Re: SmartCard decryption issues
On 11/10/15 02:53, NIIBE Yutaka wrote: > On 11/09/2015 11:50 PM, Christopher Beck wrote: >> I have got two sub-keys on the card, one for signing and one for >> decryption. Both keys are 4096 bit in size. The issues are only on the >> decrpting process: Signing works well, but when I try to decrypt >> something (an e-mail or an encrypted file) it just says, there is no >> secret key. I switched on debugging output and it tells me: >> >> "public key decryption failed: General error >> decryption failed: No secret key" >> >> I checked $ gpg -K and $gpg --card-status and so on, and it tells me >> exactly the same i can see on my other computers: there are two keys >> available on the smart-card. So I am wondering, what the problem is. The >> version of gpg is 2.0.14 on scientific linux 6. > I think that 2.0.14 doesn't work well for RSA-4096 decryption on card. > It was 2.0.20 (in 2013) which fixed this problem. (The error message > was not kind enough, it's not correctly describe the issue.) > > The problem was, in short, the size of data. Smartcard was designed > to handle "small" data, but RSA-4096 is a way big for old design > assumptions. In case of signing, because the signature is not that > big, it works well. It doesn't work for decryption, since the data > size is 4096-bit (= 512-byte). Traditionally, smartcard was designed > with the assumption of 256-byte is considered "big", and host software > for smartcard assumed data size is less than 256-byte. Hi, thanks. Then I'll have to upgrade it. Best Regards Christopher -- I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me. Christopher Beck, DL1CHB Gerhart-Hauptmann-Str. 1 91058 Erlangen Tel.: 09131 / 9245437 Fax.: 09131 / 8148708 Jabber: bec...@jabber.org signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: wiki.gnupg.org theme?
Hi, I've added a section on the wiki theme to: http://wiki.gnupg.org/improveThis Maybe you can help with the currently open tasks: # Research: Is there a responsive MoinMoin theme that we could base our work on? # Build a Moinmoin theme prototype customized to gnupg.org look for testing. Best, Bernhard signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Java library for OpenPGP
On Monday 02 November 2015 at 21:34:39, Antony Prince wrote: > On 11/2/2015 2:15 PM, Julian wrote: > > Are there still other java librarys? Which of the librarys is the best > > one? > > You could take a look at the library written by guardianproject[0] and > see if it meets your needs. It creates a Java interface to GPGME. > > [0]https://github.com/guardianproject/gnupg-for-java Note that we also collect information about this here: * http://wiki.gnupg.org/APIs * http://wiki.gnupg.org/OtherFreeSoftwareOpenPGP -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Java library for OpenPGP
On Mon, Nov 2, 2015 at 5:34 PM, Antony Princewrote: > You could take a look at the library written by guardianproject[0] and > see if it meets your needs. It creates a Java interface to GPGME. > It's a JNI wrapper, in other words, Java code calling native C libraries code. It's not the same as a pure-Java library that is cross platform, like BouncyCastle "The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the J2ME) " FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Java library for OpenPGP
On 11/11/2015 08:49 PM, Fernando Cassia wrote: > It's a JNI wrapper, in other words, Java code calling native C libraries > code. > It's not the same as a pure-Java library that is cross platform, like > BouncyCastle > > "The Bouncy Castle Crypto package is a Java implementation of cryptographic > algorithms. The package is organised so that it contains a light-weight API > suitable for use in any environment (including the J2ME) " Yes, it's not the same. In my own opinion, it's better. I mean, a wrapper is (far) better for handling private keys, if our major purpose is privacy. If the purpose is learning technology or education, this would be different. Crypto computation with private keys by some runtime environment with garbage collector and/or virtual machine is... considered difficult, or wrong in some cases, perhaps. While I'd understand a wrapper is a bit difficult (say, debugging, for example), I recommend a wrapper in general, so that real computation is done by some real implementation. YMMV. I provide a view point. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users