Trust of GPG4Win - Part 1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All Disclamimer: I have no connections with the GnuPG effort other than as a thankful end user. I have a much longer Part 2 of this. After my tongue in cheek statment about the article at Technology Review I came up with what they were citing, no

Re: Why trust gpg4win?

On Jul 26, 2013, at 4:02 PM, "Jan" wrote: Still I wonder whether there are many sources for SHA1 sums of gpg4win, that could be used by a windows user to test the integrity of his download (C't ?). Are the SHA1 sums of gpg4win presented on the download site checked regularly by their aut

Re: Why trust gpg4win?

On 25-07-2013 23:17, atair wrote: > This basically means, that everyone(!) can access, modify and > redistribute the source code of the program (see [2] if you're > interested). There are lots of people (usually volunteers from all > over the wold) who do peer reviews on the sources (and if you st

Re: Why trust gpg4win?

Thanks to everyone for their answers. Thanks for pointing out to me, that MS colaborates with secret services. I searched the web and learned that Outlook.com, Skype and Skydrive are not secure: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data Further, I lear

Re: Answer: Are SHA1 sums on gnupg.org checked regularly?

On 26/07/13 17:31, Jan wrote: > I'm thinking of someone how uses windows and wants to install gnupg for the > first time. How can he/she rely on OpenPGP? By running a Linux Live CD to do the verification. How does he know the CD is genuine? The thing is, somewhere the trust has to start. It's a bo

Re: Using GPG for reading email in VPS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * on the Fri, Jul 26, 2013 at 11:33:54AM +0200, SK wrote: > I am considering uploading my keyring to a VPS I own to read emails in it > using mutt. So far I used to do this in my local desktop/laptop but "cloud" > VPS provides some flexibility that

Answer: Are SHA1 sums on gnupg.org checked regularly?

Thanks for the answers. If an attacker would modify the archive on the gnupg.org server, he would also need to change the independent archives like gmane etc. I pretty sure this will be spotted relatively soon. I did a google search for the subject of your email, in which you announced the n

Re: Why trust gpg4win?

"Mark H. Wood" wrote: > On Fri, Jul 26, 2013 at 12:14:08AM +0200, Julian H. Stacey wrote: > > Hi, Reference: > > > From: atair =20 > > > Date: Thu, 25 Jul 2013 21:17:43 +=20 > >=20 > > atair wrote: > > ... > > Therefore, changes that look like > > back doors are VERY unl

Re: Why trust gpg4win?

On Fri, Jul 26, 2013 at 12:14:08AM +0200, Julian H. Stacey wrote: > Hi, Reference: > > From: atair > > Date: Thu, 25 Jul 2013 21:17:43 + > > atair wrote: > ... > Therefore, changes that look like > back doors are VERY unlikely to find their way in a release, beca

Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?

Am 25.07.2013 07:49, schrieb Christopher J. Walters: > On 7/24/2013 6:06 PM, Robert J. Hansen wrote: >> (My original reply went just to Philipp. My apologies.) > > No apology necessary. > > I also must apologize, as my original reply got sent to Robert J. > Hansen, when it was intended for the l

Re: --batch --gen-key error with "Key-Type: default"

On Fri, 26 Jul 2013 12:12, m...@hethane.se said: > Nevertheless, is there any interest in making gnupg 1.x support the > 'default' algorithm feature? No. In the long run I want to get rid of GnuPG-1. With the loopback pinentry support in GnuPG 2.1 we will be pretty close for a complete replacem

Using GPG for reading email in VPS

Hi, I am considering uploading my keyring to a VPS I own to read emails in it using mutt. So far I used to do this in my local desktop/laptop but "cloud" VPS provides some flexibility that I like. In such a context does anybody have any opinion on the security of the setup? My worry is that by up

Re: --batch --gen-key error with "Key-Type: default"

On 2013-07-25 23:15, Mikael "MMN-o" Nordfeldth wrote: > gpg --homedir="batchtest" --batch --gen-key

Re: GnuPG and Thunderbird

On 26.07.2013, dyola wrote: > I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot > open it. You downloaded the Linux version of gnupg. As far as I know, the "right" site to download gnupg for Windows from is gpg4win.org . ___ Gn

Re: [Announce] [security fix] Libgcrypt 1.5.3 released

Werner: No problems. MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55) Xcode 4.6.3 __outer On 2013-07-25 (206), at 05:53:33, Werner Koch wrote: > Hello! > > I am pleased to announce the availability of Libgcrypt version 1.5.3. > This is a *security fix* release for the stable branch. ___

GnuPG and Thunderbird

Hi, I am attempting to install Enigmail and am trying to follow the directions. I downloaded the full linstaller for Windows but then saw in the NotePad READ ME.txt that it was the 2.0 beta version which should not be used. I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot o

Re: [Announce] [security fix] GnuPG 1.4.14 released

Werner: No problems. MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55) Xcode 4.6.3 __outer On 2013-07-25 (206), at 06:26:55, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.14. This is a *security fix* release and all

Re: [Announce] [security fix] GnuPG 1.4.14 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Werner Koch wrote on 7/25/13 6:26 AM: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.14. This is a *security fix* release and all users > of GnuPG < 2.0 are advised to updated to this ver

Re: Clearsign text document with multiple keys?

On Fri, 26 Jul 2013 02:42, adrela...@riseup.net said: > can a plain text document be clear signed by multiple keys at the same > time? (Hold by different people.) Yes. > One can create a plain text file a, clear sign it and get a.asc. Another > one can clear sign a.asc and get a.asc.asc. I thin