Vanity Keys

ut it: https://news.ycombinator.com/item?id=8873182 Apparently some of the funds will be donated to the GnuPG project. I suspect he hasn't been in contact, and I imagine the funds would not be welcome? -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC

Re: Automatic e-mail encryption

ff which was not encrypted when it was sent: https://grepular.com/Automatically_Encrypting_all_Incoming_Email https://grepular.com/Automatically_Encrypting_all_Incoming_Email_Part_2 -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F

Re: Calculating the Private Key

mailbox.org is useful. Maybe we'll have to look at this topic again in > 10 years or so. FWIW, if you run your own mail system, this is a fairly trivial feature to set up. I've been doing it myself for about three and a half years. Here's how I do it, including links to the softwa

Re: How to determine who signed what

s so you don't have to do this particular step, you can add e.g the following to your ~/.gnupg/gpg.conf file: keyserver keys.gnupg.net keyserver-options auto-key-retrieve -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC

Re: Google releases beta OpenPGP code

gs about the state of OpenPGP.js source code yesterday: https://news.ycombinator.com/item?id=7843297 -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1

Re: Access to www.gnupg.org only via TLS

For the average person, SSL warnings are a nuisance that needs to be ignored and clicked so they can continue doing what they were doing. For the average geek, an SSL warning seems to be a declaration of War. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC

Re: We are now at ic6au7wa3f6naxjq.onion

e. Also, note that the link there is none-https, which would redirect people out of the "secure" version of the site if they're using a browser which does not support HSTS, e.g Internet Explorer 11 and below. -- Mike Cardwell https://grepular.com https://emailprivacytester.com Ope

Re: Managing Subkeys for Professional and Personal UIDs

known, and at no point was it discouraged. Several of my colleagues also used OpenPGP, although I don't believe any of them used a smart card. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR

Re: Managing Subkeys for Professional and Personal UIDs

my work machine, so I never have to worry about it being compromised. When I left my previous job, I revoked the UID containing the email address assigned by that company, and then added the new UID for the new company. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP K

Re: It's 2014. Are we there yet?

replaced by a similar but better protocol (HTTP). I would be happy to see Email replaced by a similar but better protocol. It will probably still be called Email though. I think it's more likely that various Email protocols will be extended and refined rather than an outright replacement thoug

Re: It's 2014. Are we there yet?

ote on wikipedia, but people will still be using Email, in some form or other. There will always be a system for pushing messages around electronically that isn't tied to a single provider. If email is replaced, it will be by something similar to email. Not by whichever social ne

Re: PGP/GPG does not work easily with web-mail.

Also, if there are any XSS flaws, there's another potential way of losing the key. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 si

Re: GnuPrivacyGuard for Android v0.3 released!

s with APG to add OpenPGP encryption for email... -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description:

Re: Printing PGP Businesscard

1ZHpGa9VTvYaoPXX > > B9wx+EcqNysF/6FTVNC2dZwKPULK6niA5l/CIf61GW+cMt0IczBmO9GhUxnd+1px > > hd2uhcCWXXzR/Gm2VJNA > > =Ig2O > > -END PGP SIGNATURE- > > > > ___ > > Gnupg-users mailing list > > Gnu

Re: gpg-rsa-key decryption with a mobile

1. I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable to the attack in question? Also, what about the Crypto Stick? Presumably these generate the same sort of noise during signing/decryption that the CPU would, but there's nothing GnuPG can do in software to mask i

Re: Using GPG for reading email in VPS

side channel attack. > In this context is there any best practices? I was thinking creating a new > signing subkey and removing the master private key from keyring that I want > to upload to the VPS. That way I might limit the damage to the subkey alone > while keeping the maste

Re: gnupg for android phones

carry a smart card reader around with me, or the patience to pull it out and plug it in each time I want to read an email/sms. I agree that it would be cool though. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 46

Re: OpenPGP Card "CHV* failed: general error"

> verification and increment it later (so that you can't mount power > glitch attacks). Damn. I didn't run any automated tests... What other operations can only be performed a limited number of times with one of these cards? If I were to PGP sign or decrypt 10,000 emails would t

Re: OpenPGP Card "CHV* failed: general error"

to the card. The c=00 i=20 indicates the > verify command which fails for you. If it works the next line would be > a > > scdaemon[17805]: DBG: response: sw=9000 datalen=0 > > However your SW will be different. What is it? 6581: 2011-08-10 10:16:02 scdaemon[5153] D

OpenPGP Card "CHV* failed: general error"

ated Smart Card Reader 00 00' Application ID ...: D2760001240102050D58 Version ..: 2.0 Manufacturer .: ZeitControl Serial number : 0D58 Name of cardholder: Mike Cardwell Language prefs ...: en Sex ..: unspecified URL of public key : [not set] Login da

Re: How secure are smartcards?

ate and use it to decrypt my files. I am thinking of hard coding *part* of my pin into gpg on my primary system, so I can only be observed typing in part of the pin. Every little helps. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/

Re: How secure are smartcards?

> v2 card uses a modern chip and card OS and thus the effort to read off > the key wouldn't be worth what you will gain from it. That is reassuring. Although, I'd be happier if I could find a technical description of the feasibility of such an attack. But if one doesn&#x

Re: How secure are smartcards?

e more secure leaving the key on your laptop encrypted with a strong pass phrase. It's a judgement call. When I say a rich/powerful adversary, this could include industrial espionage as well as governments. Ideally the key would be encrypted on the smartcard. I haven't found anythi

How secure are smartcards?

smartcard chipset by looking directly at the circuitry? Are the keys on the smartcard perhaps encrypted with the access PIN? That still wouldn't be perfect, definitely easier to bruteforce than a long passphrase, but it would be better than nothing... -- Mike Cardwell https://grepu