How to detect patched versus bugged gpg binary

Question about GPG versions: Due to CVE-2016-6313, I put out a new version of Confidant Mail where the Windows and Mac binaries include GPG 1.4.21. I also put in a pop-up dialog to warn if someone uses it with a pre-1.4.21 version of GPG. However, Debian and Tails 2.6rc1 have patched 1.4.18

Re: Batch key creation curve25519 not working in version 2.1.12 Windows

I tried my inputs with eddsa instead of ecdsa and it worked. Not sure if there is still a bug to report? Thank you for the workaround. On 5/6/2016 1:58 AM, NIIBE Yutaka wrote: On 05/06/2016 05:59 AM, Mike Ingle wrote: Key-Type: ecdsa Name-Real: t 6 Subkey-Curve: Curve25519 Subkey-Usage

Batch key creation curve25519 not working in version 2.1.12 Windows

GPG version 2.1.12 added support for Curve25519 sign and encrypt. I am trying to support such keys in Confidant Mail. Installed from gnupg-w32-2.1.12_20160504.exe If I create a key manually I get: GOOD pub ed25519/C850D9A5 2016-05-05 [SC] uid [ultimate] test 3 sub

Build script problem with gnupg 2.1.3

I am building gnupg 2.1.3 to try out, and I ran into a bug in the build script. If you run ./configure --help in libgcrypt-1.6.3, it says: Optional Packages: --with-PACKAGE[=ARG]use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS]

Re: GPG 1.4.19 homedir Command

Both of these worked for me. F:\c:\Program Files (x86)\GNU\GnuPG\gpg.exe --homedir f:\abc def\gpg --list-keys F:\c:\Program Files (x86)\GNU\GnuPG\gpg.exe --homedir \abc def\gpg --list-keys Try dropping the initial double slash. On 4/6/2015 12:37 PM, Clark Rivard wrote: Hi I am running

Re: One alternative to SMTP for email: Confidant Mail

Any word on whether confidant mail will support the openpgp smart cards (or yubikey, similar)? -Nick With GPG 2.1, the gpg-agent handles all the passphrase prompting. I don't see why it would not work with a smartcard. Which one do you think I should get to test with? I have not played

Enabling and using ECC keys (any reason not to?)

The current version of Confidant Mail for Windows includes GPG 1.4.19. However, the code is written to support version 2.1 and ECC keys. If you point it to GPG 2.1, it will let GPG handle passphrases, and will let you create and rotate ECC keys. Is there any reason not to start using them? I

Re: One alternative to SMTP for email: Confidant Mail

From the bit of testing I did with it, it seems the email address is merely used as a user identifier. The domain is irrelevant. You could use nob...@nonexistent-domain.com and it would still work. The email address doesn't actually have to exist. I don't think it does since the email

Re: One alternative to SMTP for email: Confidant Mail

At present, there is no key verification built in and you have to check the key fingerprint (which is always shown to the right of the address) or check a signature chain on your key using a GPG key manager. Or you can Trust On First Use, if it suits your threat model. That's more or

Re: One alternative to SMTP for email: Confidant Mail

Notwithstanding the security compromise from building SMTP gateways, some people are pretty attached to their favourite MUA. Have you any thoughts about accommodating them by enabling your Confidant Mail client or server to function as a local email proxy? The user interface has to do a lot of