Hi Hauke ,
Kindly help me out by providing --multifile --decrypt batch file command ,
Currently we are using batch command as below to decrypt single files.
gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt
--output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml
Hi Hauke ,
Application is run by the same user and secret key is protected by a
passphrase.
We are trying to decrypt the same file from both Command prompt and
Datastage Application.
Actually we are using the batch file to decrypt the file and we calling
the batch file through Datastage
Hi Hauke ,
Kindly help me out by providing --multifile --decrypt batch file command ,
Currently we are using batch command as below to decrypt single files.
gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt
--output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml
Hi,
I'm trying to figure out what the influence is of the different
signature types (0x10-0x13). As far as I can tell, they only _indicate_
the signers trust in his own sig, but isn't used in any way by GPG. Is
this correct?
I was hoping it would be used in the trust model, but apparently only
I'm trying to figure out what the influence is of the different
signature types (0x10-0x13).
From the gpg2 man page:
--min-cert-level
When building the trust database, treat any signatures with a
certification level
below this as invalid. Defaults to 2, which
*Even if your dongle works exactly as intended*, I can -- by simulating a
hardware failure -- drive you into a fallback where you use a compromised
machine.
It's a good attack. Thank you for sharing it. But to say it makes the device
bogus is a way too easy dismissal.
So if an attacker
On Feb 7, 2013, at 5:12 AM, Niels Laukens ni...@dest-unreach.be wrote:
Hi,
I'm trying to figure out what the influence is of the different
signature types (0x10-0x13). As far as I can tell, they only _indicate_
the signers trust in his own sig, but isn't used in any way by GPG. Is
this
On Thursday 07 of February 2013 14:14:44 Peter Lebbing wrote:
*Even if your dongle works exactly as intended*, I can -- by simulating a
hardware failure -- drive you into a fallback where you use a compromised
machine.
It's a good attack. Thank you for sharing it. But to say it makes the
On 02/07/2013 08:14 AM, Peter Lebbing wrote:
So if an attacker compromises the system and makes the user unable to
use the device on that system, they will react by stopping using the
device, but not by stopping using the PC? But at the same time you
said earlier...
Yes, I did. A good
On 02/07/2013 09:26 AM, Hubert Kario wrote:
Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm
a bit more knowledgable about crypto and security that regular users of GPG.
Yes -- I'm a fair bit more knowledgeable about these things than most,
and as my story of the smartcard
On 2013-02-07 17:25, David Shaw wrote:
Nope, this could be done. There are a few reasons it hasn't,
including that it would make the trust model incompatible (in the
sense that a path that exists using GnuPG might not exist in PGP and
vice versa) with other implementations.
There is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2013-02-07 17:54, Daniel Kahn Gillmor wrote:
I think anyone interested in improving the trust model should
probably try to think through how to make an improved user
interface for people who are trying to inspect the trust model.
I use
On 07/02/13 15:26, Hubert Kario wrote:
The usual response in this kind of situation is let me do my damn work
already not hmm, interesting, let's diagnose the issue, other projects be
damned. Honestly, I'd probably fall victim to such an attack
Every decision is a weighing of how important
This is silly. Yes, you can do social engineering. That's always possible. And
yes, the attacker will win against me if he wants badly enough. I know that as
well. These are all just generalities.
You seem to be implying that unless something is perfect, something is bogus,
and people should not
On 06/02/13 11:37, Hauke Laging wrote:
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) [...]
Seems to me to be enough to do what OP requested: signing e-mails he/she
wrote.
Yes.
It indeed seems easy to me that this won't
Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:
Can you explain (broadly) how one would compromise the signature/the
device
that you sign with?
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) you have the problem that
On 02/05/2013 01:04 PM, Peter Lebbing wrote:
While I agree with the broad sentiment, I'm not so sure a certain
amount of damage control is impossible with what he/she proposes. If
you have a device with small attack surface[1] that shows you the
plaintext you're about to sign before signing
On 06/02/13 11:37, Hauke Laging wrote:
The
device proposed by OP/by me seeks security in being restricted and simple.
And
also takes a whole lot less of effort to use ;).
Yes.
But let's stick to the e-mail signing in this thread, or the discussion
will get
very unfocused and hard to
On 05/02/13 04:15, Robert J. Hansen wrote:
No. There are none, nor will there be. You absolutely must retain
control of the processing hardware GnuPG runs upon. If you don't have
that control, there is literally no device -- hardware or software --
that can help you.
While I agree with
On 06/02/13 02:49, Robert J. Hansen wrote:
It makes no sense to me to believe that it's somehow possible to have a
dongle that you can plug into a compromised PC to make it safe (or
safer) to sign with.
Can you explain (broadly) how one would compromise the signature/the
device that
you
On Thu, Feb 07, 2013 at 10:03:30AM -, refresh...@tormail.org wrote:
I have no reason to believe my system is compromised. Taking security very
serious. Otherwise I wouldn't bother posting here. :)
That sounds like a oxymoron. How can I be REALLY sure my system isn't
compromised? Mail
On 02/07/2013 02:31 PM, Peter Lebbing wrote:
You seem to be implying that unless something is perfect, something is bogus,
and people should not bother.
No. I am arguing that if you do not/cannot trust the machine you're
running GnuPG on, *there is no dongle you can add to your system to
On Fri, Feb 8, 2013 at 1:17 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
Sure. That's theoretically possible. I don't believe it to be true,
though. My machine is trusted not because I'm certain that it's immune
to being pwn3d, but because I acknowledge that it can break my local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 06-02-2013 19:51, Robert J. Hansen escribió:
On 2/6/13 4:28 AM, Peter Lebbing wrote:
Can you explain (broadly) how one would compromise the
signature/the device that you sign with?
Happily!
I have an OpenPGP smartcard and an SCM card
On 02/07/2013 06:42 PM, Faramir wrote:
Ah, but there are situations in which that would not work...
Sure. There are always situations where a particular attack won't work.
For instance, if there's an ironclad no-exceptions policy that you may
never, ever, fall back to using GnuPG on the PC,
GnuPG was mentioned (somewhat inaccurately, but still mentioned) in the
_Daily Mail_. It's not exactly 'respectable journalism', but it's still
very high-visibility.
http://www.dailymail.co.uk/sciencetech/article-2274388/MI5-install-black-box-spy-devices-monitor-UK-internet-traffic.html
Linux only? Fascinating how my Linux box has all these Msoft issues than :D
User:Avraham
pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) avi.w...@gmail.com
Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9
On Thu, Feb 7, 2013 at 10:16 PM, Robert J.
27 matches
Mail list logo
