On 04/06/12 05:50, yyy wrote:
So, if one is incapable of remembering strong passwords (passphrses),
this forces them to use either useless passphrase (breakable in less
than 5 min using dictionary) or use no passphrase at all.
Or use a smart card.
BTW, with regard to remembering passphrases,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03.06.2012 19:19, Hauke Laging wrote:
Am So 03.06.2012, 07:46:41 schrieb L G:
During command line decryption, pinentry opens a popup window for
the passphrase. In the pinentry window, paste (Ctl+V) is not
supported. Deal breaker. I read
On Sun, 03 Jun 2012 16:07:38 -0400
Robert J. Hansen articulated:
On 6/3/2012 10:46 AM, L G wrote:
During command line decryption, pinentry opens a popup window for the
passphrase. In the pinentry window, paste (Ctl+V) is not supported.
Deal breaker.
Storing your passphrase in the clipboard is
On 31/05/12 5:32 PM, Werner Koch wrote:
On Wed, 30 May 2012 21:42, expires2...@rocketmail.com said:
And shared the fact privately with Symantec?
I heard that it is just a bug introduced by the marketing suits.
The PGP library never dropped support for DSA2.
Was there any explanation of
Hi.
When I use the command: gpg --armor --output document name
--export-secret-keys KeyID
shouldn't I be asked for the secret key's password before Export is allowed to
complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never
asked for a password. This doesn't seem secure
Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
When I use the command: gpg --armor --output document name
--export-secret-keys KeyID
shouldn't I be asked for the secret key's password before Export is allowed
to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
never
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04.06.2012 17:27, Sam Smith wrote:
Hi.
When I use the command: gpg --armor --output document name
--export-secret-keys KeyID
shouldn't I be asked for the secret key's password before Export is
allowed to complete? I've tried this
On Jun 4, 2012, at 10:27 AM, Sam Smith wrote:
Hi.
When I use the command: gpg --armor --output document name
--export-secret-keys KeyID
shouldn't I be asked for the secret key's password before Export is allowed
to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
No, the exported file is NOT protected by the passphrase.
If I export the key. And then delete my secret key from my keyring. And now
Import what I exported, I am not asked for a password before the import is
allowed to complete. That is, Anyone who gains access to my machine can export
Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith:
Please take care that you reply to the list.
No, the exported file is NOT protected by the passphrase.
If I export the key. And then delete my secret key from my keyring. And now
Import what I exported, I am not asked for a password before the
On 6/4/12 11:57 AM, Sam Smith wrote:
No, the exported file is NOT protected by the passphrase.
Yes, it is.
Try using the newly-imported secret key. :)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On Sun, 3 Jun 2012 20:17, ventur...@gmail.com said:
By disabling the insternal driver I was able to able to generate keys
up to 3072 bits on my v2 card using a SCM-335 card reader via
pcsclite.
That is a different problem than that with the Omnikey reader. In your
case the permissions of
On Mon, 4 Jun 2012 10:49, b...@adversary.org said:
Was there any explanation of why the marketing people dropped or
wanted to drop the functionality?
Maybe outdated technical specs which made it to the marketing dept. I
don't know - you need to ask Symantec.
Shalom-Salam,
Werner
--
ah-ha.
Thanks guys!!
I tried to make a detached signature file with the imported key and it asked
for password. I finally see what you guys have been telling me. Sorry I'm so
dense :0
Yes, someone can export my secret key from my computer and then they can import
my secret key into their
Okay. So being able to export without password is by design then. I don't have
anything misconfigured.
This makes it a trivial task to steal someone's secret key. All that's needed
is access to the machine for a few seconds when no one is looking.
I am not technically know-how enough to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 5/06/12 2:47 AM, Werner Koch wrote:
On Mon, 4 Jun 2012 10:49, b...@adversary.org said:
Was there any explanation of why the marketing people dropped or
wanted to drop the functionality?
Maybe outdated technical specs which made it to
On Mon, Jun 04, 2012 at 11:57:02AM -0400 Also sprach Sam Smith:
No, the exported file is NOT protected by the passphrase.
If I export the key. And then delete my secret key from my keyring.
And now Import what I exported, I am not asked for a password before
the import is allowed to
On 6/4/12 12:35 PM, Kevin Kammer wrote:
Section 2.6: For Solaris 11, gnupg is also available via the default
IPS publisher. The version Oracle provides is 2.0.17 vs 2.0.18 from
OpenCSW, but it is worth mentioning as it may satisfy parties who are
unwilling (or unable) to install via
On 6/4/12 2:37 PM, Johnicholas Hines wrote:
1. Are there any video games which are educational about public key
crypto? I mean the best practices around use of modern crypto, not
games focusing on break-classical-encryption puzzles.
There are some serious problems here, not the least of which
On Mon, 4 Jun 2012 18:35, lists.gn...@mephisto.fastmail.net said:
require extensive manual configuration for it to work properly (but if
you're using Mutt, you already know that). See
http://wiki.mutt.org/?MuttGuide/UseGPG for configuration details.
That is not true: Put
set
On Mon, 4 Jun 2012 19:11, b...@adversary.org said:
Fair enough. Most people I correspond with use GPG, I'll worry about
it if I ever have trouble with someone encrypting to my El-Gamal key.
Not for a compliant OpenPGP implemenations. From RFC-4880:
Implementations MUST implement DSA for
Robert J. Hansen 4fcc11f2.6050...@sixdemonbag.org June 4, 2012 4:22:54
PM wrote:
[snip]
Also, if there are any questions you feel are missing, throw them out
too. Thank you!
Section 4.7 How do I validate another person’s certificate? does not
deal with what one should do once she/he has
Hi,
Am 03.06.2012 17:45, schrieb Robin Kipp:
However, as I'd much rather use 2048-bit keys, I guess I'll just have
to sort things out with the retailer I got it from... Can you
recommend another brand that produces readers which are easier to
use? E.g. Gemalto or GD or anything in that
On 6/4/2012 4:39 PM, Charly Avital wrote:
I believe the etiquette is that the signed key block should be returned
to the certificate's owner, for her/him to do what he/she deems
convenient, e.g. upload it to a keyserver.
I haven't found widespread belief this is a community norm. There's a
Robert J. Hansen 4fcd629e.8010...@sixdemonbag.org June 4, 2012
10:38:58 PM wrote:
[...]
It's reasonable to present the controversy, and I'll make mention of it
in the next revision. That's as far as I'll go.
Fair enough, and thanks.
Of course, ultimately Werner is the one who gets
Hello,
Currenlty I am having problem with the decryption of the file my code is
like this
echo shell_exec(echo $passphrase | $gpg --passphrase-fd 0 -o
$unencrypted_file -d $encrypted_file);
when I checked using echo beforer executing it will shown as below
passphrase|gpg --output
26 matches
Mail list logo
