On Aug 12, 2010, at 12:30 PM, Christoph Anton Mitterer wrote:
> Hi.
>
> Just found out, that a policy _is_ actually set when using
> --set-policy-urls when creating a key (--gen-key)
>
> But it seems there is no way of changing that later..
> I've looked through the code but could not find t
On Aug 16, 2010, at 8:38 PM, Joseph Isadore Ziff wrote:
> Dear Fellow Gnupg users,
>
> I recently grew more knowlegeable about of the different ciphers and
> compression methods. I already generated my secret key but would like to
> change the symmetric encryption protecting the secret key. I p
On Aug 16, 2010, at 6:24 PM, James Board wrote:
> Hi,
>
> I looked into the OpenPGP Message Format spec, and some encrypted files, and
> figured out that no matter how large my encrypted message is, gpg uses a
> single Data Packet for the cipher text. Can I somehow split that Data Packet
> in
> I'm using GnuPG 1.4.10b in a Windows XP machine, in Spanish
> language. I don't know exactly the command used, since I use GPGShell
> GUI, but I already contacted the author of GPGShell, and he told me
> cmd-windows are GPG itself, so it is not a problem with GPGShell.
>
> Now, the pro
On Aug 31, 2010, at 9:34 PM, Grant Olson wrote:
> I can find docs on generating a key on a smart card, and migrating an
> existing key to the smart card. But I can't figure out how to configure
> the smart card on a clean machine that never had my secret keys.
>
> The card has both signing and e
Hi folks,
This isn't a GnuPG bug per se, but given that many (most?) people using GnuPG
have it linked against libbz2, please read http://www.ubuntu.com/usn/usn-986-1
and upgrade appropriately for your platform.
To tell if your installation of GnuPG is using libbz2, run "gpg2 --version" (or
"g
On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote:
> Hi,
> If I have multiple not related e-mail accounts, is it better to create
> one key pair with multiple identities or a separate key pair for every
> account?
It's really a matter of taste. Some people like using different keys for
diff
On Sep 24, 2010, at 11:23 AM, Daniel Kahn Gillmor wrote:
> On 09/24/2010 10:30 AM, Simon Richter wrote:
>> Of course. I was talking about data signatures, i.e. "I'm signing this
>> with my work hat on".
>
> ah, gotcha. sorry for the misunderstanding.
>
>> The main use case I have is my Debian w
On Sep 24, 2010, at 12:47 PM, Daniel Kahn Gillmor wrote:
> On 09/24/2010 11:53 AM, David Shaw wrote:
>> There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
>> Signer's User ID). I don't think anyone implements it though.
>
>
On Sep 24, 2010, at 4:29 PM, Daniel Kahn Gillmor wrote:
> Are there other interpretations of the above results? does anyone else
> want to post comparable data points on different hardware? How powerful
> is a typical smartphone anyway? What kind of a cutoff are people
> willing to accept in te
On Sep 24, 2010, at 2:52 PM, Phil Brooke wrote:
> On Fri, 24 Sep 2010, David Shaw wrote:
>> There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
>> Signer's User ID). I don't think anyone implements it though.
>
> Is there any particular
On Sep 24, 2010, at 1:17 PM, Daniel Kahn Gillmor wrote:
> second, what does "this option implies --ask-sig-expire ..." mean? it
> seems to mean "this implies that the following options are not
> available" or something like that.
You are correct. The manual is incorrect. Setting force-v3-sigs
On Oct 6, 2010, at 1:19 PM, Benjamin Bressman wrote:
> If I use GnuPG to encrypt a file with multiple keys is it possible to
> remove one of those keys at a later date?
>
> Let's say I encrypt sensitive information so that three users could
> decrypt it, but one of those users leaves the organiza
On Oct 21, 2010, at 5:26 PM, MFPA wrote:
> Is there a maximum length for an OpenPGP UID?
Yes, but it's huge: 4,294,967,295 characters long. That's the OpenPGP answer.
In practice, however, using GnuPG, the maximum is 2048 characters.
David
___
Gnu
On Oct 22, 2010, at 4:51 AM, Paul Richard Ramer wrote:
> On Thu, 21 Oct 2010 09:40:11 -0700, Dan Cowsill wrote:
>> It seems the algorithms are mapped to algo ID's. I can confirm that the
>> algorithm is different than than the one used on my real secret key, but
>> I had not been able to find any
On Nov 7, 2010, at 6:19 PM, Morten Gulbrandsen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> David Shaw wrote:
>> Hi folks,
>>
>> This isn't a GnuPG bug per se, but given that many (most?) people using
>> GnuPG have it li
On Nov 15, 2010, at 3:19 PM, Scott Lambdin wrote:
>
> Greetings:
>
> If I have a base 64 exported PGP key, how can I extract the descriptive
> data about the key without importing it?
>
> I just want to see this stuff:
>
> pub 1024D/B00BFACE 2010-10-11
> uid S
On Nov 15, 2010, at 4:42 PM, Robert J. Hansen wrote:
> On 11/15/2010 4:38 PM, Ingo Klöcker wrote:
>> The following is sufficient:
>> gpg -v
> Doesn't this import the key? The OP specified that it ought not import
> the key.
It does not import the key unless you explicitly say --import.
David
On Nov 19, 2010, at 6:28 AM, Florian Schwind wrote:
> On 19.11.2010 11:12, Florian Schwind wrote:
>> Hi all,
>>
>> I was not able to run the "make ckeck" for GPG 1.4.10 on a SLES 11
>> (i386) successfully (I also tried 1.4.11). Since I'm not sure if there
>> is some configuration issue with my se
On Nov 21, 2010, at 4:31 AM, Nathan Krasnopoler wrote:
> Is there a way to remove a recipient from a message without having any
> of the private keys needed to view the message?
>
> For example, is message M is encrypted to Sam, John, and Bob as text
> C, I would like to output C_s that is M encr
On Nov 24, 2010, at 4:57 AM, Imran Khan wrote:
> Hi,
> Can some one please guide what is the difference between ownertrust and
> minimum_ownertrust?
> My understanding is that ownertrust is explicitly assigned to a key while,
> minimum_ownertrust is computed from trust signatures on the key.Hav
On Dec 7, 2010, at 8:05 AM, Chris Poole wrote:
> I want to check I'm not doing something stupid.
>
> I have backed up my .gnupg directory, including my revoke certificate,
> to a symmetrically-encrypted tar file.
>
> The password for this is a 50 character randomly-generated, stored in
> my KeeP
On Dec 7, 2010, at 11:56 AM, Chris Poole wrote:
>> Why not just store the GPG encrypted file directly with the "strong
>> passphrase that I know" ?
>
> I'm happy to do that, I'm just trying to keep the "very long,
> complicated passphrases I have to remember" to as few as possible.
>
> I really
On Dec 8, 2010, at 8:01 AM, Mohan Radhakrishnan wrote:
> Hi,
> What is the standard that the GPG armor key is compliant with ?
> X.501 ?
RFC-4880 (http://tools.ietf.org/html/rfc4880). See section 6 in particular for
how the armor is formed, and sections 4 and 11 for what goes into t
On Dec 8, 2010, at 3:20 PM, Hank Ivy wrote:
> I moved to a small town in a new state for personal reasons. For work I
> telecommuted as an
> independent consultant. A computer user group I joined recently is going to
> be holding a key
> signing party. NOBODY has met me more than three time
On Dec 9, 2010, at 6:49 PM, Ben McGinnes wrote:
>> Or one can use enable-dsa2 in GnuPG and use any of the SHA2 hashes,
>> they'll just be truncated down to 160 bits similarly to the
>> SHA-224/SHA-256 arrangement described below.
>
> Just to clarify, does this mean that SHA-256 or 512 (or whateve
On Dec 9, 2010, at 1:30 PM, Ben McGinnes wrote:
> Good to know. Should I make the transition now/soon, my current plan
> is either of these two options:
>
> 1) 4,096-bit RSA signing key with a 4,096-bit Elgamal encryption key.
>
> 2) 4,096-bit RSA signing key with a 4,096-bit RSA encryption key
On Dec 9, 2010, at 1:01 PM, Daniel Kahn Gillmor wrote:
>> Second, the
>> OpenPGP Working Group ("the WG") is currently figuring out how to get
>> SHA-1 out of the OpenPGP spec and how to replace it with something better.
>
> This discussion currently seems to be idle, so i would not wait on it.
>
With the various discussions about OpenPGP and hashes recently, I thought this
would be of interest to the folks here:
http://www.reddit.com/r/crypto/comments/ej7m2/sha3_finalists
Incidentally, Skein is one of the finalists. Here's some analysis of Skein:
http://eprint.iacr.org/2010/623
David
On Dec 11, 2010, at 4:15 AM, Ben McGinnes wrote:
> On 10/12/10 2:33 PM, David Shaw wrote:
>>
>> A good way to look at this is to pick what you want your primary key
>> to be. The subkeys don't really matter that much, as the primary is
>> the one that gathers si
On Dec 11, 2010, at 11:36 AM, Chris Poole wrote:
> I have been using gpg for a while now, with just one subkey for signing and
> encryption.
>
> I decided I wanted a separate key for signing, so if I have to give away my
> private key for decrypting documents, they can't use it to impersonate me
On Dec 11, 2010, at 2:55 PM, Ben McGinnes wrote:
>> You can't actually turn on or off certify (which is to sign a key -
>> either your own or someone elses). In OpenPGP, the primary key can
>> always certify (it may be able to encrypt/sign/authenticate as well,
>> but the only strict requirement
On Dec 11, 2010, at 3:25 PM, Chris Poole wrote:
>> If you were forced to disclose your encryption key, you could give them just
>> that particular subkey and not give them the signing subkey at all.
>
> But isn't the likelihood that they'll get your passphrase too, so the
> security lies in the
On Dec 11, 2010, at 3:06 PM, Ben McGinnes wrote:
> On 12/12/10 7:00 AM, David Shaw wrote:
>>
>> If you were forced to disclose your encryption key, you could give
>> them just that particular subkey and not give them the signing
>> subkey at all. What some peop
On Dec 11, 2010, at 4:42 PM, Ben McGinnes wrote:
> On 12/12/10 8:03 AM, David Shaw wrote:
>>
>> GPG has an option to create a special key like this. Basically,
>> after you make your backup copy, run:
>>
>> gpg --export-secret-subkeys (thekey) > my-subkeys-
On Dec 12, 2010, at 3:51 PM, Robert J. Hansen wrote:
> On 12/12/2010 3:03 PM, Daniel Kahn Gillmor wrote:
>> what do you mean by "V4 certificate checksums"?
>
> Read the RFC. It's in there, and does a better job than I can do of
> explaining it. Section 5.5.3.
Ah, I also wasn't sure what you we
On Dec 12, 2010, at 11:21 AM, Robert J. Hansen wrote:
> On 12/12/2010 10:23 AM, Daniel Kahn Gillmor wrote:
>> What part of OpenPGP certificates require SHA-1?
>
> ... At first blush, V4 certificate checksums, symmetrically encrypted
> integrity protected data packets, the MDC system in general, c
On Dec 12, 2010, at 11:50 PM, Daniel Kahn Gillmor wrote:
> Can you help me understand why a change in the choice of fingerprint
> technique and a change in the must-implement-digest-algorithm would
> require a change in the certificates themselves?
It doesn't work that way. If you want to make a
On Dec 13, 2010, at 12:23 PM, Daniel Kahn Gillmor wrote:
> Avoiding a systemic change to the certificate format seems like it would
> be a Good Thing in that people could participate in a global smooth
> transition, without requiring a hard cut-over or a global interruption
> of existing networks
On Dec 13, 2010, at 4:40 PM, Daniel Kahn Gillmor wrote:
> On 12/13/2010 01:13 PM, David Shaw wrote:
>> Why is it that using the method you advocate, there is a graceful
>> changeover between fingerprint formats, but a change in the
>> certificate format requires a "h
On Dec 14, 2010, at 10:08 AM, ved...@nym.hush.com wrote:
> Robert J. Hansen rjh at sixdemonbag.org wrote on
> Tue Dec 14 15:47:08 CET 2010 :
>
>>
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-
> revised2_Mar08-2007.pdf
>
> Page 63.
>>
>
> Thanks.
>
> Always wondered abou
On Dec 14, 2010, at 6:43 PM, Faramir wrote:
> I know I asked before, but I can't remember if I saw an answer. Is
> TwoFish implementation the 256 bit key version?
Yes it is.
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg
On Dec 17, 2010, at 11:22 AM, Chris Ruff wrote:
> On Sat, 2010-12-11 at 14:57 +0100, Olav Seyfarth wrote:
>
>> My key: OpenPGP SmartCard v2 key 0x6AE1EF56 (3072 Bit RSA) Card 0005 0222
>>
>> Why can't I use SHA256/SHA512 with this card?
>> | enable-dsa2
>> is set and showpref lists
>
> The
On Dec 23, 2010, at 3:20 PM, Robert J. Hansen wrote:
> On 12/23/10 1:26 PM, smu johnson wrote:
>> I was wondering what anyone thought of including which block cipher
>> mode gpg uses in the -v[erbose] mode.
>
> OpenPGP specifies a kind of messed-up and strange variant of CFB. Don't
> get me wron
On Jan 1, 2011, at 10:30 PM, takethe...@gmx.de wrote:
> I everybody,
>
> I tried to understand some of the concepts of GnuPG and would be grateful for
> you to give me a feedback, whether I understood things right. I'm especially
> interested in the concept of self-signed keys. My key type is
On Jan 2, 2011, at 7:27 AM, MFPA wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
>
> On Sunday 2 January 2011 at 5:05:06 AM, in
> , David Shaw
> wrote:
>
>> There is a way to sign a key alone, without signing any
>> user IDs. N
On Jan 2, 2011, at 7:37 AM, Neil Phillips wrote:
> Hi,
> I'm completely new to GnuPG.
> Can someone tell me how I can encrypt the name of the file that I want to
> encrypt please.
>
> Example:
> mySecrets.txt [a plain text file]
>
> I would like:
> szstt.asd [some 'apparently random name' file]
On Jan 2, 2011, at 10:06 AM, Neil Phillips wrote:
> SecureZip will take a file and encrypt both the filename and the file.
>
> so far with GnuPG i can only see how to encrypt the file.
>
> i do not want to use a specific name as there are too many files to do that.
> i want something like;
>
>
On Jan 2, 2011, at 2:43 PM, Daniel Kahn Gillmor wrote:
> On 01/02/2011 10:01 AM, David Shaw wrote:
>> The only significant use of the direct-key signature is for key owners
>> to add designated revokers to their key. Designated revokers are carried
>> in a subpacket on a
On Jan 6, 2011, at 5:37 PM, freej...@is-not-my.name wrote:
>>> Sounds reasonable but then why is it using RIPEMD160? I tested with 3DES
>>> instead of IDEA and got the same thing. RIPEMD160 is being used, not
>>> SHA1. Thanks for looking at this.
>>
>> Try sharing your gpg.conf file. The answer
On Jan 11, 2011, at 9:41 AM, jack seth wrote:
> Hello. I have been searching google for a couple of days now and I can't
> figure out how to accomplish this. I need to create a v4 RSA keypair that
> has a 16384 encryption key and a 4096 (possibly 8192) signing key using
> AES-256 that I can e
On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
> On Tue, Jan 11, 2011 at 12:19 PM, wrote:
>>
>> If one is a purist, then one wants sign>encrypt>sign
>>
>> See http://world.std.com/~dtd/#sign_encrypt
>
> That is a really interesting paper. Did the OpenPGP protocol ever
> include a fix for
On Jan 12, 2011, at 11:13 AM, Robert J. Hansen wrote:
>> More often "I have no confidence they keep their secret keys strictly under
>> their control" might be the relevant objection.
>
> In my case, it's "I think these individuals are mentally unstable and
> violent," but yes. :)
>
>>> Speak
On Jan 12, 2011, at 2:12 PM, MFPA wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
>
> On Wednesday 12 January 2011 at 4:13:44 PM, in
> , Robert J.
> Hansen wrote:
>
>
>> Show me the worth in a signed message that has any of
>> (a) an incorrect signature, (b) from an invali
On Jan 12, 2011, at 10:54 PM, Robert J. Hansen wrote:
> When you close a laptop, Windows (or Mac OS X, or Linux, or what-have-you)
> takes a snapshot of memory contents and writes it to disk. This can be a
> really big problem, since encryption keys, passphrases, and so forth are
> written out
On Jan 13, 2011, at 3:44 PM, Bo Berglund wrote:
> I have defined a group in the gpg.conf file.
> If I encrypt and use this group as recipient then it works just fine.
>
> But if I try to list the existing groups I cannot find a command that
> does that.
>
> gpg2 -k
>
> this just lists the publi
On Jan 15, 2011, at 11:13 AM, Bo Berglund wrote:
> I am building an application for GPG encryption, which ultimately will
> be integrated into the Win7X64 Explorer context menu.
> I have used the command line command "gpg2 -k" to retrieve a ley list
> for the current key ring. Works fine. Now it i
On Jan 19, 2011, at 10:46 AM, Kavalec wrote:
>
> Using GnuPG 1.4.4 we occasionally receive truncated files, but gpg decrypts
> them anyway.
>
> Is there a way to force the decrypt to fail on a missing 'END PGP MESSAGE' ?
Not really (or at least, not within GnuPG). The thing is, it doesn't real
On Jan 19, 2011, at 12:09 PM, Kavalec wrote:
>
>
> David Shaw wrote:
>>
>> On Jan 19, 2011, at 10:46 AM, Kavalec wrote:
>>
>>> Is there a way to force the decrypt to fail on a missing 'END PGP
>>> MESSAGE' ?
>>
>> ... take
On Jan 19, 2011, at 1:20 PM, Werner Koch wrote:
> On Wed, 19 Jan 2011 17:46, ds...@jabberwocky.com said:
>
>> Not really (or at least, not within GnuPG). The thing is, it doesn't
>> really matter in practice. OpenPGP has its own corruption detection
>> called a MDC, that applies even if part of
On Jan 25, 2011, at 5:03 AM, Johan Wevers wrote:
> Op 25-1-2011 9:50, Werner Koch schreef:
>
>> Another and real practical
>> reason against such a long key is that it will unusable on my
>> smartphone.
>
> What kind of smartphone do you have? Since when does GnuPG exists for
> phones? I would b
On Jan 26, 2011, at 5:02 AM, Werner Koch wrote:
> On Wed, 26 Jan 2011 05:21, k...@grant-olson.net said:
>
>> (Not that I'm saying there's anything wrong with using 1.4; I just doubt
>> ECC will be back-ported.)
>
> Well, at some point in time we might need to do that. If there are many
> ECC ke
On Feb 3, 2011, at 9:38 AM, Alphazo wrote:
> Is it possible to add or remove a recipient to an already encrypted file and
> thus without re-encrypting the whole file?
>
> From what I understand GnuPG encrypts the payload (my binary file) with a
> symmetric session key. Then it stores each recip
On Feb 3, 2011, at 5:10 PM, Robert J. Hansen wrote:
>> I invite you to look through the User IDs in your own keyring, from the
>> perspective of a potential certifier, and ask yourself "what does it
>> mean for me to certify these comments?"
>
> Zero. Comments don't get certified. All my signat
On Feb 15, 2011, at 4:16 PM, hare krishna wrote:
> Hi,
>
> Can someone help me out why i am facing this problem.
> OS - Unix.
>
> I have set the
> LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64
>
> But when i run this command:
> gpg --list-keys
> i am getting thi
On Feb 15, 2011, at 11:25 PM, Jason Harris wrote:
> On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote:
>>> I have set the
>>> LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64
>>>
>>> But when i run this command:
&g
On Feb 15, 2011, at 11:44 PM, Robert J. Hansen wrote:
> On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote:
>> Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly
>> harder to spoof, but easily within reach of a well-funded organization.
>
> IIRC, Jon Callas says an accidental long-ID
On Feb 15, 2011, at 11:35 PM, Daniel Kahn Gillmor wrote:
> On 02/15/2011 09:22 PM, lists.gn...@mephisto.fastmail.net wrote:
>> If you have your public key published somewhere, such as on a key
>> server, the Key ID is a way for other people to unambiguously look up
>> the full key.
>
> You're qui
On Feb 19, 2011, at 9:53 AM, lists.gn...@mephisto.fastmail.net wrote:
> I found this linked from slashdot; I thought some readers of this list
> might find it interesting:
>
> http://www.thinq.co.uk/2011/2/18/nist-boosts-crypto-faster-sha-2-functions/
>
> Think we'll see this included one day in
On Feb 25, 2011, at 12:29 PM, Daniel Kahn Gillmor wrote:
> On 02/25/2011 12:11 PM, Martin Gollowitzer wrote:
>> * Patrick Brunschwig [110225 10:10]:
>>> The only mail client on Android I know of to handle OpenPGP messages is
>>> K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME
>>
On Feb 25, 2011, at 6:05 PM, Aaron Toponce wrote:
> Also, my understanding on how the preferences are chosen by GnuPG is the
> following:
>
> 1. User wishes to encrypt mail to me, so my cipher preferences in my
> public key are pulled.
> 2. My first preference, Twofish, is used, only if the sende
On Feb 26, 2011, at 9:10 AM, Aaron Toponce wrote:
>> 3DES's history is instructive. NIST has declared it "dead in 20 years"
>> more often than Netcraft has declared BSD to be dying.[*] At this
>> point, I'm unaware of anyone who seriously believes 3DES will be gone in
>> 20 years. Most people s
On Feb 27, 2011, at 2:48 PM, Robert J. Hansen wrote:
>>> 2. And seeing strange MIME attachments doesn't confuse people?
>>
>> Less than strange text fragments at the head and the bottom of a message
>> (Some people even think they are being spammed when they see inline PGP
>> data), because an a
On Feb 27, 2011, at 2:48 PM, Robert J. Hansen wrote:
> On 2/27/11 2:37 PM, Martin Gollowitzer wrote:
>> I sign *all* my e-mail except for messages sent from my mobile (in that
>> case, my signature tells the receiver why the message is not signed and
>> offers the receiver to request a signed proo
On Feb 27, 2011, at 10:05 PM, Robert J. Hansen wrote:
>> I'm not at all surprised that you had those results. A limited subset of
>> people have support for OpenPGP signatures. A limited subset of those
>> people actually verify signatures. A limited subset of those people
>> actually pay at
On Feb 27, 2011, at 9:38 PM, Robert J. Hansen wrote:
>> I disagree with this. Obviously a bad signature doesn't say much (except
>> perhaps "check your mail system - it's breaking things"), but there is still
>> value in the continuity between multiple signed messages. It's important to
>> no
On Feb 27, 2011, at 10:27 PM, Robert J. Hansen wrote:
>> I think we're missing each other here. We have Martin (the real one), the
>> fake Martin (let's call him "Marty"), and various other people on a mailing
>> list. Martin always signs his messages. One day Marty shows up and tries
>> to
On Feb 27, 2011, at 8:25 PM, Denise Schmid wrote:
> Hello list,
>
> first of all: Sorry if my question reaches the wrong list, but I have a
> question someone on this list may probably answer easily.
>
> If a company has shared keys: How does encryption work then? Are several
> owners of a sha
Not exactly Android, but FWIW, an iPod touch (which has the same mail program
as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't
verify the signature).
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.g
On Feb 27, 2011, at 8:35 PM, Robert J. Hansen wrote:
>
> On Feb 27, 2011, at 5:17 PM, David Shaw wrote:
>
>> Can I see the HCI study that MIME attachments confuse people? ;)
>
> I would love to see such a study. However, I never made that claim. :)
>
> Someone e
On Feb 24, 2011, at 9:39 AM, Atom Smasher wrote:
> On Thu, 24 Feb 2011, Aaron Toponce wrote:
>
>> However, I was in a discussion with a friend, and the topic came up that it
>> is theoretically possible to rebuild your private key if someone had access
>> to all your signed mail. We debated the
On Feb 28, 2011, at 2:07 AM, Denise Schmid wrote:
>> It depends on what you mean by a "shared key". There is just giving a
>> copy of the key to multiple people (in which case any one of them can use
>> it),
>> or there are various key splitting algorithms where a key is broken into a
>> number
On Feb 28, 2011, at 6:47 AM, Guy Halford-Thompson wrote:
> Assuming I have password protected secret keys, can I assume that the
> gpg private keyring is secure? I.e., if my private keyring was to
> fall into malicious hands, would the aforesaid hands be able to
> extract any useful information f
On Feb 28, 2011, at 8:18 AM, Aaron Toponce wrote:
> On 02/27/2011 08:27 PM, Robert J. Hansen wrote:
>> FM: [message]
>> RM: Hey, that's not me! I'm me. See? I've signed this with the same cert
>> I've used for everything else on this list.
>> FM: No, I'm the real Martin. I didn't sign up for
On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote:
> On 2/28/11 9:12 AM, David Shaw wrote:
>> In this particular case, though, key signatures aren't even necessary
>> - RM just needs to prove that he is the same entity that signed the
>> other messages to the list. T
On Feb 28, 2011, at 4:59 PM, MFPA wrote:
>> It is reasonable
>> that if someone was being masqueraded, that person
>> would speak up and challenge the forger (e.g. "Hey,
>> you're not Martin! I'm the real Martin, and I can
>> prove it by signing this message with the same key I've
>> used all alo
On Feb 28, 2011, at 5:47 PM, Robert J. Hansen wrote:
> On 2/28/11 12:10 PM, David Shaw wrote:
>> Well, I suppose that's up to you whether you want to trust RM or not.
>> A question on trustworthiness is outside crypto, and not what the
>> discussion was about here in an
On Feb 28, 2011, at 5:40 PM, MFPA wrote:
> On Monday 28 February 2011 at 3:47:16 PM, in
> ,
> Guy Halford-Thompson wrote:
>
>
>> Thanks for the help, didnt really occur to me how much
>> info is available in the public keyring, guess you cant
>> do much about it tho.
>
>
> I think key UIDs gen
On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote:
>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to retur
On Mar 1, 2011, at 8:13 AM, Guy Halford-Thompson wrote:
> Not GPG specific, but I was wondering if someone could point me in the
> direction of some resources that explain why we use different keys to
> sign and encrypt (for cases where the same key _could_ do both e.g.
> RSA). I cant seem to pic
On Mar 1, 2011, at 7:39 AM, ravi shankar wrote:
> Hi,
>
>I am planning to use gnuPG (v1.4.10) binary in netbsd 5 for encryption.
> The key generation is supported as interactive session, but I want to use non
> interactive session. I could not find any binary with non interactive
> session
On Mar 1, 2011, at 6:29 PM, MFPA wrote:
> On Tuesday 1 March 2011 at 8:56:56 PM, in
> , Ingo Klöcker wrote:
>
>
>> Hmm. Why do the keyservers need to support it at all?
>> IMO the clients that want to upload a key should check
>> for this flag and warn the user if a key has this flag.
>
> I th
On Mar 2, 2011, at 10:04 PM, Ben McGinnes wrote:
> On 1/03/11 9:33 AM, David Shaw wrote:
>>
>> That experiment, while interesting, is not relevant to the "real
>> Martin" / "fake Martin" situation we've been talking about. If both
>> Real M
On Mar 9, 2011, at 3:12 AM, Ben McGinnes wrote:
> On 9/03/11 5:52 PM, Bernhard Kleine wrote:
>> Hi everybody,
>>
>> I am using ubuntu 10.10, gpg and evolution. And I am reading this
>> mailing list for quite some time. Lately to read this list is a pain
>> since many keys are no longer found on
On Mar 11, 2011, at 5:08 AM, Ben McGinnes wrote:
> On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
>> On 03/11/2011 01:44 AM, Ben McGinnes wrote:
>>> Ah, this is what I've been looking around for! For the sake of the
>>> archives, how does one provide a non-exportable certification?
>>> Obviously
On Mar 11, 2011, at 12:50 PM, Avi wrote:
> Forgive my ignorance, but is there a way to take a given
> encrypted message/file and determine which compression algorithm
> was used (and which level)? I know how to set compression
> algorithm and level prefs, but I'm curious to see what others
> use,
On Mar 11, 2011, at 2:01 PM, Avi wrote:
> Thanks, everyone.
>
> So we can see the algorithm, but can not be able to see the compression level
> used, correct?
Not directly, no. OpenPGP just encapsulates the compressed stream, so you'd
have to extract the compressed data and examine it. I'm n
On Mar 11, 2011, at 8:33 AM, Robert J. Hansen wrote:
> On 3/11/2011 1:07 AM, Ben McGinnes wrote:
>> Out of curiosity, how big is that now?
>
> My complete /var/lib/sks/DB directory comes in at 7.8G. Not too large.
That's the on-disk SKS database format, and so contains a good bit of non-key
da
On Mar 13, 2011, at 11:21 PM, Jonathan Ely wrote:
> I apologise in advance if this is a stupid question to ask now or if
> people already asked it before I stepped on the scene, but which
> algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
> undergone a ridiculous amount of
On Mar 15, 2011, at 10:17 AM, Johan Wevers wrote:
> Op 15-3-2011 14:19, Aaron Toponce schreef:
>
>> 1. The U.S. patent expires for IDEA on January 7, 2012.
>
> I propose to include the IDEA module then in GnuPG 1.4.12 and 2.2.(then
> current + 1), just like the extra version that came out when t
401 - 500 of 1718 matches
Mail list logo
