Re: Why would I want S/MIME?
On Mon, Sep 12, 2016 at 01:31:38PM -0500, Anthony Papillion wrote: > I understand what S/MIME is and that it's probably the easiest crypto > solution for most email users. But why would someone comfortable with > GnuPG use it? Does it offer any advantages over traditional PGP keys? If > I understand correctly, it's a certificate that much like a SSL > certificate. If that's the case, doesn't it suffer from the same > weaknesses that SSL certs currently suffer from (like double issuance, etc)? > > Why would I want to use S/MIME? Are you comparing S/MIME to PGP/MIME and PGP/Inline? I assume so, with your question regarding GnuPG. As such, S/MIME provides some advantages over PGP/MIME, IMO: * S/MIME ships the entire public key as part of the email. * S/MIME certificates are usually created and managed by the organization. * There as wide-spread MUA support for S/MIME (EG: Outlook). PGP/MIME and PGP/Inline generally mean getting the public key separately. Because PGP and OpenPGP are decentralized, trust is manual (versus CAs with SSL certificates in S/MIME). There is not widespread support for OpenPGP public keys in MUAs, such as Outlook and most web-based MUAs. OpenPGP keys must be managed independently, and this has shown to be more work than most people are willing to put in. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning
On Tue, Dec 02, 2014 at 01:57:13PM +0530, Robin Mathew Rajan wrote: Where can I get my keys signed? Does here anyone provide keysigning services through video conference? :) Yes. You can get me through Tox. My Tox ID is: 76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696 My key signing policy: https://pthree.org/my-pgp-key-signing-policy/ I'm not as militant about key signing as some others in the community. I'll take precautions, but I'll also make an attempt at getting more in the WoT. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp01mi7Zyja5.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning
On Tue, Dec 02, 2014 at 10:23:13AM -0700, Aaron Toponce wrote: Yes. You can get me through Tox. My Tox ID is: 76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696 Hmm. It seems to have been truncated in the paste. The actual Tox ID is: 30861A76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696 -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpQMVurpvgBb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Tweeting for GnuPG
On Wed, Nov 05, 2014 at 09:21:14PM +0100, Werner Koch wrote: I am looking for one or two people who would like to fill the @gnupg Twitter account with some life. I am not one of those short message people but Twitter seems to be a big deal these days. Thus if someone would be interested to post short stuff there on a regular base we can arrange for it. We have 1400 followers right now. Anyone? If there is still need for this, I don't mind stepping in. Most of my personal tweets belong in the crypto topic. So long as guidelines and expectations are established on what should be tweeted and when, I could probably fill this role. FYI. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpSReFnh7pus.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Update on USG, Software, and the First Amendment
On Mon, Oct 27, 2014 at 03:51:04PM -0400, Robert J. Hansen wrote: I just don't want to ask my friend to put together something on the subject and then discover there's no interest in it -- it seems disrespectful to Professor Johnson. :) I think there will be great interest on the list for it. I am also very interested. Maybe it's time for me to refresh my RSA export-a-crypto-system sig? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp2HsClF_QzW.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On Fri, Aug 22, 2014 at 12:46:38AM +0200, Gabriel Niebler wrote: On the contrary, IMO this sort of thing is fully encompassed by the word surveillance, at least as far as I have always understood it. Otherwise any surveillance camera installed in a public or publicly accessible place would not be one, by definition, since it is only gathering publicly available information. Just to get pedantic, according to Wikipedia [1]: Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people for the purpose of influencing, managing, directing or protecting them. This can include observation from a distance by means of electronic equipment (such as CCTV cameras), or interception of electronically transmitted information (such as Internet traffic or phone calls); and it can include simple, relatively no- or low-technology methods such as human intelligence agents and postal interception. The word surveillance comes from a French phrase for watching over (sur means from above and veiller means to watch), and is in contrast to more recent developments such as sousveillance. 1- https://en.wikipedia.org/wiki/Surveillance From that, I gather that surveillance is to gather information with the intent of influencing, managing, directing, or protecting [people]. HACIENDA is gathering public information, with the intent to plan intrusions into the servers. That seems pretty clear to me that HACIENDA is indeed a surveillance program. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpJuz0Q2iFPh.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. STARTTLS does not encrypt mail. It only provides safe passage over the network. It is also client/server encrypted and decrypted. Thus, an administrator with root at an SMTP server can view the mail once the mail transfer is decrypted. Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as Google, Yahoo, and Microsoft. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgprklDx6SXoi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote: Sure, it does encrypt mail. My SMTP has mail from me to deliver. It contacts an SMTP that it thinks can get the mail closer to its addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they handshake, and the rest of the session, including MAIL FROM, RCPT TO, and my mailgram following the DATA, is encrypted over the wire. The connection is encrypted, not the mail itelf. SSL/TLS behave like a tunnel. The end result is the same, but the details are different. Much like on OpenSSH tunnel, where SSH does not know anything of the data moving through the tunnel, STARTTLS knows nothing about the data going through its tunnel. You mean those webmail thingies that I never use? There's so much we don't know about their security practices that I wasn't even thinking about such services. My remark was focused on the scenario above: there is a local MUA, a local MTA and a remote MTA. No, I mean the POP3S/IMAPS/SMTPS/MAPIS protocols your MUA, and other SMTP MTAs connects to. Not HTTPS. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp2Xw45OQOkz.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
ICMP (was: Re: keys.gnupg.net - Refresh all public keys never completes in) Enigmail, some servers down?
On Thu, Aug 14, 2014 at 05:13:08PM +0100, OmegaPhil wrote: Fair point, although that would be a network misconfiguration as ping/ICMP is required for network troubleshooting, packet fragmentation stuff etc (for reference I'm testing from a dedicated line that I control). Blocking ICMP is not a network misconfiguration at all. ICMP echo requests are intentionally blocked to prevent a number of ICMP-related attacks: * ICMP floods * ICMP nukes * ICMP smurfs * ICMP ping of death Also, most Cisco routers do not put priority on ICMP packets. It's very common for Cisco to drop ICMP while processing other protocols on very busy networks. The best way to troubleshoot a problem to a network server, is to use the protocol you're having issues with, check BGP routes, ARP entries, DNS, etc. While ping(1) is certainly a great tool to have, it should be only one of the many tools in your network troubleshooting toolbox. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpOJr8Ww4Woi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
public key E6602099 is 131772146 seconds newer than the signature
As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should supress messages such as the one in the subject. However, that doesn't seem to be the case: http://ae7.st/p/2u6. It appears that only when redirecting STDERR to /dev/null is it supressed. Is this expected behavior, or am I missing something? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpoJVaHoMQGA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: public key E6602099 is 131772146 seconds newer than the signature
On Wed, Jun 18, 2014 at 07:28:32AM -0600, Aaron Toponce wrote: As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should supress messages such as the one in the subject. Er, '--ignore-time-conflict'. Singular, not plural. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpmjklog_p4X.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --with-fingerprint $FILE is not listing the keyfingerprint in some cases
On Wed, May 14, 2014 at 11:32:07AM +1000, Fraser Tweedale wrote: This behaviour also occurs for me in 2.0.22. Instead of exporting the key, you could use --list-keys, which works for me: Yeah, I'm not interesting in running it from the keyring, as I am assuming that the key is not imported, but only the file is available. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp0mJ31Mhuai.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --with-fingerprint $FILE is not listing the keyfingerprint in some cases
On Tue, May 13, 2014 at 11:30:21PM -0400, David Shaw wrote: Looks like a bug. Note that on each of the keys that didn't work there is a direct signature on the key. This is not very common, and is usually used for a designated revoker (i.e. I permit so-and-so to revoke my key for me). I suspect there is a bug printing the fingerprints on a key from a key file (rather than from a keyring) for keys with a direct signature. Ah. Interesting. Should I file a proper bug against GnuPG then? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp7jybYnMPZM.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --with-fingerprint $FILE is not listing the keyfingerprint in some cases
On Wed, May 14, 2014 at 06:26:31PM +0200, Werner Koch wrote: Ah. Interesting. Should I file a proper bug against GnuPG then? Please do that. Done. https://bugs.g10code.com/gnupg/issue1640 Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpQCElNaRK6x.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --with-fingerprint $FILE is not listing the keyfingerprint in some cases
I don't know if this is a bug, or if I am doing something wrong, so I might as well ask here. I ran the following command from my terminal, and cannot retrieve the fingerprint from the file: $ gpg --output 0xBB065B251FF4945B.gpg --export 0xBB065B251FF4945B $ gpg --with-colons --with-fingerprint 0xBB065B251FF4945B.gpg pub:-:2048:1:BB065B251FF4945B:2008-07-27:::f: uid:Daniel T. Hagan dan...@kickidle.com: sub:-:2048:1:6BA86443C0C6CDA2:2008-07-27 sub:-:2048:1:16C018D9B89B420A:2008-07-27 There should exist an ^fpr line in the output. Compare to: $ gpg --output 0x4713D527ECE16009.gpg --export 0x4713D527ECE16009 $ gpg --with-colons --with-fingerprint 0x4713D527ECE16009.gpg pub:-:1024:17:4713D527ECE16009:2005-06-06:::f:George Hacker (GLS) ghac...@redhat.com: fpr:8BFD3F436366D9820E9EAB2F4713D527ECE16009: uid:George Hacker geor...@axian.com: uid:George Hacker ghac...@axian.com: uat:1 2493: sub:-:1024:16:0D94CF6C0C8C2F1B:2005-06-06 Of the 453 keys in my public keyring, this happens on 8 of them (about 2%): 0x072DC7442B89BD45 0x14774C7B9958256C 0x4B2A4897D39DA0E3 0x63E42BD8C58C753A 0x677A7DE8CC9A6F67 0x6FA1B04BB6724E04 0x9710B89BCA57AD7C 0xBB065B251FF4945B Any ideas what is going on? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpjZIa4_wV0B.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ideal.dll // fixing thread breaking
On Fri, Jun 29, 2012 at 01:45:17PM -0400, Robert J. Hansen wrote: IMO, if your client is showing correct PGP/MIME signatures on this list, you should file a defect report about your client. The message has been changed in transit and is no longer in the exact same state as it was when the sender issued it. The change may be trivial, but it's still a change, and IMO it is not the job of the MUA to try and fix the botchery inflicted by GNU Mailman. The correct thing to do, IMO, is to report to the user the true state of affairs: the signature is not correct and the message appears to have been altered in transit. I don't understand this. Mutt verifies the signature correctly, but Mutt is calling GnuPG externally. If the message was signed with a space, and if the space is being replaced by a tab character, then the signature should fail. Because it is not failing, is telling me that it was initially a tab when you signed the mail, and something either mangled it to be a space, or your diff(1) is reading a text that mangled the tab to a space. I don't see how this is the failure of the MUA, but GnuPG says the signature verifies. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpSYeACP6BFj.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ideal.dll
On Mon, Jun 25, 2012 at 08:44:11PM +0200, Werner Koch wrote: On Mon, 25 Jun 2012 20:12, aaron.topo...@gmail.com said: So, if the system can be improved by removing support for PGP2, which includes cleaning up code, squashing bugs, and tightening security, then why is it still around? 20 years later? BTW, removing the v3 support will not make the code magically less complex. Removing mature code may actually introduce more bugs than keeping it. Thus, the reason I began with 'if'. :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpeCt33quAzm.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: idea.dll
On Tue, Jun 26, 2012 at 01:12:12AM -0400, ved...@nym.hush.com wrote: it will be interesting to see if V4 keys will be gracefully abandoned as SHA1 becomes as broken as MD5, or if there will be die-hards holding onto they their V4 keys no matter what ... Please fix your client. I don't know if you can tell, but you are breaking the threads. Your client should support the 'in-reply-to' and 'references' header fields. Please see if this is the case, and make the necessary adjustments to your MTA. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpqIwjiSc54Y.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ideal.dll
On Mon, Jun 25, 2012 at 12:11:57AM +0200, Werner Koch wrote: I am telling for more than a decade that PGP 2 should not be used anymore. The rationale for this was that OpenPGP is a standard and fixes great many problems of PGP 2. GnuPG supports PGP 2 only because this provides a way to migrate away from PGP 2. But: We are now in 2012 - 20 years after PGP 2. So, if the system can be improved by removing support for PGP2, which includes cleaning up code, squashing bugs, and tightening security, then why is it still around? 20 years later? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpXLmXd5KptX.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ideal.dll
On Fri, Jun 22, 2012 at 10:21:35AM -0400, ved...@nym.hush.com wrote: vulnerability in that their fingerprint mechanism is trivially gamable, so long keyid collisions are easy. [snip] Please fix your mail client. It is breaking threads. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp3tZjsBPsph.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG with GPUs
On Sun, Jun 17, 2012 at 07:26:27PM +0200, Hauke Laging wrote: This are the result (with a caches passphrase, of course). It's the same for a zeros file and a urandom file. And this is on a power efficient CPU... (E-450, which I guess doesn't have AES acceleration) probably without parallelization. So there's obviously a serious problem with your setup. A problem slowing the process down two to three orders of magnitude which will hardly be solved by adding a GPU. I'm not trying to troubleshoot a problem. I think this thread is getting a bit off-topic. I'm only curious if work has been done is getting GPU support into GnuPG. Nothing more. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp9UAnUGPNRd.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG with GPUs
On Sat, Jun 16, 2012 at 07:54:46PM +0200, Hauke Laging wrote: Are these files huge? It's hard for me to believe that this takes seconds. What I would easily believe is that the system gets an entropy problem. The delay would not be related to CPU performance then. So maybe a hardware RNG improves your situation. These files are about 200KB in size. We have a Perl script that handles the encryption/decryption for us. It could be the RNG slowing the process down. I won't disagree with that, but each time I need to encrypt the file, it takes about 2s. This is on fairly modern hardware running Debian GNU/Linux unstable. Intel Xeon quad-core with 6 GB DDR3 RAM. Regardless, I would love to research and play with cryptogprahpy on GPUs, so I'm curious what progress GnuPG has made in this area, if any. Things like ECB mode or parallel stream ciphers. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpBcbF6Tb7Bl.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG with GPUs
I'm curious what progress, if any, has been made towards supporting GPUs for encryption, decryption, signatures and verifications. I recently just purchased two Zotac 32-bit PCI cards with 96 CUDA cores (I'm out of PCIe slots) for the sole purpose of GPGPU research and sandboxing. We use GPG at work for internal passwords. There are 3 XML files based on the role that they employee fills at work (techs, domains, admins). With about 50 exmployees' GPG keys, encrypting the 3 files is a bit daunting. It takes a few seconds to complete. Not too terribly inconvenient, and it's fully automated, but enough to be annoying when the XML files get updated a lot. There are other purposes I use GPG for, where the work that needs to be done takes long enough to notice, such as signing 100 keys after a key signing party, or generating a new throw-away symmetric key. Anyway, just curious if offloading the work to the GPU is something that is being considered, or has already been discussed. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpVhFJcWJAJ9.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Wed, May 23, 2012 at 08:07:54PM +0100, da...@gbenet.com wrote: Openpgp/enigmail does not support gpg2 unless one has installed gpg 1.4.11 - but I no longer trust Openpgp/enigmail to do anything. That's unfortunate. While I'm mostly a Mutt user these days, I have Debian Icedove installed with Enigmal and GnuPG v2, and I personally haven't had any problems. Then again, I have both v1 and v2 installed. In fact, I highly recommend Enigmail. It's a fine piece of software. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using this list
On Tue, Mar 27, 2012 at 06:46:42AM +, auto15963...@hushmail.com wrote: I noticed that this list is also available on gmane as gmane.comp.encryption.gpg.user, which allows retrieving the messages in a newsreader in lieu of in email. I prefer the newsreader format. Is there any reason I cannot remain subscribed with this same email address as the user ID but stop having the emails sent to me, while instead start getting the messages with a newsreader and use the newsreader for continuing my correspondence so long as it is done with the same user ID? Does that work? On the other hand, can anyone send a message to the list from gmane while using any arbitrary ID? Thanks. This is standard in Mailman. Login to the web interface with your credentials, and turn off mail delivery. This will allow you to post, without receiving. Then, you can use your favorite RSS/NNTP reader or browser to subscribe to the posts on Gmane. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpDqZK09KaFP.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg and excel sending email.
On Thu, Mar 22, 2012 at 09:24:06AM -0600, Eric wrote: After installing gpg4win-2.1.0 the email button from excel (2003) will not send out mail. It will put the mail in my Outlook inbox instead of sending it. Can't forward the email because it hammers the formatting. Is there a fix or do I need to force my user to send the excel sheet as attachment direct from outlook. Note:After uninstalling gpg4win the excel function works again so it's something with the gnupg Nope. Not GnuPG, Gpg4win is the culprit. According to: http://www.gpg4win.org/about.html, the Gpg4win components are: * GnuPG- the core * Kleopatra- Cert manager for OpenPGP asd x.509 * GPA- Alt. cert manager * GpgOL- A plugin for MS Outlook 2003 and 2007 * GpgEX- A plugin for MS Explorer 32bit * Claws Mail- An MTA * Gpg4win Compendium- Docs So, it would appear to me that the culprit from what you have described is the GpgOL plugin, and NOT GnuPG. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpu1zUb2wlKZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Using root CAs as a trusted 3rd party
I just signed an OpenPGP key with cert level 0x12 (casual checking) given the following scenario: * A PGP key was signed by an SSL certificate that was signed by a root CA * I verified that the signature was indeed from that root CA. * I striped the signature, and imported the PGP key. * I then signed the key, exported, and sent back. What are your thoughts on using root CAs as a trusted 3rd party for trusting that a key is owned by whom it claims? Of course, this is merely for casual checking, but it seems to be good enough. Thoughts? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpmMdilzrAkw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using root CAs as a trusted 3rd party
On Sat, Jan 21, 2012 at 02:47:25PM -0500, Thomas Harning Jr. wrote: That process seems pretty reasonable, assuming the CA is reputable. Even better if you keep track of the SSL cert to keep track of breaches and the like. The idea is only to casually trust that a key belongs to a person. If the key is signed by a root CA certificate, then the person has established a relationship of trust between themselves and the CA. So, if the PGP key is signed by that cert, it seems to follow that the key is indeed owned by the person who claims to own it. It seems akin to the PayPal 3rd party auth, just a different source. Yes. That's all I'm after. I think the militant I _absolutely_ won't sign any keys unless I verify their identification, face-to-face attitude is hindering adoption. There must be a way to build the WOT, while still allowing people to sign keys without meeting. Thus, the reasons for 0x10, 0x11, 0x12 and 0x13 in GnuPG for identifying how carefully you've verified the owner of a key. I'm looking for ways to build the WOT, without hindering adoption, by taking advantage of various means to establish trust of key ownership. This seems to be a method, I just want to make sure I have all my i's jotted and my t's crossed. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp4E4CNpjLIU.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Quieten gpg-agent output?
On Wed, Jan 11, 2012 at 01:56:58PM +0100, Werner Koch wrote: You should use the modern crypto implementaion of mutt. You merely need to add set crypt_use_gpgme to ~/.muttrc. This uses a now also 10 years old mode of mutt which far better integrates crypto than the old command based one. How does this differ from set pgp_use_gpg_agent, if any? --no-tty will suppress all TTY output completely. Perfect. I searched for STDOUT, STDERR and the like in hopes of finding the necessary docs, without reading the full gpg(1) manual. Didn't think of tty. Thanks. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpwo506vjOQ9.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Quieten gpg-agent output?
On Fri, Dec 16, 2011 at 03:07:59PM +0100, Werner Koch wrote: On Thu, 15 Dec 2011 18:47, li...@chrispoole.com said: Is there a better way to get rid of these errors? Yes, use gpg2. Using gpg and gpg-agent is just a kludge. gpg2 requires gpg-agent and thus we don't need those messages there anymore. I'm glad this was posted recently, because I'm just not getting bothered by them. I'm using Mutt for my mail, hooked into gpg2 and the gpg-agent. THe agent is running, and the pinentry comes up asking for my passphrase, however, I still see tho following: % gpg2 -qd file.gpg You need a passphrase to unlock the secret key for user: Aaron Toponce aaron.topo...@gmail.com 1792-bit ELG key, ID E7D41E4B, created 2004-09-18 (main key ID 8086060F) The problem with Mutt, is the fact that when changing folders or accounts, it brefly flashes what is on the terminal behind Mutt, and that message appears a lot, seeing as though I'm storing my IMAP and SMTP passwords in an encrypted file, and having Mutt use gpg2 to decrypt them. How can I completely suppress that message? It doesn't appear to be writing to STDOUT (fd 1) or STDERR (fd 2). I guess I should run strace(1) on it, and see what I get. Thought I'd hit the list anyway, for archiving, in case a solution is found, and someone else is searching. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
On Thu, Dec 29, 2011 at 02:57:01PM +0300, Stayvoid wrote: How to sign my own public key? I've read that this is important. Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm Whenever you make changes to your key, it's automatically signed by you. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: maximum passphrase for symmetric encryption ?
On Wed, Dec 28, 2011 at 12:32:44AM +0100, Jerome Baum wrote: On 2011-12-28 00:27, Aaron Toponce wrote: On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote: I can't tell for gpg specifically but it's not so much about characters. It's about entropy. Natural language is redundant, and diceware uses words from natural language. Yes, but each word in the diceware list contains about 12.9 bits of entropy, due to the random nature of rolling a fair D6. How is this in conflict with what I said? It is not in conflict. I am only extending the discussion. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: maximum passphrase for symmetric encryption ?
There may be some errors in my reply, so if so, please notify me. On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote: On 2011-12-27 23:14, ved...@nym.hush.com wrote: The approximate equivalent in brute force work is 20 diceware words. [ 7776^19 2^256 7776^20 ]. A string of 15 diceware words is often more than 64 characters. I can't tell for gpg specifically but it's not so much about characters. It's about entropy. Natural language is redundant, and diceware uses words from natural language. Yes, but each word in the diceware list contains about 12.9 bits of entropy, due to the random nature of rolling a fair D6. So, for a passphrase that is 20 diceware words, it contains roughly 258-bits of entropy, as he identified. It's easy to calculate entropy in a truly random environment: H = L*log2(N) where 'H' is the entropy value in binary bits, 'L' is the length of the message, 'log2()' is the log base-2 function, and 'N' is the possible number of characters the system can have. The only time when this equation becomes more complicated, is when predictable patterns, such as can be found in human language, are found. So don't measure characters, your upper bound is entropy, so 20 diceware words apparently contain 256 bits of entropy (based on your numbers). That means any more than 20 words isn't going to add for the case of AES-256. And this is the point, right here. A passphrase that has more binary bits of entropy, than the containing system, won't provide you with any additional benefit, or security. So, in the case with a 20 word, diceware passphrase, provided that the RNG building the AES 256-bit environment is truly random data, any additional entropy in the passphrase, won't buy you any additional security in the encrypted data. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Tue, Dec 20, 2011 at 05:26:49PM +0100, Werner Koch wrote: Noteworthy changes already found in beta2: * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt. Eager for this. Will we be seeing ECC support in 1.4.x? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Who is doing S/MIME enveloping in KMail - gnupg2 or KMail?
On Wed, Dec 21, 2011 at 10:48:35AM -0500, Nicholas Sushkin wrote: Hi, I think there is a bug in the way KMail is doing S/Mime envelop for signed but not encrypted messages. I'd like to follow through, but I am not sure if it's gnupg or KMail, which is the proper forum. Does anyone (Werner) know by any chance? Can you explain more? I'm assuming you're using GnuPG 2.0, seeing as though 1.4.* does not support S/MIME. Or are you confusing S/MIME with PGP/MIME? What errors are you seeing? What are you trying to do? Et cetera. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyserver spam
On Fri, Dec 16, 2011 at 03:51:34PM +, gn...@lists.grepular.com wrote: I understand that once you've uploaded something to the keyservers, it can't be removed. Eg, if I sign someone elses key and upload that, it will be attached to their key permanently? What if someone were to generate say, 10,000 keypairs with offensive uid names, and then sign my key with each of them, and then upload that to the keyservers? Is there anything to stop that? Is there anything to stop a spammer generating a key with their URL in the uid name and then signing every key they can find and uploading that to the keyservers? Has anything like this happened before? For spam to be truly effective, there needs to be a reward. Littering the keyservers with bogus keys and signatures, at its current state, wouldn't provide the desired result. Spamming email has shown to be an effective way to make money. Where is the monetary reward here? I guess Anonymous or LULZ Security, or the like, could do it out of sheer entertainment, but it would die quickly, as the effort in maintaining the noise outweighs the benefit of annoying users by several orders of magnitude. I'll pose the scenario differently: How can you trust that the photo identification presented at a human-to-human keysigning party is legitimate? It's not too terribly difficult to forge even government photo identification, and pass it off as legitimate to the average user. I could create a key, call myself Bruce Schneier, forge a photo identification card that proves this is the case, and claim there are two of us in the world- the famous cryptographer, and a lonely sysadmin from North Dakota. After collecting enough signatures, I've created enough noise to cast doubt on which key belongs to the famous security expert, and which doesn't. At least to the casual eye, which we must admit, most of us don't scrutinize our keys at all (when was the last time you did a key refresh, and paid attention to expirations or revocations?). More threatening, than just littering the keyservers with tens of thousands of keys and signatures, are individual attacks, like the one I just mentioned above. Again, there needs to be some good benefit to the cost of doing something like this, other than just for the lulz, or it will die off quickly. And to be honest, the only reasonable benefit I can conceive of, is hoping to create enough confusion, as to intercept valuable data in some sort of transaction from the person or organization you're attacking. Because OpenPGP hasn't reached mass popularity, I think your initial thoughts are trying to solve a problem, that doesn't exist. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On Mon, Oct 17, 2011 at 08:25:04PM +0200, Jerome Baum wrote:
How about an opportunistic approach? This email should include the
following header:
OpenPGP: id=C58C753A;
url=https://jeromebaum.com/pgp
The MUA could recognize a header like this one and remember that there's
a certificate -- so the next email we send will be encrypted. The first
email couldn't be, but is that worse than no encryption at all?
Basically something like Strict-Transport-Security.
What do you think?
Like I said this is based on a quick skimming of the paper. Sorry about
the long message.
For the uninitiated, http://josefsson.org/openpgp-header/ explains the
'OpenPGP' header, and it's syntax. This was something new to me. A bit of
additional research on whether or not this was something Mutt was planning
on adding led me to http://marc.info/?l=mutt-devm=110227240028896w=2.
I've added it with my_hdr OpenPGP id=${pgp_sign_as}\;url= The only
question remaining, for me, is whether or not it should be X-OpenPGP or
OpenPGP as the header field name. I've heard various positions on this,
but nothing definitive.
At any rate, I would love to see more client-to-client encryption in email.
I've always wondered if there could be an OTR approach to mail, somehow,
so people don't need to generate and manage their own sets of keys, as that
seems to be the largest hinderence to widespread adoption. The only thing
the user should do, is compose the mail, hit send, and everything is
handled with very minimal user interaction.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Updating signature cert-level
On Tue, Apr 26, 2011 at 01:12:00PM -0700, Doug Barton wrote: I think you can delsig, then sign again. The keyservers would have both, but hopefully client software (like gpg) would be smart enough to use the more recent? I would imagine that revoking a signature and then signing again would make it worse instead of better? Meanwhile, add ask-cert-level to your gpg.conf. This is what I ended up doing. I deleted the signature, and resigned. Further, I've added 'ask-cert-level' to my gpg.conf, for future signings. And, out of curiosity, I checked the signatures on my own key, and found them all to be cert level '0', which I was a bit bummed about. Oh well. Thanks for the help! -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On Tue, Apr 26, 2011 at 07:47:55PM -0300, Faramir wrote: Indeed. In fact, I keep some passwords on paper, just in case I can't use my password manager (like the password to access the site where I stored the password manager database backup. It doesn't include the passphrase to open the backup, just in case). https://passwordcard.org -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote: Summary: A 3-word password (e.g., quick brown fox) is secure against cracking attempts for 2,537 years. http://www.baekdal.com/tips/password-security-usability I'm just going to drop this here: http://www.troyhunt.com/2011/04/bad-passwords-are-not-fun-and-good.html -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Updating signature cert-level
I signed a key, of which defaulted to cert-level 0 (I will not answer), which must be the default. When signing the key, GunPG didn't ask me about any checking. However, I would like to update the cert-level to 2 (I have done casual checking), but I'm unaware of how to do this. Do I need to revoke my signature, and re-sign, seeing as though GnuPG won't let my sign the key if I've already signed it? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote: Summary: A 3-word password (e.g., quick brown fox) is secure against cracking attempts for 2,537 years. http://www.baekdal.com/tips/password-security-usability Yeah, I've read it. It sucks. If an author claims they know something about password security, but don't define entropy, or at least explain it, then the article is worth a grain of salt. The math is just bad. Very, very bad. If you really want password security, coupled with massive amounts of entropy, and 100% platform independence, then I would suggest https://passwordcard.org. My thoughts on the matter: * Entropy: http://pthree.org/?p=1761. * Password Card: http://pthree.org/?p=1564 -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing a key (meaning)
On Thu, Apr 07, 2011 at 10:31:24AM +0200, takethe...@gmx.de wrote: Definition: Signing a key means saying: I confirm the full name in the key's ID is the keyowner's right name. The email address in the ID is the one the keyowner put there, but I cannot guarantee it's his/hers. Yes you can, and that's the whole point. You need to verify that the key they claim is theirs, is actually indeed their key. The person I do the fingerprint-check with (let's call him Peter Hansen) doesn't put his, but Anna's email address (a...@web.com) in the key's ID, because he managed to get access to it (attack). I don't check the email address, but the Name in the ID and sign the key. The ID is now: Peter Hansen a...@web.com. Let's say Marie somehow get's this signed key. There are again two cases: When verifying that the key belongs to the owner, you should be establishing identity. This means if you don't know the person, you should verify the name, fingerprint in the key, and verify some sort of identification from the owner. So, if Peter Hansen stole Anna's key, it should be obvious that the name in the key doesn't match the name on the presented identification. Further, if Anna setup her key, then her name and email are in the public key. Signing the key doesn't automatically change her name to Peter Hansen, just because Peter has the key, so I'm not exactly sure what you're saying here. Marie wants to send Anna a message. Although she recognizes Anna's email address and my signature, she will not use the key, because there's Peter Hansen written in the ID. No, she won't, which is where I'm confused. Marie will see Anna's name in the key, not Peter's. Further, the encrypted message will go to Anna's email account, not Peter's. And, even if Peter did some how intercept the encrypted message, if he doesn't have Anna's private key, what good is it? Marie wants to send Peter Hansen an encrypted email. Then she will use the key and send it to a...@web.de and Peter will even receive it, since he has access. What? How? By sniffing the packets sent between MTAs? If Peter has access to Anna's mail, then fine. But if he doesn't, his only way to the mail in transit is to sniff packets or break into Marie's account. The point of key signing is to build a decentralized web of trust. For every signature you apply to a public key, you are indeed saying that you have done careful checking to ensure that the key does in fact belong to the owner it claims. The more the signatures on the key, the stronger this statement becomes. Sure, you can't be 110% sure that the owner didn't steal a laptop, create fake credentials, and steal the identity of the key owner, collecting signatures. However, the key owner should have been smart enough, that when he/she generated the key, that they also generated, and printed, the revocation certificate, so should his laptop get stolen, he can revoke the key, publish it to the servers, and start over. And you're a good citizen, because you refresh your public keyring from the keyservers regularly, and would have caught the revocation before signing the key. 100% sure? Probably not. 98% sure? Most likely. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
On Fri, Apr 01, 2011 at 08:15:44AM -0400, Jerry wrote: I think you are misunderstanding what I am inferring. For starters, that is the 5th account that I have heard or known of that was hacked in March alone. I am sure that the total is far higher based on a simple statistical accounting of the number of accounts using GMail. Happy Rob :) Personally, I consider Google's web e-mail application grossly insecure. I further do not trust them for one millisecond to not be scanning documents passing through their server(s). It would not surprise me a bit to find out that one of their employees is actively distributing confidential information on its subscribers. While I do not claim that any of the other large web based operations such as Yahoo or Hotmail are immune to problems; I honestly do not believe that they actively engage nefarious acts to the degree of GMail. Interesting, but his account is from hotmail.co.uk, which is a Microsoft address, not a Google one. At least we all know how you feel about Gmail though. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
On Thu, Mar 31, 2011 at 07:25:20PM -0400, Jerry wrote: On Thu, 31 Mar 2011 15:41:57 -0600 Aaron Toponce aaron.topo...@gmail.com articulated: http://passwordcard.org will fix that. :) Dumping GShit would have been my first choice. Not sure what your problem is. His account got hacked, likely due to a poor password, so I recommended a solution to a better password. In fact, passwordcard.org can be applied to anything that needs passwords, including the passphrase for your GPG key. It's randomly generated using a secure PRNG, and the randomness in the chosen password from the card guarantees enough entropy to secure your account against brute force attacks, provided the length is sufficient. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Tue, Mar 15, 2011 at 10:22:45AM +0100, Werner Koch wrote: Yes. Back in 1997 I implemented PGP 2 compatible code as the first towards GPG. Obviously I needed IDEA and RSA for testing. That is the reason why we have this code at all. Later a lot of people demanded that IDEA and RSA should be added to GPG so that existing files could be decrypted. The claim was that RSA is only patented in the U.S. and the IDEA patent is not valid in some European countries like Luxembourg and Denmark. Three things- 1. The U.S. patent expires for IDEA on January 7, 2012. 2. IDEA has already been succeeded by IDEA NXT, another patented algo. 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open algos. So, if you ask me, I don't see the need to support even the capability of a module with GnuPG. PGP 2 is long since dead, and anyone still using IDEA for whatever reason, should migrate to more robust, secure and open algos. Just my 2¢. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Tue, Mar 15, 2011 at 04:14:25PM +0100, Johan Wevers wrote: I don't know, but I do know that adding IDEA does not complicate or bloat GnuPG. You're probably right. I guess I just don't understand supporting dead, deprecated, proprietary technology, bloat or no bloat. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA Versus DSA and EL GAMAL
On 03/13/2011 09:21 PM, Jonathan Ely wrote: I apologise in advance if this is a stupid question to ask now or if people already asked it before I stepped on the scene, but which algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has undergone a ridiculous amount of scrutiny and is immensely popular. I also know it generates longer keys. http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ Fortunately, GnuPG ships with good PRNG support, so the value for k can be guaranteed to be random enough to hold the security of DSA in place. However, DSA is fragile enough that if for any reason, your PRNG doesn't generate a good k, the private key can be generated. RSA, afaict, doesn't suffer from this. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 03/13/2011 05:42 AM, Jerry wrote: Actually, it is a fine example of users/MUAs not correctly formatting e-mail messages thereby forcing the use of a deprecated method. [citation required] -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 03/13/2011 06:56 AM, Brad Rogers wrote: On Sun, 13 Mar 2011 06:05:12 -0600 Aaron Toponce aaron.topo...@gmail.com wrote: Hello Aaron, On 03/13/2011 05:42 AM, Jerry wrote: Actually, it is a fine example of users/MUAs not correctly formatting e-mail messages thereby forcing the use of a deprecated method. [citation required] See the way Outlook Express treats PGP sigs, and the messages to which they're attached. Are you implying that Outlook Express determines the support life cycle of OpenPGP standards? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 03/13/2011 08:57 AM, Jerry wrote: Outlook Express has been replaced by Windows Mail, an improved e‑mail program with enhancements such as junk e‑mail filtering and protection against phishing messages. Why are we even discussing a product that in not and has not been available for quite some time. I heard, although have not confirmed, that it does not work on Windows 7 anyway which effectively means it is dead. I'm just trying to figure out why people keep saying inline signatures are deprecated, when no documented evidence has come forth showing the fact. Further, I was trying to understand why (if the case at all) Outlook Express would be the one to define what is and is not deprecated out of RFC 4880. I guess it's like the reoccurring Slashdot theme that BSD is dead (deprecated) since the mid-'90s, year-after-year, decade-after-decade. *Shrug*. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 03/11/2011 01:50 PM, Jonathan Ely wrote: Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9 because [1] I can not find an executable for 2.0.17 for Windows, and [2] I do not know how to configure the GPG-agent. Can somebody please assist me with upgrading to 2.0.17 and configuring the agent? For about a week I have been searching everywhere but found nothing. I did install GPG4WIN then uninstalled it because I could not figure out how to use the agent and the GPA utility is not screen reader accessible. Thanks in advance for your help. PS. I am blind and use a screen reader. Everything must be 100% keyboard accessible. I don't know about an official GnuPG agent for Windows, but Enigmail ships with a passphrase caching setting. You can access it via the keyboard with the following shortcuts: ALT+n (currently, the Events and Tasks menu is selected) right arrow (now the OpenPGP menu is selected) p (this brings up the OpenPGP Preferences window) TAB You should now be in the Passphrase settings part of the Basic tab of the OpenPGP Preferences. Your cursor is focused on a number for remembering your passphrase for a certain length of time. The default is 5 minutes of idle time. You can change this to anything you want, up to minutes. 1 more TAB key press will allow you to select a checkbox for Never ask for any passphrase. 3 more TAB key presses past that point will get you to the OK button, to apply the settings. Hope that helps. On a side note, you may wish to re-evaluate your email signature. Confidentiality notices are usually annoying to most recipients, especially on mailing lists, where the email is publicly accessible on the Internet for all to see. If sensitive information must be sent over email, it should be encrypted, with a note in the encrypted mail notifying the user of the its sensitivity. Otherwise, they come across as elitist and overprotective in nature, and there likely aren't many laws or legal recourse you can take, should someone redistribute an email you sent, or post it in a public forum. FYI. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On 02/27/2011 08:27 PM, Robert J. Hansen wrote: FM: [message] RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! RM: But I'm the real Martin! I've been posting here for months! FM: Prove it. You can't! Therefore, I'm the real Martin. RM: But you can't prove it either! If RM has a substantial amount of signatures on his public key, and FM doesn't, nor does he sign his mail, I'll be more likely to believe that RM is the real deal. Isn't that the whole point of the Web of Trust, or am I missing something here? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote: Unfortunately, barring the case where you have an actual trust path to either Martin, key signatures don't tell you much. After all, FM could easily make up dozens of fake people keys and use them to sign his key. Yes. Understood. I should have mentioned that. However, as you mentioned in a previous subthread, it isn't difficult to parse the dates of the signatures, identify where they've been held, and grab other metadata. If a key has falsified signatures, it should be easy enough to find out. At least the recursion of grabbing keys from keyservers will be rather short for false sigs. At any event, I digress. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote: On 2/28/11 10:13 AM, Aaron Toponce wrote: If a key has falsified signatures, it should be easy enough to find out. Why? I have never understood the tendency of people, particularly on this list, to assume that people who are technologically skilled and up to no good will not devote more than thirty seconds to coming up with effective methods of skulduggery. Because all the signatures on the key will be falsified, that can be verified by recursively extracing the signature keys from the keyservers, and examining their signatures. Oh hey, look. The keys are isolate from the rest of the world. Hmm. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 David Tomaschik da...@systemoverlord.com wrote: How about inline confuses users who don't know anything about OpenPGP? Meh. If anything, inline signatures sparked conversation. - -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iQFFBAEBCgAvBQJNaqYYKBxBYXJvbiBUb3BvbmNlIDxhYXJvbi50b3BvbmNlQGdt YWlsLmNvbT4ACgkQznkRt/wECI/ixQf+OdKjfR/eeYJAYZ/lZg2YcImYg9fLZ3ih 9q8QklaOFLHRE3zts7B2KQG2lTZrEOZjO061MMbcooqaLWAkYT5lNCSpNNutqPv7 xmn7JBqSwJF3AYrf25nsLcTT0edytrneO+Wq6/TrzhoVgU20lG51DnznggPqQClX 3KpwM7rEZ5L9PKV4X211TTgifM2Jh+SxXGmoTOcaZFgpkoJVRj8wdgXdkUqQPWbl ny5/YLhhIhYwIYB1M+J3aYnep+jUWqe2ykSjtBv28TCgB4NtBuel8DEt+eUQBd2N znZtOA1Cd8x1Z5lbys2ZWlfzgVbtxBNoW7J6GtfiKAq5PItrj7XWHA== =aVXF -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On 02/27/2011 12:37 PM, Martin Gollowitzer wrote: I sign *all* my e-mail except for messages sent from my mobile (in that case, my signature tells the receiver why the message is not signed and offers the receiver to request a signed proof of authenticity later) or messages to people who can't receive signed messages (I had a case where e-mails arrived empty because of the MS Exchange/Antivirus/whatever combination at the receivers working place). Not me. I only sign those that I'm willing to stand behind (which is the vast majority), but If I want to go off-the-record, I encrypt the mail with the recipients key and not sign it. I may change the from: header and use Tor, depending on the sensitivity and the need to remain anonymous. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Android PGP/MIME test results
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Grant Olson k...@grant-olson.net wrote: Provider: Boost Manufacturer: Motorola Model: I1 Droid version: 1.5 This phone has two mail applications by default, one called 'email' and another called 'gmail'. Both displayed PGP/MIME messages without any trouble. Neither verified sigs of course. I see no easy way to determine the version number of either of these apps. If anyone has tips on how I can get this info, let me know. -- -Grant Look around! Can you construct some sort of rudimentary lathe? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users This mail reads fine on K9, the default mail client shipped with the HTC Evo, and Google's Gmail client. K9 can verify the signature due to the integration with APG. The other two cannot, but they can view the signature.asc text. FYI. Provider: Sprint Phone: HTC Evo 4g Android: 2.2.1 - -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iQFFBAEBCgAvBQJNaukpKBxBYXJvbiBUb3BvbmNlIDxhYXJvbi50b3BvbmNlQGdt YWlsLmNvbT4ACgkQznkRt/wECI+fHQf/b2fpz0N4LKkHtNUPRbQJsGdmgzZ5AppI GYrkmRNTL+6n09XRIffYFKURX+eYOR7HWIc+1dcNOIwPYDq+NhA56iYbdaxolYyz Q8Aw6tCnrp7k356cg/3WZhd96GucUFe9n6GFCXVkBHXuNzjXAYY0abzdiFRah47d lcvrYgZqrC8aRnfcDeZFR7SSABH2CZCHCDTN21fIlGFM7dM+yipRSH3et1PVsYl9 6f3oj5OIKhefSU8SNatzoKOOn/Cn90gfXkNi/4+cexWFyxVaEO63Jt/ShjJZmMnP M8A17DCwZ44/3vskUWlMearEpXst9r40J/n8sI7AvQOvOZKDlwTR5g== =1HpL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/25/2011 08:46 PM, Robert J. Hansen wrote: On 2/25/11 10:27 PM, Aaron Toponce wrote: On 02/25/2011 07:39 PM, Robert J. Hansen wrote: Bruce himself recommends AES over TWOFISH. [citation needed] _Practical Cryptography_. Read it. Other people on this list can provide a page ref: I'm at a funeral in the middle of nowhere and don't have my books handy. I know that he's recommended AES-128 over AES-256, but I've not read where he's recommended AES over TWOFISH. Many times. It's not hard to find these recommendations: Google is your friend. I'm using Google. I'm not seeing it. I'll keep digging. Best I can find is in 2008, he recommends Twofish over Blowfish: http://goo.gl/D3Diq Regardless, you really need to pay attention to the fine print. First, the numbers you cite are for *two*-key 3DES, and OpenPGP specifies *three*-key 3DES be used. 3DES's meet-in-the-middle is at 112 bits of security -- plenty enough for almost any purpose. Second, that meet-in-the-middle on 3DES requires 2**32 known plaintexts, 2**113 operations, 2**90 encryptions and 2**88 memory. This is so unrealistic it deserves to be called fantasy. Miss any of those and you're up to a work factor of 2**168. So, yeah. 3DES's effective security is 168 bits, unless you're up against the space aliens from Zarbnulax, in which case you're SOL no matter what algorithm you use. Heh. I don't believe in aliens. So, good luck with that. I'm not saying 3DES isn't practical, I just said I'm not interested in using it, and I stated why. I'm also not interested in using SHA1 for my signing hash, but for all _practical_ purposes, it fits the bill just fine. Did you know OpenSSH uses SHA1 by default for their hash, and for the MAC it's MD5 or SHA1! Then again, what's the _practicality_ of your OpenSSH connection being broken by the baddies? The fact of the matter is, GnuPG supports these stronger algorithms, so why not use them? If you have the hardware that can do the math in trivial time, I don't see why you shouldn't use 256-bit or 512-bit crypto. I understand just looking at just key length for security is retarded, but GnuPG ships solid, well researched, highly available, strong crypto. 3DES's history is instructive. NIST has declared it dead in 20 years more often than Netcraft has declared BSD to be dying.[*] At this point, I'm unaware of anyone who seriously believes 3DES will be gone in 20 years. Most people seem to be of the belief that in about fifteen years NIST will say, and 3DES is believed strong through 2050. Great! If it has that sort of security, then maybe I'll give it a second thought. I was always under the impression that due to DES being cracked by the EFF in what, 9 months?, that 3DES, just using 3 of the same 56-bit key, wasn't long before we had the hardware to break it in 9 months also. I'll give reconsideration. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/26/2011 02:27 PM, Faramir wrote: Here he says Twofish has speed comparable with AES, without some vulnerabilities (but Serpent is considered even more secure). However, he says if AES fails, you won't be blamed for using it (so is the safest for your career). If you chose Twofish, and it is broken, you will be blamed for choosing it Fortunately for me, this is my personal GnuPG preferences, and not those of my employer. Blowfish is good crypto, and I still haven't found a good reason to not using it. AES is the federal standard. Great. I'm not the feds. :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/26/2011 02:27 PM, Faramir wrote: Here he says Twofish has speed comparable with AES, without some vulnerabilities (but Serpent is considered even more secure). However, he says if AES fails, you won't be blamed for using it (so is the safest for your career). If you chose Twofish, and it is broken, you will be blamed for choosing it Thoughts? http://eprint.iacr.org/2010/023.pdf -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/26/2011 04:37 PM, Faramir wrote: Because its author says you should move to Twofish? Dammit! I meant Twofish, not Blowfish. I knew what I meant, but I didn't type it. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/25/2011 03:22 PM, Ben McGinnes wrote: You shouldn't need to worry about changing the preferred order. GPG will determine the most compatible combination of ciphers and hashes based on the keys used to encrypt messages. For example, my preferred symmetric cipher is AES-256, but on a certain mailing list I'm on encrypted messages sent there use Triple-DES because of the preferences/limitations of other recipients' keys. That's all the settings I listed were, an order of preference and not forcing one particular algorithm to the exclusion of all else. Yeah. I'm not one that tends to break from default much, so if GnuPG has a good sane default set of cipher, signing and compression preferences, then who am I to argue? However, I did generate an RSA subkey, so I could get those SHA2 signing algos, and I want to use them. So, with that said, here's what I came up with for my own personal preference: Cipher: TWOFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, CAMELLIA128, AES, BLOWFISH, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed I chose Twofish as my first 256-bit cipher, as I support Bruce Schneier and it's shown to be a very robust and capable cipher, both in terms of speed and memory usage. I then put Camellia over AES due to the low power consumption. I don't trust 3DES, and I don't know much about CAST5 other than what Wikipedia has. Also, my understanding on how the preferences are chosen by GnuPG is the following: 1. User wishes to encrypt mail to me, so my cipher preferences in my public key are pulled. 2. My first preference, Twofish, is used, only if the sender supports the Twofish algorithm. 3. If not, the next cipher in my preference list, Camellia256, is then chosen, so long as the sender also supports Camellia256. 4. Proceed inductively, until a matching cipher that can be agreed on between the two parties is chosen. 5. Message is encrypted using the agreed algorithm. 6. The same is used for signatures and compression. Is this accurate? Thoughts on the order of my prefs? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On 02/24/2011 11:43 PM, Robert J. Hansen wrote: My problem is reproducible on a stock Droid X running 2.2.something -- just got off a very long flight, funeral in the morning: I'll dig the precise version number tomorrow. So, I've been doing some triaging to see if I can reproduce this on other mail apps, and I'm coming up empty handed. So far, I've tested the official Gmail app from Google, the K9 mail app, the builtin mail app on my HTC Evo and the builtin mail app on the LG Optimus S. In every case, a PGP/MIME mail displays the body of the text as it should. Sometimes, the cryptographic signature is viewable, sometimes not. So, that brings up the question- what mail app are you using on your Droid X? We should definitely get a bug reported and get this worked on, so we don't have to digress back to using inline signatures. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On 02/25/2011 07:39 PM, Robert J. Hansen wrote: Bruce himself recommends AES over TWOFISH. [citation needed] I know that he's recommended AES-128 over AES-256, but I've not read where he's recommended AES over TWOFISH. I don't trust 3DES Why? Bruce himself has said that if speed isn't a concern, nothing else comes close to the trust level of 3DES. Again, [citation needed]. 3DES has an effective security of only 80 bits due to the meet-in-the-middle attack and known- or chosen-plaintext attacks, and NIST is only willing to back the algo through 2030. The cryptanalysis seems pretty strong, and it is a slow algo. To each their own, but I'll pass. FWIW, I don't much care for the Cult of Schneier. He's a good cryppie, a good writer, a top-notch communicator -- but the idea of supporting him is, IMO, a little crazy. Okay, support might have been the wrong word. twofish performance is fast, and his new Skein algorithm, based off threefish, is crazy fast. That said, AES is comparable. twofish is implemented in a crazy amount of crypto software as well. Cryptanalysis is minimal, and the open license of the algorithm is commendable. A modified Borda count is used. Ah. Okay. That works. With respect to your prefs, my standard advice applies: unless you know what you're doing and why, stick with the defaults. Well, I wanted the defaults, but then I couldn't use the SHA2 signing algorithms, now could I? :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Default hash
Given the release of v1.4.10, the SHA256 hashing algorithm is preferred over SHA1. Yet, after updating my default preferences with 'setpref' and signing some text, SHA1 is still used as the default hashing algorithm. Is there something else I need to do to ensure that I'm using SHA256 by default for the hash? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote: On 24/02/11 8:03 PM, Doug Barton wrote: You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. RIPEMD-160 is the largest you can use, and works well for that kind of key. Okay. That's understandable. That was why I generated a 2048-bit RSA subkey, so I could take advantage of the SHA2 algorithms. For some reason, I was thinking that with the update of GPG, my 1024-bit DSA key now had access to them. Well, he can use SHA256 or SHA512, but like mine it will be truncated to 160 bits, as was explained to me on this list a couple of months ago. As I recall, I edited the key with setpref to this: Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Then added this to gpg.conf: enable-dsa2 default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 H11 H3 H2 H1 Z3 Z2 Z1 Z0 personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 personal-compress-preferences Z3 Z2 Z1 Z0 I wanted to avoid breaking from default, which was the main reason for my post, but it appears that it's not possible if I want to use the stronger hashes, which is fine. As long as I know the limitations of my keys, and don't force preferences when sending encrypted/signed mail to others, I'm good. IDEA is only included because of one or two freaks I know who still use it. Oh and some ancient stuff I encrypted around fifteen years ago, but have yet to convert. Yeah, no interest in IDEA here. :) Thanks for your help. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Rebuilding the private key from signatures
I generated my key back in 2004, and I've been a very vocal and active supporter of GnuPG, encrypting communications, and digitally signing mail. However, I was in a discussion with a friend, and the topic came up that it is theoretically possible to rebuild your private key if someone had access to all your signed mail. We debated the size of signatures and mail that would need to be collected for this to be probable. Is it? What is the likelihood that an attacker could rebuild a private key from a collections of signed mail, and would it depend on the hash used in the algorithm? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On Thu, Feb 24, 2011 at 10:32:11AM -0500, Daniel Kahn Gillmor wrote: On 02/24/2011 04:03 AM, Doug Barton wrote: You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. RIPEMD-160 is the largest you can use, and works well for that kind of key. This isn't actually the case. Aaron's primary key (0x8086060F) is indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey (0xFC04088F), which is perfectly capable of using the stronger digests. I just ran 'setpref' without any arguments, and it told me that SHA256 would be the default signing algorithm. So, when attempting at doing the signatures, I found SHA1 was coming out. In the past (and now future), I signed all my mail with SHA512, just because I can. The message that started this thread, however, is signed with SHA1, as I wanted to show what was happening (run 'gpg -v --list-packets' on the sig). I didn't want to break from the defaults that GnuPG provided. Due to my 1024-bit DSA key, it appears that RIPEMD-160, SHA1 and MD5 are my only options for signatures. So, with my 2048-bit RSA subkey, I can use all the sHA2 hashes. I had just thought that with the recent update of GnuPG, the SHA2 hashes were available to my DSA key as well. No worries. I'll stick with the non-default prefs in my ~/.gnupg/gpg.conf. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Default hash
On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote: Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Then added this to gpg.conf: enable-dsa2 default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 H11 H3 H2 H1 Z3 Z2 Z1 Z0 personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 personal-compress-preferences Z3 Z2 Z1 Z0 If I run 'setpref S9 S10 S13 ...' when editing my key, then is adding all this to the gpg.conf file really necessary? I would think that adding all this to the config would be only if you didn't want to change the preferences in your key. Then again, now that I think about it, if you don't set the preferences, then how is a sender supposed to know what you support? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On Thu, Feb 24, 2011 at 08:22:03PM -0500, Robert J. Hansen wrote: On Android's mail application, PGP/MIME attachments are nigh-unusable. It won't render even the plaintext portions: it has to be downloaded and opened with a text reader. If you're concerned about your mail being readable on a mobile device (which is increasingly important nowadays), you might want to consider switching to inline signatures. I don't understand. I use PGP/MIME for all my signatures, and I've not had a problem reading the mail on my Evo, nor reading others mail that uses PGP/MIME. I do see at the top of the interface that there is a View Attachments link, but the mail is still readable for me. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgkey2ssh
First, there is _ZERO_ documentation for this binary. No manual, no info page, nothing under /usr/share/doc/, segfaults pasing -h or --help. Short of digging through the source, this is unacceptable. Second, and probably as a result, I can't get this working for the life of me. Correct me if I'm wrong, but I should be able to add this identity to the running SSH agent through ssh-add, no? Here's the steps I've taken thus far, and still failing (SSH agent is already running): $ echo $SSH_AUTH_SOCK /tmp/keyring-tikvU1/ssh $ gpgkey2ssh 8086060F /tmp/gpg-ssh-key.txt $ gpg --armor --export-secret-keys 8086060F /tmp/gpg-private-ssh.txt $ ssh-add /tmp/gpg-private-ssh.txt Enter passphrase for /tmp/gpg-private-ssh.txt At this point, I would expect the passphrase to be the private passphrase that is protecting my private GPG key, no? Yet, it doesn't take. At least, this is the way you would do it for OpenSSH keys. You would add the private key to your running SSH agent. However, let's go a different direction. Rather than dealing with my GPG private key, let's just add the /tmp/gpg-ssh-key.txt (the public key) to the ~/.ssh/authorized_keys file on the remote server, and see what happens: $ ssh-copy-id -i /tmp/gpg-ssh-key.txt u...@server.tld /usr/bin/ssh-copy-id: ERROR: No identities found Of course it's not found, ssh-add -l doesn't show it listed, because it hasn't been added to the agent. So, I get to copy it manually. So, I do that. Now, instead of using the SSH agent, what if I used the GPG agent instead? So, I add enable-ssh-support to my ~/.gnupg/gpg-agent.conf, and launch the agent: $ gpg-agent --daemon $ ssh u...@server.tld Password: Nope, didn't add the key to the running agent. Now, I don't see a gpg-add, so I'm not entirely sure how to add my GPG identity to the GPG agent, and I'm not entirely sure how the OpenSSH client will know that it needs to find the identity in the GPG agent rather than the SSH agent. So, as you can see, I'm probably a bit confused. Can't blame me really, due to the lack of documentation. The only thing I have to go off of is a blog post: http://goo.gl/wqAg and http://goo.gl/HA8q So, help? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgkey2ssh
On 10/21/2010 09:28 PM, Jameson Rollins wrote: Hi, Aaron. You might be interested in some of the tools that come with the Monkeysphere [0] package, which deals with a lot of OpenPGP for SSH stuff. It comes with the utility openpgp2ssh, which translates OpenPGP keys to SSH keys (and is well documented). From openpgp2ssh(1): [snip] It's available in Debian, Ubuntu, and some other distros [1]. Hmm. I would hope that GnuPG and OpenSSH would provide this functionality natively. I don't know what the status is for Monkeysphere on Red Hat-based systems (Fedora specifically), so I'll have a look at it. But right now, I'm not keen on relying on yet another tool to make this possible. If it's what needs to be done, then it's what needs to be done, but I want to see if I can get it working with already default-preinstalled tools. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
