> On 29 Oct 2017, at 19:18, Shannon C wrote:
>
> I can't find anyone talking about this particular issue. Assuming that the
> secret key was generated outside of an Infineon chip, but that subsequently
> subkeys were generated by a chip with the ROCA vulnerability, does that
> compromise the
can understand.
Point a webcam at the local console. ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 10/10/17 17:33, Mike Gerwitz wrote:
> Not promoting its own ideals is working contrary to its goals.
There is nothing in the GPL that requires one to be an evangelist. If
the FAQ is incorrect or misleading, let's change it. But "insufficient
fervour" is not sufficient gr
y.html
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
rting the governikus key gives me the same
result.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
becomes scrambled because IDs don't have
an intrinsic order.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2017/09/28 10:57, Stefan Claas wrote:
>
> Now i have a problem lol... with my new pub key and --check-sigs.
>
> My new pub key 3BB27531899F06EA4582B2E9D68B6EAC6ECF3AB6 was signed
> by Governikus 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7 and when doing
> a --check-sigs i get an error...under Win
"don't display
unknown sigs" was default behaviour everywhere, it would remove the
incentive to make wasteful vanity sigs in the first place.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ave (the technical one being baked-in assumptions).
On the other hand, I am usually the first person to complain about
weakly justified UX changes. Gnome3 comes to mind... ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_
On 26/09/17 14:39, Kristian Fiskerstrand wrote:
> On 09/26/2017 03:38 PM, Andrew Gallagher wrote:
>> Yes. Unfortunately it's tricky to implement that on a smartphone. We
>> don't have card+phone working in gnupg yet either. We *barely* have
>> gnupg working on phones
that displaying an unverified
comment that *implies* there is a binding *somewhere else* identifying
this key with a particular ID may be a convenience, but is a)
unnecessary and b) a source of confusion. We can't perform any
verification without downloading the full key of the owner anyway,
On 26/09/17 12:30, Kristian Fiskerstrand wrote:
> On 09/26/2017 01:07 PM, Andrew Gallagher wrote:
>> So SKS should just say "unverified signature from ". It
>> should not repeat the purported user ID, nor provide a search link that
>> returns completely unrelated ke
safeties.
It is not enough that something bad is forbidden. You have to make it
obvious at all times *why* it's forbidden, otherwise people think the
system is broken and fight against it.
The fact that technically-proficient people have been coming in here for
twenty yea
> On 10 Sep 2017, at 16:28, Leo Gaspard wrote:
>
> I can think of at least one use case it covers in addition to an offline
> masterkey (but that would also be covered by C subkeys): the ability to
> sign others’ keys without using your masterkey. This would allow to not
> have to expose the key
a well-functioning democracy, but it
won't save you from the mafia, the CIA or Kim Jong Un.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ient drives and
printers shared over RDP.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 2017/07/31 15:44, Mario Figueiredo wrote:
> On a separate tutorial (2), Alan Eliasen strongly advises against
> this practice.
He does, but his argument is weak. The meat of it is:
> Unless everyone that you communicate with regularly does something
> like:
>
> gpg --refresh-keys
>
> to fi
> On 30 Jul 2017, at 21:19, Dirk-Willem van Gulik wrote:
>
> I see a growing number of keys that have well managed & expired separate
> subkeys for Signing, Encryption and Authentication switch from ‘SC’ on the
> master key to just ‘C’ (all RSA, ignoring DSA).
>
> Would anyone know if there i
On 2017/07/16 18:24, Jürgen Polster wrote:
> The IOS apps for working with openpg encryption are iPGMail and
> oPenGP. Both interact with mail by cut and paste of content
In the case of iPGMail, it can also use the "mail attachment" OS hook to
automatically populate a draft email. You still need t
> On 15 Jul 2017, at 15:40, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>
> wrote:
>
> On the shopping
> website, the customer keys in the long card number, the PIN, and the
> last three digits from the signature strip. The chip on the card is
> not involved.
No, the chip on the card is not in
On 2017/07/13 11:49, Matthias Apitz wrote:
>
> One problem comes obviously in mind: Someone with priv access to your
> workstation,
> for example IT personal, could relatively easy steal your passwords, just
> setting your
> environment and waiting for the moment that you have unlocked the card
On 2017/06/30 20:27, Stefan Claas wrote:
> The idea with this scenario is that it can be carried out by people
> with no skills in hacking or compromising a computer, in small shops,
> companies for example, when one of the co-workers leaves his/her
> work place for a minute, or two etc.
Anybody w
On 2017/06/21 18:17, Peter Lebbing wrote:
> On 18/06/17 03:48, Christopher Jones wrote:
>> It's a task to setup gpg on new boxes: Import pub key, ultimately trust
>> my key, and muck around with gpg and ssh agents.
>
> Configuring gpg as an SSH agent for Linux in the easiest way is very,
> very di
On 2017/06/22 14:34, martin f krafft wrote:
> also sprach Andrew Gallagher [2017-06-21 15:57 +0200]:
>> I have a quick and dirty tool here:
>> https://github.com/andrewgdotcom/synctrust
>
> Yeah, that'll do the job, except it blindly overwrites changes made
> locall
On 2017/06/20 14:34, martin f krafft wrote:
> 5. Has anyone come up with a smart way to keep pubring/trustdb
>synchronised between multiple workstations?
I have a quick and dirty tool here:
https://github.com/andrewgdotcom/synctrust
A
signature.asc
Description: OpenPGP digital signature
_
On 2017/06/07 13:24, Peter Lebbing wrote:
> Not necessarily!
>
> I don't know if Enigmail checks whether the From: is equal to the key
> UID, but we're talking about look-alike addresses here, not completely
> equal addresses, so even that wouldn't help.
If I send an email to myself from my new w
> On 7 Jun 2017, at 06:55, Stefan Claas wrote:
>
> The procedure went like this: I inserted my id-card in a certified
> card reader, which i purchased, startet the german certified id-card
> software "AusweisApp2" to connect to the CA Server and the server
> checked my id-card online and after v
On 2017/06/06 14:38, Peter Lebbing wrote:
> However, if somebody has used a timestamping service to prove the
> signature was in fact really issued before the key expired, you'll have
> to claim that you had already disclosed the secret key back then. Even
> though you didn't. So you can't prove it
On 2017/06/02 18:25, Peter Lebbing wrote:
> I did later realize that if somebody used a timestamping service to
> timestamp a document you signed, you would have to argue that you
> already published your secret key before that time.
To protect against this, one would use a timestamping service to
On 2017/06/02 14:06, Peter Lebbing wrote:
> On 02/06/17 14:42, Lionel Elie Mamane wrote:
>> However, if I publish the secret signing subkey after it expires,
>> the cryptographic certainty is gone.
>
> Heh, that's an interesting take on it. Thanks for sharing it.
The main motivation for publishin
On 2017/05/16 14:47, Janne Inkilä wrote:
> Did someone really generated same looking key? And why? Any ideas?
Yes, they did. Most of the strong set was duplicated by the Evil32
project in order to demonstrate the danger of relying on short key IDs
(because on modern hardware it takes mere seconds
On 04/04/17 13:47, Will Senn wrote:
> So I emailed them and waited a week with no response. I then went
> looking for alternatives and found many sites that referred to that site
> as their distributor.
I bought mine from cryptoshop.com and was satisfied with the experience.
A
signature.asc
De
On 04/04/17 11:22, Mauricio Tavares wrote:
> I will add that the "Are smartcards out of vogue?" question has
> an loaded question taste to it.
Depends whether by "smartcard" you mean the technology or the form
factor. The underlying protocol is here for the long term - it's the
same one banks use
> On 7 Mar 2017, at 08:40, Bill Dangerous wrote:
>
> Indeed, my old master key which is now a subkey, has all the flags (SCEA),
> and I don't know how to change that. I would like to limit flags to SE
I would strongly recommend against that. I would create completely new subkeys,
including (e
On 21/02/17 15:23, Peter Lebbing wrote:
> On 21/02/17 16:19, Andrew Gallagher wrote:
>> And this is the main reason I started running my own keyserver - by
>> refreshing your monkeysphere-host keyring, you are leaking to the
>> keyserver which user credentials have login
On 21/02/17 15:17, Peter Lebbing wrote:
> On 21/02/17 15:58, Kristian Fiskerstrand wrote:
>> Keep in mind, the keyring in the scope of monkeysphere is normally one
>> keyblock :) But yeah, the crontab frequency will depend a bit on system.
>
> Not for multi-user systems with many accounts; it woul
On 21 Feb 2017, at 13:37, Kristian Fiskerstrand
wrote:
>> On 02/21/2017 02:21 PM, Peter Lebbing wrote:
>> Revoking the old A key and creating a new one needs to happen on the
>> system you have the primary key on, so you need to subsequently roll out
>
> Who said anything about creating a new
> On 19 Feb 2017, at 11:19, Peter Lebbing wrote:
>
>> On 17/02/17 15:11, Andrew Gallagher wrote:
>> Some systems will only authenticate against the most recently created
>> A subkey.
>
> I have no personal experience, but I think it's possible this rel
> On 19 Feb 2017, at 08:41, Stefano Tranquillini
> wrote:
>
> wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the
> smartcard).
> Can't I create a new E (called E2) from my master and decrypt the data? Or
> the data encrypted are decriptable only by the exact E (E1 in thi
Stefano,
I meant to reply last night, but didn't fancy writing this out on a
phone keyboard. No need to resend questions - this tends to be a
high-latency list for people in odd time zones, working from home, on
the move etc.
NB all the below is IMHO, YMMV etc. :-D
On 16/02/17 15:04, Stefano Tra
On 10/02/17 12:57, René Pfeiffer wrote:
> Hello!
>
> I am using gpg and gpg2 with mutt and Icedove/Thunderbird (with Enigmail
> plugin). My public keyring has grown to be very big since the email clients
> auto-import unknown keys. Plus I did some signing and imported keys signing
> keys from othe
On 06/02/17 09:37, Richard Ulrich wrote:
> So we sometimes resort to keybase.io. There the key is verified by
> some social media. Sure, if the social media profile have existed
> for some years and have some legitimate looking interactions, it is
> a good indicator that its not a face account. B
On 02/02/17 12:02, Richard Ulrich wrote:
> I thought about applying for Estonian e-residency for the sole
> reason of adding credibility to my GPG key. My idea would be to sign
> my GPG key with the ID card. This could give people who are not in
> my web of trust a head start.
Which particular peo
On 30/01/17 17:22, Werner Koch wrote:
> Time warp: All servers updated.
I can confirm it works on the latest iOS.
Andrew.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/m
> On 29 Jan 2017, at 10:39, Marko Bauhardt wrote:
>
> Now one year later. My ssh subkey is expired. But i’m still able to login
> into my ssh-server.
> My assumption was that i can use this subkey only if this key is valid. Is
> the expired key working because i’m using the ssh-agent instead
On 26/01/17 00:16, Andrew Gallagher wrote:
>
> gnupg.org *does* keep 3DES at the end of the supported suites, so surely
> it should not be affected. I'm tempted to write this off as a
> mistake by ssllabs.
I've spoken to ssllabs and it appears that this was an ambiguity i
On 2017/01/25 21:07, sivmu wrote:
> Anyways ssllabs shows a warning that the website will be degraded
> from A to C in a month. Not sure that matters all that much, but if
> there is an oppertunity to change the available ciphers at some
> point...
I've looked into this and I'm not sure why ssl
On 25/01/17 14:51, Felix Van der Jeugt wrote:
> Dear all,
>
> Recently, keybase.io stopped their email forwarding service. Now, my
> noc...@keybase.io uid can no longer receive email. I'd normally revoke
> the uid, but my account, keybase.io/noctua, can still receive messages
> through the website
> On 25 Jan 2017, at 08:52, Werner Koch wrote:
>
> On Wed, 25 Jan 2017 01:05, si...@web.de said:
>
>> not sure this is the perfect place, but I wanted to point out that the
>> gnupg.org website still uses sha1 as a mac.
>
> Despite that SHA-1 is not yet broken they now even claims that HMAC-SH
On 22 Jan 2017, at 18:47, Adam Sherman wrote:
>
> But, using an air-gapped system to sign keys that you trust seems rather
> unwieldy, particularly when you include in the process the need to copy
> the public keys to media accessible by the air-gapped system.
Working out what to do with your pr
On 06/01/17 09:30, Kristian Fiskerstrand wrote:
> On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote:
>> p.s. in the meantime a made a script which tails the scdaemon.log and
>> waits for "Removal of a card:"
>> and then kills the gpg-agent. Not a proper solution - but working so far.
>
> W
> On 18 Dec 2016, at 00:17, sivmu wrote:
>
> ... that this means RSA encrzption is reproducable, meaning encrypted
> files of the same plaintext result in the same ciphertext, as this woul
> make the process reproduceable and any malfunction can be easily noticed.
No, because the plaintext is s
On 16/12/16 18:33, Lou Wynn wrote:
> A brute force attack doesn't need to read the card, and
> it simply enumerates keys in the key space used by the SmartCard.
Yes, but the key space of the smartcard is much larger than the key
space of a USB drive encrypted using a key derived from a
human-reada
On 16/12/16 02:30, sivmu wrote:
> If the token does the encryption (and signing) operations,
Smartcards perform signing and DEcryption (which in the case of RSA are
mathematically identical).
> it needs randomness.
That's true of DSA and ElGamal, but smartcards normally implement RSA.
Remember
> On 15 Dec 2016, at 19:24, Lou Wynn wrote:
>
> If the host machine is compromised, what's the purpose of doing encryption on
> the SmartCard? Attackers don't need to know the key to get your plaint ext,
> because it is on the host machine.
The difference is that if you use a smart card in a
> On 7 Dec 2016, at 05:50, NdK wrote:
>
> The "stapling" part is the hardest, since with OCSP usually you need to
> verify that something is valid "now", while with a GPG signature you
> should be able to attest that something will be valid "forever".
No signature can possibly attest that somet
o the authority in a timely fashion and b)
working out whether to trust the authority in the first place. But that's a
problem in OCSP too.
In general, anything you can do in the X509 trust model you can do in PGP - but
with a little more effort and a lot fewer default assumptions.
Andrew G
So, essentially OCSP?
Andrew Gallagher
> On 6 Dec 2016, at 21:42, NdK wrote:
>
> That could actually reduce trust in any PGP signature, unless there's a
> way to timestamp 'something' that says "as of 'now' this key have not
> been revoked". Id
On 04/12/16 20:59, Carola Grunwald wrote:
> It's a small
> tool running as a background task residing in the system tray.
Hold on a sec.
Are you running a pseudonymity service on your personal desktop?
Andrew.
signature.asc
Description: OpenPGP digital signature
On 05/12/16 11:18, Peter Lebbing wrote:
> On 05/12/16 00:09, Andrew Gallagher wrote:
>> Mathematically, authentication is just a special case of
>> signing, so having both S and A on a subkey does not introduce extra
>> vulnerabilities (that we know of).
>
> Mathemati
such cases it's safer to revoke the key
and start again.
Andrew Gallagher
> On 4 Dec 2016, at 21:29, Roy A. Gilmore wrote:
>
> Hi,
>
> I have a keypair that was initially generated with the defaults, so the
> signing key also has the authenticate capability enabled. I w
On 02/12/16 14:57, Duane Whitty wrote:
>
> I believe that outside of the lack of awareness that their privacy is
> being ignored, the problem is mostly private key management and the
> unfortunate fact that most of the email clients that most people use
> on the most popular platforms don't suppor
On 26/11/16 01:17, Carola Grunwald wrote:
>
> WME encoding, remailing and nym handling are done completely at the
> proxy. You can use any, even the most primitive PGP-unaware MUA to send
> and receive standard mail and Usenet messages, crypto and anonymization
> capabilities are provided by the p
On 24/11/16 23:03, Carola Grunwald wrote:
>
> Let's just say I hold two nym accounts at different nym servers
>
> https://en.wikipedia.org/wiki/Pseudononymous_remailer#Contemporary_nym_servers
>
> and send WME encapsulated mail through both of them to a single
> recipient making him believe he t
On 23/11/16 17:54, Carola Grunwald wrote:
> Andrew Gallagher wrote:
>
>> If you are worried about an attacker on the wire doing statistical
>> analysis of your message sizes and patterns of use, you will
>> probably have to go the whole hog and transport over Tor. And ev
On 23/11/16 10:19, Peter Lebbing wrote:
> I could concur with this statement if we amend it a little: when two
> MTA's are explicitly configured as TLS peers.
Absolutely. But if you're using a non-standard protocol, then you also
need to explicitly configure both sides. So in practical terms ther
> On 23 Nov 2016, at 03:48, Carola Grunwald wrote:
>
> But why does a person have to be in control of a signature key? Why not
> a server in the name of a company resp. its employees.
There is no problem having a server in control of a key. Just so long as we
understand that the key is now the
On 22/11/16 18:17, Carola Grunwald wrote:
> You seriously recommend to run a dedicated gpg-agent instance for each
> of dozens if not hundreds of mail service users?
gpg is intended to run on the client, not the server. A mail service
operator should not hold the private keys of its users, never m
On 21/11/16 11:04, Peter Lebbing wrote:
>>> >> rather trust GnuPG's random number generator than the one on a cheap
>>> >> smartcard
>>> >> (or any smartcard for that matter). So I would recommend to not use the
>>> >> on-card
>>> >> key generation feature anyway.
>> >
>> > That's quite an inter
On 14 Oct 2016, at 23:49, g...@noffin.com wrote:
> So for clarification then:
>
> If there are no expiry dates on secret keys, what does this output mean then?
>
> #gpg --list-secret-keys
>
>
> sec 2048R/ 2014-10-30 [expires: 2017-10-31]
>
The expiry date shown here is just a copy
On 14 Oct 2016, at 19:11, g...@noffin.com wrote:
>
> Hi there - pretty new with GPG, but have been getting going with it
> without much issue. I'm just curious about a few best practices and so on.
>
> 1) Should you set an expiration on your secret key? Or do most people just
> secure it appropri
The problems always start with the words "public key"...
On 30/09/16 15:22, Werner Koch wrote:
>
> So for example "lock" and "private key" may be better.
"Lock and key" works for symmetric crypto, because you lock and unlock
with the same key. "Latch and key" is the best analogy I know of to
pub
On 28/09/16 12:44, Arbiel (gmx) wrote:
> Hi
>
> Seahorse (distributed within Ubuntu) allows for the storing and
> retrieving of "secrets", as passwords, into what I understand to be
> gpg keyrings, or at the least, files.
Seahorse stores passwords in the Gnome keyring, which is not related to
PGP
On 13/09/16 15:33, Werner Koch wrote:
> On Tue, 13 Sep 2016 14:02, andr...@andrewg.com said:
>
>> 1. Why was the A keystub not deleted and regenerated when I did gpg
>> --delete-secret-keys; gpg --card-status, like the E and S ones
>> apparently were?
>
> Did you get a pinentry prompt to confirm
I recently decided to change my default smartcard on one machine
because it was easier to use and carry a flat card than one in a USB
reader, and that particular machine has a smartcard slot. I had two
smartcards anyway for testing purposes.
I thought it would be a simple matter of deleting the ke
On 11/09/16 02:13, Robert J. Hansen wrote:
>> Whichever "they" you had in mind when you brought it up...? ;-)
>
> I said "Enigmail and other clients" -- if you don't specify which
> precise implementation you're interested in, I don't know which one you
> want to know about.
Well, I sort of wante
On 10 Sep 2016, at 22:20, Robert J. Hansen wrote:
>> Do you have a link to how they plan to implement it?
>
> Without knowing who you mean by "they", no, I can't.
Whichever "they" you had in mind when you brought it up...? ;-)
> Daiki Ueno is
> planning on implementing it in Gnus. Patrick Br
Do you have a link to how they plan to implement it?
Andrew Gallagher
On 10 Sep 2016, at 22:00, Robert J. Hansen wrote:
>> I'm confused by this. What does it mean? What does 'armor the mail
>> headers" mean? Is this the same as 'encrypting' the mail head
On 31/08/16 10:49, Dimitrova Elena wrote:
>
> I will not alter any part of the source code. In this case what are my
> obligations under the GPL license?
In this case you have no obligations. Fly, and be free. ;-)
The only time when the GPL becomes significant is when you are
distributing modif
On 26 Aug 2016, at 15:39, Paolo Bolzoni wrote:
> just write a .pdf
It's a sad day when pdf is considered preferable to html... ;-)
A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 17/08/16 19:35, Andrew Gallagher wrote:
>
> Public keys are low-latency things
D'oh.
s/low/high/
A
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailm
On 17/08/16 19:15, Robert J. Hansen wrote:
>
> Parcimonie is a key refreshing daemon. (So far, cool! It's a real
> problem. Solving this problem is cool.) In order to defend against
> completely hypothetical movie plot attacks, it insists on refreshing the
> keys spread out over a long period o
On 17/08/16 17:03, Gabriel Philippe wrote:
> On Wed, Aug 17, 2016 at 5:43 PM, Andrew Gallagher wrote:
>> On 17/08/16 16:36, Gabriel Philippe wrote:
>>>
>>> Set an expiration date to your key one year from now. Every 6 months,
>>> postpone this expiration date
On 17/08/16 16:36, Gabriel Philippe wrote:
>
> Set an expiration date to your key one year from now. Every 6 months,
> postpone this expiration date to 6 more months. It's too late for
> these people, but in the future and same conditions, others won't have
> a false security feeling when writing
On 17/08/16 16:43, Gabriel Philippe wrote:
> On Wed, Aug 17, 2016 at 4:36 PM, Andrew Gallagher wrote:
>> Parcimonie already exists. But it's an optional extra that most people
>> don't install (or even know of). People shouldn't be expected to
>> install or
On 17/08/16 15:54, Jerry wrote:
> On Wed, 17 Aug 2016 15:36:05 +0100, Andrew Gallagher stated:
>
>> Parcimonie already exists. But it's an optional extra that most people
>> don't install (or even know of). People shouldn't be expected to
>> install or conf
On 17/08/16 14:52, Robert J. Hansen wrote:
>> That sounds like an argument for marking downloaded local copies of
>> public keys stale after a certain period, similarly to DNS TTL...
>
> That suggestion fills me with horror. Key management is *already* a
> nightmare without adding this to it.
;-
On 17/08/16 14:21, Robert J. Hansen wrote:
>> Concerning key servers, unless in very specific cases, I think keys
>> should be on big and commonly used keyservers which synchronize among
>> themselves. Otherwise new signatures, IDs, and revocations will not
>> get propagated when people refresh the
On 11/08/16 15:20, Robert J. Hansen wrote:
>> No need to apologise, I wouldn't be able to count the number of times
>> I misread something and later wondered how I could have missed it.
>
> In fact, an excellent rule of thumb for this list is there are no
> experts -- just idiots who have carefull
On 4 Aug 2016, at 01:37, taltman wrote:
*snip*
>
> 1. Create a new GPG keyring specific for my identity with my employer
> 2. Cross-sign my existing personal GPG key with the employer-specific
> GPG key
> 3. Do proper key hygiene things (backups, revocation certs, etc.) on
> employer-specific ke
On 26/07/16 13:11, Felix E. Klee wrote:
> On Tue, Jul 26, 2016 at 1:22 PM, Andrew Gallagher
> wrote:
>> What does it say when you run "gpg --list-secret-keys" on your local
>> machine now?
>
> *Without* the smart card reader connected, it says:
It shouldn&
On 26/07/16 11:05, Felix E. Klee wrote:
> Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I
> want to install the key to a second card, but that failed:
>
> # gpg --edit-key $KEY
> [...]
> gpg> toggle
> [...]
> ggp> keytocard
> Really move the primary key?
> On 1 Jul 2016, at 19:40, Andrew Gallagher wrote:
> If you are sufficiently worried, you can revoke the subkey (thus revoking
> this signature) and generate a new one.
s/worried/paranoid/
A
___
Gnupg-users mailing list
Gnupg-users@gnupg
> On 1 Jul 2016, at 17:45, Cannon wrote:
>
> I accidentally messed up. Used the wrong gpg.conf when generating a
> signature on a message. The incorrect config was used causing my message
> to be signed using SHA1 instead of SHA512. I did not realize this until
> after message was already irreve
On 23 May 2016, at 23:24, Robert J. Hansen wrote:
>> In the case of "all 8-bit characters, no 7-bit" you're dealing with
>> either a practical joker or EBCDIC. Same thing really...
>
> Or KOI-8R/Windows-1251.
I'd forgotten about that. Or any of the iso-8859 that encode non-Latin scripts.
Or s
> On 23 May 2016, at 20:19, Robert J. Hansen wrote:
>
> Is there any way to determine the encoding for a user ID string?
>
> At first blush it appears the answer is "no, but most people use UTF-8."
You can tell fairly reliably if someone is using either vanilla ascii or UTF8,
in the cases of
execve() equivalent (e.g. perl's open(,,,)), you're pretty much
screwed before you start.
Andrew Gallagher
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 04/05/16 23:09, Robert J. Hansen wrote:
>> There is this scary project listing several hundreds factored pgp/rsa
>> keys: http://trilema.com/2016/the-phuctoring/
>
> Not scary. Not all that interesting, either.
Hanno Böck has a fairly comprehensive response here:
http://www.openwall.com/list
On 28/04/16 10:26, Matthias Apitz wrote:
> Speaking more technically, the problem is that 'modern' MUA, like
> OutLook crap, thunderbird or other browser-like MUA do not invite to
> post and quote correctly. They put the cursor above the first line
> (sometimes you can not even configure this, and
On 28/04/16 11:07, Jerry wrote:
>
> I use "claws-mail" and all I have to do is highlight the text I want to
> reply to.
...
> I don't use "Thunderbird" so I cannot comment on its
> features or deficiencies.
Thunderbird has exactly the same feature.
A
signature.asc
Description: OpenPGP digita
301 - 400 of 456 matches
Mail list logo
