On Tue, Mar 24, 2009 at 02:47:01PM +0100, Chris Hills wrote:
> I am looking for a tool that to export a GPG private key to a Data
> Matrix 2d barcode for long-term archival. I have been searching but have
> yet to find any existing software to do this. I have looked at PaperKey
> but it only
On Tue, Mar 24, 2009 at 05:55:15PM +0100, Chris Hills wrote:
> On 24/03/09 17:47, Chris Hills wrote:
>> Thanks David, that is exactly what I was looking for. For some reason
>> after I compiled libdmtx 0.7 the PDF and SVG formats are not available,
>> but I can manage with PNG.
>
> Scratch that; SV
On Mar 29, 2009, at 3:37 PM, Chrys M wrote:
Hello,
I am trying to find out which is the default algorithm that GPG uses
to encrypt my private key with the passphrase provided.
Is there a command that I can use?
It's CAST5, unless:
a) You don't have CAST5 compiled in
b) You run with --rfc2
On Apr 6, 2009, at 6:25 PM, Robert Holtzman wrote:
Just tried to d/l a key and was greeted with
[hol...@localhost]~$ sudo gpg --recv --keyserver pgp.mit.edu
A373FB480EC4FE05
[sudo] password for holtzm:
gpg: WARNING: unsafe ownership on configuration file `/home/
holtzm/.gnupg/gpg.conf'
gpg:
On Apr 7, 2009, at 10:54 AM, Brian Mearns wrote:
I've exported a crippled version of my private keyset for use at
work...I did not include the primary/master key in the export, only a
signing subkey and an encryption subkey. Now I've imported them on a
different system and want to sign a co-work
On Apr 8, 2009, at 5:36 AM, rahul kaushik wrote:
I have been asked to support PGP for a application. the most likely
scenario would be to implement a key server that would allow
customers to
manage their keys. This will of course come with some complications,
in
terms of interface, provi
On Apr 14, 2009, at 9:10 PM, Ronald Cook wrote:
Hi.
I've been scouring the gnupg-users mail archives but haven't yet seen
a solution to this.
One of our clients recently upgraded their production installation of
GnuPG 1.4.5 to version 1.4.9. They send encrypted / signed files to
us almost dai
On Apr 15, 2009, at 8:35 AM, Chris Hills wrote:
On 14/04/09 14:32, Werner Koch wrote:
No. The Net never forgets. A keyservers will never remove
signatures
because signatures go into the key validation computation and thus
removing signatures would change the validity of your key.
Signatu
On Apr 15, 2009, at 1:16 PM, Werner Koch wrote:
from whichever keyserver they like (or run their own keyserver and
get
content synced to them on a regular basis).
An easy countermeasure would be to limit the size of the meta data
(user
IDs, attribute id, notations and so). Well, until p
On Apr 16, 2009, at 3:18 AM, Werner Koch wrote:
On Wed, 15 Apr 2009 19:47, ds...@jabberwocky.com said:
The difference is that the keyserver network allows anyone to submit
data, and the keyserver net will then serve it on their behalf. It's
Like Usenet.
Not exactly. Usenet has delete :)
On Apr 20, 2009, at 7:08 PM, Robert J. Hansen wrote:
John Clizbe wrote:
Your interests would be best served by a) hiring the services of a
security consultant knowledgeable in the dealings of HIPAA
specifically
as it relates to the FDA; b) consulting an attorney knowledgeable in
technology,
On Apr 16, 2009, at 1:12 PM, Robert J. Hansen wrote:
Add it all together and USENET was at best a network-choking
bandwidth hog, and at worst was a lawsuit waiting to happen. And
thus, many full USENET feeds fell off the face of the net.
It might be worth wondering whether the same could h
On Apr 20, 2009, at 10:07 PM, Robert J. Hansen wrote:
David Shaw wrote:
That's a pretty big step there.
"Is it true that you chose as a first source of information a mailing
list where you did not know the people who were responding, nor their
credentials, nor their professional
On Apr 12, 2009, at 8:01 AM, John W. Moore III wrote:
Listing Your Key at www.biglumber.com will allow You to display Your
Key
exactly as You desire it to appear and folks may be directed to
retrieve
it from there via a Comment line or a signature tagline. I am not
aware
of the ability to
On Apr 13, 2009, at 5:23 AM, Sven Radde wrote:
Hi!
John Clizbe schrieb:
You can remove any cruft you wish and distribute that key yourself.
You
just can't use the keyserver networks to do it. Also anyone who
refreshes that key from a keyserver will pick up all the pieces you
decided needed d
On Apr 21, 2009, at 7:38 AM, Robert J. Hansen wrote:
David Shaw wrote:
"Sure. They told me some stuff, and I treated it as anecdote until I
got confirmation from an attorney."
The correct answer is "yes". On cross-examination you're not
allowed to
give exp
On Apr 21, 2009, at 1:31 AM, Sven Radde wrote:
Hi!
David Shaw schrieb:
With PKA, you can even get automatic key retrieval without a
keyserver.
That's not quite right. PKA records in DNS can point to a keyserver,
but you still need the keyserver in the mix somewhere (though, like
On Apr 21, 2009, at 1:44 AM, Faramir wrote:
Sven Radde escribió:
PKA is the way to get somebody to use my web server already for
initial
key retrieval (although this might not be the primary purpose of
PKA) so
that the (synchronizing merge-only) keyserver network is avoided.
But if some
On Apr 23, 2009, at 2:18 PM, Kumfer, Brian K wrote:
While I appreciate the response, please note that I am unfamiliar
with PGP and encryption, so this is my first attempt to work through
an issue surrounding the problem.
I never stated troubleshooting is a big burden. Rather, I did what
On Apr 24, 2009, at 7:50 AM, Robert J. Hansen wrote:
allen.schu...@gmail.com wrote:
What is the difference between DH/DSS and ElGamel/DSS? I was
reading up
on S/MIME v3 and PGP/MIME differences when that came up.
I don't know how it's used in the S/MIME standard. However, the
Elgamal
en
On Apr 24, 2009, at 10:34 AM, Felipe Alvarez wrote:
It's historical. Back in the late 1990s, the PGP developers were
offered a free patent license if they called it Diffie-Hellman. Now
that the patent has expired, though, it's a little hard to change
their product without confusing a bunch of
On Apr 24, 2009, at 12:29 PM, Robert J. Hansen wrote:
David Shaw wrote:
The patent holders (Cylink) simply wanted to push the name
Diffie-Hellman for marketing reasons.
Many people think Cylink has a history of regrettably close
cooperation
with the NSA. Some people consider their
On Apr 24, 2009, at 12:40 PM, bkumfer wrote:
Thanks for your help. To create the key, I followed the
--gpg -gen-key command - used key length of 1024 bits.
I examined this key and there is nothing particularly unusual about
it. The only thing that jumps out (and this is a reach) is that
On Apr 24, 2009, at 3:07 PM, David Shaw wrote:
On Apr 24, 2009, at 12:40 PM, bkumfer wrote:
Thanks for your help. To create the key, I followed the
--gpg -gen-key command - used key length of 1024 bits.
I examined this key and there is nothing particularly unusual about
it. The only
On Apr 25, 2009, at 6:18 PM, Raimar Sandner wrote:
On Saturday 25 April 2009 22:00:05 John W. Moore III wrote:
Raimar Sandner wrote:
In the end it is of course a people thing whether you trust a key
or not,
no mathematical model ever can replace your final decision. So
there is a
big diffe
On Apr 25, 2009, at 6:27 PM, Raimar Sandner wrote:
On Saturday 25 April 2009 18:27:44 Raimar Sandner wrote:
Hello,
when gnupg trusts a key as a result of trustdb calculations, I would
like to know what the chain depth for the given key is.
[snip]
As of now I can only think of gradually reduc
On Apr 26, 2009, at 3:54 AM, Raimar Sandner wrote:
On Sunday 26 April 2009 07:00:52 you wrote:
On Apr 25, 2009, at 6:27 PM, Raimar Sandner wrote:
On Saturday 25 April 2009 18:27:44 Raimar Sandner wrote:
Hello,
when gnupg trusts a key as a result of trustdb calculations, I
would like to know
On Apr 25, 2009, at 6:14 PM, John Clizbe wrote:
Ingo Klöcker wrote:
On Saturday 25 April 2009, John Clizbe wrote:
The message will be encrypted once with a symmetric cipher and
session key. Then the session key is encrypted to each recipient's
public key and the encrypted session keys are att
On Apr 27, 2009, at 7:04 AM, Harakiri wrote:
I'm not sure if Enigmail has sufficient control
here (due to the
Thunderbird restrictions), but if possible, it might
be wise to handle
Bcc's recipients with --hidden-recipient instead
of --recipient (i.e.
"-r"). That would better duplicate the
On Apr 28, 2009, at 9:48 PM, Allen Schultz wrote:
I made a key with default settings. Can I delte the encrypting
subkey that has not expiration date and remake one with an
expiration date?
There are many answers to your question. Basically, yes, you could,
but no, you almost certainly don't
On Apr 29, 2009, at 9:03 AM, Brian Mearns wrote:
So I've been "advertising" keys.gnupg.net as the place to get my key
for a while now, but the round-robin DNS is kind of bugging me. I
understand the purpose of it, but it's kind of a crap shoot: not
infrequently, the address maps to a server that
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
There is not much hard information yet, but the two big quotes are
"SHA-1 collisions now 2^52" and "Practical collisions are within
resources of a well funded organisation."
David
__
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
I would like to use a different hash than SHA-1. I tried setting
personal-digest-preferences SHA256 in my gpg.conf but it didn't
work. What hash can I use with my key (default DSA/Elgamel key)
and how?
The short answer is that you can only use
On May 2, 2009, at 10:47 AM, Raimar Sandner wrote:
On Saturday 02 May 2009 15:45:11 David Shaw wrote:
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
I would like to use a different hash than SHA-1. I tried setting
personal-digest-preferences SHA256 in my gpg.conf but it didn't
work.
On May 2, 2009, at 3:46 PM, Allen Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 2, 2009 at 7:45 AM, David Shaw
wrote:
The short answer is that you can only use a 160-bit hash with
your default
DSA key. That means SHA-1 or RIPEMD/160. There is a feature
you can
On May 3, 2009, at 8:17 AM, Simon Ruderich wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 02, 2009 at 09:45:11AM -0400, David Shaw wrote:
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
The short answer is that you can only use a 160-bit hash with your
default DSA key
On May 4, 2009, at 6:16 AM, Nicholas Cole wrote:
On Mon, May 4, 2009 at 9:24 AM, Werner Koch wrote:
On Fri, 1 May 2009 05:58, a...@smasher.org said:
so... when is the open-pgp spec moving beyond SHA1 hashes to
identify
public keys? what's next? will it have to be a bigger hash?
OpenPGP
On May 4, 2009, at 11:21 AM, Raimar Sandner wrote:
On Monday 04 May 2009 04:56:24 David Shaw wrote:
If you want a DSA2 key:
gpg --enable-dsa2 --gen-key
Select option 1, and enter 3072 for the DSA key size.
If you want an RSA key:
gpg --cert-digest-algo sha256 --gen-key
Select
On May 4, 2009, at 1:40 PM, Christoph Anton Mitterer wrote:
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
It's important to remember that this isn't a completely SHA-1 free
key, as that is not currently possible in the OpenPGP protocol, but
it
is possible to make a "us
On May 5, 2009, at 5:21 PM, Christoph Anton Mitterer wrote:
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
Re-issuing your self-sigs is more or less harmless. The keyservers
never delete anything, so they'll end up with both the old and new.
I'm not sure if this leads t
On May 7, 2009, at 7:17 PM, Christoph Anton Mitterer wrote:
On Tue, 2009-05-05 at 22:16 -0400, David Shaw wrote:
I'm not sure if this leads to the same discussion that we had some
time
ago on the WG-list (about explicitly revoking previous self-
sigs),...
but if a key has self-sigs
On May 8, 2009, at 3:26 AM, Raimar Sandner wrote:
On Friday 08 May 2009 09:14:27 Raimar Sandner wrote:
On Friday 08 May 2009 02:09:31 David Shaw wrote:
One fear that I've seen talked about for SHA-1 is that an attacker
can
create a duplicate document such that if you signed document or
On May 8, 2009, at 3:16 PM, Patrick Mabie wrote:
Hello
I was just wondering , can I fix this ?
RPM version 4.4.2.3
gnupg-1.4.5-14.x86_64
CentOS 5.3 x86_64
kernel : 2.6.18-128.1.10.el5
rpmbuild -bb Documents/Rpm/Spec/q7z-64.spec --sign
Generating signature: 1005
gpg: WARNING: standard inpu
On May 8, 2009, at 10:37 AM, jnhemley wrote:
I was given a new key to use with our partner for encryption.
Previously, the
key was working fine. I removed all keys and then imported our key
and then
the partner's key. I set trust to ultimate. The encryption works but
I now
get a confirma
On May 10, 2009, at 8:52 AM, Tyler Spivey wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello. I'm trying to make any message I clearsign
have a hash of SHA256.
If the key you are trying to make a SHA256 signature with is the same
one that you signed this message with, then you can't
On May 10, 2009, at 10:58 AM, Bob Henson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tyler Spivey wrote:
and I can force it with --digest-algo sha256.
Add just "digest-algo SHA256" (without the parentheses) to your
gpg.conf
file.
Please do not do this. There is an entire
On May 11, 2009, at 12:44 PM, Sanjeev Gupta wrote:
All,
I have 2 different vendors an dI would like to sign their keys
using 2 different private keys. I don't want to share my public key
between them. When ever I try to sign the key the software doesn't
give me the option to select my
On May 8, 2009, at 5:30 PM, Coffman, Beth C wrote:
What is a good way to write a C++ app to decrypt multiple large PGP-
encrypted files simultaneously into memory? I cannot have the
plaintext output in a file on disk at any time. Preferably, one
block of data from the file will be decrypte
On May 14, 2009, at 7:41 PM, Allen Schultz wrote:
RE: including a photo uid, which is commonly stripped by public
keyservers (http://fifthhorseman.net/key-transition-2007-06-
15.txt)
Are there any limits on the photo in the keys, format/extension,
size, etc? Will GPG resize if necessary? And th
On May 14, 2009, at 11:40 PM, Robert J. Hansen wrote:
David Shaw wrote:
The pic must be JPEG and the extension doesn't matter. GPG doesn't
really care what the size is, but if it is over 6k, you'll get an
"are
you sure?" message, as it is kindness to the rest o
On May 16, 2009, at 5:33 PM, Lucio Capuani wrote:
Hello everybody and thank you for reading. I have a pretty good
understanding of how asymmetric cryptography works in general.
Nevertheless, the fact that GPG uses "two keys", I mean a main key
and a subkey, confuses me. Are those "two keys"
On May 16, 2009, at 9:14 PM, Lucio Capuani wrote:
Can anyone explain why there is a difference between signing and
encrypting keypairs, even for the same type (RSA)?
As far as I've understood from the documentation, one of the reason
should be that it would be good practice to keep the signing
On May 18, 2009, at 5:49 PM, James P. Howard, II wrote:
On Mon May 18 08:45:38 2009, R.A. Hettinga wrote:
The reason for it is a notion of what's called "key hygiene," and
that's an important concept in RSA usage. That is the notion that one
should never sign with an encryption key, and never
On May 19, 2009, at 1:46 PM, James P. Howard, II wrote:
And on a divergent note, using the black
magic described elsewhere[1], is it bad to convert a subkey into a
primary key and use it to sign others?
To do this, you have to have the key in primary key form in the
(local)
web of trust. I
On May 20, 2009, at 5:25 AM, Paweł Żuk wrote:
I use gnupg 1.2.1 version
For same cases during decrypting I receive:
gpg: encrypted with 2048-bit RSA key, ID 453733BB, created
2006-02-13 "Comapny (User) " gpg:
md_enable: algorithm 8 not available
On Jun 2, 2009, at 10:14 AM, Vincent Panel wrote:
Hi,
I just wondered if it was possible to postpone the expiration date
after it has been set and/or after the deadline has been reached.
Yes, you can.
2 years ago, I created a personal key and set the expiration to 2y, so
it has now expired.
On Jun 5, 2009, at 2:00 AM, Kārlis Repsons wrote:
Hi there,
please, how can I make a keypair of DSA and ELG keys, 4 keys, as I
understand,
and then export all of them to another machine's gpg?
Using --export, --export-secret-keys, --export-secret-subkeys, then
--import
for each of 3 previou
On Jun 5, 2009, at 10:02 AM, James P. Howard, II wrote:
On Fri Jun 5 02:00:55 2009, Kārlis Repsons
wrote:
please, how can I make a keypair of DSA and ELG keys, 4 keys, as I
understand,
and then export all of them to another machine's gpg?
Using --export, --export-secret-keys, --export-se
On Jun 5, 2009, at 10:59 AM, James P. Howard, II wrote:
On Fri Jun 5 10:52:48 2009, David Shaw wrote:
--allow-secret-key-import is a no-op. It is no longer used for
anything.
Really? I could not import last week without it.
howar...@thermopylae:~$ gpg --version
gpg (GnuPG/MacGPG2
On Jun 5, 2009, at 12:27 PM, Kārlis Repsons wrote:
On Friday 05 June 2009 15:23:10 Werner Koch wrote:
On Fri, 5 Jun 2009 16:59, j...@jameshoward.us said:
On Fri Jun 5 10:52:48 2009, David Shaw
wrote:
--allow-secret-key-import is a no-op. It is no longer used for
anything.
Really? I
On Jun 5, 2009, at 2:52 AM, Harry Rickards wrote:
Would it be possible to do the same job that GPG does (using all the
same algorithms) simply using a pen and paper? You can do simple
public key crypto with RSA, by choosing two primes and doing a
multitude of stuff with them. I understand
On Jun 6, 2009, at 5:26 AM, Kārlis Repsons wrote:
Hi,
still I have questions :)
This time: is there some gnupg dictated way of setting preference of
which
signing/encrypting key to use? For example, I have a long RSA
subkey, which I
created just in case. I'd like to use DSA now, but my mail
On Jun 11, 2009, at 3:57 AM, Todd A. Jacobs wrote:
I've attempted (several times, in fact) to create a key pair with
three
UIDs: one primary and two others. Whether using Seahorse or the
command
line, I will manually set one of the UIDs as primary.
This *appears* to work locally, but if I e
On Jun 11, 2009, at 6:32 AM, Rob Cilissen wrote:
First of all: I like this email signing en encryption. But I have a
"problem". No one I know uses PGP to sign mails. Now I don't want to
act
as the cumputernerd and send everybody unasked signed mails and hope
they also ara going to use PGP. Is
On Jun 17, 2009, at 8:58 AM, Brian Mearns wrote:
I'm looking for an automated way to verify that a signature was made
by a specific key. It's not sufficient to just verify that the
signature is valid and known to my keyring, I want to confirm who it
belongs to. I was hoping the -u option would w
On Jun 18, 2009, at 8:41 PM, Harry wrote:
Hello guys,
I ran into a problem when using gpg to sign and encrypt. I have a
test run below (in bash):
$echo abcd | gpg -u b...@xyz.com --output message.pgp -r
al...@123.com -se --passphrase-fd 0 << EOF
<123456
There is no error but after decry
On Jun 23, 2009, at 7:28 AM, Werner Koch wrote:
On Sun, 21 Jun 2009 00:10, t.e...@yahoo.com said:
So, here is the question: Is is possible to secure gpg (or PGP or
TrueCrypt for that matter) on a Windows system?
If you have the ability to run a program if hibernation kicks in, you
may want
On Jun 23, 2009, at 2:33 PM, Daniel Kahn Gillmor wrote:
On 06/23/2009 12:45 PM, franv wrote:
I was wondering if it is possible to limit key propagation, that is
the number
of times a key can be exported and reimported.
A key is a piece of digital information; as such, it can be
transferre
On Jun 23, 2009, at 12:45 PM, franv wrote:
I was wondering if it is possible to limit key propagation, that is
the number
of times a key can be exported and reimported.
No.
If I want only 1 or 2 other people to have my key, is it possible
during the
key creation to give it a parameter sta
On Jun 23, 2009, at 3:35 PM, Joseph Oreste Bruni wrote:
Here's the weird part: If I download the file using Safari I
receive the file correctly.
If I download the file using the command-line "ftp" on either OS X
(10.5.7) or FreeBSD (7.2)
the file appears corrupted and is slightly smaller.
On Jun 24, 2009, at 12:21 AM, Daniel Kahn Gillmor wrote:
On 06/23/2009 10:53 PM, David Shaw wrote:
Unfortunately, local signatures do not work that way. Each
implementation strips local signatures both on export and on import
(just in case someone leaked one on export). They just don't
On Jun 25, 2009, at 6:30 AM, Alexander Delau wrote:
I'm a beginner in encrypting E-Mails. It would bei nice if you could
help me
in my question:
I want to use GnuPG with a masterkey (to sign) and a subkey (to
encrypt) on
Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
Now I'm not sur
On Jun 29, 2009, at 8:43 AM, Malte Gell wrote:
Hi there,
when doing a keyserver search on the server side it seems port 11371
is used.
I would like to define a fixed port number (the same 11371) for gpg
which waits
for the answer from the keyserver. Can I tell gpg at which port to
listen?
On Jul 1, 2009, at 9:05 AM, Matt Gantner wrote:
Hello.
I have uploaded my public key (GnuPG v2.0.10 (Darwin)) via command
line and copy / paste methods into keys.gnupg.net and pgpkeys.mit.edu
and when I look up the key on the systems they are different. I have
been looking at this problem for a
On Jul 2, 2009, at 8:36 AM, Matt Gantner wrote:
I'm not terribly familiar PNG or GPG keys so bear with me.
I am understanding your statement to be saying that the two keys are
really the same asci text but the line breaks make them appear to be
different.
No. I'm saying that line breaks are
On Jul 7, 2009, at 2:55 AM, Friedrich Fuhr wrote:
Hello to all.
I have a Problem:
When i try to send a signed mail message i get a window with the
following text:
internal failure: the hash algorithmus 11 is not allowed with rfc3156
the message couldn´t signed with gpg
You need to contact
On Jul 7, 2009, at 10:37 AM, Charly Avital wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Jul 7, 2009, at 9:08 AM, David Shaw wrote:
On Jul 7, 2009, at 2:55 AM, Friedrich Fuhr wrote:
Hello to all.
I have a Problem:
When i try to send a signed mail message i get a window with
On Jul 7, 2009, at 1:49 PM, Charly Avital wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA224
On Jul 7, 2009, at 12:03 PM, David Shaw wrote:
[...]
You are using SHA-256. Try SHA-224.
Here you go.
With PGP/MIME turned on.
David
On Jul 7, 2009, at 4:45 PM, Charly Avital wrote:
According to previous posts and result of tests, it seems that the
problem is with GPGMail signing with OpenPGP/MIME *and* SHA224.
OpenPGP/MIME is set by default when sending a message with an
attachment, or a multi-part message (e.g. HTML for
On Jul 7, 2009, at 5:32 PM, Robert J. Hansen wrote:
[I]t's chopping sha256 down to 224 bits to fit.
As I understand things, this is largely (almost entirely)
irrelevant. Am I mistaken?
Possibly. It depends on what you believe it is irrelevant for.
A user using SHA-256 reasonably expects
On Jul 7, 2009, at 6:10 PM, Robert J. Hansen wrote:
On Jul 7, 2009, at 6:02 PM, David Shaw wrote:
Or are you asking if there is there a significant difference
between SHA-256 truncated to 224 bits and straight SHA-224 in terms
of hash strength? If so, no, there really isn't. SHA-2
On Jul 7, 2009, at 12:08 PM, Senthilkumar .E wrote:
Hi,
I am trying to build gnupg on a RHEL box. I am not able to build
gnupg with gcc4. When I downgrade to gcc3 it is building. Looks like
this a bug with configure (http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024364.html
). Is
On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:
Hey folks,
Two years ago, there was a thread on this list, in which RSA key
sizes >2048 were discussed [0]. In these two years, the crypto-world
has been shaken up a bit, and computers got yet a bit more powerful.
0. http://lists.gnupg.org/pip
Please don't top-post.
> I am trying to build gnupg on a RHEL box. I am not able to build
gnupg with gcc4. When I downgrade to gcc3 it is building. Looks like
this a bug with configure (http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024364.html
). Is it fixed on the latest gnupg ver
On Jul 8, 2009, at 12:56 PM, Brian Mearns wrote:
I'm considering making my default hash RIPEMD160: does anyone have any
opinions on how this compares to SHA-2 algorithms in terms of both
security and availability? I like the idea that RIPEMD was developed
in an academic community instead of the
On Jul 9, 2009, at 5:39 AM, Roscoe wrote:
On Thu, Jul 9, 2009 at 3:36 AM, David Shaw
wrote:
...
If you're looking for a more immediate reason, though, note that if
you make
a RSA key larger than 2048 bits you can't use it with the spiffy
new OpenPGP
smartcard.
Oh, something
On Jul 26, 2009, at 9:40 PM, James P. Howard, II wrote:
I am trying to understand the differences in key types and looking at
encryption keys in particular. RFC 4880 has this to say on the matter
of key flags:
0x04 - This key may be used to encrypt communications.
0x08 - This key
On Jul 27, 2009, at 5:25 AM, arcintl wrote:
i wish to setup GNUpg for my work (i am the IT Administrator) but i
have a
few questions.
First: if the user creates a key and then leaves the company. assuming
he/she didnt tell anyone the pass phrase and was the only key used,
are
those files l
On Jul 27, 2009, at 8:29 AM, Daniel Kahn Gillmor wrote:
And: You can only encrypt the files for one key. So only one user
will have
access to the files (owns the files), as long as you don't share
the keys. For
example you can introduce company wide keys or deparmtement keys
and distribut
Somehow this thread mutated into being on both gnupg-devel and gnupg-
users. I'm only replying to gnupg-users. Let's try to keep it on one
list.
On Jul 27, 2009, at 9:41 AM, Ingo Krabbe wrote:
You actually can encrypt files to more than one OpenPGP key, so that
anyone holding any of the re
On Jul 27, 2009, at 11:15 AM, James P. Howard, II wrote:
On Sun Jul 26 2009 23:09:18 GMT-0400 (EST) , David Shaw
wrote:
Because it is difficult (or nearly impossible) to determine the
difference from the perspective of GnuPG. That is, I as a person
know what I'm encrypting and what I
On Jul 30, 2009, at 4:17 PM, ved...@hush.com wrote:
a new attack has been found against AES - 256
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
it only works against 10 round AES-256 (which normally has 16
rounds)
It breaks 11 rounds of 14.
David
_
On Jul 30, 2009, at 7:06 PM, Robert J. Hansen wrote:
No; only people using OpenPGP applications that don't support RSA
will have problems. This is potentially quite a lot of people. The
last time I tallied it up there were at least ten different OpenPGP
implementations, and some of them o
On Jul 29, 2009, at 11:14 AM, Jan Suhr wrote:
For my understanding GnuPG is standard conform and creates a "DSA
primary key (1024 bits - not "DSA2") with an Elgamal subkey per
default."
It was discussed in May to change this standard to 2048-bit RSA key:
http://www.imc.org/ietf-openpgp/mail-
On Jul 30, 2009, at 9:23 PM, Robert J. Hansen wrote:
Hence, McAfee may be a much bigger player than people think.
Is that an example of a potential problem implementation? Note that
the McAfee product does support RSA (not surprising, given its
ancestry).
David
___
On Jul 30, 2009, at 10:06 PM, Robert J. Hansen wrote:
Is that an example of a potential problem implementation? Note
that the McAfee product does support RSA (not surprising, given its
ancestry).
I don't know.
There are a wide number of implementations with various degrees of
conformanc
On Jul 31, 2009, at 9:21 AM, Reich, George wrote:
Hello,
Can anyone suggest the latest stable version of GnuPG that
successfully does decryption for Adobe PDF files? And if so, are
there installation instructions for that version?
I'm going to guess that you are referring to the built-in
On Aug 7, 2009, at 6:43 PM, Adam Bogacki wrote:
Hi, Having recently set up lenny on a new box, I copied
the contents of ~/.gnupg from the old etch box to a
USB stick and then to the lenny box - but find that
mutt does not do digital signatures as it did on the old one.
What am I missing here ?
On Aug 11, 2009, at 12:31 PM, Sebastian Wiesinger wrote:
I'm thinking about setting up an SKS Keyserver. My question is, is
there some sort of mailinglist or something where this is ontopic?
http://lists.nongnu.org/mailman/listinfo/sks-devel is the place.
As I understand I would also be in n
This is cute:
http://www.entropykey.co.uk/
(Reasonably on-topic as the device would work with GnuPG (at least on
Linux), as it seems to feed /dev/random)
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/list
101 - 200 of 1718 matches
Mail list logo
