Hi,
I recently got my fellowship card and now try to get a working setup. My first
tries with a ReinerSCT cyberjack that I had lying around did not get me
anywhere, so I bought a Cherry ST-2000U which looked like it should work with
the internal CCID driver. The reader is "mostly" working, i.e.
I know what
part is unclear.
If it's the latter: What is the right place to ask questions regarding card
reader support in gpg?
Kind regards,
Johannes
P.S.: I did try again with gpg version 2.0.22, but the results are the same.
On Friday 27 September 2013 13:36:44 Johannes Zarl wrote:
>
Hi,
I'm trying to get gpg-agent to automatically forget my credentials as soon as
I leave the PC/the screen is locked. So far, I only got it half working:
When I send a SIGHUP to the gpg-agent, it correctly forgets cached
passphrases. The cached PIN of my OpenPGP card, however remains available
Thanks! That was exactly what I was looking for.
Johannes
On Friday 01 November 2013 20:17:41 Peter Lebbing wrote:
> Hi Johannes,
>
> > Is there any way to explicitly tell gpg-agent to forget the pin as well?
>
> Based on a post once made by Werner, I have this script:
>
> ---8<-
On Wednesday 30 October 2013 11:58:56 Sam Tuke wrote:
> I'll collect them and pick the best for use now and in future.
>
> Stimuli:
> You trust GPG with what?
> It's the only app that does what for you / your business?
> Without it you couldn't do what?
I wonder why not more respondents have writ
Hi,
I'm currently thinking about using a raspberry pi as a non-networked stand-
alone system for signing keys. Since I haven't heard anything to the contrary,
I'm pretty sure that entropy is relatively scarce on the pi.
How is GnuPG affected by such a low-entropy system? Will operations just tak
> On Fri, 08 Nov 2013 00:11:38 +0100 Johannes Zarl
>
> wrote:
> > I'm currently thinking about using a raspberry pi as a non-networked
> > stand- alone system for signing keys. Since I haven't heard anything
> > to the contrary, I'm pretty sure that entr
Thank you both for your detailed answers - they were really helpful for me!
Johannes
On Friday 08 November 2013 19:01:34 Peter Lebbing wrote:
> On 08/11/13 18:07, Tapio Sokura wrote:
> Nope, OpenPGP uses EMSA-PKCS1-v1_5, which is completely deterministic.
>
> I /think/ GnuPG doesn't need any r
On Tuesday 03 December 2013 23:44:20 Hauke Laging wrote:
> Expiration serves two purposes:
> 1) Passively revoke a key if you have lost access to the secret mainkey
> (i.e. to the key itself or to its passphrase).
> 2) Force your communication partners (people are lazy) to update your
> certificate
On Wednesday 04 December 2013 00:20:10 Hauke Laging wrote:
> Am Mi 04.12.2013, 00:00:21 schrieb Johannes Zarl:
> > Sorry for asking a possibly stupid question, but how exactly does a
> > shorter
> > validity period get you more security?
>
> This is the security a
Hi,
Maybe my English is a little rusty, but what exactly is a "spanking server"?
>From the goteo page:
> The world's most trusted data encryption tool gets a new website with
> spanking server, platform and design.
Johannes
___
Gnupg-users mailing
On Thursday 19 December 2013 10:09:22 Robert J. Hansen wrote:
> > Maybe my English is a little rusty, but what exactly is a "spanking
> > server"?
> They omitted the word "new".
Ah! I should have thought of this. The phrase as a whole is known to me, but
without the "new" it was only nonsense to
On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > In your example, the fact that a message was encrypted makes the
> > recipient treat it as though the sender had indicated something specific
> > about the message beca
On Sunday 05 January 2014 03:10:48 Leo Gaspard wrote:
> Well... I, personally, would attach more importance (no more validity, just
> importance, like in "listen to me very well" or whatever english people say
> to others to get them to listen carefully) to a message signed to an
> offline main key
On Friday 17 January 2014 13:28:50 Hauke Laging wrote:
> IIRC then GnuPG accepts a later self-signature (overriding the
> revocation). IMHO that makes most sense. As long as the mainkey isn't
> revoked or expired why shouldn't one "change one's mind"?
Wouldn't that have huge implications for the s
On Friday 17 January 2014 14:33:25 Daniel Kahn Gillmor wrote:
> I think you're conflating revocation of the primary key with revocation
> of a user ID.
>
> Revocation of a primary key is permanent and cannot be overridden.
> Revocation of a user ID can be overridden as long as the primary key
> (t
On Thursday 23 January 2014 15:34:17 Uwe Brauer wrote:
> A Long time ago, IBM's proprietary OS, called CMS had a particular
> feature for the login:
>
> It gave you three attempts to login in. If you failed there was a time
> delay of 20 min, if you failed again, the time delay was prolonged to
>
On Wednesday 29 January 2014 10:52:26 Robert J. Hansen wrote:
> > Well, it could be semi-automatic. I'm only talking about persona
> > certifications, which appear to be understood as verifying that the key
> > and the email address are under the control of the same person.
>
> I suspect the major
On Thursday 30 January 2014 11:49:47 Peter Lebbing wrote:
> If you're trying to achieve by the 744 what I think you're trying to
> achieve, namely that users can't change the files, I think you're
> mistaken[1]. Look at the following session I just did[2]:
> The thing is, you're not allowed to cha
[resent, this time to the mailing list]
Hi,
On Thursday 30 January 2014 21:09:45 MFPA wrote:
> , Steve Jones wrote:
> > The advantage you have here though is the web of trust.
> > 1 level 1 signature would probably be not enough, but
> > 5, 10, 100..?
>
> If the signatures are made automatically
On Friday 31 January 2014 01:28:20 MFPA wrote:
> , Johannes Zarl wrote:
> > If the same email-address is used together with the
> > same key for a long time, it effectively ties the
> > email-address to a person for all practical concerns.
> > After all, you are c
Hi,
I've meanwhile seen that others assumed the automatic-persona certification to
use exportable signatures. To clarify:
As far as I understood the original idea, it would use local signatures only
(preferably done with a special purpose local key only used for these
signatures).
If one woul
On Friday 31 January 2014 16:09:39 Steve Jones wrote:
> Well I was thinking of exporting at first, but it's too fraught with
> problems. I would in general like to see more use of persona
> signatures as certifying keys as good enough. Essentially I see the
> requirements for certifying keys as a
Hi,
It looks like you use an offline master key and use subkeys for signing and
decryption. You can check this by looking at your secret keyring:
gpg2 -K
sec# 4096R/DEADBEEF 2013-10-25 [expires: 2018-10-24]
uid Some Body
ssb> 2048R/08152323 2013-10-25
ssb> 2048R/42424242 20
Hi,
A project mascot is certainly a great idea. In my opinion a mascot and a logo
have different purposes and can beautifully complement each other. The logo
stands for the product and has to follow certain rules in its design. A
mascot, on the other hand stands more for the whole community and
> Learn something new every day.
Indeed. Thank you both for teaching me about the subtleties of the English
language *and* some biology!
Johannes
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-user
On Friday 27 June 2014 20:51:00 Werner Koch wrote:
> On Fri, 27 Jun 2014 19:46, pe...@digitalbrains.com said:
> > I however have no clue what you expose yourself to when you still use PGP
> > 8.x. It could be possible that these guys take irresponsible risks, I
> > don't know.
> They will tell you
On Saturday 28 June 2014 08:09:10 Johan Wevers wrote:
> On 28-06-2014 0:31, Johannes Zarl wrote:
> > The way I see it compatibility between those two groups is a non-issue -
> > they simply don't exchange messages.
>
> Why not?
My assumptions were as follows:
- Whe
On Friday 27 June 2014 19:35:12 Robert J. Hansen wrote:
> On 6/27/2014 6:31 PM, Johannes Zarl wrote:
> > 1. legacy PGP implementations in closed corporate environments
>
> Be careful about that phrase "legacy." Too often it's used as a slur.
> It's more
On Thursday 21 August 2014 11:41:40 Robert J. Hansen wrote:
> If it escalates to an intrusion, then yes, that's definitely
> surveillance in my book. Compiling a collection of publicly available
> information is not.
"Compiling a collection of publicly available information" is an almost
perfect
On Friday 14 November 2014 17:05:12 da...@gbenet.com wrote:
> david@laptop-1:~$ sudo pkg install pinentry-gtk2
> [sudo] password for david:
> sudo: pkg: command not found
> david@laptop-1:~$ sudo apt-get install pinentry-gtk2
> Reading package lists... Done
> Building dependency tree
> Reading sta
Hi,
On Saturday 15 November 2014 11:52:02 da...@gbenet.com wrote:
> Laptop-1 and laptop-2 are a mirror image of each. They contain the same
> software. I copied programmes like Thunderbird Firefox from laptop-1 to
> laptop-2 without any problems.
It seems like the mirroring of laptop-1 to laptop-
On Thursday 22 January 2015 17:00:44 Felix E. Klee wrote:
> However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
Are you sure? On my setup, the sma
> Is it possible to change the smartcard state after PIN is entered, so it
> would be back in the same state as it was when first inserted into the
> reader (and would require the PIN to be entered again also for
> decryption)? So without removing and re-inserting the card, possibly
> using some A
> >> But I still have the impression about smartcards are supposed to prevent
> >> an
> >>
> >> attacker from stealing the private keys from the cards, right?
> >
> > Yes, I agree.
> >
> > Peter.
>
> But the threat is not fully mitigated if, as you said yourself in
> another message on this th
Hi,
I've noticed that sometimes gpg2 will take around 1-2 minutes on my desktop PC
attempting to verify an email signature.
At first, I thought that maybe the increasing prevalence of really big keys
would increase the computational complexity, or that the keyserver
communication is taking so
On Sunday 19 July 2015 01:42:34 Daniel Kahn Gillmor wrote:
> I suspect what's taking a long time is an update to the trustdb. one
> workaround is to put no-auto-check-trustdb in ~/.gnupg/gpg.conf, and
> then have a nightly cronjob that runs "gpg2 --check-trustdb".
...and sure enough "gpg2 --check
Hi Neal,
Thanks for the heads-up on this. TOFU seems like a really big feature for
everyday use!
Out of curiosity: Does the TOFU implementation for gpg already allow for key
transition statements / is this planned for some point in the future?
Cheers,
Johannes
On Tuesday 26 April 2016 12:44:44 Robert J. Hansen wrote:
> Please note: since CMake doesn't have a plugin (yet) to automatically
> detect GPGME
The usual way is for a library to provide a PackageConfig.cmake file. The old-
style FindPackage.cmake "plugins" are very much deprecated and it's hard t
Hi,
I've just spent half an hour scratching my head over an issue that should have
been simple:
I initialized a new OpenPGP card (v2.1 from Zeitcontrol) and changed the
(user) pin.
After this, I used the verify command to check whether the pin was working: I
put my pin into the pinentry dialo
On Sonntag, 7. Juli 2019 20:48:12 CEST Wolfgang Traylor via Gnupg-users wrote:
> > is there a service or similar where I can check if this email address is
> > properly WKD-enabled?
> https://metacode.biz/openpgp/web-key-directory
Thank you! This is so much easier to comprehend than the official
Hi,
On Dienstag, 9. Juli 2019 15:02:26 CEST Bernhard Reiter wrote:
> please make suggestions (or help with improving)
> https://wiki.gnupg.org/WKD
I think the problem with that page is that it is handed out as a starting
point to users asking "how can I enable WKD for my key?". To give credit, t
Am Mittwoch, 10. Juli 2019, 19:34:41 CEST schrieb Werner Koch:
> On Tue, 9 Jul 2019 23:33, johan...@zarl-zierl.at said:
> > Now that I have done it once, I think the setup without
> > /usr/lib/gnupg/gpg-
>
> > wks-client isn't that complicated either:
> Please use gpg-wks-tool instead; it is much
Am Freitag, 12. Juli 2019, 10:30:30 CEST schrieb Werner Koch via Gnupg-users:
> On Wed, 10 Jul 2019 21:47, johan...@zarl-zierl.at said:
> > ...except it isn't installed by default. Will this be part of
> > gpg-wks-client?
> Ooops. I meant gpg-wks-client. There is no gpg-wks-tool.
Thanks for the
44 matches
Mail list logo
