On 05.03.2015, Robert Deroy wrote:
> How could i do for use gpg on a usb key, because i have no computer, i only
> go in cybercafé.
Don't do it, it's not safe.
In case you're allowed to boot from an external medium, this still won't be
secure. Because you have no control over the hardware buil
On 17.04.2015, Venkatramana Parapatla wrote:
> How to Know keys expiration date for Already created keys using gpg in
> command prompt?
"gpg --list-keys" will give you an oversight over all keys in your public key
ring including their expiry date.
> How to renwal existing keys?
You can (of cou
On 19.07.2015, F Rafi wrote:
> Does it make sense to use a key-server?
You just answered yourself:
> The public key will only be use by a single partner organization.
> We were thinking about exchanging it over e-mail.
So no need to upload it to a keyserver.
_
On 27.08.2015, Robert J. Hansen wrote:
> I had someone wonder why the FAQ recommends avoiding CAST, BLOWFISH,
> IDEA, or 3DES for bulk encryption.
> Q: Why should some ciphers be avoided for bulk encryption?
"Some ciphers" is probably not enough for those who frequently ask
about that topic. I
On 01.10.2016, Werner Koch wrote:
> Frankly, I did not know how to translate the German term
> "Schnappschloss".
Visualising a picture of what is meant by the German term, I would
intuitively translate it to something like a hasp, a snap lock or even
a spring lock. And you're right, I also heard
On 03.10.2016, Werner Koch wrote:
> We would call the left one a "normales Vorhangeschloss" (simple
> padlock). But the middle one is known as a "Schappschloss" - referring
> to the feature that you do not need a key to lock it.
The left one is a modular padlock, and the one in the middle is an
On 20.12.2016, Christoph Moench-Tegeder wrote:
> Or is that just me and a local issue?
Most probably. For me, it works:
[htd@chiara Downloads]$ gpg --verify gnupg-2.1.17.tar.bz2.sig
gnupg-2.1.17.tar.bz2
gpg: Signature made Tue 20 Dec 2016 14:59:50 CET using RSA key ID 4F25E3B6
gpg: Good signat
On 07.09.2013, Mike Acker wrote:
> based on recent revelations we should probably not use any commercially
> offered cipher
Define "commercially used cipher".
I don't think the crypto ist the problem or the solution. Prism is
mostly about traffic analysis, which is not significantly
affected b
On 22.09.2013, Aleksandar Lazic wrote:
> What could be a perfect or at least a very good storage of the
> private Key.
Spend a little bit money and buy you a smartcard and a reader. Then,
boot a machine without internet connection from an USB-stick or
CD/DVD with some live version (e.g. http://
On 22.09.2013, Aleksandar Lazic wrote:
[Key on smartcard]
> Ok, that sound possible for people which have linux or unix experience, not
> the 'normal' mainstream user.
On the other hand, it would be a great learning experience for those
who dare to try ;-) It's well documented and not too hard.
On 25.10.2013, Sylvain wrote:
> Is this zealotry on the Debian front, or something to update in gnupg?
It's a matter of taste, and there are arguments both for and against.
In my case, having a 4096 bit key has no major drawbacks, so I'm using
one. If you trust gpg, you can safely trust the stan
On 30.10.2013, Sam Tuke wrote:
> I'm working with Werner to promote GnuPG and raise awareness.
Just my 5ø:
Raised awareness does seldom lead to change (just as knowledge and
attitudes). Before developing a strategy on promoting the use of
GPG, the barriers which prevent people from using it sh
On 02.11.2013, Sam Tuke wrote:
> Research would definitely be helpful. There are many well written guides,
> video
> tutorials, and even e-learning courses on how to setup GPG however, and some
> applications make it very easy.
When you think of the "common windows user" who solely wants to dou
On 30.10.2013, Sam Tuke wrote:
> I'll collect them and pick the best for use now and in future.
"GPG - keeps the XXX from your door!" :-)
[Replace XXX with any three letter agency of your choice]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
h
On 04.11.2013, MFPA wrote:
> > "GPG - keeps the XXX from your door!" :-)
>
> > [Replace XXX with any three letter agency of your
> > choice]
> Is that actually true, rather than bringing you to their attention?
It depends.
My key is publically available, with my current email address in it.
On 10.11.2013, Alexander Truemper wrote:
> But if I run 'gpg --export-secret-keys' for my keys, it actually seems
> to export the private keys according to pgpdump.
> How can this be? (I see no smartcard activity on the terminal and no
> PIN is asked)
It's not the real secret key, but the stub w
On 24.01.2014, Leo Gaspard wrote:
> Actually, this is something I never understood. Why should people create a
> revocation certificate and store it in a safe place, instead of backing up the
> main key?
Because a backup only makes sense when it's stored in a diffrent place
than the key itself:
On 18.07.2014, The Fuzzy Whirlpool Thunderstorm wrote:
> I wonder if Mutt can be configured to decrypt inline pgp messages
> automatically, without piping the attachment to `gpg --decrypt`.
You can't. Put this into your .procmailrc. It'll transform your inline
pgp mails accordingly:
:0
* !^Con
On 21.07.2014, Werner Koch wrote:
> IIRC, I implemented that about a decade ago. Simply put
> set crypt_use_gpgme into your ~/.muttrc.
Besides that this requires mutt to be compiled with "--enable-gpgme",
it never worked for me. The inline gpg/pgp mail is just showed as
plain text.
Anyway, nob
On 26.07.2014, Sudhir Khanger wrote:
> Or does that again fall in risky behavior category?
Only you can answer this question, because the answer depends entirely
on your thread model. How big is the danger of your passphrase getting
stolen when kept in memory? Are there others which have physica
On 26.07.2014, Peter Lebbing wrote:
> If an attacker has physical access, you've lost; game over.
Yes. But it must not neccessarily be an "attacker". It's e.g. quite common
that members of a familiy share a computer. It would be less likely
that one of them installs malicious software on it. But
On 28.07.2014, Bob (Robert) Cavanaugh wrote:
> It is a pain to re-enter the passphrase,
> but is required by our threat model.
Maybe a smartcard could be the solution. After you have installed your
key on the card, only a numeric PIN is required, which is MUCH easier
to enter frequently.
On 05.08.2014, Peter Lebbing wrote:
> I'm sure pictures can be found, although I'm not sure "blown capacitor" is the
> correct English term... in Dutch we say "geplofte condensator", and I
> never discussed the issue in any other language ;).
Blown capacitor is the correct term, and has widespre
On 13.08.2014, Johan Wevers wrote:
> Most people, inclusing me, have stopped using it. However, I still have
> a lot of mail archives from those days. Removing support would mean I
> have to start using pgp 2 again to access them.
Or the most recent version of gnupg with support for those mail
a
On 16.08.2014, Kristy Chambers wrote:
> Sorry for that crap subject. I just want to leave this.
[]
The use of PGP/GPG depends entirely on the respective needs and
and context. For me, it has been working perfectly in many years, and
thus, what's described in this article is a good example fo
On 17.08.2014, da...@gbenet.com wrote:
> Leaving aside the issue of how popular encryption of mail is - we are faced
> with the fact
> that 98 per cent of computer users are completely ignorant about software and
> hardware. They
> just go into PC World and buy what they like.
Looking around w
Hi,
when decrypting a file with gpg2 in combination with a GnuPG v2.0
smartcard, my PIN, once entered, is cached a long time. Removing the
smartcard or the reader deletes the cache, of course. Although I've
read a bunch of documents and searched the net, I haven't managed yet
to find out how I can
On 02.09.2014, Werner Koch wrote:
> There is no command to explicitly do that. You may run "gpgconf
> --reload scdaemon" to power down the card.
Thanks a lot for explaining this to me. Now it is clear.
___
Gnupg-users mailing list
Gnupg-users@gnupg.
On 19.10.2014, Sudhir Khanger wrote:
> 1. Is secret key the most important part of GnuPG? By important I mean
> if you only had your secret key could get back to your original setup
> ignoring the imported public keys.
Of course, you can omit/delete your pubring.gpg, if you like. However, unless
On 19.10.2014, m...@sudhirkhanger.com wrote:
> Are you trying to say if I don't import pubring.gpg I won't import the
> previously exchanged keys and hence I won't be able to send them encrypted
> messages as I won't have access to other people's public keys?
Exactly. In order to be able to se
On 19.10.2014, MFPA wrote:
> Importing your secret key would also re-install your public key..
> In order to achieve that, don't you have to run something like:-
>gpgsplit --secret-to-public YourPrivateKeyFile.asc
No, that's not neccessary.
A "gpg --import your_secret_key.asc" into a fres
___
/| /| | |
||__|| | Please don't |
/ O O\__ feed |
/ \ the troll |
/
On 16.11.2014, da...@gbenet.com wrote:
> So am going to install a copy of Thunderbird at least 4 years older than the
> current version
> with an appropriate Enigmail.
> As stated and as aa fact of daily life there are problems
> running a Linux distro in x86_64 there are problems with gnupg2 t
On 01.01.2015, Uwe Brauer wrote:
> Recently the German news magazine «Der Spiegel» [1] published more of
> the «Snowden files», which reveal that gpg is NSA safe[2].
>
> Does anybody know whether smime has the same level of security? There
> are at least two possible weak spots.
Nobody really
On 02.01.2015, Egon wrote:
> I want to symmetrically encrypt many hundreds of files under Linux, the
> files stored in many subdirectories.
Mabe you should consider using a LUKS/dmcrypt container/partition. It would make
things a lot easier and more fail-proof for you.
On 17.02.2015, Werner Koch wrote:
> git meanwhile allows to sign commits. If anyone knows a method to set a
> different key for tagging and commits, I would soon start to sign each
> commit.
I can be seriously wrong, but is that not something the LKML people do?
__
On 25.04.2009, David Shaw wrote:
> Plus, both the GnuPG implementation and the PGP implementation are
> available for review by anyone who wants to look at them. (PGP isn't
> open source of course, but you can still get the source for review).
The PGP 9.xx sourcecode you can obtain from the PGP
On 04.09.2009, Werner Koch wrote:
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.13.
[]
I'm unable to compile this version on my system. The configure script
bails out with the following message:
[]
checking for nl_langinfo and THOUSANDS_SE
On 05.09.2009, Werner Koch wrote:
> The devolpment package is missing; i.e. the file pth.h .
The developement package was installed, but I found out that opensuse
compiles their packet with
--disable-static
--with-pic
--enable-optimize=yes
--enable-pthread=no
--with-gnu-ld
One or more of
Hi,
seems I'm just too stupid today to find what's maybe obvious:
given an ascii armored gpg encrypted file, how can I find out what
algorithm has been used to encrypt the file?
Thanks,
Heinz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://
On 07.01.2010, Mario Castelán Castro wrote:
> I think the WoT and in general the cryptography is not widely used
> because few people really care about their privacity.
I think the overall stats for people using cryptography is that low
because it is or seems too complicated for them. A lot of pe
On 09.01.2010, RobertHoltzman wrote:
> > Personally I think a lot of people care about privacy, but are just not
> > able and/or frightened to install something complex on their machines.
> Then you get the contingent that sats "I have nothing to hide".
What I've encountered is that lots of peop
On 23.07.2010, Grant Olson wrote:
> Just keep in mind that if you're not encrypting the whole disk, your
> sensitive data can leak to /tmp and swap. I'm only bringing this up
> because it seems like you've taken some elaborate steps to protect your
> data.
I second that.
Besides, holding a GP
On 27.09.2010, Vjaceslavs Klimovs wrote:
> 2048 bit keys are suitable - it's "user+sys" what matters in this case,
> but not "real" by all means, as that includes waiting for passphrase
> input too.
Hmm, maybe I miss the point, but hey, we're living in the age where dual-
and quadcore processors
On 10.12.2010, David Shaw wrote:
> Here's some analysis of Skein: http://eprint.iacr.org/2010/623
I can only see 10 pages full of statements without any discussion or
proof, which doesn't even meet the criteria of a standard abtract.
Either I'm doing something wrong, being just too dumb to see,
On 08.08.2011, Werner Koch wrote:
> > echo "" | /usr/bin/gpg --batch --sign --armour --clearsig
> > --passphrase-fd 0 $1
> gpg --batch --sign --armour --clearsig --passphrase-fd 0 --yes -o "$1".asc
> "$1"
Shouldn't this b
On 10.08.2011, MFPA wrote:
> The output from gpg --dump-options shows that both spellings are valid
> (for v 1.4.11 at least).
Yes, now I see it, after you mentioned it. However, the manpage doesn't know
about
"armour", and that was the motivation for my mail.
___
On 25.02.2012, Gregor Zattler wrote:
> obviousely not: http://www.crypto.com/blog/wiretap2010/ this
> blogpost says that the 2010 US wiretap report says there were
> zero cases where encryption blocked access for state agencies to
> interesting data.
As far as I can see, this article totally lac
On 25.07.2012, Faramir wrote:
> Clearly I'm out of my league there. I had heard about that, but
> later I also heard about stacking different algos (with different
> keys
> of course) to increase security.
What's the model of threat in your case, actually? Usually, the crypto
algorithm isn't th
On 26.07.2012, Ben McGinnes wrote:
> Also, if you had to pick one of those three, which would you choose
> (for general purposes rather than a specific threat model and ignoring
> the possible speed differences between AES and Serpent)?
As far as I know, none of those three is broken. So if neit
On 26.07.2012, Faramir wrote:
> > That's security through obscurity assuming the other one
> > won't know where to search for the key, which is not stored with
> > the right extension or in the most common place.
> Not right, if your secret key is protected by a passphrase (or
> strong password)
Hi,
if someone gets physical access to an openpgp smartcard, where is
the weakest spot in the whole scenario then? Can the contents of the card
be copied, e.g. to circumvent the limited possibilities entering
the correct PIN / admin-PIN? Can the secret key be extracted to
brute-force the PIN / pas
Hi David,
On 15.08.2012, David Tomaschik wrote:
[]
Thanks for answering. There's no thread model so far - and I'm quite
shure that I'm not a target for any security agency :-)
The background for my question is simply "what's in it for me if I use
such a card". Will the benefits outweight th
On 28.08.2012, No such Client wrote:
> I simply chose to keep my name private. Surely, on a public, crypto
> mailing-list, with all sorts of interesting people, the idea of
> privacy
> would be understood no? real names or pseudonyms should be quite
> irrelevant.. Is it not the content that coun
On 11.09.2012, Peter Lebbing wrote:
> The only sure-fire remedy against a
> temp file that got deleted is a full wipe of the partition the file was on, as
> far as I know.
You can mount /tmp and the various other tmpfiles to memory. That's
what I do (not for security reasons, but to have the tmp
On 18.06.2013, NdK wrote:
> If the key is generated on-card, you have no way to backup it. No need
> for "unexportable" flag: simply there's no command to export it.
And if the key is generated off-card and properly moved to the
smartcard afterwards, there's no way to export it either. It's only
On 20.06.2013, Henry Hertz Hobbit wrote:
> Try the backup from GPA's menu. I doubt you will get anything
> that can be exported. If you get a backupg.gpg (or similar), then try
> importing your secret keys onto a second system with GPGWIN installed.
The thing is, if there's a command to export
On 06.07.2013, atair wrote:
> I want so set up a GnuPG infrastructure for my (lets say) 20 email accounts.
Keep it simple: You create *one* keypair and add all email-accounts to
it.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnup
On 07.07.2013, Hauke Laging wrote:
> Even with the default settings a 19-digits passphrase (upper and lower case
> ASCII letters and digits) is as hard as AES (without flaws).
When you take all printable ASCII-chars as "headroom", with
B = entropy in bits
L = length of the passphrase
P = am
On 07.07.2013, Robert J. Hansen wrote:
> A keyspace of 2^124 is nowhere near half of
> 2^255; it's not even particularly close to the square root of 2^255.
Thanks for clarifying, you are (of course) right. Didn't think for a
second before posting :-(
However, I wanted to demonstrate the relatio
On 07.07.2013, Robert J. Hansen wrote:
> Nobody with two brain cells to rub together is going to try
> brute-forcing either the crypto or your passphrase.
This very much depends on how important the encrypted information is
considered to be. However, I agree that most probably no one is
especial
On 23.07.2013, Philipp Klaus Krause wrote:
> Of course it is annoying to have to ask everyone to sign three keys -
> after all they are all my keys, and the people I ask to sign my key all
> get to see the same passport. Is there a better alternative?
Create/use one key, and add all the differen
On 24.07.2013, Philipp Klaus Krause wrote:
> I do not trust the computer at university with the secret key used to
> decrypt my private mail.
[]
> Still, I want to be able to read any encrypted mail sent to my
> unversity addresses on the computer at university. And I want to use
> encrypti
On 24.07.2013, Philipp Klaus Krause wrote:
> How else would others know that the key they use to encrypt is mine
They would know if they would check your identity.
> and assume that only I can decrypt it?
Most people would silently assume that, if they had checked your
identity and concluded w
On 24.07.2013, Mark H. Wood wrote:
> Absolute security isn't possible. Any machine you are not shackled to
> is sometimes out of your control.
It depends. In my workingplace, nobody can access my own
machine physically. I don't claim that there will be 100% security,
though.
___
On 25.07.2013, Christopher J. Walters wrote:
> On 7/24/2013 6:06 PM, Robert J. Hansen wrote:
> >(My original reply went just to Philipp. My apologies.)
>
> No apology necessary.
>
> I also must apologize, as my original reply got sent to Robert J. Hansen,
> when it was intended for the list.
On 26.07.2013, dyola wrote:
> I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot
> open it.
You downloaded the Linux version of gnupg. As far as I know, the
"right" site to download gnupg for Windows from is gpg4win.org .
___
Gn
On 31.07.2013, adrelanos wrote:
> Downloading a signature doesn't imply, the user
> successfully managed to use OpenPGP verification or that the user
> couldn't be tricked or just ignored an invalid signature error message.
And therefore, these numbers are without meaning.
While there is eviden
On 02.08.2013, Doug Barton wrote:
> However, what you really want to encourage is the verification of the
> signature (ignoring the bootstrapping problem for the moment), and even
> forcing people to download the signature file won't do that.
Enforcing something to people mainly results in the o
On 06.08.2013, Jean-David Beyer wrote:
> I thought I posted to gnupg-users list. I was making a remark to a
> previous post. I was not filing a trouble report, and do not think I was
> even addressing the issue of piracy.
Put something like this in your mailfilter (this is procmail):
:0
* ^Fr
On 10.07.2017, Matthias Apitz wrote:
> This question is perhaps only for German users of GnuPG. In the past
> German banks and credit institutes prohibited the storing of PIN numbers
> etc. on personal computer systems
Does anybody care?
> even claiming that in the case of storing
> they would
On 22.10.2018, Satendra Tiwari wrote:
> In this case, we want to use GPG to encrypt Oracle backup. We have two
> databases of 17 TB and 7 TB they compress to 2.6 TB and 1.3 TB
> respectively.
> What would be the best way to encrypt our backup and how long would it take?
I would create a LUKS/c
72 matches
Mail list logo
