Re: Seeking Assistance with GnuPG for Signing Arbitrary Data Using a Smart Card

; arbitrary data using `COMPUTE DIGITAL SIGNATURE` with direct APDU > communication to the Smart Card. I'm not particularly familiar with the Assuan protocol so can't say about the other questions, but in general with generic token cards (such as OpenPGP cards) you'll sign precomputed hashes i

Seeking Assistance with GnuPG for Signing Arbitrary Data Using a Smart Card

Hello, I am using a Yubikey 5C NFC with OpenPGP Version 3.4 Applet and an `ed25519` curve signing key. I'm attempting to create `EdDSA` Algorithm JWTs using GnuPG tooling, but I've encountered some difficulties. I've used `gpg-connect-agent` to interact with my Smart Card through a low-level API

Re: HID Omnikey 3121 Smart Card Reader and GPG

On Thu, 8 Jul 2021 16:48, NIIBE Yutaka said: So, I think that Omnikey CardMan 3121 can work in the use case with OpenPGP card if it's key is RSA 1024. Exactly, I used to use Omnikey readers too but I had to gave up due to this problem. On Windows Omnikey's driver uses proprietary escape

Re: HID Omnikey 3121 Smart Card Reader and GPG

On Thu, 8 Jul 2021 16:48, NIIBE Yutaka said: > So, I think that Omnikey CardMan 3121 can work in the use case with > OpenPGP card if it's key is RSA 1024. Exactly, I used to use Omnikey readers too but I had to gave up due to this problem. On Windows Omnikey's driver uses proprietary escape

Re: HID Omnikey 3121 Smart Card Reader and GPG

Hello, Brandon Anderson wrote: > So I have purchased an Omnikey 3121 smart card reader for use with my > GPG smart card version 2.1. Reading the descriptors: https://ccid.apdu.fr/ccid/readers/CardMan3121.txt It says: 02 Short APDU level exchange This means that the reader

HID Omnikey 3121 Smart Card Reader and GPG

So I have purchased an Omnikey 3121 smart card reader for use with my GPG smart card version 2.1. Whenever I put my card in and request `gpg --card-status`, the reader flashes its light for about a minute, and then finally, gpg returns with: ``` ➜  ~ gpg --card-status gpg: selecting card

Re: “Hardware problem” with OpenPGP smart card

On Mon, 7 Dec 2020 23:37, Nicolas Boullis said: > Hence, I think my card is really dead. yeah :-( > I see that the card includes a signature counter (which reads 89), hence > I understand the card has to write the EEPROM (to update the counter) Yes, this one reason to write to the EEPROM.

Re: “Hardware problem” with OpenPGP smart card

Hi, On Mon, Dec 07, 2020 at 12:08:23PM +0100, Werner Koch via Gnupg-users wrote: > > The show error code is indeed either a hardware error (EEPROM failure) > or due to a card reader which filters certyain commands send to the card > and return a bogus error code. However, I doubt that the

Re: “Hardware problem” with OpenPGP smart card

On Sun, 6 Dec 2020 13:43, John Scott said: >> PIN retry counter : 2 0 3 > It looks like you're trying to decrypt a file and your encryption PIN counter > is zero. I wonder why it was giving you the strange error message. No, it is not at zero. Since OpenPGP card specification version 2 we

Re: “Hardware problem” with OpenPGP smart card

On Saturday, December 5, 2020 9:20:33 AM EST Nicolas Boullis wrote: > PIN retry counter : 2 0 3 It looks like you're trying to decrypt a file and your encryption PIN counter is zero. I wonder why it was giving you the strange error message. Does signing work? signature.asc Description: This is

Re: “Hardware problem” with OpenPGP smart card

On Sun, 6 Dec 2020 16:34:40 +0100, Nicolas Boullis wrote: > Hi, > > On Sun, Dec 06, 2020 at 12:37:19PM +0100, Werner Koch wrote: >> >> To make sure that this is really the card (or reader), I'd like to ask >> you to put >> >> --8<---cut here---start->8--- >>

Re: “Hardware problem” with OpenPGP smart card

Hi, On Sun, Dec 06, 2020 at 12:37:19PM +0100, Werner Koch wrote: > > To make sure that this is really the card (or reader), I'd like to ask > you to put > > --8<---cut here---start->8--- > log-file /some/path/scd.log > verbose > debug cardio >

Re: “Hardware problem” with OpenPGP smart card

On Sat, 5 Dec 2020 15:20, Nicolas Boullis said: > gpg: public key decryption failed: Hardware problem > gpg: decryption failed: No secret key To make sure that this is really the card (or reader), I'd like to ask you to put --8<---cut here---start->8---

“Hardware problem” with OpenPGP smart card

Hi, I’ve been using GnuPG with my private keys stored in an OpenPGP smartcard since year 2014. Suddenly, it stopped working yesterday. The smartcard is an ID000-cut version 2 OpenPGP smartcard, that I put in a Gemalto Shell Token v2 card reader. Whenever I try to decrypt a file with gnupg, it

Re: Conflict Due to Multiple Instances of Smart Card Daemon

Well, on second thought, I think what I will try to do today is restructure everything so I can use a single GNUPGHOME. If that works out then we'd probably be in a better position to take advantage of the new design you're working on. By the way, could you describe that in more detail? What

Re: Conflict Due to Multiple Instances of Smart Card Daemon

Thanks for that. Given that I need to do multiple operations on the card with different GNUPGHOME values during one session, is there a way to cause an earlier instance of scdaemon to either exit or to release the card, so that a new instance can have exclusive access? It seems like this would

Re: Conflict Due to Multiple Instances of Smart Card Daemon

On Wed, 22 May 2019 00:21, gnupg-users@gnupg.org said: > work without requring removal/re-insertion of the card, but presumably > such a change has security implications or the original developers > would not have used PCSC_SHARE_EXCLUSIVE. So... I don't know if such a > change is advisable. Any

Re: Conflict Due to Multiple Instances of Smart Card Daemon

Regarding this, more significant than the Key parameter to gpgme_op_interact() in the two example that I gave being different may be the fact that the home directory set for the underlying gpgme_ctx_t (via the home_dir argument to gpgme_ctx_set_engine_info()) is different. In the case of the

Conflict Due to Multiple Instances of Smart Card Daemon

Hello, I'm building an application that configures smart cards (currently Yubikeys) as OpenPGP cards using GPGME and the gpgme_op_interact() API. In order to provide the functions needed at the user level, I need to engage in several different interactions, most notably some that emulate

Re: New smart card / token alternative

On 09/11/17 00:39, listo factor via Gnupg-users wrote: > Real-life threat-models are much more varied than what Alice, Bob > and Eve would have us believe. Hey, note that I'm not advocating against this proposed new alternative; it sounds like you think I do. I explicitly said I'm not commenting

Re: New smart card / token alternative

On 11/08/2017 03:45 PM, Peter Lebbing wrote: On 08/11/17 16:27, ved...@nym.hush.com wrote: or, more practically, just post anonymously to a blog or website, using --throw-keyid, with a pre-arranged understanding that the sender and receiver post to and check certain websites I did not phrase

Re: New smart card / token alternative

On 08/11/17 16:27, ved...@nym.hush.com wrote: > or, more practically, just post anonymously to a blog or website, > using --throw-keyid, with a pre-arranged understanding that the > sender and receiver post to and check certain websites I did not phrase it properly, leading to a misunderstanding.

Re: New smart card / token alternative

On 11/7/2017 at 12:10 PM, "Peter Lebbing" wrote: >How exactly can the identity ever be unknown when we're talking >about stuff encrypted to an OpenPGP public key or signed by one? That's a >completely unique identifier! = Well, if someone were really *crazy

Re: New smart card / token alternative

If you are using something like Tails you would probably just install the GPG agent. Tails allows installing additional software -  https://tails.boum.org/doc/advanced_topics/additional_software/index.en.html. U2F is available in the new version of Firefox being released later this year so if

Re: New smart card / token alternative

On 11/06/2017 10:26 PM, ved...@nym.hush.com wrote: On 11/6/2017 at 4:55 PM, "Tim Steiner" wrote: With this solution you can keep the key offline, carry it with you and it > works even on a computer where you can't install software... > We are interested to hear feedback on

Re: New smart card / token alternative

Am 06.11.2017 um 23:26 schrieb ved...@nym.hush.com: > > > On 11/6/2017 at 4:55 PM, "Tim Steiner" wrote: > > \We have been working on a project to build a direct interface for > PGP/GPG usage using U2F for web apps and browser extensions. This is > similar to existing smart cards

Re: New smart card / token alternative

Hello, "Tim Steiner" wrote: We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required. We set out to solve this problem

Re: New smart card / token alternative

On 11/6/2017 at 4:55 PM, "Tim Steiner" wrote: \We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required. We set out to

New smart card / token alternative

We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required. We set out to solve this problem -"Man, I really wish I could read this PGP

Re: gpg-agent UI when waiting for smart card touch?

David Mandelberg wrote: > I'm using gpg-agent with Yubikeys configured to require a physical touch > before performing operations. Is there any way to get gpg-agent to > display something on screen when it's waiting for me to touch the > Yubikey? (Otherwise, I sometimes

gpg-agent UI when waiting for smart card touch?

Hi, I'm using gpg-agent with Yubikeys configured to require a physical touch before performing operations. Is there any way to get gpg-agent to display something on screen when it's waiting for me to touch the Yubikey? (Otherwise, I sometimes don't realize it's waiting for anything, and the

Re: Do not cache smart card PIN

Hello Justin, this is not possible right now. I did a similar feature request here https://dev.gnupg.org/T3362 Maybe you have something to add. Kind regards Alex On 08/28/2017 03:12 AM, Justin Chiu wrote: > Hi, > > Is it possible to instruct a smart card to not cache its PIN or hav

Do not cache smart card PIN

Hi, Is it possible to instruct a smart card to not cache its PIN or have GnuPG forcibly clear the PIN cache? My understanding is that the PIN is cached internally [1] unless if you enable "forcesig" (which only applies to signing operations). If this caching by the smart card cannot

Re: Extending Expiration dates of gnupg keys with the private key residing on a smart card

On 01/05/17 16:52, MFPA wrote: > Isn't the primary "key 0"? I was under the impression "key 0" deselected all subkeys and the man page agrees with me :-). From the man page: > key n Toggle selection of subkey with index n or key ID n. Use >* to select all and 0 to deselect all. The

Fedora: Smart Card Reader access as root, but not a normal user ...

I have a smart card reader attached to a fedora 25 box. 'gpg2 --card status' works fine for root, but NOT for a normal user. Writing a udev rule is the first thing that comes to mind, but there's no group 'plugdev' too add to and 'tag+="uaccess"' doesn't seem to work either. What do I

Re: Extending Expiration dates of gnupg keys with the private key residing on a smart card

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 30 April 2017 at 7:34:40 PM, in , Peter Lebbing wrote:- > I think keys 1, 2 and 3 are all subkeys; NOT your > primary. Isn't the primary "key 0"? - -- Best regards MFPA

Re: Extending Expiration dates of gnupg keys with the private key residing on a smart card

I saw one detail after I pressed Send. This appears to be a persistent flaw in my e-mail writing. On 10/04/17 10:46, Johannes Graumann wrote: > 3) Edit expiry of subkeys (pubkey): > gpg --expert --edit-key > - toggle keys 1, 2, 3 (sign, encrypt, authentication) > - expire: 1y > - save I think

Re: Extending Expiration dates of gnupg keys with the private key residing on a smart card

Hi, On 10/04/17 10:46, Johannes Graumann wrote: > 2) Import offline master key (backup): > gpg --import .master.key - Which version of GnuPG is this? GnuPG 1.4 will not ever update the secret part of a key, so you'll have to delete the existing copy first. Be very careful! You're deleting a copy

Re: Smart card

afe from > Tier-1 actors!" It doesn't work that way. For the most part, my opponent is forgetful me who formats his drive before backing up his .emacs and .gnupg directories. Having the keys on a smart card is way less annoying than trying

Re: Smart card

hey would try > very hard to get by employing other efforts. I'm not saying having a > smart card reader and a pin pad here is going to be the magic amulet > to protect your interests. > > <> > > Best Regards, > Duane > > > __

Re: Smart card

rtant enough to kill or injure you for but that they would try > very hard to get by employing other efforts. I'm not saying having a > smart card reader and a pin pad here is going to be the magic amulet > to protect your interests. It's not that it's impossible to do. But in most

Re: Smart card

eyes of tier 1 actors who might not think that what you have is important enough to kill or injure you for but that they would try very hard to get by employing other efforts. I'm not saying having a smart card reader and a pin pad here is going to be the magic amulet to protect your in

Re: Smart card

On Sun, Apr 09, 2017 at 23:25:06 -0400, Robert J. Hansen wrote: >> My point is that if you base your entire threat model and practices on >> the fact that some attacker somewhere is going to succeed in a targeted >> attack against you, then you may as well give up on security period. > > If your

Extending Expiration dates of gnupg keys with the private key residing on a smart card

Hello, This is a retake of a stackexchange.com question, wheree so far noone chimed in ... http://stackoverflow.com/q/43296285/2103880 I had setup a working smart card setup, where the local key ring solely contained public subkeys and secret keys resided on a smart card. Conservatively I set

Re: Smart card

> I think this is being confounded by adjoining two conversations---that > smartcards provide additional security given a compromised system, and > the satirical quote your provided. I was referring in this case to the > latter. If you send or receive sensitive communications from a compromised

Re: Smart card

On Sun, Apr 09, 2017 at 11:30:47 -0700, Doug Barton wrote: > You and Rainer have gone on at great length about the part of the threat > model equation dealing with the attacker. However, you don't seem to take > into account the other part of the equation, what you are protecting. Sure: the

Re: Smart card

ern if you're compromised---that nothing else matters, and the distinction between a compromise as you described with or without access to the key(s) is irrelevant. This doesn't have to start with a compromise from Day 1. If you are using a compromised system for generating your GPG key, sure, a

Re: Smart card

OMG, this thread has gotten completely out of hand. I will reply to my own message in an attempt not to add too much to the hate and discontent already present. This is exactly why I normally only lurk, rarely comment, and only ask a question when I absolutely have to. I'm sorry that I bothered. I

Re: Smart card

> I have to admit the replies to this thread have been very informative in > ways that simple answers just never would be. Here I was trying to get > "it" "right" the first (thirty first) time, when it's clear that there's > no it or right. I am heartened by the dialog and as a result of my >

Re: Smart card

On 4/9/17 3:16 PM, Robert J. Hansen wrote: >> I know of PGP-based WoT used in security-aware networks of sysadmins, >> CERTs etc. I would have guessed that a significant part of the >> audience of this list are professional/experienced/involved admins or >> developers. But let me know why the

Re: Smart card

> But this is a dangerous > article, and hard to distinguish between satire and actual security > advice. And there's both. I thoroughly disagree. This is not an article filled with actual security advice. It was published in USENIX's humor column, after all. It is straight-up satire of

Re: Smart card

> I know of PGP-based WoT used in security-aware networks of sysadmins, > CERTs etc. I would have guessed that a significant part of the > audience of this list are professional/experienced/involved admins or > developers. But let me know why the majority of users are not. I've been in the PGP

Re: Smart card

le > copy of it). The kernelconcept cards at least can also be used with a key "backup". If you store that backup safely, you can still use your key when you put your smart card into washing mashine AND dryer (or it breaks for whatever reason) but you don't risk it being stolen with your

Re: Smart card

On 2017-04-04 10:27, Teemu Likonen wrote: Will Senn [2017-04-04 00:19:11-05] wrote: On 4/3/17 11:48 PM, Doug Barton wrote: What's your threat model? [...] I do not really know what I need vs what I think I need. In my uneducated state, I think I want to be as secure as possible [...]

Re: Smart card

> Am 09.04.2017 um 20:30 schrieb Doug Barton : > > On 04/09/2017 11:01 AM, Mike Gerwitz wrote: >> If I know a threat exists, I'm going to evaluate my threat model and >> decide whether or not it is worth my time to mitigate it; whether I can >> hope to mitigate it; and

Re: Smart card

On 04/09/2017 11:01 AM, Mike Gerwitz wrote: If I know a threat exists, I'm going to evaluate my threat model and decide whether or not it is worth my time to mitigate it; whether I can hope to mitigate it; and whether attempting to do so is going to put me at even more risk for some other

Re: Smart card

On Sun, Apr 09, 2017 at 07:51:09 -0400, Robert J. Hansen wrote: > In the real world, threat models are much simpler. Basically, you're > either dealing with Mossad or not-Mossad. If your adversary is > not-Mossad, then you’ll probably be fine if you pick a good password > and don’t respond to

Re: Smart card

> Sorry, not any more. Look at the online-banking fraud business. > Automated credential stealing tools from simple keyloggers to > sophisticated maleware such as from the Zeus family are available on > a pay-and-play basis. I've seen some truly scary malware, and I'm not seeing the level of

Re: Smart card

> Am 09.04.2017 um 17:26 schrieb Robert J. Hansen : > >> Good point, and I agree to that for a very basic assessment. However, >> the assumption that only politicians and government employees holding >> a security clearance are targeted by Mossad & co is a thing of the >>

Re: Smart card

> Good point, and I agree to that for a very basic assessment. However, > the assumption that only politicians and government employees holding > a security clearance are targeted by Mossad & co is a thing of the > past. It never was true -- for decades the French DGSE surveilled on Airbus's

Re: Smart card

> Am 09.04.2017 um 13:51 schrieb Robert J. Hansen : > >> A long and random passphrase is a good measure against dictionary and >> brute force attacks. It does not defend against malware sniffing the >> keyboard or scraping memory pages. > > Jim Mickens' essay, "This World

Re: Smart card

> A long and random passphrase is a good measure against dictionary and > brute force attacks. It does not defend against malware sniffing the > keyboard or scraping memory pages. Jim Mickens' essay, "This World Of Ours", ought be required reading for anyone talking seriously about scraping

Re: Smart card

> Am 09.04.2017 um 04:20 schrieb Robert J. Hansen : > >> BUT, leaving your private key on your laptop, tablet, or phone is >> about as secure as leaving a spare key to your house under the door >> mat. > > This is not true, not for any sensible definition of 'secure‘.

Re: Smart card

> BUT, leaving your private key on your laptop, tablet, or phone is > about as secure as leaving a spare key to your house under the door > mat. This is not true, not for any sensible definition of 'secure'. My passphrase is literally 16 random bytes read from /dev/random, base64 encoded, to

Re: Smart card

On 8 Apr 2017 at 10:30, Roy A. Gilmore wrote: > I've been watching this thread for a while, and felt the need to chime > in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving > your private key on your laptop, tablet, or phone is about as secure > as leaving a spare key to your house

Re: Smart card

I've been watching this thread for a while, and felt the need to chime in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving your private key on your laptop, tablet, or phone is about as secure as leaving a spare key to your house under the door mat. I cringe every time soft tokens

Re: Smart card

On Sat, Apr 08, 2017 at 04:29:58 -0400, Robert J. Hansen wrote: > (I can tell you from personal experience most smartcards handle being > washed just fine, but the static charges they're exposed to in the dryer > will often fry them.) Not that I'd recommend anyone else test this, but my Nitrokey

Re: Smart card

On Sat, Apr 08, 2017 at 10:16:36 +0200, Wouter Verhelst wrote: > Smartcards are a pain in the ass. They ensure that the private half of > your key is never on any hard disk or other general storage device but > instead sits in your wallet, so whenever you need to access it, you need > to grab your

Fwd: Re: Smart card

Original Message Subject: Re: Smart card Date: 2017-04-08 10:41 From: Doug Barton <do...@dougbarton.us> To: gnupg-users@gnupg.org On 2017-04-04 10:27, Teemu Likonen wrote: Will Senn [2017-04-04 00:19:11-05] wrote: On 4/3/17 11:48 PM, Doug Barton wrote: What's your

Re: Smart card

Wouter Verhelst [2017-04-08 10:16:36+02] wrote: > Smartcards are a pain in the ass. [...] If your laptop doesn't have a > builtin cardreader, you also need to fish the reader from your > backpack or wherever, etc. But Nitrokey, Yubikey and maybe some other smart "keys" are actually handy. Using

Re: Smart card

> Smartcards are a pain in the ass. A funny but completely accurate way to put it: When your private key is on your laptop, you never put it through the wash by accident. (I can tell you from personal experience most smartcards handle being washed just fine, but the static charges they're

Re: Smart card

ngs like https://twitter.com/wouter_verhelst/status/844686341711581185 My most recent key uses a smart card from kernelconcepts (who are very much still alive -- at $WORK we recently bought two of their cards as well), but I don't recommend it to everyone, and I certainly wouldn't recommend it if you

Re: Smart card

Will Senn [2017-04-04 00:19:11-05] wrote: > On 4/3/17 11:48 PM, Doug Barton wrote: >> What's your threat model? > > [...] I do not really know what I need vs what I think I need. In my > uneducated state, I think I want to be as secure as possible [...] Considering possible threats is useful or

Re: Smart card

On 04/04/17 13:47, Will Senn wrote: > So I emailed them and waited a week with no response. I then went > looking for alternatives and found many sites that referred to that site > as their distributor. I bought mine from cryptoshop.com and was satisfied with the experience. A signature.asc

Re: Smart card

On 4/4/17 5:22 AM, Mauricio Tavares wrote: > On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen > wrote: >>> What do you mean by "will be better served by avoiding them"? What's the >>> reservation? >> Imagine we're in a restaurant and you ask me, "Should I order the >>

Re: Smart card

state, I think I want to be as secure as possible Again, completely non-snarky: this is the most common newbie mistake there is. The name of the game is not risk minimization -- it's risk *management*. > What I've read seems to hint that a smart card is a good way to > limit some of

Re: Smart card

Hi Jan, On 4/4/17 1:46 AM, Jan Koppe wrote: > Hello Will, > > somewhat off-topic, but.. > > On 04.04.2017 01:18, Will Senn wrote: > >> If this has been addressed recently, my apologies, I couldn't find a >> search interface for gnupg-users... > You can use a google query like this: >

Re: Smart card

t's the same one banks use for credit cards so even if it's not fashionable, it will still be supported by software for the foreseeable future. But smart cards (the form factor) really only make practical sense if your equipment has a built-in smart card reader - and that is highly dependent on in

Re: Smart card

On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen wrote: >> What do you mean by "will be better served by avoiding them"? What's the >> reservation? > > Imagine we're in a restaurant and you ask me, "Should I order the > pizza?" Well, beats heck out of me. I don't know you

Re: Smart card

On 4/4/17 6:46 AM, Jan Koppe wrote: > Hello Will, > > somewhat off-topic, but.. > > On 04.04.2017 01:18, Will Senn wrote: > >> If this has been addressed recently, my apologies, I couldn't find a >> search interface for gnupg-users... > You can use a google query like this: >

Re: Smart card

Hello Will, somewhat off-topic, but.. On 04.04.2017 01:18, Will Senn wrote: > If this has been addressed recently, my apologies, I couldn't find a > search interface for gnupg-users... You can use a google query like this: "site:https://lists.gnupg.org/pipermail/gnupg-users/ " This restricts

Re: Smart card

hers, that is helpful. What I've read seems to hint that a smart card is a good way to limit some of the potential exposure of having keys laying around. I thought I answered the threat model question, but if I haven't I'm sorry. See if this is a threat model: I'm a tech savvy citizen who wants

Re: Smart card

On 04/03/2017 08:33 PM, Will Senn wrote: I didn't ask if I should get one. I asked if there were resources to help a newb make decisions regarding them. While I sense a certain disdain in your response, I'll make some clarifying comments in the hope that its worth the effort... Robert's answer

Re: Smart card

On 4/3/17 9:27 PM, Robert J. Hansen wrote: >> What do you mean by "will be better served by avoiding them"? What's the >> reservation? > Imagine we're in a restaurant and you ask me, "Should I order the > pizza?" Well, beats heck out of me. I don't know you from Adam, I > don't know your

Re: Smart card

If you ask me... people don't want to learn anything, they are happy being ignorant and clueless about security. Sent from my android device. -Original Message- From: "Robert J. Hansen" <r...@sixdemonbag.org> To: gnupg-users@gnupg.org Sent: Mon, 03 Apr 2017 20:39 Su

Re: Smart card

> What do you mean by "will be better served by avoiding them"? What's the > reservation? Imagine we're in a restaurant and you ask me, "Should I order the pizza?" Well, beats heck out of me. I don't know you from Adam, I don't know your personal tastes, I don't even know if you're hungry. So

Re: Smart card

On 4/3/17 8:37 PM, Robert J. Hansen wrote: >> Are smartcards out of vogue? If not, can you suggest resources that will >> help a newb make decisions regarding them? > Smartcards are not out of vogue for people who need them. Those who > don't will be better served by avoiding them. Do you have a

Re: Smart card

> Are smartcards out of vogue? If not, can you suggest resources that will > help a newb make decisions regarding them? Smartcards are not out of vogue for people who need them. Those who don't will be better served by avoiding them. Do you have a need for one? If so, the kernelconcepts card

Smart card

In my PGP research, I have been looking for a smart card that supports openpgp. I found the OpenPGP Card Version 2.1 over at kernelconcepts, but I'm wondering if they are still operational. I also saw something called a Yubi Key on Amazon. I found this howto that is pretty dated: https

Re: Non-deterministic behavior using GnuPG and a smart-card

Hello, On 09.02.2017 07:02, NIIBE Yutaka wrote: > Hello, > > [...] > This should be fixed. > I opened an issue for this topic: https://bugs.gnupg.org/gnupg/issue2953 Cheers, Basil signature.asc Description: OpenPGP digital signature ___

Re: Non-deterministic behavior using GnuPG and a smart-card

issue? >As a short term solution, you could revoke the encryption subkey and >create a new one with a common keylength; Yes, this is an option. > >If I understand correctly, you already use a regular >on-disk key on your smartphone, so this might not be a problem to you. > A

Re: Non-deterministic behavior using GnuPG and a smart-card

Hello, BTW, welcome to the list, Basil! I think it's interesting you encrypt each and every mail you receive. That exercises all components a lot, it might lead to some useful insights on how things might be improved. In fact, we just encountered such an insight I think! On 09/02/17 07:02, NIIBE

Re: Non-deterministic behavior using GnuPG and a smart-card

Hello, "Dr. Basil Becker" writes: > Authentication and signatures work like a charme. I'm only having > problems concerning the decryption of mails I received. [...] > Some messages, however, fail to decrypt: > bb@melmac:~$ gpg2 -vv --output /dev/null -d

Re: Non-deterministic behavior using GnuPG and a smart-card

tself rather than only linking to a website. > > > I'm having a setup consisting of a main key, and three sub-keys for > encryption, authorization and signature. The three sub-keys are stored > on a Yubikey 4 smart-card. > > Authentication and signatures work like a charme. I'm onl

Re: Non-deterministic behavior using GnuPG and a smart-card

> https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490 > > > > > > I think it is appreciated if you actually describe the problem on > the > > > mailing list itself rather than only linking to a website. > > > > >

Re: Non-deterministic behavior using GnuPG and a smart-card

the > problem on the > > > mailing list itself rather than only linking to a website. > > > > > I'm having a setup consisting of a main key, and three > sub-keys for > > encryption, authorization and signature. The three sub-keys >

Re: Non-deterministic behavior using GnuPG and a smart-card

90 > > > > I think it is appreciated if you actually describe the problem on the > > mailing list itself rather than only linking to a website. > > > I'm having a setup consisting of a main key, and three sub-keys for > encryption, autho

Re: Non-deterministic behavior using GnuPG and a smart-card

it is appreciated if you actually describe the problem on the > mailing list itself rather than only linking to a website. > I'm having a setup consisting of a main key, and three sub-keys for encryption, authorization and signature. The three sub-keys are stored on a Yubikey 4 smart-card.

Re: Non-deterministic behavior using GnuPG and a smart-card

Hello, > I wrote about the problem in more detail at launchpad.net > https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490 I think it is appreciated if you actually describe the problem on the mailing list itself rather than only linking to a website. And you're also losing those

Non-deterministic behavior using GnuPG and a smart-card

Hi everyone, since a few days I'm observing a rather non-deterministic behavior, where GnuPG sometimes fails to find my private key, that is located at a smart-card and sometimes everything works. I wrote about the problem in more detail at launchpad.net https://answers.launchpad.net/ubuntu

  1   2   3   4   >