Cancel that. My fault ... I'd missed that I had some old libraries
installed.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Fri, Jul 26, 2013 at 2:40 AM, Richard Outerbridge wrote:
> Werner:
>
> No problems.
>
> MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55)
> Xcode 4.6.3
> __outer
>
For some reason I get the following error when trying to build on Mountain
Lion OS X:
gcc -g -O2 -Wall -Wno-pointer-sign -o gpg
On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider wrote:
> I just use 4096 bit because that is the biggest size my OpenPGP Cards can
> handle. In my opinion using a smart card instead of online keys increase
> security far more than strange large key sizes!
> I also see no point using less than 4
On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit
wrote:
[snip]
>
> Paradoxically, AES256 & AES192 had
> weaknesses that made them less safe than AES (AES-128) several
> years back. May I humbly suggest TWOFISH or one of the
> CAMELLLIA ciphers as a first choice UNTIL you determine whether
>
On Tue, Sep 3, 2013 at 10:07 AM, Pete Stephenson wrote:
> On Mon, Sep 2, 2013 at 8:28 PM, Nicholas Cole wrote:
>> On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit
>> wrote:
>>
>> [snip]
>>
>>>
>>> Paradoxically, AES256 & AES192 had
&g
On Tuesday, 3 September 2013, Nicholas Cole wrote:
> On Tue, Sep 3, 2013 at 10:07 AM, Pete Stephenson
> >
> wrote:
> > On Mon, Sep 2, 2013 at 8:28 PM, Nicholas Cole
> > >
> wrote:
> >> On Mon, Sep 2, 2013 at 5:04 AM, Henry Her
On Fri, Sep 13, 2013 at 12:22 AM, Daniel Kahn Gillmor
wrote:
> GnuPG is currently not able to create a non-exportable self-sig. If you
> try to do this, it gives an error:
>
> WARNING: the signature will not be marked as non-exportable.
>
> But: some people might never want their keys to be pub
On Fri, Sep 13, 2013 at 3:29 PM, Daniel Kahn Gillmor
wrote:
> On 09/13/2013 08:24 AM, Nicholas Cole wrote:
>
>> I don't think this is sensible. What is the point of a UID that
>> cannot be used by someone else? If the UID is shared with anyone else
>> (even pr
On Fri, Sep 13, 2013 at 3:42 PM, Daniel Kahn Gillmor
wrote:
> On 09/13/2013 09:49 AM, Peter Lebbing wrote:
>> On 2013-09-13 14:24, Nicholas Cole wrote:
>>> The correct way would be to have keyservers
>>> honour the no-modify flag, or perhaps have some notation
On Wed, Sep 18, 2013 at 9:33 AM, Josef Schneider wrote:
> On Wed, Sep 18, 2013 at 9:06 AM, Werner Koch wrote:
>
>> The standard already allows for all kind of curses. They are specified
>> by an OID and I offered DJB to assign OIDs from the GnuPG arc. The
>> original reason why I wanted an OID
On Thu, Sep 19, 2013 at 6:44 PM, Werner Koch wrote:
>> to create the key (if that is possible) so that people can make a
>> judgement about that kind of thing when they certify keys -- assuming
>
> If Bobs decides to use NIST curve, why don't you want to send a mail to
> him. It his his decision
Dear list,
I've been implementing a local version of
http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
for some experimenting.
I have a server working listening on local host and replying with the
correct formats to the defined requests.
Everything works fine with version 4 keys, but if gpg
On Sun, Jan 5, 2014 at 1:24 PM, Nicholas Cole wrote:
> Dear list,
>
> I've been implementing a local version of
>
> http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
>
> for some experimenting.
>
> I have a server working listening on local host and replying w
On Sat, Apr 19, 2014 at 3:35 PM, One Jsim wrote:
>
> from:
>
>
> http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery
>
>
> at 2014-04-19T14:49+1
>
>
> I retrieve
>
>
> "Yes, it is possible to create a public key with the same fingerprint as an
> existing one, thanks to a des
On Sat, May 3, 2014 at 8:54 AM, NdK wrote:
> Il 03/05/2014 01:10, Daniel Kahn Gillmor ha scritto:
>
>> Having such an assertion cryptographically bound to the OpenPGP
>> certificate in parseable form implies in some sense that you think a
>> mechanical process (e.g. WoT calculated validity) should
If I tell gnupg to make a trust signature limited to the domain:
nowhere.com
it converts this into <[^>]+[@.]nowhere\\x5c.com>$
I see the logic.
However, if I am trying to copy this re from one signature to another,
and I tell gnupg to limit a trust signature to "
<[^>]+[@.]nowhere\\x5c.com>$ "
On Wed, May 21, 2014 at 9:47 AM, Werner Koch wrote:
> On Wed, 7 May 2014 19:23, nicholas.c...@gmail.com said:
>
>> Is there any way to tell gnupg that I am actually entering a raw re
>> and do not wish it to do any conversion?
>
> No.
>
> FWIW, here is a comment describing how gpg uses the RE:
>
On Thu, Jun 5, 2014 at 4:55 PM, Werner Koch wrote:
> Hello!
>
> I just released the fourth *beta version* of GnuPG 2.1. It has been
> released to give you the opportunity to check out new features and
> a new beta was due anyway after 30 months.
Dear Werner,
Congratulations on this.
I just won
On Sat, Jun 28, 2014 at 9:18 AM, Werner Koch wrote:
> On Fri, 27 Jun 2014 21:44, ds...@jabberwocky.com said:
>
>> I do admire the Neo form factor though.
>
> The SCT3512 [1] with an OpenPGP card is also quite convenient:
>
> http://werner.eifzilla.de/sct3512.jpg
>
> I have taken off the ID-000 f
On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen wrote:
> On 8/16/2014 1:14 PM, Kristy Chambers wrote:
>> Sorry for that crap subject. I just want to leave this.
>
> Meh. Color me unimpressed.
This was a terrific post. Thank you, Robert.
[snip]
> * "No forward secrecy." Not everyone needs
On Sun, Aug 17, 2014 at 10:14 PM, Robert J. Hansen wrote:
>> Leaving aside the issue of how popular encryption of mail is - we are
>> faced with the fact that 98 per cent of computer users are completely
>> ignorant about software and hardware.
But even if they weren't, the problem is that OpenP
On Fri, Aug 15, 2014 at 6:54 PM, Richard Outerbridge wrote:
> Still waiting for my email address, yet my blackphone is already in
> my hands. Keep up the good work.
>
> I’m not going to bother with 2.1 until the Mac guyz come to their
> senses about not forking the crypto. Could be a long wait.
On Monday, 15 September 2014, Hauke Laging
wrote:
> Hello,
>
> after filing a bug report for my mail client because it does not allow
> me to encrypt to an expired certificate (neither does Enigmail) I was
> surprised to notice that I didn't manage to encrypt to an expired
> certificate with gpg
On Mon, Sep 15, 2014 at 1:10 PM, Hauke Laging
wrote:
>> If a key has an expiry
>> date, GPG can be very very certain that that key should not be used
>
>> You can't make assumptions for the reason a key has an expiry date.
>
> Do you think these two statements are consistent?
>> It could be that
On Mon, Sep 15, 2014 at 5:13 PM, Hauke Laging
wrote:
[snip]
> I have created his certificate. That is an offline mainkey and he is
> probably not capable (or willing) to extend the validity period. He is
> not going to replace the key. It is not considered compromised. We(?)
> even talked on the
On Mon, Sep 15, 2014 at 6:19 PM, Robert J. Hansen wrote:
>> Respectfully, Hauke, we just disagree on this. But your last
>> comment raises a crucial point that I think has bugged OpenPGP for
>> far too long: the software we use for OpenPGP has actually been far
>> too liberal about letting people
On Monday, 15 September 2014, Robert J. Hansen wrote:
> > Sorry. I've confused too issues. Yes, it is hard to enforce expiry
> > dates in a 'secure' way. I wasn't meaning to suggest it was
> > something openpgp should try to do. I don't think we should make it
> > easy to ignore them, that's al
On Tue, Sep 16, 2014 at 1:12 AM, Robert J. Hansen wrote:
>> That does not seem like an argument to me for telling the user what
>> is best for him.
>
> Hauke, this entire argument is what I meant when I talked about gilding
> the lily repeatedly. If you can find half a dozen *real users* who are
Can anyone explain to me why one would want to continue using a key
and yet not simply change the expiry date? I really find all of the
examples being given to be incredibly contrived. It takes no time at
all these days to change the date and distribute the new key. As I've
said, if the tools to
On Tuesday, 16 September 2014, Peter Pentchev wrote:
> On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> > Can anyone explain to me why one would want to continue using a key
> > and yet not simply change the expiry date? I really find all of the
> > examp
I'll admit that I hadn't actually realised how hard it is to make
GnuPG change the expiry dates of subkeys at the same time as changing
the expiry date of the main key. What is the approved way to do this?
N.
___
Gnupg-users mailing list
Gnupg-users@gn
Hi Werner,
Building on OS X using
make -f build-aux/speedo.mk native INSTALL_DIR=/usr/local
gets what looks like most of the way and then fails with the error
shown below. Am I the only person experiencing this, or are others
hitting the same problem?
Best wishes,
N.
Undefined symbols for
Hi Patrick,
Thanks for this! It's a really useful resource.
Are you able to explain how you managed to get GnuPG-2.1 to compile?
N.
On Sun, Nov 9, 2014 at 6:39 PM, Patrick Brunschwig wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> I'm happy to announce the first release of the "
On Fri, Nov 7, 2014 at 9:21 PM, Simon Nicolussi wrote:
> The announcement read:
>> If you already have a version of GnuPG installed, you can simply
>> verify the supplied signature. For example to verify the signature
>> of the file gnupg-2.1.0.tar.bz2 you would use this command:
>>
>> gpg --ve
Dear List,
How does unattended generation of elliptic curve keys work? As far as
I can see, that section of the manual has not been updated for the new
EC options, but I presume that it has to work slightly differently.
Am I right that key-length is now a no-op? And how do you specify the
curve?
In the new gpg2 --version lists both ECDSA and EDDSA as supported
algorithms, but that doesn't seem to correspond to options in the
--expert --full-gen-key command. I presume that --full-gen-key
creates an ECDSA by default. Is that right?
Perhaps someone who knows about EC could write an FAQ on
On Mon, Nov 10, 2014 at 11:59 AM, Peter Lebbing wrote:
> On 10/11/14 12:02, Nicholas Cole wrote:
>> So the confusion is
>> that you have one single command that deals with verifying both a
>> detached signature and with a file that contains a signature?
>
> Yes.
>
Just out of curiosity: DSA key sizes are now rounded to one of 3
values, whereas RSA keys are available in a range of sizes between two
limits. Why the difference?
Nicholas
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailm
On Mon, Nov 10, 2014 at 12:25 PM, Peter Lebbing wrote:
> On 10/11/14 13:03, Nicholas Cole wrote:
>> But in fact, it is the fact that scripts depend on this that made me
>> think that this might be a case where things *should* get broken,
>> because this is actually a serio
On Mon, Nov 10, 2014 at 4:41 PM, Werner Koch wrote:
> On Mon, 10 Nov 2014 12:52, nicholas.c...@gmail.com said:
>
>> How does unattended generation of elliptic curve keys work? As far as
>> I can see, that section of the manual has not been updated for the new
>> EC options, but I presume that it h
I'm so sorry, Werner. I thought I'd checked the manual. Huge apologies.
On Tuesday, 11 November 2014, Werner Koch wrote:
> On Tue, 11 Nov 2014 12:56, nicholas.c...@gmail.com said:
>
> > Is that still possible? In version 2.1, if no password is specified,
> > gpg2 tries to call pin-entry and as
On Tue, Nov 11, 2014 at 2:21 PM, Bernhard Reiter wrote:
> In https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html
> the Mailpile developers would like to replace GnuPG with something better
> and for the short term propose to extend GnuPG with a command line JSON
> interface in the
David,
I'm sorry you are having problems, but I think this is just nonsense.
Of course people move keys between machines all the time. I have done
it myself often. I don't think that anyone deserves that level of
abuse -- certainly not someone who has put years of work into a
program that is an
gt;
>> Cheers
>> nicole
>>
>>
>> Am 14.11.2014 um 12:45 schrieb da...@gbenet.com:
>>> On 14/11/14 11:34, Nicholas Cole wrote:
>>>> David,
>>>>
>>>> I'm sorry you are having problems, but I think this is just
>>>&g
On Thursday, 1 January 2015, Robert J. Hansen wrote:
> > I’ve discussed this attack vector on the keyserver mailing list. The
> general consensus is that the attack that I’m concerned about is real, and
> would result in serious disruption to the global keyserver network for an
> extended period
On Tue, Jan 13, 2015 at 8:10 AM, Werner Koch wrote:
> On Mon, 12 Jan 2015 21:51, gn...@lists.grepular.com said:
>
>> Apparently some of the funds will be donated to the GnuPG project. I suspect
>> he hasn't been in contact, and I imagine the funds would not be welcome?
>
> I have not heard about i
On Mon, May 4, 2009 at 9:24 AM, Werner Koch wrote:
> On Fri, 1 May 2009 05:58, a...@smasher.org said:
>
>> so... when is the open-pgp spec moving beyond SHA1 hashes to identify
>> public keys? what's next? will it have to be a bigger hash?
>
> OpenPGP does not claim that the fingerprint is a uniq
On Mon, May 4, 2009 at 10:01 PM, John W. Moore III
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Nicholas Cole wrote:
>
>> How does GPG cope if two keys on the keyring have the same FP? AFAICS
>> that would make things very difficult for most of the f
On Mon, May 25, 2009 at 6:25 PM, John Clizbe wrote:
> Nicholas Cole wrote:
>> It's a small point and I don't mean to get side-tracked, but if any
>> front-ends have used this menu, I rather fear that you have replaced
>> one evil (not using the right default) with
Hi all. This is a query mostly for my own interest, but I think it
might point to a change in the documentation being required.
I was slightly confused by this message
http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036361.html
David suggests (as I read it) that an RSA key created with
--
Dear David,
Thanks for, as ever, excellent clarification.
Best wishes,
N.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Sat, Nov 28, 2009 at 3:47 PM, David Shaw wrote:
[snip]
> I'd suggest starting with the various calculators on
> http://www.keylength.com/
A very interesting website. I followed the links, and found this document:
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
It seems that
On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin
wrote:
> Is there some reasonable way that gpg can detect that it has a controlling
> termainal (or even, a config file option) and just ask me for my passphrase
> on stdin?
Can you start gpg-agent separately - ie. before the passphrase
On Mon, Jun 28, 2010 at 8:35 PM, Doug Barton wrote:
> On Mon, 28 Jun 2010, Nicholas Cole wrote:
>
>> On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin
>> wrote:
>>
>>> Is there some reasonable way that gpg can detect that it has a
>>> control
On Tue, Jan 11, 2011 at 12:19 PM, wrote:
>
> If one is a purist, then one wants sign>encrypt>sign
>
> See http://world.std.com/~dtd/#sign_encrypt
That is a really interesting paper. Did the OpenPGP protocol ever
include a fix for the attack they describe?
Nicholas
On Wed, Jan 12, 2011 at 5:52 AM, David Shaw wrote:
> On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
>
>> On Tue, Jan 11, 2011 at 12:19 PM, wrote:
>>>
>>> If one is a purist, then one wants sign>encrypt>sign
>>>
>>> See http://w
On Tue, Jan 11, 2011 at 10:04 AM, jimbob palmer wrote:
> In Firefox I can sign or encrypt or encrypt+sign an e-mail.
>
> In what case would I want my encrypted emails also signed? Does it
> provide any additional benefit over a pure encrypted email?
It is, in fact, trivial to 'forge' email - that
On Wed, Mar 23, 2011 at 12:27 PM, Mike Acker wrote:
> I really liked the idea of having the Membership Secretary sign a Public
> Keyring for the Group Members and then to circulate that keyring to the
> membership.
>
> How to implement though, as members will need an additional keyring for
> each
Isn't the real problem that *any* policy (suggested or enforced)
reduces the complexity of guessing a password? The moment you start
saying "pick three words separated by a space or dash" or "pick eight
random letters" or the like you make it easier to attack a password.
My employer insists on pas
On Thu, Apr 21, 2011 at 1:38 PM, Robert J. Hansen wrote:
>> In short: don't force a particular strategy on your users. Much
>> better to explain to users the general problem, and then leave it up
>> to them to pick a password.
>
> Historically speaking, this has shown not to work. I'll try to di
Dear List,
Is there any difference in the standard trust model between marking a
key level 1 ("I don't know or won't say") and level 2 ("I do NOT
trust")?
Best wishes,
Nicholas
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/
On Thu, Aug 11, 2011 at 7:52 PM, David Shaw wrote:
> On Aug 11, 2011, at 10:49 AM, Nicholas Cole wrote:
>
>> Dear List,
>>
>> Is there any difference in the standard trust model between marking a
>> key level 1 ("I don't know or won't say") and
On Thu, Aug 11, 2011 at 7:52 PM, David Shaw wrote:
> There is really no practical difference between the two in the default trust
> model of GPG - either way, you're not giving key signatures made by that key
> any weight in your web of trust.
Thanks, David. I had wondered if there was some
On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 08/25/2011 11:02, Aaron Toponce wrote:
>> On 08/25/2011 11:56 AM, Jameson Graef Rollins wrote:
>>> Do you want to sign every key in your keyring? If so, it's not
>>> hard to get gpg to e
On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote:
>> BTW, this is another one of the reasons that I find the ability to have
> multiple keyrings useful, and would very much miss that functionality if
> it disappeared from gnupg 2.1.
I know Warner has said all this before, but I sometimes think
On Fri, Aug 26, 2011 at 10:34 PM, Doug Barton wrote:
> One could certainly argue that my doing this is verification step is
> overly fussy (and you wouldn't be the first), but that's my policy.
I honestly did not mean to be critical. I was just struggling to see
the security benefit. After all
On Sat, Aug 27, 2011 at 1:03 AM, Doug Barton wrote:
> I have a particular concern that if I sign a key with "I checked
> carefully" that I really did. Moreover, I have a philosophical prejudice
> that if I *can't* say "I checked carefully," why bother?
>
> That said, I have in the past run across
Dear list,
Why is changing the --min-cert-level not enough to trigger an update
of the trust-db? Should it be?
Supposing a scenario in which a user is prepared to accept lower-level
certifications for low value communications, but requires higher level
certifications for others.
At present the
It seems to be clear that there is a big demand of a single core
> JavaScript OpenPGP implementation and we find more and more
> projects and developers.
Dear Lists,
All these projects are very interesting. Forgive a slightly off-topic
but important question that they raise, tho
On Sat, Nov 26, 2011 at 7:10 PM, Werner Koch wrote:
> On Sat, 26 Nov 2011 18:25, nicholas.c...@gmail.com said:
>
>> The GPG project itself must have hit many of these issues. Is there a
>
> No, we don't. GnuPG has originally been developed in Germany because we
> have been able to do that withou
On Tue, Dec 20, 2011 at 4:26 PM, Werner Koch wrote:
> * GPG does not anymore use secring.gpg but delegates all secret key
> operations to gpg-agent. The import command moves secret keys to
> the agent.
>
> * The OpenPGP import command is now able to merge secret keys.
I see that the man p
> * GPG does not anymore use secring.gpg but delegates all secret key
> operations to gpg-agent. The import command moves secret keys to
> the agent.
How will this interact with the --homedir option? Will --homedir be
passed to gpg-agent or are the two entirely separate?
I ask because at t
On Friday, December 23, 2011, Werner Koch wrote:
> On Fri, 23 Dec 2011 19:29, nicholas.c...@gmail.com said:
>
>> How will this interact with the --homedir option? Will --homedir be
>> passed to gpg-agent or are the two entirely separate?
>
> No it won't. The gpg-agent has its own --homedir optio
On Wed, Jan 4, 2012 at 9:33 AM, Werner Koch wrote:
> On Tue, 3 Jan 2012 21:16, go...@fsfe.org said:
>
>> Werner, is that correct? The card you gave me at FSCONS back in 2009
>> states that 3072 Bits is the maximum key size. I use 2048 Bit keys at
>
> They state 3072 because that is what GnuPG sup
On Wed, Jan 4, 2012 at 11:22 AM, Werner Koch wrote:
> On Wed, 4 Jan 2012 11:21, nicholas.c...@gmail.com said:
>
>> http://www.elliptictech.com/applications-suiteb.php (for example)
>>
>> requests will be more and more common until gpg is capable of
>> supporting the latest "state of the art". E
On Wed, Jan 4, 2012 at 1:01 PM, Werner Koch wrote:
> On Wed, 4 Jan 2012 13:37, nicholas.c...@gmail.com said:
>
>> Is there any plan to back-port the ECC support?
>
> No. We definitely need to move forward with 2.1 and not keep on
> updating 2.0. It would be quite some work to integrate that in
On Tue, Jan 31, 2012 at 8:15 AM, Werner Koch wrote:
> On Tue, 31 Jan 2012 00:06, faramir...@gmail.com said:
>> Hello,
>> Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 (
>> 0x4F25E3B6 ) the current key used for signing files? I suppose it is,
>
> Yes, it is. See my OpenPGP mail h
> ---re #5: Is RSA-2048 really enough?
>
> ***start 2nd sentence : And other organizations to whom encryption
> is important (such as RSA...*** [The world changes, and maybe
> an explicit endorsement might not be so appropriate tomorrow,
> but embarassing or similar to change then. Just mentioni
>> There's a slight confusion in these answers that I think it would be
>> really helpful to address in an FAQ.
>
> Yes, there is. Unfortunately, the answer is kind of messy.
[ snip ]
Thank you for a really good and useful answer. I hope some of that
can make it into the FAQ.
If I understand y
On Wed, Jul 11, 2012 at 11:25 AM, Werner Koch wrote:
> On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
>
>> V5 discussions will not kick off in earnest until NIST announces the new
>> hash standard, or so I've heard people from the working group say.
>
> And even then it will take 5 years or
On Thu, Jul 26, 2012 at 8:34 PM, Kevin Kammer
wrote:
> Well, the inevitable has happened, again.
>
> I just upgraded from Mac OS X 10.7 to 10.8, and my ZeitControl cards,
> which were formerly working perfectly, are now inaccessible.
>
> ~ $ gpg2 --card-status
> gpg: selecting openpgp failed: Card
On Monday, August 27, 2012, Arthur Rance wrote:
> Hello,
>
> I'm a noob and I'm going to export a subkey :
>
> $ gpg --list-keys
>
> pub 2048R/12345678 2010-01-01
> uid Arthur Rance 'cvml', 'arthur_ra...@noob.com');>
> >
> sub 2048R/90123456 2010-01-01
> sub 2048R/78901234
On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
> On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
>> Hello,
>>
>> are there arguments for preferring either
>>
>> a) having one RSA subkey for decryption only and one for signing only
>>
>> or
>>
>> b) having only one RSA subkey for b
On Tue, Dec 4, 2012 at 5:32 PM, Hubert Kario wrote:
> On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote:
>> On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
>> > On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
>> >> Do any problems arise
Meant to post this to the list. Blame gmail.
-- Forwarded message --
From: Nicholas Cole
Date: Tue, Dec 4, 2012 at 7:10 PM
Subject: Re: Seperate RSA subkeys for decryption and signing or one for both?
To: Hubert Kario
> How do you propose an attacker could force me to s
Dear List,
Is there a protocol documented anywhere for using PGP Keys for
client-server authentications? I assume that various naive approaches have
all sorts of serious problems.
Best wishes,
N.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
On Mon, Mar 18, 2013 at 9:14 AM, Werner Koch wrote:
> On Sat, 16 Mar 2013 12:36, a...@guardianproject.info said:
>
> > This seems like a better application of S/MIME as it, by design, is
> > centralized in the manner you describe.
>
> Hwever, with S/MIME you can _only_ do a centralized key manage
I've just compiled gnupg-1.4.1 on Mac OS X, and
noticed that it does not give the warning I'm used to
on Linux about secure memory. Is that normal? There
is a configure option to --enable-m-guard, but I can't
find any documentation about it.
Best,
N
Send instant messages to your online frien
--- Werner Koch <[EMAIL PROTECTED]> wrote:
> It may not be widely adopted but nevertheless it is
> the standard to
> make sure that confidential information can be send
> over the Internet.
> It is used all over the Net and major industry
> players are using it
> and even requring that suppkier
--- Tad Marko <[EMAIL PROTECTED]> wrote:
> > You can't. That's like asking how you can stop
> other people from
> > printing out badges that say "I am Tad Marko" and
> pinning them to their
> > shirts.
>
> I'm not asking for that. I want them to not say that
> a given key goes
> to [EMAIL PROTE
Am I right that there is no easy way to create an
expiring UID (as opposed to an expiring key).
--ask-cert-expire seems to be ignored when using
adduid in the edit menu.
Is there a good reason for this?
Best, N.
___
--- David Shaw wrote:
> On Fri, Nov 04, 2005 at 04:59:01PM +0000, Nicholas
> Cole wrote:
> > Am I right that there is no easy way to create an
> > expiring UIUIDas opposed to an expiring key).
> >
> > --ask-cert-expire seems to be ignored when using
> >
--- Kurt Fitzner <[EMAIL PROTECTED]> wrote:
> Realos wrote:
> > What would you suggest in this case? A brute force
> attack with some
> > software if I know part of the password? What tool
> is suitable for that?
>
> There isn't any software that I know of to
> brute-force a GnuPG password.
Act
--- "Robert J. Hansen" <[EMAIL PROTECTED]> wrote:
[snip]
> For whatever it's worth, some critics of OpenPGP
> point to the lack of a
> hash function firewall in DSA and DSA2 keys as a big
> unresolved security
> issue. These critics are of the opinion the RSA
> signature specification
> is better
--- Werner Koch <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I received yet another logo suggestion and thus I
> decided to setup a
> web page to show them all:
>
> http://logo-contest.gnupg.org/
My vote, such as it is, is for the one on the far
right by Simon Josefsson.
I don't have the artistic s
> Of course that it doesn't mean that HTML should be
> banished completely
> from the 'lectronic mail world, but it has its
> essential limitations as
> for the cryptographic routines.
Mica,
Thank you for your email. It made me reflect. I had
been ignoring this discussion. HTML emails are here
--- Ryan Malayter <[EMAIL PROTECTED]> wrote:
> Again I must state that one has little to do with
> the other. MHTML's
> MIME format may not play nice with PGP/MIME's
> encapsultation format,
> but it didn't *have* to be that way. S/MIME, for
> example, seems to
> make provisions for playing nicel
> Nicholas Cole wrote:
> > Is there anything else about an HTML email that
> raises a red flag
> > from a security point of view?
>
> Define 'HTML email', please. If you're talking
> about simple XML, the
> security concerns are different than i
On 8/7/07, Robert J. Hansen <[EMAIL PROTECTED]> wrote:
> Problem 1: key signatures. He says he couldn't figure out what he
> needed to do with the keys. Did he need to sign them? Trust them?
> What's validity and otrust again? Who should be set up as a trusted
> introducer? Why wasn't the cur
On Sat, Feb 16, 2008 at 3:00 AM, Texaskilt <[EMAIL PROTECTED]> wrote:
>
> Looks like this is ADK. Is there any way to do this on gpg?
GPG does not implement ADK. I think that, historically, it seemed too
much like the kind of key escrow systems that governments have from
time to time talked abo
1 - 100 of 112 matches
Mail list logo
