Re: GPG and PGP

On Mar 15, 2011, at 4:24 PM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrote on > Tue Mar 15 15:34:47 CET 2011 : > >> would like to see IDEA included once the various patents expire > > As long as the non-256 bit symmetrical algorithms (IDEA, CAS

Re: GPG and PGP

On Mar 15, 2011, at 6:51 PM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrot on > Tue Mar 15 22:28:23 CET 2011 : > >> I'm not quite sure what you mean. >> The MDC can be used on any OpenPGP cipher, no matter what the > size. > > Yes,

Re: GPG and PGP

On Mar 15, 2011, at 11:41 PM, David Shaw wrote: > On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: > >> On 16/03/11 10:42 AM, David Shaw wrote: >>> >>> GnuPG does the MDC by default whenever all the keys can handle it >>> (or if the chosen cipher is 25

Re: GPG and PGP

On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: > On 16/03/11 10:42 AM, David Shaw wrote: >> >> GnuPG does the MDC by default whenever all the keys can handle it >> (or if the chosen cipher is 256 bits) > > Is that 256 bits only or 256 bits and larger? Strictly spe

Re: GPG and PGP

On Mar 16, 2011, at 9:41 AM, ved...@nym.hush.com wrote: > David Shaw dshaw at jabberwocky.com wrote on > Wed Mar 16 00:42:48 CET 2011 : > > >> GnuPG does the MDC by default whenever all the keys can handle it > > What kind of key can't handle it in gnupg? None

Re: GPG and PGP

On Mar 16, 2011, at 10:05 AM, Jeffrey Walton wrote: > On Wed, Mar 16, 2011 at 9:41 AM, wrote: >> David Shaw dshaw at jabberwocky.com wrote on >> Wed Mar 16 00:42:48 CET 2011 : >> >> >>> GnuPG does the MDC by default whenever all the keys can handle it >

Re: what are the sub keys

On Mar 19, 2011, at 10:26 PM, Mike Acker wrote: > what are the 'sub keys' that are listed with each RSA key? Also which > type of key is preferred RSA or DSA? OpenPGP keys are made up of a single primary key, and any number of subkeys (including, in some cases zero). This allows the user to pi

Re: Revoke signature from key

On Mar 21, 2011, at 3:02 PM, Mike Acker wrote: > Scenario thus far: > • Tom Newguy joined my group > • Tom created a keypair and sent his PUBLIC key to me > • I have approved his membership in the group > • I have signed his key and sent his public key with my signature to

Re: Revoke signature from key

On Mar 21, 2011, at 3:46 PM, Martin Gollowitzer wrote: > * David Shaw [110321 20:28, > mID <387f8326-47af-419e-a9a7-7c37d048a...@jabberwocky.com>]: > >> On Mar 21, 2011, at 3:02 PM, Mike Acker wrote: >> >>> Scenario thus far: >>> • Tom N

Re: Revoke signature from key

On Mar 21, 2011, at 4:18 PM, Daniel Kahn Gillmor wrote: > On 03/21/2011 04:05 PM, David Shaw wrote: >> While the common usage for regular users is to sign based on checking >> identity, signatures can be just as well used as a token to indicate >> membership. For example

Re: Revoke signature from key

On Mar 21, 2011, at 5:17 PM, Daniel Kahn Gillmor wrote: > For example, consider Bob an admin of the tech support dept. at Example > Corp. Bob has his own personal key B, and manages a department key with > alternate certification semantics, D. > > If Alice works for Example Corp, she might decid

Re: Deniability

On Mar 21, 2011, at 12:13 PM, Jerome Baum wrote: > Hauke Laging writes: > >> You know that. And the archive of this mailinglist now knows that you have >> once claimed to do that. So one may assume that the only recipient is you >> but >> that is not a strong technical conclusion from the mes

Re: Deniability

On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote: > David Shaw writes: > >> In addition to the size and type information, there is also an >> interesting attack that can be done against speculative key IDs. It >> doesn't (directly) help a third party kno

Re: Deniability

On Mar 22, 2011, at 12:01 PM, Jerome Baum wrote: > David Shaw writes: > >> On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote: >> >>> Would that be by reusing the session key? Or are there other properties >>> that we can mess with? >> >>

Re: Deniability

On Mar 22, 2011, at 3:17 PM, Jerome Baum wrote: > David Shaw writes: > >> Hmm. I'm not sure you and I are on the same page with this attack. I >> don't think that Alice's rigged message to Baker necessarily needs to >> be forged to come from the

Re: Deniability

On Mar 23, 2011, at 3:06 PM, Mark H. Wood wrote: > On Tue, Mar 22, 2011 at 10:34:27PM -0400, Robert J. Hansen wrote: > [snip] >> My own dark suspicion is that what we have always thought of as >> "privacy" is nothing more than an inefficiency in information exchange. >> So long as information exch

Re: export a public subkey isolated

On Mar 24, 2011, at 2:16 PM, Tom Mayer wrote: > Hi List, > > there was no success in googling this question: > > Is it possible to export the public part of a subkey isolated? There should > be nothing of the masterkey or other subkeys in the exported keyblock. I'm afraid this is not possibl

Re: Public keys on smartcard

On Mar 31, 2011, at 3:06 PM, Astrakan wrote: > Thank you for your quick response. > > A couple of follow-up questions: > Im noticing that in an "empty" gpg-installation, when I run the > --card-edit command, gpg creates the > keyring files (0 bytes in size) in the homedir. When I then run the > g

Re: Public keys on smartcard

On Mar 31, 2011, at 10:52 AM, Werner Koch wrote: > On Thu, 31 Mar 2011 15:51, gpgika...@armax.se said: > >> my pubring.gpg/secring.gpg) I must also have a card containing the >> trustdb-file and perhaps even a gpg.conf file? > > No, you don't need the internal stuff like trustdb and pubring. Ta

Re: Public keys on smartcard

On Apr 1, 2011, at 3:51 AM, Astrakan wrote: > Thanx for your input. > Ok, so Im guessing the RSA-modulus (p and q) are stored on the card > along with the private exponents, or > perhaps the private key in its whole, already computed? You should take a look at http://g10code.com/docs/openpgp-card

Re: default keyserver-options [was: Re: keys not available for signed messages in this maillist]

On Apr 8, 2011, at 6:48 PM, Daniel Kahn Gillmor wrote: > On 04/08/2011 02:19 PM, John Clizbe wrote: >> There are additional options for the keyserver-options line. I recommend >> adding >> ' include-subkeys include-revoked import-clean'. See the gpg man page. > > Thanks for these pointers, John.

Re: default keyserver-options [was: Re: keys not available for signed messages in this maillist]

On Apr 11, 2011, at 11:23 AM, Daniel Kahn Gillmor wrote: > On 04/09/2011 10:48 AM, David Shaw wrote: >> I agree that include-subkeys should be on by default. That only makes >> sense, especially now that subkeys are frequently used for signing. > > yep. > >>

Re: Creating signatures with expiration time

On Apr 14, 2011, at 5:45 AM, Jesus Cea wrote: > On 14/04/11 06:05, Daniel Kahn Gillmor wrote: >> On 04/13/2011 10:43 PM, Jesus Cea wrote: >>> My idea was to create a signature with a expiration date, so signatures >>> should be renewed every year. The OpenPGP Standard documents this type >>> of sig

Re: Question regarding the migration of the pgp keyring to gpg

On Apr 15, 2011, at 1:23 AM, Pramod.R wrote: > Hi, > > We are migrating from pgp 6.5.8 to gpg 1.4.11. I had a question regarding > the migration of the public keys and the private keys: > > Is there a way where I could migrate the entire key ring at one go? I’m > currently extracting my key

Re: --s2k-count: correct value in config file needed?

On Apr 18, 2011, at 7:05 AM, Hauke Laging wrote: > Hello, > > is the value of --s2k-count written to the key somehow? If not, can you use a > key only if the correct value is given in the config file (or command line)? > Does a key become kind of useless if you have forgotten the value which wa

Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

On Apr 18, 2011, at 6:56 PM, Robert J. Hansen wrote: >> Yes, well, that would mean that a 32-character English passphrase will >> average about 64 bits of randomness. Is that really enough to protect >> a key from an offline brute force attack? I think not, but am open to >> being persuaded. :) >

Re: Updating signature cert-level

On Apr 26, 2011, at 4:12 PM, Doug Barton wrote: > On 04/26/2011 13:06, Aaron Toponce wrote: >> I signed a key, of which defaulted to cert-level 0 (I will not answer), >> which must be the default. When signing the key, GunPG didn't ask me about >> any checking. However, I would like to update the

Re: Updating signature cert-level

On Apr 27, 2011, at 5:11 AM, Aaron Toponce wrote: > On Tue, Apr 26, 2011 at 01:12:00PM -0700, Doug Barton wrote: >> I think you can delsig, then sign again. The keyservers would have >> both, but hopefully client software (like gpg) would be smart enough >> to use the more recent? I would imagine

Re: Updating signature cert-level

On Apr 27, 2011, at 1:25 PM, Kevin Kammer wrote: > On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw: > >> Incidentally, it is possible to tweak the trust calculations to take >> signature level into account. GnuPG supports reading a trust "map" >>

Re: Passphrase

On Apr 26, 2011, at 6:38 PM, Stephen H. Dawson wrote: > Hi, > > > Dire need, hoping for help. > > I have my private and public keys, but you have neither the passphrase nor a > revocation certificate. I need to revoke my published key. Can they > recommend a bash script to discover the p

Re: Centralizing Private and Public Keys From Multiple Boxes with "-user" Switch

On Apr 29, 2011, at 2:56 PM, Ted Zatopek wrote: > > Is it possible to have multiple private keys in use on the same keyring? > > We have a GPG installation on two different boxes (with one private key in > use on each) and both boxes have reached end of life and need to be > decomissioned. >

Re: Syncing Keys between multiple computers?

On May 1, 2011, at 7:51 PM, John Clizbe wrote: > Christopher Tran wrote: >> Whats the easiest way to keep GPG keys synced between my computers? Like, I > have my MacBook, which is usually my main machine, but I also have my netbook > which I prefer carrying around and sometimes I update my key wit

Re: Offline Master Key

On May 2, 2011, at 10:47 AM, patric...@lavabit.com wrote: > Hi, > > I have question on key management and was looking for some feedback. My > issue is that I like the idea of having a Master signing key with no > expiration date and I want to store this key offline without the > inconvenience of

Re: scripting gpg

On May 4, 2011, at 7:01 PM, Jon Drukman wrote: > I need to do the following: > > - when a new machine is created, automatically import a public key and give it > full trust > > - be able to encrypt files with that public key without any interactive > prompting (from a shell script/cron job) > >

Re: Best practice for periodic key change?

On May 7, 2011, at 5:49 PM, MFPA wrote: > On Saturday 7 May 2011 at 10:21:17 PM, in > , Jerome Baum > wrote: > > >> On digital signatures being legally binding, apparently >> a scanned bitmap of your signature is enough to be >> "binding" (as would be no signature), just that it >> isn't very st

Re: Best practice for periodic key change?

On May 7, 2011, at 10:21 PM, Robert J. Hansen wrote: > On 05/07/2011 09:50 PM, David Shaw wrote: >> Incidentally, speaking of bitmap signatures - a "signature" made via >> a rubber stamp of a signature can be binding under certain >> circumstances as well (at

Re: Best practice for periodic key change?

On May 7, 2011, at 10:57 PM, Jerome Baum wrote: > On Sun, May 8, 2011 at 00:07, MFPA wrote: > Maybe we could use something like > http://www.itconsult.co.uk/stamper.htm > > I checked the newsgroup (only through Google, last posting from '05) and > don't see the signatures being posted anymore.

Re: Best practice for periodic key change?

On May 7, 2011, at 11:04 PM, Jerome Baum wrote: > On Sun, May 8, 2011 at 04:53, David Shaw wrote: > I knew a man (a lawyer, as it happened) who always signed documents with > several loops in a row. When I asked him why he didn't use a "real" > signature (i.e. why h

Re: Generate digest and signature seperately

On Jun 13, 2011, at 1:05 PM, Jerome Baum wrote: >> We had a discussion about smart-card signatures here and basically the >> issue with passing just a hash is that you can't distinguish data >> signatures from certifications/key signatures. > > To clarify, you can't tell from the hash, and you ca

Re: Generate digest and signature seperately

On Jun 13, 2011, at 8:31 PM, Kerrick Staley wrote: > Just to make sure that I'm understanding this, a complete PGP signature does > not embed information about whether it is the signature of a file or the > signature of a certificate, so it's a bad idea to sign a remotely generated > digest? N

Re: Aspects of trust

On Jun 14, 2011, at 1:16 PM, Kerrick Staley wrote: > This is to confirm my understanding of an important aspect of the way > GnuPG works: > > When you decide whether to trust a signature, there are two questions > that must be asked: > a) Does the key used to make this signature really belong to

Re: Problem with faked-system-time option

On Jun 15, 2011, at 11:39 AM, Hauke Laging wrote: > Am Mittwoch, 15. Juni 2011, 17:07:22 schrieb Daniel Kahn Gillmor: > >> I think it is a mistake to make this particular notation, when signature >> type 0x40 already exists: >> >> https://tools.ietf.org/html/rfc4880#page-21 >> >> --

Re: Problem with faked-system-time option

On Jun 14, 2011, at 9:16 PM, Jerome Baum wrote: >>> Why modify the standard? >> >> Because signature notations are supposed to be standardized. There aren't any >> yet though. Nobody suffers from defining a string to mark timestamp-only >> signatures. That is easily parsable both for software and

Re: Problem with faked-system-time option

On Jun 15, 2011, at 3:30 PM, Hauke Laging wrote: > Am Mittwoch, 15. Juni 2011, 21:10:45 schrieb David Shaw: >> and are not well specified (0x40 sigclass - is it a binary >> signature? a text signature?). > > How is this a problem? Does it matter for that purpose

Re: Problem with faked-system-time option

On Jun 15, 2011, at 3:50 PM, Daniel Kahn Gillmor wrote: > On 06/15/2011 03:10 PM, David Shaw wrote: >> That said I'd probably suggest notations for this, even though 0x40 exists >> in the standard. 0x40 signatures are a bit of a leftover tail in the >> standard,

Re: Problem with faked-system-time option

On Jun 15, 2011, at 5:33 PM, Daniel Kahn Gillmor wrote: > On 06/15/2011 05:19 PM, David Shaw wrote: >> I'm not sure I agree with that. Essentially, this notation is a way for a >> user to say "This is what I mean by this signature". Meaning and intent is &g

Re: Problem with faked-system-time option

On Jun 15, 2011, at 6:02 PM, Jerome Baum wrote: >> Out of curiosity, as long as we're talking about things that current code >> will reject, does the 0x50 signature meet the semantics desired here? This >> all sounds vaguely notary-like ("I saw this document on such-and-such date") >> to me, a

Re: Problem with faked-system-time option

On Jun 15, 2011, at 7:19 PM, Jerome Baum wrote: Out of curiosity, as long as we're talking about things that current code will reject, does the 0x50 signature meet the semantics desired here? This all sounds vaguely notary-like ("I saw this document on such-and-such date")

Re: Problem with faked-system-time option

On Jun 15, 2011, at 11:23 PM, Jerome Baum wrote: The 0x50 signature should not be interpreted as the output of a real-world notary >>> >>> Who says that? >> >> RFC-4880 says that. And speaking as the person who suggested it, I can tell >> you my intent ;) > > Fom

Re: Problem with faked-system-time option

On Jun 16, 2011, at 12:12 AM, Jerome Baum wrote: The draft spec actually called it a "notary signature", but after discussion, the name was intentionally changed to "Third-Party Confirmation signature" explicitly to avoid any confusion with a real-world notary or what they d

Re: Understanding the "--refresh-keys" output

On Jun 16, 2011, at 8:18 AM, Jerry wrote: > This is probably a really dumb question; however, I am hoping that > someone can answer it for me. > > On a FreeBSD-8.2 system, running "/usr/local/bin/gpg2 --refresh-keys" > ends with the following output. > > > gpg: Total number processed: 396 > gpg

Re: Problem with faked-system-time option

On Jun 16, 2011, at 1:32 AM, Jerome Baum wrote: >>> So, how do you sign >>> (i.e. timestamp) data that isn't already signed by someone else? >> >> You use a regular old 0x00 signature. 0x50 gives you capabilities that 0x00 >> doesn't. That doesn't mean 0x50 takes over all purposes of an 0x00.

Re: Problem with faked-system-time option

On Jun 16, 2011, at 3:14 AM, Werner Koch wrote: > On Wed, 15 Jun 2011 21:50, d...@fifthhorseman.net said: > >> According to whois, that's Werner and g10 code GmbH. Werner, can you >> comment on any policy for use of @gnupg.org notations? Would it help if > > If it is a reasonable thing I see n

Re: Problem with "hkp server wwwkeys.eu.pgp.net"

On Jun 16, 2011, at 8:24 AM, Jerry wrote: > The "hkp server wwwkeys.eu.pgp.net" has been unreachable for several > days at least from my locale. I was wondering if anyone had any > information regarding it or who I could report this problem to? wwwkeys.eu.pgp.net is intended to be a round-robin o

Re: Problem with faked-system-time option

On Jun 16, 2011, at 12:55 PM, Jerome Baum wrote: > (In the context below, "we" refers to the people to whom the > respective statement applies.) > >> I got into this discussion because there was talk of new subpackets or >> sigclasses and a misunderstanding of how notations worked. > > What tal

Re: Understanding the "--refresh-keys" output

On Jun 16, 2011, at 10:38 AM, Daniel Kahn Gillmor wrote: > On 06/16/2011 09:31 AM, David Shaw wrote: >> Line 9 is just a key count. You have 17 valid keys. All of them ("u") are >> ultimately trusted, which suggests that you have 17 keys that you have >>

Re: Question regarding the migration of the pgp keyring to gpg

On May 27, 2011, at 8:24 AM, Pramod.R wrote: > Hi David, > > Thanks so much for your response on this. > > Now, when I tried decrypting a pgp encrypted file through a gpg (using the > gpg --decrypt command), I'm running into this problem of "idea encryption (0) > failed" even when I tried comp

Re: Understanding the "--refresh-keys" output

On Jun 16, 2011, at 7:02 PM, Scott Lambdin wrote: > How can I get a report like this without refreshing the keys, please? > > gpg: depth: 0 valid: 17 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 17u Run "gpg --check-trustdb". By default --refresh-keys calls --check-trustdb for you automatically,

Re: DH Key

On Jun 23, 2011, at 4:05 PM, Robert J. Hansen wrote: > On Thu, 23 Jun 2011 09:11:37 -0600, Lane Brooks wrote: >> I need to generate a 2048-bit PGP version 6.5.3 or later and of the type > >> DH/DSS public key. > > For reasons I've never been able to understand, PGP insists on calling > Elgamal

Re: Change key prefs; few questions

On Jul 2, 2011, at 3:37 PM, Chris Poole wrote: > Hi, > I changed the order of preferred ciphers and hash functions using setpref. My > public key has changed, but not the fingerprint. That is correct. Changing the various preferences does not change the fingerprint. The fingerprint remains c

Re: Change key prefs; few questions

On Jul 3, 2011, at 4:37 AM, Chris Poole wrote: > Thanks. > > There's no way to change the cipher used for encrypting the private key > itself (CAST5 I believe)? It is CAST5 by default, but you can change it. To change the cipher, you need to set the passphrase since that's when the encryption

Re: Change key prefs; few questions

On Jul 3, 2011, at 10:58 AM, MFPA wrote: > On Sunday 3 July 2011 at 3:24:15 PM, in > , David Shaw > wrote: > > > >> This will set your private key cipher to AES: > >> gpg --s2k-cipher-name aes --edit-key (thekey) passwd >> save > > Is there

Re: Change key prefs; few questions

On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >> There are some obscure edge cases where you must have a 3DES or AES encrypted >> private key, but for the overwhelming majority of people, no, there is no >> reason to

Re: Check that s2k-count has changed

On Jul 8, 2011, at 10:10 AM, Chris Poole wrote: > When changing my secret key's passphrase, I bumped up the s2k-count to > 6553600 (I just added two zeros; I don't notice any slow down when > decrypting on a Core2Duo). > > How can I confirm that this count is being used? > > I ran gpg --list-pac

Re: Check that s2k-count has changed

On Jul 8, 2011, at 2:35 PM, Chris Poole wrote: > On 8 Jul 2011, at 17:31, David Shaw wrote: >> Yes. Note that the list-packets output shows the internal packed value: >> 6553600 should come out to 201. The default of 65536 would encode to 96. > > I do indeed get 201. Ou

Re: Calculating ciphertext sizes

On Jul 11, 2011, at 3:26 PM, Aaron Toponce wrote: > When encrypting a plaintext source, is there a way to predict the size of > the ciphertext output? I'm sure this depends on the cipher used, as well if > compression or hashing algos are used. The single largest thing that affects your output is

Re: Why sign as well as encrypt files stored on untrusted drives?

On Jul 13, 2011, at 7:28 AM, Chris Poole wrote: > Hi > > Say I encrypt a file to myself using my public key, and only I will > ever need or want to access the plaintext. The file will be stored on > an untrusted drive somewhere. I don't care about authenticity, in the > sense that I'll never need

Re: keysigning parties

On Jul 13, 2011, at 10:07 PM, Aaron Kaufman wrote: > Hello, > > This is my first post to this list so please excuse me if i violate any > etiquette. I am having a really hard time finding any *current* info on > key signing parties. I was wondering if someone could point me in the > right directi

Re: Including public key

On Jul 27, 2011, at 10:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as below? It depends on what you're trying to accomplish. In my experience, it's generally felt to be somewhat im

Re: Creating a quickly expiring signature

On Jul 28, 2011, at 4:49 PM, Dan McGee wrote: > I wanted to test behavior of an application with an expired signature, > but using `--ask-sig-expire` don't seem to be granular enough. The > minimum I can specify is either 1 day, or an absolute date (e.g. > 2011-07-29), which is still 8+ hours away

Re: decrypt adding ^M characters at the end of each line

On Aug 2, 2011, at 9:55 AM, Randy Braun wrote: > > Anyone have any ideas as to why I am seeing ^M characters at the end of > each line after decrypting a file? > > I am using the following: > > /sftw/gnupg/bin/gpg --output /path/path/testfile.txt > --decrypt /path/path/testfile.txt.pgp > > Thi

Re: decrypt adding ^M characters at the end of each line

On Aug 2, 2011, at 12:17 PM, Randy Braun wrote: > I have that very question out to the vendor to see what platform the file > was created on prior to encrypting it. > > I have seen this same behavior with ftp when you go from windows to unix or > vice versa when you don't use binary mode. > > I

Re: Trust model - trust level 1 and 2

On Aug 11, 2011, at 10:49 AM, Nicholas Cole wrote: > Dear List, > > Is there any difference in the standard trust model between marking a > key level 1 ("I don't know or won't say") and level 2 ("I do NOT > trust")? Given the text strings you're quoting, I assume you're referring to ownertrust

Re: Implementation question: validating left two of signatures

On Aug 12, 2011, at 3:27 PM, brian m. carlson wrote: > I have a quality-of-implementation question (more in general than > specifically about GnuPG). I am writing an implementation of OpenPGP > that verifies signatures, among other things. > > Signatures contain the left two bytes of the hash as

Re: Multiple signatures

On Oct 3, 2011, at 1:49 PM, pet jemen wrote: > Hi, > > I want to sign binary data in OpenPGP Message Format. > I want sign it by two or more keys. > According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is > possible. > (A one-octet number holding a flag showing whether the si

Re: Why do I receive keys I wouldn't expect

On Oct 16, 2011, at 8:57 AM, Martin Jachs wrote: > I issued the following command to receive my own public key for my other mail > address "m.ja...@gmx.net". > > gpg --keyserver sks-keyservers.net --recv-keys D870A352 > > and got the following output > > gpg: requesting key D870A352 from hkp s

Re: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation

On Nov 26, 2011, at 2:10 PM, Werner Koch wrote: > On Sat, 26 Nov 2011 18:25, nicholas.c...@gmail.com said: > >> The GPG project itself must have hit many of these issues. Is there a > > No, we don't. GnuPG has originally been developed in Germany because we > have been able to do that without

Re: keys.gnupg.net

On Nov 18, 2011, at 11:09 PM, John A. Wallace wrote: > In addition, it seems to imply to me from the instructions online at > http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Configuration-Opt > ions.html, that I could in fact use more than one "keyserver 'name'" option > in my 'gpg.conf

Re: PGP decryption and "built-in" integrity checking?

On Nov 29, 2011, at 11:53 PM, Joe Tamber wrote: > Hello all, > > Let's assume a file was encrypted with PGP, and then subsequently transmitted > to another system over the internet. > During the transmission, one byte from the PGP file was dropped off... the > recipient received everything exc

Re: Possible IPv6 bug for --keyserver option

On Nov 30, 2011, at 7:18 AM, gn...@lists.grepular.com wrote: > mike@Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key > gpg: requesting key from hkp server grepular.com > gpgkeys: HTTP fetch error 7: Failed to connect to > 2001:470:1f09:1186::beef: Network is unreachable > gpg:

Re: Possible IPv6 bug for --keyserver option

On Nov 30, 2011, at 11:43 AM, gn...@lists.grepular.com wrote: > On 30/11/11 16:25, David Shaw wrote: > >>> mike@Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key >>> gpg: requesting key from hkp server grepular.com >>> gpgkeys: HTTP fe

Re: Gnupg: display p and q lengths of DSA public keys?

On Dec 1, 2011, at 1:50 PM, Pat Hall DDPMOSTL wrote: > In attempting to determine whether a given GPG public key is still in the > "acceptable" category of U.S. NIST SP 800-131A standards as of 2011, for DSA > keys I need to be able to verify both the |p| and |q| lengths. > > In particular, I n

Re: keyserver spam

On Dec 16, 2011, at 10:51 AM, gn...@lists.grepular.com wrote: > I understand that once you've uploaded something to the keyservers, it > can't be removed. Eg, if I sign someone elses key and upload that, it > will be attached to their key permanently? Essentially, yes. Things are theoretically r

Re: keyserver spam

On Dec 17, 2011, at 8:23 AM, gn...@lists.grepular.com wrote: > On 16/12/11 19:07, ved...@nym.hush.com wrote: > >> What if keyservers were to limit the amount of keys generated or >> uploaded to a 'reasonable' amount which no 'real' user would >> exceed? >> >> (i.e. 10/day, or some other number

Re: keyserver spam

On Dec 17, 2011, at 10:25 AM, Jerome Baum wrote: > On 2011-12-17 16:17, David Shaw wrote: >> It's an interesting server, with different semantics than the >> traditional keyserver net that we were talking about earlier. Most >> significantly, it emails the keyholder

Re: Short ID Collision

On Dec 28, 2011, at 6:13 AM, Jerry wrote: > Did anyone read about this reported problem with GnuPG and short keys? > I found this on SlashDot this morning: > > http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred?utm_source=headlines&utm_medium=email The proper ti

Re: How to sign my own public key?

On Dec 29, 2011, at 10:19 AM, Robert J. Hansen wrote: > On 12/29/11 10:08 AM, Stayvoid wrote: >> A key is already signed after creation, right? > > Per spec, it must be. GnuPG enforces this. However, it's possible to > find some (likely deliberately mangled) certificates that are missing > self

Re: How to sign my own public key?

On Dec 29, 2011, at 6:57 AM, Stayvoid wrote: > Hi there! > > How to sign my own public key? > I've read that this is important. > Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm It is important, and so GnuPG does it automatically for you. That page dates from a long while ag

Re: Creating a key bearing no user ID

On Jan 22, 2012, at 1:05 PM, Holger wrote: > Hello gnupg-users, > > I intend to use gpg only for receiving encrypted e-mail, not signing my > outgoing e-mail. Because I don't want my name or e-mail address out there on > the keyservers, I want do create a key without a uid. People who want to s

Re: Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

On Jan 27, 2012, at 8:52 PM, John Clizbe wrote: > Peter Lebbing wrote: > >> And a curious person with a mean streak might sign a key with an obscured >> e-mail >> address with a signature saying "this is the key for >> expires2...@rocketmail.com" >> }:-]. Which is verifiable by hashing the e-ma

Interesting real world short ID collision

As pointed out in Debian bug 659905, on the keyservers, the primary key 171CAA4A (dated 2002) collides (presumably naturally) with a subkey on primary key 1C8BB5A7 (dated 2000). It seems the owner of one went to a keysigning party, and an attendee was rather surprised to find two keys coming ba

Re: Trust signatures with unbounded regular expressions

On Feb 21, 2012, at 5:52 AM, Sean Buckheister wrote: >> No. For security reasons we don't allow arbitrary REs anymore: > > That is unfortunate. I'll probably default to signature notations and > some more application logic then. > > Thank your for your time. If I understand, you were trying to

Re: Encrypted large files cant decrypt

On Feb 24, 2012, at 7:21 PM, Astrid Staufer wrote: > > Hallo, > I encrypt with the folowing command on a server a backup and send it on an > other server over FTP: > > "tar -czf - $mysql_backup_file $directory_to_backup | gpg --no-tty --batch > --always-trust --recipient $id_number --encrypt | c

Re: invalid gpg key revocation

On Mar 5, 2012, at 12:12 PM, auto15963...@hushmail.com wrote: > I am 99.9% sure no one has gotten access to my machine or my keys. > If they had, I have to believe that there would have been more > damage done than this, and that does not appear to have happened. I > mention the details, which

Re: List-packets help

On Apr 9, 2012, at 10:52 AM, John Gill wrote: > I'm assuming the the signatures indicate, roughly the set of options that my > recipients will not receive an error about ignored preferences. For > instance, symmetric algo 9 has been around for the last 10 years at least. > but if I force it on

Re: Draft of nine new FAQ questions

On May 23, 2012, at 12:18 PM, Robert J. Hansen wrote: > I have a draft version of nine frequently asked questions ready for > community review: > > http://keyservers.org/gnupgfaq.xhtml > > Note that this draft is in nicely-typeset XHTML5. This is to make it > easier to proofread. The fin

Re: Draft of nine new FAQ questions

On May 23, 2012, at 4:45 PM, Robert J. Hansen wrote: > I don't want to seem argumentative (especially because I haven't looked > at the RFC lately), but I was under the impression the RFC was mostly > silent on the subject of algorithms and key sizes -- DSA being a MUST > algorithm, but little gui

Re: changing the default for --keyid-format [was: Re: getting an encrypted file to show what public key was used]

On May 29, 2012, at 11:51 AM, Daniel Kahn Gillmor wrote: > On 05/29/2012 11:35 AM, Werner Koch wrote: >> Use >> >> gpg --keyid-format long --decrypt sensitive_file.gpg >> >> to see the non-abbreviated key ID as stored in the file. Use this to >> find the key on a server, etc. > > i've seen

Re: changing the default for --keyid-format

On May 29, 2012, at 1:18 PM, Werner Koch wrote: > On Tue, 29 May 2012 18:31, r...@sixdemonbag.org said: > >> Honestly, this seems like something to bring up to the IETF WG. The RFC >> already has a plethora of implementation recommendations: adding an >> implementation recommendation of "use lon

Re: changing the default for --keyid-format [was: Re: getting an encrypted file to show what public key was used]

On May 29, 2012, at 2:05 PM, Sam Whited wrote: > On Tue, May 29, 2012 at 1:47 PM, David Shaw wrote: >> On May 29, 2012, at 11:51 AM, Daniel Kahn Gillmor wrote: >> >> What is your concern here, though - accidental or intentional collision? > > Certainly both; while

<    1   2   3   4   5   6   7   8   9   10   >