Hello,
While the discussion proceeds, I can't determine which post I should
reply. Well, I think I reply to this post.
On 09/30/2015 10:37 PM, Laurent Blume wrote:
> The thing is, I asked around (on some other lists), and had a look at
> HSM's, we even have a hundred thousands € worth of HSM,
On 30/09/2015 8:58 pm, Robert J. Hansen wrote:
>> I create for myself a gpg key and want to get it signed
>
> More important than whether your certificate gets signed is who signs
> the certificate, who they are connected to, and so on.
>
> Some people will sign almost anything. People who get
On 01/10/15 10:33, Bob Henson wrote:
> There might be a possible exception where there is no individual
> person to meet - the verification signature with software, say. When
> you have downloaded the software from the same, known website for
> some time it might be reasonable to sign the
On 01/10/15 11:35, Peter Lebbing wrote:
>
> Well, it doesn't help me at all to know that the developer of said
> software indeed has "David Niklas" on his passport. That gives me no
> more confidence in the integrity of the software than if he had a
> different name. All I need to know is that
On 01/10/2015 11:35 am, Peter Lebbing wrote:
> On 01/10/15 10:33, Bob Henson wrote:
>> There might be a possible exception where there is no individual
>> person to meet - the verification signature with software, say. When
>> you have downloaded the software from the same, known website for
>>
On Thu, Oct 01, 2015 at 09:33:59AM +0100, Bob Henson wrote:
> On 30/09/2015 8:58 pm, Robert J. Hansen wrote:
> >> I create for myself a gpg key and want to get it signed
> >
> > More important than whether your certificate gets signed is who signs
> > the certificate, who they are connected to,
On 01/10/15 15:18, Mark H. Wood wrote:
>
> To put my point more plainly: signatures on products and signatures
> on keys mean different things, and to gain trust for them works in
> different ways.
Another case where common PGP terminology is confusing. You don't really
"sign a key", you
I
On October 1, 2015 9:38:13 AM CDT, Christian Loehle
wrote:
>I want to use gpg to encrypt a potentially large file to some
>(cloud-like) storage provider, the recipients are not known at the time
>of uploading.
>What I want to do is to send the encrypted session key of
You can use the --show-session-key and --override-session-key option for
gpg.
$ gpg --encrypt <<< "Test Message" > msg
$ gpg --decrypt --show-session-key msg
$ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you'
Note that you do not need your private key for the last operation.
On 26 September 2015 at 03:24, Christian Heinrich
> wrote:
>
> So as far as I am aware there is no integration with the Facebook
> GraphAPI yet :(
Hi, I'm Jon - I work on OpenPGP support at Facebook. I thought you might be
> Whilst that is partially useful, surely it only vouches for the fact
> that the postings came from the same person and not who that person is -
> and as such is of very limited use.
Yes. No. Somewhere in between.
Some years ago a user on PGP-Basics was irate over how I refused to sign
my
You can use the --show-session-key and --override-session-key option for
gpg.
$ gpg --encrypt <<< "Test Message" > msg
$ gpg --decrypt --show-session-key msg
$ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you'
Note that you do not need your private key for the last operation.
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP
On Wed, 30 Sep 2015 05:37, d...@fifthhorseman.net said:
> In the subprompt GnuPG provides, use "1" (or "2", etc) to select which
> user ID you want. then use "expire" to change the expiration for that
Well, you can do that but gpg ignores it. The expiration date is taken
from the primary user
I want to use gpg to encrypt a potentially large file to some
(cloud-like) storage provider, the recipients are not known at the time
of uploading.
What I want to do is to send the encrypted session key of the file to a
recipient, when I 'add' them, without reuploading or even touching the
> Names are tremendously fluid instruments. Charles Martel, the hero of
> France, didn't actually have a last name...
Oh, man -- I completely forgot the great one from modernity. You can be
elected President under a pseudonym. Not only that: *it's already
happened*. President Ulysses Simpson
On 15-10-01 13:05:28, Robert J. Hansen wrote:
> > Whilst that is partially useful, surely it only vouches for the fact
> > that the postings came from the same person and not who that person is -
> > and as such is of very limited use.
>
> Yes. No. Somewhere in between.
>
> Some years ago a
On 10/01/2015 10:35 PM, Melvin Carvalho wrote:
>
>> Quick question: I just uploaded my key and the dropdown said
>> "public" ... does this mean I can get at it without an access
>> token? That would be super cool!
>
>
>
> I was actually looking into the same thing myself by trying
>
(This came just to me, not to the mailing list. I'm assuming Bob
intended to reply-all and just hit the wrong button. If I'm in error,
Bob, please forgive me.)
> What would be no use, and possibly harmful, would be to sign that
> certificate just because you had seen it a couple of times -
On 15-10-01 19:14:49, Melvin Carvalho wrote:
> On 1 October 2015 at 17:56, Jon Millican wrote:
>
> > On 26 September 2015 at 03:24, Christian Heinrich <
> > christian.heinr...@cmlh.id.au> wrote:
> > >
> > > So as far as I am aware there is no integration with the Facebook
> > >
> Doesn't all decent e-mail clients automagically check if a signature is
> legit and matches the known public key?
Probably not "all", but a lot, yes.
The problem comes from you can't force a user to pay attention to a
warning. Some years ago a friend of mine, Peter Likarish, invented a
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP
On 1 October 2015 at 22:30, Kristian Fiskerstrand <
kristian.fiskerstr...@sumptuouscapital.com> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 10/01/2015 10:28 PM, Melvin Carvalho wrote:
> >
> >
>
> ...
>
> >
> > Reference:
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10/01/2015 10:28 PM, Melvin Carvalho wrote:
>
>
...
>
> Reference:
> https://developers.facebook.com/docs/graph-api/reference/user
>
>
> Quick question: I just uploaded my key and the dropdown said
> "public" ... does this mean I can get
On 09/30/15 19:17, David Niklas wrote:
> Hello,
> I create for myself a gpg key and want to get it signed, however I've
> sent out half a dozen requests and so far I've gotten only negative
> responses to the effect that I must know so-and-so and we must met in
> person (considering that the
On 09/30/2015 07:54 PM, Peter Lebbing wrote:
> So that's my scenario. I'm just expressing my idea of what would be
> cool. If you decide to work on authentication with OpenPGP cards, this
> is an idea for one way of using it.
Thank you for explanation. I could imagine the use case for
Jon,
On Fri, Oct 2, 2015 at 1:56 AM, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich
> wrote:
> Keys can be fetched from someone's profile "public_key" field, e.g. you
> could fetch my public key with the query:
>
>
On 01/10/15 08:06, NIIBE Yutaka wrote:
> Although I have a bit of experience with Poldi, frankly speaking, I
> don't quite understand the need for local login authentication with
> OpenPGPcard. For me, if I do some access control for my own PC, it
> would be better to consider removing keyboard
On Thu 2015-10-01 07:52:51 -0700, Christian Loehle wrote:
> That's what I would do if I had no other choice. The real downside is
> that it doesn't follow a standard(like openpgp) and I will have to write
> more code on the client side, compared to a standard openpgp solution.
> It just seems like
On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen wrote:
>
> Some years ago a user on PGP-Basics was irate over how I refused to sign
> my messages. My argument was basically the one you were using: that
> nobody on the list had verified my identity and that made my
30 matches
Mail list logo