Secure Private Key Synchronization (RFC)

2015-07-02 Thread Tankred Hase
Hi, I'm Tankred from Whiteout (https://whiteout.io). Me, Werner and other PGP projects discussed a secure way to synchronize a user's private key between devices during the OpenPGP summit in April (https://www.gnupg.org/blog/20150426-openpgp-summit.html). The goal was to formalize and hopefully st

Re: Secure Private Key Synchronization (RFC)

2015-07-03 Thread Tankred Hase
packets in their current implementation. But it makes sense to include subkey packets as well. Something to be clarified in the spec. Tankred > On Thu, Jul 2, 2015 at 6:48 AM, Tankred Hase wrote: >> Hi, >> >> I'm Tankred from Whiteout (https://whiteout.io). Me, Werner an

CORS requests not working in SKS 1.1.5

2015-12-09 Thread Tankred Hase
Hey, Tankred from OpenPGP.js / Whiteout.io here. I’m currently testing HTTP CORS request to SKS via JS in the browser after having read the announcement on v1.1.5 (https://lists.gnupg.org/pipermail/gnupg-users/2014-May/049682.html). Unfortunately I’m getting a 502 (Bad Gateway) response. Upon f

Re: CORS requests not working in SKS 1.1.5

2015-12-10 Thread Tankred Hase
It seems I just some connection problems yesterday that caused the 502. Thanks to Daniel Roesler to providing help. I’ve implemented initial HKP support to OpenPGP.js. Comments welcome: https://github.com/openpgpjs/openpgpjs/pull/380 Thanks! Tankred > Am 10.12.2015 um 13:28 schrieb Tank

AES-GCM and AEAD Protected Data Packet (IETF draft)

2016-03-22 Thread Tankred Hase
Hi, I’ve implemented initial support for AES-GCM in OpenPGP.js using the IETF draft for authenticated encryption: https://tools.ietf.org/html/draft-ford-openpgp-format-00 I’ve created a pull request on GitHub for the implementation. The specification leaves quite a bit of wiggle room and I’ve

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

2016-03-23 Thread Tankred Hase
Hi Werner, thanks for quick response. > Am 23.03.2016 um 22:56 schrieb Werner Koch : > > As I mentioned on the WG list, I would really like to see OCB used for > OpenPGP. OCB is far superior over any other AE modes. There are no > software patent issues even for closed source software with the

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

2016-03-23 Thread Tankred Hase
Hi again, > Am 23.03.2016 um 22:56 schrieb Werner Koch : > > On Wed, 23 Mar 2016 03:20, m...@tankredhase.de said: > >> wanted to get the GnuPG community's thoughts. Making GCM the new >> standard mode for symmetric encryption would give us a modern and >> performant alternative to OpenPGP's CFB

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

2016-03-24 Thread Tankred Hase
> They now have a strange mail archive but here is my last message > regrading this topic (also copied below): > > Thanks! > BTW, there will be a WG session at IETF-95 on April 6, 11:00 - 12:30. > You may participate re

Re: AES-GCM and AEAD Protected Data Packet (IETF draft)

2016-03-24 Thread Tankred Hase
> Am 25.03.2016 um 03:20 schrieb Werner Koch : > > On Thu, 24 Mar 2016 11:41, m...@tankredhase.de said: > >> Crypto primitives written in JS are widely considered to be insecure >> due to timing attack vectors. This is why the WebCrypto api was > > and due to lot of other reasons. But this is