encrypt linux backup folder using gpg

[Kaushal Shriyan]

Hi,

I am using CentOS 7.5 Linux OS in my setup. I have compressed a folder
using tar utility tar czvf backupfolder.tar.gz backupfolder. Is there a way
to encrypt backupfolder.tar.gz using gpg? Are there any best practices to
use gpg application to encrypt the data. Any help will be highly
appreciated and i look forward to hearing from you.

#tar czvf backupfolder.tar.gz backupfolder


Thanks in Advance.

Best Regards,

Kaushal
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[vedaal via Gnupg-users]

On 11/5/2018 at 3:39 PM, "Viktor"  wrote:

>You can register a Google account with any email address. Simply, 
>instead of creating an account on our service (another password 
>that 
>needs to be saved), you create an account on Google, or use an 
>existing one.

=
Ok,

But suppose I want to use my existing key that I made over 10 years ago,
and it is known and trusted by the people I deal with, but it happens to have 
more than 1 e-mail ID
(not rare to switch an e-mail account in 10 years)

Does this mean that it cannot be used in your system, 
even if you can get the preferred email to register in google, and you have 
passport personal verification,
just because there is another ID attached?

It seems unnecessarily restrictive.


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[NdK]

On 05/11/18 17:56, Viktor wrote:

> If my counterparty had signed some contract or document, he/she should
> not be able to delete his/her public key certificate and data used for
> its verification.
IMVHO You're just (badly) reinventing X509.

> This is exactly the part that is difficult to ensure, especially given
> the new European legislation (GDPR). We needed to develop a
> justification for this. We had registered by U.K. Information
> Commissioner's Office (https://ico.org.uk) , hired certified Data
> Protection Officer etc.
Then, again IMVHO, you should have registered in a country that's
supposed to *remain* in the EU...

> For now we have connected notaries only in Tel Aviv and Kyiv.
CACert does have quite a lot of notaries, but they're still not enough
for an average user: I made a 600km trip just to meet one. It's simply
not good at the economic level: I can buy a smartcard with an already
legally recognized and binding signature for 3y at 50€ (IIRC).
Moreover, if you just verify the mail address you're not identifying the
user, just "someone that currently controls that address". The same can
of worms faced by LetsEncrypt with DV certs.

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Damien Goutte-Gattat via Gnupg-users]

On Mon, Nov 05, 2018 at 09:30:48PM +0200, Viktor wrote:
> Because of Google or because of "only one user ID" ?

Both, even though the requirement of using only one user ID would
be more acceptable if the address did not have to be associated
with a Google account.

Damien


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Wiktor Kwapisiewicz via Gnupg-users]

On 05.11.2018 21:37, Viktor wrote:
>> Sending an encrypted e-mail additionally verifies that the user controls
>> the key in question.
> 
> But you can easily send email with any address in 'from' field.
> It does not mean you really control this email address.

Maybe there is a small misunderstanding here. I meant sending an e-mail
*to* the registering person encrypted using *their* OpenPGP key. This
way it can be read *only* by them even if they are using "insecure
e-mail system" :)

(there is also a minor point that properly deploying DMARC will protect
from spoofing "From" field on major mail providers)

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Viktor]

On 05/11/2018 21:50, Wiktor Kwapisiewicz wrote:

Have you considered an alternative approach to email verification? For
example just sending an e-mail (probably encrypted) with a one-time
verification link?


Yes, we considered this option. But we can not be sure that user uses 
secure email system, and this link can not be read by somebody else.


For now, using Google’s login system seems to be the most reliable and 
secure solution. Our backend works on Google App Engine, and thus we 
don’t have our own login-password system and, accordingly, it is 
impossible to crack it unless you hack Google. Yes, of course Google can 
find out the public certificates associated with Google accounts, but 
any other user in our system can do this.


That way non-Google users wouldn't be excluded. 

> (Actually this approach
> would work for Google and non-Google users alike).

You can register a Google account with any email address. Simply, 
instead of creating an account on our service (another password that 
needs to be saved), you create an account on Google, or use an existing one.


It doesn't seem to me that every internet site should have its own 
separate login-password system, in most cases it is better to use the 
existing secure solution.


> Sending an encrypted e-mail additionally verifies that the user controls
> the key in question.

But you can easily send email with any address in 'from' field.
It does not mean you really control this email address.


Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Wiktor Kwapisiewicz via Gnupg-users]

On 05.11.2018 20:28, Viktor wrote:
> 
> We use the rule, that userID should contain user's fist and last name
> exactly as in passport, and only one email - the same as used for login.
> So we can verify it's really your email.

Have you considered an alternative approach to email verification? For
example just sending an e-mail (probably encrypted) with a one-time
verification link?

That way non-Google users wouldn't be excluded. (Actually this approach
would work for Google and non-Google users alike).

Sending an encrypted e-mail additionally verifies that the user controls
the key in question.

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Viktor]

On 05/11/2018 21:12, Juergen Bruckner wrote:

If I want an "independent" ID verification on my GPG key, I can also use
CAcert. There the signing of GPG keys is offered for a long time.


Signing is easy. The difficult part is 1) to create a system in which 
you can prove that the key really belongs to the user specified in the 
userID 2) to make contracts singed by verified key legally recognizable 
and enforceable.

We are working on 1) and 2)

For 1) I mean the case when users has signed a document or contract, and 
after that this user claims that the signature was not made by his key.
In such case, I think signing keys on 'key signing party' is not 
reliable. There must be a known key verification procedure, and a 
permanent repository of information and documents that were used to 
verify the key.


And we actually not sign keys. From two reasons:
a. If you automatically trust the signing key, compromising the signing 
key breaks the entire system.
b. In many countries, generating or signing cryptographic keys requires 
a license. We create a system that should work the same way and legally 
in all countries. And we do not sign key certificates. We only attach to 
them information about the owner of the key, which the user manually 
checks before adding this certificate to his list of trusted certificates.


Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net




best regards
Juergen

Am 05.11.18 um 18:03 schrieb Damien Goutte-Gattat via Gnupg-users:

Hi,

On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:

I just tried to register with a key who has several user-ID's
(e-mail-adresses) and I always got the error that the user-ID is not the
same as in log-in/registered e-mail.


 From what they say on the home page [1] this is expected: your key is
supposed to have only one user ID whose email component must match
the email address of your Google account...

... which, by the way, is a big "no" for me. :/


Damien


[1] https://cryptonomica.net/#!/


To become member of Cryptonomica:
[...]
Public PGP Key should have one user ID with first name, last
name and user e-mail. E-mail in the key should be the same as in
Google account, that you use to login to Cryptonomica server.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Viktor]

On 05/11/2018 19:03, Damien Goutte-Gattat via Gnupg-users wrote:

 From what they say on the home page [1] this is expected: your key is
supposed to have only one user ID whose email component must match
the email address of your Google account...

... which, by the way, is a big "no" for me. :/


Because of Google or because of "only one user ID" ?

Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Viktor]

On 05/11/2018 18:13, Juergen Bruckner wrote:

I just tried to register with a key who has several user-ID's
(e-mail-adresses) and I always got the error that the user-ID is not the
same as in log-in/registered e-mail.


We use the rule, that userID should contain user's fist and last name 
exactly as in passport, and only one email - the same as used for login.

So we can verify it's really your email.


And yes to see the list of Notaries before registration would be very good.


Actually, we are going make notary verification optional after online 
verification. Online verification works for everyone, but building 
network of notaries takes time.


Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net




regards
Juergen

Am 05.11.18 um 17:01 schrieb Wiktor Kwapisiewicz via Gnupg-users:

On 05.11.2018 15:21, Viktor wrote:

Dear All,

(...)

I would be very interested to hear feedback, criticism and suggestions
on our project. And also to establish contacts with people interested in
cooperation.

Looks interesting.

But the language on the registration dialog [0] seems a little bit
unsettling:


user personal data provided for key verification stored for forever

and can not be deleted or removed by user's request.

Maybe it would also be a good idea to provide a list of locations of
Notaries before registration. I'd like to see if there is one nearby, if
not, there is not much benefit for me to register (at least now).

Kind regards,
Wiktor

[0]: https://cryptonomica.net/#!/registration




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Juergen Bruckner]

Hello all,

there is a lot of hassle about using Gmail, but this is not really the
topic here.

If I want an "independent" ID verification on my GPG key, I can also use
CAcert. There the signing of GPG keys is offered for a long time.

best regards
Juergen

Am 05.11.18 um 18:03 schrieb Damien Goutte-Gattat via Gnupg-users:
> Hi,
> 
> On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
>> I just tried to register with a key who has several user-ID's
>> (e-mail-adresses) and I always got the error that the user-ID is not the
>> same as in log-in/registered e-mail.
> 
> From what they say on the home page [1] this is expected: your key is
> supposed to have only one user ID whose email component must match
> the email address of your Google account...
> 
> ... which, by the way, is a big "no" for me. :/
> 
> 
> Damien
> 
> 
> [1] https://cryptonomica.net/#!/
> 
>> To become member of Cryptonomica:
>> [...]
>> Public PGP Key should have one user ID with first name, last
>> name and user e-mail. E-mail in the key should be the same as in
>> Google account, that you use to login to Cryptonomica server.
>>
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Juergen M. Bruckner
juer...@bruckner.tk



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Damien Goutte-Gattat via Gnupg-users]

Hi,

On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
> I just tried to register with a key who has several user-ID's
> (e-mail-adresses) and I always got the error that the user-ID is not the
> same as in log-in/registered e-mail.

From what they say on the home page [1] this is expected: your key is
supposed to have only one user ID whose email component must match
the email address of your Google account...

... which, by the way, is a big "no" for me. :/


Damien


[1] https://cryptonomica.net/#!/

> To become member of Cryptonomica:
> [...]
> Public PGP Key should have one user ID with first name, last
> name and user e-mail. E-mail in the key should be the same as in
> Google account, that you use to login to Cryptonomica server.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Viktor]

On 05/11/2018 18:01, Wiktor Kwapisiewicz wrote:

user personal data provided for key verification stored for forever
and can not be deleted or removed by user's request.


Yes, that's the point.
If my counterparty had signed some contract or document, he/she should 
not be able to delete his/her public key certificate and data used for 
its verification.

So in case of dispute I can prove that he/she really signed the document.
This is exactly the part that is difficult to ensure, especially given 
the new European legislation (GDPR). We needed to develop a 
justification for this. We had registered by U.K. Information 
Commissioner's Office (https://ico.org.uk) , hired certified Data 
Protection Officer etc.



Maybe it would also be a good idea to provide a list of locations of
Notaries before registration. I'd like to see if there is one nearby, if
not, there is not much benefit for me to register (at least now).


For now we have connected notaries only in Tel Aviv and Kyiv.

The main verification method is online verification, and we have already 
users with verified keys from 34 countries.



Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Juergen Bruckner]

Hello All!

I just tried to register with a key who has several user-ID's
(e-mail-adresses) and I always got the error that the user-ID is not the
same as in log-in/registered e-mail.

And yes to see the list of Notaries before registration would be very good.

regards
Juergen

Am 05.11.18 um 17:01 schrieb Wiktor Kwapisiewicz via Gnupg-users:
> On 05.11.2018 15:21, Viktor wrote:
>> Dear All,
>>
>> (...)
>>
>> I would be very interested to hear feedback, criticism and suggestions
>> on our project. And also to establish contacts with people interested in
>> cooperation.
> Looks interesting.
> 
> But the language on the registration dialog [0] seems a little bit
> unsettling:
> 
>> user personal data provided for key verification stored for forever
> and can not be deleted or removed by user's request.
> 
> Maybe it would also be a good idea to provide a list of locations of
> Notaries before registration. I'd like to see if there is one nearby, if
> not, there is not much benefit for me to register (at least now).
> 
> Kind regards,
> Wiktor
> 
> [0]: https://cryptonomica.net/#!/registration
> 

-- 
Juergen M. Bruckner
juer...@bruckner.tk



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP key verification + legal framework

[Wiktor Kwapisiewicz via Gnupg-users]

On 05.11.2018 15:21, Viktor wrote:
> Dear All,
> 
> (...)
>
> I would be very interested to hear feedback, criticism and suggestions
> on our project. And also to establish contacts with people interested in
> cooperation.
Looks interesting.

But the language on the registration dialog [0] seems a little bit
unsettling:

> user personal data provided for key verification stored for forever
and can not be deleted or removed by user's request.

Maybe it would also be a good idea to provide a list of locations of
Notaries before registration. I'd like to see if there is one nearby, if
not, there is not much benefit for me to register (at least now).

Kind regards,
Wiktor

[0]: https://cryptonomica.net/#!/registration

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP key verification + legal framework

[Viktor]

Dear All,

we create a service for OpenPGP key verification: https://cryptonomica.net

It's open sourced https://github.com/Cryptonomica/cryptonomica and it 
has legal part ( see: 
https://github.com/Cryptonomica/cryptonomica/wiki/Cryptonomica-White-Paper 
) aimed at creating an international system of legally recognized and 
enforceable contracts based on OpenPGP.


I would be very interested to hear feedback, criticism and suggestions 
on our project. And also to establish contacts with people interested in 
cooperation.


Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[admin] Re: OpenSSL vs GPG for encrypting files? Security best practices?

[Werner Koch]

Hi!

Please do not post commercial advertisements to a gnupg mailing list.

There is no problem to _mention_ proprietary software on the GnuPG lists
if that mentioning is related to technical questions.  But sales pitch
or ads are unwanted.

Thanks,

  Werner


ps.
I removed the openssl list from the reply.
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpB37s5l3mpL.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Android

[Juergen Bruckner]

Hi Werner

I know its not the perfect setup, but it is practicable for me, and as i
usually just work with subkeys i feel on a more safe side with this.
Tokens are always a good idea, and if anyone can use them its
recommended to do it that way.

There are good reasons why GPG supports Tokens/Cards by default ;)

best regards
Juergen

Am 05.11.18 um 10:41 schrieb Werner Koch:
> On Sun,  4 Nov 2018 23:20, juer...@bruckner.tk said:
> 
>> I for myself did configure MailDroid that way, that for each
>> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
>> each time.
> 
> That does not help.  A bugged phone will for sure employ a keylogger and
> thus you can also work without a passphrase.  To protect your key you
> need to move the key to a separate hardware device (aka token).  This
> may not help to protect you messages but at least you token must be close
> to the device so that an attacker can make use of your keys.
> 
> 
> Shalom-Salam,
> 
>Werner
> 
> 

-- 
Juergen M. Bruckner
juer...@bruckner.tk



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Android

[Werner Koch]

On Sun,  4 Nov 2018 23:20, juer...@bruckner.tk said:

> I for myself did configure MailDroid that way, that for each
> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
> each time.

That does not help.  A bugged phone will for sure employ a keylogger and
thus you can also work without a passphrase.  To protect your key you
need to move the key to a separate hardware device (aka token).  This
may not help to protect you messages but at least you token must be close
to the device so that an attacker can make use of your keys.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpOT5qtFoqye.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[open...@foocrypt.net]

Hi Nick

Have You tried The FooKey Method ? https://foocrypt.net/the-fookey-method

Also,

I will be sourcing public addendum's as addendum's to my submission into the 
Parliamentary Joint Committee on Intelligence and Security [ 
https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Submissions
 ] regarding the committee’s review of the 'Telecommunication and Other 
Legislation Amendment (Assistance and Access) Bill 2018' after the Melbourne 
Cup. It will be similar to the open request for the Defence Trade Control Act 
review performed by the former Inspector General of Intelligence, Dr Vivian 
Thom.

https://foocrypt.net/independent-review-of-the-defence-trade-controls-act-2012-cth-call-for-information-for-submission-as-a-case-study-from-the-openssl-community


-- 

Regards,

Mark A. Lane   

Cryptopocalypse NOW 01 04 2016

Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @ 
https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11

Cryptopocalypse NOW is the story behind the trials and tribulations encountered 
in creating "FooCrypt, A Tale of Cynical Cyclical Encryption."

"FooCrypt, A Tale of Cynical Cyclical Encryption." is aimed at hardening 
several commonly used Symmetric Open Source Encryption methods so that they are 
hardened to a standard that is commonly termed 'QUANTUM ENCRYPTION'.

"FooCrypt, A Tale of Cynical Cyclical Encryption." is currently under export 
control by the Australian Department of Defence Defence Export Controls Office 
due to the listing of Cryptology as a ‘Dual Use’ Technology as per the 
‘Wassenaar Arrangement’

A permit from Defence Export Control is expected within the next 2 months as 
the Australian Signals Directorate is currently assessing the associated 
application(s) for export approval of "FooCrypt, A Tale of Cynical Cyclical 
Encryption."

Early releases of "Cryptopocalypse NOW" will be available in the period leading 
up to June, 2016.

Limited Edition Collectors versions and Hard Back Editions are available via 
the store on http://www.foocrypt.net/

© Mark A. Lane 1980 - 2016, All Rights Reserved.
© FooCrypt 1980 - 2016, All Rights Reserved.
© FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2016, All Rights 
Reserved.
© Cryptopocalypse 1980 - 2016, All Rights Reserved.



> On 5 Nov 2018, at 10:35, Nicholas Papadonis  
> wrote:
> 
> Comments
> 
> On Sat, Nov 3, 2018 at 5:56 PM Bear Giles  > wrote:
> > I'm considering encrypting a tar archive and optionally a block file system 
> > (via FUSE) using either utility
> 
> Linux has good support for encrypted filesystems. Google LUKS. 
>  
> BTW a tar file starts with the name of the first entry. The 'magic numbers' 
> are at offset 128 or so. However a compressed tar file will start with a 
> known value since gzip, b2zip, and 7zip?, all start with their magic values.
> 
> Does tar placing known data at a certain offset increase the probability that 
> someone can perform an attack easier?  They may already know the data to 
> decrypt at that offset and if the encrypted block overlaps, then the attack 
> is easier.   
> 
> Thanks
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Android

[Wiktor Kwapisiewicz via Gnupg-users]

On 03.11.2018 19:13, Juergen BRUCKNER wrote:
> Hello Masha,
> (...)
> You need to install the additional Flipdog CryptoPlugin[3] on your
> device, where you import and manage the keys.
> You have to create the keys for example on a desktop computer and import
> it to your android device and into the CryptoPlugin.

I just tried Flipdog CryptoPlugin. It couldn't import my key from
keyservers (thrown an exception on import) nor could it import some
other random keys I tried (e.g. 80615870F5BAD690333686D0F2AD85AC1E42B367).

Is it still developed? The last version seems to be from 2015...

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Android

[Wiktor Kwapisiewicz via Gnupg-users]

On 04.11.2018 22:55, Roland wrote:
> Hello list,
> 
> I share the wish for encrypted email on Android, but I am afraid of
> storing a secret key on my android phone. (theft, hacking, loss, etc)
> 
> How do you feel about that?
> 
> Could a pincard be connected via micro USB? And made to work?

Yes, it works with OpenKeychain. I've personally used Yubikey 4 with
USB-A to USB-C adapter, with USB-A to micro USB adapter, Yubikey 4C and
a Fidesmo card but much more types of tokens are supported [0].

There is an added benefit that the same exact token can be used with
GnuPG and OpenKeychain seamlessly.

Kind regards,
Wiktor

[0]: https://github.com/open-keychain/open-keychain/wiki/Security-Tokens

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users