Re: USB key form-factor smart-card readers with pinpads?

at. But for such a tradeoff other things should be considerd first (is your PIN really your biggest concern if you don't trust your computer/keyboard, is your reader really more trustworthy than your computer, ...). -- Michel Messerschmidt li...@m

Re: "no valid subkey"

usage: SC trust: unknown validity: unknown sub 2048R/0320F4A4 created: 2014-01-06 expires: 2014-11-11 usage: S sub 4096R/0971954D created: 2010-12-10 expires: 2014-11-11 usage: E [ unknown] (1). Erik Josefsson [ unknown] (2) Erik Josefsson (ehj) -- Michel Mes

Is it possible to force decryption with the wrong key type

: encrypted with 1024-bit RSA key, ID 96C5988D, created 2006-12-03 "Michel Messerschmidt " gpg: public key decryption failed: Wrong secret key used gpg: encrypted with RSA key, ID gpg: decryption failed: No secret key $ gpg2 --edit-key 96C5988D Secret key is available.

Re: Is it possible to force decryption with the wrong key type

anonymous recipient; trying secret key ... [...] :encrypted data packet: length: unknown gpg: encrypted with 1024-bit RSA key, ID 96C5988D, created 2006-12-03 "Michel Messerschmidt " gpg: encrypted with RSA key, ID gpg: decryption failed: No secret key I don

Re: Is it possible to force decryption with the wrong key type

On Fri, Jun 05, 2009 at 05:33:07PM +0200, Werner Koch wrote: > On Fri, 5 Jun 2009 14:41, li...@michel-messerschmidt.de said: > > > I don't think gpg has problem identifying and finding the secret key, > > but it refuses to decrypt a message with a key that had no encryption > > capability set d

Re: "Signature verification failed"

On Sun, Jun 21, 2009 at 02:42:45AM -0500, John Clizbe wrote: > Joel C. Salomon wrote: > > gpg command line and output: > > C:\\Program Files\\GNU\\GnuPG\\gpg.exe --charset utf8 --batch --no-tty > > --status-fd 2 --keyserver-options auto-key-retrieve --keyserver > > pool.sks-keyservers.net --verify

Re: "Active Directory", "My documents" and Temporary Files

On Sun, Jun 21, 2009 at 12:15:48PM +0400, gpg2.20.mani...@dfgh.net wrote: > 4. Sorry if this is OT or if this is a long post I felt that this > experience sharing is essential on this list , because there may be other > users who may be blisfully un aware of this problem of temp files and my >

Re: "Signature verification failed"

On Sun, Jun 21, 2009 at 06:33:11PM +0200, Thomas Bohn wrote: > On Jun 21, 2009, at 6:17 PM, Joel C. Salomon wrote: > >> Interesting, now it comes up as good. Did you change some setting? > > I didn't change anything. At least the version in the signature header changed from 2.0.11 to 2.0.12.

Re: verifying rpms - public key not found

On Fri, July 3, 2009 07:21, Daniel Kahn Gillmor wrote: > On 07/03/2009 12:04 AM, Chris wrote: >> [ch...@localhost ~]$ gpg >> --check-sig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm >> gpg: using PGP trust model >> gpg: key 98E6705C: accepted as trusted key >> gpg: error reading key: pub

Re: How to verify lot of .sig files in lot of subdirectories with script

On Sun, Jul 19, 2009 at 12:11:05PM +0200, Csabi wrote: > I have lot of subdirectories containing program source code compressed > files and their signature files. > For example: .tar.gz and > .tar.gz.sig > How do i verify lot of .sig files in lot of subdirectories with one > script under Linux

Re: how to validate keys on smartcard (only) on an other PC or on a news OS installation

On Fri, Aug 21, 2009 at 03:39:34PM +0200, tux.tsn...@free.fr wrote: > So how can I do that (import key, when I've only keys on smartcard, no public > key on keyserver or on file and no file private and secret keys backup. AFAIK the smartcard contains only your secret keys not the public keys. Th

Re: gpg.conf

On Mon, Nov 02, 2009 at 10:51:46AM -, David Gray wrote: > Could anyone point me in the right direction for a manual/examples > on how to edit the gpg.conf file for GnuPG 2.0.12 (GPG 4 Win)? http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG.html#Invoking-GPG Within this manual yo

Re: Restarting gpg-agent

On Sun, Mar 14, 2010 at 12:24:14PM -0700, James Moe wrote: > Hello, > opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12. > The docs at cover starting gpg-agent pretty > well. What is missing is how to re-start it. > If gpg-agent is terminated for some rea

Re: verifying hashes with GnuPG

On Tue, Jul 20, 2010 at 04:14:16PM -0400, ved...@nym.hush.com wrote: > Is there a gnupg command to verifiy a hash, not a signature, (e.g. > MD5, SHA1, SHA256), by entering the hash string and the file or > text it corresponds to? Why would you want to use gnupg for this if md5sum, sha1sum, sha25

Re: 1.4.11 release candidate

On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: > On Thu, 23 Sep 2010 14:20, war_is_pe...@privatdemail.net said: > > > While you're at it, you might want to update zlib to version 1.2.5 - > > looking at the source, it seems that the currently used version is 1.1.4. > > I see no reaso

Re: 1.4.11 release candidate

On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: > On Thu, 23 Sep 2010 14:20, war_is_pe...@privatdemail.net said: > > > While you're at it, you might want to update zlib to version 1.2.5 - > > looking at the source, it seems that the currently used version is 1.1.4. > > I see no reaso

Re: Having trouble getting GPG to accept input from a pinpad

On Mon, Jan 03, 2011 at 01:26:05AM -0800, Paul Richard Ramer wrote: > I'll gladly answer any questions about my setup or tools or run > different stuff to debug this situation. I just want to start using my > pinpad. :-) Have you tried it with gnupg 2.0.x ? IIRC you need at least 2.0.12 for the S

Re: Is the OpenPGP model still useful?

Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: secring and dropbox

On Thu, Jul 21, 2011 at 05:17:27PM -0600, Aaron Toponce wrote: > On Thu, Jul 21, 2011 at 05:15:25PM -0600, Aaron Toponce wrote: > > So, it appears I'm missing some configuration in Mutt then, as it remains > > as the PGP message without any attempt to get to the plain text. Also, how > > do you get

Re: Useful factoid

On Thu, Oct 13, 2011 at 10:03:56AM -0400, Jean-David Beyer wrote: > It seems to me that to do much damage to my machine, you need to get a > shell with root access. Depends on what you regard as damage. Do you need root privileges to use your private gpg keys ??? > I never run a web browser as

Re: Key revocation UI confusion

On Sun, Oct 16, 2011 at 02:58:27AM +1100, Ben McGinnes wrote: > On 16/10/11 2:15 AM, MFPA wrote: > > > > The key revocation message saying "this key was revoked" suggests it > > to be referring to the key that was just listed rather than the one > > that is about to be listed. Maybe something like

Re: Card only available to root user

On Tue, Nov 29, 2011 at 10:06:45PM +0100, Olav Seyfarth wrote: > It seems the above files don't solve my problem since they all trigger on USB > events. However, my PCMCIA based reader Omnikey CardMan 4040 (linked as > supported device on http://www.gnupg.org/howtos/card-howto/en/ch02s02.html) > se

Re: changing the default for --keyid-format

On Tue, May 29, 2012 at 10:03:57PM -0400, Robert J. Hansen wrote: > There may be a use case for contextualization in certificates, but if so > I haven't found it yet. :) You may wnat to lookup up all certificates that signed a certificate. Or just get all your certificates displayed. Or all cert

Re: RFE: --update-before-use

On Sat, Jun 16, 2012 at 05:32:36PM -0400, David Shaw wrote: > Yes, I understand that spreading out keyserver requests can help avoid this > sort of tracking, but remember that the keyserver URL feature allows the > keyholder to bypass the keyserver chosen by the user, and send the requests > any

Re: making (future) OpenPGP cards without PIN pad safer

On Wed, Nov 21, 2012 at 06:46:36PM +0100, Hauke Laging wrote: > The card already has additional storage for private use (if I have understood > the documentation correctly). The idea: Wouldn't it be rather easily possible > to allow the use of the card by > > a) either the real password (like to

Re: RSA // OAEP // SHA-1

On Tue, Jan 29, 2013 at 06:36:25PM -0600, John Clizbe wrote: > ved...@nym.hush.com wrote: > > if so, would this fall under the open-pgp RFC, or would it have to go > > through an > > RSA standard first? > > RFC 4880 makes no mention of OAEP. RFC 4880 references RFC 3447 for details of > RSA imple

Re: More secure than smartcard or cryptostick against remote attacks?

On Thu, Feb 07, 2013 at 10:03:30AM -, refresh...@tormail.org wrote: > I have no reason to believe my system is compromised. Taking security very > serious. Otherwise I wouldn't bother posting here. :) > > That sounds like a oxymoron. How can I be REALLY sure my system isn't > compromised? Mail

Re: Piping tar into gpg

On Wed, Feb 20, 2013 at 10:29:08PM +0100, Stefan Malte Schumacher wrote: > "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric > --output 1.tar.gz.gpg" aks for a password but aborts after creating a 4,0K > large binary file. I have had other cases in which tar and gpg were > obvi

Using CCID and PCSC

Hello, is there a possibility to force gnupg 2 to use the internal CCID smartcard driver even if pcscd is running (something like the --disable-ccid option but for pcsc) ? I have a SCM SPR532 reader and like to use the pinpad. But it's deactivated if pcscd is running. Thanks, Michel signa

Re: changing the default keyring location in windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Hello, I want to move my keyring files from %appdata%/gnupg to R:/ You can either set GNUPGHOME=R:/ or add/change the entry "HomeDir" in the registry under the key HKEY_CURRENT_USER\Software\GNU\GnuPG Michel -BEGIN PGP SIGNATURE- Version:

Re: OpenPGP card stopped working

On Wed, Apr 23, 2008 at 07:36:47PM -0400, Micah Anderson wrote: > >From what I can tell, none of those packages should have any affect on > the card itself, but I am no expert in this matter. > > Although it sounds like you just had to reboot, and things worked > fine. I'm still unable to access m

Re: Miscellaneous questions

On Thu, Apr 24, 2008 at 02:59:40AM +0200, Christoph Anton Mitterer wrote: > Of course we could even discuss what's part of the name?! What about > academic titles like "Dr." or "PhD", stuff from monarchy (OBE, Sir, > Dame, HRH, Prince, etc.) religious "titles" like "PP", "Cardinal", etc.? What

Re: Linux crypto killer apllication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Radde said: > David Picón Álvarez schrieb: >> Well, I'm pretty sure if GnuPG had the limit you suggest (2048) it >> would be legally unusable for some purposes, due to legal guidelines, >> "best practices", and all that tosh. > FWIW, german digita

Re: export key: access denied

On Wed, Jul 23, 2008 at 03:54:35PM -0700, kurt c wrote: > no, i typed in my windows vista command prompt: gpg -a --export > 0x8e758d5f > mykey.asc and i only get "access is denied". i guess no one > knows why. Are you sure that your user has write permissions in the current directory? signature

Re: Securely delete files...

On Wed, Aug 20, 2008 at 04:21:04PM -0400, John W. Moore III wrote: > I believe that We are all agreed that physical destruction of the HD is > the only truly effective means of ensuring Data cannot be recovered. There is also the possibility to use encryption for *all* data on a harddisk. If the k

Re: Signature semantics

On Tue, Nov 04, 2008 at 12:04:19PM -0500, David Shaw wrote: > Indeed. The alteration also may or may not be malicious. The most > common alteration I've ever seen are mail programs that break the > signature via word-wrap or the like. (Hence the frequent "Does my > signature verify now?" message

Re: OT: virus on the wild?

On Thu, Jan 22, 2009 at 08:51:23AM -0500, Robert J. Hansen wrote: > Faramir wrote: > > And the second question is: Does somebody know about this virus? Is is > > as fast spreading as it looks like? > > Yes. No. Moo. Ten pounds of flax. Getting accurate intelligence > about the spread of malwar

Re: gpg: failed to create temporary file

> One last test: Rather than having BPEL run "gpg" directly, perhaps you > could have it run a shell script that in turn runs "gpg". You should then > be able to set whatever variables you need prior to the call of gpg from > within the shell script. You can also enable tracing (set -o xtrace) to >

Re: How secure asymmetric encryption to yourself?

On Mon, Feb 23, 2009 at 01:42:32PM -0500, Robert J. Hansen wrote: > Open up my wallet, fish out the list, and there it is. Although I think this one of the most secure but usable places, what if a real life phisher gets your wallet? No problem to cancel credit cards. But are you able to reset all

Re: future proof file encryption

On Fri, Feb 27, 2009 at 07:22:56PM -0500, Robert J. Hansen wrote: > Hard drives tend not to crash or overheat when they're powered down, > properly mothballed, and put in long-term storage. Unless your photos are made for your grandchildren only, I don't believe in a personal "dead" long-term sto