All,
I'm in the process of writing a blog entry about the PKA and CERT methods.
A couple people have written them a long time ago, and I'd like to bring
some of the info up to date. (If this is better asked on gnupg-dev, let me know).
For starters:
1) Currently the only tool that can
wordiness. We have quite a bit of ground to
cover.
On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote:
1) Currently the only tool that can generate a CERT record, make-dns-cert,
is not built or packaged by default under any os I've found (I've tried
FreeBSD and ubuntu). It has
On Thu, 15 Oct 2009, David Shaw wrote:
On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote:
I'm running:
echo foo | gpg -v -v --auto-key-locate cert --recipient gu...@gushi.org
--encrypt -a
And get gpg: error retrieving `gu...@gushi.org' via DNS CERT: No
fingerprint
I exported
On Wed, 21 Oct 2009, David Shaw wrote:
On Oct 20, 2009, at 10:55 PM, Dan Mahoney, System Admin wrote:
On Thu, 15 Oct 2009, David Shaw wrote:
On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote:
I'm running:
echo foo | gpg -v -v --auto-key-locate cert --recipient gu...@gushi.org
On Wed, 21 Oct 2009, David Shaw wrote:
You didn't give an actual version number (run gpg2 --version), so I can only
make an educated guess, but I do think I see your problem. You don't have
one key in your CERT - you have two (309C17C5 and 624BB249) combined into one
DNS record. That
All,
I've written a pretty conclusive howto on how to publish keys in DNS,
including detailing the advantages and disadvantages of each method, with
full examples, details on testing, and real-world output.
I've also re-implemented make-dns-cert as a shell script, so that it's
more easily
On Thu, 29 Oct 2009, Ciprian Dorin, Craciun wrote:
On Thu, Oct 29, 2009 at 7:52 AM, Dan Mahoney, System Admin
d...@prime.gushi.org wrote:
All,
I've written a pretty conclusive howto on how to publish keys in DNS,
including detailing the advantages and disadvantages of each method, with
full
On Sat, 2 Jan 2010, David Shaw wrote:
On Jan 2, 2010, at 11:10 PM, Faramir wrote:
Allen Schultz escribió:
GnuPG-Users:
Is there a way to force an expiration date when encrypting a message
for additional security. I have a friend who is inquiring. I've
already informed him of the for his/her
On Thu, 29 Oct 2009, Dan Mahoney, System Admin wrote:
All,
I've written a pretty conclusive howto on how to publish keys in DNS,
including detailing the advantages and disadvantages of each method, with
full examples, details on testing, and real-world output.
I've also re-implemented make
On Mon, 1 Feb 2010, Werner Koch wrote:
Yes, we do this on Windows because we have a well known socket name
there. It may actually happen that two agents are started which does
not harm because the the unused agent detects this case and terminates
itself after some time.
What's the socket
On Sun, 21 Feb 2010, Richard Geddes wrote:
Hello,
Is there a utility that integrates gnupg with (Shamir's Secret Sharing
Scheme)? And maybe using smartcards? If not has anyone seen a HowTo that
shows how to integrate them?
Ikinda do.
I encoded my will with it before some
On Wed, 3 Mar 2010, Grant Olson wrote:
On 3/3/2010 5:26 PM, Sean Rima wrote:
Folks
I downloaded and installed gpg4win-2.0.2rc1. I then tested my pka setup
using:
echo foo | gpg2 --no-default-keyring --keyring c:\temp\gpg --encrypt
--armor --auto-key-locate pka -r s...@srima.eu -v 2
On Thu, 11 Mar 2010, erythrocyte wrote:
With the recent news of researchers being able to crack 1024-bit RSA
keys using power fluctuations, I was wondering if it would be a good
idea to switch the RSA keys I have to some other algorithm. Both my
signing and encryption keys are 4096-bit keys. Am
On Mon, 24 May 2010, raviraj kondraguntla wrote:
Hi,
I am trying to install the gnupg 1.4.10 on solaris 10 server, I have received
the below error
configure:3550: /opt/SUNWspro/bin/cc --version 5
./configure: line 3551: /opt/SUNWspro/bin/cc: No such file or directory
configure:3553: $? = 127
On Sun, 30 May 2010, Michael D. Berger wrote:
On a Linux box, in encrypting a file with gpg, I get this query:
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key
On Tue, 22 Jun 2010, Robert J. Hansen wrote:
On 6/22/10 10:09 PM, Dan Mahoney, System Admin wrote:
Is this very old and it's now supported? Or is it still not in for some
other reason (either oversight, legal, or other).
By modern standards, IDEA is not considered a promising cipher
It seems there's two interesting problems which inter-relate.
The first is PGP corporation's global directory, which seems to operate
orthogonally from every other keyserver I've seen. It's HTTP-only, not
queryable by any of the open-source clients (in fact, it doesn't support
wildcard
On Tue, 22 Jun 2010, David Shaw wrote:
On Jun 22, 2010, at 11:02 PM, Dan Mahoney, System Admin wrote:
It seems there's two interesting problems which inter-relate.
The first is PGP corporation's global directory, which seems to
operate orthogonally from every other keyserver I've seen
On Tue, 22 Jun 2010, Dan Mahoney, System Admin wrote:
On Tue, 22 Jun 2010, David Shaw wrote:
On Jun 22, 2010, at 11:02 PM, Dan Mahoney, System Admin wrote:
It seems there's two interesting problems which inter-relate.
The first is PGP corporation's global directory, which seems to operate
Hey all,
Is there an easy syntax to chain multiple keyservers for searching? In
theory it shouldn't be necessary, but there are distinct keyserver
networks out there that don't share, as well as private hkp keyservers
which might need to be searched first.
-Dan
--
SOY BOMB!
-The Chest
On Wed, 23 Jun 2010, MFPA wrote:
PGP Command Output
Warning: using insecure memory!
gpg: Signature made Wed Jun 23 12:59:05 2010 EDT using RSA key ID AD0C6E69
gpg: Good signature from MFPA a...@b.c
gpg: WARNING: This key is not certified
Hey there,
I currently use gnupg 1 from within Alpine (running under screen), and it
works okay, but I had a bear of a time using gpg2 because of the pinentry
stuff. Specifically, gpg was launched within a mail filter, and had no
idea how to spawn a third program (the pinentry window)) in a
All,
How difficult would it be to propose some kind of extension flag to the
PGP key format that in essence says don't publish me to a keyserver.
Note that I'm asking from a technical point of view, not a social (i.e.
making servers support it) or IETF one (insert bikesheds here).
My
On Sun, 27 Jun 2010, David Shaw wrote:
On Jun 27, 2010, at 3:58 PM, Dan Mahoney, System Admin wrote:
All,
How difficult would it be to propose some kind of extension flag to the PGP key format
that in essence says don't publish me to a keyserver. Note that I'm asking
from a technical point
On Sun, 27 Jun 2010, David Shaw wrote:
It's a flag that can be set on a key user ID, similar to cipher or
compression preferences. Run --edit-key on a key, and enter
showpref or pref. You will probably see a mention of Keyserver
no-modify (or no-ks-modify). You can turn it on and off with
On Mon, 28 Jun 2010, David Shaw wrote:
I presently consider synchronization broken. If there were only one
network of keyservers out there, and I didn't have to search multiple
places when trying to sign or request a key, I might think otherwise,
but this is not the case. See my alternate
On Sat, 4 Aug 2012, Robert J. Hansen wrote:
On 08/04/2012 03:26 PM, Sin Trenton wrote:
Is the plan to retire 1.x sometime in a not too distant future (I'm
not saying that I assume an actual time plan being set)?
I am not a GnuPG developer. My information is not definitive. Take it
with a
All,
I have a script that I use to send mail (as part of pine/alpine) that
needs to prompt for my key passphrase.
I run alpine on a private unix server, within a screen session.
It basically works perfectly with gpg1, where I can get an inline prompt
for a password, but gpg2 falls short
On Fri, 3 Jan 2014, Hauke Laging wrote:
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
It basically works perfectly with gpg1, where I can get an inline
prompt for a password, but gpg2 falls short where it tries to set up
some kind of a unix-socket connection to a pinentry
On Fri, 3 Jan 2014, Hauke Laging wrote:
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
It basically works perfectly with gpg1, where I can get an inline
prompt for a password, but gpg2 falls short where it tries to set up
some kind of a unix-socket connection to a pinentry
30 matches
Mail list logo