New project with GnuPG frontend for XBMC

[antipr...@antiprism.ca]

Hello,

This might be interesting to the community:

http://www.antiprism.ca/

AntiPrism is a tool for very secure web-browsing and communication. It 
is implemented as a set of extensions to the OpenELEC-derived media 
center software providing a universal and seamlessly integrated web 
privacy solution for home and small office. It runs from a read-only 
file system within a secure Linux operating environment bootable from a 
USB flash drive or installable on a HDD/SSD. AntiPrism is activated with 
a password used as an encryption key to a hidden file system. Once 
deactivated, it leaves no traces of its operations. The computer device 
running AntiPrism can serve as a media center for watching movies, 
streaming music and games, and general web surfing with the included 
basic web browser, because the basic XBMC/Kodi external plug-ins 
functionalities are preserved and acting as an anonymizing tool in the 
background.


The main differences between AntiPrism and other existing anonymizing 
Linux derivatives (Tails, Whonix, Liberte, etc) are dictated by its 
purpose. AntiPrism provides, basically, a “secure anonymizing media 
center”, a household device that would normally do little when not being 
used for entertainment, but is now loaded with new hidden powers. For 
example, you can anonymously search, download and watch your torrents 
right on the device, without a need to copy them elsewhere. It can run 
as an intermediate or entry node in the anonymous networks extending 
their strength and improving availability. It has a noticeably high 
performance, due to the fast Systemd Linux backend with close to 
real-time IRQ response and low network packets losses.


AntiPrism is implemented as a set of built-in media center plugins. It 
provides anonymous surfing and networking with popular traffic 
anonymizing tools Tor, I2P and Privoxy. It implements a web of trust 
communications security model by using GnuPG for keys and contacts exchange.


Encrypted file container keeps your sensitive data as well as private 
keys, secure identities and so on. Private keys and identities wouldn’t 
leak outside your device even if it is stolen, or your computer is 
infected by viruses/trojans. For encryption, both Cryptsetup 
(Linux-native disk encryption system, default) and TrueCrypt 7.1a 
(optional) are fully supported. For access control, pre-configured 
AppArmor rules are guarding the protected files.


The built-in AntiPrism web browsing, messaging and file sharing services 
are protected with Tor and I2P. Private keys used by Tor, I2P, SSH, 
OpenVPN, etc services of AntiPrism are stored within the encrypted file 
system and are protected with AppArmor kernel security module.


External browsers may use AntiPrism as a secure anonymizing proxy. The 
connection between the browser and AntiPrism can be optionally encrypted 
with a point-to-point VPN tunnel, eliminating the risks of 
intranet-based surveillance.


AntiPrism can be freely downloaded from its GitHub release repository - 
https://github.com/antiprismca/OpenELEC-Antiprism/releases



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3

[flapflap]

Werner Koch:
> I will be at the 31C3 at Hamburg from the 28th (late afternoon) to the
> 30th.  You may find me at the FSFE Assembly or ask there for my local
> communication parameters.

Hi,

is it possible for you (or other FSFE people at the Assembly) to accept
donations for GnuPG (in cash) there?

~flapflap

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mainkey with many subkeys??

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Thursday 11 December 2014 at 2:15:26 PM, in
, Tomo Ruby wrote:



> To be honest I didn't think and search about that too
> much, but that was not the point anyways...

I'm confused. You seemed to be making quite a point of it. (-:



> How do you judge whether to replace the key or not? Of
> course there are obvious opportunities when to replace
> keys but if nothing special (like the system being
> compromised) happens,

Or there are new ideas/standards/technology/exploits such that a
particular key size or algorithm is no longer considered safe, or
something is available with a smaller signature size, for example.

Examples include the introduction of subkeys, larger key sizes (2048
instead of 1024), DSA or DSA2 vs RSA, ...



> I really know only of this
> approach: The more encrypted/signed data I spread over
> the web, the easier it might be for an attacker to
> calculate the secret key. And because of that I'd
> replace on a regular basis. Please correct me here if
> I'm wrong!!

There are others on this list better placed to answer this. As far as
I know, the only thing actually encrypted to your secret key is the
session key for each message.



> See above, besides Enigmail for example uses default
> values with expiration dates...

I did not know that. I guess the Enigmail developers must know what
they are doing _and_why_.



> I'm not sure if I understand you right here but if you
> ask why I would use a subkey to sign, the answer is:
> Because I want to use an offline mainkey and subkeys
> for the daily work...

You were asking why most keys seem to have far fewer subkeys (in use
or expired/revoked) than the advice you were following would lead you
to expect. I was saying that one reason is because a large proportion
of keys do not have a signing subkey. (-;

My old key was a v3 key that didn't support subkeys, and that lasted
me about 11 years. My new key has signing subkeys of both RSA and
EDDSA varieties.

I understand the idea of offline main keys, but don't see how the use
case fits my threat model.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Always borrow money from a pessimist - they don't expect it back
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJUijaDXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwAAoJEGt8dM6zHyXwF1cH/AxVGZX8jSLRcaI8fqFOu2+1
HM/pKrWnVgG+sqog2YQzhHFbXdteI0VmhmkKZVW6z8AJesudVFtrYvXNWmaCPywY
EDNFu05/G38zIIrAAblM4DXaKXOb6/nJeUeXpt+/JDRs+hRAzWpfbb8q3makCqns
1pHvP/q6fzDldttKPP432mGCFqmpZiRROxXcEH+Hsax+h6uFdytE7DMWM0CO0trK
C9ASwZKOzTJ5d+rlRIk0Z09RglJIExfGCDM1+RHmDa1n7B/hMvVt4WMB1d3Vv1ab
1Ha+q0YnNORXTKECbfdv1gHgxSiBub2zRKmV3U0LYlUEdKemFOPizy8gF2l5vOqI
vgQBFgoAZgUCVIo2lF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMAAKCRAXErxGGvd45NfbAQD5rRNgzhyHYHrClccbtLviXCYl
og6lJd9lAh9tjGdIqAEAMkRhtr2WRz6WTdUp7RFR4eUd6KJ86GSXk7o9BRFm0gM=
=zvmJ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3, keysigning party

[Guilhem Moulin]

On Thu, 11 Dec 2014 at 13:22:28 +0100, Peter Lebbing wrote:
> On 11/12/14 11:39, Werner Koch wrote:
>> I will be at the 31C3 at Hamburg from the 28th (late afternoon) to the
>> 30th.  You may find me at the FSFE Assembly or ask there for my local
>> communication parameters.
> 
> I intend to organise a keysigning party if no one else does.

There is one advertized already:

  https://events.ccc.de/congress/2014/wiki/Session:Keysigning_Party

> Now I'm considering a mixed-mode party, basing on Sassaman-Efficient,
> but falling back to slips of paper as produced by e.g. gpg-key2ps for
> people who brought those from home and don't have access to a printer
> while at the congress. Oh, and there's this 2D barcode keysigning
> thing as well, should look it up.

You'll find an alternative to gpg-key2ps(1) in the latest signing-party
package: gpg-key2latex(1).  It produces a nicer output IMHO, including
UAT (photo) and QR code, at the expense of heavier dependencies (such as
texlive).  Disclaimer: I'm the author of that script :-P

-- 
Guilhem.


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3, keysigning party

[Peter Lebbing]

On 11/12/14 17:58, Guilhem Moulin wrote:
> There is one advertized already:

 Excellent!

And thank you for pointing it out, especially since they expect you to sign up
/way before/ the event. I hope they'll allow people in who didn't sign up (who
will bring their own slips of paper or QR code for people to photograph). In
fact, I've mentioned this to the organiser while signing up.

> You'll find an alternative to gpg-key2ps(1) in the latest signing-party
> package: gpg-key2latex(1).  It produces a nicer output IMHO, including
> UAT (photo) and QR code, at the expense of heavier dependencies (such as
> texlive).  Disclaimer: I'm the author of that script :-P

Thanks! That certainly is useful.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Beta for 2.1.1 available

[Hugo Hinterberger]

Hi MFPA,


Hi,

I am still trying to find a working solution


It is more likely you will find help if you start your own thread,
with a subject like that matches what you are talking about.


I am currently not actively trying to get a working environment. I am
exploring the current state of affairs. I am also not comletely passive, as
you may have noticed.
I am not trying to get all my issues addressed, I was repeatedly told that
my expectations are way too high.
E. g.: How hard can it be to combine genealogy data with your contacts and
show a reminder when certain people (family members, ...) have an
anniversary or birthday coming up? In the area I grew up it is sometimes
customary to arrange a service in church for deceased family members – it
would be nice to have things like those pop up automatically in a calendar.


 to verify
incoming files and messages with GnuPG on Windows … and
I want the solution to be able to handle PGP/MIME
messages read through Gmane using elliptic curve based
keys.


Let's break this requirement down.

1. Works on Windows.

   In case it makes a difference to the range of available solutions,
   32-bit or 64-bit? XP? Vista? 7? 8?...


Windows 7 64-bit and Windows 8.1 64-bit



2. able to handle PGP/MIME messages

   Perhaps a mail client that integrates with GnuPG (either directly or
   using a plugin.


I uninstalled Thunderbird and Enigmail since it was slooow and does not seem
to be able to handle Mime in news articles. It also created ambiguous
notifications for your signatures.


   Or you could copy the message source to the clipboard or a text
   file and decrypt/verify it there, but there are some message
   encodings that seem to frustrate this approach.


I can verify clearsigned message. It is not anywhere near what I would
describe as user friendly, but it can be done.
I completely failed to manually verify PGP/MIME messages, on the command 
line, so far.

I have Symantec Encryption Desktop 10.3.2 in Limited Use/Unlicensed Mode
installed, that offers the PGP Viewer tool that is a complexity level above
using GPA (drag 'n drop for verification works fine, as long as you already
have the senders key in your keyring and you trust it, but the result
behaves like a picture).
GPA, in comparison, does not support drag 'n drop, so one has to fiddle
around with the file open dialogue, and for the same file that verifies fine
in Encryption Desktop GPA tells me the signature is “Bad”.



3. Reading through Gmain.

   Web interface? News reader? In a mail client? RSS feed?


nntps://news.gmane.org (currently with an expired self-signed certificate)
Windows Live Mail 2012 (pretty crappy, but still one of the better tools I
know)



4. using elliptic curve based keys

   Needs to use GnuPG 2.1.x.


That's why I am testing GnuPG 2.1.1-beta35 right now.
PowerArchiver Enryption Suite supports ECC, via Eldos's SecureBlackbox
library as far as i know, but the UI still needs work.

Just a side note: I heard somewhere that the Austrian health insurance cards
(ecard) utilises ECC somehow . I'll have to check this at some point.

Regards,
Hugo 




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Beta for 2.1.1 available

[Hugo Hinterberger]

Hi Johan,


The default encoding of my messages should be UTF-8, the message
format is set to MIME with no special text encoding (neither quoted
printable nor base64), and I allow 8-bit characters in headers.


I think we have the culprit. If you do things like that, your "text"
will probably be seen as binary data and treated as such.


On the one hand: I do not think so.
The text was completely in the US-ASCII range and showed up correctly in the 
“Clipboard” in GPA. The issue should not have been related to my settings 
for my messaging software (I do not see how).


On the other hand: I can't reproduce this issue any more, as stated in [1].

Regards,
Hugo


[1] http://lists.gnupg.org/pipermail/gnupg-users/2014-December/051885.html



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3, keysigning party

[Peter Lebbing]

On 11/12/14 14:46, Tobias Mueller wrote:
> FWIW: A tool with a similar goal is GNOME Keysign:

Thanks for the pointer!

> Contrasting caff or monkeysign, it does not rely on keyservers.

Neither does caff, if the organiser of the keyparty simply collects all keys
(sent by the participants) and sends the resulting keyring to all participants.
Been there, done that, bought the GnuPG t-shirt. I haven't checked if you can
pass a keyring to monkeysign.

So I'm a bit surprised by that claim in the README of GNOME Keysign.

They also keep talking of an authenticated copy of a key. The authentication
usually consists of you checking the fingerprint (or the program checking the
fingerprint in a securely retrieved barcode). Surely that is enough? Am I
missing something somewhere?

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3, keysigning party

[Peter Lebbing]

On 11/12/14 13:22, Peter Lebbing wrote:
> Oh, and there's this 2D
> barcode keysigning thing as well, should look it up. It was demonstrated to me
> at the keysigning at OHM2013.

Probably monkeyscan from monkeysign... the latter has been mentioned numerous
times on this list, btw.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 31C3, keysigning party

[Peter Lebbing]

On 11/12/14 11:39, Werner Koch wrote:
> Hi!

Hi!

> I will be at the 31C3 at Hamburg from the 28th (late afternoon) to the
> 30th.  You may find me at the FSFE Assembly or ask there for my local
> communication parameters.

I intend to organise a keysigning party if no one else does. I did one at 29C3
as well. I did a pure Sassaman-Efficient process then. Now I'm considering a
mixed-mode party, basing on Sassaman-Efficient, but falling back to slips of
paper as produced by e.g. gpg-key2ps for people who brought those from home and
don't have access to a printer while at the congress. Oh, and there's this 2D
barcode keysigning thing as well, should look it up. It was demonstrated to me
at the keysigning at OHM2013.

I printed my own Sassaman-Efficient list at the hotel I was staying at[1].

Do any people have experience with paperless keysigning parties, using laptops,
tablets, mobile phones, that sort of stuff?

BTW, I will attend the whole congress (27 to 30), but I might sleep in some 
days.

Cheers,

Peter.

[1] I figured the odds that the hotel would modify my list rather low,
especially since we were the only participants staying at that hotel, so they
had probably never even heard of OpenPGP :).

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

31C3

[Werner Koch]

Hi!

I will be at the 31C3 at Hamburg from the 28th (late afternoon) to the
30th.  You may find me at the FSFE Assembly or ask there for my local
communication parameters.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg wants IDEA

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/11/2014 07:13 AM, James Moe wrote:
> Hello, I have an older gnuPG (v1.4.6) that is apparently
> mis-configured. When signing a message, it fails with a note about
> what a bad idea IDEA is, and quits. gpg is called from an email
> program to perform security services. There is no command option to
> indicate a preferred cipher.

You shouldn't use such an old version of anything.

> gpg: protection algorithm 1 (IDEA) is not supported [GNUPG:]
> RSA_OR_IDEA gpg: the IDEA cipher plugin is not present

Then install it as a module or upgrade to at last 1.4.13 (where IDEA
was added in core)

> gpg: please see http://www.gnupg.org/faq/why-not-idea.html [^] for 
> more information gpg: skipped "per...@example.com": unknown cipher
> algorithm gpg:
> W:\APPS\PMMAIL\TESTACCTS\test1_00.act\outbox.fld\nge4mh01.bod:

What does showpref on this key tell you about key preferences on that
key and your own? If you include your own key as an encrypt-to and do
not list IDEA in preferences for that it should find another common
denominator (likely 3DES)

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"A ship is safe in harbour, but that's not what ships are for"
(Will Shedd)
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJUiVZsAAoJEPw7F94F4Tag1UgQAI8yHsnpn2UwUFR9cIJ/J5ng
Shg0W4hwtgid79clhmbNtSL7LTxHA8jK9ns5B/3wvusH6iaXuGTtTbpwWKRjejvR
0X5mHvx7vR651MtqwcjV6PzZU4QvWbk8fcWr7KuoFl2KWSk9Q2POpYul+RwwA74g
QDOTUAFt0HhfZ3HW3G+wZX/QNYHblIUJohCNJFwHZ2hLXzZOaPuXBogYShMw1y5q
6zP4QDLx5B3XJz7zwotq+UD1fGxhabXCyDXupd428QWQytgObKTJHi+G2O2ACJDA
vc0OYMcsQPmxGIyiP4V3h/X1ACltBAt0MPgVMcUSlKut6NKA80ue2HH2zEiy5187
m8DgjXNqouINZW2pU/QhXkvCqgVIUoLaZOU5K32i5w53NjOECt2LZIeSctK2pUJd
NpXMsfDpiiuD4qOsWE7Q5kFPMpGQ73vbm98bzkWiS2jjf5WFzY5WNA/AiuMdXtX3
4rZru2z9fTeakpqwAIYwRXntxiaIut4dJClzYUzuF2gsppMM6sm7I3fpS9/wN0Pk
f/7+t/HF13ftgJt6nCh8h7RNhQ6vzIXhcFVR/bken676QKdG1fwbM5QBzSRSp4I0
2N1KqBAmvArlizqslnd0fjecrxWNBUjmElCIZ1oc6HGaDXfLekQ9wahPswo77yGl
BEFZ5mcBicb16ESnpIy2
=btS/
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users