On 06/13/2011 01:05 PM, Jerome Baum wrote:
> Of course, you could solve this problem by signing with a sub-key,
> which isn't meant to certify other keys. I do wonder how e.g. PGP
> would react on seeing a key certification from a sub-key.
it should depend on whether the key usage flags for the su
On 06/15/2011 04:56 AM, Hauke Laging wrote:
> Am Mittwoch, 15. Juni 2011, 03:16:16 schrieb Jerome Baum:
>> We just need to agree on
>> a name, maybe Werner can confirm we are free to use
>> "timestamp-o...@gnupg.org"? What would the value mean?
>
> Shall I repeat the proposal, or is that a questi
On 06/15/2011 03:10 PM, David Shaw wrote:
> That said I'd probably suggest notations for this, even though 0x40 exists in
> the standard. 0x40 signatures are a bit of a leftover tail in the standard,
> and are not well specified (0x40 sigclass - is it a binary signature? a text
> signature?).
On 06/15/2011 05:19 PM, David Shaw wrote:
> I'm not sure I agree with that. Essentially, this notation is a way for a
> user to say "This is what I mean by this signature". Meaning and intent is
> difficult for GnuPG to divine :)
If we're going with the semantics of 0x40 (but without the text/
On 06/16/2011 09:31 AM, David Shaw wrote:
> Line 9 is just a key count. You have 17 valid keys. All of them ("u") are
> ultimately trusted, which suggests that you have 17 keys that you have
> generated as ultimate trust is generally used for people's own keys. (If you
> can't trust yourself,
On 06/16/2011 12:55 PM, Jerome Baum wrote:
> Probably not. Everyone seems to agree that timestamps in a normal
> signature are somewhat meaningless and only serve as an indicator. If
> you want a reliable timestamp, why not make a timestamp signature?
I don't think this is the general consensus.
On 06/16/2011 02:27 PM, Jerome Baum wrote:
> this discussion is much more interesting. Let's keep the arguments
> about specification, usefulness, etc. out of this thread!
Actually, i think usefulness and specification are quite important.
Without them, this discussion is just noise to me.
> [dk
On 06/23/2011 11:11 AM, Lane Brooks wrote:
> I need to generate a 2048-bit PGP version 6.5.3 or later and of the type
> DH/DSS public key. I have read in the FAQ how to edit the key to be
> compatible with PGP, but I cannot find how to generate a DH type key.
> The gnupg on Fedora 15 has the follow
On 07/06/2011 01:28 PM, Marcio B. Jr. wrote:
> resuming this thread because I'm studying encryption options for KDE's
> Kopete IM client.
Hmm, i'm not sure this is the best place for this discussion, so i've
marked the subject line OT for "off-topic" -- if you think there might
be a better discuss
On 07/08/2011 12:31 PM, David Shaw wrote:
> Yes. Note that the list-packets output shows the internal packed value:
> 6553600 should come out to 201. The default of 65536 would encode to 96.
>
> You might file an enhancement bug to print the decoded value in
> --list-packets. We already print
On 07/11/2011 04:59 PM, David Shaw wrote:
> On Jul 11, 2011, at 3:26 PM, Aaron Toponce wrote:
>
>> When encrypting a plaintext source, is there a way to predict the size of
>> the ciphertext output? I'm sure this depends on the cipher used, as well if
>> compression or hashing algos are used.
>
>
On 07/14/2011 12:14 AM, David Shaw wrote:
> On Jul 13, 2011, at 10:07 PM, Aaron Kaufman wrote:
>
>> This is my first post to this list so please excuse me if i violate any
>> etiquette. I am having a really hard time finding any *current* info on
>> key signing parties. I was wondering if someone
On 07/23/2011 07:04 PM, Marcio B. Jr. wrote:
> On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen wrote:
>>> So far, OTR adoption seems unjustifiable, really. I mean, it uses the
>>> Diffie-Hellman key exchange method with block ciphers.
>>
>> Why is this a problem?
>
> You know, secrets are shared
On 08/24/2011 09:40 PM, David Manouchehri wrote:
> I personally try to update my keyring every few weeks.
This sort of situation is one which a better toolset could automate.
If you have suggestions about how/when gpg could automatically refresh
keys, you might consider adding them to this
On 08/25/2011 09:00 AM, Robert J. Hansen wrote:
> On 8/25/11 8:27 AM, Daniel Kahn Gillmor wrote:
>> This sort of situation is one which a better toolset could automate.
>
> It would seem the proper place for this is to leverage existing system
> automation tools, not inven
On 08/25/2011 10:04 AM, Robert J. Hansen wrote:
> Now, maybe you have thousands of keys on your keyring and it takes a
> ridiculous amount of time, but I suspect you're a bit of an outlier.
Yes, it's true, and yes, i'm an outlier. At the moment.
> The problem for any system of automated certifi
On 08/25/2011 12:50 PM, Aaron Toponce wrote:
> According to the gnupg(1) manpage, I see "--multifile" for encryption,
> decryption and verification. Is it possible to use this to sign multiple
> keys simultaneously? I don't have any keys to sign, or I would give this
> a try (I guess I could manual
On 09/06/2011 09:13 PM, Tiago Faria wrote:
> Hi everyone,
>
> After a few searches I decided to ask the list if they can provide some
> help on this matter.
>
> While refreshing the keys, I get the warning mentioned on the subject
> while updating my own public key.
>
> My preferences are set to
On 09/08/2011 02:54 PM, ved...@nym.hush.com wrote:
> Is there an option in gnupg like the '-m' option in pgp which
> allows the display of decrypted plaintext on the screen instead of
> saving to file,
you could try using stdin and stdout. For example:
gpg --decrypt < file.asc
(or pipe tha
On 09/08/2011 04:21 PM, ved...@nym.hush.com wrote:
> On Thu, 08 Sep 2011 15:02:32 -0400 Daniel Kahn Gillmor
> wrote:
>> On 09/08/2011 02:54 PM, ved...@nym.hush.com wrote:
>>> Is there an option in gnupg like the '-m' option in pgp which
>>> allows t
On 10/04/2011 05:11 AM, David Smith wrote:
> Possibly a bit off-topic, but...
>
> Does anyone have any experience of using an MS Exchange server, where it
> corrupts PGP-MIME emails by re-encoding the encrypted data in base64?
>
> If I'm going to complain to our local IT about it, I need some har
On 10/07/2011 12:15 PM, Melvin Carvalho wrote:
> Thanks I may try and set up a key server in that case. Tho I did read
> a report that it can be more work than anticipated.
Running a keyserver isn't terribly hard. But you'll need a chunk of
disk space (10G at least), a decent amount of RAM (1G),
On 10/07/2011 11:56 PM, Jerome Baum wrote:
> On 2011-10-07 20:55, Aaron Toponce wrote:
>> On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote:
>>> Why at all does this tool use the human readable format? I don't get
>>> it.
>>
>> Probably because the author of sig2dot(1) doesn't know bette
On 10/29/2011 08:47 AM, Peter Lebbing wrote:
> So I guess I should rephrase my comment as a request: when this behaviour is
> fixed, please fix it for mangling in general and not just this specific
> PGP/MIME
> and S/MIME case :).
Assuming that standards-based arguments carry any weight at all, y
On 10/31/2011 04:04 PM, vivarto wrote:
> Is there a command line option for displaying all recipients to whom the
> message was encrypted.
feed the message body (not decrypted) itself through gpg --list-packets.
You should see output like this:
dkg@pip:~$ gpg --list-packets 2>/dev/null < .mail/m
u have perl installed, you can use the attached script to convert
from a binary version to an ascii-armored version. Invoke it like:
openpgp-armor-convert < foo.sig > foo.asc
hth,
--dkg
#!/usr/bin/perl -wT
# Author: Daniel Kahn Gillmor
# Date: 2011-11-12
# License: GPLv3+
# C
On 11/18/2011 04:07 PM, Andreea Diana Lucau wrote:
> I need to load the public key used fir encryption from a local file. Does GPG
> or GPGme offer this possibility? I've scanned the d and didn't seen something
> similar. I have gnupgp 2.0.18 and gpgme 1.3.1.
first, do:
gpg --import < localfile
On 11/18/2011 10:07 PM, John A. Wallace wrote:
> Hello. In my web browser I am looking at the url of keys.gnupg.net,
keys.gnupg.net is a DNS round-robin which points to a number of OpenPGP
keyservers, each of which syncs with each other.
there are other DNS round-robin pools as well (one well-kn
On 12/12/2011 02:05 PM, gn...@lists.grepular.com wrote:
> If I have more than one signing subkey in my keypair, is there a way of
> advertising the purpose of each subkey with the public key that people
> download? Eg:
>
> This subkey is for signing email only
> This subkey is for signing sourceco
On 12/16/2011 10:51 AM, gn...@lists.grepular.com wrote:
> I understand that once you've uploaded something to the keyservers, it
> can't be removed. Eg, if I sign someone elses key and upload that, it
> will be attached to their key permanently?
yes, this is correct. :(
> What if someone were to
On 01/06/2012 09:30 PM, Hauke Laging wrote:
> Am Samstag, 7. Januar 2012, 01:41:48 schrieb remesh_chan...@dell.com:
>> pub 1024D/5X11 2005-08-08 ABC DEF GHI
>> sub 6000g/9993 2011-01-01
>>
>> We are used to encrypting by providing the email account reference in the
>> -recipient option. S
On 01/09/2012 01:41 PM, remesh_chan...@dell.com wrote:
> I tried all those options; it generates the below error.
>
> gpg: fatal: too many random bits requested; the limit is 4799
> secmem usage: 3008/3008 bytes in 5/5 blocks of pool 3200/16384
>
> Any clues?
What operating system are you using?
On 01/23/2012 06:23 PM, MFPA wrote:
> It sounds like you value the flavour of privacy that could be afforded
> by a scheme involving the use of hashes in UIDs to protect names and
> email addresses. Such a scheme would (for example) allow somebody with
> one of your email addresses to locate your k
Hi Vedaal--
i'm confused by your proposal. some clarifying questions follow:
On 01/25/2012 04:31 PM, ved...@nym.hush.com wrote:
> [1] The person who wants to create a new key, first generates a
> symmetrically encrypted gnupg message, and decrypts it and gets the
> session key.
This seems li
On 01/25/2012 07:52 AM, Hauke Laging wrote:
> IIRC there is no single technical issue which is regarded as a problem about
> which it is unclear whether it can be solved.
i've given a fairly detailed technical writeup of why i've stopped
pursuit of this particular goal.
> The dispute is mainly
On 01/25/2012 08:02 PM, MFPA wrote:
>> Ultimately, i don't think the tradeoffs for this scheme
>> are worthwhile for the marginal and limited gain that
>> the proposal provides.
>
> Definitely limited; I think of it as little more than a
> privacy-enhancing defence against casual snooping rather t
On 02/26/2012 03:16 PM, Mike Korizek wrote:
> If courier receives an email with plain/text and HTML parts there
> happens a re-writing of the MIME boundaries.
This sounds like a bug in the Courier MTA, according to the MIME
standards for encrypted/signed mail:
https://tools.ietf.org/html/rfc3156
On 02/29/2012 10:33 AM, Post Carter wrote:
> An individual intercepts an encrypted email. He places a plaintext addition
> within the package, in such a manner that when the originally intended
> recipient decrypts the message, the symmetric session key also "decrypts" the
> addition
> But si
On 03/01/2012 07:44 PM, Post Carter wrote:
> If Tom McCune simplified explanation isn't detailed enough, check out Bruce
> Schneier's original paper describing the attack:
> http://www.schneier.com/paper-pgp.html
>
> The idea is that the decrypted "gibberish" is the encrypted form of the
> plaint
On 03/05/2012 12:12 PM, auto15963...@hushmail.com wrote:
> I am 99.9% sure no one has gotten access to my machine or my keys.
> If they had, I have to believe that there would have been more
> damage done than this, and that does not appear to have happened. I
> mention the details, which may se
On 03/05/2012 04:36 PM, Ingo Klöcker wrote:
> 4. He has left his laptop unlocked and unattended for a very short
> period of time and he is using gpg-agent with a cache-ttl > 0.
>
> I have verified that one can generate a revocation certificate without
> entering a passphrase if one has previou
On 03/06/2012 01:36 PM, auto15963...@hushmail.com wrote:
> Looking at this instruction, I think you assume that I have
> imported the revoked key onto my keyring. I have not done so. On
> my keyring is the valid key, which is not revoked. The revoked key
> appears to be on a keyserver. When I
On 03/07/2012 04:15 AM, kwadronaut wrote:
> I noticed that some tools (i.e. Enigmail) don't give you the option to
> specify a revocation reason. I haven't uploaded my revoked key as of yet,
> so how should I edit it to specify a reason?
If your frontend doesn't give you a feature you want, you
On 03/07/2012 03:31 PM, Ingo Klöcker wrote:
> Hmm. I guess you are right. Just a minor remark: To my knowledge it is
> not possible to get the passphrase out of gpg-agent. The whole point of
> gpg-agent is that it encapsulates all operations involving the secret
> key and the passphrase in order
On 03/17/2012 04:29 AM, John A. Wallace wrote:
Hello. Is this list available from gmane or some similar way that allows it to
be read from a newsreader? Thanks.
From http://gmane.org, i searched for "gnupg-users", which yields one
search result:
http://gmane.org/find.php?list=gnupg-users
On 03/18/2012 04:13 AM, freej...@is-not-my.name wrote:
My question is on a situation I didn't add the comment by mistake when I
created the key and now I'd like to be able to add a comment. The key isn't
signed etc. Thanks.
I suggest that you probably actually don't want the comment at all. Th
On 03/24/2012 12:07 PM, Peter Chen wrote:
I am making development on an encryption tool based on the GPGME library.
As the gpgme manual describes, it uses GnuPG as one of its backends.
Then my question arises, if I want to encrypt/sign some messages with
OpenGPG protocol through GPGME , do I have
so that it flows
around the message:
0 dkg@pip:~$ gpg --status-fd 1 -d x.2
gpg: Signature made Sun 25 Mar 2012 09:01:48 AM EDT
gpg:using RSA key 0xCCD2ED94D21739E9
gpg: please do a --check-trustdb
gpg: Good signature from "Daniel Kahn Gillmor "
gpg: aka
On 04/05/2012 03:09 PM, John Gill wrote:
> Please point me to a detailed explanation for the output of list-packets.
> I have googled and read manuals, etc. but just can't seem to locate the
> knowledge.
the output of "gpg --list-packets" tends to make a lot of implicit
references to the tables an
Hi folks--
The GNUPG FAQ references --list-ownertrust here:
http://www.gnupg.org/faq/GnuPG-FAQ.html#how-does-the-whole-trust-thing-work
but that option appears to be deprecated:
0 dkg@pip:~$ gpg --list-ownertrust | head -n2
gpg: WARNING: "--list-ownertrust" is a deprecated option
gpg: please us
Hi folks--
I'm having trouble setting up non-interactive expiration updates of a
key with a passphrase. I think i should use the --batch argument
because i want to ensure that gpg doesn't try to hang waiting on user
interaction, but when i use the --batch argument, the update isn't
saved.
let's
On 05/07/2012 04:26 AM, Werner Koch wrote:
> On Sat, 5 May 2012 00:38, d...@fifthhorseman.net said:
>
>> Any ideas what's going on here? Am i wrong to try to use --batch in
>> this instance?
>
> It would be useful to add --status-fd 2, so that you can see what gpg
> actually expects as user/bat
Hi GnuPG folks--
I'm experimenting with gpgsm. I'm using pinentry-gtk, and all packages
are from debian testing or unstable.
I'm running "gpgsm --armor --export-secret-key $KEYID > key.pkcs12".
I find that after each passphrase entry, i get the following warning on
stderr:
gpgsm: (pinentry:246
On 05/25/2012 09:39 AM, DUELL, BOB wrote:
> 1. Attempting to decrypt a file that was sent to me by someone else,
> I get this message:
>
> gpg: decryption failed: secret key not available
>
> Could that mean the file was not encrypted with my public key?
yes, that is one plausible
On 05/29/2012 11:35 AM, Werner Koch wrote:
> Use
>
>gpg --keyid-format long --decrypt sensitive_file.gpg
>
> to see the non-abbreviated key ID as stored in the file. Use this to
> find the key on a server, etc.
i've seen a lot of these mistakes where people seem to think that 32-bit
keyids
On 05/29/2012 02:18 PM, David Shaw wrote:
> The reason I bring it up is that using the v3 key attack, 64-bit key IDs have
> no particular benefit over 32-bit IDs for intentional collisions (i.e. an
> attacker generating a key with the same key ID as the victim in order to
> confuse matters and/o
On 06/21/2012 12:52 AM, Robert J. Hansen wrote:
> Please don't do this. It's error-prone. Those are machine-readable
> numbers, not human-readable ones. Use the human-readable ones: for
> instance,
>
> default-preference-list TWOFISH 3DES SHA256 SHA224 RIPEMD160
completely agreed.
> Also, def
On 06/21/2012 01:21 PM, ved...@nym.hush.com wrote:
> vedaal at nym.hush.com vedaal at nym.hush.com wrote on
> Thu Jun 21 19:05:06 CEST 2012 :
>
>> Will GnuPG 2.x then allow importation of v3 keys?
>> (main reason I still prefer 1.4.x over 2.x)
>
> Sorry,
> my mistake, gnupg 2.x does import v3 ke
On 06/27/2012 09:11 AM, Robert J. Hansen wrote:
> On 6/26/2012 3:22 AM, Werner Koch wrote:
>> This is very different in OpenPGP. SHA-1 is not used everywhere; its
>> main use is for the fingerprint, this will eventually be a problem.
>
> I am not so sanguine. Marc Stevens claims [1] he has a wor
On 07/10/2012 06:15 PM, Robert J. Hansen wrote:
> Right now, only random collisions can be generated. That's not any use
> in forging a signature, which requires a preimage collision.
If the attacker can convince you to sign a chosen text (perhaps one that
looks reasonable), then a failure in the
On 07/12/2012 08:16 AM, Werner Koch wrote:
> On Wed, 11 Jul 2012 22:55, nicholas.c...@gmail.com said:
>
>> But one thing that might be helpful to explain is this: what needs to
>> be in the V5 key format aside from the change in fingerprint hash?
>> Aside from that issue, the V4 key format seems t
On 07/24/2012 09:58 AM, ved...@nym.hush.com wrote:
> Recently added a uid and deleted a uid to one of my keys.
>
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
>
> (Doesn't really matter much, since the secret key is required for
> both,
> but was
Hi folks--
i'm seeing some strange behavior with the keyservers on GNU/Linux
systems that don't have a UTF-8 locale, or when LANG is set to something
non-UTF8:
0 dkg@pip:~$ LANG=C gpg --keyserver keys.mayfirst.org --search '=Andrew Lee (李
健秋) '
gpg: searching for "=Andrew Lee (æå¥ç§) " from hkp
On 07/25/2012 07:49 AM, Marco Steinacher wrote:
> I think 'monkeysphere subkey-to-ssh-agent' will do the same with GnuPG
> versions before 2.1. See
> http://lists.gnupg.org/pipermail/gnupg-users/2009-July/036946.html
yes, this is correct.
> It will extract the keygrip of your authentication subke
On 07/27/2012 07:46 AM, Sven Ulland wrote:
> Is there such a thing as a multi-user, hierarchical, arbiter-less,
> pki-based
> password manager? I'm thinking specifically for use in a system
> administration
> context where you have multiple sub groups and cross-group roles that have
> access to dif
On 08/05/2012 04:38 AM, zhong ming wu wrote:
> Let's say I give the output of the above command and give to the end
> user and let's say I sign a file with this subkey
i note that your subkey should have the "signing" usage flag set. That
is, it should show up under gpg --edit-key with "usage: S"
On 08/17/2012 11:16 AM, Hauke Laging wrote:
> Am Fr 17.08.2012, 09:56:56 schrieb auto15963931:
>> or what key ID
>> had been used in conjunction with that option? Thanks.
>
> You need the private recipient key in order to find out that key ID. It's the
> use of this option that you cannot get thi
On 10/06/2012 09:53 AM, Melvin Carvalho wrote:
> Is it possible to construct a GPG 'Certificate' from an existing RSA key
> pair?
>
> I've got some 2048 RSA keys I'd like to reuse, is there any way I can use
> them to make everything I need for GPG?
from the monkeysphere package, you might want t
On 11/04/2012 10:46 PM, Casey Marshall wrote:
> I’d like to share Hockeypuck, an OpenPGP Keyserver I’ve developed in
> Go (http://golang.org).
Cool, i'm glad to hear of it. Does this sync with any of the existing
SKS network? I saw no mention of peer synchronization in the README or
the project
Hi Roberto!
On 12/20/2012 02:32 PM, Roberto wrote:
> I made and script in PHP to encrypt information with GPG. It works fine
> until I move it from a Plesk server to a cPanel server. I adjusted
> paths, permissions and users but I get this errors:
is your web server user running as the same user
On 12/23/2012 01:23 PM, Hauke Laging wrote:
> Am So 23.12.2012, 12:01:25 schrieb Nicholas Cole:
>
>> Is there a protocol documented anywhere for using PGP Keys for client-server
>> authentications?
>
> SSH? :-)
the ssh specification declares the use pgp-style certificates:
https://tools.ietf
On 12/23/2012 04:42 PM, Hauke Laging wrote:
> Am So 23.12.2012, 16:31:01 schrieb Daniel Kahn Gillmor:
>
>> the ssh specification declares the use pgp-style certificates:
>>
>> https://tools.ietf.org/html/rfc4253#section-6.6
>>
>> but does little to indicat
On 12/26/2012 01:23 PM, Werner Koch wrote:
> BTW, we have patches for Mailman to fix the problem in most cases but
> they never made it to upstream.
This isn't the case, as far as i can tell. Recent versions of mailman
all play fine with PGP/MIME. See, for example:
https://bugs.launchpad.net/m
On 01/01/2013 05:39 PM, Jeff Hanson wrote:
> Is there a way to obtain the signature ID from a detached sig file without
> the signed file? I haven't been able to get anything out of gpg without
> both files present.
If you're talking about the "SIG_ID", then i don't think that's
possible. Accord
On 01/02/2013 04:55 AM, Patrick Brunschwig wrote:
> On 01.01.13 19:57, Sini Ruohomaa wrote:
>> 1) The request popup to unlock my key blocks my _entire X session_,
>> also when TB is minimized, which I think seems needlessly rude. It
>> also doesn't cache my 'cancels' (so I can be asked for the pass
On 01/02/2013 02:32 PM, ved...@nym.hush.com wrote:
> Jeff Hanson jhansonxi at gmail.com wrote on
> Tue Jan 1 23:39:58 CET 2013 :
>
>> Is there a way to obtain the signature ID from a detached sig file without
> the signed file?
>
> -
>
> It can be done by using gpg --list-packets 'detached
On 01/04/2013 04:09 PM, Anilkumar Padmaraju wrote:
> This is first time I am upgrading gnupg. Are there any steps or document
> to download source, compile, and upgrade? I did some search in google, but
> could not find detailed one.
>
> After upgrading do I have to do gpg --gen-key or it is onl
On 01/08/2013 05:02 PM, Uwe Brauer wrote:
> Are there any plans to modify the signature (backward compatible?) such
> that it contains the public key embedded as in smime?
Not that i know of. Why do you think this would be useful?
You could do all of this within the existing OpenPGP specificatio
On 01/16/2013 01:42 AM, Leo Treasure wrote:
> Thanks Hauke! I needed to use the main key to interface with a Bitcoin
> exchange mpex.co. I first exported my ascii armoured public key and sent
> it. For subsequent orders the exchange operator needs me to sign with
> the same main key.
I note that
On 01/16/2013 09:40 PM, Leo Treasure wrote:
> Thanks dkg. I created the key under normal circumstances using version:
> gpg (GnuPG/MacGPG2) 2.0.19
> libgcrypt 1.5.0
i'm afraid i don't know what "the normal circumstances" are for MacGPG
-- maybe there's better forum for MacGPG someplace?
> When se
On 02/07/2013 09:56 AM, Niels Laukens wrote:
> OK, would it make sense to use this level in the trust calculation?
> Similar to the `marginal` ownertrust: three type 0x12 sigs equivalent to
> one type 0x13 sig? With the numbers configurable, preferably.
>
> I guess this would make the trustdb calc
On 02/20/2013 04:29 PM, Stefan Malte Schumacher wrote:
> I want to create encrypted backups with tar and gpg, which I then want to
> upload to my online storage. Strangely I can't get it working.
> "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric
> --output 1.tar.gz.gpg"
if y
On 02/21/2013 07:50 AM, John A. Wallace wrote:
> Can I get a link discussing one or more of a typical situations when options
> files are used? Thanks
Some of us are collecting "best practice" suggestions over here:
https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defa
On 02/25/2013 02:54 PM, Peter Loshin wrote:
> 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume
> that a pool is better than a particular server; is there one
> particular pool that is preferred? What about
> http://pool.sks-keyservers.net/?
You should use hkp:// instead of ht
On 02/25/2013 10:43 PM, Doug Barton wrote:
> The Best Practices page you posted above actually suggests:
>
> keyserver hkps://hkps.pool.sks-keyservers.net
> keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem
>
> That worked for me, although I was a bit disappointed that placi
On 02/25/2013 11:28 PM, Doug Barton wrote:
> lots, this one for example:
>
> https://help.ubuntu.com/community/GnuTLS
hmm, i don't use ubuntu myself, but i believe that documentation is
wrong, particularly this section:
https://help.ubuntu.com/community/GnuTLS#Deploying_the_Certificates
That
On 02/25/2013 11:52 PM, Niels Laukens wrote:
> I find *.sks-keyservers.net unusable (unfortunately).
>
> More often than not, I get this:
> gpgkeys: HTTP fetch error 7: couldn't connect: End of file
>
> tcpdump shows me that the server just closes the connection without an
> answer.
> It does wor
On 02/26/2013 06:43 AM, Mark H. Wood wrote:
> That service presents a self-signed certificate (I checked), which
> means that if you do not already have a copy of that cert. installed in
> your browser and marked trusted, then it cannot be verified.
This is not correct. As noted on the web site [
On 03/02/2013 01:48 AM, Doug Barton wrote:
> On 03/01/2013 03:37 PM, Dav■ Steinn Geirsson wrote:
> | I signed a few keys recently using --edit-key and the 'trust' command,
> | which did not ask me how well I had verified the users identity, but
> | proceeded to generate a 'sig' signature on the k
On 03/03/2013 09:30 PM, Craig Ringer wrote:
> I've been wondering for a while if anyone's running
> a GPG remote timestamping and attestation service, where you can submit
> text (or the hash of a binary) to the service by web or email and have
> it sign it with a key only it had access to. The ti
On 03/01/2013 01:47 PM, adrelanos wrote:
> is the gpg output "gpg: Signature made " tamper resistant?
>
> Or in other words, is the date and time taken from the signers machine
> clock and signed with the signers private key?
The signature time is signed with the signer's private key, so you can
On 03/25/2013 06:30 PM, Jack Bates wrote:
> How do I dump all the properties of a key?
it's not clear to me what you're looking for, but here are a few options
that might provide you with useful information:
gpg --export-options export-minimal --export $KEYID | pgpdump
gpg --export-options expor
I've changed the subject line to indicate that this thread is about
establishing a pseudonym, *not* about anonymous users. This is a subtle
but important difference.
On 03/29/2013 12:41 PM, Forlasanto wrote:
> The web of trust is simply a conventional way for people to judge how
> trustworthy yo
On 04/01/2013 12:24 PM, adrelanos wrote:
> gpg uses only(?) 40 chars for the fingerprint.
> (I mean the output of: gpg --fingerprint --keyid-format long.)
this is a 160-bit SHA-1 digest of the public key material and the
creation date, with a bit of boilerplate for formatting. This is not
gpg-sp
On 04/02/2013 05:40 AM, Melvin Carvalho wrote:
> In bitcoin you have the concept of a 'vanity key' much like vanity license
> plates, see:
>
> https://bitcointalk.org/index.php?topic=25804.0
>
> I wonder if there is anything similar for public keys in GPG?
Conceptually, looking for a key with a
On 04/04/2013 04:19 PM, Peter Lebbing wrote:
> On 04/04/13 18:01, Jack Bates wrote:
>> How can I get the fingerprint or key id of the subkey I just created?
>
> A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
> identify/verify a key as a whole, which means the primary ke
WoT still can be useful for people who wish to establish a
pseudonym.
> Daniel Kahn Gillmor wrote:
>> For a pseudonymous author who wants to establish a credible claim to a
>> given identity, one way would be to encourage the people who have been
>> following the work of
r to me, but perhaps it might mean something
> to someone else. This is a reason for my objection to vouching for
> anonymous identities. I think it is dangerous.
I think we're talking about pseudonyms, not "anonymous identities".
You seem to think that names of the form "St
On 04/08/2013 12:14 PM, Kevin wrote:
> Forgive me if this answer seems too simplistic--perhaps I am missing
> something--but would it be possible to make your SSH authentication keys
> subkeys of the same master/signing key? Then, when you unlock the
> master key, all the sub-keys should unlock w
On 04/12/2013 01:29 PM, nelsonste...@hushmail.com wrote:
[ bizarre and off-topic background stripped ]
> Sorry for posting to multiple lists. Spreading the word is the only way to
> stop
> this bogus conference. Please forward this message to other mailing lists and
> people.
I understand th
601 - 700 of 930 matches
Mail list logo
