Re: Top-posting

On 04/28/2016 11:30 PM, Viktor Dick wrote: > On 2016-04-29 06:54, Paul R. Ramer wrote: >> Personally, I would rather not have to hit the "Page Down" button >> *every* time I wrote an email (provided I have full-size keyboard). If >> you are always varying from t

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 04/26/2016 05:24 AM, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 2:20 PM, Daniel Pocock wrote: >> You can use the wiki to link to the Github tasks that are relevant to >> using epgp in the Live CD, you don't have to copy the details of each >> task, just link to them >>

Re: Top-posting

On 04/28/2016 02:49 AM, Paolo Bolzoni wrote: > However, you can move around with keyboard even in "modern" mua. When > using normal keyboards I think you are exagerating a bit. The problem > is indeed annoying with limited keyboards, though. Personally, I would rather not have to hit the "Page

Re: Querying gpg-agent configuration options

On 04/26/2016 07:20 PM, Eric Pruitt wrote: > On Tue, Apr 26, 2016 at 07:13:29PM -0700, Paul R. Ramer wrote: >> I didn't see any indication of such a feature from the man page, but you >> could just look at the gpg-agent.conf file. > > It's not that simple. I would also need

Re: Querying gpg-agent configuration options

On 04/26/2016 02:31 PM, Eric Pruitt wrote: > Is it possible to query the configuration of a running gpg-agent? In > particular, I would like to query the running agent to see what > values are being used for default-cache-ttl and max-cache-ttl. I have > reviewed the documentation for

Re: Help needed

On 04/24/2016 10:59 AM, Peter Lebbing wrote: > As for the OP's other questions, I can't answer them very well because I > don't know MacOS, but I can give you advice: could you please indicate > what software you are using? What mail client, what other GnuPG-related > software? You say you compose

Re: Help needed

On 04/24/2016 09:51 AM, Daniel H. Werner wrote: > I downloaded GPGTools on my Mac laptop (I have not done it on my Mac desktop > yet > as I want to be sure I know what I am doing!!!) and did the Install. > I Imported my existing keys. > And I have several question/problems: First off, I can't

Re: where is gnupg configure file

On 04/01/2016 01:21 AM, mick crane wrote: > from what I read I don't think I can use gpg2 because > Debian GNU/Linux 8 (jessie)apt uses gpg1 at present. > I'm certain private-keys-v1.d was there before I attempted to use > enigma/roundcube. Debian has a package for GnuPG 2, which is gnupg2. If

Re: [Announce] GnuPG 2.0.29 released

On 03/31/2016 04:12 AM, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-2.0 > release: Version 2.0.30. This is a maintenance release which fixes a > couple of bugs. The subject line is about v2.0.29 instead of v2.0.30. Just FYI. -Paul

Re: How to silence gpg-agent?

On 03/16/2016 12:11 AM, Dashamir Hoxha wrote: > On Wed, Mar 16, 2016 at 7:30 AM, Dashamir Hoxha > wrote: >>> You can stop it by --no-auto-check-trustdb option. >>> >> > Actually, there is no problem if GnuPG checks trustdb periodically, I just > don't want it to spill the

Re: Nearly fixed

On November 15, 2014 10:02:44 AM PST, Samir Nassar sa...@samirnassar.com wrote: For those of you who come to David's post in the future through the mailing list archive: Disregard this misconception. Many of us, myself included, use gpg2 on a 64bit system without a problem. Personally, I have

Re: The Facts:

On November 15, 2014 3:52:02 AM PST, da...@gbenet.com da...@gbenet.com wrote: [snip] david@laptop-1:/media/david/store$ gpg -ao --import --allow-non-selfsigned-uid david-public.key gpg: armour header: Version: GnuPG v1.4.11 (GNU/Linux) pub 4096R/AAD8C47D 2014-08-17 postmaster (There's always

Re: Crypto Stick vs Smart Card Reader /w Pin Pad

On August 29, 2014 11:37:27 AM PDT, Jonathan Brown jonbrownmaste...@gmail.com wrote: Is the crypto stick which is fully open source and open hardware more secure than a Gemalto smart card reader with pin pad built in? Which of these would make you more of a hard target and increase security. I

Re: how to do

On July 9, 2014 11:40:06 AM PDT, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 9 July 2014 at 5:54:36 PM, in mid:3222188.kZ1ztGDBqg@inno, Hauke Laging wrote: Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd: which means

Re: GPG's vulnerability to quantum cryptography

On July 6, 2014 4:40:13 PM PDT, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 6 July 2014 at 3:25:57 PM, in mid:53b95c75.5030...@vulcan.xs4all.nl, Johan Wevers wrote: Since I don't know when I will consider a key

Re: riseup.net OpenPGP Best Practices article

On June 26, 2014 8:26:16 AM PDT, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: As for arguments about use on smartcards -- if you plan to get a smartcard, and you have a primary key that is too large for it, you can always generate and publish new subkeys that will fit in your smartcard. If

Re: How to determine who signed what

On June 1, 2014 10:45:45 AM PDT, frank ernest do...@mail.com wrote: Hi again, I have been browsing and downloading gpg signed files and I'm acctually been downloading the sigs! However, I'm having trouble figuring out who signed what. Is there some way to determin this using the sig? Perhaps it

Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?

On January 30, 2014 1:15:08 PM PST, Donald Morgan Jr. donaldmorga...@gmail.com wrote: If you know a user has a signature that they use to always end a message with, does that data aid in the decryption of the file? Would this exploit be applicable to symmetric encryption methods as well? A

Re: Trouble reseting OpenPGP card after admin PIN lockout

On 01/21/2014 03:23 AM, Peter Lebbing wrote: TL;DR: I think you might be helped by [4]. Do an scd killscd from gpg-connect-agent, install and start pcscd, install the Python module pyscard and run the script from [4]. By the way, if you have an OpenPGP v.1 card, you're screwed, they

Trouble reseting OpenPGP card after admin PIN lockout

Hello, I am having trouble reseting an OpenPGP card on which I locked the admin PIN. Running gpg2 --card-status gives me the following error: gpg: OpenPGP card not available: Not supported When I try the instructions to reset the card from

Re: Is there a chance smartcards have a backdoor? (was Re: Any future for the Crypto Stick?)

Peter Lebbing pe...@digitalbrains.com wrote: On 05/12/13 13:20, Paul R. Ramer wrote: On that note, why assume that the manufacturer would not do the opposite: feign helping the spy agency by giving them a compromised ROM and then substituting a secure one on the real product. In either case, we

Re: Any future for the Crypto Stick?

Peter Lebbing pe...@digitalbrains.com wrote: On 02/12/13 20:37, Andreas Schwier (ML) wrote: Wait a second - you can not simply hide a backdoor in a Common Criteria evaluated operating system. There are too many entities that would need to be involved in the process Why couldn't the

Re: article about Air Gapped OpenPGP Key

adrelanos adrela...@riseup.net wrote: When one uses a Live system for its air gapped OpenPGP key, one would have to constantly remember re-creating this that gpg.conf. (Gone after reboot.) Not necessarily. You can plug in a USB drive with your custom gpg.conf file on it, for example. A more

Re: Setting encryption algorithm for specific key

Johan Wevers joh...@vulcan.xs4all.nl I communicate with someone whose key tells me it supports IDEA, and since that's my prefered algorithm my gpg uses it to encrypt the message. However, het setup does not in fact support it (any more, it used to do in the past). Re-signing the key is no option,

Re: How to add information about purpose/security of sub keys?

adrelanos adrela...@riseup.net wrote: - [b] and [c] for convenience, communication which isn't that important - [c] to sign software / apt repository - [a] to sign important messages (key transition etc.) - [f] little convenience, for receiving important messages What is the best way to make key

Re: trust your corporation for keyowner identification?

Leo Gaspard ekl...@gmail.com wrote: However, to come back to the initial problem, I still believe the key change problem (ie. owner of K1 switchs to K2) does not require re-verifying ownership etc. (BTW, isn't this also why transition statements, like

Re: trust your corporation for keyowner identification?

Leo Gaspard ekl...@gmail.com wrote: You are right. Decryption is sufficient to demonstrate control of the private key, because if he can decrypt, he can also sign. What I said, decrypt and sign, was redundant. Well... I still do not understand why decryption is sufficient to demonstrate

Re: trust your corporation for keyowner identification?

On 11/05/2013 09:26 AM, Leo Gaspard wrote: On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote: I don't know how I can explain it any better than I have. I think you are confusing assertion with verification. Unless you can differentiate between the two in this case, I don't think

Re: trust your corporation for keyowner identification?

On Tuesday 5 November 2013 at 11:03:19 PM, in mid:52797937.5090...@gmail.com, Paul R. Ramer wrote: But if you sign it with an exportable signature, you are saying to others that you have verified the key. In the absence of a published keysigning policy, isn't that an assumption? Signing

Re: Newbie question on GPG and PHP running from a webpage

Griffin Cheng [CLIB] csch...@cpce-polyu.edu.hk wrote: Hello, I am new to GPG, especially writing programs to decrypt stuff. Is this the right mailing list to ask? gnupg-users is for most discussions and gnupg-devel is for programming/development specific questions. HTH. Cheers, --Paul --

Re: trust your corporation for keyowner identification?

MFPA expires2...@ymail.com wrote: Why do we need to establish they can also sign? Isn't it enough to demonstrate they control the email address and can decrypt, by signing one UID at a time and sending that signed copy of the key in an encrypted email to the address in that UID? You are right.

Re: trust your corporation for keyowner identification?

Stan Tobias st...@privatdemail.net wrote: Yes, but by remote communication. The reasoning goes like this: The signature is validated by my certificate (or, in case 2a, by my friends' whom I trust fully). The message is authenticated by X's valid signature, therefore the message has not been

Re: trust your corporation for keyowner identification?

On 11/02/2013 02:25 PM, Leo Gaspard wrote: On Sat, Nov 02, 2013 at 11:02:57AM -0700, Paul R. Ramer wrote: Stan Tobias st...@privatdemail.net wrote: Yes, but by remote communication. The reasoning goes like this: The signature is validated by my certificate (or, in case 2a, by my friends

Re: trust your corporation for keyowner identification?

On 11/02/2013 07:34 PM, Leo Gaspard wrote: Well... 1) Checked by the other key's message. Because signed (K1) message from Alice, saying she has access to K2, means any UID on K2 named Alice is as right as the equivalent UID on K1. So the UIDs are correct. 2) Checked by the

Re: Quotes from GPG users

Sam Tuke samt...@gnupg.org wrote: Hi all, I'm working with Werner to promote GnuPG and raise awareness. To that end we're collecting quotes from users - endorsements from people who know and trust GPG, people like you. If you want to help us, send your own statement about why GPG is important to

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

Robert J. Hansen r...@sixdemonbag.org wrote: Let's say that tomorrow I lose my passphrase and make a new keypair. Then in 25 years someone approaches me with a signed OpenPGP message dated Christmas 2013, saying I agree to pay you one million dollars at Christmas 2038. I scream it's a forgery,

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

On 10/26/2013 07:36 AM, Robert J. Hansen wrote: On 10/26/2013 12:16 AM, Paul R. Ramer wrote: I am not saying that any one should use 2048 bit RSA because the DoD uses it. It is just a data point. That being said, I am doubtful that classified discussions are being done over email. CAC

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

Johan Wevers joh...@vulcan.xs4all.nl wrote: On 25-10-2013 1:46, Robert J. Hansen wrote: Mostly zealotry. According to NIST, RSA-2048 is expected to be secure for about the next 25 years. The authority of NIST is of course severely reduced since the Snowden revelations and their own suspicious

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

On 10/24/2013 04:46 PM, Robert J. Hansen wrote: Is this zealotry on the Debian front, or something to update in gnupg? Mostly zealotry. According to NIST, RSA-2048 is expected to be secure for about the next 25 years. To add further to this, the U.S. military uses 2048 bit RSA keys for

Re: 2048 or 4096 for new keys? aka defaults vs. Debian

Sylvain b...@beuc.net wrote: Hi, I saw a lot of activity in the Debian project about upgrading to a 4096 RSA key, e.g. http://lists.debian.org/debian-devel-announce/2010/09/msg3.html However GnuPG's default is 2048. Is this zealotry on the Debian front, or something to update in gnupg? Hi,

Re: trust your corporation for keyowner identification?

Robert J. Hansen r...@sixdemonbag.org wrote: On 10/22/2013 11:01 AM, Stan Tobias wrote: That phrase, to a sufficient degree, is important. You cannot ever verify someone's identity 100%, not even with DNA testing -- it's always possible they have an identical twin, always possible the lab work

Re: trust your corporation for keyowner identification?

Stan Tobias st...@privatdemail.net wrote: Peter Lebbing pe...@digitalbrains.com wrote: On 24/10/13 01:15, Stan Tobias wrote: , then why do we believe WoT authenticates anything? Why do we accept, for example, a conversation by telephone to validate a key fingerprint? Because these are

RE: Decrypt Issue

Diaz, John, A jd...@azdes.gov wrote: Good morning Paul. Instead of having the mainframe run a process to call the script on the server, I was able to get an answer from 'them' regarding when the file would be available, and I've scheduled the process to run on the server. All is well now.

Re: Decrypt Issue

On 09/25/2013 09:36 AM, Diaz, John, A wrote: Spoke too soon. The wrong path was part of the problem, but I’m still having the issue: Mainframe calls .bat file that calls C# application that calls second .bat file to call GnuPG to decrypt a file. Once decrypted, other stuff happens,

Re: Decrypt Issue

On 09/10/2013 06:41 AM, Diaz, John, A wrote: Spoke too soon. The wrong path was part of the problem, but I’m still having the issue: Mainframe calls .bat file that calls C# application that calls second .bat file to call GnuPG to decrypt a file. Once decrypted, other stuff happens,

Re: How to add authentication capabilities to an existing key?

Anthony Papillion anth...@cajuntechie.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Is there a good way to add authentication capabilities to an existing RSA key? I see how to toggle it if I create a new subkey but not how to add it to an existing key. [snip] Hello Anthony, As far

Re: The symmetric ciphers

Philipp Klaus Krause p...@spth.de wrote: I wonder if it would be a good idea to have an option to combine symmetric ciphers, e.g. users could state a preference list like this: TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES The meaning of A+B would be to encrypt using A first, and then encrypt the

Re: Issues with primary key subkeys on different smartcards

On 09/06/2013 03:08 PM, Pete Stephenson wrote: On Thu, Sep 5, 2013 at 8:35 PM, Pete Stephenson p...@heypete.com wrote: Quick followup: I was also able to create the correct private key with stubs pointing at both smartcards by loading the actual private keys onto the smartcard using keytocard,

Re: Decrypt Issue

On 09/04/2013 01:54 PM, Diaz, John, A wrote: Mainframe calls .bat file that calls C# application that calls second .bat file to call GnuPG to decrypt a file. Once decrypted, other stuff happens, e-mails are sent, blah, blah, blah. Here's the issue: When the mainframe calls the .bat file to

Re: gpg for anonymous users - Alternative to the web of trust?

On 03/29/2013 11:17 AM, adrelanos wrote: Using your real identity would be the alternative. The trade-off is easier key signatures vs. identity obscurity. It would only be safer in the sense that there won't be a scandal when/if your identity is uncovered. Why would that be a scandal?

Re: Export key to multiple servers

On Mon, 2009-09-28 at 09:46 -0700, kearney wrote: I am trying to export a secret key created on my local box to multiple servers. Let's say the key is 12345678. The goal is to have 1 script which runs on all the servers to encrypt and backup the data to S3. And 1 script to decrypt the data