On 22.10.2018, Satendra Tiwari wrote:
> In this case, we want to use GPG to encrypt Oracle backup. We have two
> databases of 17 TB and 7 TB they compress to 2.6 TB and 1.3 TB
> respectively.
> What would be the best way to encrypt our backup and how long would it take?
I would create a
On 10.07.2017, Matthias Apitz wrote:
> This question is perhaps only for German users of GnuPG. In the past
> German banks and credit institutes prohibited the storing of PIN numbers
> etc. on personal computer systems
Does anybody care?
> even claiming that in the case of storing
> they would
On 20.12.2016, Christoph Moench-Tegeder wrote:
> Or is that just me and a local issue?
Most probably. For me, it works:
[htd@chiara Downloads]$ gpg --verify gnupg-2.1.17.tar.bz2.sig
gnupg-2.1.17.tar.bz2
gpg: Signature made Tue 20 Dec 2016 14:59:50 CET using RSA key ID 4F25E3B6
gpg: Good
On 03.10.2016, Werner Koch wrote:
> We would call the left one a "normales Vorhangeschloss" (simple
> padlock). But the middle one is known as a "Schappschloss" - referring
> to the feature that you do not need a key to lock it.
The left one is a modular padlock, and the one in the middle is
On 01.10.2016, Werner Koch wrote:
> Frankly, I did not know how to translate the German term
> "Schnappschloss".
Visualising a picture of what is meant by the German term, I would
intuitively translate it to something like a hasp, a snap lock or even
a spring lock. And you're right, I also
On 27.08.2015, Robert J. Hansen wrote:
> I had someone wonder why the FAQ recommends avoiding CAST, BLOWFISH,
> IDEA, or 3DES for bulk encryption.
> Q: Why should some ciphers be avoided for bulk encryption?
"Some ciphers" is probably not enough for those who frequently ask
about that topic.
On 19.07.2015, F Rafi wrote:
Does it make sense to use a key-server?
You just answered yourself:
The public key will only be use by a single partner organization.
We were thinking about exchanging it over e-mail.
So no need to upload it to a keyserver.
On 17.04.2015, Venkatramana Parapatla wrote:
How to Know keys expiration date for Already created keys using gpg in
command prompt?
gpg --list-keys will give you an oversight over all keys in your public key
ring including their expiry date.
How to renwal existing keys?
You can (of course)
On 05.03.2015, Robert Deroy wrote:
How could i do for use gpg on a usb key, because i have no computer, i only
go in cybercafé.
Don't do it, it's not safe.
In case you're allowed to boot from an external medium, this still won't be
secure. Because you have no control over the hardware built
On 17.02.2015, Werner Koch wrote:
git meanwhile allows to sign commits. If anyone knows a method to set a
different key for tagging and commits, I would soon start to sign each
commit.
I can be seriously wrong, but is that not something the LKML people do?
On 02.01.2015, Egon wrote:
I want to symmetrically encrypt many hundreds of files under Linux, the
files stored in many subdirectories.
Mabe you should consider using a LUKS/dmcrypt container/partition. It would make
things a lot easier and more fail-proof for you.
On 16.11.2014, da...@gbenet.com wrote:
So am going to install a copy of Thunderbird at least 4 years older than the
current version
with an appropriate Enigmail.
As stated and as aa fact of daily life there are problems
running a Linux distro in x86_64 there are problems with gnupg2 there
___
/| /| | |
||__|| | Please don't |
/ O O\__ feed |
/ \ the troll |
/
On 19.10.2014, Sudhir Khanger wrote:
1. Is secret key the most important part of GnuPG? By important I mean
if you only had your secret key could get back to your original setup
ignoring the imported public keys.
Of course, you can omit/delete your pubring.gpg, if you like. However, unless
On 19.10.2014, m...@sudhirkhanger.com wrote:
Are you trying to say if I don't import pubring.gpg I won't import the
previously exchanged keys and hence I won't be able to send them encrypted
messages as I won't have access to other people's public keys?
Exactly. In order to be able to send
On 19.10.2014, MFPA wrote:
Importing your secret key would also re-install your public key..
In order to achieve that, don't you have to run something like:-
gpgsplit --secret-to-public YourPrivateKeyFile.asc
No, that's not neccessary.
A gpg --import your_secret_key.asc into a freshly
Hi,
when decrypting a file with gpg2 in combination with a GnuPG v2.0
smartcard, my PIN, once entered, is cached a long time. Removing the
smartcard or the reader deletes the cache, of course. Although I've
read a bunch of documents and searched the net, I haven't managed yet
to find out how I
On 02.09.2014, Werner Koch wrote:
There is no command to explicitly do that. You may run gpgconf
--reload scdaemon to power down the card.
Thanks a lot for explaining this to me. Now it is clear.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 16.08.2014, Kristy Chambers wrote:
Sorry for that crap subject. I just want to leave this.
[]
The use of PGP/GPG depends entirely on the respective needs and
and context. For me, it has been working perfectly in many years, and
thus, what's described in this article is a good example
On 17.08.2014, da...@gbenet.com wrote:
Leaving aside the issue of how popular encryption of mail is - we are faced
with the fact
that 98 per cent of computer users are completely ignorant about software and
hardware. They
just go into PC World and buy what they like.
Looking around where
On 13.08.2014, Johan Wevers wrote:
Most people, inclusing me, have stopped using it. However, I still have
a lot of mail archives from those days. Removing support would mean I
have to start using pgp 2 again to access them.
Or the most recent version of gnupg with support for those mail
On 05.08.2014, Peter Lebbing wrote:
I'm sure pictures can be found, although I'm not sure blown capacitor is the
correct English term... in Dutch we say geplofte condensator, and I
never discussed the issue in any other language ;).
Blown capacitor is the correct term, and has widespread
On 28.07.2014, Bob (Robert) Cavanaugh wrote:
It is a pain to re-enter the passphrase,
but is required by our threat model.
Maybe a smartcard could be the solution. After you have installed your
key on the card, only a numeric PIN is required, which is MUCH easier
to enter frequently.
On 26.07.2014, Sudhir Khanger wrote:
Or does that again fall in risky behavior category?
Only you can answer this question, because the answer depends entirely
on your thread model. How big is the danger of your passphrase getting
stolen when kept in memory? Are there others which have
On 26.07.2014, Peter Lebbing wrote:
If an attacker has physical access, you've lost; game over.
Yes. But it must not neccessarily be an attacker. It's e.g. quite common
that members of a familiy share a computer. It would be less likely
that one of them installs malicious software on it. But
On 21.07.2014, Werner Koch wrote:
IIRC, I implemented that about a decade ago. Simply put
set crypt_use_gpgme into your ~/.muttrc.
Besides that this requires mutt to be compiled with --enable-gpgme,
it never worked for me. The inline gpg/pgp mail is just showed as
plain text.
Anyway, nobody
On 18.07.2014, The Fuzzy Whirlpool Thunderstorm wrote:
I wonder if Mutt can be configured to decrypt inline pgp messages
automatically, without piping the attachment to `gpg --decrypt`.
You can't. Put this into your .procmailrc. It'll transform your inline
pgp mails accordingly:
:0
*
On 24.01.2014, Leo Gaspard wrote:
Actually, this is something I never understood. Why should people create a
revocation certificate and store it in a safe place, instead of backing up the
main key?
Because a backup only makes sense when it's stored in a diffrent place
than the key itself:
On 10.11.2013, Alexander Truemper wrote:
But if I run 'gpg --export-secret-keys' for my keys, it actually seems
to export the private keys according to pgpdump.
How can this be? (I see no smartcard activity on the terminal and no
PIN is asked)
It's not the real secret key, but the stub
On 04.11.2013, MFPA wrote:
GPG - keeps the XXX from your door! :-)
[Replace XXX with any three letter agency of your
choice]
Is that actually true, rather than bringing you to their attention?
It depends.
My key is publically available, with my current email address in it.
Thus,
On 02.11.2013, Sam Tuke wrote:
Research would definitely be helpful. There are many well written guides,
video
tutorials, and even e-learning courses on how to setup GPG however, and some
applications make it very easy.
When you think of the common windows user who solely wants to double
On 30.10.2013, Sam Tuke wrote:
I'll collect them and pick the best for use now and in future.
GPG - keeps the XXX from your door! :-)
[Replace XXX with any three letter agency of your choice]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 30.10.2013, Sam Tuke wrote:
I'm working with Werner to promote GnuPG and raise awareness.
Just my 5ø:
Raised awareness does seldom lead to change (just as knowledge and
attitudes). Before developing a strategy on promoting the use of
GPG, the barriers which prevent people from using it
On 25.10.2013, Sylvain wrote:
Is this zealotry on the Debian front, or something to update in gnupg?
It's a matter of taste, and there are arguments both for and against.
In my case, having a 4096 bit key has no major drawbacks, so I'm using
one. If you trust gpg, you can safely trust the
On 22.09.2013, Aleksandar Lazic wrote:
What could be a perfect or at least a very good storage of the
private Key.
Spend a little bit money and buy you a smartcard and a reader. Then,
boot a machine without internet connection from an USB-stick or
CD/DVD with some live version (e.g.
On 07.09.2013, Mike Acker wrote:
based on recent revelations we should probably not use any commercially
offered cipher
Define commercially used cipher.
I don't think the crypto ist the problem or the solution. Prism is
mostly about traffic analysis, which is not significantly
affected by
On 06.08.2013, Jean-David Beyer wrote:
I thought I posted to gnupg-users list. I was making a remark to a
previous post. I was not filing a trouble report, and do not think I was
even addressing the issue of piracy.
Put something like this in your mailfilter (this is procmail):
:0
*
On 02.08.2013, Doug Barton wrote:
However, what you really want to encourage is the verification of the
signature (ignoring the bootstrapping problem for the moment), and even
forcing people to download the signature file won't do that.
Enforcing something to people mainly results in the
On 31.07.2013, adrelanos wrote:
Downloading a signature doesn't imply, the user
successfully managed to use OpenPGP verification or that the user
couldn't be tricked or just ignored an invalid signature error message.
And therefore, these numbers are without meaning.
While there is evidence
On 26.07.2013, dyola wrote:
I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot
open it.
You downloaded the Linux version of gnupg. As far as I know, the
right site to download gnupg for Windows from is gpg4win.org .
___
On 24.07.2013, Philipp Klaus Krause wrote:
I do not trust the computer at university with the secret key used to
decrypt my private mail.
[]
Still, I want to be able to read any encrypted mail sent to my
unversity addresses on the computer at university. And I want to use
encryption,
On 24.07.2013, Philipp Klaus Krause wrote:
How else would others know that the key they use to encrypt is mine
They would know if they would check your identity.
and assume that only I can decrypt it?
Most people would silently assume that, if they had checked your
identity and concluded
On 24.07.2013, Mark H. Wood wrote:
Absolute security isn't possible. Any machine you are not shackled to
is sometimes out of your control.
It depends. In my workingplace, nobody can access my own
machine physically. I don't claim that there will be 100% security,
though.
On 23.07.2013, Philipp Klaus Krause wrote:
Of course it is annoying to have to ask everyone to sign three keys -
after all they are all my keys, and the people I ask to sign my key all
get to see the same passport. Is there a better alternative?
Create/use one key, and add all the different
On 07.07.2013, Hauke Laging wrote:
Even with the default settings a 19-digits passphrase (upper and lower case
ASCII letters and digits) is as hard as AES (without flaws).
When you take all printable ASCII-chars as headroom, with
B = entropy in bits
L = length of the passphrase
P =
On 07.07.2013, Robert J. Hansen wrote:
A keyspace of 2^124 is nowhere near half of
2^255; it's not even particularly close to the square root of 2^255.
Thanks for clarifying, you are (of course) right. Didn't think for a
second before posting :-(
However, I wanted to demonstrate the
On 07.07.2013, Robert J. Hansen wrote:
Nobody with two brain cells to rub together is going to try
brute-forcing either the crypto or your passphrase.
This very much depends on how important the encrypted information is
considered to be. However, I agree that most probably no one is
On 06.07.2013, atair wrote:
I want so set up a GnuPG infrastructure for my (lets say) 20 email accounts.
Keep it simple: You create *one* keypair and add all email-accounts to
it.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 20.06.2013, Henry Hertz Hobbit wrote:
Try the backup from GPA's menu. I doubt you will get anything
that can be exported. If you get a backupg.gpg (or similar), then try
importing your secret keys onto a second system with GPGWIN installed.
The thing is, if there's a command to export
On 18.06.2013, NdK wrote:
If the key is generated on-card, you have no way to backup it. No need
for unexportable flag: simply there's no command to export it.
And if the key is generated off-card and properly moved to the
smartcard afterwards, there's no way to export it either. It's only
On 11.09.2012, Peter Lebbing wrote:
The only sure-fire remedy against a
temp file that got deleted is a full wipe of the partition the file was on, as
far as I know.
You can mount /tmp and the various other tmpfiles to memory. That's
what I do (not for security reasons, but to have the tmp
On 28.08.2012, No such Client wrote:
I simply chose to keep my name private. Surely, on a public, crypto
mailing-list, with all sorts of interesting people, the idea of
privacy
would be understood no? real names or pseudonyms should be quite
irrelevant.. Is it not the content that counts?
Hi,
if someone gets physical access to an openpgp smartcard, where is
the weakest spot in the whole scenario then? Can the contents of the card
be copied, e.g. to circumvent the limited possibilities entering
the correct PIN / admin-PIN? Can the secret key be extracted to
brute-force the PIN /
Hi David,
On 15.08.2012, David Tomaschik wrote:
[]
Thanks for answering. There's no thread model so far - and I'm quite
shure that I'm not a target for any security agency :-)
The background for my question is simply what's in it for me if I use
such a card. Will the benefits outweight the
On 26.07.2012, Ben McGinnes wrote:
Also, if you had to pick one of those three, which would you choose
(for general purposes rather than a specific threat model and ignoring
the possible speed differences between AES and Serpent)?
As far as I know, none of those three is broken. So if
On 26.07.2012, Faramir wrote:
That's security through obscurity assuming the other one
won't know where to search for the key, which is not stored with
the right extension or in the most common place.
Not right, if your secret key is protected by a passphrase (or
strong password), it
On 25.07.2012, Faramir wrote:
Clearly I'm out of my league there. I had heard about that, but
later I also heard about stacking different algos (with different
keys
of course) to increase security.
What's the model of threat in your case, actually? Usually, the crypto
algorithm isn't the
On 25.02.2012, Gregor Zattler wrote:
obviousely not: http://www.crypto.com/blog/wiretap2010/ this
blogpost says that the 2010 US wiretap report says there were
zero cases where encryption blocked access for state agencies to
interesting data.
As far as I can see, this article totally lacks
On 10.08.2011, MFPA wrote:
The output from gpg --dump-options shows that both spellings are valid
(for v 1.4.11 at least).
Yes, now I see it, after you mentioned it. However, the manpage doesn't know
about
armour, and that was the motivation for my mail.
On 08.08.2011, Werner Koch wrote:
echo | /usr/bin/gpg --batch --sign --armour --clearsig
--passphrase-fd 0 $1
gpg --batch --sign --armour --clearsig --passphrase-fd 0 --yes -o $1.asc
$1
Shouldn't this be --armor
On 27.09.2010, Vjaceslavs Klimovs wrote:
2048 bit keys are suitable - it's user+sys what matters in this case,
but not real by all means, as that includes waiting for passphrase
input too.
Hmm, maybe I miss the point, but hey, we're living in the age where dual-
and quadcore processors are as
On 23.07.2010, Grant Olson wrote:
Just keep in mind that if you're not encrypting the whole disk, your
sensitive data can leak to /tmp and swap. I'm only bringing this up
because it seems like you've taken some elaborate steps to protect your
data.
I second that.
Besides, holding a GPG
On 09.01.2010, RobertHoltzman wrote:
Personally I think a lot of people care about privacy, but are just not
able and/or frightened to install something complex on their machines.
Then you get the contingent that sats I have nothing to hide.
What I've encountered is that lots of people
On 07.01.2010, Mario Castelán Castro wrote:
I think the WoT and in general the cryptography is not widely used
because few people really care about their privacity.
I think the overall stats for people using cryptography is that low
because it is or seems too complicated for them. A lot of
Hi,
seems I'm just too stupid today to find what's maybe obvious:
given an ascii armored gpg encrypted file, how can I find out what
algorithm has been used to encrypt the file?
Thanks,
Heinz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 05.09.2009, Werner Koch wrote:
The devolpment package is missing; i.e. the file pth.h .
The developement package was installed, but I found out that opensuse
compiles their packet with
--disable-static
--with-pic
--enable-optimize=yes
--enable-pthread=no
--with-gnu-ld
One or more of
On 04.09.2009, Werner Koch wrote:
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.13.
[]
I'm unable to compile this version on my system. The configure script
bails out with the following message:
[]
checking for nl_langinfo and
On 25.04.2009, David Shaw wrote:
Plus, both the GnuPG implementation and the PGP implementation are
available for review by anyone who wants to look at them. (PGP isn't
open source of course, but you can still get the source for review).
The PGP 9.xx sourcecode you can obtain from the PGP
68 matches
Mail list logo