However, it seems that I currently can neither copy nor create keys larger
than 1024bit on the SmartCard.
Which exact OpenPGP-compatible card do you have? The v1.1 card only supports up
to 1024 bit. The v2.0 card is capable of larger keys.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in
On 04/06/12 05:50, yyy wrote:
So, if one is incapable of remembering strong passwords (passphrses),
this forces them to use either useless passphrase (breakable in less
than 5 min using dictionary) or use no passphrase at all.
Or use a smart card.
BTW, with regard to remembering passphrases,
On 06/06/12 17:58, Mika Suomalainen wrote:
D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Looks correct.
``` % gpg --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpg:
requesting key 4F25E3B6 from hkp server pool.sks-keyservers.net gpg: key
4F25E3B6: public key Werner Koch (dist
On 09/06/12 02:22, Robert J. Hansen wrote:
Some might shake their heads and say no, it's not: you only verified you were
speaking with *a* Werner Koch who had access to *the* Werner Koch's email
address, not that you were speaking to *the* Werner Koch.
So how /do/ you verify that you have the
On 09/06/12 15:44, Robert J. Hansen wrote:
I'm not weighing in on what the mechanism should be: I don't get to declare
what anyone else's policy should be.
I was under the impression you did. I interpreted your mail and particularly the
statement
but this either is or isn't a proper
On 09/06/12 17:17, Robert J. Hansen wrote:
My bootstrap is I trust my Linux distribution. My distro is a trusted
software provider, in the traditional security sense of a trusted
provider. If I receive software from an official Fedora repo and it is
signed by the repo release team, that's
On 09/06/12 20:05, michael crane wrote:
I'm using dreamhost. I appreciated that it seems quite handy to have all
that random characters stuff outside of the message body and I was
pointing out that it it is not universally accepted to have daemon thingys
like finger running so limiting the
On 09/06/12 20:47, Robert J. Hansen wrote:
On 06/09/2012 11:57 AM, Peter Lebbing wrote:
Suppose you would want to build from the vanilla source downloaded from
gnupg.org and signed by Werner Koch (dist sig), how would you verify
authenticity of that key?
I don't understand where
On 09/06/12 22:55, Robert J. Hansen wrote:
I apologize for not understanding sooner
There's no need for that :)
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
On 15/06/12 18:33, John Clizbe wrote:
You remember where that was? Sounds interesting, and I have plenty of
keyservers here at home to choose from.
Werner mentioned it[1] in his reply to this thread:
You should be able to use
--auto-key-locate nodefault,keyserver -r f...@example.org
On 15/06/12 18:39, Mika Suomalainen wrote:
Err, are gpg shell and gpg --edit-key two different things?
You can use GnuPG from a shell by issuing (f.e.) the command gpg --edit-key.
And then there is a GUI program which is called GPGShell. And apparently
another GUI program called GnuPGShell.
On 17/06/12 19:26, Hauke Laging wrote:
start cmd: time gpg --encrypt --sign 200k-file
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: Hauke Laging ha...@laging.de
2048-Bit RSA Schlüssel, ID 0x3A403251, erzeugt 2010-03-04 (Hauptschlüssel-ID
0xECCB5814)
On 18/06/12 10:49, Werner Koch wrote:
On Mon, 18 Jun 2012 05:31, r...@sixdemonbag.org said:
results can check for themselves. Warning: if you ever write Python
code like this in the real world your programming team will beat you to
death.
To me this awk script is more readable, although
On 18/06/12 20:39, Werner Koch wrote:
FWIW, Libgcrypt uses this RNG directly in addition to other sources.
Actually... I just checked git.gnupg.org, and I see these lines in Libgcrypt,
file random/rndhw.c:
# if defined (__i386__) SIZEOF_UNSIGNED_LONG == 4 defined (__GNUC__)
# define
On 16/06/12 12:55, Mika Suomalainen wrote:
Does the gpg --edit-key have a name?
I just call it using GnuPG from the command line...
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
On 21/06/12 15:00, Sam Smith wrote:
when running the command: gpg --list-packets keyname.asc
there is an outputted line that reads: SHA1 protection
First of all, it seems you understand it, but let me emphasize this: the
algorithms you get when using the inspection method vedaal showed you,
On 27/06/12 16:30, ved...@nym.hush.com wrote:
btw,
how do I change from 'digest-mode' to 'individual-list mode'?
Go to http://lists.gnupg.org/mailman/options/gnupg-users, enter your e-mail
address and password you subscribed with, and you get an interface where you can
change such settings.
On 27/06/12 17:14, Brad Rogers wrote:
Sadly, with mailman, unsubbing and resubbing is the only way for a
regular user to change their subscription format.
Having switched from digest to individual message mode myself about a year ago,
I can tell you you are mistaken. I did it succesfully in the
On 28/06/12 12:40, Mika Suomalainen wrote:
I think that it's not on those, which are PGP/MIME signed.
The PGP/MIME signed mail by Brad Rogers in this very thread does include the
headers:
[...]
Date: Wed, 27 Jun 2012 16:14:46 +0100
From: Brad Rogers b...@fineby.me.uk
To:
On 28/06/12 17:24, Mika Suomalainen wrote:
Were you able to verify that signature?
I don't believe my Enigmail is willing to check any PGP/MIME signatures for
me... must be something broken with the installation. I don't really pay
attention to signatures on this mailing list, and this is the
On 10/07/12 16:39, Laurent Jumet wrote:
Do you succeed in having a SHA256 hash with this statement? How can I
explain that I have RIPEMD160 instead?
Like Rob said,
Also note that you're using a 1k DSA key for signing, so is it really so
surprising you're using a 160-bit hash algorithm?
To
A different method I'd like to throw in for consideration is using a very strong
random password generated by KeePass as the password to unlock your OpenPGP
private key.
A password with a lot of randomness is comparable to a symmetric encryption
key when fed to GnuPG. GnuPG will still throw in
On 21/07/12 18:34, MFPA wrote:
Iff is a widely used and recognised shorthand which means if and only
if.
Widely used and recognised, but possibly only in certain professions.
Wikipedia, for example, lists it under mathematical jargon. Computer
scientists will know it as well. But it might not
On 07/08/12 15:18, Jay Litwyn wrote:
I submitted this revokation certificate to a couple of servers and
they said it was malformed,
and I had trouble guessing how to generate anything different. So, I
imported the revokation certificate, exported the whole key, and
submitted that. It worked.
On 08/08/12 10:20, Peter Lebbing wrote:
Now, I haven't ever revoked a key
It's not really critical information, but I meant using a revocation
certificate. I did revoke a key just by using revkey from the command
line --edit-key, and subsequently uploading the key to the keyservers.
Peter
On 13/08/12 15:19, Sam Smith wrote:
Does anybody know if Public Key Crypto has any plans to move to this
with an update to the standard?
Yes, that is planned, indeed with an update to the standard. Search this
mailing list for terms like elliptic and ECC, and you will find messages
about it.
On 16/08/12 10:29, gn...@lists.grepular.com wrote:
It can attempt to initiate decryption/signing, but it still requires the
user to enter their pin, so some sort of social engineering is also
required. It could wait for you to try to decrypt/sign something, and then
send some alternative data
On 21/08/12 13:21, Javier González del Tánago Liberal wrote:
Hi,
I've made various test and I've realized that the hash algorithm when signing
is
always SHA1, ignoring the preferred one. This doesn't happen when I
encrypt+sign.
Please see the documentation for
On 28/08/12 08:57, No such Client wrote:
# A good Daddy is discreet. :-)
(Etcetera...)
Please take your smut elsewhere. I'm sure you know people who will laugh; tell
it to them. Not here.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted
On 28/08/12 10:37, Werner Koch wrote:
gpg --edit-key YOURKEYID
addkey
# Now follow the prompts
Surely, Werner meant adduid which adds a new e-mail address, and not addkey
which adds a new subkey.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You
On 28/08/12 08:37, peter.segm...@wronghead.com wrote:
break: RNG, asymmetric and symmetric cipher, while the symmetric
has only one: symmetric cipher.
When using OpenPGP, add RNG back to the list: the passphrase is only used to
encrypt the randomly generated session key that encrypts the data.
On 28/08/12 15:37, No such Client wrote:
smut? You imply that I speak in a perverse or sexual manner? Hardly.
I didn't want to actually quote the insulting stuff, but let me quote
nonetheless:
your own bed, and the chance to make many new friends
(note that this is easily read, and probably
On 28/08/12 15:44, No such Client wrote:
Surely, on a public, crypto mailing-list, with all sorts of interesting
people, the idea of privacy would be understood no? real names or pseudonyms
should be quite irrelevant.. Is it not the content that counts?
Yes, it indeed is the content that
On 28/08/12 21:54, Richi Lists wrote:
Will this also write also to the smart-card or are the changes only in
the local keyring?
UIDs are not stored on the smartcard, so it does not matter.
I'm a bit hesitant because the full disk encryption on my netbook works
also with the same key, and I
On 29/08/12 11:49, antispa...@sent.at wrote:
I felt offended by my own email: What is stopping PKI from growing. So I come
with a question: some security apps like TrueCrypt and KeePass allow the user
to
use a keyfile instead of a password.
Note that your changing access to the key from what
On 29/08/12 13:53, Richi Lists wrote:
I can't get it to work wether I try it on the primary or the sub key and
whether I use gpg or gpg2.
[...]
$ gpg2 -v --edit-key E8401492!
[...]
gpg: using subkey E8401492 instead of primary key 0AE275A9
Secret key is available.
Why are you forcing
On 30/08/12 10:25, Richi Lists wrote:
Using the primary key was what I tried first. But when I saw the error
message signing failed, I thought I'd have to force the proper signing
subkey, like I have to do for signing emails.
My setup is more or less the following:
On 05/09/12 14:56, notizblock wrote:
You could use vim with the gnupg.vim [1] plugin.
Is it me or does that plugin default to using temporary files, pretty much
defeating the whole purpose? Makes me wonder how well thought out this script
is.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in
On 09/09/12 13:12, Milo wrote:
Also there are vim scrips allowing some level of integration with gnupg.
Personally, I'd have more faith in a text editor that was written ground-up with
security in mind. If you take a full-fledged editor that was never intended to
hide the contents, and then bolt
On 09/09/12 21:06, Milo wrote:
I'm not sure what you are trying to say/prove by polemics with things I
didn't wrote. I won't speculate about your faith in editors, your threat
model, and probably there is no real point for you to speculate about my
(possible) family and my hard drive data
On 09/09/12 22:04, antispa...@sent.at wrote:
It's sad to see that Pretty Good Privacy is just about pretty good and
nothing more. People don't seem to care beyond playing 007.
Are you talking about how an encryption/signing tool is not a text editor??
What's with the sudden demeaning criticism?
On 10/09/12 22:46, Landon Hurley wrote:
Maybe some sort of hood made out of wire mesh to stop radiation leakage.
Ah, you mean a tinfoil hat? ;P
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is
On 10/09/12 19:45, ved...@nym.hush.com wrote:
Either people are on their own computers, which they trust, and
which they can cleanse the memory and reboot, or they are on
untrusted computers, where memory is the least of their problems.
I think people want it because editing a text file
On 09/09/12 23:29, Marco Steinacher wrote:
Isnt't that the problem with almost any data? At some point you have to
decrypt it to edit or view it with some application.
[...]
I think demanding all allplications to be aware of this and to handle it
securely is quite a strong requirement,
On 11/09/12 09:12, John A. Wallace wrote:
I am using Gpg 2.0.17 in Windows. Am I correct in saying that the options
file, if one existed, should be located in the home directory, i.e.,
%homepath%\appdata\roaming\gnupg
You can see what the home directory of GnuPG is with the command
gpgconf
, that it should be named options
Oh, wait, no. I think you're supposed to name it gpg.conf, and that options is
some sort of legacy name that is also accepted? gpg.conf is the normal file you
would use to store your configuration, I know that for sure.
Peter.
--
I use the GNU Privacy Guard
On 11/09/12 16:57, Heinz Diehl wrote:
You can mount /tmp and the various other tmpfiles to memory. That's
what I do (not for security reasons, but to have the tmp stuff deleted
on reboot).
So you store the unencrypted file to /tmp and edit it there with whatever
program is needed? Say you're
On 11/09/12 16:58, Jens Lechtenboerger wrote:
Instead, I'm using full disk encryption.
I also have an OS on full disk encryption (not my regular workstation OS). I
still see a use for a safe text editor, for example as a lightweight
alternative to FDE.
Peter.
--
I use the GNU Privacy Guard
On 13/09/12 17:47, ved...@nym.hush.com wrote:
$ printf just a test | gpg -c -a
Also, this would obviously end up in the history file unless you turn that off.
Better just invoke gpg, start typing and end with Control-D.
$ gpg -c -a
just a test
Ctrl-D
Peter.
--
I use the GNU Privacy Guard
On 13/09/12 18:34, Kristian Fiskerstrand wrote:
Apparently only half-awake here, this should of course be amended to
include that since the plaintext is shown in the command line it is also
available to other users on the system in a process list (e.g. ps)
I just thought of the fact that
On 17/10/12 07:04, Doug Barton wrote:
Thanks for the suggestion. The problem is that the truecrypt volume is
not mounted at boot time, and it's unmounted before shutdown.
If you mount them with a shell command, you could write a wrapper shell script
that you invoke instead of that command, like
there is indeed a signature:
$ gpg2 --list-packets bla.gpg
:pubkey enc packet: version 3, algo 1, keyid 26F7563E73A33BEE
data: [2048 bits]
:encrypted data packet:
length: 368
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12
Peter Lebbing pe
On 05/11/12 16:29, Hauke Laging wrote:
Why? What critical information is exposed by the signature, assuming I do not
forge the from address?
You're constricting your view too much to just e-mail in your analysis. If you
look at files stored on someone's hard drive, you don't have a from
On 2012-11-05 15:10, Avi wrote:
This is an incomplete list, but what I like about GPGShell is
the following:
I'd just like to say: *Thank you* for your constructive contribution.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you
I downloaded GPG W32 1.0.6-2 on a Windows machine.
I started gpg from the command line and It created C:\gnupg.
I have GPG running on another windows machine (I think is version 1.0.4) so I
tried to import my keys.
I'm confused by the version numbers you indicate. They sound like they're
On 02/12/12 10:57, Selene Feigl wrote:
Note: that is a PC/SC reader without CCID
AFAIK, keypad entry is only supported through the internal CCID driver of GnuPG,
not through a PC/SC stack.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted
RFC 4880 says this in the Security Considerations part:
* Many security protocol designers think that it is a bad idea to use
a single key for both privacy (encryption) and integrity
(signatures). In fact, this was one of the motivating forces
behind the V4 key format with
On 02/01/13 11:05, Fabio Coatti wrote:
Replace existing key? (y/N) y
gpg: secret key already stored on a card
[...]
My guess is that gpg flags every subkey sent to card with the card
number and checks the number when requested to install it again... but
is there any way to tell gpg to
On 07/01/13 16:39, Mark H. Wood wrote:
I'd suggest assuming some periodic read-only use, since we *should* be
testing our backups regularly to discover decay *before* it makes
something irretrievable.
I would assume the decay to make it irretrievable the moment you discover
it. Hoping the bit
On 06/02/13 11:37, Hauke Laging wrote:
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) [...]
Seems to me to be enough to do what OP requested: signing e-mails he/she wrote.
It indeed seems easy to me that this won't work for
On 06/02/13 11:37, Hauke Laging wrote:
Then you can (safely...) copy the data to several PCs and have them show you
both the file hash and the document (in that order). Hoping that at least one
of the PCs is not compromised.
In my other mail I got kinda hung up on manual verification but
I'm trying to figure out what the influence is of the different
signature types (0x10-0x13).
From the gpg2 man page:
--min-cert-level
When building the trust database, treat any signatures with a
certification level
below this as invalid. Defaults to 2, which
*Even if your dongle works exactly as intended*, I can -- by simulating a
hardware failure -- drive you into a fallback where you use a compromised
machine.
It's a good attack. Thank you for sharing it. But to say it makes the device
bogus is a way too easy dismissal.
So if an attacker
On 07/02/13 15:26, Hubert Kario wrote:
The usual response in this kind of situation is let me do my damn work
already not hmm, interesting, let's diagnose the issue, other projects be
damned. Honestly, I'd probably fall victim to such an attack
Every decision is a weighing of how important
This is silly. Yes, you can do social engineering. That's always possible. And
yes, the attacker will win against me if he wants badly enough. I know that as
well. These are all just generalities.
You seem to be implying that unless something is perfect, something is bogus,
and people should not
On 08/02/13 03:12, Josef Schneider wrote:
With GnuPG on the other hand someone who has access to my PC can sign
whatever he likes and sign as much as he likes, as long as my card
reader is attached
Just so you know, the OpenPGP card has a forcesig, force signature PIN, flag
which you can set
Hello Werner and list,
I'd like to do a feature request for a new version of the OpenPGP card, whenever
such a new version would be designed.
The current OpenPGP cards have a force signature PIN flag which can be set so
only one signature is issued with one PIN entry. I'd like to request similar
On 08/02/13 10:55, Niels Laukens wrote:
I'm no expert, but isn't that only useful if you have a card-reader with
pin-entry? If you use your compromised PC to enter your PIN, the malware
can just replay that PIN to the card.
Yes, I agree. Not that I am an expert.
Peter.
--
I use the GNU
Is there any LiveCD that has GPG 2.0.18 (or higher) on it?
A quick check shows that Knoppix claims to have gnupg2 2.0.19-1 on Knoppix DVD
versions 7.0.4 and 7.0.5. The version number is probably a Debian version
number.
There are files called dpkg-l-dvd-704.txt and ..705.txt in the DVD mirrors
The daemon group has... But is this group in the list of groups of the
scdaemon process? That's not a SUID/SGID binary.
You're confusing pcscd and scdaemon. OP doesn't use direct access by scdaemon,
but rather a PC/SC daemon which is run from init, and to which the scdaemon
connects.
If the
/bin/ps -e -o pid,supgrp,args
1878 -/usr/sbin/pcscd
pcscd will have GUID pcscd, so it's not a supplementary group. With
$ ps -e -o pid,egroup,supgrp,args
You'll most likely notice pcscd in the second column for that daemon.
Peter.
--
I use the GNU
I don't know if it is supported by GPGME, but here's an alternative I just
thought of: Store the public keyring on a RAM filesystem.
Sketch of operation (not fully tested, and please understand what you're doing,
don't just copy-paste):
mkdir ~/gnupg-ramfs
sudo mount gnupg-ramfs ~/gnupg-ramfs -t
On 26/02/13 07:43, Doug Barton wrote:
That worked for me, although I was a bit disappointed that placing the cert at
/etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the
docs said it should.
Please realise that if it would have worked, you would have installed that
On 26/02/13 11:56, Werner Koch wrote:
Thus, it won't harm you to add such a kind of Salvation Army CA.
Okay, you made me laugh out loud, thanks :).
It probably won't hurt to add the sks-keyservers CA, although I don't know how
well they guard their private key. Probably fairly well, these are
is a field Version:
which says 11.11.
Second line of the output for me:
Application ID ...: D2760001240102[snip]
Version ..: 2.0
^^^
Manufacturer .: ZeitControl
Serial number : [snip]
Name of cardholder: Peter Lebbing
Language prefs ...: en
Sex ..: yes, please
On 05/03/13 00:26, BassToGo123 wrote:
Please post
Can anyone help me?
People on this list are not paid to answer your questions. Asking twice with a
minute in between is not very civil in my eyes. And perhaps it takes a few days
for someone to /have the time/ and inclination to help you
On 05/03/13 19:52, Phillip Gardner wrote:
gpg2 --symmetric --force-mdc --cipher-algo AES256 backup20130405.tar
Is it a problem using the same key when encrypting multiple files which will
all be stored together? These files were very similar in content prior to
being encrypted.
1) It is
On 23/03/13 04:16, Ileana wrote:
I am curious if there is a built-in or optional way to do a
diffie-hellman key exchange over PGP encrypted email. Such that
subsequent emails could be forward secret?
I find it a really funny idea, in a positive way. Hey, I've never thought about
it that way!.
I hadn't quite picked up on the forward secrecy bit in your original mail.
On 23/03/13 20:14, Ileana wrote:
However possibly less annoying the generating new PGP keys and sending those
back and forth (with over head of having to sign each new key
Using subkeys, you can skip the signing. Just
On 23/03/13 21:06, adrelanos wrote:
TrueCrypt.org says [1] they are signing TrueCrypt Setup 7.1a.exe [2]
with a X.509 signature. How can I verify such a signature?
This is probably a Microsoft Authenticode signature on a Microsoft PE
executable. It's very specifically a Microsoft thing, and
On 24/03/13 13:10, adrelanos wrote:
I don't care so much about that truecrypt.exe, but want to know how it
works in general for any file on Linux. This is because I consider dual
signing the files I distribute.
If it's about signing rather than verifying, I found this link on the Google
hunt I
On 25/03/13 20:06, Doug Barton wrote:
He clarified that in a subsequent post. The usual netiquette is to read the
entire thread before responding to any individual post.
I see only one post by Julian H Stacey, and the web archive[1] agrees, so maybe
you got a private mail? (But why?)
Anyway, I
On 25/03/13 20:49, Doug Barton wrote:
Thus endeth the lesson,
Yeah, after I wrote my reply, I wondered if it was even wise to fight fire with
fire. So the lesson didn't come entirely unexpected.
I respectfully disagree that the mail didn't warrant a reply at all. One could
also simply point out
On 27/03/13 14:40, Julian H. Stacey wrote:
I created it, as far as I recall, from my copy direct from Ulrich,
which had no Mail-Followup-To
Correct, the problem originated when you replied[1] to Werner's mail[2].
Werner's mail had the following header:
Mail-Followup-To: Julian H. Stacey
On 27/03/13 22:15, Leo Gaspard wrote:
until a lot of people verify and sign your public key.
People might be more inclined to sign the key when it says something like
adrelanos (Whonix signing key) adrelanos at riseup dot net
rather than without the comment.
That way, their signature might
On 31/03/13 23:16, Anonymous wrote:
account 'B' can access the card, but I guess it is missing some type of
stub gnupg uses to mark the keys on the card?
Importing the public key /should/ be enough, and when GnuPG sees the smartcard,
it will create the corresponding stub.[1]
So there is
On 04/04/13 12:37, Hauke Laging wrote:
That seems not to be part of the documentation...
The doc file DETAILS mentions it for unattended key generation:
Expire-Date: iso-date|(number[d|w|m|y])
Set the expiration date for the key (and the subkey). It may
either be entered in
On 04/04/13 18:01, Jack Bates wrote:
How can I get the fingerprint or key id of the subkey I just created?
A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
identify/verify a key as a whole, which means the primary key.
I tried the following:
$ gpg2 --status-fd 0
On 05/04/13 20:16, Jean-David Beyer wrote:
Probably the software Red Hat supplies is kept on a machine that is not
on the Internet and it is all signed on that machine. At which point,
the signed software is placed on an Internet-connected machine for
downloading (seems like a good idea to
On 06/04/13 19:10, Ryan Sawhill wrote:
(individual maintainers building packages? seriously?)
I think you misread a statement /I/ made. I said individual maintainers
in Debian sign packages. They do not sign built binaries, but rather the
source package. After that, an automated build system
Does this mean that the public key is exported along with the private key?
Yes, indeed.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
On 15/04/13 07:24, Ashley Holman wrote:
I also have a followup question. Is it acceptable practice to make a
paper backup of your private key by exporting it in ascii armored mode
and printing it onto some paper?
You should take a look at PaperKey[1]. It will produce text with some
You could look at the certificate your browser doesn't trust and follow up
the information it contains. You could also search the internet (and other
sources) for information about Intevation GmbH, and see if it matches what
the certificate says.
Everything the certificate says is under
Hello HHH,
It would appear that you BCC'd me on the message I'm replying to, because I got
it twice: once without going through gnupg-users and a copy sent through
gnupg-users. The messages have the same Message-ID and ID assigned by the first
mail server, so it's really a duplicate.
Please try
On 26/04/13 03:13, Mason Loring Bliss wrote:
gpg --export-options export-minimal --export keyid | gpg --list-packets |
grep 'pref-hash-algos'
...I see algorithm 2 still there.
I think you're mixing things up. pref-hash-algos is the algorithms you'll
accept from others.
The page you linked
I might be misinterpreting your request, because I can see two slightly
different interpretations and I'm going with only one of those! ;)
On 27/04/13 18:31, Quinn Wood wrote:
However, gnupg does not recurse signatures on imported or updated keys[...]
determining the most trusted (based on
On 29/04/13 05:39, 儒風管理部-潘右文 wrote:
Can someone help me with this error?
It says Key validity - Unknown, so it seems you haven't signed the key and
GnuPG is refusing to encrypt to a key of which the identity is unverified.
My program version is 1.1.4.
Are we talking about GnuPG 1.1.4? Because
26F7563E73A33BEE
data: [2043 bits]
:encrypted data packet:
length: 86
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12
Peter Lebbing pe...@digitalbrains.com
:compressed packet: algo=2
:literal data packet:
mode b (62), created
Maybe I didn't read your message well enough before I answered. You said you
couldn't use standard out. This is a crude way to get the status-fd stuff in a
file as you mention:
$ gpg --status-fd 3 --use-embedded-filename foo.gpg 3foo.status
You need a passphrase to unlock the secret key for
user:
On 08/05/13 14:03, Michael Scheer wrote:
HOLD ON - IT WORKS!
| %GNUPGHOME%gpg.exe --status-fd 2 --use-embedded-filename %1
2%temp%\out.txt
2 is standard error (at least, I suppose Windows does that too), so it will be
mixed with any other output to stderr. On Linux, I see the gpg: encrypted
101 - 200 of 1316 matches
Mail list logo