Re: keys require a user-id
> I'm just curious as to what this "GNU" way is? I assume you would > just a non identifiable email address and then either leave your > name blank, incomplete, or just plain incorrect. GNU is a project by the Free Software Foundation. They're very focused on what they call "free software", where freedom is about liberty and not price. (Most people call it "open source software" instead, but FSF and GNU are very particular about the language they use.) FSF and GNU are both very concerned about the spread of proprietary formats. For instance, for many years only Microsoft Word could read .doc files. This was a problem for people who wished to only use free software. So the FSF/GNU way was, whenever someone tried to send them a document in a proprietary format, was to tell the sender > "I'd love to be able to work with you on this document, but you're > using a proprietary format I can't read. There's an open format we > can both use, though, and I'd be happy to help you get started with > it." GnuPG is part of the GNU project. I think we should use the standard GNU response when people want us to use certificate formats that don't comply with the OpenPGP standard. You can learn more about the FSF at: https://www.fsf.org/about/ You can learn more about GNU at: http://www.gnu.org/gnu/about-gnu.html Hope this helps. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
Thanks to all the people that chimed in on my question. I was trying to get an idea how they compared. It was (for me) even more confusing with the 25519 choices as I didn't know the size of those keys until someone explained them better. On 5/11/2020 6:46 PM, Pete Stephenson via Gnupg-users wrote: > On Mon, May 11, 2020, at 5:15 PM, Mark wrote: >> I'm trying to understand the differences in strength between an RSA key >> and an elliptical one such ed25519 with cv25519. I know with RSA it is >> pretty easy to "gauge" the strength 1024 vs 2048 vs 4096. >> >> I could not really find anything to say how strong these elliptical keys >> are and how they compare to RSA ones. > Good question! Broadly, and with several assumptions, elliptic curves have > the same security level as symmetric (e.g., AES) keys that are half the > elliptic key's length. See https://en.m.wikipedia.org/wiki/Key_size and the > references therein as a starting point. > > For example, a 256 bit elliptic curve key has a similar strength to a > symmetric key of 128 bits. > > Due to various reasons, not all ECC keys are powers of 2 in length. For > example, NIST P-521 is 521 bits long rather than 512 bits, and has equivalent > security to a 256 bit symmetric key. > > Cheers! > -Pete > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best Keyserver
Thanks I will update it and make sure both Kleopatra and Enigmail are using the same one so they are "on the same page" On 5/15/2020 11:55 PM, Michał Górny wrote: > On Fri, 2020-05-15 at 16:52 -0700, Mark wrote: >> I know this may be a subjective question but what is the best keyserver >> to use? I use GPG4Win with the Enigmail plugin for Thunderbird. The >> keyservers listed in Enigmail are: >> >> vks://keys.openpgp.org, hkps://hkps.pool.sks-keyservers.net, >> hkps://pgp.mit.edu >> >> The keyserver that is used in Kelopatra (GPG4Win) is: >> >> hkp://keys.gnupg.net > $ host keys.gnupg.net > keys.gnupg.net is an alias for hkps.pool.sks-keyservers.net. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
I'm just curious as to what this "GNU" way is? I assume you would just a non identifiable email address and then either leave your name blank, incomplete, or just plain incorrect. Is there another way I am missing? Thanks On 5/16/2020 8:56 AM, Robert J. Hansen wrote: >> So, when you like to communicate with a person who uses such a new >> key how do you proceed then? > I tell them, "I will not be able to use OpenPGP with you until such time > as you UID conforms to the standard. Would you like help in making your > user ID standards-conformant in a way that reveals nothing about your > real-world identity?" > > This is, in fact, the preferred GNU way. "I'd love to be able to work > with you on this document, but you're using a proprietary format I can't > read. There's an open format we can both use, though, and I'd be happy > to help you get started with it." > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
Ángel wrote: > On 2020-05-16 at 22:49 +0200, Stefan Claas wrote: > > out of curiosity, you signed the reply with two sub keys, but > > what makes the signature so large, the hash algo used? I must > > admit I have never seen such a large signature before. > > It is quite large, indeed. This Radix 64 block of 12375 bytes contains > two signatures, of 3857 and 5225 bytes respectively. The first one > EdDSA (22) and the second a normal RSA one. > > In both cases, most of the signature space is taken by a hashed > subpacket of type 38. This value is not assigned, but looking at > https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=common/openpgpdefs.h#l123 > it is used to store the whole key used. Interesting, thanks for the explanation! Regards Stefan -- Signal (Desktop) +4915172173279 https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
Hey folks, this thread touches on userid-less keys, and keyservers. I agree with Peter and Rob's points that userid-less keys are questionable for use as-is. OpenPGP transfers information in the self-signatures of user ids. If we use keys without any known UID, we might miss out on e.g. expiration dates, or key flags. There is one more angle to this topic: key updates. keys.openpgp.org uses userid-less keys in some cases, to distribute revocations and subkey updates. More specifically, this happens when no User ID on a key has been verified. The logic is simple: 1. Without consent, we don't distribute email addresses. 2. We want to distribute revocations and subkey updates regardless. 3. Revocations and key updates are cryptographically independent from User IDs. A key store that already has a UserID for some key can integrate revocation certificates and subkey updates from such a userid-less key into its local certificate. Implementation-wise, this is easy to do. GnuPG upstream rejects such updates. Conretely, if you hand a primary key with only a revocation signature to GnuPG, it will parse the revocation, verify that it is cryptographically valid, and then throw it away. For those interested, this issue has been discussed at length here: https://dev.gnupg.org/T4393 Cheers - V ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
> Werner sits as secretary of the (largely dormant) group that guides > OpenPGP development, but there are a lot of non-GnuPG people who are > deeply involved in giving feedback on proposed changes. He's the > secretary, not the dictator. Not everyone agrees. https://mailarchive.ietf.org/arch/msg/openpgp/XxZt89Eh7XUenuVRajbgtcWzWdA/ - V ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
