Am Mi 18.02.2015, 21:29:40 schrieb Xavier Maillard:
> Jesper Hess Nielsen writes:
> >> gpg -u -u --clearsign keytransition.txt >
> >> keytransition.signed2
> >
> > woops, forget about the '> keytransition.signed2' part. Just running
> > with --clearsign will give you a keytransition.txt.asc fi
Am Fr 27.02.2015, 09:45:36 schrieb gnupgpacker:
> German ct magazine has postulated in their last edition that our pgp
> handling seems to be too difficult for mass usage, keyserver
> infrastructure seems to be vulnerable for faked keys, published mail
> addresses are collected from keyservers and
Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
> Maybe implementation with an opt-in could preserve publishing of faked
> keys on public keyservers?
We need keyservers which are a lot better that today's. IMHO that also
means that a keyserver should tell a client for each offered certificate
w
Am Fr 27.02.2015, 21:25:40 schrieb Christoph Anton Mitterer:
> On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote:
> > So what exactly is the purpose of the keyserver then ?
>
> Find trust paths
What could that be good for? If you do not make very strange assumptions
that could be of any u
Am Fr 27.02.2015, 22:30:41 schrieb Christoph Anton Mitterer:
> Obviously I'll need any intermediate keys (and enough of them that I
> personally decide it's trustworthy).
Once more we see the term that confuses nearly everyone:
You personally decide to trust a key – for it's certifications. That
Am Fr 27.02.2015, 20:56:00 schrieb Werner Koch:
> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> > that anyone can upload _every_ key to a keyserver is an issue. If
> > keyservers would do some sort of verification (e.g. confirmation of
> > the email addresses) then this would lead to much
Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing:
> But what about that Man in the Middle who does nothing more than
> receive your message encrypted to their key and forward it to the
> real recipient you are building a trust relationship with?
He does have to do more: He has to intercept the me
Am Fr 27.02.2015, 13:11:33 schrieb Kristian Fiskerstrand:
> > We need keyservers which are a lot better that today's. IMHO that
> > also means that a keyserver should tell a client for each offered
> > certificate whether it (or a trusted keyserver) has made such an
> > email verification.
>
> Th
Am Sa 28.02.2015, 12:27:05 schrieb Neal H. Walfield:
> In that time, OpenLDAP configuration has gotten a lot more
> complicated. I've modernized and significantly expanded his tutorial.
> You can find it here:
>
> http://wiki.gnupg.org/LDAPKeyserver
Doesn't refer to your work but is a general
Am Sa 17.08.2013, 06:56:45 schrieb Tiwari, Ashish:
> -sign --encrypt
There is a dash typo.
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
Am Do 22.08.2013, 09:56:51 schrieb Robert J. Hansen:
> From section 9.2 of RFC4880, the following symmetric cipher profiles are
> defined:
>
> GnuPG extends this with support for Camellia-128, Camellia-192 and
> Camellia-256.
The wording "GnuPG extends" seems inappropriate to me as it is indeed
Hello,
start cmd:> gpg --version
gpg (GnuPG) 2.0.19
libgcrypt 1.5.3
I would expect that "gpg --armor --gen-random 1" does not follow the
documentation statement "If count is not given or zero, an endless sequence of
random bytes will be emitted." unconditionally as this doesn't make any sense
Am So 08.09.2013, 11:07:21 schrieb Robert J. Hansen:
Once more I feel enlightened (and I am sure I am not the only one). From time
to time it seems appropriate to me that someone says thank you. So this time I
do that.
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP
Am Mi 11.09.2013, 10:07:30 schrieb Daniel Kahn Gillmor:
> Should i be able to see the notations when using --with-colons somehow?
show-sig-subpackets is your friend.
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
s
Am Mi 11.09.2013, 23:42:30 schrieb Philip Jägenstedt:
> My public key has the default capabilities sign and certify. I've seen
> that some people have only the certify capability in order to be able to
> keep the main key offline most of the time.
It's of limited use to make a former online mainke
Am Do 12.09.2013, 14:53:29 schrieb Philip Jägenstedt:
> what I'm actually considering is how to remove the
> private master key from my laptop, so that if it's lost/stolen I only
> need to revoke the subkeys.
gpg --armor --export-secret-keys "$mykeyid" > key.secret-mainkey.asc
gpg --armor --expor
Hello,
I'd like to motivate you to do something (at least passively) I have started
doing:
There are some (both private and commercial) web sites which have a statement
and link like this on their contact page: "And here you can download my PGP
key."
Most of them (at least of the German ones)
Am So 15.09.2013, 21:11:04 schrieb Philip Jägenstedt:
> In very concrete terms, how can I determine which keys I need to
> import so that the GnuPG dist sig (4F25E3B6) has full validity?
> in order to find
> the shortest paths and then manually import the keys to verify that it
> is in fact true.
Am Di 17.09.2013, 10:17:11 schrieb Daniel Kahn Gillmor:
> No, it doesn't sound right because one key ≠ one person. It is possible
> for one person to hold many keys.
>
> If I hold n keys, and i certify with all of them, and you grant all my
> keys marginal ownertrust, then all it takes is 1 pers
ultimate
sub 2048R/0x9B681F49 created: 2013-09-19 expires: 2014-09-19 usage: S
sub 2048R/0xB42B66D3 created: 2013-09-19 expires: 2014-09-19 usage: E
[ultimate] (1). Hauke Laging
uid Hauke Laging
1 user ID without valid self-signature detected
gpg>
gpg --armor --export-secret-keys foo@
Am Di 24.09.2013, 00:21:09 schrieb Chuck Peters:
> I attended a small key signing party Saturday after generating a new key
> with multiple subkeys with the notion of having a email signing keys on
> less secure systems like my VPS (using mutt) and a separate subkey for
> each computer or device.
Am Do 26.09.2013, 16:17:37 schrieb Hank Ivy:
> What articles exist on having two private/public key pairs, and using one to
> only sign a document, and the other only for encryption?
> Have there been any courts that subpoenaed the private key and its pass
> phrase of a user?
You can have a singl
Am Fr 27.09.2013, 09:56:03 schrieb Robert J. Hansen:
> What's worse is that
> revoking your key could be seen as tipping off your correspondents to
> the police's activities, and that's a serious offense under RIPA.
Is that your interpretation or in any way official? My respective search
engige
Am Fr 11.10.2013, 01:25:50 schrieb Robin Kipp:
> Invoked addkey to generate a 2048 bit RSA sub key, with
> encryption and signing capabilities.
It seems to me that the more accepted recommendation here is to have separate
subkeys for signing and encryption.
> 6. Exported all secret and public
Hello,
a few mails ago dkg asked what the use of key policy documents was. That is
obviously limited for several reasons. But the conclusion cannot be that we do
completely without anything like that. It must be that we solve the problem in
a reasonable way. If we don't then we seriously limit
Am Sa 12.10.2013, 00:53:30 schrieb Robin Kipp:
> > "Robin Kipp (normal security level subkeys with offline mainkey)"
>
> This is something I'm not really sure about, for the reasons that Daniel
> pointed out in his reply - putting in such a 'dummy UID' might confuse
> someone wanting to sign my
Am Fr 11.10.2013, 19:09:19 schrieb Doug Barton:
> On 10/10/2013 06:32 PM, Hauke Laging wrote:
> | I know of no good reason for creating a mainkey without expiration date.
>
> I know of no good reason to use expiration dates at all.
>
> Most end users don't know how to pro
Am Mo 14.10.2013, 06:41:25 schrieb NdK:
> What I still couldn't understand is how I can sign a key saying "I'm
> really sure of the owner's identity, but I don't really trust him
> properly handling other signatures"
That is a strange question because normal certifications do not include any
sta
Hello,
I think it would be a good idea to change the handling of local signatures. I
suggest to import local signatures even without
--import-options import-local-sigs
if the local signature is by one of the secret keys in the local keyring. That
would make the handling of offline mainke
Am Di 15.10.2013, 21:43:14 schrieb David Shaw:
> Have you tried doing this?
Great, once again solving problems I invented.
Then I would like to change my request to adapting the documentation
accordingly...
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D
Am Di 22.10.2013, 23:21:28 schrieb Johan Wevers:
> I have 2 active keys (a v3 2048 bit RSA and a v3 3072 bit DSA), and when
> I send encrypted mail via Thunderbird 3.1.20 it uses always the RSA keyt
> for encrypt to self but I want to use the other.
DSA cannot encrypt.
gpg --edit-key 0x12345678
Am Di 22.10.2013, 18:01:46 schrieb Robert J. Hansen:
> certificate, you are making an assertion about identity: that, to a
> level exceeding your threshold of certainty,
Even worse: "exceeding your threshold of certainty in that moment"
I am afraid this assessment changes for most users over tim
Am Di 22.10.2013, 23:45:28 schrieb Johan Wevers:
> pub 1024D/9E8C5DDF created: 2000-08-11 expires: never usage: SCA
> trust: ultimate validity: ultimate
> sub 3072g/7A3FE18C created: 2000-08-11 expires: never usage: E
> [ultimate] (1). Johan Wevers
> [u
Hello,
due to its rather little visibility for the average user this affects GnuPG
less than its GUIs (the mail clients in particular). It may well be used in
the GnuPG documentation (man, info, www). But I assume that many GUI (or more
general: crypto tool) developers are on these lists.
We n
Am Mi 23.10.2013, 21:20:24 schrieb John Clizbe:
> Enigmail has long been a featured extension on Thunderbird's page
> https://addons.mozilla.org/en-US/thunderbird/
That's nice but not what I was talking about (sorry if I didn't manage to make
myself clear enough). That is "Use non-crypto tools t
Am Fr 25.10.2013, 23:45:50 schrieb Johan Wevers:
> Further, if they expect it to be secure for only 25 years,
This means that every single key is secure over that time. It means that after
25 years organizations with huge resources may be able to crack a *single* key
in a lot of time (rather a
The two curerent discussions – one about the FAQ, the other one with "we
discussed that back then" statements – make me guess whether it makes sense to
link such threads in the FAQ.
BTW: Where is the FAQ? I hope this question does not seem too stupid... The
one one gnupg.org calls itself outda
Am Mi 30.10.2013, 11:58:56 schrieb Sam Tuke:
> I'm working with Werner to promote GnuPG and raise awareness.
I don't understand what that is supposed to be good for. Is there any serious
competition between GnuPG and whatever other product? Nearly everyone who uses
OpenPGP in a private environm
Am Do 31.10.2013, 16:31:02 schrieb Daniel Kahn Gillmor:
> http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverable
> s/algorithms-key-sizes-and-parameters-report
There is one point I don't understand:
[3.6 Recommendations]
"there is general agreement this should be above the
rk as expected. After entering the command
"addrevoker" I was asked to enter the user ID of the respective key. Why the
user ID and not the key ID or fingerprint? Does that make any sense?
However, gpg has a quite strange user ID matching behaviour here. If I enter
the complete user
Am Di 12.11.2013, 15:50:10 schrieb adrelanos:
> Is it possible to have subkeys with different comments than the main
> key? How?
The main question is: What do you mean by "comments"? You probably refer to
the comment part of a user ID. But it has not been determined what exactly
that refers to.
Am Mi 13.11.2013, 00:34:38 schrieb adrelanos:
> > But it has not been determined what exactly
> > that refers to.
>
> I don't understand what you mean by that sentence.
I mean: It is difficult to say "A UID comment refers to the mainkey" or "A UID
comment refers to the subkey" (and make sense).
Am Fr 15.11.2013, 15:40:30 schrieb Juergen Polster:
> For those not reading German the "summary" of the summary report is:
>
> Symmetric 80 bit keys are accepted for transaction data and existing
> systems to be replaced in the next 5 -10 years. Symmetric keys of 128
> bit are OK for mid-term and
Hello,
from time to time someone asks how secure (a)symmetric crypto really was and
then our math and physics teacher Rob has his performance.
Somebody just pointed me at this:
http://2012.sharcs.org/slides/biryukov.pdf
Of course, they say "No practical impact due to reliance on related
keys"
Am So 17.11.2013, 19:02:12 schrieb Martin Vegter:
> gpg: fatal: can't create lock for `/root/.gnupg/trustdb.gpg'
> Could somebody please advice how I can use gpg without temporary files ?
That is a lock file. Try --lock-never
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unt
Am Mo 18.11.2013, 17:21:22 schrieb adrelanos:
> Hi,
>
> An article about air gapped OpenPGP keys has been written by me:
> https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
>
> Please leave feedback or hit the edit button.
> By default GPG creates one signi
Am Di 03.12.2013, 12:21:26 schrieb bj:
> Where is password defined?
passwort is (implicitly) defined in the keyring. The secret key is stored
encrypted. You need the passphrase in order to use the key. You must know the
passphrase, you cannot get it from the GnuPG installation.
> *FOR /F "del
Am Di 03.12.2013, 08:22:28 schrieb Eric Poellinger:
> PRIMARY QUESTIONS - I am uncertain about the sub-key. When I attempt to
> 'expire' it the date does not seem to change.
What exactly did you do? Did you mark the subkey before and did you save the
changes to the keyring after the expire comm
Am Mi 04.12.2013, 00:00:21 schrieb Johannes Zarl:
> Sorry for asking a possibly stupid question, but how exactly does a shorter
> validity period get you more security?
This is the security against the possibility that
a) the key has been compromised and revoked and you don't know that (because
Am Mi 04.12.2013, 00:39:46 schrieb Johannes Zarl:
> Isn't that just a false sense of security? After all, if the key has been
> compromised, the attacker can just prolong the validity
He could but he would need the secret mainkey for that operation and...
> > but we all love our highly secure o
Am Di 03.12.2013, 19:26:09 schrieb Robert J. Hansen:
> Could you please share a realistic scenario by which an attacker could
> compromise a subkey without also having the ability to compromise the
> primary signing key?
That's really easy: In order to get access to the subkey which will sign thi
Am Di 03.12.2013, 19:03:13 schrieb Robert J. Hansen:
> 1. The attacker can just extend the validity himself. He's
> successfully compromised the key, after all.
Sure but it makes little sense to play best practice in one part of key
management (expiration) and simultaneously worst practice
Am Di 03.12.2013, 20:10:32 schrieb Robert J. Hansen:
> UEFI is a surprisingly capable operating environment. If I can
> compromise your machine, then I put down my own code in the UEFI loader
> and wait for you to reboot your machine.
That's why crypto best practices should be extended to "what
Am Di 03.12.2013, 20:20:07 schrieb Robert J. Hansen:
> By introducing offline primary key storage on an air-gapped system, your
> policy has become so complicated that no one, yourself included, is
> capable of always following it to the letter.
Oh, recently I involuntarily proved that I do: I "m
Am Di 03.12.2013, 18:32:53 schrieb Eric Poellinger:
> Regarding the steps I took to expire the keys (4A4DBDC7 is the primary
> key, 0C0305EC is the sub) 1. gpg --edit-key 4A4DBDC7
> 1a. expire...2y
> 1b. enter passphrase
> 1c. quit and save
It would have been more helpful to see the exact steps f
Am Mi 04.12.2013, 08:10:54 schrieb Otto Hamlin:
> Open PGP is installed
No, OpenPGP is a standard not a software and thus cannot be installed on your
system (just be supported by it). You probably have gpgtools installed. Thus
your question is not a GnuPG question but a gpgtools question:
http
Am Do 05.12.2013, 19:30:07 schrieb Ingo Klöcker:
> your assertion is correct.
>
>
> In the first scenario
>
> > > a) the key has been compromised and revoked and you don't know that
> > > (because your last certificate update was before the revocation
> > > publishing)
>
> it is incorrect beca
Am Do 05.12.2013, 21:38:50 schrieb Ingo Klöcker:
> On Thursday 05 December 2013 19:47:57 Hauke Laging wrote:
> > BTW, OT: May I point you at this?
> > https://bugs.kde.org/show_bug.cgi?id=318005
> > https://bugs.kde.org/show_bug.cgi?id=326476
> > https://bugs.kde
Hello,
I want to find out what makes a key valid (and with which certification
level): a certification by one of the systems keys or one or more
certifications from the WoT. I think that it is important that applications
show this information in key selection dialogs.
IIRC this has been discus
Am Fr 06.12.2013, 23:16:57 schrieb Robert J. Hansen:
> And to encourage you to make your own contribution,
And to make that easier I add the URL:
http://www.g10code.de/gnupg-donation.html
Furthermore I would like to encourage everyone to spread the mailinglist
archive link to Rob's mail (toge
Am Di 10.12.2013, 15:42:40 schrieb Phillip Susi:
> So my old subkeys are about to expire so I created some new ones at
> home and exported them with --export-secret-subkeys. When I try to
> import them at work, gpg just says I already have that key and stops.
> Why isn't it merging the new subkeys
Hello,
some time ago I had a discussion about what a really simple crypto GUI should
look like. This is the result:
http://www.crypto-fuer-alle.de/wishlist/simple-crypto-gui/index.en.html
It's just an HTML page which allows you to jump from screen to screen (for
most suggested features) via in
Hello,
I have just been reading the man page of gpg-agent and found this:
--allow-loopback-pinentry
Allow clients to use the loopback pinentry features; see the option pinentry-
mode for details.
That made me curio
Am Di 30.07.2013, 14:28:49 schrieb Werner Koch:
> Sure. Here is a very basic one:
Took me some time to give that a try but...
> echo "OK - what's up?"
> while read cmd rest; do
> echo "cmd=$cmd rest=$rest" >&2
> case "$cmd" in
> \#*)
> ;;
> GETPIN)
> ech
Am Mi 11.12.2013, 10:51:16 schrieb Peter Lebbing:
> On 11/12/13 05:35, Hauke Laging wrote:
> > That made me curious so I wanted to do just that but: That is the only
> > occurrence of "pinentry-mode" in the man page...
>
> That one is elusive indeed! I found it
Hello,
Am Do 12.12.2013, 14:24:18 schrieb Bernhard Reiter:
> * I'm not quite sure what the aim of your gui is. To create a nice and
> usable gui (which then automatically means it has to be understandable and
> as simple as possible) we need to know what it should do.
may be. But I didn't know t
Am Fr 13.12.2013, 15:37:59 schrieb Werner Koch:
> The majority of users are using a GUI and thus the command line version
> does not matter at all.
Strange argument IMHO. Would you say the same about Linux? 99% of the desktop
users don't know that there is a shell / console layer thus it's not i
Am Fr 13.12.2013, 22:56:07 schrieb adrelanos:
> Hi,
>
> Is it possible to create a revocation certificate just for sub keys and
> not the master key?
--edit-key 0x12345678
key 1
revkey
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concep
Am Sa 14.12.2013, 17:01:23 schrieb adrelanos:
> > Am Fr 13.12.2013, 22:56:07 schrieb adrelanos:
> >> Hi,
> >>
> >> Is it possible to create a revocation certificate just for sub keys and
> >> not the master key?
> >
> > --edit-key 0x12345678
> > key 1
> > revkey
>
> That's doesn't create a revoc
Am Di 17.12.2013, 15:57:54 schrieb Daniel Kahn Gillmor:
> RSA 1024 falls
> in at the equivalent of about 73 bits of symmetric cipher. According to
> the authors, this is "Short-term protection against medium
> organizations, medium-term protection against small organizations", not
> "a First Wor
Am Di 17.12.2013, 10:40:21 schrieb Doug Barton:
> On 12/17/2013 01:09 AM, Lev Serebryakov wrote:
> | Is it possible to synchronize UID list without transferring "new"
>
> version
>
> | of private key from B to A by external means?
>
> No.
I can reproduce the problem but it doesn't make any se
Am Sa 21.12.2013, 19:24:51 schrieb Dionysis Zindros:
> I
> found a command in the wild [1] to do it, but it seems that there must
> be a better way.
Not much better ;-)
gpg --list-options show-sig-subpackets --with-colons --list-sigs |
grep ^spk:29:
Hauke
--
Crypto für alle: http://www.o
Hello,
I was just in a slightly embarrassing situation: I had a look with
gpg --list-packets
at the certificate(s) on
http://www.westphal.de/index.php?id=18
This is the (shortened) output:
:public key packet:
[...]
:user ID packet:
:signature packet:
[...]
:signature packet:
[...]
:user ID pack
Am Do 02.01.2014, 18:11:33 schrieb Peter Pentchev:
> > So I told the site owner that there was (in contrast to his statement
> > above) just one certificate on the page. I had to realize that gpg sees
> > both public keys when importing the block instead.
>
> Hm, which version of GnuPG are you us
Hello,
this is not a GnuPG problem. GnuPG is capable of doing what I want. But I am
interested in your opinion.
I just noticed that you can easily be deluded about an email being encrypted:
That you receive an encrypted mail does not mean that it was sent encrypted.
An adversary may encrypt a
Am Fr 03.01.2014, 00:33:51 schrieb Doug Barton:
> On 01/02/2014 09:35 PM, Hauke Laging wrote:
> | I just noticed that you can easily be deluded about an email being
> | encrypted: That you receive an encrypted mail does not mean that it
> | was sent encrypted. An adversary may e
Am Fr 03.01.2014, 01:13:13 schrieb Doug Barton:
> On 01/03/2014 12:59 AM, Hauke Laging wrote:
> | Do you agree that it is (or, depending on the content, can be) an
> | important information whether a message was encrypted by the sender
> | (and for which key)?
>
> Not par
Am Fr 03.01.2014, 10:02:28 schrieb MFPA:
> OpenPGP's mitigation against this is signing emails, and the web of
> trust to give assurance who signed.
That's exactly why I want signatures. But I do not only want a signature
which guarantees the data integrity, I want a(nother) signature which
gua
Am Fr 03.01.2014, 04:28:38 schrieb Robert J. Hansen:
> or that his proposed fix would work.
Would you explain how that shall be avoided?
You send an email to me. You encrypt it to the key which I want you to
encrypt it to. Then you sign the encrypted data.
If I receive an email from you which
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
> It basically works perfectly with gpg1, where I can get an inline
> prompt for a password, but gpg2 falls short where it tries to set up
> some kind of a unix-socket connection to a pinentry dialog, and this
> all falls apart within t
Am Sa 04.01.2014, 21:41:32 schrieb nb.linux:
> How can I lsign a key and transfer the local signature from my air
> gapped system?
--export-options export-local-sigs
Not necessary for import if the importing system knows the signing key
as secret key (no matter whether the mainkey is available
Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl:
> Wouldn't one have to encrypt the signed-encrypted-signed message again
> to prevent an attacker from stripping away the outer signature? What
> would the recipient then do with the simple signed-encrypted message?
That would be possible for an a
Am So 05.01.2014, 10:35:44 schrieb Peter Lebbing:
> On 05/01/14 04:38, Hauke Laging wrote:
> > You are aware that is doesn't make any sense to make this claim
> > without any argument after the opposite has been claimed with an
> > argument (a very strong one)?
>
Am So 05.01.2014, 10:15:51 schrieb Robert J. Hansen:
> Your problem can be solved trivially by establishing a policy of,
> "Encrypted messages must contain a notification within the signed
> message body of who the message is encrypted for."
That is neither trivial nor reliable nor the best appro
Am So 05.01.2014, 16:41:11 schrieb Doug Barton:
> It can be both trivial and reliable, simply place the following in
> your .signature file:
>
> I will not encrypt this message before sending.
>
> On those occasions when you do encrypt, remove the word "not."
Let me guess: Modifying the mail cl
Am Mo 06.01.2014, 01:47:39 schrieb MFPA:
> Most "signed and encrypted" messages created with PGP or GnuPG have
> the two processes applied together - you do not normally decrypt a
> message and then see a signed message as the output.
That is correct. I am not aware of a possibility to get the da
Am Mo 06.01.2014, 11:09:55 schrieb Erik Josefsson:
> Further, a friend told me that his key-manager won't let him encrypt
> to one of them.
Not surprising:
pub 4096R/0xB240C11D 2010-12-10 [expires: 2014-11-11]
uid Erik Josefsson
uid Erik Josefsson (ehj)
sub 4096R/0x0971954D
Am Do 09.01.2014, 20:51:04 schrieb Jim Ernst:
> I am trying to sign and encrypt a file using a UNIX script. No matter
> what I do, the passphrase that is requested appears to be for the
> first key that is listed via -list-keys.
> I have tried specifying a recipient
You must define the signing k
Hello,
when I help Windows users create keys then my script converts the Linux
version of gpg.conf (after some editing) to the Windows line endings.
This works.
But if I edit the file with the Windows editor (unfortunately I have
forgotten the Windows version) then gpg crashes with an error me
Am Do 16.01.2014, 05:34:34 schrieb Don Warner Saklad:
> Any way for two correspondents to set up gnupg within a few moments
> without having to become expert?
>
> The usual gnupg materials are very dense.
Ask an "expert" to do the setup. After that usage is simple.
Hauke
--
Crypto für alle: ht
Am Fr 17.01.2014, 11:44:55 schrieb Daniele Ricci:
> My question is the following: suppose I create a user ID or attribute.
> I sign it with my key and that's ok.
> One day I revoke that user ID or attribute and sign it again with a
> certification revocation.
>
> A few years later, I want to rest
Am Fr 17.01.2014, 20:03:15 schrieb Johannes Zarl:
> If, however, the revocation is only a temporary act until a newer
> self- signature supersedes it, it would be almost impossible to
> effectively and permanently revoke a key.
That's why we all use only the super-secure (haha) offline mainkeys.
Am So 19.01.2014, 15:55:51 schrieb Daniele Ricci:
> Ok, so I have to conclude it's implementation specific?
> I'm using a custom user attribute to store something that can change
> quite often (privacy lists for a chat user). What do you suggest?
My first thought is: Why should it make sense to pu
Am Di 21.01.2014, 16:06:36 schrieb Michael Anders:
> I don't know if hash preference information is additionally attached
> to keys. I would guess it is not, it wouldn't make sense to me.
Unfortunately that's not a reliable guide.
http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoter
Am Mi 22.01.2014, 13:52:09 schrieb Pete Stephenson:
> They're not sending mail to the list itself,
Once, accidentally maybe:
http://lists.gnupg.org/pipermail/gnupg-users/2014-January/048800.html
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Co
Hello,
I would like to say first that my X.509 understanding is orders of
magnitude lower that that of OpenPGP. So I hope this makes sense to
you...
This idea came to my mind while I was wondering why several CAs offer
free (but rather useless...) certificates for X.509 but not for OpenPGP.
W
Am Di 04.02.2014, 11:09:42 schrieb Daniel Kahn Gillmor:
> We have such an indicator format going in the opposite direction
> (pointing from X.509 to the related OpenPGP cert). In particular,
> it's the X509v3 extension known as PGPExtension
Interesting, I didn't know that.
> I don't know of a
Am Di 04.02.2014, 19:38:07 schrieb Peter Lebbing:
> And CACert still isn't in the default
> trusted root bundle on quite some systems, I believe.
And will probably "never" be.
> extending the trust in that broken model to OpenPGP
That is not what I suggest. You can assign certification trust t
Am Di 04.02.2014, 21:05:10 schrieb Werner Koch:
> On Tue, 4 Feb 2014 17:09, d...@fifthhorseman.net said:
> > I don't know of a formalized way to do the other mapping, but it
> > seems like it would be pretty straightforward to embed the full
> > X.509 certificate in a notation packet on a self-sig
Am Mi 05.02.2014, 11:23:24 schrieb Werner Koch:
> In general it does not make sense to use the same key - there is no
> advantage.
I think that is not correct. It is today but not from the perspective of
my proposal.
a) If a CA uses the same key in both formats then we can get the
advantage wh
1 - 100 of 575 matches
Mail list logo
