What could make GnuPG + Enigmail "easier"?

2017-04-09 Thread Anthony Papillion 
There's been some discussion both on and off this list about the fact
that people don't use GnuPG (even with Enigmail) because it's 'too
hard'. I have friends that are reasonably intelligent who just can't
figure it out and, for the life of me, I just don't see why.

Don't get me wrong, GnuPG by itself can be confusing. Who wants to
compose in a text file, drop to a terminal, issue some archaic command,
open another text file, then copy and paste the results into a new
document just to able to send an email? That's pretty rough and there's
no reason any user should have to do that in 2017. But they don't! I've
used GnuPG and Enigmail for a few years now and I only drop to a
terminal when I /want/ to do so at this point. Encryption, decryption,
signing, etc, never 'requires' it and, for the most part, the software
'just handles it'. Sure, if I add a smart card to the mix that
complicates things but most people aren't going to do that.

So I guess I'm asking "what's so hard about GnuPG/Enigmail these days
and what's stopping us from making it better"?

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Still trying to troubleshoot --refresh-keys error

2016-12-02 Thread Anthony Papillion 
For the last few weeks, I've talked about how, when I try to refresh the
keys on my ring, I get an error from GnuPG. Today, I noticed a message
that I hadn't noticed before and I strongly suspect this might be the
cause of the problem I'm having.

When I issued the

gpg2 --refresh-keys

command, GnuPG connected to the SKS pool and sent a request for all the
keys on my ring. At the end of the refresh attempt, I saw the following:

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
gpg: keyserver refresh failed: General error

IIRC, Stephen mentioned something about the helper program the last time
I posted. This seems to confirm that.  However, since it's not giving me
much information, I can't really troubleshoot further.

This is GnuPG 2.0.3 (GpG4Win 2.3.3) on Windows 10.  This issue DOES NOT
happen on Linux.

Can anyone offer a bit of insight?

Thanks,
Anthony



-- 
VoIP/SIP: 1259...@localphone.com
Skype:cajuntechie
XMPP/Jabber:  papill...@dukgo.com
PGP Key:  0xCC9D1E072AC97369
Other Info:   http://www.cajuntechie.org/p/my-pgp-key.html




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trying to figure out what's going on with a key update failure...

2016-11-25 Thread Anthony Papillion 
On 11/25/2016 4:02 AM, Stephan Beck wrote:
> Hi Anthony,
> 
> Stephan Beck:
>>
>>
>> Anthony Papillion:
>>> Hello Everyone,
>>>
>>> When I run
>>>
>>> gpg2 --keyserver  --refresh-keys
> 
>>>
>>> Can someone tell me what this error means and how can I fix it?
>>
>> Which gpg2 version are you running? 2.0x or 2.1x? 
> 
> sorry for the delay in getting back to you on-list.
> [Could you please send me the error output you get when decrypting the
> encrypted message I sent you yesterday, telling you that I had problems
> in checking keyserver's connection as well, it's just that I'm eager to
> know and I want to exclude key compromise].

No problem. When I try to decrypt your message, I get the follow from GPG:

gpg: invalid radix64 character 2D skipped
gpg: invalid radix64 character 2D skipped
gpg: invalid radix64 character 2D skipped
gpg: invalid radix64 character 2D skipped

You need a passphrase to unlock the secret key for
user: "Anthony Papillion <anth...@cajuntechie.org>"
4096-bit RSA key, ID 0x002919C90AF4A3BC, created 2016-10-12
 (subkey on main key ID 0xCC9D1E072AC97369)

gpg: no valid OpenPGP data found.

> In order to get the details of the communication of keyserver helper
> programs with the keyserver you should use the --use-temp-files and
> --keep-temp-files --keyserver options.
> 
> For example, I tried (a hundred times, with variations) to refresh your
> key attempting to log keyserver<->helpers communication to check it
> myself before giving advice

After some testing, I found out that the keys were, in some/most cases
actually getting refreshed. I'm going to try with the new options and
see what information I can coax out of GPG.

Anthony

-- 
VoIP/SIP: 1259...@localphone.com
Skype:cajuntechie
XMPP/Jabber:  papill...@dukgo.com
PGP Key:  0xCC9D1E072AC97369
Other Info:   http://www.cajuntechie.org/p/my-pgp-key.html




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trying to figure out what's going on with a key update failure...

2016-11-23 Thread Anthony Papillion 
On 11/23/2016 3:10 PM, Stephan Beck wrote:
> 
> 
> Anthony Papillion:
>> Hello Everyone,
>>
>> When I run
>>
>> gpg2 --keyserver  --refresh-keys
>>
>> I get a list of all of the keys in my keyring with the message that they
>> have not been changed (this is expected). At the bottom of the output, I
>> see the following message:
>>
>> gpg: Total number processed: 31
>> gpg:  unchanged: 31
>> gpg: keyserver communications error: Not found
>> gpg: keyserver communications error: Bad public key
>> gpg: keyserver refresh failed: Bad public key
>>
>> I assumed that I was getting this message because a key lookup failed
>> because it wasn't on a keyserver but someone on another list said this
>> is not the case. When I look at all of the output from the session,
>> nothing indicates any problems with any of the 31 keys in my keyring.
>>
>> Can someone tell me what this error means and how can I fix it?
> 
> Which gpg2 version are you running? 2.0x or 2.1x? If it's the former,
> gpg makes use of the "keyserver helper programs" to connect to
> keyservers, whereas using the latter implies Dirmngr being in charge of
> it. Depending on that, the ways to get the required information needed
> to analyze and (possibly) resolve your problem differ.
> Or do you already have all that information when you say
>> When I look at all of the output from the session

I don't have anything besides what's displayed when I try to refresh the
keys so I probably will need to tease more information out of the
process. I'm running the 2.0 branch (specifically, 2.0.30). Are there
commands I can use to extract the information you mentioned?

Thanks,
Anthony

-- 
VoIP/SIP: 1259...@localphone.com
Skype:cajuntechie
XMPP/Jabber:  papill...@dukgo.com
PGP Key:  0xCC9D1E072AC97369
Other Info:   http://www.cajuntechie.org/p/my-pgp-key.html




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Trying to figure out what's going on with a key update failure...

2016-11-23 Thread Anthony Papillion 
Hello Everyone,

When I run

gpg2 --keyserver  --refresh-keys

I get a list of all of the keys in my keyring with the message that they
have not been changed (this is expected). At the bottom of the output, I
see the following message:

gpg: Total number processed: 31
gpg:  unchanged: 31
gpg: keyserver communications error: Not found
gpg: keyserver communications error: Bad public key
gpg: keyserver refresh failed: Bad public key

I assumed that I was getting this message because a key lookup failed
because it wasn't on a keyserver but someone on another list said this
is not the case. When I look at all of the output from the session,
nothing indicates any problems with any of the 31 keys in my keyring.

Can someone tell me what this error means and how can I fix it?

Thanks,
Anthony

-- 
VoIP/SIP: 1259...@localphone.com
Skype:cajuntechie
XMPP/Jabber:  papill...@dukgo.com
PGP Key:  0xCC9D1E072AC97369
Other Info:   http://www.cajuntechie.org/p/my-pgp-key.html




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [admin] postings from non-subscribers

2016-11-07 Thread Anthony Papillion 


On 11/7/2016 2:47 PM, Ralph Seichter wrote:
> On 07.11.16 19:06, Werner Koch wrote:
> 
>> Our mailing list admins are moderating posts from non-subscribed
>> posters. For many years they are doing this without getting much
>> attention - time for a big KUDOS to them.
> 
> That's quite unusual. Thanks to the list admins for their work. Still,
> I personally (!) don't think there is any need to accommodate non-
> subscribers. The whole notion of "I want information but cannot be
> bothered to subscribe" rubs me the wrong way.

I tend to feel the same way. I've never understood that mentality. I
mean, it literally takes less than a minute to subscribe then less than
another to unsubscribe. You really want information but it's not worth
two-minutes of your time to get it? Must not be really important to you
then.

Still, their willingness to moderate non-subscribers shows how much our
moderators rock. Most mailing list I belong to would never do this. This
sets our mods apart! Great job guys.

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about using GnuPG on Windows 10

2016-11-07 Thread Anthony Papillion 
I know Windows 10 sends a lot of telemetry data back to Microsoft for
analysis. The data sent to Microsoft, in some circumstances, also seems
to be keystroke data to help make certain features of Windows 10 better.
How does GnuPG play into this?

Is there any evidence that GnuPG password entry is not part of the
keystroke data sent to Microsoft? Does GnuPG take any steps to avoid
this? Can it?

Thanks,
Anthony



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why would I want S/MIME?

2016-09-12 Thread Anthony Papillion 
On 9/12/2016 2:10 PM, Robert J. Hansen wrote:
>> I understand what S/MIME is and that it's probably the easiest crypto
>> solution for most email users. But why would someone comfortable with
>> GnuPG use it?
> 
> There's a subtle point here.  The question isn't whether you're comfortable 
> with GnuPG; the question is whether the people you want to send email to are 
> comfortable with GnuPG.
>  
> I use S/MIME literally daily at work.  My co-workers like S/MIME because it's 
> close to an "it just works" solution.  Few of my co-workers have been willing 
> to learn GnuPG.

Your points are solid. I think that I might not have asked the right
question. Let me rephrase:

Assuming everyone is willing and comfortable with using GnuPG, is there
any compelling reason (aside from easy setup and use) to use S/MIME?




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Why would I want S/MIME?

2016-09-12 Thread Anthony Papillion 
I understand what S/MIME is and that it's probably the easiest crypto
solution for most email users. But why would someone comfortable with
GnuPG use it? Does it offer any advantages over traditional PGP keys? If
I understand correctly, it's a certificate that much like a SSL
certificate. If that's the case, doesn't it suffer from the same
weaknesses that SSL certs currently suffer from (like double issuance, etc)?

Why would I want to use S/MIME?

Thanks,
Anthony

-- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Keybase:https://keybase.io/cajuntechie
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP/Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com





signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Confusion about a statement in the FAQ

2016-09-10 Thread Anthony Papillion 
On 9/10/2016 6:04 PM, Claus Assmann wrote:
> On Sat, Sep 10, 2016, Anthony Papillion wrote:
> 
>> I send an email to someone using Gmail, how does Gmail route it if the
>> headers are encrypted? Or would the "to" be one of those things not
> 
> You might want to read the RFCs about e-mail: headers are not
> used for mail routing, the envelope is (just like "snail-mail").

I've been using email for nearly 20 years and TIL something new. I've
never read the RFC before now. Thanks for the pointer. Pretty cool.

Anthony






signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Confusion about a statement in the FAQ

2016-09-10 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 9/10/2016 4:00 PM, Robert J. Hansen wrote:
>> I'm confused by this. What does it mean? What does 'armor the
>> mail headers" mean? Is this the same as 'encrypting' the mail
>> headers or does it mean something else?
> 
> It means there's a way to cryptographically protect most (but not
> all) email headers, which foils many kinds of metadata analysis.
> 
> At present I don't think any email client supports this
> capability. However, it's planned for Enigmail and other clients,
> and it's a good reason to use PGP/MIME instead of inline.

Hmm, OK that's kind of what I thought. But I'm still a little
confused. Doesn't the email server have to support it? For example, if
I send an email to someone using Gmail, how does Gmail route it if the
headers are encrypted? Or would the "to" be one of those things not
encrypted?

Anthony



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX1HjfAAoJEAKK33RTsEsVHi0P/3pvxxom79zB0C3HjRXsuGiD
Lkic5Q6ZTlU8T6OHW82eg30tx6sduss8WSdJqtaLBkY+ob2aIPFW6sP+sekYCjDd
Y6k8dmRZmq7M0obt7MCOy+GN54PtUXl49JIUA9969NuayRD6nLmrBmUOTi/2Alup
Z+IgjkWo7PIoSo1nJW8r9iEaEQIRix7l0Lv+7+mI0mLfoBfuvfeTYeQYVvS4Xy9X
ldwbgf04lu3FQUEPAdu5OHXiNHzNbtq96g+Z9TovUHS3rlpM0vdAnSS0tf+V1l1W
Z+KRDx3tQZD2Dh6DZpaPuyuZQt2pbaHT1DqBWx4FdIhY6EIzMu02xwJLL5MZDAlb
N2FLO8S/98Ruzk4Oo4rxCFHviIwd9SVIr81ZDIeGUNvz3xvAxKs9M4cABPTc0T94
oM5sa6DWnWw8omKuy3aDNFoozL8qICf1GSLKtcmns97SuhGquJxTDTEkHykBuDIt
GWev2+QCha7fQSPInSO71jtH32YANpitEjW6HMrZzcC6QPOMQrNeKxu2BKs77UUm
ai/0hPGtmEW4AO/N3h4lyi6jqSZVtNQvtZjvE0S8VTdSDFCTAcfRlxRJOFbCC7ir
/mkhX+aAmdIQ7rRbAW3u8+C8kp0cstsLJ+pdjVGr++edsaDCktveEvJa2IBxubgM
vI23TVNvR0OZJosgdgmG
=JGbA
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Confusion about a statement in the FAQ

2016-09-10 Thread Anthony Papillion 
Hi Folks,

In the FAQ on the gnupg.org site there is a discussion about whether
it's acceptable to use PGP/MIME. The FAQ says yes and has the following
statement:

"Almost certainly. In the past this was a controversial question, but
recently there's come to be a consensus: use PGP/MIME whenever possible.
The reason for this is that it's possible to armor email headers and
metadata with PGP/MIME, but sending messages inline leaves this data
exposed."

I'm confused by this. What does it mean? What does 'armor the mail
headers" mean? Is this the same as 'encrypting' the mail headers or does
it mean something else?

Can someone explain this statement to me?

Thanks,
Anthony

-- 
OpenPGP Key:4096R/0x028ADF7453B04B15
C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP/Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Keybase integration with GnuPG?

2016-09-09 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Are there any current plans to integrate Keybase.io into GnuPG at some
point in the future? In my mind, doing so might present a bit stronger
validation that TOFU and a lot easier use to newbies than the WoT,
which is pretty much useless if the person is new to PGP.

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP/Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX0va9AAoJEAKK33RTsEsVOAoQAKqXFzs1ABV3pcyLFyk6Ceu4
jT23oL2kaGtu7pJtFLGOQdUooUzwKbBV6q2nLFhd0OEulFeYyR3gdpV2K6RdWLvk
NnfNGzIeUPaXNhV2kGm0ibaZOjL+JuZEFfo5kC+qiXINDoP/OXyetmrVCN8G8OwQ
6bXtK5NAlZv6Z/XYoGUdCkk/S7lpYBw/ycmzvfR/xWQAwUKxRlZdbfSpCT4M5fpq
Nnt38nNsUv5uR9U/AleimiET/lpNVl0Iz6dqgrISnbbJOUw3AzYt6yRWqEzTmOha
GjrQ7j77G/d7q4c+tcfw9BXNkFQWCnbGSsJ/It0zr46TGhsWVf08hh8Fl8+p/3I1
+pe5ZydK3itdgk/u2b9tw6nj1/IrSega7QVDvoDgcVioWKwx8OUbB6YjE/6FeBg3
NxFtI8c74I1qmKThF9mSnBFx6fJOoiz/ydcQlRrFd/6aWkwsh2dViGz+UpmRaDD7
/6HT7UUvszOhn0ewo4kokDb5zWtF6xdrXwnCd2V+pMz2hgk1lXUpd/cG6dX5XZ4g
XSQxStBJVjxo5HhBPM6nBCea5X7HzLTtSpdsXthhVnoVhkhiPYOMddaSk3zc4Reo
zez8CgMB22QwKtIH+42mKCVfl54EJtPWfjFNXusIRfMM+HL4Ke/gzaxTjblMvhyC
1B/LanuL3pT7QNpjy34t
=o7AY
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Is the bug tracker maintained at all anymore?

2016-09-01 Thread Anthony Papillion 
So I just went to the public bug tracker and was greeted by a page full
of Quickbooks spam! Does the project even maintain the bug tracker
anymore? If not, I'd suggest getting rid of it as that looks /really/ bad!

Anthony

-- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Never mind :-)

2016-09-01 Thread Anthony Papillion 
So I just looked and saw that all of the spam in the bug tracker is from
the last hour to hour and a half. Someone probably just hasn't had the
time to clean it up yet. Spoke too soon. My apologies.

Anthony

-- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP.conf streamed?

2016-08-24 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I just realized that OpenPGP.conf is coming up in less than a month.
Unfortunately, I won't be able to attend. Will anyone be streaming it
live? If not, will there be videos posted?

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cajunt...@dukgo.com
VoIP/SIP:   17772471988...@in.callcentric.com



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXvjY0AAoJEAKK33RTsEsVEhMP/AjV7gpCCRgO6AEfDg+vox4B
dnHrdpRVw9SZgpWC033AexNW967h9dC/JrV51Go3ZHXTPs5diR/bBYOMhJUAype/
XFXlvLOxv4hPylVchkHGIjrRiQCtM/K7ux1ECm8mqB8LqFBO6Yl3ERTWeqO8Uu7Y
SNqXwUSI0ptEroMs4XJrNXA3eaR2+5TWLANjblbQT5QwX021vbtRw8DMs44Xcd4R
isAZ1oIDZJIGXMk5/w1qadvXVQ8hZ82TD1QqRzmdpKzyuTSliuBLkqiICW7qjmoN
1JvIPRD5Ru61GOKxkwPDhY7XeFvhSYqC3hkU3aQV8GpjtVR9NpNTFLqFaFuQnlKU
Sth/GUffIIJBD8U0dhH30h7/kPkw6F40tWyS9U2NGcyl5hS9NCHvcuaD3xfRKzOe
A+fjsMXcwnS7dTQNZaAJFvR5PjEsfFiPg3r9h0MtFrAH9A1Xv/IKPNK5mZVJEzNN
BUzgNbXzNTfW0Vozj8QZFCTpeTq6y6ZNVTFrd7QokAAkxwPTMCl4H7DQ7vAsTNKo
Kv8hyNombBFtAOz7H5ayNej8n1GziTzcRsakvsmPkSskIgVnimY5MQ9igrJ3ioNp
DDbh3AylLo9GsN0DgcgGcQdZ1joLp1N7EsmwWi7HiPoMg7/P6fpTPrtguejXR3H5
ivK08QxkWDeWJVzf0s4P
=VHOS
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AW: OpenPGP Smartcard recommendations

2016-08-23 Thread Anthony Papillion 
This looks exactly like what I'm looking for! Thanks for the
recommendation. Definitely going to get one. Many thanks again.

Anthony

On 8/22/2016 10:38 PM, cornelius.koelbel wrote:
> 
> Hi Anthony,
> 
> You may also take a look at the Nitrokey. Kind regards Cornelius
> 
> 
> Cornelius Kölbel +49 151 2960 1417
> 
> NetKnights GmbH Http://NetKnights. It +49 561 3166 797
> 
> 
>  Ursprüngliche Nachricht  Von: Anthony Papillion
> <anth...@cajuntechie.org> Datum: 22.08.16 23:22 (GMT+01:00) An:
> gnupg-users@gnupg.org Betreff: OpenPGP Smartcard recommendations
> 
> Hello Everyone,
> 
> I'm wanting to solidify my key security and I'm just not
> comfortable with having my OpenPGP key on my computer all the time.
> So I'd like to move to a smartcard solution.
> 
> I've gone to the kernelconcepts.de page and tried to contact them
> but it looks like the domain simply isn't accepting mail and the
> site might just be a zombie. So I decided to come here and ask as
> well.
> 
> Can anyone recommend a solid OpenPGP smartcard solution that meets
> the following criteria:
> 
> 1) Supports up to 4096 bit RSA keys 2) Generates keys completely on
> the card 3) Can sign, encrypt, decrypt 4) Preferably has some
> tamper resistence 5) Can import an existing RSA key
> 
> Also, since I'm pretty new to smartcard solutions, I'm also in the 
> market for a reader. If you have any suggestions for one of those,
> I'd appreciate it too. If it makes a difference, I'm in the USA.
> 
> Thanks, Anthony
> 
> 
> ___ Gnupg-users mailing
> list Gnupg-users@gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP Smartcard recommendations

2016-08-23 Thread Anthony Papillion 
Thanks for the reply. I have an older Yubikey Classic and still use it
to this day for a lot of things. It's awesome. I'll definitely take a
look at the newer keys you mentioned and see if they are something I
could use. Thanks for the recommendation.

I might also join the FSFE. Does it matter that I am not in Europe (I'm
in the USA)?

Thanks,
Anthony

On 8/22/2016 7:54 PM, Karol Babioch wrote:
> Hi,
> 
> Am 22.08.2016 um 23:22 schrieb Anthony Papillion:
>> I've gone to the kernelconcepts.de page and tried to contact them but
>> it looks like the domain simply isn't accepting mail and the site
>> might just be a zombie.
> 
> I'm pretty sure you've done something wrong here. I just placed and
> received an order last week.
> 
>> Can anyone recommend a solid OpenPGP smartcard solution that meets the
>> following criteria:
> 
> Besides the smartcards from kernelconcepts, you can also become an FSFE
> member to get such a card [1].
> 
> Personally I absolutely love the YubiKey (4 Nano) [2]. It meets all of
> your criteria and can do a lot more (U2F, PIV, token, HOTP, TOTP, etc.).
> It is also a lot smaller than a real smartcard and can be left in the
> USB port all of the time. The Gemalto USB token (and/or real smartcards)
> are rather unhandy - at least for me.
> 
> Best regards,
> Karol Babioch
> 
> P.S.: I should also mention that there is some debate about the open
> source nature of the YubiKey 4, since its firmware is not open to review
> any longer. Should this be a criterion for you, you have to go with
> another solution. You'll find details on the story at [3].
> 
> [1]: https://fsfe.org/fellowship/card.html
> [2]: https://www.yubico.com/products/yubikey-hardware/yubikey4/
> [3]: https://www.yubico.com/2016/05/secure-hardware-vs-open-source/
> 
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP Smartcard recommendations

2016-08-22 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Everyone,

I'm wanting to solidify my key security and I'm just not comfortable
with having my OpenPGP key on my computer all the time. So I'd like to
move to a smartcard solution.

I've gone to the kernelconcepts.de page and tried to contact them but
it looks like the domain simply isn't accepting mail and the site
might just be a zombie. So I decided to come here and ask as well.

Can anyone recommend a solid OpenPGP smartcard solution that meets the
following criteria:

1) Supports up to 4096 bit RSA keys
2) Generates keys completely on the card
3) Can sign, encrypt, decrypt
4) Preferably has some tamper resistence
5) Can import an existing RSA key

Also, since I'm pretty new to smartcard solutions, I'm also in the
market for a reader. If you have any suggestions for one of those, I'd
appreciate it too. If it makes a difference, I'm in the USA.

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cajunt...@dukgo.com
VoIP/SIP:   17772471988...@in.callcentric.com



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXu20kAAoJEAKK33RTsEsV5FcP/1+O1wvaEe7kRk1g2Am1J4X1
stQj8cf+wfWNuSO1Q1lOhEPbnAQGr1Kyq/BjLzO9nI9ViiIudlw1CTT6GnVBpkma
+vXGNe0+SB99YszS/JQ0eMd1jk1IDGi1CdE52SYbtbooqSDDt3WgveiQZnGKz5Qm
2U/AZHP5rtyiEI1pOkc+i1Pwc0CZ99X9+PsPGffM+ijIgcZwm+UCitKlOfK3oERt
dorXuvTkutRy8iSa4tBjGCBcDWdyNgbLQ6u8pV28KndLxXRr+D6JWw7euWpDLgp5
JK+5fQGoPnyRRy0sMkrBZ14WempgtRu7Ta6SjluxrTCg+/JfQ3tVIRB/CYe1cImr
FfkjBBX6KCbokupFw1q10Dcf4y34vM8gRkxwRQAMNGW+9nq4KHAUhUhEFbPyfZFF
kF7MSq1o1nZ1u1CA46+VP6pdVh7aCZJqjAwigfWeDRdFrk7mT0u53v/orvR8uXVj
S/BrpYETkcQoyiWI4ToUD6AtfM6U9vl4nmodqYol0LZ36uXxkJBQnuoXc0eWLM61
83mCt8iHW3e7OydiWbH1Y+l9ZzjhEnVQyRhN4UjBtI+iDhjCfPfXRpwSf/bBwISy
BF1/dD1Pu/sJQv1se9J+wet3bl3xyrpYv2Mdlj/xM7uczD14C7w+miCUmncvniEd
xdH8nuXs2/uSZEaXu2W8
=4KIj
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Documentation on --with-colons output?

2016-05-11 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I'm writing a tool that needs to parse output from GnuPG. I'll be
using the --with-colons option to make output easier to parse. Is
there any doc on what the different fields are in the output?
Specifically, for things like --list-public-keys?

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cyp...@chat.cpunk.us

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXM8nBAAoJEAKK33RTsEsV2AoQAKdiXW0OZTH5PnP232VfmR7e
Gr+uQfs3PFGmwmn33LfUDotZhnqnfxeE+nLyda+rlQtsT3gjr9Zwe8DTdFpwvhE5
+YPiLzQmRm8HsRA+SF+/sbAQX5KLUlFbOGH/NK+917DaKzMTMmkNVYnqKZ1s6Uh5
WezSBiXWauavWGgbC8kbfy75YqRwKFp9RaqnxnyRFzG4SQsNH0rcTMPKNjqNivp4
S/O6EHFoYT8xdOHxrIeDj/94Vc/D00hrm0lnKbWyzkPHb37ktFoDdGEKCBemCo/t
4BWyue26FdoZ2dtWGVm1JaXAkwiIATy3Gst8Km3QDYiRcrRsGrfgAypQMWbJ6Qs6
3re5OxT2PhVy5HnXwhGQHcULvmv6E4lKmKmqNXwdIkTgl+pY7hWpR1/qRCsCroLf
y1ljIE+eiQsba2sdoP4EzHT4viXCf4SgGvS2AFNpTHLHGlwOuWtg++eqXrBlhuoF
m6pqtxsg78YyomPIpMmWCPMgkoUnfxQJDsMWyAik+X919ldezvaoxz0F3FTYk8vx
F6N34iDqdleQk+/ckhkfnIT3fTPNaht0jqtD1sLUBSNX98Kv8eRhvlk9p6zcyvyB
V4r6rchikxTRJJcWc0IQdlyfy7cUT/YY8xElarAOVx9GhmK9WrcHSAo2RQbsaG6K
M8l4itWcBrBTIX8pfYKp
=NtJN
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove photos from OpenPGP key in the keyservers

2016-03-09 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On 03/08/2016 10:47 AM, Robert J. Hansen wrote:
>> I'm pretty sure that, if you just send your modified key to the 
>> keyserver again, it will replace the one that's there.
> 
> This is not correct.

Apparently not. Thanks for the correction. I made an incorrect
assumption due to not thinking things through properly.


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJW4HA2AAoJEAKK33RTsEsV130P/2g8GV/Eh3Qn0tEEEnOrf0u4
PaNwhUmN5XM1mmatTBgLL6dWHGpsrl7DO9bOEedRkZDifFbKqjYTKiNLdOQBBEO2
8Qf4pQacgpjclcJYdmMThztSMZWyn06/V6Q406hXbdFaOD/AiNLoVfuOXXdZ3XS/
1J53XF8RCERfn6/Cg5WeLmwTaTAxe+nJ8oAkEYRq1LUjBcj+g52Zg8rz4aq6orQ8
t/7FW49pdvu1rQlZNpSTp0evXROjoTIWlJjPjWnlEIW2dmewfF8biXNLbSqQ8gyL
R3n4byBJwNobJn7VByzjPpUDfPsHk3Gn8InpNy1YJekt1OG/DlpV+/dl253Nq9vA
8U0q5/fn6qmfS6RIS+GDv4aQ1KrZ88xlnZBrQ9U4bKhKwat87jfZQ0mxq2ilUpSf
OO2IuKlHre/b9nRBrUgdkoO3XNi1aBR6OnxMqVM5tDZlO+9LbS8eLYfpAXdDLe1h
8Oj6Fy5mURLmMA+my0WnPYEZBqN+7DepjzugDqo6eCROZLMlUEWyBjSMTT95d7u5
n2CX3DHzdn0QMgNSK44kMVUVDAnTSUiTDdXbuW446Q3Q1ouIRSMBXy8PDYpOMMYA
pd3Nzw5Vj+32HWN3gOwXiTa2grY+XnE3SuSksCPvIVkTF0n/yjptcst3fwmMlm/Q
r0DseVPj0eFUngMtnhZV
=JXTO
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove photos from OpenPGP key in the keyservers

2016-03-09 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


On 03/08/2016 11:24 AM, Andrew Gallagher wrote:
> On 08/03/16 16:08, Anthony Papillion wrote:
>> 
>> I'm pretty sure that, if you just send your modified key to the 
>> keyserver again, it will replace the one that's there.
> 
> You shouldn't think of a PGP key as a single file that is
> overwritten - it's more like a logbook that is progressively
> filled. Your primary key is the first entry, and each "fact" that
> is associated with the primary key (id, certification, subkey,
> photo) gets appended to the bottom. You can upload a new fact to
> the keyservers, including a fact that repudiates a previous fact,
> but it all just gets appended to the log and it's the client's job
> to sort through it and decide what bits are still relevant.

Thank you, Andrew, for the clarification. I suppose I've never thought
of it that way but, as you explained it, it makes sense. So am I
correct in this thinking: if I attach a picture to my key and upload
it to a keyserver then remove the picture and upload that 'version' of
my key to the server, the key on the server STILL HAS my picture and
the clients choose to ignore it at that point?


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJW4G/BAAoJEAKK33RTsEsVlAIP/3UfE2WiynAb4igUXWdPdGK1
GobpOLlFXVX2P7XhGUioQWKytARAgMZNY+rNaqY/sG0o8Nmc0I0v/Na81mkp2bDV
y5ykgsiI3h1MkPbacszQTaB9SJTY36GM8QplUR5HfC70rFFZU64rrc6cYGZpms+c
O0oHCiUONKpqu8nPtx2jlBcZVneRj2MCYNr6mLGgGi562Cklws5WHmRckQPYubdI
Pk3Qx8hdmVqHtbvNhk8lDifxd7QumHds56JYHwyBGT4TjIj8bkSp+YqyKLjmr10g
1FTZzW3FP7Hyhy7qg/m45PTuOG7jximiGLngV4F/SspzsEzQPzxKQBu2mstku3AA
V3Rq7bJgw/JyL72G4T6MBtDuN1y1c1agDO7r1MZM6kQz/ndXXLC/NHSYkiy9trjh
NcS/0CKzSq70YgIFe/2AxXGsDYtvCIft5sznSOsreKJh79zdMmF7ILBYlTFTM9jP
26/ipBxEKz1J9e7Tm+ijK+WYA/EKrjhiU3RtWM8sQTlMNZyjwoWTSJiCBz17CwzR
fa+pyyvdyYNm6TMfTEBgpa3yQV88RMdRRlqj62+06x+lwCNOB6+iG+M5NQNdOJ4C
e2sNzXdgcZIYsc5rBIIrEho+z8KUMVcUKO2xDTiWrsHrzORUspomSxi0XyXN8Oy8
ulV2P9Rz8kpTc9KskI2j
=TIee
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove photos from OpenPGP key in the keyservers

2016-03-08 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On 03/08/2016 05:54 AM, Marco A.G.Pinto wrote:
> Hello!
> 
> I have made the mistake of adding the same photo with different
> file sizes using Enigmail and export it to the servers.
> 
> I have already deleted two of the three photos using the CLI, but
> the key in the server still has three photos and a size of 70 kB.
> 
> Is there anyone I could contact to export this attached public key
> which only has one photo?

I'm pretty sure that, if you just send your modified key to the
keyserver again, it will replace the one that's there.

HTH,
Anthony


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJW3vjgAAoJEAKK33RTsEsVzFUP/iDugmLIYW4kpFsqnBBvpgBp
uAxywtakdaM6Dzw0IlDBc/ETrlzSPcCqp9KmogbPRPI66WfGW8zHMg9mSe3LD3R3
ZK3bwPEGIDUumFLvTH6d6YRHFq9KVORQGfGBvksWCeD7/TudR11eQRP/freSJOfj
jhIzN10+3b0YAVX+VcrmrGU9vNonK9of67qzpX+WiTCTxQIS1SYfNzJWMCQiy2xX
mVn4IW63AdtGSm1V99Y7RIFmFxr4NfOdXumkHtOEOL5F89XC5kmHfyycSNhiQDZ2
ZFdxRuRLGTXWDOjE+GVI/qCz4CJOvuljBumzYi5RN/PF+gbC0XW9hcp3ia70PBpt
VvGZj9juid1L4Ci3IP8Lwil2jVpHn1k+GHl+8St2ghIlaVJhdZbVGU/0WkwJS9j4
aY+2uLoYnL00RI9eNZoJeQf/cHUXGPq5QTworx1pMQzQIXRsfgsRlYjsqwIiQFPq
JkEvQkguVDfHGTNqEdoeLZXGfAbh6jHdGEVlwVSt9hlJewdakUURrtZXhHAmKUq3
lbAeiMUnTJUV2Cvs0ymaDh1hfonf1zXz4OzWzfdqd9YnIYTh++JMxxenXLYh11EP
PaWuECF2xO0Ryxl/s04koHOYlqUAHitIifHouvdxkl6LBB2HSTx9NcNT4TO1QuBJ
c393PzoAb3yQreKiwoC8
=Zw23
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Are ZLIB and ZLIB2 no longer supported in GnuPG?

2016-02-26 Thread Anthony Papillion 
I recently compiled the latest version of GnuPG 2 from source (.29, I
believe) and, when I tried to use it, was told that I had invalid
options in my .conf file. Specifically, it told me that ZLIB and ZLIB2
weren't supported as compression algos.

Are those two algos no longer supported by GnuPG or was this just a
compile flag that I didn't pass it? If they aren't supported, are there
any security or usability implications to only using ZIP for compression?

Thanks,
Anthony



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem compiling 2.0.29

2016-02-24 Thread Anthony Papillion 
I'm trying to compile 2.0.29 and I'm running into a problem. I've
compiled all of the dependencies and, when I try to compile gnupg
itself, I get the following error:

Making all in openpgp
make[3]: Entering directory
`/home/anthony/Source/gnupg-2.0.29/tests/openpgp'
echo '#!/bin/sh' >./gpg_dearmor
echo "../../g10/gpg2 --homedir . --no-options --no-greeting \
 --no-secmem-warning --batch --dearmor" >>./gpg_dearmor
chmod 755 ./gpg_dearmor
./gpg_dearmor > ./pubring.gpg < ./pubring.asc
../../g10/gpg2: error while loading shared libraries: libgcrypt.so.20:
cannot open shared object file: No such file or directory
make[3]: *** [pubring.gpg] Error 127
make[3]: Leaving directory `/home/anthony/Source/gnupg-2.0.29/tests/openpgp'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/anthony/Source/gnupg-2.0.29/tests'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/anthony/Source/gnupg-2.0.29'
make: *** [all] Error 2

It eems the problem is in libgcrypt so I recompiled it to make sure it
was properly installed and it made no difference.

Can anyone give me a clue as to what might be going wrong or how to fix
this?

Thanks!
Anthony

-- 
Anthony Papillion
Phone: (918) 533-9699
Skype: CajunTechie
PGP:   0x53B04B15
XMPP"  cyp...@chat.cpunk.us




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: QC resistant algorithms?

2015-12-16 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/16/2015 2:14 PM, Lachlan Gunn wrote:
> Long story short, there exist algorithms that are hypothesised tho
> be QC-resistant, though as far as I know nothing is proven in that 
> respect.  Those that do exist, there's still a substantial
> possibility that they'll be broken.  Key and signature sizes are
> generally large, kilobytes to megabytes.
> 
> Certainly nothing is standardised, let alone being ready to go into
> OpenPGP.
> 
> This is all outside of my area, so someone please correct me if I'm
> way off.

This is sort of what I'd gathered from the brief reading I've done
about the situation. I'm sure there's a lot of research going on in
the area and I certainly hope "we beat them to it".



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWccf1AAoJEAKK33RTsEsV8dgP/03RIj2PId9g8WXMKlyC8ZtF
uC2P+TKaNOJk+p3IkuGE7ot7+eqskyPfAemhpYERqsJksAUg834zrHDMwYVryARy
HtZGopBRyBKrW9i9gP/CNU9vDSzXULW01C4x5nzotlwviK3JEXhln5MTr76Ll9w8
gzBaB362Qfu4gs35UY5tFr+c6G5mlNmDkPL94ihjw7aQdgp8bqZH1E56BUGIry9b
jdzP5TiZcdlh6+aqL5p6wiQ/fiJJ+5pPd+mmlqFVIvDABHAjOTfdsPi2NRe/NnHl
1IG7Ooa16MmKWkycFqvlCZull/hQjMVrIquwLIMH0+rlt4w7WhweJGMZ22D0ebru
Nq8P04v3WqgO+Teyur0/DvCIu/L6OBqOxUWnm+RYCQyDUtCpeYZ/lDdckFnqzQWt
l1Ge0gbb9TLkv5waOxw0kaXKvUQyRisyJ+pM3nHu4rs36yFM+fMIiRoZl0zLIV0G
ba1ucJziTiU307kkQD+pnQQSCHd8tcFt225EpXXNzjcqX9s+rnSQicoupFv+uy0C
VX9AdFoWkX2evUPScYMOZdfBL+OFHVaOHDXrZNpHXXVLBp9hncsP1cg71y3fo3kd
ff87wiz5/bbQ3/2UBtdAXqVwxdD2MGATrpKDLucJanR3XEnkVXjv4r7ixwjoxryp
oNBWxSS+TynaZDHP+xbU
=8Uxp
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

QC resistant algorithms?

2015-12-16 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

While I know it's not a big concern at the moment, we are well on the
way to a future that includes quantum computing. While some in the
computer science and crypto fields say we won't see a crypto breaking
quantum computer for another 30+ years, others are putting it closer
to 10 and even 5-6.

Regardless of what the actual timeframe is, I'm wondering what work is
being done in GnuPG to implement QC resistant asymmetric algorithms?
Perhaps a better question, and I have done very little research into
this specifically I admit, /are/ there any QC resistant asymmetric
algorithms to implement or will we need to come up with something
completely different?

Anthony

- -- 
Phone:  1.845.666.1114
Skype:  cajuntechie
PGP Key:0x028ADF7453B04B15
Fingerprint:C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWcb5LAAoJEAKK33RTsEsVplkP/RMkSuX5mPHJoetvkui/1scJ
/g2VyHhZz7L2YMwOpXdDxmN40/6aFIopNcBt1DvnRqG9SFeVKIRFW9ndIhr2GhFk
DSQPpQrunK5xSERgw+PKIvECsJoaEB2uG3wV/us7wuqd8d2iqnFVNtM8OFqiUp6e
rz9T8XAgZg/2pKJDt3XFjRhq8E1rUbm1Sby3I0DwZwRefc+lDA+Iju19G5BYuUn1
oklCwLadpg/6+qngXzUaXSjGLNEl6UEK7NumBuDW68x1M9D4xBHXDuH1NbHTzEjB
UuL2kzb5bLZpnQSYL1n259p+PWzQnX/V/HvwWahh/+wkcpPjMo3RMpt/Q2Z9Zm74
vn1Ob54rUaWqcl5b03Hy7mvXZW/ZHADwv2rKnjUEvxeKpF7yakgk9iK7U5J/iGFB
O/9BEEkc834sZ/iZRwTUQPKurDZ+We4/kW8jNfCcZmDl7lIiCXGGr91leMRYflLR
kc+8rS+7iRA9u4EH/hPWJ1iqERQt/0brfN4YvrEpUQWGtaXboRQJk3pTRV7WB4oH
367nJEEwPp0JnviFVD1PN4MoLYtIFkatEcIvku6s+gxWsVRkkEUqdNKRA5kKY/Sb
3zAKEjpcW03hc/h+0KvYSRGUOYCcB4y3PM+P/cwYRAU9lBcZJ5jEKbAkCJR7I11F
ek76H2BMUuVqmxPVtGIN
=eH5A
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can I pass the password from the command line?

2015-12-15 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/15/2015 5:07 PM, Andrew Gallagher wrote:
> 
>> On 15 Dec 2015, at 22:58, Anthony Papillion
>> <anth...@cajuntechie.org> wrote:
>> 
>> I'd like to script encryption and decryption from the command
>> line. Is there a way to pass the encryption passphrase to GnuPG
>> from the command line.
> 
> I don't think there is a password parameter, and I'd strongly
> recommend not doing it even if there was. Many OSes make the
> command line parameters of processes available to any local user.
> 
> Have you tried piping the password to stdin?
> 
> Andrew

Thank you for the quick answer, Andrew. After thinking about it, I can
see the absolute folly of having something set up the way I requested
and I appreciate you pointing that out. I had not thought about piping
to stdin - never even crossed my mind!

Thanks again!



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWcKCIAAoJEAKK33RTsEsVSPMQALJOsQ3u7RYyERyPoJUtde8W
bTTLaAXnfFmmhB/3EzNQBcrs0fPqc4uQ1UrB3iWITqA0rbf+9asrPETDaR3Ev2xq
ilmpuZAO678NetEcG1Pc7w0gM9hNd8hDQcolRECYRBXfoPchTxGI3jaYjd3IKuOa
W1jyUohW0kSkXg98m8GKkCrNTzLwePNWn9COXn7494Kq9rQLQ5+kCQmpjtSN64QY
AXhVo0JF8xK55QPcMlnW6F5N93jLHneY+ymyK36hF3NFQL1X7r0BKtvby9SNhon6
kq+3yd6YLw8mjAEplgKPRHYerKPjrdUNVS4PtbI7hcoO4EaPK2e8Wdrg4kfAokSV
q++n3ATsKResldBEZr6NOX425N5AmhIhtkMJt2l18V5mcyhWNwqpi4qkPwMmMlGA
uqPe1zjXAaGuouWdjo96HDDZvmZLrYo92fE3Or3oK9HyZMwn9i2+rTlqPuOFgXmR
VizXt04AZLKTDaC5X0VGMSsVLinmIDw0t+iky9jHfcttWpyPVHexozWLVosN7rJ2
+pSb5bU7HOZEUOXwaERzx/k5885m8hDkAIXuKscFHETLnTMXc00S3kZOMNdbqyRw
2NuL6FIA0VOGKZrJ/vUtHxyP16qjirlVRtsheX+MlXmUqYHEJDm6Cw4S3FtEZKo9
r6SnsxzigqY6CvbHOyGs
=4k1n
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Can I pass the password from the command line?

2015-12-15 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I'd like to script encryption and decryption from the command line. Is
there a way to pass the encryption passphrase to GnuPG from the
command line. For example:

gpg2 --encrypt --recipient --passphrase anth...@cajuntechie.org
SomePassphrase FileIWantToEncrypt

Is this possible at all? If so, how? Also, the same question for
decryption.

Thanks!
Anthony

- -- 
Phone:  1.845.666.1114
Skype:  cajuntechie
PGP Key:0x028ADF7453B04B15
Fingerprint:C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWcJsNAAoJEAKK33RTsEsVOWYP/0gJszoRDGauIsmMMqR+UWDF
Q4KkzzbqSNwJAc+xn+Rt1XnAYqK04cDfQjzAhTfJLnwGV47jfrS9GG/qfIPWgyv3
xilGvyrKXS2/YrNj+JGvcoN3S9jp2hrgXVoeqsx5Qiv7liG/NrajiStHnGXknqX5
lwXbuQ/o5BnHGS70s5mASGzgCWMUUxE5pB4EWJR247Dd0SevDBrE1XmEMxNFHoRj
yG4PXj1YVjaWQhNT/lF/fSZi49b0ufwovsciusQPxZmzPsd503KqS+qkwB6mAhur
mDu2BwqFu79qE4BJ3C4ccatbbxtfb6zmF703ChqnJLYef57Ox0mKnV8kxbHUSd+W
vViovg/ptSj60IH3ppS/pO3juma0KFQuFU8eztnzhvvTXnfWEik7d+Q6y9LRRLtM
x/Scujgjmk1SL3K15x8ZDnVOaQdit7q3Ylh6BKRnPnZiUWbd2UIDtrGXV9Av6Zrz
j4M0cuEdUVzMzwNie9SUstKcEoQ3mCBzVeIGVRv48MaNw40A1Q1e9g3P62/0zJJg
iqytI051E13bM/fF/uMt/j6OtpJHTXsfYHb3oYObmQGhMglReuPz4FbR3VcOSuc/
ge6zjcdkWrK5wGIRjCfjzQlEbEJZMzzchIQ7rnb7SJQw3VleBjHdzfQ+bi/6haxO
E6QOdTeRg9VbgsGFZaLx
=txgJ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Insecure memory message on PC-BSD

2015-11-26 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hey Everyone,

I'm using PC-BSD 10.2 and I get the message "using insecure memory!"
when I type gpg2 at the terminal. Is this a major issue or is it
something I can (usually) ignore? Is there a way to use "secure" memory?

Thanks,
Anthony

- -- 
Phone:  1.845.666.1114
Skype:  cajuntechie
PGP Key:0x028ADF7453B04B15
Fingerprint:C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWV5QvAAoJEAKK33RTsEsVaDgQALyDmhgelWU/5d/nhqmhoxYO
5LHO5OujnnE5+acbpv03idgPBCIzcUjmpNom1ejjXs+KWdVJ6bPTYZp42G7ROA3V
OcYGpKTQvFHbCEPvMhp9rpeLGE30wk5hONirhg/lBCsoghG23Ky+ovK0f/B5lKOm
Wmkx4sTivf8hgSmeKjYz2KCxGPxf5GzOTSDo0bOSaaaLDhKPAtJ0giNloJ61u8+D
hxpjkL03I7bnoS1wZXhJ3S0am4bOG0NGSUdEA9F3FN8gyFOL7KuL+H0Xzg08dk5m
kLhgHf8s1VPLD4y+9U2tAHphaS//ycEKq2QuvPybROv6lrGHOrak0UDj0kPMZFln
Y8KuZtZMfQBT8qlv/wCX70iMruBx9OFr7UIDyq1tRC4qmKCW/ksxnnAHEm4/qr5M
zgrNjyuIOF2Cpw286hpuj6H+E+PGpPJG4P8X4KS45830s1HIMPFecD+VxgmuXgh4
8QmEE8+CZv6MlCzYD9L/EHhxPmggEaWmdV4eLMUOCJXdURSJ7CbllXD0Xiti8IXM
nt4sfatBt8LyloFN5OpZlayuGq48TCANUXjWon0vpNhGXmuGoyhH0LU1Ly7nBdHa
S3yxor/1vDx2c43+ox58XLVdnXwZ5gLHuZrMOjib1rnenK73qdXr6hW3ptTF3xxH
ZEqukaaFBnCsr2T4t5Mw
=NdzN
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Portable version of modern GnuOG

2015-10-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I'm working on a project that requires a portable version of GnuPG and
I'd like to use a modern version of it. As far as I can tell from
searching, GnuPG stopped being portable somewhere in the 1.4.x branch.
I'm wondering a few things:

1. If all I'll be using are the RSA and AES246 algorithms, is using a
1.4.x implementation that dangerous?

2. Does anyone know of a modern variant of GnuPG that is or could be
made portable?

Thanks,
Anthony

- -- 
Anthony Papillion
Phone: +1.845.666.3312
Skype: CajunTechie
SIP/VoIP:  17772471...@in.callcentric.com
PGP Key:   0x028ADF7453B04B15
Fingerprint:   C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJWEs31AAoJEAKK33RTsEsVQQYP/jJnH/5C1wagZeo6Wm/fueUp
4/zKkhg3aTKzy0y97xdH4QPU6rSE9VTn7irNDOVrqT0XSCaHwOEqMfKaCIvAOtP0
DozFIcsXdd6MqBXqogFQL+INTxvb6gzdk/I4wAigEIKbvlljNcpQYGcLhl5W9Ism
xaS8St6R/7t2FcW+F+7YgrNxGF1Q8lRwCcXOPCvW5RA0CavX8nXhxZWC9qgbhbWD
+IzsnADC1PW3bFcZIu9LOWaPy2WzP083sJrzHF+Eq4CRFwKKgDEK+M5rWy0UQFzy
hyi4E8q3Daq8vROumQYfJpr/5rWMW0Od3d1hHS6XXcIO674sYpTDhn47YszXd4TI
ABobIdoJbfjuofeng4pRMw9dPFHFZwN8peZyy1O78BXQSpNzvoj2Y8TXhoeoHxgO
9jfpwTwC8AyFfM1u6Ls6dXxak9AakTAvWuNcaldAW8qiY0quHkjX4bBD0YqUrt5r
XU3qfNPl7tpORQ0K/hOffdz7WwpzH6V7Fmu1mZaHBUS29pvXhJtWVtZW1ImtMao4
0dUg0iC4LIdUcH8jYjwaysZJzY/+zcKxQVSHrrdxg0GvnW6WeTeFDE3erqfxD0Mp
pbOJAkxblA/igj0GNf/FSs0273NqbMxfMB18PjdMd1qM14U51bc2ZC5FWrpZNrCm
KU3HF1stLYyESdW5i2TO
=dhiA
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Seperate Session Key and Encrypted Data

2015-10-01 Thread Anthony Papillion 
I 

On October 1, 2015 9:38:13 AM CDT, Christian Loehle  
wrote:
>I want to use gpg to encrypt a potentially large file to some
>(cloud-like) storage provider, the recipients are not known at the time
>of uploading.
>What I want to do is to send the encrypted session key of the file to a
>recipient, when I 'add' them, without re-uploading or even touching the
>original (encrypted) file.
>This should be possible, does anyone know how to? I'm also open to
>other
>suggestions.

Is there any reason why you can't just symmetrically encrypt it then send an 
encrypted message to them with the passphrase using their PGP key? 


-- 
Phone:  +1.845.666.3312
Skype:   CajunTechie 
SIP/VoIP:  17772471...@in.callcentric.com
PGP Key:   0x53B04B15
Fingerprint:   C5CE  E687  DDC2  D12B 9063  56EA  028A DF74  53B0  4B15



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about group line use in GnuPG

2015-02-21 Thread Anthony Papillion 
I belong to a mailing list (PGPNET, a Yahoo Group) that provides me with
a group line for encrypting to a group of keys. In my gpg.conf file, I
put something like:

group mygr...@domain.com=key1,key2,key

Then, using Enigmail, I can encrypt to the entire group of keys by
selecting it in the UI.

However...

The fact that gpg doesn't complain about the group line in the conf file
means it must accept as a valid option. So why can I not use that group
address when I am encrypting and signing from the terminal. I should be
able to do something like:

gpg -ear mygr...@domain.com filename

But when I do that, gpg tells it has no key for that address. Why can't
gpg understand and properly process my group line from the terminal? Is
this anything that's planned for the future?

Thanks,
Anthony

-- 
Anthony Papillion

Phone:   1.918.631.7331
VoIP (SIP):  80...@iptel.org
XMPP Chat:   cyp...@chat.cpunk.us
Fingerprint: 65EF73EC 8B57F6B1 8C475BD4 426088AC FE21B251
PGP Key: http://www.cajuntechie.org/p/my-pgp-key.html

To any NSA and FBI agents reading my email: please consider whether
defending the US Constitution against all enemies, foreign or domestic,
requires you to follow Edward Snowden's example.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question about group line use in GnuPG

2015-02-21 Thread Anthony Papillion 
On 02/21/2015 06:19 PM, Daniel Kahn Gillmor wrote:
 On Sat 2015-02-21 18:33:46 -0500, Anthony Papillion wrote:

 gpg -ear mygr...@domain.com filename

 But when I do that, gpg tells it has no key for that address. Why can't
 gpg understand and properly process my group line from the terminal? Is
 this anything that's planned for the future?
 
 I believe it is supposed to do this already.  It works for me.
 
 What version of GnuPG are you using?  On what platform?  can you share
 the exact configuration and commands you're running?  It's hard to help
 debug from just the example info you provide here.

Thanks for your quick response. It looks like I may have fixed the
problem. Basically, when I use Enigmail for the group line, it needs it
in the form of

group pgp...@yahoogroups.com=key1,key2,key3

But when I do it from the terminal, it needs to be in the form of

group pgp...@yahoogroups.com=key1,key2,key3

Copying the group line in my gpg.conf file and removing the brackets
made if work as expected.

Thanks!
Anthony





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problems when encrypting to a group on MacGPG

2015-01-15 Thread Anthony Papillion 
On 01/14/2015 10:53 PM, Doug Barton wrote:
 On 1/14/15 7:09 PM, Anthony Papillion wrote:
 gpg: O g: can't encode a 256 bit key in a 0 bit frame

 This happens after I tell the program to accept the final key in the
 group as valid. But it doesn't seem to be related to a key since I've
 deleted the final key and it still give me the error.
 
 You're on the right track  delete some more keys, test again, repeat
 till you find the key causing problems. Depending on the number of keys
 it may be easier to add/delete a few at a time, do a binary search, etc.

Thanks Doug! It looks like the problem is likely related to two of the
keys in the users keyring containing ECC subkeys which, apparently, that
version of MacGPG can't handle well. I'm going to connect with them
again today and delete those keys and see what happens. Thanks again!

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problems when encrypting to a group on MacGPG

2015-01-14 Thread Anthony Papillion 
Hello Everyone,

I'm trying to help someone configure MacGPG 2.0.22. I've defined a group
with multiple keys in it. But when I try to encrypt to the group to test
things, I get the following error:

gpg: O g: can't encode a 256 bit key in a 0 bit frame

This happens after I tell the program to accept the final key in the
group as valid. But it doesn't seem to be related to a key since I've
deleted the final key and it still give me the error.

Any idea what might be causing this? Thanks!

Thanks,
Anthony

-- 
Anthony Papillion

Phone:   1.918.631.7331
XMPP Chat:   cyp...@chat.cpunk.us
Fingerprint: 65EF73EC 8B57F6B1 8C475BD4 426088AC FE21B251
PGP Key: http://www.cajuntechie.org/p/my-pgp-key.html

To any NSA and FBI agents reading my email: please consider whether
defending the US Constitution against all enemies, foreign or domestic,
requires you to follow Edward Snowden's example.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New GUI frontend for windows

2013-12-25 Thread Anthony Papillion 


On 12/25/2013 06:49 AM, Alice Bob wrote:
 I wanted to create an easy to use gui for GnuPG. Without installing,
 choosing options, and just working from the get-go.
 
 I appreciate any feedback (and bugs), you can check it at:
 https://www.encreep.com
 
 The main use case is for encrypting/decrypting, and not identity
 verification. That is why the trust model is discarded.
 I feel unless your adversary is a government, getting the public key
 from a website / email / forum post should be fine (situational trust).
 
 I wanted something to quickly load the key, encrypt the message, and
 send it away.
 
 It is closed source, unlimited trialware.

Looks interesting. There's definitely room for improvement in the
encryption tools market and Encreep is a move in the right direction.
That said, there is no way in hell I would ever use it. Why? It's closed
source.

With everything going on with the NSA and other agencies these days,
someone would have to be insane to use a black box encryption solution.
Consider making it open source and I think you might have a winner.

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

ECC curves used in gnupg?

2013-12-17 Thread Anthony Papillion 
I know that gnupg is experimenting with ECC and I'm wondering which
curves the team has decided to use. I know there are some curves that
are now suspected of being tainted by the NSA through NIST. Has the
gnupg team ruled using those curves out?

Anthony

-- 
Anthony Papillion
XMPP/Jabber:  cajuntec...@jit.si
SIP:  17772471...@callcentric.com
iNum: +883-5100-01190960
PGP Key:  0xDC89FF2E


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to add authentication capabilities to an existing key?

2013-09-10 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Is there a good way to add authentication capabilities to an existing
RSA key? I see how to toggle it if I create a new subkey but not how
to add it to an existing key.

Thanks,
Anthony

- -- 
Anthony Papillion
XMPP/Jabber:  cypherp...@patts.us
OTR Fingerprint:  4F5CE6C07F5DCE4A2569B72606E5C00A21DA24FA
SIP:  17772471...@callcentric.com
PGP Key:  0x53B04B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJSLtjIAAoJEAKK33RTsEsVjJEP/0XmQOb07JC07DrorJDlX892
FRGJDvHD/OfKQNAzEhIZFlGBvn844HxvY+CXoOV4cDX6MPNNv/KUvrByoa8C23Hp
2MCWNu4Po+CbV1nLS1FjzATgwGbQb4BdcaH5RxB8mr9BRg2OIQIktFCDi4jWhdPu
We1Cq/FN69YduQi1WeGhgbFsMIXBFIBpPYmwaiu1CXJ/31yeqAkcggNkX4zV9jQ/
X2ru3RpZCJRd74tc71GGgIz1O1Y5kKVePyt5YfACe+WHo6f9K+N6oNTB/UQQGIWb
709PY9mKHywRPpQN/Rq1ZXYYWJFR4+Ef2m6ZHgxdUBwkTsXExxvKBBDilluWcokw
wHW4ymrZCReeZ2OYeUtMNAYRa3QlmXIMXG07YQ9+EL1jW2aJi7Q+RKbgP8xQ6VMS
RIAPuKfgw52z6MRzg1jyiAX4MOb0gxuqdFj+pvwzgGS/x7ePBMaEzVWTpSZRvu72
baGQzKLWMVgFr6QiLJryWBaWV01gXcs3XTK7dpFgZd3YDfuICRr6agX/zSKPxzx1
TFR3K9dEA5f2+8L1P+oFSatV6QnmimvjpM9CVSC6x5bDRmDUh0LelhMLutwVOCrc
dglRUD43VTMApPrYeoyH+xchZwpFO9kL7zawxQ6LH9tI5ClbjZm/ed9PnfBBFuyC
BETWJAKRTvI/sqvqBn0B
=Q7fI
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to add authentication capabilities to an existing key?

2013-09-10 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 09/10/2013 05:35 AM, Paul R. Ramer wrote:
 Anthony Papillion anth...@cajuntechie.org wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
 
 Is there a good way to add authentication capabilities to an
 existing RSA key? I see how to toggle it if I create a new subkey
 but not how to add it to an existing key.
 [snip]
 
 Hello Anthony,
 
 As far as I know, there is no such capability to do that with gpg.
 You have to set that capability when you create the key.  HTH.

Thanks, Paul! I don't really need the feature anyway, I just read
about it and figured 'why not?  Plus I wanted to investigate what it
was for. After the responses from both you and Werner, I'm not that
concerned about it.

Thanks!
Anthony


- -- 
Anthony Papillion
XMPP/Jabber:  cypherp...@patts.us
OTR Fingerprint:  4F5CE6C07F5DCE4A2569B72606E5C00A21DA24FA
SIP:  17772471...@callcentric.com
PGP Key:  0x53B04B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJSLwtFAAoJEAKK33RTsEsVKgwQAIgMjM8PHI6cunj4YE7afS9e
H07YkZ+Jp3JPo9GL/O9Tubs20yjQX/iQ1HdPexAIJdI2uww1S2EN3//JNen97Ypf
VVDGfC4SZopy0QkP/UUVJd4sdcqBNoChA8kFhNHcMJg+e698uersLtjLH9CDKH1C
x3LAZMdTkdLGYGG3QbQAufF323Cw5Z6WqmABnJVbhZPuFdLyg9cxH8+bHqennBY4
QDV8fI847ct4rLLLlMieY9haMzBc+8ObarLFLG9d5y4Zhke7UvhbQuzzN8HyufT9
use3Xvp2wWqJ5/DBEiehuJsvQ/ZbOCxiRkNaydivBxyS8pMvbKlkXM7Z/iCEcPlM
kC/Po5Ft/xQMrkgh87s/+Fmg5JKFvYHFPurOMUY3+ly7k3b97dwcyCFhf9Yw9Mhf
ESNQ2VLLAnw2j0PvRJgKhTXUjPFFqrBv6yfEZwSpd0aKq1dG4F3fSK8qlgYVYOa2
HsV+xKJzTWcpfKrvx4Sw4e80+Qv5Pr5cXRhtNPP4FNOw5dy5kvyMt2u6pLmejkNk
em53OMWwnvoFWCjFEMaZfVmY1JMtD9KDK5cVxSTbucwte5OmsGZbLb06KKgudrxu
z/qMjcT0idb56Fg6yx9/vLfWEoBUMgr2fgpGXerZHZHoxIQjCIQwNiY+HrzupQbJ
5Z4Uexa7L/WQl1yqVvcT
=vQti
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Recommended key size for life long key

2013-08-31 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 08/31/2013 04:46 AM, Ole Tange wrote:
 The FAQ
 http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size

 
recommends a key size of 1024 bits.
 
 Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
 recommends that.
 
 Why not recommend a key size that will not be broken for the rest
 of your natural life? (Assuming the acceleration of advances in
 key breaking remains the same as it has done historically, thus no
 attack is found that completely destroys the algorithm used).
 
 I just generated a 10kbit RSA key. It took 10 minutes which is long
 to sit actively waiting, but not very long if you are made aware it
 will take this long and just leave it in the background while doing
 other work; and to me 10 minutes (or even 10 hours) is a tiny
 investment if that means that I do not loose the signatures on my
 key by changing key every 5 years.

Hi Ole,

There are other problems that need to be considered when creating a
'lifelong' extra large key.

First, you need to consider people on older hardware or mobile
devices. That 10k key might take 10 minutes to do anything with on
modern hardware. But do you think a mobile device will have the kind
of horsepower needed to use that key in any way? Probably not. That
may lock out a significant portion of your contacts from being able to
communicate with you.

Secondly, a long key length won't protect you if 1) an incredibly
efficient factoring algorithm is designed and used, 2) quantum
computers are used against your key, or 3) side channel attacks. In
all of those sceneries, large keys won't protect you at all.
Especially in side channel attacks or qc attacks.

Personally, I trust my 4096 bit key for now until ECC is integrated
into GnuPG. Then, I'll recreate my keys. Looking for a key that will
never be broken is like looking for the fountain of youth: it's a nice
idea but not realistic to plan your life around. Security is always
moving. You have to be prepared to move with it.

Regards,
Anthony

- -- 
Anthony Papillion
XMPP/Jabber:  cypherp...@patts.us
SIP:  17772471...@callcentric.com
PGP Key:  0x53B04B15

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJSIlHEAAoJEAKK33RTsEsVCBEP/2iX/lCeUzr4XOfl9M2dKOYX
Jmspl0/xUEuJ/pN8A+XXfH6Roe1HtO/sIDRxMB/yM6speLnvrfpin3lxLNh68IPW
A5wkgIit61ERSpFFMw7oaaWViqZ9dz4qkm9FVA5b2WQBYJzC5jWu6t0vfJJgQIE3
PJHarT+Ok3tMPPZvDpOiC0dE0tTVmvod1O3mk5fOnbnCdXq1mIdy+cqM182t9pl2
lJWgJ4H6fsJsIYqUvC7MWJtNGXJ++8i3WySttoMbvOeVT+YyJk3/R/BetqRYxbuD
qE4Clniu5l/NB/LtO7nmD4cziszU6WFZVKXft1pR8qnyFbItb/2vpA4g8PbM3m2W
4dbTGn5SA2ouF8glCukRjydeCeca1/jf/DQQ5w5DSnQegLwbH7FzORVQ79k7CyXV
4l6ulmLwrb5Jn7aw/GOukEqAjBQcaJjg1C5TjIAyfy+7yQye9nuoVRz3rf5JcOwx
luu5KARLGcIyxCatrQPqydvr7FuNCH1oyLzvYTZ1qpRt5KI85bGqesTAh2ltiv/n
BWEs2auasD62PxaneH8PurlPpdw5D+b6bxTs6QnKG90IhvIBfQqr/62DnkpK9D5f
ImYbo6Z/pgzAqggtbXDlOEfmn9gr8g1egkNfrFei8EYSNLaNqTrQkumV9gX+RrHq
zqszn5xP94iqkj1JFd9V
=4t2X
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why trust gpg4win?

2013-07-26 Thread Anthony Papillion 

On Jul 26, 2013, at 4:02 PM, Jan takethe...@gmx.de wrote:



Still I wonder whether there are many sources for SHA1 sums of  
gpg4win, that could be used by a windows user to test the integrity  
of his download (C't ?). Are the SHA1 sums of gpg4win presented on  
the download site checked regularly by their authors?


If we believe Edward Snowden, the Security Services  likely aren't  
working to slip secret code into GPG anymore. Or at least it's not a  
huge effort. With the endpoints (operating systems, software, etc)  
they don't have to. There are a million different ways that a security  
service could get at your data even if your encryption software is  
absolutely perfect an unvompromised. Honestly, I'd worry much more  
about the surround environment than the gpg code itself. That's not to  
say ignore the code and it's integrity, but don't fall into the trap  
of believing that, just because the badges check out, you're  
completely safe.


Best Regards,
Anthony Papillion

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG detection on Windows?

2013-07-18 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Everyone,

I'm designing an application that will run on Windows and utilize
GNUPG. Right now, I'm detecting if GPG is installed by calling it then
parsing the output of the command to see if it succeeded or failed.
This is VERY messy and not my preferred way.

Does GPG4Win install anything to the registry that I could check for
to see if it's installed?

Thanks,
Anthony

- -- 
Anthony Papillion
Phone:   1.918.533.9699
SIP: sip:cajuntec...@iptel.org
XMPP:cypherp...@patts.us
Website: www.cajuntechie.org
PGP Key: 0x53B04B15


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJR6CLAAAoJEAKK33RTsEsV+IQP+gKv6yIZuh1fx2zTA9/7+6RE
G6+8+35szeQ3zCkGsGgFkzeDlSlgffeUekmMnaEZk2K7i0L0SDh1ddAfkuXufJez
iw12drHrKqx4svwSKMPRFZJAlr7nL/a7Fl91cKCplOn90fodekB7O8caZGM4mskB
eRRZPBOs+f4Kx/zFZONEbjcxnIksuqD3W+hspPQaF+99xYMMS2B2WitPSMj3dzXg
DVo1eKwAbYvln5gmgLw0CAoSI6iVWC2hQeX+6mlVUPWrOZrA/yfGBhlKWz8JEIsS
h05UXXeDOa/bSUL8iuoqX0JqOs/MJrHyKabf9EDTSugIazfqCodC9ZKYYdFFTjZG
IhFH0kArOjhCU2FstkfqK9jYzASYa6/v29hhh17piu88rTlqAnGHYxQLMXHp0qLD
P7IhsUXp2FGoSeXJ5Igo/MpQ5E9J3O2fPniREK2PzZRUpRkItlnqjZP6W96xuHS8
E7AbrOZK4mzYupnWZhbW4zLIH/c2nHSFMRBK00e4EmIEovAUcTPJaWUlDFUeF7Dj
v44Ac6ipfmK4adSugkwqpz5royPal4QkgouueMabWlJbwSK2CzInswwmiMww7Lad
5yHerAIEDN7XSGNxW8KzDuR1lxoZwqs6pC1n4MRzVaJ0edMwe2BHh8Ydo0JyPRFZ
zSsS3Fv3fN6U0sJE3qRP
=6yl1
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How insecure is using /dev/random for entropy generation?

2013-03-30 Thread Anthony Papillion 
Hello Everyone,

I meed to generate a new key and want to make sure I create enough
entropy to make the key secure. My normal method is to type on the
keyboard, start large programs, etc. But a friend suggested that I use
/dev/random.

Is this suitable for creating a PGP key? I've got concerns.

Thoughts?

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Stumped and need some help with agent

2012-06-17 Thread Anthony Papillion 
On 6/17/2012 7:10 AM, Werner Koch wrote:
 On Sat, 16 Jun 2012 22:42, papill...@gmail.com said:
 
 For some reason, every time I do anything to an encrypted message, I
 have to re-enter my passphrase. If I open a message, I enter my
 passphrase, then, when I reply to it, I have to enter it again. And to
 send that reply? Yep, enter it again!
 
 Your gpg-agent is not installed properly.  man gpg-agent to see how it
 is to be started.  If there is no gpg-agent it will only be started as
 needed and then can't act as a passphrase cache.   Ubuntu should have
 handled this for you.

Wait...you expect me to read the man page? What kind of barbarian are
you, anyway?!? lol Just kidding. For some reason, with all my
troubleshooting, I never even considered reading the man page. I'll do
that and see what I can find. Thank you for the help!

 We will change gpg-agent in the next version to automagically start
 itself as a daemon on the first access - this allow to use gpg-agent
 without any additional system setup.

Sounds good. I assume the way it's started now is on an 'as needed' basis?

 system, renamed the gpa.conf file (just in case) and added the
 no-use-agent entry to my gpg.conf file with no result.
 
 gpg2 ignores this option because gpg-agent is a required part of the
 GnuPG-2 system. 

I figured that out while going through some of the posts relating to
gpg-agent. Is this a permanent change? I know pinentry is supposed to be
a safer way to enter passphrases so I'm assuming that the mandatory use
of gpg-agent will continue on into future versions?

Let me ask this: are there any major security implications (aside from
sacrificing the security of pinentry) to hacking gpg2 to not use agent?
I'm not considering doing this as I don't see a real need but I'm curious.

Thanks!
Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Is the git repo down?

2012-06-16 Thread Anthony Papillion 
Hey Everyone,

Just tried to fetch the source using

git clone git://git.gnupg.org/gnupg.git

and my connection was refused.

Is the server down?

Thanks!
Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stumped and need some help with agent

2012-06-16 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Everyone,

I'm having a devil of a time with Ubuntu 11.04 with GnuPG and need a bit
of help. This MIGHT be a problem with the Enigmail plugin but I think
it's probably something to do with my GnuPG configuration so I'm asking
here first.

Basically, I have GPG 1.4.11 installed. For some reason, I also have the
binary for gpg2 at /usr/bin/gpg2. However, my Enigmail is picking up
/usr/bin/gpg so all should be fine (I think).

For some reason, every time I do anything to an encrypted message, I
have to re-enter my passphrase. If I open a message, I enter my
passphrase, then, when I reply to it, I have to enter it again. And to
send that reply? Yep, enter it again!

Obviously, something is amiss.

Can anyone lend me a hand and help me figure this out? I've even gone
as far as to rename the gpg2 binary so it couldn't be found by the
system, renamed the gpa.conf file (just in case) and added the
no-use-agent entry to my gpg.conf file with no result.

Help?!? Please!

Anthony


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJP3O+yAAoJEE8yDBL3zdVpbT4QAKEC7YGvBbv1s5flFc4qMlXx
4a9RG6cmHNf6P03xBRTwJxo98+RgxIxRSF+62NPRf2X8SPlzKKMgyW++lUX3Qijf
aC+zsUANLioAxHlEkcixtepCjFQQGGW9PJwHEEu0AVjY819gvywBVz37CKIQ+VWj
PbfjM/0LkVvwLTGRQnJ3v11LIjNBGpiR0Df+47pxp9nvpfl0xKimfqfSe7TwHddx
kKWGyUPMCkpHuLXIRycbH637LLe+CV/GwsRxGd2xZUvhSouDPXN30wKsBOyAffeO
VxJjoy5EE8JcUflWbJOLhTVZYUCY+gzCmosYugYi0tDgqmLRSVNqUCrL29ltJWnb
oZGsffYLincRlY0jwWc4DLCj4Tg8zAmZmtiC1JYqDUAPxVuKaoWX1OV5u3ySmPNo
8Of/UKr4jT9SluHaEVlZP2QaItzxQX4t0/9w8vxmQqaxtaR+D9UqhuVIJd5eaCee
t10YLE2Tlus6MYh1IScLpgorKT2TZOa+hmugJ3KlsTLSY/vjDuwdXRxXlqo/RP49
/FXKyMwcx1aHR0xowiKHu1VJpNG+NmyUkK1Gwux185QMyUgmfr0dajfGjZWhin1g
MBLZXZB7SPu5zfG4InIJAUE92hb/vsKe9g58bKBc7Tx2N9/+W6aNiNf0uXrq4nsz
7IRG8xa+3NiunLwwox6a
=7/5c
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Stumped and need some help with agent

2012-06-16 Thread Anthony Papillion 
On 06/16/2012 05:37 PM, da...@gbenet.com wrote:
 On 16/06/12 21:42, Anthony Papillion wrote:
 Hello Everyone,
 
 Can anyone lend me a hand and help me figure this out? I've even 
 gone as far as to rename the gpg2 binary so it couldn't be found 
 by the system, renamed the gpa.conf file (just in case) and
 added the no-use-agent entry to my gpg.conf file with no
 result.
 
 Hello Anthony,
 
 In your .gnupg directory you want to edit the file (or create one) 
 gpg-agent.conf and add the lines default-cache-ttl 9000 
 default-cache-ttl-ssh 1800
 
 You can install the programme GPA and it will under preferences 
 edit it for you. If I recall Ubuntu does not have it so go to 
 ftp://ftp.gnupg.org/gcrypt/gpa// download gpa - you have to 
 ./configure - make - make install. Also make sure gpg-agent's 
 running.

Hi David,

Thank you for the help! So I went ahead and I downloaded gpa
(thankfully, I didn't need to compile it. It was in my distro's
repository) and installed it. I made the changes to the .conf file as
suggested.  When I typed 'which gpg-agent' to make sure I had agent
installed it told me it was in /usr/bin/gpg-agent. When I executed it,
I get the message 'gpg-agent is installed and running'. Everything
looks fine.

Then...

When I look in my process list, I don't see gpg-agent. And when I go
to Thunderbird and try to access encrypted messages, I still get
Enigmail's passphrase manager instead of pinentry. Note that I've told
Enigmail to use gpg-agent instead of its own manager but that makes no
difference.  The problem of having to enter my passphrase at every
step continues.

Does this look more like a problem with Enigmail than GnuPG?
Understand, I am not using GPG2 but rather 1.4.11.  However, it looks
like I have gpg2 installed (/usr/bin/gpg2).

Any other suggestions?

Thanks,
Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Question about key fingerprint uses

2012-04-28 Thread Anthony Papillion 

  Original Message 
 Subject: Re: Question about key fingerprint uses
 From: Peter Lebbing pe...@digitalbrains.com
 Date: Fri, April 27, 2012 5:40 am
 To: Anthony Papillion anth...@papillion.me
 
 You're turning it around :). Rather than verify you are speaking to John using
 his fingerprint, you are verifying the fingerprint by speaking to John.
 
 You should already be sure the person on the line is John Smith. John Smith 
 then
 tells you his fingerprint such that you can be sure the key you're looking at
 actually belongs to John Smith, and hasn't been exchanged by a man in the 
 middle.


Aha! That makes it crystal clear! Indeed, I had turned it around. So
then that's why key signing parties rely on verifiable ID. The user
verifies his ID so you can be sure the fingerprint he's providing is his
actual fingerprint. Makes perfect sense now.

Anthony


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about how RSA keys are generated in GnuPG

2012-04-28 Thread Anthony Papillion 
Hi Everyone,

This is a stupid question I'm sure but I can't seem to find an answer
to it in the source code so I thought I'd ask here. When GnuPG is
selecting primes for RSA key generation, what parameters are set for
the primes? Is there a floor and a ceiling set for the numbers
generated? Please feel free to point me to the right place in code if
need be.

Thanks!
Anthony

-- 
Anthony Papillion
Software Developer and IT Consultant
Phone: (918) 533-9699

My Twitter:   twitter.com/cajuntechie
My Facebook:  facebook.com/cajuntechie
My Identica: identi.ca/cajuntechie

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about key fingerprint uses

2012-04-27 Thread Anthony Papillion 
So I was browsing the documentation this morning when I came across this
documentation for the --fingerprint flag:

You want to see Fingerprints to ensure that somebody is really the
person they claim (like in a telephone call). This command will result
in a list of relatively small numbers.

I'm not really sure how this would work in real life. For example, if I
have John Smiths key I can type

gpg --fingerprint John Smith

and that will print out his key fingerprint. This would work for anyone
else with John Smith's key as well. So let's say I'm on the phone with
someone I think is John Smith but wanted to verify using his key
fingerprint. How would asking him to tell it to me mean anything since
ANYONE can get his fingerprint as long as they have his key?

Thanks!
Anthony


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Clearsigning on Windows

2012-01-30 Thread Anthony Papillion 
On Mon, Jan 30, 2012 at 3:12 PM, Belleraphone cco...@gmail.com wrote:

 I realize that, but how do I make it so that my files are fit to be
 clearsigned? I was given a bunch of information from a website that said
 what needed to be clearsigned. How do I put this information into a file
 that gpu.exe can read and clearsign?

GPG can read and clearsign any file. Just put the information into a
file and then execute the given command against that file.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: private key protection

2011-10-17 Thread Anthony Papillion 
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum jer...@jeromebaum.com wrote:
 Your private key being stolen isn't really that big of a deal. If you
 have a very strong passphrase, possessing your private key gives an
 attacker almost no leverage.  With a strong passphrase, the average
 attacker isn't going to be able to break your key on modern hardware
 and anyone who could break it probably doesn't need your private key
 to decrypt your messages anyway.

 I'm going to lean very far out the window and assume he meant the actual
 private key, not the private key-ring/-file/...

Correct assumption. :-)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: private key protection

2011-10-17 Thread Anthony Papillion 
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum jer...@jeromebaum.com wrote:
 Your private key being stolen isn't really that big of a deal. If you
 have a very strong passphrase, possessing your private key gives an
 attacker almost no leverage.  With a strong passphrase, the average
 attacker isn't going to be able to break your key on modern hardware
 and anyone who could break it probably doesn't need your private key
 to decrypt your messages anyway.

 I'm going to lean very far out the window and assume he meant the actual
 private key, not the private key-ring/-file/...

Rereading the post, you're probably right.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: private key protection

2011-10-17 Thread Anthony Papillion 
On Mon, Oct 17, 2011 at 4:18 PM,  takethe...@gmx.de wrote:

 what is the best way to protect
 your private key from getting stolen?

Your private key being stolen isn't really that big of a deal. If you
have a very strong passphrase, possessing your private key gives an
attacker almost no leverage.  With a strong passphrase, the average
attacker isn't going to be able to break your key on modern hardware
and anyone who could break it probably doesn't need your private key
to decrypt your messages anyway.

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Which release should we be using?

2011-08-26 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


On 8/26/2011 10:25 AM, Aaron Toponce wrote:
 
 Oh, you can own an encrypted filesystem, even if the box is down. The
 Evil Maid attack makes this trivial. And it doesn't matter the
 encryption software used either.

I read about this attack a few years ago on Bruce Scheiner's blog. It
scared the crap out of me then and it still worries me quite a bit. Of
course, it's just a variant of what we've been telling people forever
now: if the system is compromised, encryption is useless. Still, it's
pretty scary stuff.

Anthony
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32)

iQIcBAEBCAAGBQJOV/zvAAoJEFMVikTZRCu/qs8P/RCYVasGXeZrmBXUk+hy0WRd
qn8iZfFLBcnnbbp+X/aroV/jK/UbH2scEbohmTosMnd4Rmr/YpS0rvTvI7Z0vZx0
bgn5xKQmLanqTvvGsPysJC7mk8kdAntpo9hMw+HufCAyzUUyKHrv7Ha+K08GueDj
GXcyf97ZoYyVUFGDiB2lHGI31ZkQChejg7zjOVUQZFx5ok5YQSLBKCsa8q+e+eMB
STt8P6jM24MV6d1kWvS1j4PYvykmG4FA+r2pHvl8XguogiULuzu8h6AXCEVVXPiD
DgaHOuyKlEoAvoqSIHZ7d9oWDwdzKpJhZd0U4WECHgqCD+54OAKcMvsoIjugWV62
r678xJjV8w3TmJLW5mfpR1Mc7eVICvxbZjz7EfXoIKxGYt6V3KwWq6vz3Kaa2kFr
RsOZN9ql328C4pHCZZ5B7B5D4qDGtKeX2rPe3YN1F8C75YEtfgDmrzmRkRRFYPGb
9i4NSo7Fjami1KIPSq2l+heK95trgXVNSh0s79BQsCu3e33AYO3j5l4u3IVxcwmy
JBcEN/JVlNO2qn9iEJh+iUXVKIUZrUjUhX4H0bOoXQo4F5+c6CG52YfPON8LYu9F
yBOqivAqI0nT1ulXX7pK6JC3WxlyWIea3rl9k4odso5YnlyApSUW3CKuuSd0ICb0
d4fVvqSB+YEZ9/iukQEo
=BLsv
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Passphrase length and security. Am I reading this right?

2011-08-26 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

So in the course of another discussion on this group, I was told that I
might not actually need my 160+ random character passphrase for good
security. A few URL's were included, including this one
(https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength) on
password strength.

If I'm reading the article correctly, I would really only need a 13 to
16 random character password to achieve the 100+ year protection against
brute force attacks. Is that right? Am I really wasting THAT much effort
or am I reading this wrong?

Thanks,
Anthony
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32)

iQIcBAEBCAAGBQJOWArRAAoJEFMVikTZRCu/9QsP/iNq0ZJpciM5mn961S+5Phcl
W5n9fZy09Fqk0pu6cLnaAGBoYTJ6zct2mddOS4mP6JGz+yzjNEBE/quIoEmfsbRC
bEK4FvBYIJIM9enii9DSndom5szt8WhbAIiWAZf9hxgnjKBkcoI5vaNYzKmZvN+u
+lwHeYFAGdS46ZRGp1COOSyvY9y2XrtCrJEK7tpIn7VrxYAiwgFOkCExN5dc3fex
l54vfi/4uYdTHrgB5nJwSSZdxm7W3YXWfZ8zDVLCgoAnVt/HbJXjQgfShaCH4s4M
3rbjl1KaR1d5VGzOtDmpTqMbrzil1Drz6zh4TNOh8kt8bo+vRVUh/1F6HfawAZc7
nn6FrrY4yjTI6ycOxlzWP+qan/7OGDOEhp/hdpNI9jL/OunBPNBFwZnYWC5jgb8s
O6FA/wjzSThgadrldZiBXPMmPKjxicuhf/j4TXl6aIktVo0OVwGyadv+dfAGNeN/
zSfoYjd2DguRqSg4Th5Oo6OSKqBE6Vl072fuFBS+4GuU+b8gCivLBnnJfnzCKVpk
npey4jXIyTFo3SY1actdOVouab5P764vSqxvXlQtN7nhmuV+2ieGHhWtxJwdrU6f
2c4GeSXugkTr6tK/RuEhDcA2adkYootng90KcPiS8LLG3BhsJ/N7EdwxH9H/fsuS
s/ax3UuoSp5wdyXmAmPQ
=yXng
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Which release should we be using?

2011-08-23 Thread Anthony Papillion 
On 08/23/2011 02:04 AM, Werner Koch wrote:
 On Tue, 23 Aug 2011 03:47, papill...@gmail.com said:
 
 Spying on X windows is pretty easy and thus Pinentry tries to make it
 harder.

Werner,

Since I've never used Pinentry, I'm obviously missing something here.
While I'm aware that spying on X-Window is not too complicated, how does
manually entering a passphrase into Pinentry make snooping harder.
Admittedly, I've never looked at the code so I probably don't know the
whole story. Is entry into Pinentry vulnerable to traditional keylogging?

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Which release should we be using?

2011-08-22 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

So I'm currently running 1.4.10 for GNU/Linux even though I know that
2.0 has been out for a while. I chose to stick with 1.4.10 and 1.4.11
because I don't like having to use pinentry since it doesn't support cut
and paste. My questions are these:

1) Is there any real reason why I *shouldn't* be using the 1.4.x branch
of GPG?

and

2) If I should be using 2.0, is there a way to disable pinentry so gpg
can work the way the 1.4.x releases do?

Thanks!
Anthony

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOUhNRAAoJEFMVikTZRCu/wJ4P/06+2DhvBLDlHrtdGWUypbpC
GjwiYLWWT22Bfim3+9a+qUghn1v3HZiuxnqiYysBsrlxgS4M/5GjtOK1SoqfDKhz
DB2o8/pO74H57b3b96Ex67J/Ct15TkViQa/782G4kbjo42LhHMMkiQ5Qu0BXBZ+t
0f6qswU1BBO7rn8pA9o2rpktsvZHdx0omtIQd7WdTRzs9gqb6gBipH2vyxObP/9n
wXiagPgdF+/U85eLyZxeK5tBTi+FSjdNZH1b5dIsjKBJWPWEBBPsoY37oqrcc+8y
krNt/ZNqoKSSJ3VmT6NLhto+FE///WiWeYFuWm1uTrp+VkFGvjZjOiQEWu5KdxF3
kFjcodLDs27fscNWzD+jT+FAytdzmzMHCEa6FarDY0zaguG1WRlJm6P1t5HwG12L
ZIM7CantCNFgW1x2HmQOZcZw7oiQoPkMCZTde/8q8F1YR3bj7rPvxJw5fQ/3u7B4
Fjh8RlFs8F80I8fZeqhaaLAwYHQ8Z+HfwrKx0+QuoRETO6zMvG1onXTQP287Nr+P
jhEAVqS44scBSdtWuUqPGKocGhkRPGL04mwv1O3WAHwxHYQQ2EYTP+RIvQ2bmxB5
vStdK4FJNz/ISz503TbqzJbFDy8knIdpcMa7XKaEJ+gV5f4QxaSIfwxDMWVAmyVu
gdVBZfDLCw6VNZOVqZkF
=6ELm
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Which release should we be using?

2011-08-22 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/22/2011 07:01 AM, Werner Koch wrote:
 On Mon, 22 Aug 2011 10:29, papill...@gmail.com said:
 
 because I don't like having to use pinentry since it doesn't support cut
 and paste. My questions are these:
 
 That is on purpose.  If you have your passphrase on file for c+p you may
 as well use no passphrase at all.  gpg-agent caches your passphrase; set
 the caching time to whatever you l; this is far safer than to use c+p.

Hi Werner,

I'm not sure I can see how being able to cut and paste a passphrase is
in any way like not having a passphrase at all. My passphrases are
stored in a Keepass database that resides in a TrueCrypt container. It's
protected well. My actual key is protected by a 62 character passphrase
that I'd like to cut and paste into GPG. Considering all of that, I
think it's a bit extreme to say cutting and pasting a passphrase from
two heavily encrypted containers is such that you may as well not have a
passphrase at all.

Still, thanks for your input. I suppose I could always implement c+p in
my version of pinentry or I'll just stick with 1.4.x for a while.

Thanks!
Anthony
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOUwaUAAoJEFMVikTZRCu/MEYP/36u1JOBc0OjeO7Ti+NDszII
ho2RPGzqnLhP0QiBsjvDNXdxCr4y8u7LWFhkHtcpKvdrmUwqminSvm2Fgv3Jxw6o
TX5q3hwmUT1oPiYwVXr4toGwnxgG1kS78WpFcMYfQiPf4L3igRslM5Ai/0PaE6K3
Zrpnmh4FtFq8i5CVnPR0S8RUEBKHibdWJY4yTPPj9YrXThlDtNK5m05bWjbylwGT
NOZReM4xLoOzKsnsBnC71lqyDoyGN67dYiuIZXNiVmW+8CTTtxWtyNAndzRI48hb
NMBEL4C1Bmpm6hWXepj+3g7iXRSxCe07TRBHxJRbxRYXPeWc4Yr5BloVtj/pJfIE
IMgohU/bY7XMc31/Q5RPWrSa/JGCz/itv6XW93fkkhE3hdp2gzaZJM6UufCz2Vrx
E9EG4OJZTiYQDomEagoEywsjI9vKwDLr7qpiekYsf2vKctE+0cj8xYDUQZ4f1vK0
WuSf5KGSU5EgjAfFblZoq/ck3nagw+B/VcNzYlaJyyroOTy/t7p+bvmR85oiqg5J
UZr7shMIIy8D+9A66/rNT0lUzYLv7lpv6lyikQoY65eO6gu3nqFA8pqO09CD8lHE
hcHD0/EcecCcZmAQ/Sic71jVzAxq7JKbA38RntWvQoK4BVPY3LDhBBMW97WHAT3k
XQve2O8L1vegnGfxatE1
=nsTK
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Storing secrets on other people's computers

2011-05-05 Thread Anthony Papillion 
Does having possession of your secret key really make you less secure?
I mean the whole purpose of a passphrase is because you assume your
secret key is *not* safe simply being unprotected in your possession.
Law enforcement, hackers, even friends could *easily* get physical
access to your key so it's the passphrase that's of value.

I've actually thought about posting my key to Bittorrent in case I
ever lost it. It's economical and just as secure as sitting on my pc.
As long as you have a good passphrase, having physical possession of
your key gives an attacker no real advantage.

Anthony

On 5/5/11, Jerome Baum jer...@jeromebaum.com wrote:
 On Thu, May 5, 2011 at 15:15, Daniel Kahn Gillmor
 d...@fifthhorseman.netwrote:

 PS If Robert follows through on this, he certainly wouldn't be the only
 person to publish his secret key.  Search for BEGIN PGP PRIVATE KEY
 BLOCK in your favorite search engine.


 I do wonder how many of those are to make past signatures deniable, and how
 many can be accounted to I feel that my pass-phrase is safe.

 For the latter, I don't get it -- it's not like keeping the key secret takes
 a lot of effort -- but it does decrease your security ever so slightly.
 Besides proving a point, why would you publish?

 --
 Jerome Baum

 tel +49-1578-8434336
 email jer...@jeromebaum.com
 --
 PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
 PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA


-- 
Sent from my mobile device

Anthony Papillion
Lead Developer / Owner
Get real about your software/web development and IT Services
(918) 919-4624

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Storing secrets on other people's computers

2011-05-04 Thread Anthony Papillion 
The typical user most likely *does* believe files are locally
encrypted then sent to Dropbox. But isn't that still pretty
meaningless? If Dropbox is encrypting your file then you have to trust
that Dropbox either can't decrypt the file or that, if they can, they
would never under any circumstance compromise your security. One name:
HushMail.

If you don't encrypt it yourself using a tool that is *known* to be
secure then it really can't be trusted. Someone hacking a server is
really the least of your security worries.

Anthony


On 5/4/11, Jeffrey Walton noloa...@gmail.com wrote:
 On Wed, May 4, 2011 at 10:24 PM, M.R. makro...@gmail.com wrote:
 On 03/05/11 15:50, Daniel Kahn Gillmor wrote:

 Dropbox exposes your secret
 keys to dropbox employees (and anyone who can convince them to snoop):


 http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html

 That article makes no sense at all.

 I was somewhat surprised at the article.

 I think a typical user expects that a file is encrypted locally and
 then securely transmitted to DropBox for storage. (I don't use
 DropBox, but its what I expected). I don't believe anyone would expect
 that DropBox transmits a plain text file and then encrypts the file at
 its leisure and pleasure.

 OT: I was just getting ready to audit DropBox via their public API for
 another project. The article saved me a lot of time.

 Jeff

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
Anthony Papillion
Lead Developer / Owner
Get real about your software/web development and IT Services
(918) 919-4624

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Allowing paste into pinentry-gtk-2?

2011-04-16 Thread Anthony Papillion 
I don't have an answer to your question, Todd, but I have to second
your frustration with not being able to paste to the pinentry. I've
never really seen a good justification as to why paste has been
disallowed either so I'd love to see it implemented.

Anthony


On 4/16/11, Todd A. Jacobs codegnome.consulting+gnupg@gmail.com wrote:
 Currently, it looks like pinentry-gtk-2 (I'm using 0.8.0) doesn't allow
 pasting from the clipboard. This is annoying, because a truly long,
 randomized password is not practical to type into a hidden dialog box. It
 really seems like pinentry forces one to use short, insecure passwords. One
 supposes there is a trade-off in security here, but I'm more concerned about
 brute-force attacks on the passphrase than I am about someone sniffing the
 clipboard--it seems that if they have access to my clipboard, they can
 probably log my keystrokes, anyway, right? So offline attacks against the
 key's passphrase seem more likely.

 So, I really have two questions. First, is it possible to force pinentry
 dialogs to allow pasting from the clipboard? Secondly, is it possible to
 force the CLI to use an alternate pinentry (say, pinentry-curses) or some
 other method to populate an existing gpg-agent with a cached passphrase?


-- 
Sent from my mobile device

Anthony Papillion
Lead Developer / Owner
Get real about your software/web development and IT Services
(918) 919-4624

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Syncing secring for mobile users

2010-10-28 Thread Anthony Papillion 


On 10/28/2010 09:14 AM, Thomas Lecavelier wrote:
 Hi,
 
 I tried many times to use GPG on a day-to-day basis. It often starts very 
 well: I sign every mail I sent, evangelis people asking about my strange 
 signatures, etc. But there's a fact: I'm a computer scientist worker, so I 
 work on many computers, but not at the same rate.
 Currently, I'm at work, setting up my iMac. So I download an exported secring 
 from one of my personnal server. But I compare it to my keyring on my laptop, 
 and even on my phone: they *all* diverge. I'm owned.
 
 Here my true question: what's your workflow to sync your keyring between 
 multiple computers? I thought about having a ring for personnal usage, and a 
 ring for pro usage, but I'm consulting both my personnal and private email on 
 every computers. I can't think about a simple solution, so I'd be glad to 
 have your thoughts about it :)

Hi Thomas,

What about storing your entire secring on a removable drive and simply
pointing gpg to that drive when you need to. If you're using more than
one computer I would assume there might be some times when others have
access to that machine so maybe storing your private key on a machine
might not be the best practice. A removable drive might be the answer
for you.

To answer your question, I've not gotten my workflow quite down yet
either. It's been about 10 years since I last had to use encryption
technology and even then it was on a single, secure, machine that I had
near total control over and there were protocols in place for accessing
it. So I'm coming at this, essentially, as a new user.

Right now, once a day, I export my entire secring to a thumb drive and
then import it to my other computers. This seems to have worked for the
most part, though there have been a few glitches. I'm still in the
market for something better but that is what works for me at the moment.

Anthony

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about keyservers on Windows

2010-10-20 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Everyone,

I'm a new member of the list but I've been using GPG for a bit now on
Linux.  I recently installed it on my Windows machine and needed to
revoke a compromised key. When I tried to send the information to the
keyserver, I got the following error:

Sending of keys failed
gpg: sending key 0078B6E4 to hkp server pool.sks-keyservers.net
gpg: system error while calling external program: No such file or directory
gpg: WARNING: unable to remove tempfile (out)
`C:\DOCUME~1\Anthony\LOCALS~1\Temp
\gpg-A57D4D\tempout.txt': No such file or directory
gpg: no handler for keyserver scheme `hkp'
gpg: keyserver send failed: keyserver error

I am using the latest version of GPG (downloaded from the site) and I
KNOW this works on Linux.

Can anyone help?

Thanks!
Anthony Papillion
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)

iQIVAwUBTL8otoeUq9QAeLbkAQKPng/7BuQBLsZtTjsOqVjMC06u+J+Ya0arIfKP
9V+V5CtaPeUdxic7tDd84lqq1iZbG5VvHQp0RPcOgymXehqQfui6ox6656i2cD+f
eFyTCNwisWw71nNjuDVALmlF037SiJHgVyKcRUot3E5VFE2IXjnuAp7F3q66F3Rd
RJSHiW8i9eZTf/WRxVDffVdVsKLiSmOCnlainIx4iWva0jazgK+JmL3iP6MHtIfg
iOaZvtnkwbjkI5utye7Eymz3mraMpVTqn+giTWbD0OCNgN54obOYmR0yW2GZpPU2
aahIqHKJRo4tmpEyOIyvfhMwEFlc9x99sxllq1GZ0X96HuY9nTBJWTVhGxC3JGRm
I4INmqWTXRRkU1G2T7gWzlhnVJYGjsjvP7TAfmZrnsm3ZV8sPwyxapDwBddm+1TT
+8hrP0SpPtGJJ/Wa5Y8QxsFHJbleV0Z6JniH9ynIMLTRa6KUQbSIfdhsawiCxN3i
4t9faE6o6ohf9B+m7xp69R2ZDKWdrvFmTpadDxhSDNp9FtGB+uKEXr6tBDU7bb+0
GsUlWeNyzUV2XJ0Nfg8DhUq652nLn8D5QBYm1fn4IGIInyIZznN1lYetNYJGK9Go
XsHYZKBWX6nPZfWqN9qgdMOhSDKFuZTNww3BV+fZ4yL5bkeiqFBnthk7I3ahZEF3
gMFVQxp9DNE=
=+kKD
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question about keyservers on Windows

2010-10-20 Thread Anthony Papillion 
I'm running Windows XP Professional with SP3.

On 10/20/10, Faramir faramir...@gmail.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 El 20-10-2010 14:36, Anthony Papillion escribió:
 Hello Everyone,

 I'm a new member of the list but I've been using GPG for a bit now on
 Linux.  I recently installed it on my Windows machine and needed to
 revoke a compromised key. When I tried to send the information to the
 keyserver, I got the following error:

 Sending of keys failed
 gpg: sending key 0078B6E4 to hkp server pool.sks-keyservers.net
 gpg: system error while calling external program: No such file or
 directory
 gpg: WARNING: unable to remove tempfile (out)
 `C:\DOCUME~1\Anthony\LOCALS~1\Temp
 \gpg-A57D4D\tempout.txt': No such file or directory
 gpg: no handler for keyserver scheme `hkp'
 gpg: keyserver send failed: keyserver error

 I am using the latest version of GPG (downloaded from the site) and I
 KNOW this works on Linux.

   What version of Windows are you using?

   Best Regards
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iQEcBAEBCAAGBQJMv0tuAAoJEMV4f6PvczxAswsH/Ap7L4LnKBf9VnPXprtH6iBN
 eZvjIhl1CYfPTpyrTeWE5RW5qaLbPPCPkHYb/WzwGa4tTIPGBWb2JlIXjZrIvoE0
 DFiwvHjd2DKx25PMMJaUyV2dN3e4pGow2jbeGwmz7fShaSEjOeqUwaqLXa/+SR3V
 xcrtw61whfvLH5hSkuc9qOmCxQvwGQ9Mbwnrq9fgQ0NYMxF1BJBN9wanmTTaoHeB
 i5BgO5pRy2RN8pcNSiQE/F0HHTzVyCHuuVbWOIJNljUexqviozYY4skl6ts931kC
 vk6fu8JpLQot38HN8PNdAISj24ol77aAXN5m2y2KXGnRS4BkXYCvWJibV/aeTpM=
 =Ugrz
 -END PGP SIGNATURE-

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users


-- 
Sent from my mobile device

Anthony Papillion
Lead Developer / Owner
Advanced Data Concepts - Enabling work anywhere
(918) 919-4624

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users