Re: Changing the email address of a key
On 28/08/12 21:54, Richi Lists wrote: Will this also write also to the smart-card or are the changes only in the local keyring? UIDs are not stored on the smartcard, so it does not matter. I'm a bit hesitant because the full disk encryption on my netbook works also with the same key, and I don't want to reinstall the whole thing. Understandable. If I understand correctly, you used GnuPG to encrypt the file that unlocks your netbook? In that case, the *uid commands should be safe, because they do not influence decryption of files. To be on the safe side, keep a copy of your key as it is now, and after you changed the e-mail address, try to decrypt some file. If that works, it should also decrypt the file that unlocks your netbook. It is wise to keep a copy of your key as it is now around just in case, anyway. If you do something wrong, you can take the backup and start over. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing eMails doesn't work anymore
On Tue, 28 Aug 2012 21:48, ricu...@gmail.com said: F Hi Werner, the ! exclamation mark did the trick! I tried specifying the subkey I wanted before, but only the exclamation mark makes it work. With the exclamation mark, also signing in evolution works again. Is this documented somewhere? HOW TO SPECIFY A USER ID [...] By key Id. This format is deduced from the length of the string and its content or 0x prefix. The key Id of an X.509 certificate are the low 64 bits of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for all automated processing the fingerprint should be used. When using gpg an exclamation mark (!) may be appended to force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. GPG uses by default the last created subkey. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
Stan Tobias st...@mailshack.com wrote: but generally people don't like to be excluded, people want everyone to be open. What I should have added here, is that it's a symmetric relation, and people normally don't like to exclude others, as well. Avoiding others is not a trait of _usual_ _social_ behaviour, and by extension, I argue that encryption might not be compatible with how people normally act or perceive the world around them. It's not an argument against encryption as such, but rather against ubiquitous encryption. I argue that when Johnny doesn't have anything to hide, maybe there are good (social) reasons why he abstains from encrypting, either consciously or unconsciously, not him just being lazy or incapable. -st ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What is stopping PKI from growing was: Re: what is killing PKI?
Hello List! I'm (for some of you) your worst nightmare. Somebody who does not master the fine arts of cryptography, yet has an oppinion about cryptography. I might say I enjoy reading the thread on PKI, but I wasn't able to read it all. Please understand this is not a flame against Landon, but rather at the whole culture of having a debate that puts people into two groups: a small one formed by initiated and a huge one with lay people. I am using his message, yet the ideas were already used on other debates and on other sites / forums / mlists. Bottom line, it's for everyone who might feel ofended by it and not for those who might find it anything but offensive. On Wed, Aug 29, 2012, at 06:00, Landon Hurley wrote: In that case, perception of threat and more importantly loss of tangible goods keeps PIN secure. Obviously that works for envelopes as well, but honestly I think economics probably holds even more strongly. It's cheaper to buy a ton of envelopes than an equal number of postcards. That's one of the best examples of a straw man fallacies. I'm quite sure it wasn't intended, as you were probably just fighting an older argument. Yet, someone might pick it up and use it. I think the argument with the envelope instead of a postcard is dated before considering encryption as an electronic envelope. Anyway, while the argument is in my oppinion brilliant, the explanation is childish. Or, if you preffer, it looks laid like an egg by the mind of the stereotypical nerd living in a basement. The real postman has way too much on his hands to waste time with every private message. Yet, the message might be delivered into the hands of a servant or family member. It's them, the people around, who are the most interested to find out the juicy story. Bringing in economics it's something that pops in more often year by year. Economics is a silly way of putting things. And what you are pointing out it's the accountancy, or bean counting if you preffer, and not economics. With other words, I might not know much about cryptography and its use, yet you guys don't know much about economics either. From an economic point of view, bordering marketing, it would be far better for me to invest into wonderful / interesting postcards which I might obviously stamp with my Business data, thus providing a vehicle for my brand. Even if the accountant might point out it's cheaper to have bulk envelopes and use regular copier paper. To expand the divagation: there are the financial point of view, the accountant point of view, the economics point of view. We can expand to the marketing point of view. All these are put in a blender with some liquid, say barf from the chief editor and processed untill smooth. Everything is than baked in whatever form the chief editor wants and delivered to the masses as economics. Yet, it's still extremely important to make the difference. While we're kicking around pet theories though, I still think web mail has to be a significant barrier. The ratio of people who use a browser rather than a local mua at my uni are something like 4:1. If you get people culturally used to using PKI though, they will, which in this context would mean get them used to it in college. Just like the Microsoft student pricing, the idea should be indoctrinate at a relatively young age, so that they come to expect it later. I find it sickening the absolutist way of thinking when there's the place for relativism. I know both terms have various meanings nowadays so bare with me. Terrorism is relative. I make you live in fear. I am a terrorist. You find a way to threaten my family in a desperate and ilogical / aberrant attempt to stop me. Bravo! You are a terrorist too. Media and political voices today are doing what has been done for millenia: impose an absolutist view. I am terrorised by that guy I have a right to do whatever is neccesary to stop him or her. With a wonderful omision: nobody ever steps forward to specify what falls into whatever is neccesary. With other words: the assumed victim can prove far more vicious than the former agressor. What Microsoft is doing around the world is indoctrination. Although it's a light indoctination as college students around the world don't feel an impulse to call the BSA hotline when they get an unlicensed copy of some software. What people should do is educate. Not indoctrinate. And even accept the possibility people would choose otherwise. But you are right with the first part of this paragraph. While every once in a while there is a talk started somewhere, somehow about cryptography and how people do not use it, there are far less on campus training sessions. Highschool teachers are not stimulated with some credit points somewhere if they follow some classes about privacy. It's mostly a dry exchange of theories of why the World is the way it is now. Really, while people are giving savant talks about why OTHER people are not going their way, there are only a
A password, a passphrase, how about a passfile?
I felt offended by my own email: What is stopping PKI from growing. So I come with a question: some security apps like TrueCrypt and KeePass allow the user to use a keyfile instead of a password. Now, given a file filled with values 0 to 255 as random as they possibly can get, a keyfile is the ideal key. Only that can be mistaken by the bad guys as encrypted data. So, thanks to the guys with the deniabily feature enabled in their cryptography apps, one risks to get a few nails pulled at best. Or it can turn back home in more plastic bags he or she can count. I'm thinking, as a lay person, how would a simple, regular, obvious file fare as a keyfile? Would a 6Mb wav fit the bill? Would a 3.5Mb compressed flac file do any better? Would a 125Kb jpeg of a grandmother be better or worse? Would a rather random 60Kb quote from the Shakespeare, the Bible or the Koran in ASCII or UTF-8 be better than my 26 hard to guess password? How about a 2Kb useless, pointless pdf? Or it's 3Kb standard, plain zip? Cheers! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A password, a passphrase, how about a passfile?
On 29/08/12 11:49, antispa...@sent.at wrote: I felt offended by my own email: What is stopping PKI from growing. So I come with a question: some security apps like TrueCrypt and KeePass allow the user to use a keyfile instead of a password. Note that your changing access to the key from what you know (passphrase) into what you have (a file). That's quite a change that's often not what you want. In two-factor authentication, you use both. A smartcard with a PIN is an example. But depending on just what you have... Other than that, the suitability of a file depends on how it is turned into accessing the key (is it hashed?) and whether an attacker could just, for instance, try downloading mp3's of songs they know you like and try them as keys. Or take your private photo collection from a backup you left lingering around and try all those photo's. If the attacker has a collection of files which does contain the correct file, a computer should have no trouble at all trying all those files in a very short time. In short, it seems like a bad idea to me. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
I can't get it to work wether I try it on the primary or the sub key and whether I use gpg or gpg2. Rgds Richard $ gpg2 -v --edit-key E8401492! gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: using subkey E8401492 instead of primary key 0AE275A9 Secret key is available. gpg: using PGP trust model pub 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05 usage: SC trust: ultimate validity: ultimate sub 2048R/8760DB3E created: 2012-08-07 expires: never usage: E sub 2048R/E8401492 created: 2012-08-07 expires: never usage: S sub 2048R/5A097EF6 created: 2012-08-07 expires: never usage: S sub 2048R/EC980139 created: 2012-08-07 expires: 2022-08-05 usage: E [ultimate] (1). Richard Ulrich (ulrichard) richi...@gmail.com gpg adduid Real name: Richard Ulrich Email address: ri...@paraeasy.ch Comment: ulrichard You selected this USER-ID: Richard Ulrich (ulrichard) ri...@paraeasy.ch Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: secret key parts are not available gpg: signing failed: Unusable secret key $ gpg2 -s -v -u E8401492! setup_my_system.sh gpg: no secret subkey for public subkey EC980139 - ignoring gpg: using subkey E8401492 instead of primary key 0AE275A9 gpg: writing to `setup_my_system.sh.gpg' gpg: using subkey E8401492 instead of primary key 0AE275A9 gpg: RSA/SHA1 signature from: E8401492 Richard Ulrich (ulrichard) richi...@gmail.com On Mi, 2012-08-29 at 08:49 +0200, Peter Lebbing wrote: On 28/08/12 21:54, Richi Lists wrote: Will this also write also to the smart-card or are the changes only in the local keyring? UIDs are not stored on the smartcard, so it does not matter. I'm a bit hesitant because the full disk encryption on my netbook works also with the same key, and I don't want to reinstall the whole thing. Understandable. If I understand correctly, you used GnuPG to encrypt the file that unlocks your netbook? In that case, the *uid commands should be safe, because they do not influence decryption of files. To be on the safe side, keep a copy of your key as it is now, and after you changed the e-mail address, try to decrypt some file. If that works, it should also decrypt the file that unlocks your netbook. It is wise to keep a copy of your key as it is now around just in case, anyway. If you do something wrong, you can take the backup and start over. Peter. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
On 29/08/12 13:53, Richi Lists wrote: I can't get it to work wether I try it on the primary or the sub key and whether I use gpg or gpg2. [...] $ gpg2 -v --edit-key E8401492! [...] gpg: using subkey E8401492 instead of primary key 0AE275A9 Secret key is available. Why are you forcing using the subkey? An UID is /always/ on the primary key, it makes no sense to make an UID on the subkey. I think. Simply losing the exclamation mark should fix it, or just specify $ gpg2 --edit-key 0AE275A9 Also, apart from UIDs on subkeys making no sense, it would seem to me that an UID needs to be bound with a Certification-capable signing key, whereas your signing subkey E8401492 can only make signatures on data. That's probably why GnuPG says: gpg: signing failed: Unusable secret key Although it could also be that the secret part for that subkey is simply not available? I'm not sure whether the secret key is available message I quoted above pertains to the primary key or the secret subkey you forced on the command line. If you still have problems after this explanation, please provide more data about your setup. You have two encryption subkeys, two data signature subkeys, and GnuPG complains that there are secret parts missing. It will be a lot easier to help you if you can explain what pieces of data are where :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Wed, Aug 29, 2012 at 12:00:22AM -0400, Landon Hurley wrote: [snip] The barrier is solely cultural, not technical. Enigmail, Thunderbird and gpg4win are trivial to set up. The first time I did it, it was on the phone, talking someone through it. So we either need to invent some sort of massive threat perception to unite everyone to adopt PKI, or just continue to push it as a grass roots movement. Or if some kind person would like to introduce a viable third option, I think a decent portion of humanity would owe him/her a debt. On the other hand, I'm advocating a rather heavy handed, Platonian, do it for people's own good even if they don't like it/decide they need it, so I'm sure at least some, or even most, will disagree as well. I will add my confession to the pile of selfish reasons to want to have PKI become widespread. I'm not sure that the average person's current mode of living really exposes him to a threat big enough to take seriously. Rather than a threat of actual loss, I feel that we face an opportunity cost: there are things we could do differently, arguably better, if we could do them securely via electronic media. We simply wouldn't think of discussing possibly embarassing personal matters with our doctors by email, even if the doctors would agree to, so we don't ask. We still carry around hand-scrawled prescriptions, or cross our fingers and hope that the doctor's FAX calls to the pharmacy are really secure, when we could (given the infrastructure) get a (long!) number that can be verified as coming from the doctor, verified to still say what he said, and unlocked only with our personal smart card and PIN. (Also it would have to be typewritten, so it wouldn't be so hard to interpret. :-) We could do e-commerce without worrying about our trading partners' losing a truckload of backup tapes or being massively compromised from afar, because we would never give them any secrets worth stealing. We could manage a handful of certificate passwords instead of a thousand website passwords. We could probably do a lot of other stuff that I haven't thought of because, in our present nearly-naked condition, it's unthinkable. Individuals wouldn't be the only beneficiaries. The first bank in town to offer free or discounted certificates *and* more-secure e-banking would have a competitive advantage. The first e-tailer to offer security the others can't touch should win the business of consumers who are worried by all the 'hackers' capture 200,000 passwords stories in the papers. The doctor or lawyer who adopts a pervasive records security plan (of which customer communications would be but a part) should be able to negotiate lower insurance premiums. It seems to me that people are leaving money on the table all over. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpCWucmGSdXw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Web-based pinentry
Hello, I'm the maintainer of a PHP package that integrates with GnuPG (https://github.com/gauthierm/Crypt_GPG) The package is used on a website to allow decrypting stored messages. This is accomplished using the --status-fd and --command-fd options of GnuPG, allowing the passing of passphrases. As of GnuPGv2, the --command-fd method of passing passphrases no longer seems to work. Is there an alternative I can use so that the pin entry interface is still a webpage? I would continue to use GnuPGv1, but distributions have stopped including it by default and no longer provide packages. Please let me know what I can use to handle pin-entry in a web-based system. Thanks, Mike ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/29/2012 10:18 AM, Mark H. Wood wrote: On Wed, Aug 29, 2012 at 12:00:22AM -0400, Landon Hurley wrote: [snip] The barrier is solely cultural, not technical. Enigmail, Thunderbird and gpg4win are trivial to set up. The first time I did it, it was on the phone, talking someone through it. So we either need to invent some sort of massive threat perception to unite everyone to adopt PKI, or just continue to push it as a grass roots movement. Or if some kind person would like to introduce a viable third option, I think a decent portion of humanity would owe him/her a debt. On the other hand, I'm advocating a rather heavy handed, Platonian, do it for people's own good even if they don't like it/decide they need it, so I'm sure at least some, or even most, will disagree as well. I will add my confession to the pile of selfish reasons to want to have PKI become widespread. I'm not sure that the average person's current mode of living really exposes him to a threat big enough to take seriously. Rather than a threat of actual loss, I feel that we face an opportunity cost: there are things we could do differently, arguably better, if we could do them securely via electronic media. We simply wouldn't think of discussing possibly embarassing personal matters with our doctors by email, even if the doctors would agree to, so we don't ask. We still carry around hand-scrawled prescriptions, or cross our fingers and hope that the doctor's FAX calls to the pharmacy are really secure, when we could (given the infrastructure) get a (long!) number that can be verified as coming from the doctor, verified to still say what he said, and unlocked only with our personal smart card and PIN. (Also it would have to be typewritten, so it wouldn't be so hard to interpret. :-) We could do e-commerce without worrying about our trading partners' losing a truckload of backup tapes or being massively compromised from afar, because we would never give them any secrets worth stealing. We could manage a handful of certificate passwords instead of a thousand website passwords. We could probably do a lot of other stuff that I haven't thought of because, in our present nearly-naked condition, it's unthinkable. Individuals wouldn't be the only beneficiaries. The first bank in town to offer free or discounted certificates *and* more-secure e-banking would have a competitive advantage. The first e-tailer to offer security the others can't touch should win the business of consumers who are worried by all the 'hackers' capture 200,000 passwords stories in the papers. The doctor or lawyer who adopts a pervasive records security plan (of which customer communications would be but a part) should be able to negotiate lower insurance premiums. It seems to me that people are leaving money on the table all over. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Sorry, I was using the term threat and cost of not utilizing an opportunity interchangeably in my head. I completely agree with you, there are things I also had a thing about businesses originally in there, and dropped it because I didn't want to throw even more text in one email. Again, completely agree. As for your second paragraph, I don't even trust my pharmacy to actually act upon stuff they receive in some cases. I wish they could actually be secure, but I don't anticipate it. I honestly wish I could change from a mail order company. I do have a question about where you talk about backups though. How does PKI prevent back up loss? Landon - -- Violence is the last refuge of the incompetent. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQPmoqAAoJEDeph/0fVJWsAVEP/3TzM+CZtvsBYIFSAohDZTOy vK5K4X4go1ksjmIaD2hvcYMqPYsVCpHjJ9nPNqALyPcKdAkHspownLGdSYZEsfkm +h7Ik17kjHJojtez5h7kLAVNNT+aYBZJB+KbeTtkEMOhNFZQmOc/lt0mMYf9ilvC PowD5XMxeY92IRTqgN3qh0P2wA78+8jM5Mvppri/N77l3TcbTBH1ViB5bTi7hTLm yjvCTjADt5an1DHYO1FG3BH3s3wuYAi+BnOJNOm8cIfqT2P4txWJRvlbDVhpFaBj rmhRp4f0s+JxAWbJeZTW6cEYv5grD4ZnxYj4Dr2padTLconIUCjAe1eXiYldP2Pu 9WmA60iDn1PtfXV4gEXd9JficRWaUMcCBc5pbhtSK2iDrI0zWkuMPSXVYZ9n4Ta/ JlddtMR7NRIrQVhHR2tj57HpzxQykru3j3uea+ZbKCJW0thJMeK2sQ5Fx5A6efGi 4TIIzeXpL0QCCHYdyRe8vTUCetabMFFAm6ouWdU1ne/EJp+QVXhhpksQ5jI9c+9/ 7uCByzRXMdqUsRf5wLqzk5jtpG7qyjTQDVlut7UJNZr8r2seropfiIKwlN1+3FL0 VSRnuGFhAhpIppt36rRhcE8KkgOaKT7hr24+Gu4Xfzk2lE8LYVwrS6xjUffYZOe5 MxTdfg9IyTGF5DgTEAvV =gg2G -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 28-08-2012 18:27, Stan Tobias escribió: ... What would happen if you start reading your daughter's diary everyday, but never let anybody catch you reading it? And you are ... I would be violating her privacy. Right, that was my point. From your previous message, I got the idea you suggested if we want to use buses, we must use them, if we want privacy, we must send clear text messages and claim don't read them!. But it can only work if we get aware about people violating our rights. With email messages that is not the case (unless people disclosure things they saw on the messages). What happens with her right to privacy? Nothing, she still has that right. Ok, my fault, I was talking about privacy and not about her rights. Well, what should she do to ensure her privacy is respected and not violated, if she can't know if somebody is reading her diary? I can leave my passwords on a piece of paper next to my screen, I know my mother won't read them, and certainly she won't use them. I know her and I trust her. But I don't know the guy sitting with a laptop on the next cafeteria table, I don't know the administrators in my ISP, and I don't know the path my email messages will follow to reach the recipient's email box, so I don't have any reason to trust that people. And since the email can be read at several points, by several people, even if I see the content posted somewhere, unless I can track the person that posted it, there are many possible Eves, I can't know which one intercepted it, so I can't sue anybody. So my options are to encrypt my messages, or to assume they can be read and I must not send passwords or other sensitive data. ... obvious. Note it's usually alright to read diaries of long-deceased persons. For another example, suppose she was kidnaped - it would be alright to view her diary in order to help her. I agree. Maybe I made a mistake comparing her diary with email messages, since her diary is at her home (no strangers should be able to enter the house), while emails are out there, you don't even know who can have access to them. ... So, in order to enforce our right to privacy, we use a tool to make it really hard to break our right to privacy (a subpoena is very I think we talk different languages here. You have a right to privacy whether it's breached or not (I think it's kind of a human right, Yes, my fault, I was talking about privacy. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBCAAGBQJQPo9/AAoJEMV4f6PvczxA8/MH/2N3e8hXiq3F0rGN1i11RBMR JpS9YvEVy8w5RwVATxWRKiS4XxlDJ0SeY71Yz3mxM2HvrlAU6mxolDzbEL0NQmDH GvDC/l4tsEWmgDRbJodlhcfIsjd2VWPRJr9MTb2g+50AcFhKb9ScCRQlXzDVZtyy vKgmyUEZnNVjfcH1oMK6r3mF7OVsdnskodYvwbmZt1u9PsMFRVNhT+D/FK7ao91Q Tu+SO/H0wSBX4khfdL45qP+Iq8dLUKmpuafyV4S1KvrqVZTp6Q5ffP2zEIakX3jg HM0y5MUDORdLAo2OiEflZdxgpugw/SCzbEzIS8v14Cr1uWFNcwe/k2LWT9snpos= =/RcE -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI? (I forgot to mention)
Well, PKI is used by at least one country on a national level , it works pretty well, http://bankid.com , it is issued for free by all major banks, and there are other PKI solutions issued by a few other companies which have national adoption. You pay a bit extra with your mobile carrier if you want the private key in a sim card of a cell-phone, but then you have a mobile PKI solution.. You login to your bank website with the security device (there are two main types) , and download the personal certificate into the client-side program ( nexus personal) , and it is valid for one year. This gives you a wide-range of options in the entire country, as you can use most government and many government functions automatically without needing a un/pw, and digital signatures are used to sign statements, file taxes (automated) , etc. On the server-side, as far as i know, the instituting agency/company simply requires a bankid server for e-legitimation. Bankid is a nationally subsidized program, and it is mandated for most local and federal agencies to be compatible with it (many are coming to speed) , for efficiency, security, and less paperwork (sending usernames/ passwords via post costs trees, ink, time, and money) - however the old way is still an option. I had forgotten about it (as it is quite ubiquitous now), but just wanted to toss that into the discussion.. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 August 2012 at 5:00:22 AM, in mid:503d93d6.3050...@gmail.com, Landon Hurley wrote: In that case, perception of threat and more importantly loss of tangible goods keeps PIN secure. Having perceived others as dishonest people who would steal your money (which in this context is simply information held by the bank), it is inconsistent to trust them not to steal the rest of your information. Obviously that works for envelopes as well, but honestly I think economics probably holds even more strongly. It's cheaper to buy a ton of envelopes than an equal number of postcards. But if I use a postcard, there's no notepaper to pay for. And in some countries postage is cheaper for postcards. I think most people use envelopes because they perceive it as the common practice. Envelopes require no tools to open, so they barely inconvenience the recipient. The envelope is analogous to a self-decrypting message that the recipient can trivially open on their PC or phone without installing any special tool. - -- Best regards MFPAmailto:expires2...@rocketmail.com When you're caffeinated, all is right with the world -BEGIN PGP SIGNATURE- iQCVAwUBUD7Cc6ipC46tDG5pAQpd/AP9ERbZNmkqWxNtGmc+RRqQCWpTEB7NpMmU ETHEi3EPYj+/XkwxNHvc0xeXm3bQhRLpA4GzbN/AxnuKcLI3pWSj0SDr96UD8jXO Y0fEXd8+6sf/iWK0zCpbf3+LT+qCsrQozG35r/qvOnQZW3RdQOWpwrOKwzjClSHi vYhOdmoE7Vo= =lgOH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 August 2012 at 8:50:40 AM, in mid:503dc9d0.vmezcgmi+yoktybs%st...@mailshack.com, Stan Tobias wrote: What I should have added here, is that it's a symmetric relation, and people normally don't like to exclude others, as well. Avoiding others is not a trait of _usual_ _social_ behaviour, There are innumerable clubs that require membership in order to participate. This indicates that avoiding/excluding others *is* a well-established usual social behaviour. - -- Best regards MFPAmailto:expires2...@rocketmail.com You can't build a reputation on what you are going to do -BEGIN PGP SIGNATURE- iQCVAwUBUD7HuKipC46tDG5pAQpDEwQAxCZ82VqjlMSt9Pc8xcGeOsnaz5kPU+pa QDzkU0PpZQVSoXv9rrAOE4NJAqLT/LNDeH8ROOs99TMKogcogQZmvRr7NVSQbXpU qG6JguoB7WS89p4dJso0p5GwEb5rtCQKbmP6AH2NNMBY7eXacNPSbupMYZBqUZYo rzv8c2uMxnc= =76yl -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users