Re: Safe decryption with GnuPG?
On Wed, Feb 13, 2008 at 11:41:53AM +0100, Krzysztof Żelechowski wrote: Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze: Hello, On 200802010958, Krzysztof Żelechowski wrote: 1. The decrypted information must not make it to any persistent medium Use full-disk encryption, as has been stated before. That way, you can be confident that nothing leaks into unencrypted places, since such do not exist in the running system. Full disk encryption makes the system unnecessarily slow, especially if applied to swap space. I am seeking an intermediate solution for desktop computers where the amount of confidential data is small. The system as a whole should not be affected (unless, of course, it is a dedicated device, but that is another story). I am under an stron impression that you want the system secure, without defining a coherent threat model. All the world's encryption and RAM-keeping won't protect you against TEMPEST. Sit back, define your threat: spooks? trojans? identity thieves? snoopy spouse? laptop thieves? You can't be secure against all possible threat. Decide which one you choose and concentrate on defending against this particular thread. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How true can this be?
On Sun, Jan 27, 2008 at 04:23:06PM -0500, John W. Moore III wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - Original Message Subject: Re: How true can this be? From: Janusz A. Urbanowicz [EMAIL PROTECTED] To: Raygene [EMAIL PROTECTED] Cc: gnupg-users@gnupg.org Date: Sunday, January 27, 2008 1:39:04 PM if a), then b) would land him in jail, quickly More likely a fatal traffic accident or victim of a street mugging with similar outcome. People communicate in and from Jails. Blabbering about classified stuff is a breach of security procedures and NDA-s, that leads to administrative action, prosecution and usually jail sentence (or a hefty fine). The approach you mention would be probably used on someone who would like to play the game (as in sell the info to another country), not for some random blabberer. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How true can this be?
On Sat, Jan 26, 2008 at 01:15:23PM -0800, Raygene wrote: While discussing GnuPG on MacNN forum, someone posted the following message: Tonight I met this guy who works for an internet security company. they help governments/law agencies, what he told me is so depressing. apparently, big brother has the decryption keys for most internet algorithms, they basically can record the information and decrypt it in %95 of the cases... I am no security/privacy expert, but its shocking to know that. The guy did not want to speak much, but he said that mac is the most secure platform from all operating systems?. does anyone know more about this? Does this hold water or was that so-called security expert full of it? both yes and no spooks don't need to break your ciphers to get your encrypted stuff, the simplest technical measure is to inject a trojan into your system that will siphon off what's needed, then there is traffic analysis, TEMPEST, etc etc BTW: I really doubt that if there is a classified shortcut to solve RSA, a random guy from a random security firm would a) know it (COMSEC/INFOSEC is usually classified TOP SECRET as it is conidered of vital importance to state security), and b) he would blabber about it to anyone who would care to listen if a), then b) would land him in jail, quickly Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Printing Keys and using OCR (was: Proofreadable base64)
On Fri, Sep 21, 2007 at 01:48:02PM +0700, Brian Smith wrote: Peter Palfrader wrote: Nice idea. When trying to find decent backup methods for my new Tor identity key I cam accross this thread. I played all day with ocr and friends. In the course I wrote a small script that does what you suggest. I tried to keep it small enough to print it along with whatever data you have - I clearly failed there. But other than that it works nicely. That didn't work out so well at first - gocr had real trouble distinguishing zeroes and the letter D like Delta. Why not use a 2D barcode like a QR code? A QR code will hold most typical keys, is easy for machines to read, is small, and has redundancy features that allow it to work even if you hole-punch or black out part of the code. See http://www.denso-wave.com/qrcode/aboutqr-e.html There is no Free Software to create or read QR code, and it is patented: http://www.denso-wave.com/qrcode/qrstandard-e.html Otherwise it is an excellent data format. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about generating keys
On Thu, Aug 23, 2007 at 12:40:02PM +0300, Oskar L. wrote: Robert J. Hansen wrote: In the battle between armor and warhead, _always_ bet on the warhead. Playing defensively and trying to make an email address invisible is going to be an exercise in frustration. They always get seen. They always get spammed. Play defensively and you lose. Well if you need to have an e-mail address available to the general public then this is certainly true. Spammers have even been known to hire cheap labor to surf the web looking for e-mail addresses and filling in spam in forms, so even hiding your address in a blurred upside-down JPEG won't help. [] I'll tell you something. I have three public email addresses that I use almost exclusively, and one doubles as my Jabber ID, and I never used obsfuctaion or protection: all they do is irritate users and decrease chance that someone who should be able to contact me, can't. Yet, I receive much less spam to my mbox than for example to comments on my blog. Why? I use some not very complicated precautions. Actually, as I said before one of two spams slip in a month, sometimes one more, sometimes none at all. All those things that you describe involve lot of effort on your and your correspondent's side, and are weak - if someone who has your address gets a trojan, your address leaks out. If someone accidentally puts server log files on the net, your address leaks out, when someone writes to your wrong address (like sending private reply to email address) the communication won't work. What are you tring to do, is like full time wearing full biosafety hazmat suit with closed air circulation just to avoid getting common cold. It won't work this way or another, the air will run out at some point or the suit will wear and tear where and when you are not looking. And you are a big inconvenience to your peers. What I'm saying is that this approach is stupid, and wasteful of time and resources. It seems secure, gives this warm and fuzzy feeling, but it isn't. It is like taking your shoes in the airport, but what if someone smuggles some C4 in a buttplug and blows it with electronics of his ipod? If you have security unaware friends who type in your address on send your friend an ecard type of sites, or have you in their address book on their Windows box full with spyware, then the spammers will get your address, no matter what you do. All people are security unconscious and some point.s But if you don't need a public address, and only have security conscious friends, then I would think you have a good change of staying of the spammers lists. And what if I haven't such friends? Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits if you're so inclined--those are all active measures which force the spammers to adapt to your actions. That gives you a measure of initiative back. You're no longer playing pure defensive. Those are all good things, but just because we have them does not mean that it's not a good idea to try to stay of the spammers list in the first place. Personally I'd like to see more aggressive anti-spam measures, like the ones taken by Blue Frog. It is not good idea, because you can't in the same way you can't quit address lists of influenza viruses and meteorite strikes. User IDs do not provide any authentication, so security wise they are useless. The most secure thing would be not to have one at all, and have my friends remember that key number belongs to me. This way, if heh you are expecting big things of people and if someone offers them chocolate[1] to give out your secret number? [1] research shows that people are willing to give out actual passwords in exchange for chocolate my friends get raided, it will be more difficult or impossible for the police to figure out that it's my key. But since this is very inconvenient, I decided to sacrifice a little security for convenience, by putting my first name in the user ID. I don't provide an e-mail address mainly because it's easier to change my e-mail address if I don't have to update my key, but this undeniably also makes things a little harder for spammers, since it's one less place they can find my e-mail address. It might also help in a deniability claim. I don't however think that it's too much to ask that people remember witch e-mail address goes with witch key. if you do things that can get you raided by police, that changes the threat model but on the other hand, surveillance usually means communication intercepts so the interceptors will know that communciations encrypted with this particular key and id go to you Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about generating keys
On Wed, Aug 22, 2007 at 01:06:18PM +0300, Oskar L. wrote: I'm about to generate a new keypair, and got a few questions. I have many e-mail addresses and change them frequently, and therefore I don't want to have one in my public key. (Also because I'm afraid of getting spam.) I think this would be easier than having to update a lot of user IDs. Are there any any drawbacks in not having an e-mail address in the public key? Are there any widely used applications that will expect one, and not work if none is found? Yes, common sense. if you submit your key to a keyserver, there should be some way to distinguish your key from hundreds of other having the same short name, when searching for a key. Sidenote: you are getting spammed anyway, it is better to invest in filtering infrastructure (greylisting, spamassassin, bogofilter), than play whack-a-mole with spammers, with you being the mole. Is there any way to manually set the time that will be used for the creation time? Or do I have to change the system time if I don't want to use the current time? I'm a bit of a perfectionist, and think 00:00:00 looks much better than something like 01:42:57. It looks unnatural and doctored. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about generating keys
On Wed, Aug 22, 2007 at 03:34:50PM -0500, John Clizbe wrote: Alex wrote: Yes, common sense. if you submit your key to a keyserver, there should be some way to distinguish your key from hundreds of other having the same short name, when searching for a key. Sorry, I forgot to say that I don't use any keyservers. Only my friends can get my private e-mail address and private public key. Relying on the 'highly effective Security via Obscurity model, huh? There's no guarantee that your key won't end up on a keyserver nor is there one that your private email address won't leak into the public, There were people that submitted their whole keyrings to keyservers. And yesterday I got spammed to address that I created for one-time use for one person, and never gave publicly nor to anyone else. a -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP and usability
On Wed, Aug 08, 2007 at 10:51:15AM +0200, Werner Koch wrote: In this regard Thunderbird is no better than Outlook! At least Thunderbird openly invites plugins and Enigmail is a good one. A. -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA 1024 ridiculous
On Sun, Jun 17, 2007 at 01:02:58PM -0500, Andrew Berg wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Atom Smasher wrote: gpg does support RSA-2048/SHA-256 (or even RSA-4096/SHA-512) which is what i've been using for a while now. i'll sign this email with RSA-2048/SHA-256 (my default on this key) just to show what it looks like. it's a big signature block, but not ridiculous and on a reasonably powerful computer it's hardly a noticeable delay to work with such keys. Try signing/encrypting files that are tens, hundreds, or thousands of megabytes in size. Sure, your average machine can sign/encrypt messages that don't even fill a cluster without breaking a sweat, but if the sensitive data is large, RSA-4096 isn't a good choice unless a gov't agency wants that data. Erm... when you use OpenPGP, or really any other modern crypto protocol, you don't put actual plaintext through RSA, RSA operates only on a hash or random session key for symmetric cipher.y =alx -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG for a small company -- Questions before I start
On Wed, May 16, 2007 at 08:08:02PM +0800, Jim Berland wrote: Hello everybody, I am going to try to set up GPG for our small company (about 15 people) and would like to ask you guys for some help. Following I will write down my thoughts on this, that I had so far. Comments would be highly appreciated since I do not want to start this before I don't feel confident and have a complete plan. First, you should elaborate what is the purpose of the exercise. The business goal. There is no point of deploying crypto policy in an organization just for the sake of it, because people will see this as a unnecessary and pointless exercise. To have an internal Web-of-Trust there should be a main key (for the company itself) signing the employee's keys and collecting their signatures. When I did similar things the setup was as follows: * there is one well-guarded organization key (org key) * every person involved has a key signed by the org key * people keys have designated-revoker set to org key * all OpenPGP software installation have: ** mandatory encrypt-to org key ** ultimate trust for the org key If you don't want people to sign keys, issue them encryption-only keypairs. But this is quite generic setup and we could help you more if we knew what you're trying to accomplish. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra key best solution for very insecure locations?
On Mon, May 07, 2007 at 04:27:55PM +0800, Jim Berland wrote: Hello everybody, I'm trying to find the best solution for using GPG on a USB drive while travelling. I read the FAQ about subkeys which suggests to only use subkeys on insecure computers. As far as I understand this, though, anybody who got hold of my private subkeys would still be able to read all my previous mails. The document was obviously written with workplace computers and such in mind, rather than heavily infected Windows PCs in internet cafes. I suggest abandoning carrying the key, and taking a good look at hushmail.com. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Quantum computing
On Fri, Apr 20, 2007 at 01:57:46PM +0200, Anders Breindahl wrote: Saying that ``there is no such thing'' seems harsh and as if you ignore reality. The European Union put its hopes up for implementing a ``quantum cryptography'' network of communications. That sort of makes the term real in itself. This is because they are a governement and gov't usually wants to have super secure comm network for gov't super secret communication. However, quantum cryptography does have that nice inherent benefit, that it _can't_ be eavesdropped, according to said article. That is, after authenticity has been established and the line has been paid for: It can be eavesdropped, but it is impossible to intercept information that way and the eavesdropping is detectable. Or rather should be: eavesdropping on QC link is detectable if by rule single photons are used as transmission units. This is because there's no way to intercept a photon and reinject it without destroying its quantum state. However, in commercial installations pulses (batches of photons) are used, so its perfectly possible to intercept a piece of the pulse. My quantum-fu is too weak to really know if this makes the eavesdropping undetectable, but the intuition says that yes. I suppose that this is the feature that got the European Union's attention. EU is know for sinking money in very bizarre projects. But the attractive part of focusing on the mathematical aspects are that -- if provable -- it could give some guarantee ( reassurance) of the unbreakability of the ciphers out there. You may not be interested in that, but I am. I too however neither will end up a mathematician whose life is focused on solving some single problem. But I would be interested in the result. I could pick the cipher that provably could withstand any battering thinkable over the cipher that perhaps couldn't. But the point is that the ciphers live in the real world and in the real world it is much easier to do HUMINT (like ale and whores mentioned before, or rubberhose cryptanalysis) instead of trying to break the mathematically unbreakable. Be it provably unbreakable or not. OpenPGP and GPG is about making the idea-based mathematic apparatus suited to survive in the real world. If you want to see what it takes, find a movie called In ascolto or The Listening (it was shot in Italy by Italians, and was released both in Italian and English), it is a somewhat loose on technical side, but shows the difference between mathematical/theoretical and real life security. P2P file details on (encrypted) request. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity
On Thu, Feb 22, 2007 at 09:23:00AM +0100, Werner Koch wrote: On Tue, 20 Feb 2007 18:02, [EMAIL PROTECTED] said: If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. A real world system needs to know the key for decryption and not fall back to a time consuming mode of trial decryption with all available secret keys. Some people are using dozens or even hundreds of secret keys; in particular if you are using several pseudonyms or key rotating. OpenPGP is not designed to thwart traffic analysis. It has merely some provisions to help such a system And the modern anti-terrorist research and operational practice shows, that you dont need to know actual meessage to do law-enforcement-level-meaningful traffic analysis. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote: On 2/19/07, Adam Funk [EMAIL PROTECTED] wrote: Is there any reason to physically secure your *public* keyring in ... (Well, I suppose you might want to hide your secret identity!) Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder (and, by extension, that traffic analysis - as opposed to the secret content analysis - is not something to be concerned with). That statement is definitely not true. * PGP was the first cryptosystem to hide sender's ID (when signing+encrypting), compare PEM to see the difference; * one can issue himself a key pair with pseudonym User ID the same way as with RL identity and use it normally; * without having recipient pubkey it is impossible to determine the recipient of the message (assuming the subkey ID is not widely known) * it is possible to hide recipient's completely ID by using --throw-keyid Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Local file encryption
On Mon, Feb 19, 2007 at 09:21:56AM -0500, [EMAIL PROTECTED] wrote: I have been using gpg to encrypt/decrypt files on my computer for my eyes only. I have been using my public/private keypair on my keyring to do so. I just discovered that I can use encrypt/decrypt local files using a symmetric cipher--i.e., you enter one secret passphrase to encrypt and then enter the same secret passphrase to decrypt. Since my encryption is only for files for myself, do you think using a symmetric cipher would be a better idea, or doesn't it matter?Or is choice of a passphrase a bigger issue than the type of cipher -- symmetric vs. public/private keypair ? It doesnt matter, in both cases the files are symmetrically encrypted, only keying method changes. I prefer to use pubkey encryption anyway, , one passphrase less to remember. -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sending Public Key
On Sat, Feb 10, 2007 at 02:13:42PM -0700, jason heddings wrote: I'm making use of libgcrypt for a specific encryption application. I'm assuming that the following is secure: - Use libgcrypt to create a keypair - Save the S-exp to an internal, protected keystore - Base64 encode the public-key portion of the S-exp - Broadcast the base64-encoded key to associated clients - Use the broadcasted public-key to encrypt data - Send encrypted data back to a server containing the keystore - Only server can decrypt encrypted data using private keys Can someone please correct me if I am wrong? Is there a problem with this approach, or perhaps a better one? Without a detailed specification of the protocol it is almost impossible, but for starters, do not encrypt actual non-random data with a pubkey. It is always bad idea to roll your own crypto protocol, use SSL/TLS or OpenPGP or CMS, or XML cryptography if possible. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
On Thu, Feb 08, 2007 at 05:32:30PM +0100, B??r Kessels wrote: Hello, Op donderdag 8 februari 2007 15:36, schreef Joseph Oreste Bruni: You might want to check out Domain Keys which is used to authenticate email sessions between MTA's. Also, peer-to-peer authentication can be accomplished via X.509 certificates and SSL. Ye, I am aware of the X.509 to authenticate servers. Also I know my way around in the SSL stuff. This, however, is a different thing then what I want to achieve. I am not so much interested in secure connections, nor in authentication, between peers. What I want, is a way to say 'look, I am Foo.com, and I trust Bar.com ultimately. Since you trust me, you can trust Bar.com too'. That way one can allow sign-ins from other trusted sites, trackbacs etc. Thanks for the feedback, though. Check out OpenID, although it is not cryptography based (AFAIK). Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP Card implementation
On Fri, Nov 17, 2006 at 02:17:50AM +0100, Johan Wevers wrote: Janusz A. Urbanowicz wrote: Do you mean that if I did get some VC funding for design of open crypto smartcard targeted for OpenPGP use and then published it (as a part of the business plan) I would get sued? Then publish it anonymously. Most TV card hack software is also published anonymously, and programs like dvdshrink (too bad it doesn't come with sourcecode) and FairUse4WM too. No author known means noone to sue. In the theoretical scenario I presented this is unfeasible. For exactly what? Companies don't need a valid legal reason to do that as long as they think you can't afford the lawsuit for long. The scientology method to use the legal system to sue someone into bancrupcy as default strategy is something that almost all companies use against individuals. I know all that, but I hoped to learn what exactsly would likely be named the lawsuit in this case. But this is getting more and more OT. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple recipients
On Fri, Aug 18, 2006 at 03:09:43PM -0500, Brian Rosenvinge wrote: We have decided to decrypt using a special user and re-encrypt the file to multiple users. Our concern is that unless we want to do this manually it has to be scripted and that will require the special user's passphrase to live in the script or on a server in plaintext. No one in IS wants to add this to their daily responsibilities and we really should not have access to the data anyway as it is meant for our finance department. put the special key on a smartcard with no passphrase, only the physical avaliability of the sc will descrypt the data, and the key will be unstealable electronically a ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Don't store your key on a flash drive! [was Re: GnuPG (GPG) Problem]
On Sun, Aug 20, 2006 at 09:18:13AM -0500, Robert J. Hansen wrote: Ismael Valladolid Torres wrote: A smartcard is very convenient as far as it's a multi application device, so you can store much other info apart from GnuPG keys, i.e. Mozilla passwords or such. ... I'm sorry, I'm scratching my head over here trying to figure out how a flash drive doesn't also share these properties. In fact, given the limited space available on a smartcard, the limited application support for them, etc., it seems flash drives are the clear winner in this context. You can't read a private key from the smartcard, but you can read it from the flashdrive. SC is a crypto processor + storage, flashdrive only storage. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the file was successfully encrypted...
On Wed, Jul 12, 2006 at 10:59:52AM -0600, Benny Helms wrote: On Wed, 2006-07-12 at 12:25 +0200, Janusz A. Urbanowicz wrote: On Tue, Jul 11, 2006 at 01:38:23PM -0600, Benny Helms wrote: snip What is your actual threat model here? The simplest answer is to check gpg's rc after the encryption run. Before deleting original file, I must make certain encrypted version is in good shape so I can open it at a later date and obtain data. If it is broken, I'm in deep monkey muffins. That's the threat model. Can you please explain what you mean by check the gpg's rc after the encryption run? I'm unfamilar with the meaning of rc in this case. return code every unix code returns an numerical code which by convention means the state of operation just done, 0 - success. I find your explanation of the threat model not very consistent. You don't trust gpg, but you trust the filesystem code, network transfers or storage media. It is possible to any element of the chain fail and corrupt your precious files. If they're so important as you state, you should invest in some decent hardware like RAID-s and backups and disaster recovery planning, and site physical security policy and procedures. And irreliability of gpg is your least problem. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the file was successfully encrypted...
On Tue, Jul 11, 2006 at 01:38:23PM -0600, Benny Helms wrote: Hi folks. I've read the man page. I've read the FAQ's. I'm not seeing what I'm looking for. Using something like zip, you can use a -T to test the integrity of the file. Note: this is not testing that nobody has altered it, or that it came from a specific user; it is only testing whether it is a good gpg file and whether it can be decrypted. All I can find in gpg is a way to verify the integrity vs. a signature file. I'm looking for a way to gpg encrypt a file, test that the encryption was good and that the file can be extracted, and then to delete the original file. What is your actual threat model here? The simplest answer is to check gpg's rc after the encryption run. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key
On Thu, Jun 01, 2006 at 11:33:14AM -0400, [EMAIL PROTECTED] wrote: Todd Zullinger tmz at pobox.com wrote on Thu Jun 1 11:46:48 CEST 2006 : While I prefer gnupg to pgp myself, I did just happen to see a reference to pgp command line today the cost is *astronomical* have played around with it when it was released as a free command line pgp 8.5 beta has a few features unique to pgp, which may or may not be of interest to the customers: - ADK's This may be somewhat emulated with GPG (mandated encrypt-to) - split-key / shared-key capablilty (this happens to be nice and useful any chance for a 'feature request' :-) ? ) I once thought of implementing this over gpg -- but it is notrivial to do it right and really it is a specialized application somewhat requiring a dedicated machine trusted by all the untrusting parties, to operate. A;ex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key.
On Wed, May 31, 2006 at 01:59:37PM +0100, David Gray wrote: Will suggest to the customer that we use signed encrypted transmissions. The only Issue we then have is that they wish to be custodians of the private key, There is no need for them, from the cryptography point of view. Using public-key crypto they can send you encrypted stuff and you can send them encrypted stuff and the second party can decrypt what they are sent without knowing the sender's secret key - thats what pubkey crypto is for. If they want to be sure that they can decrypt everything, the encrypted data should be encrypted to both recipients' pubkeys (thats perfectly possible using GPG/PGP). they are Looking into commerical methods for secure key distribution. direct them to commercial solutions for quantum cryptography :- The other issue is the IT manager at the customer site is wary of Gnu software and is Going to look at commerical offering, PGP I assume. Apart from the lack Of cost are there any other good reason I can give for using GPG? gpg integrates better with autimation and I really doubt that there is current, supported PGP for anything else than windows and mac. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Rijndael usage
On Wed, May 10, 2006 at 09:09:03AM +0100, David Gray wrote: Hi David, Thanks for the info, even if it's not what I wanted to hear. :-) What do you mean by raw Rijndael? raw binary algorithm data not enveloped with any metadata (file format) From the code it is either raw binary data or some kind of Windows stream. Someone may try to recreate it on Unix using gcrypt or mcrypt libraries, but much simpler and more secure it woll be to make them use some application like gnupg, which could be scripted in place of the code you supplied. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading from 1.2.1 to 1.4.4
On Wed, May 10, 2006 at 09:56:16PM +0200, Johan Wevers wrote: David Shaw wrote: There should be no special steps to take. Aside from the obvious steps of making a backup and testing that your environment still does what you want it to do, you can just install 1.4.3 on top of 1.2.1. The OP doesn't state what system he uses, but on Linux I have a synlink /usr/local/lib/gnupg which currently points to /usr/local/lib/gnupg-143. If you set it up like this you canjust rename the directory where 1.2.1 resides, and chenging back is just renaming one symlink. An organized way to dit is to use GNU stow. You configure compile gpg as usual, then (assuming you have stow installed and old gnupg-X.Y was also stow'ed) do make prefix=/usr/local/stow/gnupg-X.Z install and cd /usr/local/stow stow -D gnupg-X.Y stow gnupg-X.Z all is seamlessly switched in /usr/local bin and lib alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is there any GnuPG version which works with Windows Mobile 5.0?
On Tue, Mar 28, 2006 at 02:09:36PM -0500, John W. Moore III wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Remco Post wrote: since the xscale cpu found in most wm 5.0 devices is in no way compatible with an ia32 (eg pentium) cpu, this is nonsense. There is some effort on gnupg on wince/wm, but it is nowhere near production ready... more like alpha software. Google is your friend My 'gut feeling' is that there will be no significant progress toward integration of GnuPG into PDA's Smart Phones until there is a Model offered with a Linux O/S. Last I heard, Palm was seriously talking about this. Since then they appear to have jumped into bed with Redmond. (M$) If you need OpenPGP for mobile, Mobile PGP is execllent. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypted mail and gmail / remote
On Wed, Mar 22, 2006 at 05:43:03PM -0800, D_C wrote: hello group - apologies for the newbie questions. i am wondering if there are any webmail services that can decrypt email, if i somehow inform of my PGP key? also, i am travelling without knowing my pgp key. is this somehow centrally registered, in a way that i can download the key, and use a command line app to decrypt messages sent to me? i guess only the public key is available on the public key registries (if it works that way). From the description, hushmail.com is right tool for you. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Necessity of GPG when using SSL
On Fri, Feb 24, 2006 at 06:06:17AM -0500, Henry Hertz Hobbit wrote: Benjamin Esham [EMAIL PROTECTED] wrote: On Feb 22, 2006, at 6:22 AM, Janusz A. Urbanowicz wrote: And there is really no point in ecryptiong the whole access since the contents, the emails usually travel the rest of the net unencrypted. But wouldn't it be much easier for an attacker to intercept all of your e-mail by listening in on an unencrypted webmail session than by trying to intercept each e-mail individually somewhere else? I think there certainly is a benefit to having SSL-encrypted webmail for exactly that reason: less determined attackers will not have access to the plaintext of the messages. (Although granted, it would be kind of foolish to depend upon SSL webmail if the messages are sent in plain text.) Last then first. Generally, it is very difficult to intercept email en-transit. No, it is not. You only need to get a intercept warrant against the uplink provider. How do you say this packet from WAN IP address 92.23.4.107 is Bob's and not Bill's when up to 100 people share that WAN IP address? There are commercial products to do so. It costs money, but most of the telcos have deployed them to comply with law regulations. Where your email is most easily compromised is on the mail server. There it sits until you start to pull it down. SSL isn't even a factor. All SSL does is secure the transmission, not the data at the end points. So? In fact, a hacker can pull down your email using SSL to cover their tracks - and that is usually exactly what they do. It is usually pretty easily done too, since ALL of the messages are usually in just one file. They just have to suck down that one file and now they have ALL of your messages. Now, if the email on the server is in plain-text, how secure is that? On the other hand, if it is encrypted with some OpenPGP package like GnuPG with strong encryption, how secure is that? Pretty darn secure. Against what? Put the recipient in the Guantanamo or equivalent and s/he will divulge all his passwords. And it is all legal. We have a war going, after all. So, I repeat - SSL is not good enough unless all of your messages don't convey financial information or anything else important. 95% of the web commerce doesn't agree with that statement (the other 5% doesnt use crypto at all). If they are important, use GnuPG or other strong end-point encryption and the only thing you have to watch for now are those pesky key loggers. But even then if they get your passphrase, they still need your keyring, but if they have a keylogger working for them, then they probably have all your GnuPG DB files. Again, you haven't defined the attacker, the threat model, or anything, you just put some out of context statements to support your four legs good two legs bad slogan. It is impossible to answer the question asked in the subject of the thread without defining the type of threat and the resources of the attacker you want to protect against. This was not done even in the form will my email be secure against the big evil governement? or will my email be secure agains my brother's snooping?, so the question of SSL/OpenPGP cannot be answered. A. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Necessity of GPG when using SSL
On Wed, Feb 22, 2006 at 10:38:19AM -0500, Benjamin Esham wrote: On Feb 22, 2006, at 6:22 AM, Janusz A. Urbanowicz wrote: And there is really no point in ecryptiong the whole access since the contents, the emails usually travel the rest of the net unencrypted. But wouldn't it be much easier for an attacker to intercept all of your e-mail by listening in on an unencrypted webmail session than by trying to intercept each e-mail individually somewhere else? I think there certainly is a benefit to having SSL-encrypted webmail for exactly that reason: less determined attackers will not have access to the plaintext of the messages. (Although granted, it would be kind of foolish to depend upon SSL webmail if the messages are sent in plain text.) Answering this question is impossible without actually describing the attacker's powers (defining a formal threat model). Clarify your question and ask again, now the answer is: Mu. A. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Necessity of GPG when using SSL
On Tue, Feb 21, 2006 at 07:52:26AM -0500, Henry Hertz Hobbit wrote: Johan Wevers wrote: Henry Hertz Hobbit wrote: Usually, if you are using a web interface to access your email, only the initial authentication is done via SSL. After that if your URL address shifts to using an http://; rather than the https://; you made your initial connection with means that your communication just shifted from SSL (weak encryption) to NO encryption. That is the norm. Strange, I've never seen that happen. All webmail from Dutch providers that I've accessed (my own and some for people with problems where I accessed the mail to dump mails with large attachments that took too long to download) were https all the way. Thanks for the information. The reason I said what I said is because Netscape, Yahoo, gmail (the email account the original person was posting from) almost all do a shift from https:// to http:// after the connection is made. The only ones I have seen that continue using the SSL are small ISPs and only one of the local universities here. But then I have only seen three of the universities, and actually even the one that was using SSL all the time shifted after I showed an acquaintance how to make the connection that way and he spread the information to everybody he knew who spread it to Once that was done, even that school shifted to doing it with SSL for connection only. I realize that SSL doesn't have the overhead of more powerful encryption like that provided by OpenPGP, but it is still enough of an overhead that once the load of SSL all the time becomes noticeable to the ISP (or whoever), they feel that the authentication alone should be using SSL and they make the shift to using plain the rest of the time. In other words, consider yourself lucky IF you are getting SSL all the time if you need it all the time. On the other hand if you don't need SSL all the time there MAY be the possibility those long download times are partly being caused by the overhead of SSL encryption taking place on the server. [] SSL/TLS is not ,,much more powerful'' encryption, it is a connection level encryption. As for service providers using SSL to protect only the most sensitive data - computationally SSL on multiple connections is ,,heavy'' and supporting it continuously is expensive (specialized ,,SSL Accelerators'' cost tens of thousands of dollars). And there is really no point in ecryptiong the whole access since the contents, the emails usually travel the rest of the net unencrypted. Alex signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remote signing?
On Sun, Feb 19, 2006 at 06:07:56AM +0100, Matthias Urlichs wrote: Hello, I need to sign files remotely. They're moderately large, so transmitting them back to my firewalled-off laptop (I'm usually behind a slow line), where the secret key lives, isn't a good idea. create (and rotate frequently) a signing subkey and export it where the files live sign there a ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Necessity of GPG when using SSL
On Tue, Feb 14, 2006 at 10:34:38PM +0100, Jim Berland wrote: Hi everybody, I understand the use of GPG end-to-end-encryption and use it with a few of my contacts. What I want to make sure is the following. I am going to move to China for some time. My email ISP is located outside China and I connect to it via SSL. So if I am only concerned about the Chinese (whatever the reason; maybe my doubts are unreasonable?) and not about the complete end-to-end-encryption of GPG, the SSL encryption alone will do the job. Is that correct? You haven't specified your threat model precisely enough, for the vague one you presented the answer is both yes and no. SSL webmail and GPG protect against different things. Yes - because SSL webmail access is good enough to prevent the operators of great chinese firewall of snooping into what do you do on your mailbox. No - because SSL protects only against eavesdropping of mailbox access. It doesn't protect your email in transit from server to server (unless all the servers in the way support SMTP/TLS and you trust the operators of the servers). For example, if you write from your SSL webmail to someone in .cn, the contentrs of the mail can be observed by the operatros of said firewall. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
On Sat, Feb 04, 2006 at 12:13:45AM -0500, Atom Smasher wrote: On Sat, 4 Feb 2006, enediel gonzalez wrote: ?php === why are you using php for a cron job? many people deploy PHP cron scripts because thats the only language they know (which is probably the case) on one of such occassions I've been asked if cron jobs are allowed to run longer than 30 seconds (standard Apache subprocess time limit) sigh a. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hard-copy backups
On Thu, Jan 05, 2006 at 02:07:17PM -0500, Atom Smasher wrote: On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote: from my experience, all keys for long-term, _safe storage_ (and after revocation) should be kept with no passphases at all human memory is very volatile and some day you gonna need to decrypt an old email encrypted with the key you revoked in 1993[1], and there's is no way you'll remember the old, long time not used, non-trivial passphrase and then keep the printout in a very safe place? a very well hidden place? very safe, well hidden place? hehe... the problem then isn't remembering the passphrase, but remembering where you put the paper ;) At least this knowledge is not case sensitive. And not national-characters-encoding sensitive too. Keep it with other important papers of your life. And not necessarily printouts only, slowly burned CD kept in good conditions, or some solid state memory storage (like a small and cheap pendrive), can last a few years. -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PK-Encrypt-only
On Wed, Nov 30, 2005 at 08:33:07AM -0700, Kurt Fitzner wrote: I am contemplating a change to my GnuPG Explorer Extension, but I need some background information. I know that encrypting a file without signing it is commonly done with symmetrical encryption. My question is, do people commonly use GnuPG to encrypt a file without signing it using PK-encryption? Personally, I don't think this would be very common at all. I mean, I can come up with conceptual reasons why someone might want to encrypt a file to someone else's key without signing the file, but in practice I would think it would be very rare. I would appreciate knowing if this is something that is commonly done, or if it is very rare. This is routinely done when file is encrypted for storage - instead of using password which might get forgotten and is problematic for shring, file is encrypted with keys of persons that are allowed to decrypt it, then stored. This is done for files like backups, source code archives, etc. Alex -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP Card
On Wed, Sep 07, 2005 at 08:02:56PM +0930, Alphax wrote: Not true. The OpenPGP card specification is a card application and you may put as many other applications on a card as you like and the EEPROM allows to. With 6k (and even less possible) it is actually a pretty small application. 3. Is it possible to have multiple things on a smartcard without them conflicting? This is what Werner above said. An card application is a ,,partition'' on a card that is used for one purpose. I think you can access OpenPGP card from other computer app and use it as any other crypto smartcard, and it won't interfere with OpenPGP stuff on it. Alex PS The whole discussion made me curious; I worked with smartcards extensively few years ago and was grossly disappointed with the stuff from the development side, but times they are a'changin... Where can I purchase a couple of OpenPGP cards and readers suitable for use with Debian? Preferably within the European Union. -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP Card
On Tue, Sep 06, 2005 at 11:48:45PM +0930, Alphax wrote: The application is free to do whatever it wants with these objects, given sufficient authentication to the card (PIN). Technically, there is nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys. I think I might have seen something like that with a Thawte Freemail root certificate or something... it wasn't pretty :( When Thawte signed PGP keys as a part of Web Of Trust program, they used the same key in both OpenPGP and X.509 form. Why you say it wasnt pretty? An actual RSA modulus is well hidden within the stuff so it doesn't really matter. Alex -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP Card
On Wed, Sep 07, 2005 at 01:02:52AM +0930, Alphax wrote: Is it possible to arbitrarily make an OpenPGP key with whatever keypair? There is no software that would do this right now, but assuming this is a actual RSA keypair, yes. Why not? Alex -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --for-your-eyes-only
On Tue, Jun 28, 2005 at 04:58:52AM -0400, Charly Avital wrote: However, GnuPG can call other programs to do other tasks (keyserver access programs, JPEG viewers for photo IDs), so it's not impossible that GnuPG could call an external secure viewer program. I don't know of one offhand though. As far as I can remember the evolution of PGP, I think (but I am not sure) that the concept of a secure viewer is a PGP proprietary function built-in in their software. Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. Unless they patented it (sigh) it can be renginered back to the GPG, like Photo-IDs. -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --for-your-eyes-only
On Wed, Jun 29, 2005 at 04:36:53PM +0200, Werner Koch wrote: On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said: Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. Huh, that's new to me. Both versions are pure command line tools without a graphical part. No way to make use fo filtered fonts. The aim of the secure viewer then was to make difficult to obtain eyes-only message text as a file or a pipe. It checked if output is a live tty, prevented the plaintext ending on the swap and leaving any temp files. It was really difficult to get eyes-only message in plain file form with it in the way (there was no /dev/vcs etc in the days and it needs root anyway). I am not sure what kind of software you collect untder the term of FLOSS; if you mean Free Software, PGP has never been Free Software despite what many people claimed. Software that was distributed under GPL: pgp 2.3 and 2.3a. And pleaase don't let the discussion slip in legalese tetrapiloctomisation. Unless they patented it (sigh) it can be renginered back to the GPG, like Photo-IDs. Photo IDs are a feature of PGP6 and now OpenPGP. My point exactly, excapt that secure viewer needs not to be defined in the protocol RFC. -- mors ab alto 0x46399138 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users