Re: SmartCard decryption issues

2015-11-11 Thread Christopher Beck 
On 11/10/15 02:53, NIIBE Yutaka wrote:
> On 11/09/2015 11:50 PM, Christopher Beck wrote:
>> I have got two sub-keys on the card, one for signing and one for
>> decryption. Both keys are 4096 bit in size. The issues are only on the
>> decrpting process: Signing works well, but when I try to decrypt
>> something (an e-mail or an encrypted file) it just says, there is no
>> secret key. I switched on debugging output and it tells me:
>>
>> "public key decryption failed: General error
>> decryption failed: No secret key"
>>
>> I checked $ gpg -K and $gpg --card-status and so on, and it tells me
>> exactly the same i can see on my other computers: there are two keys
>> available on the smart-card. So I am wondering, what the problem is. The
>> version of gpg is 2.0.14 on scientific linux 6.
> I think that 2.0.14 doesn't work well for RSA-4096 decryption on card.
> It was 2.0.20 (in 2013) which fixed this problem.  (The error message
> was not kind enough, it's not correctly describe the issue.)
>
> The problem was, in short, the size of data.  Smartcard was designed
> to handle "small" data, but RSA-4096 is a way big for old design
> assumptions.  In case of signing, because the signature is not that
> big, it works well.  It doesn't work for decryption, since the data
> size is 4096-bit (= 512-byte).  Traditionally, smartcard was designed
> with the assumption of 256-byte is considered "big", and host software
> for smartcard assumed data size is less than 256-byte.
Hi,

thanks. Then I'll have to upgrade it.

Best Regards

Christopher

-- 
I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, 
my public key ID is 2F9D4F14. The file "singature.asc" this message includes 
contains a cryptographic signature which enables you to verify this E-Mail 
really was written by me.

Christopher Beck, DL1CHB

Gerhart-Hauptmann-Str. 1
91058 Erlangen
Tel.: 09131 / 9245437
Fax.: 09131 / 8148708
Jabber: bec...@jabber.org




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: wiki.gnupg.org theme?

2015-11-11 Thread Bernhard Reiter 
Hi,
I've added a section on the wiki theme to:
http://wiki.gnupg.org/improveThis

Maybe you can help with the currently open tasks:
# Research: Is there a responsive MoinMoin theme 
  that we could base our work on?
# Build a Moinmoin theme prototype customized to gnupg.org look for testing.

Best,
Bernhard


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Java library for OpenPGP

2015-11-11 Thread Bernhard Reiter 
On Monday 02 November 2015 at 21:34:39, Antony Prince wrote:
> On 11/2/2015 2:15 PM, Julian wrote:
> > Are there still other java librarys? Which of the librarys is the best
> > one?
>
> You could take a look at the library written by guardianproject[0] and
> see if it meets your needs. It creates a Java interface to GPGME.
>
> [0]https://github.com/guardianproject/gnupg-for-java

Note that we also collect information about this here:
* http://wiki.gnupg.org/APIs
* http://wiki.gnupg.org/OtherFreeSoftwareOpenPGP


-- 
www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Java library for OpenPGP

2015-11-11 Thread Fernando Cassia 
On Mon, Nov 2, 2015 at 5:34 PM, Antony Prince  wrote:

> You could take a look at the library written by guardianproject[0] and
> see if it meets your needs. It creates a Java interface to GPGME.
>

It's a JNI wrapper, in other words, Java code calling native C libraries
code.
It's not the same as a pure-Java library that is cross platform, like
BouncyCastle

"The Bouncy Castle Crypto package is a Java implementation of cryptographic
algorithms. The package is organised so that it contains a light-weight API
suitable for use in any environment (including the J2ME) "

FC
-- 
During times of Universal Deceit, telling the truth becomes a revolutionary
act
Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto
Revolucionario
- George Orwell
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Java library for OpenPGP

2015-11-11 Thread NIIBE Yutaka 
On 11/11/2015 08:49 PM, Fernando Cassia wrote:
> It's a JNI wrapper, in other words, Java code calling native C libraries
> code.
> It's not the same as a pure-Java library that is cross platform, like
> BouncyCastle
> 
> "The Bouncy Castle Crypto package is a Java implementation of cryptographic
> algorithms. The package is organised so that it contains a light-weight API
> suitable for use in any environment (including the J2ME) "

Yes, it's not the same.  In my own opinion, it's better.  I mean, a
wrapper is (far) better for handling private keys, if our major
purpose is privacy.  If the purpose is learning technology or
education, this would be different.

Crypto computation with private keys by some runtime environment with
garbage collector and/or virtual machine is... considered difficult,
or wrong in some cases, perhaps.

While I'd understand a wrapper is a bit difficult (say, debugging, for
example), I recommend a wrapper in general, so that real computation
is done by some real implementation.  YMMV.  I provide a view point.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users