Question about GPG versions:
Due to CVE-2016-6313, I put out a new version of Confidant Mail where
the Windows and Mac binaries include GPG 1.4.21.
I also put in a pop-up dialog to warn if someone uses it with a
pre-1.4.21 version of GPG. However, Debian and Tails 2.6rc1
have patched 1.4.18
I tried my inputs with eddsa instead of ecdsa and it worked. Not sure if
there is still a bug to report?
Thank you for the workaround.
On 5/6/2016 1:58 AM, NIIBE Yutaka wrote:
On 05/06/2016 05:59 AM, Mike Ingle wrote:
Key-Type: ecdsa
Name-Real: t 6
Subkey-Curve: Curve25519
Subkey-Usage
GPG version 2.1.12 added support for Curve25519 sign and encrypt. I am
trying to support such keys in Confidant Mail.
Installed from gnupg-w32-2.1.12_20160504.exe
If I create a key manually I get:
GOOD
pub ed25519/C850D9A5 2016-05-05 [SC]
uid [ultimate] test 3
sub
I am building gnupg 2.1.3 to try out, and I ran into a bug in the build
script.
If you run ./configure --help in libgcrypt-1.6.3, it says:
Optional Packages:
--with-PACKAGE[=ARG]use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS]
Both of these worked for me.
F:\c:\Program Files (x86)\GNU\GnuPG\gpg.exe --homedir f:\abc
def\gpg --list-keys
F:\c:\Program Files (x86)\GNU\GnuPG\gpg.exe --homedir \abc def\gpg
--list-keys
Try dropping the initial double slash.
On 4/6/2015 12:37 PM, Clark Rivard wrote:
Hi
I am running
Any word on whether confidant mail will support the openpgp smart
cards (or
yubikey, similar)? -Nick
With GPG 2.1, the gpg-agent handles all the passphrase prompting. I
don't see
why it would not work with a smartcard. Which one do you think I should
get to
test with? I have not played
The current version of Confidant Mail for Windows includes GPG 1.4.19.
However, the code is written to support version 2.1 and ECC keys. If you
point it to GPG 2.1, it will let GPG handle passphrases, and will let
you create and rotate ECC keys.
Is there any reason not to start using them? I
From the bit of testing I did with it, it seems the email address is
merely used as a user identifier. The domain is irrelevant. You could
use nob...@nonexistent-domain.com and it would still work. The email
address doesn't actually have to exist.
I don't think it does since the email
At present, there is no key verification built in and
you have to check the key fingerprint (which is always
shown to the right of the address) or check a signature
chain on your key using a GPG key manager.
Or you can Trust On First Use, if it suits your threat model.
That's more or
Notwithstanding the security compromise from building SMTP gateways,
some people are pretty attached to their favourite MUA. Have you any
thoughts about accommodating them by enabling your Confidant Mail
client or server to function as a local email proxy?
The user interface has to do a lot of
10 matches
Mail list logo