On 17 Jul 2019, at 05:05, Robert J. Hansen wrote:
> But all in all? It's a good criticism.
Indeed. Backwards compatibility with the 1990s is an albatross. Anyone still
using obsolete ciphers is screwed anyway, so why encourage it?
Some nitpicking:
* Modern PGP does encrypt subjects
hes valid in the MIME boundary charset?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 04/07/2019 03:29, Phil Pennock wrote:
> Depends upon the implementation. I'm biased here, I wrote my own in
> Go back in 2016: https://go.pennock.tech/fingerd/
Nice. I can't see corporate firewall admins buying it though. :-)
--
Andrew Gallagher
signature.asc
Description: O
> On 4 Jul 2019, at 03:23, Ángel wrote:
>
> A point I don't like about the design of hagrid is that verification is
> performed by the server itself.
> Thus, it seems that if there were a reconciliation protocol between
> them, either entering into one of them would lead to all of them blindly
ers' spiders are well behaved, it should be no
worse than being indexed by Google.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
identity of the uploader (as hagrid and keybase
do), but this then makes the SKS reconciliation protocol unviable - so
it is SKS the protocol that has to be changed, not SKS the software.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
your
keyring, there's nothing wrong with continuing to use the keyservers
(for now), so we shouldn't kill a service that's working just fine for
those people, not until we have a replacement.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digit
oblems.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
e build quality of the
bookshelves, and to prove his point he pulls them to pieces. "Look at
that, it's falling apart!" [1]
Just because something is broken does not mean you are obliged to kick
it over to prove the point.
[1] https://vimeo.com/108169770
--
Andrew Gallagher
signature.asc
Des
tous
individuals.
But you're right, these subtleties are why WoT never took off. :-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 03/07/2019 13:45, Kristian Fiskerstrand wrote:
> There are various ways this can be used for other
> attack vectors as well, so they are mostly just ignored.
Any of those attack vectors applicable to keyservers attempting to
refresh from it?
--
Andrew Gallagher
signature.asc
Descr
y to know! Opening a
finger port may be a step too far for the security-conscious though...
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
big IT companies.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
but distrust everyone else".
This would only have to be done once in advance, and it could be made
part of your new developer onboarding process.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing
oviders took
email security seriously, we would never have got here in the first
place. But the nature of email is that nobody owns it, therefore it is
nobody's job to fix it. And the people who care have real jobs and
mortgages.
[1]
https://www.quora.com/What-is-the-service-utility-and-
On 2019/07/01 17:26, Werner Koch wrote:
> p.s.
> As stop-gap solution the next gpg release sports a
> --keyserver-options self-sigs-only to allow importing of spammed keys.
I think this deserves more than a P.S. ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital
i
> tools and they can be used with an extra written GUI program, if
> someone likes to do so. Very handy!
I agree that's the way user interfaces should be, but now I'm unclear
what your complaint about GnuPG is, given that it's a CLI tool
optionally wrapped in a GUI interface.
--
Andrew Ga
SKS has just proven an example of that.
I think we're criticising the same thing. Yes, I'm calling Golang (and
Rust) "exotic". :-)
Interestingly, Rust was first implemented in OCaml... (!)
--
Andrew Gallagher
signature.asc
Description: Ope
ormation has its uses if you're maintaining any sort
of PKI.
[1]
https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
e don't run into potential issues re some
systems being able to verify, a new algorithm and some not. Better to
let the synchroniser just do its job, and move all the verification and
caching stuff to a higher level. It need not be in the same binary.
--
An
> On 1 Jul 2019, at 13:36, Andrew Gallagher wrote:
>
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
&g
On 2019/06/30 18:06, Daniel Kahn Gillmor wrote:
> On Sun 2019-06-30 00:33:22 +0100, Andrew Gallagher wrote:
>> Indeed, c) was exactly the killer use case I had in mind.
>
> so, how do we get there?
We start from hagrid or something like it, and carefully add the ability
to sync on
> On 1 Jul 2019, at 00:36, Robert J. Hansen wrote:
>
> Would this be painful? Sure. But it doesn't involve throwing out
> the OpenPGP spec, just overhauling how we implement it and the
> supporting software ecosystem. That would be *hard*, don't get me
> wrong, and I am *in no way* saying
> On 30 Jun 2019, at 15:07, Erich Eckner via Gnupg-users
> wrote:
>
> maybe I don't get the original idea - but I thought, it was to block
> *uploads/updates* which would poisson a certificate - not to blackhole them
> after they got poissoned?
Hm, that’s not how I read it, although I could
ll be
looking over their shoulder wondering whether they'll be next.
We solve this issue for *everyone*, or we all go home.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> On 30 Jun 2019, at 11:01, Vincent Breitmoser wrote:
>
> The single biggest issue is
> importing keys that don't have identity info on them. I submitted a patch to
> GnuPG to fix this issue, but for some reason that is beyond me there seems to
> be
> resistance to merging it:
Unfortunately
> On 30 Jun 2019, at 10:21, Mirimir via Gnupg-users
> wrote:
>
> This is undoubtedly a naive question. But anyway, would it be feasible
> to test keys by importing them, and seeing which ones break OpenPGP?
> Maybe do it in minimal Docker containers? And then somehow block access
> to those
>> Thankfully there is a practical - if drastic - solution for all
>> OpenPGP users everywhere. Point pool.sks-keyservers.net (and its
>> various aliases) somewhere else. The question is where to and how
>> soon.
>
> (I am certain Andrew has already considered this: I am making explicit
> what I
> On 30 Jun 2019, at 09:19, Robert J. Hansen wrote:
>
> The next version of Enigmail will no longer use the SKS network by
> default. Great! But what about existing Enigmail users? They'll see a
> signature, click "Import Key", and ... bam. They're likely not going to
> think that
> On 21 Jun 2019, at 21:49, Daniel Kahn Gillmor wrote:
>
> So if we decide we only want to address use case (c), then it doesn't
> seem too crazy to imagine reconciliation among multiple installations of
> all the distributed, cryptographically-validated *non-identity* data
> that hagrid is
f not having the one-and-only-distributor-of-all-keys and thus a
> SPoFailure/Denial/Surveillance. If we want that it is easier to go with
> S/MIME.
If hagrid supported an SKS-like reconciliation protocol, would that
mitigate your concerns?
--
Andrew Gallagher
signature.asc
Descriptio
> On 15 Jun 2019, at 22:41, Vincent Breitmoser wrote:
>
>
>> For a start, it only supports email userids - so it is incompatible with
>> monkeysphere.
>
> Indeed! This is a use case that would be interesting to explore though, feel
> free to open an issue on our tracker if you want to help
> On 16 Jun 2019, at 12:51, Vincent Breitmoser wrote:
>
>
>> Maybe you can consider in the future at least to allow CA sigs.
>> Those would be only one sig per key and the CA signing keys
>> could be stored in your database as reference as well.
>>
>> Currently 3 CAs come to mind:
resource, meaning it's not resilient enough for
distributing revocations, which is the main use case for SKS these days
(there are already several alternative systems for discovery).
So it's not an SKS-killer (yet).
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
drive, but development has stalled. If there is
genuine interest out there, I will dedicate some more time to it.
[0] https://tails.boum.org
[1] https://github.com/andrewgdotcom/frith
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
__
and display it to you without question. They
prioritise Getting It Done over Doing It Right, and it's hard to fight
against a baked-in paradigm.
It's like the old proverb about the tourist asking for directions in
Ireland and being told "If I was you, I wouldn't start from here" :-D
g bits and pieces, but
when using it heavily, e.g. as an ssh auth method over ansible, it can
get *very* sluggish.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnu
cess to
your device. An encrypted drive is a better way to prevent an attacker
getting access to sensitive material on disk (not only passwords).
So while the problem you identify is bad, it's not fatal.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digit
> On 18 Feb 2019, at 20:35, Farhan Khan wrote:
> Hey Andrew,
> I was given the message "gpg: decryption failed: No secret key". I ran this:
>
> mv .gnupg .gnupg.bak
> gpg --card-status
> cat encrypted_message | gpg --decrypt
>
> This gave me the warning message:
> gpg: encrypted with 2048-bit
> On 18 Feb 2019, at 05:19, Farhan Khan via Gnupg-users
> wrote:
>
> How does one utilize *just* the yubikey (or OpenPGP smartcard in general) to
> encrypt, sign, or decrypt? This might be in a scenario where I only have the
> keys on my card but not on disk such as while traveling. I can
> On 17 Feb 2019, at 07:20, Farhan Khan via Gnupg-users
> wrote:
>
> Key attributes ...: rsa2048 rsa2048 rsa2048
But you’re trying to load an rsa1024 key onto it. Have you tried loading a 2048
bit key instead?
A
___
Gnupg-users mailing list
> On 21 Jan 2019, at 17:29, justina colmena via Gnupg-users
> wrote:
>
> How can people be so insufferably rude?
O_o
A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> On 10 Nov 2018, at 00:57, Dirk Gottschalk via Gnupg-users
> wrote:
>
> I suggest using a Cron job, or a SystemD timer and service to do a
> refresh on a regular base.
I’ve found parcimonie to be useful.
https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
On 04/09/18 11:01, Peter Lebbing wrote:
> On 04/09/18 10:17, Andrew Gallagher wrote:
>> And I have just confirmed (by sending that mail) that both the first
>> auth operation AND the first signing operation fail, separately.
>
> I have no idea, it's quite curious. As
On 04/09/18 09:11, Andrew Gallagher wrote:
> Hi, all.
>
> I've had a pgp smartcard v2.1 for years now (two, actually), and I've
> noticed that no matter what operation I perform, the first attempt after
> inserting the card, or waking from sleep with the card inserted, fails.
for as long as I can remember, across different
machines, different software versions and OSes (Linux and Mac), and
using both smartcards.
Does anyone have any idea what's going on?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
e written some (basic)
documentation for internal use in my company. Let me know if you need
any further help.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/m
ut the badness must not infect other servers automatically.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> On 4 Jun 2018, at 19:44, Benjamin Kircher wrote:
>
> Now inside the container I can see my socket
>
> # ls -l /gpg-agent
> srwx-- 1 root root 0 Jun 4 17:45 /gpg-agent
>
> From here on, I am kind of stuck. I fail to somehow make gpg-agent inside the
> container “use” the
ed to confound bayesian analysis.
YMMV
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
y crypto upgrades, particularly in an online setting such as a
mail gateway. All this does is launder the obviously-dangerous bad
ciphertext into an apparently-safe new ciphertext.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
> On 20 May 2018, at 07:26, Robert J. Hansen wrote:
>
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on Efail.
> You may find it worth reading. You may also not. Your mileage will
>
> On 17 May 2018, at 11:50, Patrick Brunschwig wrote:
>
>> On 17.05.18 10:07, Werner Koch wrote:
>> On Thu, 17 May 2018 08:59, patr...@enigmail.net said:
>>
>>> Within 12 hours after the release I got 5 bug reports/support requests
>>
>> Kudos to Enigmail for acting as
secure mail plugin(s). And since this has already been
implemented in at least one plugin (see Patrick's earlier messages) I
think it's best to leave it on that side of the fence.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital sig
2018. HTML mail is unfortunately going to be
around for a long time. So mail clients (no more or less than web
browsers) have a responsibility to sandbox untrusted content. Plaintext
is a workaround, not a solution.
--
Andrew Gallagher
signature.asc
Descr
wiki markup language.
Content-type: text/markdown ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
nt so far that this is limited to the expected breaking
cases (pre-MDC ciphers) and not some unexpected side effect?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.or
> On 16 May 2018, at 13:44, Fiedler Roman wrote:
>
> I am not sure, if gpg could support implementation/testing/life-cycle-efforts
> to establish all those parameters and different process models for most of
> the decryption processes gpg users envision to use gpg
> On 16 May 2018, at 05:21, Patrick Brunschwig wrote:
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
>
>
>
>
> --WRAPPER
> (result of PGP/MIME decryption)
> --WRAPPER--
ing to see
if I could think up the quickest solution. ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
variable such as GNUPG_HTML_COUNTERMEASURES=true would certainly be
sufficient, providing both users and MUA developers a convenient big red
switch that can just be enabled.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
you get garbage.
BUT
We should also be very careful to note that none of this discussion
thread applies to the MIME concatenation vulnerability, which is a
problem in Thunderbird and other mail clients, and which cannot be
solved by gnupg.
--
Andrew Gallagher
signature.asc
Description:
On 14/05/18 14:44, Andrew Gallagher wrote:
> I would humbly suggest that we stop worrying about which side of the
> GPG/MUA fence the ball is on, and fix it on *both* sides.
I have just opened tickets in both GnuPG and Enigmail for the respective
integrity check mitigations.
On 15 May 2018, at 07:42, Bernhard Reiter wrote:
>> Another thing we need to learn from this is that HTML elements may be a
>> privacy concern in plaintext mail, but they are a *security* concern in
>> encrypted mail.
>
> People clearly seem to want a way to send files
> On 14 May 2018, at 14:47, Dan Kegel wrote:
>
> Anyway, if you have a checkbox for 'automatically decrypt', you might
> consider unticking it.)
This may not be sufficient. It’s not just automatic decryption but any
decryption at all in the client that can trigger a callback.
> On 14 May 2018, at 18:32, Werner Koch wrote:
>
> On Mon, 14 May 2018 15:44, andr...@andrewg.com said:
>
>> This all exposes one of the difficulties with trying to manage security
>> software in a decentralised ecosystem. We end up in arguments over whose
>
> That is actually
> On 14 May 2018, at 18:57, Lars Noodén wrote:
>
> How feasible would it be to strip or disable encryption in a fork of an
> old version and just leave it capable of decryption?
I’m sure it’s feasible, but it doesn’t address this issue or any other kind of
oracle,
capabilities of
encrypted HTML mail are constrained, etc.
The PGP ecosystem will survive this, because the tech is in place. The
enforcement has just erred a little too far on the side of
compatibility. It's all fixable.
--
Andrew Gallagher
signature.asc
De
s it's only a warning-level offence doesn't mean enigmail
should agree...
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ing fresh to the conversation: disabling the display
of HTML email is *probably* a sufficient mitigation in either case.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg
On 14/05/18 12:13, Andrew Gallagher wrote:
> I tried again using CAST5 instead of MD5 to bypass the smartcard bug.
Argh, I meant to say 3DES of course, not MD5. Sorry.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signat
asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: encrypted with 4096-bit RSA key, ID 0x6B09069314549D4B, created
2013-07-02
"Andrew Gallagher <andr...@andrewg.com>"
File 'reply.txt' exists. Overwrite? (y/N)
Enter new filename: foo
gpg: Signature made
treat such warnings as fatal? Should mail
clients *ever* treat mere warnings as fatal?
I can't test here because I'm suffering from https://dev.gnupg.org/T3576
- guess that means I'm immune! ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital sig
from Werner's link earlier:
> We hesitate to require the MDC also for old algorithms (3DES, CAST5>
> because a lot of data has been encrypted using them in the first
> years of OpenPGP.
So if someone sends me a 3DES-encrypted mail it won't check the MDC?
Doesn't gpg still support readi
ly
that MDC *checking* is the default? If so, then all we would need to do
is disable non-modern ciphers.
Looks like S/MIME is pretty much buggered though...
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mai
On 2018/05/03 09:14, Werner Koch wrote:
> On Thu, 26 Apr 2018 11:05, andr...@andrewg.com said:
>
>> There's a suspiciously empty documentation page on the main site:
>
> I agree that it is pretty terse but it refers to another section with
> the actual description of the commands.
Aha, I was
Hi, all.
There's a suspiciously empty documentation page on the main site:
https://www.gnupg.org/documentation/manuals/gnupg/The-quick-key-manipulation-interface.html
Is this still WIP, or just an update/sync error?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
> On 16 Mar 2018, at 13:07, Phil Susi wrote:
>
> I believe you can enable EFS on the windows server and it will handle
> decrypting the file before sending it over SMB. Then you don't need any
> special software or configuration on the clients.
How does that work when the
> On 16 Mar 2018, at 08:11, Steven Maddox wrote:
>
> Yeah this would be a cool approach that'd mean less reliance on the
> kernel. However the files we (me and my colleagues) access (although
> they're all using Windows PCs) are on SMB/Windows shares... so somehow
>
ut the
documentation is making my brain hurt:
https://www.flam.de/issues/view.php?id=888
http://www.flam.de/en/technology/products/fluc/
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users
Hi, all.
Is there any support for using gpgsm as a certificate authority?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
sk
> plugged into the system I'm using to do this.
I recommend using an offline system to do this; then you don't need to
worry about leaving traces behind. Tails is a good solution, as it
provides an encrypted persistent partition and comes with a recent gnupg
preinstalled.
--
Andrew Gallagher
y as 1, although more
computationally intensive as it would need to be calculated per download
(caching may help). Can be retrofitted to existing keyservers.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users m
> On 16 Jan 2018, at 22:26, Leo Gaspard wrote:
>
> It could also help limit the impact of the nightmare scenario RJH has
> described, by making sure all the data is “cryptographically valid and
> matching”, thus making it harder to just propagate arbitrary data down
>
> On 16 Jan 2018, at 18:15, Kristian Fiskerstrand
> <kristian.fiskerstr...@sumptuouscapital.com> wrote:
>
>> On 01/16/2018 07:12 PM, Andrew Gallagher wrote:
>>> On 16/01/18 17:19, Leo Gaspard wrote:
>>> “on 2018-04-01, please expose only the master k
to be
forgotten, then this could be a defensible fallback position. But it is
not a solution to many of the *practical* problems in privacy protection.
Ultimately, the PGP ecosystem prioritises security over privacy. They
are not the same thing, and in some cases they are in conflict.
--
Andrew Gallag
t called USENET?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
users. The vandalism problem is solved by clients not displaying
unverified content. Whereas the "nightmare scenario" happens entirely
out of view of the average user, but has more serious consequences.
Let's not mix them up.
--
Andrew Gallagher
signature.asc
Description: OpenPGP d
> On 15 Jan 2018, at 21:13, Matthias Mansfeld
> wrote:
>
> could this be implemented in a way that the _upload_ (not the
> spreading between keyservers) requires signing? (unless it is a
> revocation certificate)?
So long as there is one keyserver
> On 15 Jan 2018, at 16:39, Stefan Claas wrote:
>
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
You also need to prove that removal is technically possible. Otherwise all that
> On 5 Jan 2018, at 08:41, Lou Wynn wrote:
>
> The only need for an
> organization to access their data is decrypting the encrypted data,
> which is satisfied by the auditing key.
The standard way of doing this without allowing for impersonation is escrow of
the encryption
> On 4 Jan 2018, at 04:42, Lou Wynn wrote:
>
> It has a client key and uses it to log into the server, which is
> similar to SSH key authentication, to retrieve the private key after
> authentication.
This bit confuses me. If you already store a private key locally, why use
> On 29 Oct 2017, at 19:18, Shannon C wrote:
>
> I can't find anyone talking about this particular issue. Assuming that the
> secret key was generated outside of an Infineon chip, but that subsequently
> subkeys were generated by a chip with the ROCA vulnerability, does
can understand.
Point a webcam at the local console. ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 10/10/17 17:33, Mike Gerwitz wrote:
> Not promoting its own ideals is working contrary to its goals.
There is nothing in the GPL that requires one to be an evangelist. If
the FAQ is incorrect or misleading, let's change it. But "insufficient
fervour" is not sufficient grounds
y.html
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Importing the governikus key gives me the same
result.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
cause IDs don't have
an intrinsic order.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2017/09/28 10:57, Stefan Claas wrote:
>
> Now i have a problem lol... with my new pub key and --check-sigs.
>
> My new pub key 3BB27531899F06EA4582B2E9D68B6EAC6ECF3AB6 was signed
> by Governikus 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7 and when doing
> a --check-sigs i get an error...under
On 26/09/17 14:39, Kristian Fiskerstrand wrote:
> On 09/26/2017 03:38 PM, Andrew Gallagher wrote:
>> Yes. Unfortunately it's tricky to implement that on a smartphone. We
>> don't have card+phone working in gnupg yet either. We *barely* have
>> gnupg working on phones at all. B
201 - 300 of 439 matches
Mail list logo