Re: use policy of the GnuPG-card

> One problem comes obviously in mind: Someone with priv access to your > workstation, You just lost. Everything after this sentence is irrelevant. Once an attacker has privileged access to your machine it's all over. > How is this supposed to be managed? It can't be. GnuPG is only for use

Re: Don't get the pinentry for passphrase in some contexts

Matthias Apitz writes: > What do you use as pinentry exactly? I have: > > $ ls -l /usr/local/bin/pinentry > lrwxr-xr-x 1 root wheel 27 15 may. 14:04 /usr/local/bin/pinentry -> > /usr/local/bin/pinentry-qt5 > > and this pops up a Qt5 window for this. For me,

Re: Don't get the pinentry for passphrase in some contexts

On Thu, 13 Jul 2017 15:08, dam...@cassou.me said: > strace reveals the following. Does that ring a bell to anyone? "debug-pinentry" in gpg-agent.conf would give you more info. Adding also "debug ipc" will show you the communication between gpg and gpg-agent; that is what you strace shows. Use

Re: use policy of the GnuPG-card

On Thu, 13 Jul 2017 12:49, g...@unixarea.de said: > How is this supposed to be managed? You can't do anything about it. The card protects your key against compromise - but not the use of the key. For the signing key we have a signature counter and if you can memorize the count and the number

Re: Don't get the pinentry for passphrase in some contexts

strace reveals the following. Does that ring a bell to anyone? In Firefox read(5, "INQUIRE PINENTRY_LAUNCHED 22712\n", 1002) = 32 write(5, "END", 3)= 3 write(5, "\n", 1) = 1 read(5, "ERR 83886179 Operation cancelled \n", 1002) = 44 In the terminal

Re: use policy of the GnuPG-card

On 2017/07/13 11:49, Matthias Apitz wrote: > > One problem comes obviously in mind: Someone with priv access to your > workstation, > for example IT personal, could relatively easy steal your passwords, just > setting your > environment and waiting for the moment that you have unlocked the card

Re: [HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?

On 13/07/17 09:29, Ryan Lue wrote: > 1) I keep my dotfiles synced between multiple machines, and so try my >best to keep them platform-agnostic when I can. There are definitely >times when I can use conditionals to get different behavior on >different machines (like `if [ "$(uname)" =

use policy of the GnuPG-card

Hello, I'm using the GnuPG card for signing, SSH, password-store (Firefox web passwords) and locking un-locking the KDE desktop on card-insert or withdraw. After resolving some technical (FreeBSD) issues, I now have it on daily usage on my netbook and my workstation in the office. One problem

Re: [HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?

> However, I think many people work around this problem by a) using a > graphical pinentry and b) using a single graphical session. As long as > one also refrains from SSH'ing from a remote terminal, with the > combination, you've circumvented the problem by just using the > effectively singleton

Re: [HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?

Hi Daniel, Yes, thanks, this absolutely did it! Sorry for not responding earlier — I had intended to write a follow-up blog post that addressed this question, along with that of forwarding the gpg-agent socket over SSH with `ssh -R` (so that you can use your local machine's GPG private keys in a

Re: Questions using GPGME

Am 13.07.2017 um 09:27 schrieb Werner Koch: > On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said: > >> decrypt with cancel'ing the pinentry, one with missing private key and >> one with a truncated input file. All three gave >> >> print str(e): Invocation of gpgme_op_decrypt_verify: GPGME:

Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

On Wed, 5 Jul 2017 21:39, gnupg-users@gnupg.org said: >> libgcrypt v<=? > > Probably all versions up to 1.7.7, starting from at least 1.2.0 (which > is the oldest I could find). Actaully starting at 1.6.0 which introduced the sliding window method to catch up performance losses due to other

Re: Questions using GPGME

On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said: > decrypt with cancel'ing the pinentry, one with missing private key and > one with a truncated input file. All three gave > > print str(e): Invocation of gpgme_op_decrypt_verify: GPGME: Decryption > failed This has been fixed yesterday in

Re: Changing PINs of German bank card

On 13.07.2017 01:19, MFPA wrote: > > > On Wednesday 12 July 2017 at 6:51:42 AM, in > , Binarus wrote:- > > >> and this means that such software would >> have to run on the >> card. > > Or The ATM. You are right. The ATM will get hold of

Re: Changing PINs of German bank card

On 13.07.2017 01:23, MFPA wrote: > > > On Wednesday 12 July 2017 at 3:15:09 PM, in > , Binarus wrote:- > > > >> (if the >> PIN needs to be >> stored at all in some backend which I doubt). > > The Bank must know the PIN (or a hash).