Re: RSA only enable to sign
Hi Robert, thanks for the answer, I did that one week ago, and works fine but i need the private key to generate the subkey. But its true that you say, we can enable a subkey of RSA to encrypt. Changing a little my question, why I have only three options in my gpg installation¿? The reason is that I develop a system that import a public key (In theory any algorithm in gpg) and then my system encrypt a file with that public key. Thats an automatic process and I can request the private key to my users because that broke my security protocol. thanks. 2009/9/8 Robert J. Hansen > There are some Spanish-speakers on this list who might be able to give > you a Spanish answer. If you don't mind an English answer, I'll try to > answer it. > > > Can you help me with the next: why I have RSA only to sign¿? > > You need to add an RSA encryption subkey. Go ahead and create a > sign-only RSA key. Then: > >gpg --edit-key [my key ID] addkey > > At the prompt, choose "(6) RSA (encrypt only)". It may be numbered > differently on your machine. > > Go through the rest of the steps and you will have add an RSA encryption > subkey. Send the updated key on to the keyserver network and your > friends can now use that encryption subkey to encrypt data meant for you. > > -- Iván Cervantes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA only enable to sign
There are some Spanish-speakers on this list who might be able to give you a Spanish answer. If you don't mind an English answer, I'll try to answer it. > Can you help me with the next: why I have RSA only to sign¿? You need to add an RSA encryption subkey. Go ahead and create a sign-only RSA key. Then: gpg --edit-key [my key ID] addkey At the prompt, choose "(6) RSA (encrypt only)". It may be numbered differently on your machine. Go through the rest of the steps and you will have add an RSA encryption subkey. Send the updated key on to the keyserver network and your friends can now use that encryption subkey to encrypt data meant for you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RSA only enable to sign
Hi, Can you help me with the next: why I have RSA only to sign¿? Im from Mexico and the link http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#me say that in my country there are no restrictions. i...@ian-laptop:~$ gpg --gen-key gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Por favor seleccione tipo de clave deseado: (1) DSA y ElGamal (por defecto) (2) DSA (sólo firmar) (5) RSA (sólo firmar) ¿Su elección?: Thanks. -- Iván Cervantes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cant get Fellowship card to work
Another update ;-) I copied my Hushmail keys onto the OpenPGP 2.0 card by using the keytocard command. When I run gpg --card-status I can see that my keys are there. But when I try to decrypt a Hushmail email in Thunderbird I get this error: === OpenPGP Security Info Error - secret key needed to decrypt message gpg command line and output: C:\Program Files\GNU\GnuPG\gpg.exe gpg: detected reader `AKS ifdh 0' gpg: detected reader `AKS ifdh 1' gpg: detected reader `AKS VR 0' gpg: detected reader `Aladdin Token JC 0' gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0' gpg: fingerprint on card does not match requested one gpg: encrypted with 2048-bit RSA key, ID xx, created 2006-07-11 ""...@hush.com" " gpg: encrypted with 2048-bit RSA-E key, ID xx, created 2009-05-27 ""xxx...@hushmail.com" " gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available === Can someone explain to me why this is happening? I am really battling to get my keys to work with this OpenPGP card ;-( PS: If I try to decrypt the email by NOT using the OpenPGP 2.0 card then it decrypts the email first time! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cant get Fellowship card to work
I think I should provide a bit more information about my setup, I am REALLY confused now (lol): Vista Home Premium with SP2 Thunderbird 2.0.0.23 Enigmail 0.96.0 SCR3340 ExpressCard Reader OpenPGP 2.0 smart card GPG 1.4.10 Currently I subscribe to Hushmail for my email. I use Thunderbird/Enigmail/GPG to be able to send/receive encrypted/signed PGP email using their service. I have been doing this for about 2 years now and I keep the private key on my laptops (encrypted) drive. After much reading about the OpenPGP 2.0 card I knew I had to have one ;-)) So I bought one the week it was released. I have been playing around with the card today as I have the day off work but it seems to have me lost as to how it works. I generated a test key pair on the OpenPGP card. My understanding of the reason for doing this was that it was the most secure way as the private key never touches your hard drive and its ONLY present on the OpenPGP card (which you can only access with the correct PIN). Heres were I am confused. When I go into "Key Management" in Thunderbird (under the OpenPGP menu) I can see my new key pair listed there even if I remove the OpenPGP card from the reader?! Also, if the cards removed from the reader, I can right click the new key pair in "Key Management" and select "Export keys to file" and it even saves the secret key to the file on my hard drive!!! I thought the whole point of having the key generated ON the OpenPGP card was so that it was secure (by never being on the hard drive)? Whats the point if I can save a copy of it from "Key Management" WHILE the OpenPGP card is not in the reader? The other things is, how do I know when I look at my private keys in "Key Management" which ones are on the OpenPGP card and which ones are stored locally on my hard drive? When I sign/encrypt a test email I don't know for sure if its using the private key off the hard drive or OpenPGP 2.0 card. If anyone can shed some light on this I would greatly appreciate it! I really want to store my Hushmail 2048bit private key on the OpenPGP 2.0 card and access it via the PIN only rather than use the current way I have it configured (ie: private key stored locally on hard drive with no smart card). I thought it would be as easy as copying the Hushmail private key onto the OpenPGP 2.0 card and telling Thunderbird to use the private key from the smart card rather than the hard drive key... On another note, is it possible to completely erase all key on the OpenPGP 2.0 card once I have finished testing them? Thank you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Build Question RE: svn5158
John W. Moore III wrote: > - gpg control packet > Attempting to Build svn5158 with the MSYS/MinGW Environment I came up > short with an Error I haven't seen before. > > In the doc Directory the line below caused the Build process to Fail. > > gnupg1.texi :4: @include 'version.texi' : No such file or directory > > followed by 4 lines of WARNINGS then stopping with > > makeinfo : Removing output file 'gnupg1.info' due to errors ; use > --force to preserve > > There were also 2 recursive Errors preceded by [make] > > Since this one is new to Me and of course I am only interested in the > executables and not any documentation I am asking if anyone here can > offer some Good Orderly Direction or can 'school' Me as to what I have > done wrong. > > TIA > > JOHN ;) > Timestamp: Sunday 06 Sep 2009, 16:10 --400 (Eastern Daylight Time) Hi John In doc\gnupg1.texi change line 4 from: @include 'version.texi to @c include 'version.texi The 'c' after '@' changes the line to a comment (and fixes your problem) That is the quick and dirty fix if you don't need any documentation. Tom ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
problem: OpenPGP Card 2.0 + GnuPG 1.4.10b
Hi! I installed the latest build of GnuPG 1.4.10b for Windows and tested the OpenPGP Card 2.0 the following way: 1. Generated new keys on the OpenPGP Card 2.0 for email address t...@example.com 2. Encrypted a file: "gpg -e -r t...@example.com testfile" 3. Decryted the file: "gpg -d testfile.gpg" Unfortunately I retrieve the following error: C:>gpg -d testfile.gpg gpg: detected reader `Gemplus USB Smart Card Reader 0' gpg: detected reader `Texas Instruments SmartCardSlot 0' Bitte die PIN eingeben gpg: verschlüsselt mit 3072-Bit RSA Schlüssel, ID 278D09E8, erzeugt 2009-09-07 "Test Test " gpg: Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: Allgemeiner Fehler gpg: Entschlüsselung fehlgeschlagen: Geheimer Schlüssel ist nicht vorhanden I don't understand the reason for this problem because the claimed key 278D09E8 is exactly what I generated before. "gpg --card-status" proves that the required key is available: Signature key : 26B2 4BD5 31E2 EE7C 36CD 7DAA 6CEC 5307 03DC 9552 created : 2009-09-07 09:47:35 Encryption key: 60BB 063C 079B 0BF3 E9B2 6E90 BAF2 3ED9 278D 09E8 created : 2009-09-07 09:47:35 Authentication key: C569 0B26 3A53 BFE6 90FE 664C E140 FB78 C4AF AC2D created : 2009-09-07 09:47:35 General key info..: pub 3072R/03DC9552 2009-09-07 Test Test sec> 3072R/03DC9552 erzeugt: 2009-09-07 verfällt: niemals Kartennummer: 002B ssb> 3072R/C4AFAC2D erzeugt: 2009-09-07 verfällt: niemals Kartennummer: 002B ssb> 3072R/278D09E8 erzeugt: 2009-09-07 verfällt: niemals Kartennummer: 002B Any idea what is wrong? Regards Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.0.12 on Windows
Hi, When compiling 2.0.12 on Windows with MinGW/MSYS there was a compilation error on scd/ccid-driver.c because ETIMEDOUT doesn't exist on Windows. This can be fixed by using WSAETIMEDOUT instead. Maybe a simple #ifdef __MINGW32__ can be used to resolve this? Once I replaced this the rest of the build worked fine. Regards Brecht Sanders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cant get Fellowship card to work
I am running Windows Vista. I think I am running the built in driver for the card reader. What additional software do I need to install to get the OpenPGO 2.0 card to work?? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Turning off GPG-Agent on default install of GPG4Win 2.0.0
Allen Schultz schreef: > How do I turn off the GPG Agent in the default install of GPGWin 2.0.0? > I don't like it and don't want it as it keeps asking to frequently for Psi. I think there is an option to install it with or without GPA. -- Henk M. de Bruijn Mozilla Thunderbird 2.0.0.23 (20090812) Enigmail 0.96.0 OpenPGP message encryption and authentication ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users