On 2017-04-04 10:27, Teemu Likonen wrote:
Will Senn [2017-04-04 00:19:11-05] wrote:
On 4/3/17 11:48 PM, Doug Barton wrote:
What's your threat model?
[...] I do not really know what I need vs what I think I need. In my
uneducated state, I think I want to be as secure as possible
On 04/09/2017 11:01 AM, Mike Gerwitz wrote:
If I know a threat exists, I'm going to evaluate my threat model and
decide whether or not it is worth my time to mitigate it; whether I can
hope to mitigate it; and whether attempting to do so is going to put me
at even more risk for some other
Original Message
Subject: Re: Smart card
Date: 2017-04-08 10:41
From: Doug Barton <do...@dougbarton.us>
To: gnupg-users@gnupg.org
On 2017-04-04 10:27, Teemu Likonen wrote:
Will Senn [2017-04-04 00:19:11-05] wrote:
On 4/3/17 11:48 PM, Doug Barton wrote:
What's your
On 04/03/2017 06:57 AM, Peter Lebbing wrote:
On 03/04/17 15:30, Doug Barton wrote:
We really need to stop referring to this as signing.
I agree. But it might be too late.
It's never too late. Better is better. If we'd started being more
rigorous years ago, TOFU never would have happened
On 04/03/2017 08:33 PM, Will Senn wrote:
I didn't ask if I should get one. I asked if there were resources to
help a newb make decisions regarding them. While I sense a certain
disdain in your response, I'll make some clarifying comments in the hope
that its worth the effort...
Robert's answer
On 04/03/2017 04:20 AM, Peter Lebbing wrote:
On 02/04/17 21:00, Neal H. Walfield wrote:
In short, the main key acts as a level of indirection, which separates
your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one
important
On 04/03/2017 04:16 AM, Peter Lebbing wrote:
On 03/04/17 08:25, Doug Barton wrote:
That said, as long as you have a suitable passphrase your risk of key
compromise is really, really minimal, even if they did get total control
over your device. Barring coercion, the chances of someone guessing
Some answers below, and you've already received some good answers, but I
have some more fundamental questions. :)
First, and an important question for security-related stuff generally,
what is your threat model? In other words, what dangers are you guarding
against by using PGP? You mention
That's not how you use haveged. It is supposed to start when the system
boots, and run in the background, collecting entropy to seed the PRNG.
That said, if you are using a card for signing that's way more likely to
be involved in the problems you're seeing. Try creating a key on the
file
The appropriate place is the IETF, and/or lists related to the
development of mailing list software.
Doug
On 03/15/2017 08:46 PM, Bill Broadley via Gnupg-users wrote:
But
finding a place that discusses standards that impact so many different pieces is
tricky.
On 03/15/2017 02:14 PM, Jamie H. via Gnupg-users wrote:
Hello!
It's been a few years since I've messed with gpg, but I have an
application that needs something kind of like distributed groups.
Lets say I have: "key group" (which is owned by who-cares, it's a
public key only that represents a
On 11/25/2016 02:28 AM, Stephan Beck wrote:
Hi David,
I kindly invite you to post your PM on-list. It might be of interest for
other people as well.
Why send this to the list, rather than to him privately?
___
Gnupg-users mailing list
On 04/26/2016 06:37 AM, Robert J. Hansen wrote:
I've looked over your egpg code. My bloodless technical evaluation is
simple: "it is nowhere near ready for production environments." And I
think if you read over the other technical criticisms you've received,
you'll see this is pretty much a
On 04/26/2016 02:40 PM, Bob (Robert) Cavanaugh wrote:
New thread for this topic...
For what it's worth, you didn't actually do that. What you did
was to change the subject line of your reply. For those of us who use
mail readers that actually thread, your message still appears under the
On 04/19/2016 12:34 PM, Dashamir Hoxha wrote:
On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton <dougb@dougbarton.email
<mailto:dougb@dougbarton.email>> wrote:
On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
I have written a small password utility, where passwords are
On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
I have written a small password utility, where passwords are stored on
an encrypted archive.
This is a bad idea. You should instead use one of the well-established
solutions created and peer-reviewed by knowledgeable folks. Personally
I'm a big
On 04/05/2016 05:57 AM, Daniel Baur wrote:
while it is off-topic: The In-Reply-to and References-header are not the
same.
Depending on the mail client that may or may not be true. :)
But more importantly, the existence of either header will tell the
person looking at the headers that the
On 04/04/2016 01:58 AM, Peter Lebbing wrote:
On 03/04/16 13:56, Peter Lebbing wrote:
Also, when you start a new topic, could you please post a fresh new
message to the mailing list, instead of replying to an unrelated post?
Two people mailed me to say they didn't think this had happened
On 03/24/2016 02:53 AM, Peter Lebbing wrote:
On 23/03/16 22:07, Doug Barton wrote:
1. You don't know if the key was in full control of the
person/organization it purports to represent before, during, or after
the signatures you are trusting were applied.
2. You don't know if the person
On 03/23/2016 04:38 PM, Andrew Gallagher wrote:
On 23 Mar 2016, at 21:07, Doug Barton <dougb@dougbarton.email> wrote:
On 3/22/2016 11:14 AM, Andrew Gallagher wrote:
the question most useful to a user is "given this particular
signature, how much confidence shou
On 3/22/2016 11:14 AM, Andrew Gallagher wrote:
the question most useful to a user is "given this particular
signature, how much confidence should I invest in it?".
No, the question *most* users that bother to use the signature at all
ask about it is, "Did it validate?"
The answer to *your*
On 03/17/2016 01:00 PM, Kristian Fiskerstrand wrote:
so if the server was to be compromised in some way ...
... the checksum (that you are downloading from the same server) becomes
useless.
Doug
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 03/18/2016 05:18 AM, Peter Lebbing wrote:
Can someone point me in the direction of the solution to this
counterintuitive probability theory result?
You already got good answers as to why this happens from Viktor and
Andrew. You can illustrate them by adding TT to your analysis.
Doug
On 03/14/2016 03:25 PM, Mire, John wrote:
On 3/14/2016 15:38, Doug Barton wrote:
I think there is a system in place that works pretty well, keys are
not 'siloed' in one place but are distributed to every keyserver for
the public to see, its the sks openpgp keyservers.
I'm having trouble
On 03/14/2016 05:21 PM, Brian Minton wrote:
Sounds like CERT (TYPE37) records?
Yes, the first example I gave is similar in nature to those records. For
a variety of reasons the various communities involved have shied away
from a general purpose record for this purpose, and have gravitated
Howdy,
The IETF is currently working on a specification for a DNS record
(secured by DNSSEC) that will allow users to find a PGP key from an
e-mail address. I'm interested in feedback on how y'all think that
should work.
In one version the receiving user would create a truncated version of
On 03/14/2016 01:02 PM, Fabian Santiago wrote:
Technically yes. It's a hosted vps.
If you have any thought of using your key(s) for anything security
related you need to create them on something you have exclusive control
over. Creating them on someone else's virtual server means that they
On 02/26/2016 07:29 AM, Robert J. Hansen wrote:
Why is it more resource intensive?
It's far more intensive of a much more limited resource: user happiness.
Normal users tend to find hexadecimal frustrating:
"It's a *number*? But it uses A through F."
This is something that only
On 02/25/2016 06:50 AM, Kristian Fiskerstrand wrote:
On 02/25/2016 02:38 PM, Peter Lebbing wrote:
(If this feels like droning on to you, just stop reading and go do
something fun!)
On 2016-02-25 14:25, Kristian Fiskerstrand wrote:
Now, the real question discussed here though isn't really
On 02/19/2016 12:59 PM, Janna Martl wrote:
So, is there a "good" way to get what I want: my email password stored
in a way that I only have to enter a passphrase once, and my master
password file stored in a way that I have to enter the passphrase every
time I want to look at the file?
Rather
On 1/17/2016 2:17 AM, Peter Lebbing wrote:
On 17/01/16 03:19, Doug Barton wrote:
Further I don't see signing as all that interesting either.
[...]
We can infer things about these topics from our knowledge/beliefs
about the sender, but I can't think of any rational person would go
along
On 01/15/2016 01:37 PM, Andrew Gallagher wrote:
On 15/01/16 21:02, Doug Barton wrote:
On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| I've
| worked on several projects for more than one financial institution,
| and airgaps like this are considered barely sufficient for some
| important keys
On 01/16/2016 07:06 PM, Andrew Gallagher wrote:
On 17 Jan 2016, at 02:19, Doug Barton <dougb@dougbarton.email> wrote:.
OTOH, PGP is designed primarily to establish trust relationships between
people, with human review of the results an integral part of the process.
That may hav
On 01/14/2016 11:35 AM, Wendy Oberg wrote:
From: "Doug Barton" [dougb@dougbarton.email]
What is your concern about signing the key?
Not so much a concern. But I might want to make use of the predicate
"key X is valid" without having to sign anything, and without even
On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
You've already received good answers on your questions, so some
questions for you. :) What is your concern about signing the key?
And are you aware that local signatures will not be communicated
beyond your keyring?
I actually ran
On 01/14/2016 01:41 PM, NdK wrote:
Il 14/01/2016 21:06, Andrew Gallagher ha scritto:
>Tofu does not guarantee identity persistence. Just because your correspondence
hasn't been obviously tampered with (yet) does not mean that someone hasn't been
MITMing you all along and biding their time.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| On 15/01/16 19:33, Doug Barton wrote:
|> This is a good example of why that method of working with your
|> keys is pointlessly complicated. :)
|
| It's complicated, but not neces
On 01/10/2016 02:01 PM, Full Name wrote:
Do I have to sign it? Is there no way to configure gpg locally to
say "the info in this key (fingerprint) is accurate", without having
to sign?
Is the semantics of signing with lsign or sign "the info in this key
is accurate"?
You've already received
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/6/2016 8:03 AM, Lars Hollenbach wrote:
| Hello, When I use gpg --encrypt-to I am getting
| this:
|
| gpg --encrypt-to 06195004D8FBF459786B2CA2D731496480A63D5A gpg: key
| specification '06195004D8FBF459786B2CA2D731496480A63D5A' is
| ambiguous
On 4/13/15 8:07 PM, jason zhang wrote:
Hi NIIBE
Thank you very much for the help.
Yes, it asked me the passphrase just after gpg: CAST5 encrypted data
line, and I gave the passphrase. The passphrase is definitely right
since I used it very 2 or 3 days.
You mentioned that you had an
On 4/13/15 8:56 PM, jason zhang wrote:
Hi Doug
Yes, the problem started after the unscheduled shutdown. Unfortunately,
I don't have an archived version. The problem is that another
encrypted, which I have not touched for sometime, cann't be opened either.
Well I'm sorry to say, that sounds
On 3/28/15 3:48 AM, Werner Koch wrote:
Sorry for this. It has already been fixed in the repo,
Just out of curiosity, do you have an ETA on a new release?
--
I am conducting an experiment in the efficacy of PGP/MIME signatures.
This message should be signed. If it is not, or the signature
On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
Doug,
Signature shows as an attachment signature.asc. No evidence that PGP actions
were envoked. Work forces use of Synaptic PGP, so I cannot tell if it is verified or not.
Thanks Bob, that is interesting feedback.
FWIW, I have received
On 3/25/15 1:20 PM, Ville Määttä wrote:
On 25.03.15 21:41, Doug Barton wrote:
While this is strictly anecdotal evidence I would argue that it's a good
indication that we may not be ready for PGP/MIME as the default.
I think that fail, a signature.asc attachment, is still a cleaner fail
than
On 3/19/15 10:39 AM, Patrick Schleizer wrote:
Hi,
when using --verify combined with --status-fd [or --status-file], how
can one notice in scripts, that processing the one signature is done and
that further status-fd messages belong to the next message?
You are using --with-colons, right?
--
[mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Doug
Barton
Sent: Tuesday, March 17, 2015 2:21 PM
To: Paulo Lopes
Cc: gnupg-users@gnupg.org
Subject: Re: what is the proper way to load gpg-agent with systemd
Are you using gpg-agent to handle ssh agent responsibilities, yes
On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key
On 3/17/15 2:27 PM, Clark Rivard wrote:
How do you check the fingerprint?
Step 1 is that you have to get a validated version of the fingerprint of
the key that you would have been using to verify the package if you
could have downloaded that key in the first place.
The concept of
the
integrity adequately?
I can't tell you what is adequate for your situation. You have to make
that judgement yourself.
Doug
-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:46 PM
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy
On 3/17/15 2:19 PM, Peter Lebbing wrote:
On 17/03/15 22:04, Doug Barton wrote:
Assuming you get the package, the signature, and the fingerprint from the same
*.gnupg.org resources, what does that buy you?
Assuming they're all protected by https, nothing.
I think you missed my point. If all
On 3/17/15 7:23 AM, Clark Rivard wrote:
I currently have GPG 1.4.8 installed on a Windows server. Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through the “download and
installation” process on the new server? Thanks.
1.4.8 is
On 3/17/15 4:17 PM, Peter Lebbing wrote:
On 2015-03-17 23:18, Doug Barton wrote:
I think you are asking way too much, and
giving near-zero value in return.
I'm not asking for anything.
Originally you suggested that they verify the fingerprint, and use that
to retrieve the key. Glad to see
Are you using gpg-agent to handle ssh agent responsibilities, yes or no?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about requesting key...from hkp server
pool... but then got HTTP fetch error 7 couldn't connect: No error
Any ideas?
Try it a few more times, you may have gotten a bad server from the pool.
If it
On 3/17/15 7:48 AM, Paulo Lopes wrote:
Hello,
I've been using my gpg card with success in Ubuntu for a while but as
everyone knows the init system is switching from upstart to systemd as
it is happening on Debian and the vast majority of other distributions.
In the past one could start
Ok, then you need to start the agent prior to or during the X startup,
so that the variables are available to your environment (as you were
doing previously).
So, why are you trying to start the agent with systemd? What method were
you using previously, and did you try it in the new OS
Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
You need to download the key referenced in the first message:
gpg --recv-key 4F25E3B6
then do your verify command again
On 3/13/15 11:23 AM, Robert J. Hansen wrote:
Seriously? Wasn't it obvious from the context of what Robert and
I wrote that we were talking about keys that existed only on a
card?
Let's calm things down, folks. :)
FWIW, I'm perfectly calm, as in the sense of not angry. But it is a
major
On 3/13/15 7:22 AM, Peter Lebbing wrote:
I interpreted Dougs message as saying that a disadvantage of smartcards,
as opposed to on-disk keys, is that you lose the key when the smartcard
stops functioning. I was replying to this statement by Doug:
Further, the inconvenience of having to deal
On 3/13/15 2:17 PM, Peter Lebbing wrote:
On 2015-03-13 19:54, Doug Barton wrote:
But it is a
major source of frustration when folks take comments out of context to
use the tiniest bit of leverage with which to forward an agenda.
WHAT?!?!
It is true, text is a truly god awful medium
It's quite disingenuous to say you don't have an opinion, when obviously
you do.
This topic was debated at length on this list when Heartbleed happened.
There are two camps:
1. Those who think that if you offer any kind of free service, you have
to offer all related services for free as
On 3/12/15 8:51 AM, Robert J. Hansen wrote:
For many users, smart cards are a good idea. (I've got one myself.)
But for just as many users, smart cards are inconvenient and overkill.
I would go so far as to say for the vast majority of users they are
totally unnecessary. It's cool to play
On 3/12/15 2:59 AM, Werner Koch wrote:
On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said:
PuTTY also has its own agent support, which works quite well. I'm not
sure why it's necessary to reinvent the wheel here. :)
Because that integrates seemless with GnuPG. For example you can use
On 3/11/15 11:30 PM, Xavier Maillard wrote:
Doug Barton dougb@dougbarton.email writes:
Otherwise, there is an easy way to solve your problem on the Windows
platform, you should strongly consider it.
I fear I do not understand. Did I miss something ? Off course I'd
rather go the easy way
On 3/11/15 10:27 PM, Xavier Maillard wrote:
Doug Barton dougb@dougbarton.email writes:
On 3/11/15 3:15 AM, Werner Koch wrote:
The standard ssh client on Windows seems to be Putty; you may use it
with the native GnuPG for Windows (i.e. Gpg4win) by using the option
--enable-putty-support
On 3/11/15 3:15 AM, Werner Koch wrote:
The standard ssh client on Windows seems to be Putty; you may use it
with the native GnuPG for Windows (i.e. Gpg4win) by using the option
--enable-putty-support instead of --enable-ssh-support.
PuTTY also has its own agent support, which works quite well.
On 3/9/15 2:10 PM, Bob (Robert) Cavanaugh wrote:
you will not get your desired results by starting the conversation impuning the
work that went before and claiming that what you are asking for is far superior
OTOH, it's often useful when talking about a possible direction for new
projects to
On 3/1/15 3:34 PM, Daniel Kahn Gillmor wrote:
On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote:
On Sun, 1 Mar 2015 15:32, rp...@kcore.de said:
is there a command line utility that takes a PGP/MIME encrypted message
(a plain RFC 2822 text file) and outputs an unencrypted copy? The
Not
On 2/27/15 10:10 PM, Marco Zehe wrote:
Hi Werner et al,
Am 27.02.2015 um 20:56 schrieb Werner Koch w...@gnupg.org:
There is no trust in keyservers by design. As soon as you start
changing this you are turning PGP into a centralized system.
OK, then I have a very practical question: Even
On 2/27/15 3:15 AM, Peter Lebbing wrote:
So what did this key attract, being on the keyserver for four years now?
22 Nigerian 419 scams. That's it. Twenty-two! They came in batches; I haven't
seen anything since March last year.
I've had a similar key out there for longer than four years, and
On 2/23/15 2:51 PM, Daniele Nicolodi wrote:
Hello,
I've been struggling quite a long while today trying to understand why
the following command does not do what I expected:
gpg --export-secret-subkeys 41E999D7! \
--export-options export-reset-subkey-passwd
It does not reset the password
On 2/19/15 12:16 AM, Pete Stephenson wrote:
Considering the way it was abandoned by its developers, TrueCrypt is
probably not the best choice going forward.
We don't know the whole story about what happened there, so I would be
hesitant to attribute malice. For some of us who need to have
It was not my intention to start an IPv6 advocacy thread, but in case
anyone is interested in facts about the current state of things, this is
a good summary:
http://www.slideshare.net/AkamaiTechnologies/edge-2014-ipv6-is-here-what-you-need-to-know
On 2/18/15 3:59 AM, Johan Wevers wrote:
On 18-02-2015 12:40, Werner Koch wrote:
Because the resolver tells that there is an record. It seems that
we need to figure out at runtime whether v6 is actually working. Any
hints on how to do that?
The most easy solution in such cases is to
On 2/18/15 2:52 AM, Jonathan Schleifer wrote:
Well, I guess you have to take into account that a lot of downloads are from packaging
software like pkgsrc, FreeBSD ports, Gentoo portage, ArchLinux's makepkg, etc. Usually,
these do download the signature and tarball once, verify it and then
On 2/17/15 12:12 PM, Errol Casey wrote:
gpg: WARNING: unsafe ownership on homedir `.'
What are the permissions on your home directory, and your ~/.gnupg
directory?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/15/15 12:26 PM, Daniel Kahn Gillmor wrote:
| On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote:
| FWIW, I hate this debate, and try hard to stay out of it. But it really
| bothers me when people spread factually incorrect information
On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:
On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
The traditional argument against this sort of feature is that someone
with control over your local socket would most likely have control over
your
FWIW, I hate this debate, and try hard to stay out of it. But it really
bothers me when people spread factually incorrect information,
especially when they try to use that as the basis of their arguments
for/against one method or the other.
On 2/14/15 7:49 AM, Hugo Osvaldo Barrera wrote:
On 2/13/15 4:01 AM, MFPA wrote:
In an OpenPGP-aware mail client, that is the decision of the
developer. For example, is there any huge reason why it would be a bad
idea to treat dashspacedashdashnewline the same as they
treat dashdashspacenewline?
And Enigmail, for example, can do exactly
On 1/14/15 7:09 PM, Anthony Papillion wrote:
gpg: O g: can't encode a 256 bit key in a 0 bit frame
This happens after I tell the program to accept the final key in the
group as valid. But it doesn't seem to be related to a key since I've
deleted the final key and it still give me the
On 1/12/15 10:44 AM, Patrick Schleizer wrote:
When using gpg --armor --detach-sign some-file-version-c a file:
some-file-version-c.asc will be created.
But an adversary position to arbitrarily change file names on a mirror
or so could rename it to some-file-version-d and
FYI, what you want to do doesn't make sense. :)
You should read the man page, and learn about inactivity timeouts for
gpg-agent. Also, you can wipe the agent altogether quite easily.
Your concern about people gaining access to the console is well founded,
but there are better solutions
On 12/31/2014 06:40 PM, Robert J. Hansen wrote:
The protocol was secure: you just had to configure it correctly.
Yes, thank you for your tidy summary of Security 101. :)
What I'm looking for is some sort of concrete information about When
ssh is configured this way the NSA can break it. I've
On 12/31/2014 3:25 PM, mark hellewell wrote:
And the “ssh is broken” remark strikes me as a little dramatic, too.
Well I've seen vague references to some of the less secure settings
being vulnerable, but I've yet to see, everything below this line is
vulnerable, everything above this line is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/27/14 9:36 AM, Sandeep Murthy wrote:
| I have four keypairs associated with my main email, two of which
| are revoked and one expired. But if I try to edit the main key
| associated with email by
|
| $ gpg --edit-key email
|
| then it invokes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/08/2014 10:48 AM, Tomo Ruby wrote:
| I know I could just set a new expiration date but most times it's
| recommended to use a key for two years at the longest.
Why do you think that's true? What threat do you think that using a
key for at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/7/14 7:04 AM, Tomo Ruby wrote:
| I wanted to create new keys and came across the following
| problem: If I create a main key to certify and subkeys for
| everything else, won't there be dozens of subkeys on my main key
| after years of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/20/14 10:40 AM, Dave Pawson wrote:
| Requirement. Two machines (one Linux, one Windows).
|
| I want a secure file 'shared' between them, as a pwd-safe.
|
| Only I use the two machines, but need the file encrypted.
|
| Any alternatives to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/13/14 9:22 AM, Daniel Kahn Gillmor wrote:
| On 11/13/2014 07:01 AM, Werner Koch wrote:
| gpg: Make the use of --verify FILE for detached sigs harder.
|
| thanks for doing this, Werner.
|
| Now waiting which tools or scripts will break. I
On 11/13/14 2:33 PM, da...@gbenet.com wrote:
Hi All,
Background:
I exported my keys to a USB stick. Then I copied my .gnupg to a new
Linux laptop. Then I imported my keys. I thought that I would be
fine.
Why did you perform the second step? Just copy ~/.gnupg to the new
system, delete
At one point in the past there was discussion about 2.1 only allowing
one public keyring, but I don't see anything about that in the What's
new doc. Can I safely assume that 2.1 has support for multiple
keyrings in the same gpg.conf and/or command line?
Doug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/31/14 2:28 PM, Robert J. Hansen wrote:
| Anyway, gpg might want to use pinentry to gather the passphrase
| from the user, and it's not clear that you have the right
| environment set up for pinentry.
|
| One option would be to install GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/18/14 3:56 PM, Hauke Laging wrote:
| Hello,
|
| I am often asked whether (and how) it is possible to use OpenPGP
| on several systems with the same keys. You are probably aware that
| this is also asked here, not often but regularly. And then
On 10/10/14 2:43 AM, Werner Koch wrote:
On Fri, 10 Oct 2014 05:27, dougb@dougbarton.email said:
That was my first thought, but adding -v to either --check-sigs or
--list-sigs provides no additional information. Is what you're looking
at a 2.1 feature?
No space in the listing for all the
On 10/9/14 5:29 AM, Werner Koch wrote:
Add --verbose (or -v) to the gpg command line and it will show you that.
That was my first thought, but adding -v to either --check-sigs or
--list-sigs provides no additional information. Is what you're looking
at a 2.1 feature?
Thanks to everyone for
I refreshed my key tonight in preparation for a key signing party and
came across this message:
gpg: Note: signatures using the MD5 algorithm are rejected
I'm sure there is a way to determine what algorithm a signature was
created with, but the mechanism wasn't obvious to me on an (admittedly
When starting a new topic please don't reply to a message on the list
and change the subject line. Doing so causes your new topic to show
under the previous one for those using mail readers that thread
properly, and may cause your message to be missed altogether if someone
has blocked that
On 9/16/14 6:58 AM, Daniel Kahn Gillmor wrote:
I've been in a situation where i'm sitting with a friend, talking about
a project we're hoping to work on together, and i wanted to send them
confidential information about the project to read later. I know they
have an OpenPGP cert, so i fire up
On 9/16/14 9:26 AM, Werner Koch wrote:
On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said:
i've definitely seen people update their primary key's expiration date
and fail to update the expiration date of their subkey, so they have a
valid cert, but it still can't be used for encryption.
1 - 100 of 400 matches
Mail list logo
