Re: Accidentally deleted ~/.gnupg/pubring.gpg

2020-07-10 Thread Ángel 
On 2020-07-09 at 10:19 +0200, Werner Koch via Gnupg-users wrote:
> If you know the fingerprint it is of course easy to find the creation
> date; that are at worst a mere 710 million hashes (from 1998 to now).
> it is just that we don't have the tooling.  To make things easier I
> will
> probably store the creation date as meta data along with the bare
> numbers in the forthcoming 2.3.

I have some toll that could do that. It's a matter of bruteforcing 4
bytes. The user probably has some idea of *when* it was created, highly
simplifying it. In fact, assuming this is the same computer on which the
key was created (quite likely, since there is no backup), the filesystem
timestamp of the file holding the secret key shouild be at most a few
seconds off, thus making such search immediate.

i should note however, that if someone loses its public key, and it
wasn't published anywhere he can simply reach it (such as the
keyservers), yet he wants to keep using the same key, that probably
means that *someone* else has that public key, and thus it might be
problematic to create a new key. In which case, the public key could be
retrieved from one of the third parties having it.




signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Traveling without a secret key

2020-07-10 Thread Juergen Bruckner via Gnupg-users 

Hi Stefan


Since you and Andrew are using smard cards or tokens I would like to
ask the following, prior considering purchasing one myself in the near
future.

Well my first choice - as it is a OpenSource product - is always a 
Nitrokey [1], I use both the NK Start as well as the NK Pro.


But also see the following


I use Windows 10 and Android (Samsung A40) and would like to know,
in case the is possible with my smartphone and under Windows 10 to
use a smard card where I can enter a PIN, thus only putting a secret
key without a passphrase on it, for ease of use, because my bank card
also has only a PIN. Is there software for such PIN entering for Win
and Android availalble and if so what Android email client software
would you or Andrew recommend, which allows to use a secret key without
a passphrase from a smard card?


Well, Nitrokeys do also work on Android devices, with a USB-Adapter.

In case you want to use your SmartCard/Token on the Andoid device via 
NFC, the best choice would be a Yubikey 5 NFC [2].


The Windows software to enter the PIN-Code is your PGP Software with 
SmartCard Support. On Android you should use Openkeychain for that.


As Android e-mail-client the most people who use PGP, also use K9-Mail;
my personal preference and my strong recommendation is the app called 
"FairEmail", as this app supports both, PGP (via Openkeychain) and also 
S/MIME.


I hope i have been able to help you a bit.

Best regards
Juergen


[1] https://www.nitrokey.com/de
[2] https://www.yubico.com

--
Juergen M. Bruckner
juergen@bruckner.email



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users