Directory" does.
I'm not c
On 09/01/2014 04:07 AM, Werner Koch wrote:
> I am pleased to announce GPA version 0.9.5.
Thanks for the updated release, Werner!
I noticed a couple things from a brief review of 0.9.5:
keyserver helpers and gpg 2.1
-
GPA's configure.ac suggests that gpgkeys_ldap nee
All the other windows have a File|Close option, but the card manager
only has File|Quit. As a result, a user who tries to close the card
manager from the menubar will most likely shut down all of GPA, which
may not be their intent.
---
src/cardman.c | 12
1 file changed, 12 insertion
On 09/06/2014 09:40 PM, ved...@nym.hush.com wrote:
> On 9/6/2014 at 6:46 PM, "Pete Stephenson" wrote:
>> Is it possible to sign a message (or certify a key) with multiple
>> digest algorithms?
>>
>> For example, one might wish to sign a message with both SHA256 and
>> RIPEMD160.
> It can be done
On 09/15/2014 04:16 PM, David Shaw wrote:
> There is a third case, which is "Stop. Something is wrong. Figure it out
> before proceeding."
I think Hauke is explaining that he is already in this third case; he
figured out what was wrong (his peer doesn't have the means to update
the cert's expir
On 09/16/2014 06:45 AM, Peter Lebbing wrote:
> On 16/09/14 02:12, Robert J. Hansen wrote:
>> If you can find half a dozen *real users* who are being *really
>> impacted* by this, I'd love to hear about them.
>
> I wanted to encrypt a document to myself on an offline system[1].
> However, that copy
On 09/16/2014 10:04 AM, Nicholas Cole wrote:
> Can anyone explain to me why one would want to continue using a key
> and yet not simply change the expiry date? I really find all of the
> examples being given to be incredibly contrived.
"incredibly contrived" suggests that the people who are repor
On 09/16/2014 08:28 AM, Sam M wrote:
>
> This works, but can I automatically provide GPG with a passphrase which it
> asks for at the end?
You probably want to look into the --batch and --passphrase-fd or
--passphrase or --passphrase-file options.
Regards,
--dkg
signature.asc
Descrip
On 09/16/2014 12:26 PM, Werner Koch wrote:
> On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said:
>
>> i've definitely seen people update their primary key's expiration date
>> and fail to update the expiration date of their subkey, so they have a
>> valid cert, but it still can't be used for e
On 09/18/2014 01:31 PM, Sudhir Khanger wrote:
> PS:- Gmail has a weird setup. It would not allow me to reply back to
> the mailing list email. Reply replies to person whose email you
> clicked reply from and reply all goes to everybody's email on the
> thread and not the list.
You put this part of
On 10/02/2014 02:02 PM, Mirimir wrote:
> Would it be feasible to use gpg in batch mode to generate numerous keys,
> selecting for a particular key ID, or perhaps a longer part of the
> fingerprint? I'm aware of shortcuts for creating keys with arbitrary key
> IDs, but they produce keys with atypica
On 10/31/2014 01:31 PM, SubramaniaRao, ravikumar wrote:
> Hello GNUPG Users,
>
> Help needed to setup Passphrase with GNUPG 2.0.26.
>
> We have installed the following.
>
> (a) libgpg-error-1.11
> (b) libgcrypt-1.4.0
> (c) libassuan-2.1.2
> (d) libksba-1.3.1
> (e) pth-2.0.7
>
On 10/31/2014 06:10 PM, SubramaniaRao, ravikumar wrote:
> Daniel Kahn Gillmor,
>
> Further I would like to give the output below when I ran ./configure
[...]
> Please help us to resolve the issue.
I'm sorry, but i don't know enough about Solaris to make sense of the
infor
On 11/06/2014 11:12 AM, Robert J. Hansen wrote:
>> I made no changes to my gpg.conf file nor to my keyring. I've confirmed
>> that I have network connectivity and I can hit
>> http://pool.sks-keyservers.net.
>
> Next round of problems: doing a --list-secret-keys takes considerable
> time -- appro
On 11/10/2014 08:31 AM, Robert J. Hansen wrote:
> What Nan means to be talking about is the Dual Elliptical Curve
> Deterministic Random Bit Generator (Dual_EC_DRBG) specification -- a way
> of generating random numbers, but *not* a signature algorithm. It was
> released in 2004 to a great yawn:
On 11/13/2014 07:01 AM, Werner Koch wrote:
> gpg: Make the use of "--verify FILE" for detached sigs harder.
thanks for doing this, Werner.
> Now waiting which tools or scripts will break. I checked a few
> (including dpkg) and they do the Right Thing.
i'm glad to hear this.
> Shall this be
Hi David--
You sound frustrated. hopefully we can help you figure things out.
Some of the details of what's happened on your machine(s) sound unclear
to me, and we'll be able to help you better with more precise information.
On 11/13/2014 04:31 PM, da...@gbenet.com wrote:
> Even when I use a ba
On 11/17/2014 05:44 AM, Allan McRae wrote:
> I have a GPG keychain for the root user which is used to validate all
> files in my package management system. To add a key into this key
> chain, I have been running:
>
> sudo gpg --homedir /etc/pacman.d/gnupg/ --recv-keys EAE999BD
>
> With the 2.1 r
On 11/21/2014 04:58 PM, grantksupp...@operamail.com wrote:
> The obvious difference in usage ...
>
> One says the usage is
>
> throw-keyids
>
> the other says usage is
>
> throw-keyid
>
> neither one mentions the others' usage
As long as the prefix substring is unique, gpg will accept a
On 11/25/2014 03:42 AM, Bernhard Reiter wrote:
> On Monday 24 November 2014 at 10:25:43, Bjarni Runar Einarsson wrote:
>> It is tempting to blame the Python libraries, but the fact
>> is that they do generate valid MIME - after swearing at Python for
>> months, it dawned on me that it's probably
On 11/26/2014 02:19 AM, gnupgp...@on.yourweb.de wrote:
> Older versions of Debian (< sarge) don't support SHA512, AFAIK.
If anyone is running debian sarge (or even lenny, which came after
sarge), they have other problems. Those versions of the debian
operating system have not been maintained for
On 11/26/2014 10:59 AM, Anish Athalye wrote:
> What is the right place to send patches for and discuss security issues in
> gpg? The gpg-devel mailing list? Or directly to some particular person?
patches should go to gnupg-de...@gnupg.org, or to a bug report if you
file one here:
https://bugs.g
On 11/28/2014 03:33 PM, Steven M. Sawczyn wrote:
> Hello everyone, I have a rather strange problem on which I could use some
> advice. I am starting to use GnuPG again after a number of years and to
> that end, have resurrected my original key generated with PGP back in 1998.
> For the most part t
On 12/01/2014 04:53 AM, gnupgpack wrote:
>> 6.5.8 is about sixteen years old now and has many known security
>> problems. Please stop using it.
> (Yes, intended only for testing...)
You are testing a modern tool that aims to be standards-compliant
against an unmaintained, known-broken program th
On 12/03/2014 07:27 PM, MFPA wrote:
> Is there a way to get GnuPG 1.4 to use one gpg.conf file and GnuPG 2.1
> to use a different gpg.conf file? (Other than state it on the command
> line every time.) Under Windows XP, in case it matters.
gpg 2.1.0 will look for the following files in $GNUPGHOME
On 12/08/2014 11:05 AM, Salih Kardan wrote:
> I am just trying to convert gpg key to ssh key to be able use it in
> authorized_keys file and I am using *`gpgkey2ssh $key_id` *command.
> However this command does not work properly and gives this error :
> gpg: error reading key: public key not fo
On 12/10/2014 11:41 AM, Werner Koch wrote:
> However, there are still open bugs and new bugs are also detected every
> few days. I think it is better to do a 2.1.1 now instead of trying to
> get all new bugs fixed - it would delay things into the next year.
>
> I plan to look into the learn card
On 12/10/2014 12:02 PM, Samir Nassar wrote:
> It is my understanding that 2.1.0 has a problem with hkps keyservers (such as
> the hkps SKS pool) and that this is only fixed in the betas for 2.1.1. If
> this
> understanding is correct and 2.1.1 fixes the hkps issues, I'd vote to release
> 2.1.1
On 12/10/2014 12:26 PM, Samir Nassar wrote:
> On Wednesday, 2014-12-10 12:10:28 Daniel Kahn Gillmor wrote:
>>> Can you provide more detail (or a link to a bug report) about the
>>> problem with hkps in 2.1.0 ?
>
> On upgrade to 2.1.0 looking up keys from a keyserver s
On 12/13/2014 09:52 AM, MFPA wrote:
> Can anybody confirm they also get this?
> The signature notation generated is:-
>
> issuer-...@notations.openpgp.fifthhorseman.net=
>
> whereas it should be (for example):-
>
> issuer-...@notations.openpgp.fifthhorsema
On 12/18/2014 10:24 AM, Robert J. Hansen wrote:
>> My current key is 2048 bits in length and I would like to have
>> something that is closer to 8192 bits in length. Is there a way that
>> I can accomplish this...
>
> Definitely not from GnuPG, and probably not from without it, either.
There are
On 12/18/2014 05:14 AM, Joshua Rogers wrote:
> I'm trying to build the latest version of gnupgp from the git repo, but
> I'm encountering a problem while compiling it.
I think you mean gnupg, not gnupgp :)
> libcommon.a(libcommon_a-logging.o): In function `set_file_fd':
> gnupg/common/logging.c:
On 12/19/2014 01:35 AM, Joshua Rogers wrote:
> On 19/12/14 09:20, Daniel Kahn Gillmor wrote:
>> You don't mention what platform you're on, but given your recent reports
>> in the debian BTS, i think you're using debian. The package you're
>> probably loo
On 12/27/2014 02:41 PM, Doug Barton wrote:
> On 12/27/14 9:36 AM, Sandeep Murthy wrote:
> | I have four keypairs associated with my main email, two of which
> | are revoked and one expired. But if I try to edit the main key
> | associated with email by
> |
> | $ gpg --edit-key
> |
> | then it invo
On Wed 2015-01-14 08:22:45 -0500, Sandeep Murthy wrote:
> Exit codes in shells indicate problems relating to completion or disruption
> of the child process invoked by a parent process.
>
> They will not record unsuccessful events inside the child process
> related to program functions, i.e. if you
On Thu 2015-01-15 05:42:20 -0500, georgeorwellhardwi...@riseup.net wrote:
> Every time I use GPA in ubuntu it says, when I start GPA: "GnuPG is
> rebuilding the trust database.
> This might take a few seconds." And I can wait for hours, while nothing
> happens.
I'm not seeing this with debian u
On Mon 2015-01-12 10:13:48 -0500, s7r wrote:
> Is it possible to have one masterkey with two subkeys (sbind), one for
> encrypt only and one for sign only, and each of them to have different
> passphrases?
Yes, it is possible. with gpg 2.1, you can create new subkeys and give
each of them a diffe
On Fri 2015-01-09 15:24:39 -0500, Rob Fries wrote:
> Basically, I have stand alone system where files are automatically
> encrypted and decrypted for processing. This is currently setup using
> quintuple-agent, but we want to use something which is maintained. I
> am looking to use gpg-agent to s
On Sun 2015-01-04 08:28:13 -0500, Rajagopal Aravindan wrote:
> I was successfully able to compile libgpg-error-1.17 for my ARM with the
> attached file.
> The attached file was generated by following the instructions in the
> README, which also suggested sharing it back with the group and hence th
On Wed 2015-01-21 05:58:40 -0500, s7r wrote:
> Understood. I guess this has to be done via console commands, since
> the pour enigmail thundebird addon has very limited options when
> creating/editing a GPG key.
yes, what you're trying to do is rather unusual; enigmail intends to
deliver a smooth
On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think
On Thu 2015-01-22 13:44:12 -0500, Robert J. Hansen wrote:
>> To prevent such an attack, I imagine a device where I have to
>> confirm every transaction with a simple push on a hardware button.
[...]
>
> Once you lose control of the hardware, you're done.
The attack you describe is significantly m
On Thu 2015-01-22 16:28:06 -0500, NdK wrote:
> I proposed to add a button to FST-01 ages ago (IIRC it still was just a
> project on Seeedstudio...), as "user presence test", and am having a
> look at implementing it. But I received the programmer too late and now
> I have a more demanding (and real
On Thu 2015-01-22 22:25:46 -0500, Faramir wrote:
> Well, some months ago I wanted to take a look at existing
> smartcards and/or readers that hopefully support both OpenPGP and x503
> certificates, but my Google-Fo failed me, I couldn't figure out where
> to buy something that works on Windo
On Mon 2015-02-09 12:54:33 -0500, Hugo Osvaldo Barrera wrote:
> Out of curiosity: is the revocation reason even saved? Would it be possible
> for
> gpg to actually use it in future?
Yes, the revocation reason *is* stored in the revocation signature, in
the "reason for revocation" subpacket:
h
On Tue 2015-02-10 08:37:38 -0500, Hugo Osvaldo Barrera wrote:
> Also, I see no reason why I should not be able to assign a trust to a revoked
> key - I might trust it even if the author revoked it as superseded:
>
>
> $ gpg --edit 1BFBED44
> [... info on revoked key ...]
> gpg> lsign
> Key
On Tue 2015-02-10 14:09:59 -0500, Philip Jackson wrote:
> I've been a linux user for less than a year and the only
> configure/make/install
> I've done is for 2.0.26 and its dependencies (when I couldn't get the distro
> supplied package 2.0.22 to work).
>
> Now when I look at the dependencies for
On Tue 2015-02-10 13:20:03 -0500, Hauke Laging wrote:
>> your certifications (whether local or exportable) themselves have a
>> timestamp in them. It would be silly to certify a key and its user ID
>> after it was revoked by the owner; you'd be claiming "i believe that
>> right now this is the cor
On Wed 2015-02-11 00:41:18 -0500, Xavier Maillard wrote:
> May I ask how one would sign public keys when a "master key" is
> stored onto an USB stick ?
>
> I followed instructions from [1]. Now I am in the process of
> announcing my key transition to all old signers *but*, as a last
> test, I just
On Wed 2015-02-11 14:02:49 -0500, Philip Jackson wrote:
> On 11/02/15 14:59, Brian Minton wrote:
>> In Debian, the experimental repo has gpg 2.1 with all dependencies. Follow
>> the
>> instructions at https://wiki.debian.org/DebianExperimental
>
> Thank you for that suggestion, Brian. I looked in
On Tue 2015-02-10 18:24:19 -0500, Daniel Kahn Gillmor wrote:
> It sounds to me like you're asking for the standard to separate out
> "signature creation time" from "signature validity start time".
>
> This is an interesting proposal, and i can see why it would
On Thu 2015-02-12 18:14:14 -0500, Robert J. Hansen wrote:
>> in my quest of the perfect setup, I am asking myself what is the
>> prefered way to sign a message: inline (like this one) or using a
>> MIME header ?
>>
>> Is there a big thumb rule to respect ?
>
> https://www.gnupg.org/faq/gnupg-faq.
On Fri 2015-02-13 07:38:09 -0500, MFPA wrote:
> Thanks for the correction. I was confusing secret and public keyring
> files.
I don't think gpg 2.1 will use any pubring.gpg if pubring.kbx exists,
though.
gpg2 --list-keys for me looks at /home/dkg/.gnupg/pubring.kbx even
though /home/dkg/.gnupg/pu
On Wed 2015-02-11 16:35:27 -0500, Philip Jackson wrote:
> If I do gpg2 --version, it comes back clearly with 2.0.26. and enigmail
> clearly
> indicates that it has found the gpg2 that I built.
>
> So, moving on, if I do :
>
> apt-get -t experimental install gnupg2
>
> will I get 2.1.1 installed t
On Wed 2015-02-11 17:31:42 -0500, Xavier Maillard wrote:
> Daniel Kahn Gillmor writes:
>
>> The fact that you're using a FAT volume is the root cause here; FAT
>> filesystems do not have ownership or permissions, so when a modern OS
>> mounts them, it has to fak
On Thu 2014-12-04 03:23:52 -0500, Werner Koch wrote:
> On Tue, 11 Nov 2014 18:35, m...@monaco.cx said:
>> Does anyone have gpg-agent forwarding working with SSH's recent generic
>> socket
>> forwarding? Does it still require socat on one end, because I've only been
>> able
>> to specify a socket
On Fri 2015-02-13 19:54:44 -0500,
bm-2ctjsegdfzqngqwuqjswro6jrwlc9b3...@bitmessage.ch wrote:
> When generating a uid for a key using gpg2 (2.0.25), and attempting to
> input an email address containing a tilde (~), I receive an invalid
> email error. There seems to be no way I can find to bypass t
On Wed 2015-02-11 14:40:39 -0500, Werner Koch wrote:
> The GnuPG Project is pleased to announce the availability of the
> third release of GnuPG modern: Version 2.1.2.
Thank you, Werner! 2.1.2 is now in debian experimental, where it builds
cleanly on all architectures:
https://buildd.debian.or
On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote:
> FWIW, I hate this debate, and try hard to stay out of it. But it really
> bothers me when people spread factually incorrect information,
> especially when they try to use that as the basis of their arguments
> for/against one method or the o
On Sat 2015-02-14 08:28:19 -0500, Werner Koch wrote:
> On Fri, 13 Feb 2015 23:23, d...@fifthhorseman.net said:
>
>> Encouraging this kind of use seems risky. I certainly wouldn't want to
>> do it without being able to have gpg-agent prompt me on my local machine
>> for each use of the key. Its cu
On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
> Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
>
>> The traditional argument against this sort of feature is that someone
>> with control over your local socket would most likely have control over
>> your graphical en
On Mon 2015-02-16 02:50:15 -0500, Doug Barton wrote:
> On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:
>> In situations where you want to make sure that you know (and approve of)
>> the use of the agent by the remote machine, you'd like a prompt to
>> appear w
On Mon 2015-02-16 05:12:08 -0500, Werner Koch wrote:
> On Mon, 16 Feb 2015 06:08, d...@fifthhorseman.net said:
>
>> My suggestion is to do prompting, but not to require the full passphrase
>> for each use.
>
> Okay, that is then similar to the "confirm" flag for the sshcontrol.
yes, exactly.
On Tue 2015-02-17 13:48:26 -0500, Thomas White wrote:
> I have a private key I am trying to recover the passphrase hash from
> to try and then use in conjunction with another tool (hashcat?) to
> recover the passphrase on a GPU cluster I have.
>
> How would one go about extracting the passphrase ha
On 05/24/2009 02:15 AM, Robert J. Hansen wrote:
> It depends on what sort of threat you're facing. In this case, the MD5
> attack is predicated on the victim signing documents they did not
> originate. This is often considered bad policy, since it tends to
> facilitate attacks like this. This us
On 06/01/2009 05:38 PM, jnhemley wrote:
> I'm trying to run gpg in a php script under Windows using Apache. It works
> fine using a batch file but using the same code using exec calls fails. Any
> suggestions ?
This sounds more like a question for php folks than gpg folks to me. I
recommend you t
On 06/02/2009 10:14 AM, Vincent Panel wrote:
> I just wondered if it was possible to postpone the expiration date
> after it has been set and/or after the deadline has been reached.
yes, this is possible. Assming you're talking about 56B55C11, it looks
like you've successfully done so.
> I've tr
On 06/02/2009 08:55 AM, Jean-David Beyer wrote:
> obert J. Hansen wrote:
>
> | you're left hand-hacking Assembly
> | instructions for a low transistor count CPU you've personally
> | lithographed yourself from your own personal design.
>
> We get into the very problem Rene Descartes was stuck in
On 06/02/2009 07:02 PM, Robert J. Hansen wrote:
> my "philosophical
> digression" is what lies at the bottom of that rabbit-hole.
I understand (and i very much appreciate the warning), but sometimes
it's useful to go a little way into the rabbit hole instead of all the
way to the bottom, no? oth
On 06/05/2009 02:33 PM, Robert J. Hansen wrote:
> Active MitM is pretty much the military incendiary bomb in the living
> room. A competent attacker who is controlling your network traffic and
> wishes to subvert your system has so many ways to do it that you stand
> effectively no chance of preve
On 06/07/2009 06:33 PM, simplejack wrote:
> Is sourceforge (or any of the other repositories for open source software)
> actually doing a compile and compare of uploaded source code to ensure that
> uploaded binaries are legitimate?
>
> I know, I know: I'm lazy. Why should the processing burden be
On 06/16/2009 06:44 AM, Brian Mearns wrote:
> Are there any known vulnerabilities associated with an attacker who
> can provide plaintext and receive a signature for it? I'm planning a
> simple computer-auth system where a client sends a random token to the
> server, and then the server signs and r
On 06/18/2009 08:41 PM, Harry wrote:
> $echo abcd | gpg -u b...@xyz.com --output message.pgp -r al...@123.com -se
> --passphrase-fd 0 << EOF
> 123456
>
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.
On 06/23/2009 12:45 PM, franv wrote:
> I was wondering if it is possible to limit key propagation, that is the
> number
> of times a key can be exported and reimported.
A key is a piece of digital information; as such, it can be transferred
without loss an arbitrary number of times, and there's
On 06/23/2009 10:53 PM, David Shaw wrote:
> Unfortunately, local signatures do not work that way. Each
> implementation strips local signatures both on export and on import
> (just in case someone leaked one on export). They just don't have
> anything to do with exporting keys.
Right, but a key
On 06/24/2009 11:06 AM, Brian Mearns wrote:
> GPGME just invokes gnupg in a subshell, right? And parses the
> response? Not that this won't work, it just seems so inelegant.
Communicating a well-defined syntax across a process boundary doesn't
need to be inelegant. There are many good implementat
On 06/25/2009 06:30 AM, Alexander Delau wrote:
> I'm a beginner in encrypting E-Mails. It would bei nice if you could help me
> in my question:
>
> I want to use GnuPG with a masterkey (to sign) and a subkey (to encrypt) on
> Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
>
> Now I'm not sure
On 06/28/2009 04:44 PM, Jean-David Beyer wrote:
> If I add a subkey to my key (e.g., because the previous one expired), do I
> have to generate a new revocation certificate, or is the old one still
> good?
I'm assuming you're asking about the revocation certificate for your
your entire GnuPG-gener
Hi Debbie--
On 06/29/2009 09:12 AM, deborah.mitch...@uticanational.com wrote:
> We have imported a public key from a business partner but when trying to
> use it to encrypt a file we receive an error, "unusable public key"
>
> When I list the keys I see the pub and uid but no sub for this key.
On 06/29/2009 07:27 PM, reynt0 wrote:
> I guess WK's comment is about complete strangers sending you
> email?
I think that wasn't his point. I think Werner's point was that when
people send encrypted mail, they use a mail user agent (e.g. thunderbird
with enigmail, outlook with the gpg plugin, cl
On 07/02/2009 08:36 AM, Matt Gantner wrote:
> I am still curious however and wonder if anyone has a theory why these
> public keys change depending on the key server?
What you're referring to as a "public key" is actually a compound
certificate which contains a public key and (potentially many)
as
On 07/03/2009 12:04 AM, Chris wrote:
> When trying to verify an rpm that I built and signed I get:
>
> [ch...@localhost ~]$ gpg
> --check-sig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm
> gpg: using PGP trust model
> gpg: key 98E6705C: accepted as trusted key
> gpg: error reading key:
On 07/07/2009 01:49 PM, Charly Avital wrote:
> On Jul 7, 2009, at 12:03 PM, David Shaw wrote:
>> You are using SHA-256. Try SHA-224.
> Here you go.
I think the difference here is that the OP is using PGP/MIME (hence the
reference to RFC 3156), whereas Charly is using inline PGP.
Charly, can you
On 07/10/2009 12:41 PM, Ingo Krabbe wrote:
> Of course I read that (multiple times to find the hidden secret), but that
> doesn't answers the question, as I want to use my GnuPG Identity for the SSH
> Identity.
If you have an authentication-capable subkey on your OpenPGP key, you
might be interest
On 07/10/2009 08:22 PM, Ingo Krabbe wrote:
> [from monkeyspere documentation]
> Then hand off the authentication subkey to the agent (Note: the GnuTLS library
> supports this operation as of version 2.6, but earlier versions do not):
>
> $ monkeysphere subkey-to-ssh-agent
> [eof monkeyspere docume
On 07/17/2009 08:40 PM, Alex Mauer wrote:
> Daniel Kahn Gillmor wrote:
>
>> If you have an authentication-capable subkey on your OpenPGP key, you
>> might be interested in monkeysphere (http://web.monkeysphere.info/),
>> which has some tools for importing authentica
On 07/22/2009 03:59 PM, James P. Howard, II wrote:
> I have created a 2048-bit RSA subkey that is authentication only. I'd
> like to use this with SSH. A bit of Googling suggests this cannot be
> used directly unless it is on a smart card, but it isn't clear. Have I
> correctly interpreted this?
On 07/24/2009 04:37 PM, Erik Lotspeich wrote:
> Public key servers do not seem to scrub or clean public keys. Is it a
> reasonable thing to delete the public key and re-add it? This doesn't
> seem to be something that most public keyservers allow or recommend. Or
> is it normal for bad signature
Hi Ingo--
This is a well-thought-out response, but there are some nagging,
nit-picky details that i'm not sure are what you meant:
On 07/27/2009 06:33 AM, Ingo Krabbe wrote:
> 3. GnuPG is a distributed system in contrast to SSL Ciphers, that are
> assymmetric as well but need a centralized keyser
On 07/27/2009 09:41 AM, Ingo Krabbe wrote:
> I mean if you encrypt a file f.txt to f.txt.gpg with 10 recipients, you will
> have a f.txt.gpg that contains f.txt 10 times encrypted in 10 different ways.
> Maybe I'm wrong about this point, but I can't think about an encryption
> strategy
> with mixe
On 07/30/2009 07:06 PM, Robert J. Hansen wrote:
> No; only people using OpenPGP applications that don't support RSA will
> have problems. This is potentially quite a lot of people. The last
> time I tallied it up there were at least ten different OpenPGP
> implementations, and some of them only s
Hi Alain--
On 07/29/2009 05:27 AM, Alain Williams wrote:
> I have been generating GPG keys, when it does it GPG prints out strings of
> '+.-<>' (see below).
>
> What are these characters, I can see that it is trying to show progress, but
> what do
> the different characters mean ?
[...]
> I di
On 07/31/2009 04:15 PM, FiloSottile wrote:
> I have this situation
>
> pub 1024D/01A82A13 created: 2008-09-21 expires: mai utilizzo: SCA
> sub* 2048g/E159FB03 created: 2008-09-21 expires: mai utilizzo: E
>
> i have the secret key 01A82A13, but not E159FB03
> what should i do? (replace subkey with
On 08/11/2009 01:48 PM, David Shaw wrote:
> http://www.entropykey.co.uk/
>
> (Reasonably on-topic as the device would work with GnuPG (at least on
> Linux), as it seems to feed /dev/random)
Bdale Garbee reports a prototype of that key working quite well with debian:
http://www.gag.com/bdale/blo
On 08/13/2009 08:40 AM, the dragon wrote:
> And if you look at the cases reported, these are not system admins refusing
> to divulge data, or even regular people trying to protect their privacy -
> they are child molestors and wanna-be terrorists.
Some of them may molest children and some may wa
301 - 400 of 930 matches
Mail list logo
