On Tue, Jan 13, 2015 at 8:10 AM, Werner Koch w...@gnupg.org wrote:
On Mon, 12 Jan 2015 21:51, gn...@lists.grepular.com said:
Apparently some of the funds will be donated to the GnuPG project. I suspect
he hasn't been in contact, and I imagine the funds would not be welcome?
I have not heard
David,
I'm sorry you are having problems, but I think this is just nonsense.
Of course people move keys between machines all the time. I have done
it myself often. I don't think that anyone deserves that level of
abuse -- certainly not someone who has put years of work into a
program that is an
:
On 14/11/14 11:34, Nicholas Cole wrote:
David,
I'm sorry you are having problems, but I think this is just
nonsense. Of course people move keys between machines all the
time. I have done it myself often. I don't think that anyone
deserves that level of abuse -- certainly not someone who has
On Tue, Nov 11, 2014 at 2:21 PM, Bernhard Reiter bernh...@intevation.de wrote:
In https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html
the Mailpile developers would like to replace GnuPG with something better
and for the short term propose to extend GnuPG with a command line JSON
On Mon, Nov 10, 2014 at 4:41 PM, Werner Koch w...@gnupg.org wrote:
On Mon, 10 Nov 2014 12:52, nicholas.c...@gmail.com said:
How does unattended generation of elliptic curve keys work? As far as
I can see, that section of the manual has not been updated for the new
EC options, but I presume
I'm so sorry, Werner. I thought I'd checked the manual. Huge apologies.
On Tuesday, 11 November 2014, Werner Koch w...@gnupg.org wrote:
On Tue, 11 Nov 2014 12:56, nicholas.c...@gmail.com javascript:; said:
Is that still possible? In version 2.1, if no password is specified,
gpg2 tries to
On Fri, Nov 7, 2014 at 9:21 PM, Simon Nicolussi si...@sinic.name wrote:
The announcement read:
If you already have a version of GnuPG installed, you can simply
verify the supplied signature. For example to verify the signature
of the file gnupg-2.1.0.tar.bz2 you would use this command:
Dear List,
How does unattended generation of elliptic curve keys work? As far as
I can see, that section of the manual has not been updated for the new
EC options, but I presume that it has to work slightly differently.
Am I right that key-length is now a no-op? And how do you specify the
curve?
In the new gpg2 --version lists both ECDSA and EDDSA as supported
algorithms, but that doesn't seem to correspond to options in the
--expert --full-gen-key command. I presume that --full-gen-key
creates an ECDSA by default. Is that right?
Perhaps someone who knows about EC could write an FAQ on
On Mon, Nov 10, 2014 at 11:59 AM, Peter Lebbing pe...@digitalbrains.com wrote:
On 10/11/14 12:02, Nicholas Cole wrote:
So the confusion is
that you have one single command that deals with verifying both a
detached signature and with a file that contains a signature?
Yes.
Is the best fix
Just out of curiosity: DSA key sizes are now rounded to one of 3
values, whereas RSA keys are available in a range of sizes between two
limits. Why the difference?
Nicholas
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On Mon, Nov 10, 2014 at 12:25 PM, Peter Lebbing pe...@digitalbrains.com wrote:
On 10/11/14 13:03, Nicholas Cole wrote:
But in fact, it is the fact that scripts depend on this that made me
think that this might be a case where things *should* get broken,
because this is actually a serious
Hi Patrick,
Thanks for this! It's a really useful resource.
Are you able to explain how you managed to get GnuPG-2.1 to compile?
N.
On Sun, Nov 9, 2014 at 6:39 PM, Patrick Brunschwig patr...@enigmail.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm happy to announce the first
Hi Werner,
Building on OS X using
make -f build-aux/speedo.mk native INSTALL_DIR=/usr/local
gets what looks like most of the way and then fails with the error
shown below. Am I the only person experiencing this, or are others
hitting the same problem?
Best wishes,
N.
Undefined symbols for
Can anyone explain to me why one would want to continue using a key
and yet not simply change the expiry date? I really find all of the
examples being given to be incredibly contrived. It takes no time at
all these days to change the date and distribute the new key. As I've
said, if the tools
On Tuesday, 16 September 2014, Peter Pentchev r...@ringlet.net wrote:
On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
Can anyone explain to me why one would want to continue using a key
and yet not simply change the expiry date? I really find all of the
examples being given
I'll admit that I hadn't actually realised how hard it is to make
GnuPG change the expiry dates of subkeys at the same time as changing
the expiry date of the main key. What is the approved way to do this?
N.
___
Gnupg-users mailing list
On Monday, 15 September 2014, Hauke Laging mailinglis...@hauke-laging.de
wrote:
Hello,
after filing a bug report for my mail client because it does not allow
me to encrypt to an expired certificate (neither does Enigmail) I was
surprised to notice that I didn't manage to encrypt to an
On Mon, Sep 15, 2014 at 1:10 PM, Hauke Laging
mailinglis...@hauke-laging.de wrote:
If a key has an expiry
date, GPG can be very very certain that that key should not be used
You can't make assumptions for the reason a key has an expiry date.
Do you think these two statements are consistent?
On Mon, Sep 15, 2014 at 5:13 PM, Hauke Laging
mailinglis...@hauke-laging.de wrote:
[snip]
I have created his certificate. That is an offline mainkey and he is
probably not capable (or willing) to extend the validity period. He is
not going to replace the key. It is not considered compromised.
On Monday, 15 September 2014, Robert J. Hansen r...@sixdemonbag.org wrote:
Sorry. I've confused too issues. Yes, it is hard to enforce expiry
dates in a 'secure' way. I wasn't meaning to suggest it was
something openpgp should try to do. I don't think we should make it
easy to ignore
On Tue, Sep 16, 2014 at 1:12 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
That does not seem like an argument to me for telling the user what
is best for him.
Hauke, this entire argument is what I meant when I talked about gilding
the lily repeatedly. If you can find half a dozen *real
On Fri, Aug 15, 2014 at 6:54 PM, Richard Outerbridge ou...@interlog.com wrote:
Still waiting for my email address, yet my blackphone is already in
my hands. Keep up the good work.
I’m not going to bother with 2.1 until the Mac guyz come to their
senses about not forking the crypto. Could be
On Sun, Aug 17, 2014 at 10:14 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
Leaving aside the issue of how popular encryption of mail is - we are
faced with the fact that 98 per cent of computer users are completely
ignorant about software and hardware.
But even if they weren't, the
On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
On 8/16/2014 1:14 PM, Kristy Chambers wrote:
Sorry for that crap subject. I just want to leave this.
Meh. Color me unimpressed.
This was a terrific post. Thank you, Robert.
[snip]
* No forward secrecy. Not
On Sat, Jun 28, 2014 at 9:18 AM, Werner Koch w...@gnupg.org wrote:
On Fri, 27 Jun 2014 21:44, ds...@jabberwocky.com said:
I do admire the Neo form factor though.
The SCT3512 [1] with an OpenPGP card is also quite convenient:
http://werner.eifzilla.de/sct3512.jpg
I have taken off the
On Thu, Jun 5, 2014 at 4:55 PM, Werner Koch w...@gnupg.org wrote:
Hello!
I just released the fourth *beta version* of GnuPG 2.1. It has been
released to give you the opportunity to check out new features and
a new beta was due anyway after 30 months.
Dear Werner,
Congratulations on this.
On Wed, May 21, 2014 at 9:47 AM, Werner Koch w...@gnupg.org wrote:
On Wed, 7 May 2014 19:23, nicholas.c...@gmail.com said:
Is there any way to tell gnupg that I am actually entering a raw re
and do not wish it to do any conversion?
No.
FWIW, here is a comment describing how gpg uses the
If I tell gnupg to make a trust signature limited to the domain:
nowhere.com
it converts this into [^]+[@.]nowhere\\x5c.com$
I see the logic.
However, if I am trying to copy this re from one signature to another,
and I tell gnupg to limit a trust signature to
[^]+[@.]nowhere\\x5c.com$ , it
On Sat, May 3, 2014 at 8:54 AM, NdK ndk.cla...@gmail.com wrote:
Il 03/05/2014 01:10, Daniel Kahn Gillmor ha scritto:
Having such an assertion cryptographically bound to the OpenPGP
certificate in parseable form implies in some sense that you think a
mechanical process (e.g. WoT calculated
On Sat, Apr 19, 2014 at 3:35 PM, One Jsim one.j...@gmail.com wrote:
from:
http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery
at 2014-04-19T14:49+1
I retrieve
Yes, it is possible to create a public key with the same fingerprint as an
existing one, thanks to a
Dear list,
I've been implementing a local version of
http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
for some experimenting.
I have a server working listening on local host and replying with the
correct formats to the defined requests.
Everything works fine with version 4 keys, but if
On Sun, Jan 5, 2014 at 1:24 PM, Nicholas Cole nicholas.c...@gmail.com wrote:
Dear list,
I've been implementing a local version of
http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
for some experimenting.
I have a server working listening on local host and replying with the
correct
On Thu, Sep 19, 2013 at 6:44 PM, Werner Koch w...@gnupg.org wrote:
to create the key (if that is possible) so that people can make a
judgement about that kind of thing when they certify keys -- assuming
If Bobs decides to use NIST curve, why don't you want to send a mail to
him. It his his
On Wed, Sep 18, 2013 at 9:33 AM, Josef Schneider jo...@netpage.dk wrote:
On Wed, Sep 18, 2013 at 9:06 AM, Werner Koch w...@gnupg.org wrote:
The standard already allows for all kind of curses. They are specified
by an OID and I offered DJB to assign OIDs from the GnuPG arc. The
original
On Fri, Sep 13, 2013 at 12:22 AM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
GnuPG is currently not able to create a non-exportable self-sig. If you
try to do this, it gives an error:
WARNING: the signature will not be marked as non-exportable.
But: some people might never want
On Fri, Sep 13, 2013 at 3:29 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
On 09/13/2013 08:24 AM, Nicholas Cole wrote:
I don't think this is sensible. What is the point of a UID that
cannot be used by someone else? If the UID is shared with anyone else
(even privately), it must
On Fri, Sep 13, 2013 at 3:42 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
On 09/13/2013 09:49 AM, Peter Lebbing wrote:
On 2013-09-13 14:24, Nicholas Cole wrote:
The correct way would be to have keyservers
honour the no-modify flag, or perhaps have some notation on the ID
On Tue, Sep 3, 2013 at 10:07 AM, Pete Stephenson p...@heypete.com wrote:
On Mon, Sep 2, 2013 at 8:28 PM, Nicholas Cole nicholas.c...@gmail.com wrote:
On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit
hhhob...@securemecca.net wrote:
[snip]
Paradoxically, AES256 AES192 had
weaknesses
On Tuesday, 3 September 2013, Nicholas Cole wrote:
On Tue, Sep 3, 2013 at 10:07 AM, Pete Stephenson
p...@heypete.comjavascript:;
wrote:
On Mon, Sep 2, 2013 at 8:28 PM, Nicholas Cole
nicholas.c...@gmail.comjavascript:;
wrote:
On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit
hhhob
On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit
hhhob...@securemecca.net wrote:
[snip]
Paradoxically, AES256 AES192 had
weaknesses that made them less safe than AES (AES-128) several
years back. May I humbly suggest TWOFISH or one of the
CAMELLLIA ciphers as a first choice UNTIL you
On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider jo...@netpage.dk wrote:
I just use 4096 bit because that is the biggest size my OpenPGP Cards can
handle. In my opinion using a smart card instead of online keys increase
security far more than strange large key sizes!
I also see no point
Cancel that. My fault ... I'd missed that I had some old libraries
installed.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Fri, Jul 26, 2013 at 2:40 AM, Richard Outerbridge ou...@interlog.comwrote:
Werner:
No problems.
MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55)
Xcode 4.6.3
__outer
For some reason I get the following error when trying to build on Mountain
Lion OS X:
gcc -g -O2 -Wall
Dear List,
Is there a protocol documented anywhere for using PGP Keys for
client-server authentications? I assume that various naive approaches have
all sorts of serious problems.
Best wishes,
N.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario h...@qbs.com.pl wrote:
On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
Hello,
are there arguments for preferring either
a) having one RSA subkey for decryption only and one for signing only
or
b) having only one RSA subkey for both
On Tue, Dec 4, 2012 at 5:32 PM, Hubert Kario h...@qbs.com.pl wrote:
On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote:
On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario h...@qbs.com.pl wrote:
On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
Do any problems arise
Meant to post this to the list. Blame gmail.
-- Forwarded message --
From: Nicholas Cole nicholas.c...@gmail.com
Date: Tue, Dec 4, 2012 at 7:10 PM
Subject: Re: Seperate RSA subkeys for decryption and signing or one for both?
To: Hubert Kario h...@qbs.com.pl
How do you propose
On Monday, August 27, 2012, Arthur Rance wrote:
Hello,
I'm a noob and I'm going to export a subkey :
$ gpg --list-keys
pub 2048R/12345678 2010-01-01
uid Arthur Rance arthur_ra...@noob.comjavascript:_e({},
'cvml', 'arthur_ra...@noob.com');
sub 2048R/90123456
On Thu, Jul 26, 2012 at 8:34 PM, Kevin Kammer
lists.gn...@mephisto.fastmail.net wrote:
Well, the inevitable has happened, again.
I just upgraded from Mac OS X 10.7 to 10.8, and my ZeitControl cards,
which were formerly working perfectly, are now inaccessible.
~ $ gpg2 --card-status
gpg:
On Wed, Jul 11, 2012 at 11:25 AM, Werner Koch w...@gnupg.org wrote:
On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
V5 discussions will not kick off in earnest until NIST announces the new
hash standard, or so I've heard people from the working group say.
And even then it will take 5
---re #5: Is RSA-2048 really enough?
***start 2nd sentence : And other organizations to whom encryption
is important (such as RSA...*** [The world changes, and maybe
an explicit endorsement might not be so appropriate tomorrow,
but embarassing or similar to change then. Just mentioning
There's a slight confusion in these answers that I think it would be
really helpful to address in an FAQ.
Yes, there is. Unfortunately, the answer is kind of messy.
[ snip ]
Thank you for a really good and useful answer. I hope some of that
can make it into the FAQ.
If I understand you
On Tue, Jan 31, 2012 at 8:15 AM, Werner Koch w...@gnupg.org wrote:
On Tue, 31 Jan 2012 00:06, faramir...@gmail.com said:
Hello,
Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 (
0x4F25E3B6 ) the current key used for signing files? I suppose it is,
Yes, it is. See my OpenPGP
On Wed, Jan 4, 2012 at 9:33 AM, Werner Koch w...@gnupg.org wrote:
On Tue, 3 Jan 2012 21:16, go...@fsfe.org said:
Werner, is that correct? The card you gave me at FSCONS back in 2009
states that 3072 Bits is the maximum key size. I use 2048 Bit keys at
They state 3072 because that is what
On Wed, Jan 4, 2012 at 11:22 AM, Werner Koch w...@gnupg.org wrote:
On Wed, 4 Jan 2012 11:21, nicholas.c...@gmail.com said:
http://www.elliptictech.com/applications-suiteb.php (for example)
requests will be more and more common until gpg is capable of
supporting the latest state of the art.
On Wed, Jan 4, 2012 at 1:01 PM, Werner Koch w...@gnupg.org wrote:
On Wed, 4 Jan 2012 13:37, nicholas.c...@gmail.com said:
Is there any plan to back-port the ECC support?
No. We definitely need to move forward with 2.1 and not keep on
updating 2.0. It would be quite some work to integrate
On Friday, December 23, 2011, Werner Koch w...@gnupg.org wrote:
On Fri, 23 Dec 2011 19:29, nicholas.c...@gmail.com said:
How will this interact with the --homedir option? Will --homedir be
passed to gpg-agent or are the two entirely separate?
No it won't. The gpg-agent has its own
* GPG does not anymore use secring.gpg but delegates all secret key
operations to gpg-agent. The import command moves secret keys to
the agent.
How will this interact with the --homedir option? Will --homedir be
passed to gpg-agent or are the two entirely separate?
I ask because at the
On Tue, Dec 20, 2011 at 4:26 PM, Werner Koch w...@gnupg.org wrote:
* GPG does not anymore use secring.gpg but delegates all secret key
operations to gpg-agent. The import command moves secret keys to
the agent.
* The OpenPGP import command is now able to merge secret keys.
I see that
On Sat, Nov 26, 2011 at 7:10 PM, Werner Koch w...@gnupg.org wrote:
On Sat, 26 Nov 2011 18:25, nicholas.c...@gmail.com said:
The GPG project itself must have hit many of these issues. Is there a
No, we don't. GnuPG has originally been developed in Germany because we
have been able to do
It seems to be clear that there is a big demand of a single core
JavaScript OpenPGP implementation and we find more and more
projects and developers.
Dear Lists,
All these projects are very interesting. Forgive a slightly off-topic
but important question that they raise, though.
What are
Dear list,
Why is changing the --min-cert-level not enough to trigger an update
of the trust-db? Should it be?
Supposing a scenario in which a user is prepared to accept lower-level
certifications for low value communications, but requires higher level
certifications for others.
At present the
On Sat, Aug 27, 2011 at 1:03 AM, Doug Barton do...@dougbarton.us wrote:
I have a particular concern that if I sign a key with I checked
carefully that I really did. Moreover, I have a philosophical prejudice
that if I *can't* say I checked carefully, why bother?
That said, I have in the past
On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton do...@dougbarton.us wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/25/2011 11:02, Aaron Toponce wrote:
On 08/25/2011 11:56 AM, Jameson Graef Rollins wrote:
Do you want to sign every key in your keyring? If so, it's not
hard to get
On Fri, Aug 26, 2011 at 10:34 PM, Doug Barton do...@dougbarton.us wrote:
One could certainly argue that my doing this is verification step is
overly fussy (and you wouldn't be the first), but that's my policy.
I honestly did not mean to be critical. I was just struggling to see
the security
Dear List,
Is there any difference in the standard trust model between marking a
key level 1 (I don't know or won't say) and level 2 (I do NOT
trust)?
Best wishes,
Nicholas
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On Thu, Aug 11, 2011 at 7:52 PM, David Shaw ds...@jabberwocky.com wrote:
On Aug 11, 2011, at 10:49 AM, Nicholas Cole wrote:
Dear List,
Is there any difference in the standard trust model between marking a
key level 1 (I don't know or won't say) and level 2 (I do NOT
trust)?
Given the text
On Thu, Aug 11, 2011 at 7:52 PM, David Shaw ds...@jabberwocky.com wrote:
There is really no practical difference between the two in the default trust
model of GPG - either way, you're not giving key signatures made by that key
any weight in your web of trust.
Thanks, David. I had wondered
On Thu, Apr 21, 2011 at 1:38 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
In short: don't force a particular strategy on your users. Much
better to explain to users the general problem, and then leave it up
to them to pick a password.
Historically speaking, this has shown not to work.
Isn't the real problem that *any* policy (suggested or enforced)
reduces the complexity of guessing a password? The moment you start
saying pick three words separated by a space or dash or pick eight
random letters or the like you make it easier to attack a password.
My employer insists on
On Wed, Mar 23, 2011 at 12:27 PM, Mike Acker mike_ac...@charter.net wrote:
I really liked the idea of having the Membership Secretary sign a Public
Keyring for the Group Members and then to circulate that keyring to the
membership.
How to implement though, as members will need an additional
On Tue, Jan 11, 2011 at 10:04 AM, jimbob palmer jimbobpal...@gmail.com wrote:
In Firefox I can sign or encrypt or encrypt+sign an e-mail.
In what case would I want my encrypted emails also signed? Does it
provide any additional benefit over a pure encrypted email?
It is, in fact, trivial to
On Wed, Jan 12, 2011 at 5:52 AM, David Shaw ds...@jabberwocky.com wrote:
On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
On Tue, Jan 11, 2011 at 12:19 PM, d...@geer.org wrote:
If one is a purist, then one wants signencryptsign
See http://world.std.com/~dtd/#sign_encrypt
On Tue, Jan 11, 2011 at 12:19 PM, d...@geer.org wrote:
If one is a purist, then one wants signencryptsign
See http://world.std.com/~dtd/#sign_encrypt
That is a really interesting paper. Did the OpenPGP protocol ever
include a fix for the attack they describe?
Nicholas
On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin
d...@prime.gushi.org wrote:
Is there some reasonable way that gpg can detect that it has a controlling
termainal (or even, a config file option) and just ask me for my passphrase
on stdin?
Can you start gpg-agent separately - ie.
On Mon, Jun 28, 2010 at 8:35 PM, Doug Barton do...@dougbarton.us wrote:
On Mon, 28 Jun 2010, Nicholas Cole wrote:
On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin
d...@prime.gushi.org wrote:
Is there some reasonable way that gpg can detect that it has a
controlling
termainal
On Sat, Nov 28, 2009 at 3:47 PM, David Shaw ds...@jabberwocky.com wrote:
[snip]
I'd suggest starting with the various calculators on
http://www.keylength.com/
A very interesting website. I followed the links, and found this document:
Hi all. This is a query mostly for my own interest, but I think it
might point to a change in the documentation being required.
I was slightly confused by this message
http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036361.html
David suggests (as I read it) that an RSA key created with
Dear David,
Thanks for, as ever, excellent clarification.
Best wishes,
N.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Mon, May 25, 2009 at 6:25 PM, John Clizbe j...@mozilla-enigmail.org wrote:
Nicholas Cole wrote:
It's a small point and I don't mean to get side-tracked, but if any
front-ends have used this menu, I rather fear that you have replaced
one evil (not using the right default) with a worse one
On Mon, May 4, 2009 at 9:24 AM, Werner Koch w...@gnupg.org wrote:
On Fri, 1 May 2009 05:58, a...@smasher.org said:
so... when is the open-pgp spec moving beyond SHA1 hashes to identify
public keys? what's next? will it have to be a bigger hash?
OpenPGP does not claim that the fingerprint is
On Mon, May 4, 2009 at 10:01 PM, John W. Moore III
jmoore...@bellsouth.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Nicholas Cole wrote:
How does GPG cope if two keys on the keyring have the same FP? AFAICS
that would make things very difficult for most of the front-ends
On Tue, Sep 30, 2008 at 7:44 AM, Werner Koch [EMAIL PROTECTED] wrote:
On Mon, 29 Sep 2008 22:17, [EMAIL PROTECTED] said:
Is there any way to correctly 'guess' the settings for the
GPG_AGENT_INFO variable (for the case where gpg-agent has been called
with --use-standard-socket)?
That is
gpg-agent can tell whether gpg-agent is running, but if the
environment variable has not been properly set, there seems to be no
way to set it without killing the gpg-agent process and starting it
again.
Is there any way to correctly 'guess' the settings for the
GPG_AGENT_INFO variable (for the
Apologies for a slightly OT question, since this is not gpg-specific,
but I thought it would be a good place to ask.
Section 4 of RFC 3156 (PGP/MIME) says:
Before OpenPGP encryption, the data is written in MIME canonical
format (body and headers).
Am I right that an encrypted message should
On Thu, Aug 7, 2008 at 3:06 AM, Werner Koch [EMAIL PROTECTED] wrote:
* By default, do not allow processing multiple plaintexts in a
single stream. Many programs that called GnuPG were assuming
that GnuPG did not permit this, and were thus not using the
plaintext boundary
On Thu, Aug 7, 2008 at 10:49 AM, Werner Koch [EMAIL PROTECTED] wrote:
On Thu, 7 Aug 2008 14:37, [EMAIL PROTECTED] said:
The issue I was reporting was that this option doesn't seem to do
anything at all, at least for armoured messages. I haven't done any
further testing. Are you saying that
I don't know if this is a bug, or my own misreading of the
documentation, but --allow-multiple-messages doesn't quite seem to do
what the documentation leads me to expect:
quote
Allow processing of multiple OpenPGP messages contained in a
single file or stream.
/quote
If I create a file with
On Sat, Mar 1, 2008 at 11:46 AM, Richard Hartmann
[EMAIL PROTECTED] wrote:
On Fri, Feb 29, 2008 at 6:40 PM, Brian Smith [EMAIL PROTECTED] wrote:
The basic assumption is that a key signing is good and that
you actually gain something from it.
That is the assumption that I am
On Sat, Feb 16, 2008 at 3:00 AM, Texaskilt [EMAIL PROTECTED] wrote:
Looks like this is ADK. Is there any way to do this on gpg?
GPG does not implement ADK. I think that, historically, it seemed too
much like the kind of key escrow systems that governments have from
time to time talked about
On Tue, Feb 19, 2008 at 1:23 PM, David Picón Álvarez
[EMAIL PROTECTED] wrote:
I know that ADK can be circumvented by a determined attacker, but it
strikes me as a useful feature, and I have never quite understood the
opposition to it. It would have made encryption more palatable in
Just to address the original point of the thread, though, could you
not use sub-keys to achieve the most of the effect you want?
Have everyone share an encryption/decryption subkey, but have their
own separate signing keys. The disadvantage would be that anyone in
the group (ie not just an
On Tue, Feb 19, 2008 at 5:49 PM, David Shaw [EMAIL PROTECTED] wrote:
Even if the patent issue was resolved, it doesn't really solve much to
have GPG follow the ADK. GPG is distributed as source - easy enough
for someone to simply comment out the ADK code if they didn't want it
to take
On 8/7/07, Robert J. Hansen [EMAIL PROTECTED] wrote:
Problem 1: key signatures. He says he couldn't figure out what he
needed to do with the keys. Did he need to sign them? Trust them?
What's validity and otrust again? Who should be set up as a trusted
introducer? Why wasn't the cursed
Of course that it doesn't mean that HTML should be
banished completely
from the 'lectronic mail world, but it has its
essential limitations as
for the cryptographic routines.
Mica,
Thank you for your email. It made me reflect. I had
been ignoring this discussion. HTML emails are here
to
Nicholas Cole wrote:
Is there anything else about an HTML email that
raises a red flag
from a security point of view?
Define 'HTML email', please. If you're talking
about simple XML, the
security concerns are different than if you're
talking about putting
Javascript + Flash + ActiveX
--- Werner Koch [EMAIL PROTECTED] wrote:
Hi,
I received yet another logo suggestion and thus I
decided to setup a
web page to show them all:
http://logo-contest.gnupg.org/
My vote, such as it is, is for the one on the far
right by Simon Josefsson.
I don't have the artistic skills to
--- Kurt Fitzner [EMAIL PROTECTED] wrote:
Realos wrote:
What would you suggest in this case? A brute force
attack with some
software if I know part of the password? What tool
is suitable for that?
There isn't any software that I know of to
brute-force a GnuPG password.
Actually,
--- Tad Marko [EMAIL PROTECTED] wrote:
You can't. That's like asking how you can stop
other people from
printing out badges that say I am Tad Marko and
pinning them to their
shirts.
I'm not asking for that. I want them to not say that
a given key goes
to [EMAIL PROTECTED]
100 matches
Mail list logo