Re: OT: Best way to send e-mails to a recipient that does know encryption
On 1/2/2024 at 9:26 AM, "Ingo Klöcker" wrote: >Posteo will release data to authorities if they are forced to do >so by a >judicial order. See their transparency reports for details: >https://posteo.de/en/site/transparency_report > >I'm still using Posteo. = Another option is Hushmail. It allows to send encrypted mail to someone who has no encryption experience and to any email address. The Receiver agrees on a passphrase with the Sender, and the Sender sends the encrypted email. The Receiver gets a notice in whatever email he/she is using, with a link to a site on the hushmail server. The Receiver clicks on a link, and Hushmail requests a passphrase. Only 3 attempts are allowed. The message is erased on the 4th try. The message is also erased after 72 hours from the time it is sent. If the passphrase is correct, it displays the plaintext of the message. Again, if you are suspected of being a terrorist or a human trafficker, and Law Enforcement gets a convincing order, they will release your information. They are based in Canada. Price is 49 US$ / year. Allows for unlimited aliases, (that haven't already been taken). If anyone wants to try out the encryption, please send me an email, and tell me what you want your passphrase to be. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's
There are 2 simple workarounds to employment ADK's : [ 1 ]. Send a symmetrically encrypted message to the key with the ADK(This will require an agreed upon symmetric passphrase communicated in person, phone, or another non-ADK manner) [ 2 ]. Generate a non-ADK key, not uploaded to any server and send and receive messages with a hidden-ID option, and keep this key on a separated keyring. This can be communicated symmetrically as in [ 1 ]. vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Status of original PGP?
On 9/7/2022 at 6:14 PM, "Robert J. Hansen via Gnupg-users" wrote:On a lark I went looking for the current iteration of PGP. It was bought by Symantec some years ago, and the last I heard they'd renamed it to "Symantec Encryption Desktop". However, Symantec no longer has it available for sale or download, and scouring their site turns up basically nothing. Does anyone know what happened to PGP? = There is still a source for PGP freeware for PGP 8.0 and earlier:http://www.pgpi.didisoft.com/products/pgp/versions/freeware/ (I followed the successive links and then got an error page, but if this is still considered freeware for non-commercial use, then it is archived somewhere... https://zedz.net/ ) Vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
On 5/26/2022 at 12:52 AM, "Robert J. Hansen via Gnupg-users" wrote: So, yeah. I'm going to be solidly on the side of "no, really, paper is a magic technology, just be sure to talk with an archivist first to ensure you're using the right kind of paper." = The other thing to consider is the Ink. In Ancient and Medieval times, the ink was not standardized, and varied in the quantity of the ingredients. All were permanent but some were too acidic and burned through the paper. Many monastery manuscripts centuries old are still in very good condition. Today there are "Bulletproof" permanent inks (not resistant to real bullets, but resistant to water, alcohol, bleach, soap, and known solvents.) https://www.jetpens.com/blog/Noodler-s-Fountain-Pen-Inks-A-Comprehensive-Guide/pt/902#bulletproof The Noodler Eternal inks are available in a larger variety of permanent colors, and are all fountain pen safe. https://noodlersink.com/product/19208-eternal-polar-blue/ Vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Changing the encryption algorithm used for PGP/GPG private key
On 2/18/2022 at 3:12 AM, "Daniel Colquitt via Gnupg-users" wrote:Just to follow up that this isn't a gpgwin problem. I have a Debian installation and generated a test key using GnuPG and the same gpg.conf file = Try this: In gpg.conf file add the option of --expert and in personal preferences, list only AES 256, Not the other strengths. Keep all of the s2k options you listed, and try generating a new key again Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First Amendment and Marines?
On 1/29/2022 at 11:06 PM, "Mauricio Tavares via Gnupg-users" wrote: > The patient can choose any, all, any combination, or none of them. > And still get treatment. > Can you provide which regulation states that? I could have used it many times. = It's in the HIPPA act which requires the patient's consent to share the date, and is in the pre-treatment or pre-hospittalization consent form itself. The worst the hospital can do, if the person refuses release to the Insurance Company, is to bill the patient as self-pay. The hospital cannot refuse treatment. Can't speak about Covid, because *The Science* seems to vary between conservative and liberal states. There are many horror stories, but it is not for this mailing list. Vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pgp263iamulti06
On 1/29/2022 at 11:02 PM, "Robert J. Hansen" wrote:> Please comment if this is adequate, or there is still a problem with > Disastry's Linux Version. Why? I've been trying to get people to move to OpenPGP for literally a quarter-century, Vedaal. I'm not going to suddenly switch gears and work on giving people reasons *not* to migrate. = I have publicly posted here that GnupG should not have to make a considerations with backward compatibility with Disastry's version, those who use Disastry's version among each other will continue to do so, and among those who communicate with GnuPG user's, will use GnuPG. If person1 has a signed and encrypted email to person 2, but which used IDEA and MD 5, and now wants to decrypt, and re-encrypt and sign, and send to person 2, who will then destroy the original email, why shouldn't they be allowed to know if this is safe. They still use GnuPG for current email and will not be discouraged by knowing that there is a safe way to do this in Linux based Diastry's version, which cannot be sent to person 2's v3 key in GnuPG 2.x vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First Amendment and Marines?
On 1/29/2022 at 5:39 PM, "Mauricio Tavares via Gnupg-users" wrote Not quite. It cares about personal data from people residing in Europe at the time said data was collected. And even then, you need to be targeting EU/EEA residents. So, if a German citizen goes to FL and needs to stop at the emergency care to have a shark bite taken care of, that data now is owned by the hospital forever, which will figure out how to make money with it without asking permission. = This is NOT true, (but may make sense to someone who has never been a hospital patient in the US.) Every hospitalized patient is given a consent form prior to treatment, which they may edit or refuse to sign. -It allows release of medical information to the Insurance Carrier, -to the Patient's private Physician, -to a third party designated by the patient as a 'next-of-kin-with medical proxy', should the patient not be in a condition to make decisions, -or to a third party statistical group following the frequency and outcome of a particular condition requiring hospitalization. The patient can choose any, all, any combination, or none of them. And still get treatment. Vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 1/18/2022 at 11:26 AM, "Robert J. Hansen via Gnupg-users" wrote:> 1.4 should be able to decrypt all 2.6 generated data. Not from the Disastry builds, which extended 2.6 to support newer algorithms. = 1.4 still can decrypt and verify anything in Disastry's last build. He died before he could implement Camellia. I have been using it since it came out, and 1.4 can easily decrypt and verify, but there is a simple procedural issue.: 1.4 decides that when it sees a v3 key, it tries to decrypt Idea and verify md5. Which works perfectly for 2.6.x. In order for 1.4 to decrypt and verify messages done with other encryption algorithms and signing algorithms, the name of the signing algorithm and the name of the encryption algorithm need to be included in the command line. If this is cumbersome, so just continue to use Disastry 2.6 to decrypt and verify. It's not gnupg's problem. Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 1/16/2022 at 6:12 PM, "Robert J. Hansen via Gnupg-users" wrote:On this mailing list we sometimes see requests for help from people running dangerously antique versions of GnuPG. Wasn't all that long ago I was asked for help with something in the 1.2 series (!!). Without exception, our first response is usually "for the love of God, upgrade!" They rarely do. It's worked fine for them for a decade or more, and they're not going to change... = There is also the vulnerability of the 'shortcut' of decrypting symmetric encryption, and how that needed to be upgraded to versions where it was fixed. Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 1/14/2022 at 11:46 AM, "Стефан Васильев via Gnupg-users" wrote:Hi all, If people have a modern Telefax machine, have you ever tried out to send a GnuPG signed Fax? = You can simply armor sign the message. Don't bother with the 'begin' and 'end' part, it can be added on the receiving end. OCR it into telefax and send. I have never done this, and the few times I have tried similar things, the OCR always made mistakes. Anyone used an OCR program that reliably could get a page of gnupg block ciphertext Without mistakes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Install gnupg on Linux machine ( For gpg encryption & decryption )
On 1/4/2022 at 7:23 AM, "Rayapati Rama Rao (NCS)" wrote Could you please let me know which gnupg software to download for Linux machine to make use of gpg encryption & decryption. Also, may I know if any packages required to install on Linux prior to gnupg installation. If possible could you please provide me the steps to install gnupg on Linux machine. = Here is the Gnupg site for Gnupg downloads. The Linux links are listed below the ones for Windows and Mac. https://gnupg.org/download/index.html Once gnupg 2.2.33 is installed on your Linux system, you can download Kleopatra as an easy gui front end. https://www.openpgp.org/software/kleopatra/ If you do not especially need the Linux version you are using, I would highly recommend the Ubuntu 20.x LTS (long term support). It already has Gnupg installed by default when you download the .iso https://ubuntu.com/download#download All the Best Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
On 6/20/2021 at 2:13 PM, "Matthew Richardson via Gnupg-users" wrote:Is there any way in GnuPG to detach (or extract) a signature from a signed object? For example, a signed object is created with:- >gpg --armor --output signedfile.asc --sign inputfile.txt where what is wanted is a detached signature which would verify against inputfile.txt. This feature is in PGP 2:- >pgp -sa inputfile.txt -o signedfile.asc >pgp -b signedfile.asc -o verified.txt which also produces verified.pgp as the detached signature. The feature is described (briefly) in the PGP 2 documentation thus:- >To detach a signature certificate from a signed message: > pgp -b ciphertextfile = Don't know how to do this in GnuPG. Cannot be done in the PGP commandlines later than 2.x with the -b command. Using the -b command in later PGP commandline versions, just decrypts, but does not save the signature. There is a program that can do this for DH keys, using the -b command but only when encrypted with AES or 3DES: Filecrypt https://m.majorgeeks.com/files/details/filecrypt.html (n.b I have NOT used 'this' version, but I did use the original Filecrypt when it first came out , to successfully use the -b command): https://www.angelfire.com/pr/pgpf/fcs.html The developer of Filecrypt is accessible in a link when downloading the Filecrypt on the majorgeeks site mentioned above. You might consider discussing a version of Filecrypt with him for your detached signature use. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase. And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. = Or, for the really paranoid ;-)you can have random data on a read-only mini cdrom,and use it as an OTP, and throw it into a garbage incinerator afterwards. But really, if anyone is up against adversaries where this is necessary,this methods may ultimately not help. These adversaries are not known for their honor and fair play ... vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Or, for the really paranoid ;-)you can have random data on a read-only mini cdrom,and use it as an OTP, and throw it into a garbage incinerator afterwards. If you are up against adversaries where this is necessary,this methods may ultimately not help ... = On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:On Dienstag, 4. Mai 2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote: > For modern SSDs I generally recommend a single pass with random data: > > dd if=/dev/urandom of=/dev/foo bs=1M > > (Don't forget the blocksize [bs] parameter; it can improve speed > significantly.) > > This is enough to foil the vast majority of forensic analysis. Yes, > yes, SSDs have remapping capabilities which means certain memory cells > won't get hit even if you do this, and it's theoretically possible for a > good forensics nerd to do all kinds of wild magic to pull off data you > didn't even know was there... but that kind of very high-level forensics > nerdery costs a lot of money, and few people are worth that kind of > investment. I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase. And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. Regards, Ingo___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: question - Gnupg compatibility with Symantec
On 3/9/2021 at 4:46 AM, "Margaret via Gnupg-users Call" wrote: We would like to migrate our Symantec PGP to GNU PGP. We tested the system last week with new PGP users and a user that migrated to GNU from Symantec. We have fixed all bugs except one: Our legacy Symantec users (who have not yet transferred over to GNU) are unable to decrypt/read GNU PGP emails. = What type of key, and what encryption algorithm do your Symantec users have? What error messages do you get? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: How can I add encrypted comments
vedaal at nym.hush.com vedaal at nym.hush.comwrote on Thu Jan 14 19:37:37 CET 2021: >but functionally, yes, it can be done.- my mistake. Can't really be done this way :-((= >[1] Armor the signature file ( gpg --armor filename.sig ) -should be enarmor instead of armor :-( this outputs to filename.sig.asc [2[ Armor your encrypted comments, and copy them to the end of thefilename.sig.asc, (leave one blank line between the pgp footer of the signature file,and the pgp header of the encrypted file) [3] Save the whole thing as filename.sig.asc [4] gpg filename.sig,asc will automatically verify the sig if theoriginal signed file 'filename' is present, and also decrypt the addedcomments-It doesn't.It gives weird error messages.sorry ;-( vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I add encrypted comments.
On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users" wrote: body p { margin-bottom:0; margin-top:0; } I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it. = Not exactly, but functionally, yes, it can be done. [1] Armor the signature file( gpg --armor filename.sig ) this outputs to filename.sig.asc [2[ Armor your encrypted comments, and copy them to the end of the filename.sig.asc, (leave one blank line between the pgp footer of the signature file, and the pgp header of the encrypted file) [3] Save the whole thing as filename.sig.asc [4] gpg filename.sig,asc will automatically verify the sig if the original signed file 'filename' is present, and also decrypt the added comments vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
On 8/25/2020 at 3:21 PM, "Stefan Claas" wrote: >Maybe he could try to use a secret key without a passphrase and >give then the secret key personally to his friend? = And just have the ascii armored text of the secret key as the passphrase for the symmetrically encrypted text? There still needs to be a way to 'enter' it as the 'passphrase'. If the OP doesn't mind saving it in a file-decsriptor way, that would work, but it would work the same as the secret key had a passphrase, or even if it was an unpublished public key. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
On 8/24/2020 at 8:36 AM, "Guille De La Torre via Gnupg-users" wrote: > is it possible to create a key for symmetric encryption >in such a way that the person who has my public key does not need >to enter a password? to decrypt. = No. and Yes.8^) It is not possible that the person does not have to enter 'anything' to decrypt. But is it possible for you both to have a secret symmetric passphrase you share by sending your public key, if you create a public key, and don't post it anywhere or encrypt or sign anything with it, and send that public key, encrypted, to the intended receiver's public key. Now, use the key name and long fingerprint as the password for the symmetric encryption. Example: Here is a key created for this purpose: -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul mQENBF9EEJEBCADKJIFeU4YaiZOp6tgbOMCp2ax12btTYDBqbnoveqTTwIrHZurX 1Gm2fU0X/c1WqyDbg7F5Kv9vmkn+2NGRD+AOpU6B1SiZny07ZNtgIps10zXIGI3A vgR+77HfhbZE46AK8BYuHriW0OpHmFdK11Zl3uRROA1bgPpmEGNT5dm9UzpQ+xSN 0d6O33pYisHd4E5S+uiroY08cU/i2LV0Q1YPoErtmP6OIkCvMvOWUpy3iEI+szwV db8mm0Cj4c28mYAL3qsJfKc7P8JEufjiAXmYIIsku60fmHEA0RuQtIb1zW/CGAVg 7de5rWR4fit+uyOQwW68BbvYK8VBZgOGP1MlABEBAAG0S214dHpwaHUua2xlbWF1 aiAobm9uLXB1YmxpY2l6ZWQga2V5KSA8bXh0enBodS5rbGVtYXVqQHF3ZWppZG5h bGxkaW9weHoud2RiPokBOQQTAQgAIwUCX0QQkQIbDwcLCQgHAwIBBhUIAgkKCwQW AgMBAh4BAheAAAoJECX/By3f019dnFMIAICCRK3YF3iDkXfcDYLV8+Kq+94BrZfx Bwjn9n+vgldTTtkHP+0AHvQ1QAYVRWH/gPJR7D9bU/oc3A2lWXQzt/wwR1WOogFC 1rDKJtSgPkjpeirEauoXQLiTOUCtNcM2w2Zn8yK9lAvOfdQoaH+RxN8AASYU7QUt 3CtJ7EQpA/dSRkDt5NHVVrhXcih6oCZuGyOoAldT1GB+Tz4BGDhveygWlcR6/e9o kcw6lgwgrPvfjXekQsQ2LeeO+UGcG1ITjjaBPRH6gA1Nlq/wCS/Nj98xoCzCyLab pzUcGdzOz8ScgHY11CfAR7CAlCNzcfOe1J8e3qQogXXgVtJiCB2Jav4= =tAGm -END PGP PUBLIC KEY BLOCK- Importing the key gives the following information: User-ID: mxtzphu.klemauj (non-publicized key) Validity: from 2020-08-24 15:10 until forever Certificate type: 2,048-bit RSA Certificate usage: Signing EMails and Files, Encrypting EMails and Files, Certifying other Certificates Key-ID: DFD35F5D Fingerprint: 9D7ECA9BEDF40F804EB26A3C25FF072DDFD35F5D The user id and email address were done by typing semi-randomly at the keyboard. Now use the userid and the long fingerprint as the passphrase for your symmetric encryption: mxtzphu.klemauj@qwejidnalldiopxz.wdb9D7ECA9BEDF40F804EB26A3C25FF072DDFD35F5D Only you and the person you send this key to, will be able to decrypt your symmetrically encrypted messages. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 8/15/2020 at 1:02 PM, "Stefan Claas" wrote: >Ok, worked! :-) SHA256 hashes matched from both devices. = Great to hear! - >Only thing I have to do is purchasing an sd memory card, because >the regular memory is to low. = If you can afford it, there are 1 TB microsd cards available: https://www.amazon.com/SanDisk-Extreme-microSDXC-Memory-Adapter/dp/B07P9W5HJV/ref=sr_1_2?crid=LIUTHCJU5JEA=1=1tb+sandisk+micro+sd+card=1597692282=1+tb+sandisk%2Caps%2C507=8-2: I have the 1tb sandisk microsd for the phone (my smartphone is a sony xperia z2 premium. I'm in love with the camera and optics, and watch all my videos and amazon prime on the phone). Point is, official specs says it only accommodates a 250 gb microsd. This is not true. Even older galaxy androids that officially say accommodates a 64 gb card, also accommodated a sandisk 400 gb card. As long as there is a microsd slot, it accommodates any size. *BUT* The vast majority of 1 TB cards, are COUNTERFEIT, and don't ho;d more than a nominal minimal amount! Even the Kingston ones, unless you get them from Kingston itself, are very convincingly appearing fakes. I have been using sandisk since 64gb, then 128, then 400, and now 1 tb. and all of them worked, and got them all on Amazon. If you know from people who actually used them, of other brands on Amazon that are trustworthy, maybe you can get a good card for less. Even If you don't need more than 64gb, I would still recommend a Sandisk newer 64gb card, because of the much faster transfer rates. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 8/11/2020 at 3:00 PM, "Stefan Claas" wrote: ... >As understood a Pegasus operator can do what ever >he likes to do remotely, anonymously with our (Android/iOS) >smartphone, without that we know that this happens. ... >in form of a best practice FAQ (cross-platform), to no longer use >encryption software on online devices and work out >strategies to use offline devices and how to handle this data >securely over to an online device, until proper and affordable >hardware encryption devices for online usage are available? = There is already a simple existing solution. [1] Encrypt and decrypt on a computer that has internet hardware disabled. [2] Use an Orbic Journey V phone that gets and sends *only text* [3] Use a microsd expansion card on the orbis phone [4] set up the phone to save encrypted texts on the microsd 'storage' card [5] Take out the microsd card and use a card reader in the computer in [1] transfer text only (encrypted or decrypted) Any file can be sent as encrypted text by using the armor option -a on the GnuPG command line. (this includes audio, video .jpg, .png, pdf, etc.literally any and all possible file types.) Even if the Orbic uses the *unknown* system, if your are encrypting and decrypting on a separate air-gapped computer, and transferring only text to a microsd, it is hard to see how it can be compromised. (Yes *Anything* can happen, but without evidence, there is no end to paranoia) It is not the place of the FAQ to solve the transmission issues of an already perfectly formed GnuPG encrypted .asc file. The manual and/or FAQ, tells how to use GnuPG to encrypt or decrypt the file, and armor it. The rest is up to the User's threat model. (btw, There is, [afaik], no protection available in GnuPG against a Clairvoyancy attack vector on an encrypted file even in an air-gapped computer, and there is a rumour that any Witch or Wizard can instantly behold the plaintext of an encrypted message by flicking a wand at it, and using the simple charm 'Revelato') but not really in my threat model 8^ vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "encrypted with 1 passphrase"
2b+VWDOBXqxMTpK63EsqSt9G4 ulXp9mb0jw19WhYuucHLaHRmq4v8RDM0yskGBraKm/KCoZQrX6HEJqVSMB64HSoh Nw== =9nbK -END PGP PRIVATE KEY BLOCK- Here is the output of GnuPG when trying to decrypt symmetrically: C:\>gpg --list-packets c:\h\jadeT1.txt.asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: GnuPG v2 gpg: armor header: Comment: Acts of Kindness better the World, and protect the S oul :pubkey enc packet: version 3, algo 1, keyid 994E4EB567FE1CCF data: [2048 bits] gpg: public key is 67FE1CCF You need a passphrase to unlock the secret key for user: "1 " 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01 gpg: cancelled by user :pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186 data: [4095 bits] gpg: public key is D35FB186 You need a passphrase to unlock the secret key for user: "vedaal nistar (all other addresses were spam flooded) " 4096-bit RSA key, ID D35FB186, created 2008-01-22 gpg: cancelled by user :symkey enc packet: version 4, cipher 10, s2k 3, hash 2, seskey 256 bits salt 250d48fd32ac6c65, count 3014656 (183) gpg: TWOFISH encrypted session key :encrypted data packet: length: 74 mdc_method: 2 gpg: encrypted with 1 passphrase gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22 "vedaal nistar (all other addresses were spam flooded) " gpg: public key decryption failed: Operation cancelled gpg: encrypted with 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01 "1 " gpg: public key decryption failed: Operation cancelled (here a pinentry window opens and asks for the passphrase, and after it is entered, GnuPG says the following): gpg: TWOFISH encrypted data gpg: session key: '10:DBED76A4B5A0E8C5761ECB3D5E9715ED7A7511989EF765581534512861 03FFD1' :compressed packet: algo=1 :literal data packet: mode b (62), created 1596215969, name="jadeT1.txt", raw data: 11 bytes gpg: decryption okay Here is what happens when the decryption is done with the 1 key: C:\>gpg --list-packets c:\h\jadeT1.txt.asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: GnuPG v2 gpg: armor header: Comment: Acts of Kindness better the World, and protect the S oul :pubkey enc packet: version 3, algo 1, keyid 994E4EB567FE1CCF data: [2048 bits] gpg: public key is 67FE1CCF You need a passphrase to unlock the secret key for user: "1 " 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01 gpg: WARNING: cipher algorithm TWOFISH not found in recipient preferences gpg: public key encrypted data: good DEK :pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186 data: [4095 bits] gpg: public key is D35FB186 :symkey enc packet: version 4, cipher 10, s2k 3, hash 2, seskey 256 bits salt 250d48fd32ac6c65, count 3014656 (183) :encrypted data packet: length: 74 mdc_method: 2 gpg: encrypted with 1 passphrase gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22 "vedaal nistar (all other addresses were spam flooded) " gpg: encrypted with 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01 "1 " gpg: TWOFISH encrypted data gpg: session key: '10:DBED76A4B5A0E8C5761ECB3D5E9715ED7A7511989EF765581534512861 03FFD1' :compressed packet: algo=1 :literal data packet: mode b (62), created 1596215969, name="jadeT1.txt", raw data: 11 bytes gpg: decryption okay So, the "encrypted with one passphrase" describes the symmetrically encrypted packet, and then GnuPG describes the other packets encrypted to public keys, but without a passphrase. n.b. all the encrypted packets use the same session key. afaik, GnupG does not allow two different simultaneously conventionally encrypted packets in the same encryption output. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Traveling without a secret key
On 7/8/2020 at 3:49 PM, "Juergen Bruckner via Gnupg-users" wrote: >Basically, it has to be said that you should definitely have a >backup of your key. And you have to be very careful with your SC or tokens. >In principle it is almost the same as losing your credit card or >passport etc. while traveling; you have to provide alternatives >(e.g. >multiple smartcards). = There is an alternative travel approach that works for me: [1] No real keyring on my laptop, (just a dummy one to be able to use GnuPG 2.x on the laptop) [2] Bootable 1 tb usb,(same size as ordinary usb drive), which has bootable ubuntu OS on it, with the keyrings in a Veracrypt container after Ubuntu loads. (Ubuntu allows for the entire bootable drive to be encrypted, doesn't need yubi, or other programs. It can make the usb drive bootable using ubuntu OS installation options). Laptop can be used for everything not requiring a secret key. In event that a secret key needs to be used, (decrypt, sign, authenticate, etc), the laptop can be booted from the usb drive. Also, have a backup of the keyring in a Veracrypt container that easily fits on an microSD card on any android phone with microSD slots. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: decrypt aes256 encrypted file without gpg-agent
On 6/29/2020 at 12:40 PM, "Fourhundred Thecat" <400the...@gmx.ch> wrote: >I don't have gpg-agent installed, on this particular server, where >I >need to decrypt one file. = Try this very long workaround : [1] Install a fake homedirectory [2] Install a fake keyring (1 public and secret key that you never use) Then try this command: gpg --agent-program --no-use-agent --passphrase yourpassphrasestring --decrypt filename This is a way of making the --no-use-agent option active. GnuPG still needs a homedirectory and a keyring before trying to use the passphrase to decrypt (n.b. I have not actually tried the above, so am unsure if it is effective) otherwise , just use GnuPG 1.4.x , and unless you ever need an elliptic key, it should do everything you want. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: decrypt aes256 encrypted file without gpg-agent
On 6/26/2020 at 4:54 AM, "Fourhundred Thecat" <400the...@gmx.ch> wrote: > >Hello, > >I have file encrypted with symmetric cipher (aes256) and not >signed. > >How can I decrypt it without using gpg agent ? > >I get these errors: > >$ gpg -d file.gpg >gpg: failed to start gpg agent >... >gpg: decryption failed: no secret key = Also can't get it without using agent. Tried using option of --no-use-agent and gpg2 says 'obsolete option, has no effect'. The option of --no-default-keyring doesn't help if the home directory is not open. Agent will not start unless home directory is open ( my home directory is in an encrypted container) Once the home directory is there (when I unencrypted mine), agent starts, and a pinentry window opens asking for the symmetric passphrase, When I unencrypt the home directory, but not the keyring, gpg will still decrypt when using the option of --no-default-keyring (feature request: can GPG2 be made to work from only the command-line without a pine entry window, and without gpg-agent?) TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: The GnuPR FAQ
Robert J. Hansen rjh at sixdemonbag.org wrote on Tue May 12 16:41:09 CEST 2020: >You can get by just fine in most everyday English with a vocabulary of >5,000 words. Stick to those words and you'll have an easy-to-remember >passphrase. = That's absolutely correct, Horse! Battery Staple https://xkcd.com/936/ 8^) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: The GnuPR FAQ
On 5/11/2020 at 6:15 PM, "Robert J. Hansen" wrote: > >This arrived in my inbox: I'm presenting it here without comment. >My >response will be following in a moment. > > > Forwarded Message >Subject: The GnuPR FAQ >Date: Mon, 11 May 2020 14:19:07 -0600 >From: James Long >To:r...@sixdemonbag.org - >You've advised people to use a HORRIBLE practice of using >dictionary words solely for their password. I tested this theory myself back >in the day, so I can 100% guaranty you of this fact: A brute force >dictionary based attack can crack a password like that in LESS THAN 5 >minutes!! = How many words were in your passphrase?? Here is some data on the Diceware list: https://theworld.com/~reinhold/diceware.html The Diceware list has only 7776 words. A complete dictionary has almost 2 orders of magnitude more. "Webster's Third New International Dictionary, Unabridged, together with its 1993 Addenda Section, includes some 470,000 entries. The Oxford English Dictionary, Second Edition, reports that it includes a similar number." https://www.merriam-webster.com/help/faq-how-many-english-words 10 diceware words provides a greater Brute Force space, than 2^128 (a gnupg session key for older defaults of CAST-5) ( 7776^10 = 8.08x10^382^128 = 3.40×10^38 ) 20 Diceware words provides a greater Brute Force space, than 2^256 ( 7776^20 = 6.53×10^77 2^256 =1.157×10^77 ) Even using only English words greater than 5 letters and unrelated to each other, an extremely low-bound estimate, would be 77760 words. (in reality, far greater, but let's use an example people would agree on). So using 8 words chosen semi-randomly from a dictionary, 77760^8 = 1.336×10³⁹, still greater than a a 2^128 Brute Force Space. So, not only is is NOT *horrible* advice, it should be enough for anyone's threat model. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal - variable line width for ASCII armor output
On 2/26/2020 at 2:03 PM, "Michał Górny" wrote: > >Why 'change it back'? Unless I'm mistaken, GPG shouldn't have any >real >problem with a different base64 width, as long as the overall >layout is >preserved. I've just did a quick test and GPG is entirely happy >with >the result after rewrapping at 50 chars, as well as after cheap >rewrapping with uneven lines. Yes, but not if the header, footer, comment line, or checksum are altered. If a comment line is wrapped, and the new line does not begin with a ':' Example: This should verify: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 just a test -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4 =/Rbe -END PGP SIGNATURE- This, with the comment line wrapped, will not: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 just a test -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4 =/Rbe -END PGP SIGNATURE- And, this will verify, but needs the gpg.conf line of ignore-mdc-error ignore-crc-error -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 just a test -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4=/Rbe-END PGP SIGNATURE- vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal - variable line width for ASCII armor output
On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" wrote: >I like to make a proposal for future versions of GnuPG, >where a user can change the line witdh of ASCII armor >output. = It would not be compatible with older versions. The simplest thing for you, (or any users who prefer the aesthetics of a particular custom line width), would be to first make the GnuPG ascii armored message, then change it as you want to and copy, paste, and post, with a little note of how to change it back for verification. (fwiw, in my own experience, even the GnuPG clearsigned messages with it''s header and footer, are somewhat 'resented' in any non-crypto group, and often don't verify anyway because of minor alterations by the media posting) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Maybe a good date to create a new key pair ...
On 2/3/2020 at 4:48 PM, "Stefan Claas via Gnupg-users" wrote:Mark wrote: > I know the palindrome day was yesterday (although the article missed > several others in the 21st century). I am curious on how you were able > to create a key with a certain fingerprint. I used the (Windows) program scallion, from GitHub, with the following parameters: scallion --gpg -k 2048 02022020 That's all and it took less than five seconds to generate the private key. :-) That way you can also create keys with your birthday or deadbeef etc. After key generation you have to import the private key into GnuPG with '--allow-non-selfsigned-uid' to add a proper UID and passphrase. = So, could you pipe in a script to create a fingerprint with the following form: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 n15 n16 n17 n18 n19 n20 n20 n19 n18 n17 n16 n15 n14 n13 n12 n11 n10 n9 m8 n7 n6 n5 n4 n3 n2 n1 where each n is a character of (1, 2, 3, 4, 5, 6, 7, 8, 9, 0, A, B, C, D, E, F), and where each n is allowed to be repeated, as long as it is the same in its' corresponding mirror position, i.e., n1 can = n3 as long as it is present in the first, and third and thirty-eighth and fortieth position of the fingerprint). It might not be that simple, but it doesn't seem impossible, to create a Palindromic fingerprint, (and just reset your computer clock to 02/20/2020 at 02:20 am) 8^)) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Maybe a good date to create a new key pair ...
On 2/2/2020 at 4:44 PM, "Stefan Claas via Gnupg-users" wrote:Since this day is so special (for me) I decided to do it again with a new (RSA) key. But this time with a 'proper' Fingerprint, to celebrate this day. :-) 0202 2020 D638 E78F 4DFE 737C 419F 025C 897D B2E6 = Maybe try generating new keys until you have a keypair of palindromic primes, or at least a palindromic fingerprint http://mathworld.wolfram.com/PalindromicPrime.html 8^)) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extraction of public key from an encrypted etc. message
On 11/15/2019 at 7:26 PM, "Steffen Nurpmeso" wrote:The public key _is_ in there, no? = No. Only the public Key ID is in there, not the entire public key, and and even this keyID can be hidden too, if the sender uses the option of --hidden-encrypt-to vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg encrypt always creates a new encrypted file
On 10/28/2019 at 3:43 PM, "Phillip Susi" wrote:Anil Kumar Pippalapalli via Gnupg-users writes: > Hello, > I am trying to encrypt a file on my system using gpg —encrypt command but it > always creates a new encrypted file I want to overwrite the original file > instead so that I can only open it using passphrase. Is this possible. gpg -encrypt foo && mv foo.gpg foo = Alternatively, if you want no record of the plaintext written to a file at all, you can type it into the command line, and have only the encrypted output written: printf "whatever you write as plaintext" | gpg -a -e -r -o -filename.gpg | more (obviously not intended for big files, or non-text files, but occasionally a useful workaround if you aren't comfortable with your system's 'wipe' process.) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to improve our GUIs (was: We have GOT TO make things simpler)
On 10/5/2019 at 12:58 PM, "Werner Koch via Gnupg-users" wrote: >I agree with you and, although I sometimes hack on GPA, I would >suggest >Kleopatra. On Windows Kleopatra and the Explorer plugin do >actually do >what you suggest and we LOTS of folks using Gpg4win. Be it for >plain >file encryption or for its Outlook plugin. ... >If you have concrete suggestions for Kleopatra, = Kleopatra already has an export keys menu. Right Click on any key, and a menu opens, with the options of 'Export Key' and then a separate option of "Export Secret Keys" and works on Ubuntu (and probably on other Linux flavors too, but have not tested them) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to recover secret key passphrase?
On 8/20/2019 at 12:57 PM, "ilf" wrote: > My problem is getting a usable input for john >from the current the current private-keys-v1.d/ gpg-agent private key key >store format. = Try This: [1] Open a new terminal command prompt window [2] Type gpg -a --export-secret-key keyname The private key block should then appear in your terminal window. No passphrase is necessary unless you want to 'edit' the key. This works in both GnuPG 1.x and 2.x assuming that your keyrings are in your home directory. Don't use gpg-agent for this. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"
On 8/13/2019 at 7:59 AM, "Kristian Fiskerstrand" wrote: >As you correctly point out its really not that relevant for >encryption >subkeys. It does have security implementations for signing >subkeys; see >[cross-certification section] for some details on that. > >References: >[cross-certification section] >https://gnupg.org/faq/subkey-cross-certify.html GnuPG has been requiring cross-certification for a very long time, which would mean that an attacker who attaches a person's listed subkey to a different masterkey, would still not be able to do anything with it, because the attacker can't make it cross-certify. Being simplistically naive here, How difficult would it be to get keyservers to agree that only the key owners can submit new signatures to their own keys? (i.e., The owner's detached signature of the public keyblock having the new signature, required together with any submitted key with a new signature.) A Denial-of Service attack will still always be possible against a keyserver, since it is easy for an attacker to generate a large volume of legitimate keys, with only a self-signature, and upload them to the keyserver, but at least then, no individual key by a real user, could be attacked. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"
On 8/12/2019 at 7:28 AM, "Juergen Bruckner via Gnupg-users" wrote: >Am 11.08.19 um 23:47 schrieb Anonymous Remailer (austria): >> >> https://github.com/skeeto/pgp-poisoner = Here is a quote from the above site: =[ begin quoted material ]= As far as keyserver weaknesses go, key poisoning attacks are really just scratching the surface. For example, did you know other people can bind your subkeys to their primary key? =[ end quoted material ]= Can this really be done? (Does not matter so much to me personally, as I grew up with v3 keys, and even when using a V4 key, I don't generate a subkey, but allow all the functions (sign, encrypt. certify) to be done with the master key). Does matter a lot if I can't trust the subkey of someone whom I want to encrypt to. How real is this threat, and is it any threat at all, if simply binding the subkey to a different master key, won't allow for anyone else other than the 'real' owner, to decrypt messages encrypted to that subkey? TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today
On 7/22/2019 at 7:12 AM, "Robert J. Hansen" wrote: >Mathematicians have come up with different ways to estimate how >many >primes there were under a certain value ... >The first estimate for π(x) was "x divided by the natural >logarithm of x". ... >If we do that same equation for a 2048-bit key, it turns out there >are >10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 >000 000 000 000 000 000 000 different prime numbers that could go >into it. = not really, for GnuPG keys, but for the default size GnuPG key of 4096, it's actually bigger than the number you quoted above ;-) For a GnuPG key of 4096, it's only necessary to compute for primes up to 2^2048. But, Since GnuPG uses 2 primes only in the 2^2048 size, for a 4096 bit key, then the amount of primes is actually: [ (2^2048) / ln(2^2048) ] - [ (2^2047) / ln (2^2047) ] = 1.37 x 10^613 So, not to worry about someone creating a 'database' to crack GnuPG ... vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Ok this is a stupid questions
On 2/26/2019 at 3:28 PM, "Stefan Claas" wrote:And maybe another FOSS point? How about issuing Warrant Canaries? I have seen that VeraCrypt does this. = Yes. The latest one is here: https://www.idrix.fr/VeraCrypt/canary.txt Interesting, but it still boils down to *trust*. I would trust WK and the GnuPG team even if they didn't *sign* a Warrant Canary (i / we all, sort-of trust the verification of the new GnuPG releases, with his sig), And if we *don't trust*, then signing a Warrant Canary with the same signing key as the GnuPG release, wouldn't help ;-) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: AW: Ok this is a stupid questions
On 2/26/2019 at 10:29 AM, "Stefan Claas" wrote: Von: vedaal via Gnupg-users Gesendet: Montag, 25. Februar 2019 22:09 An: justina colmena; gnupg-users@gnupg.org Betreff: Re: Ok this is a stupid questions Why do you think GnuPG is useless if you check the source-code, run it on hardware you trust, and a Linux variant you trust, with a Chromium/Iron browser, and avoid anything google or microsoft or apple or any non-FOSS product? I have learned in the past trust nobody. Therefore I would not rely on people from the GnuPG ecosystem and what they say. = It depends on how realistic your threat model is. For someone in a politically repressive regime who is being targeted, yes, trust should be very limited, and clearly earned. For those whose threat model is criminal hacking by individual opportunists, there is a certain leeway. When i first started out, I knew people who read every single line of PGP 2.x sourcecode, and even today, refuse to migrate to gnupg because they haven't the time to read all the code. (Although some have considered that if there would be a minimalist version, with a small enough code to read, they would definitely use it.) These people routinely 'airgap' their encrypting functions. I respect it, but there is literally no end to how paranoid one can be ... For example, has anyone you know, ever checked how the compilers work? (Reviewed gcc's source code, and the hardware necessary to make it run, to ensure that nothing is 'added/subtracted/altered' when it gets to machine language? Even more difficult when it is a proprietary compiler.) GnuPG is offering a FOSS privacy tool. One can scrutinize it, appreciate it, and say thank you, or be paranoid enough to never use it, or some other in-between balance, that's comfortable for the individual's threat model. The gnupg-users list can help with clearing up technical questions and let the users decide for themselves. vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Ok this is a stupid questions
On 2/25/2019 at 2:29 PM, "justina colmena via Gnupg-users" wrote: That's why I have to call foul play on proprietary operating systems. Encryption is theoretical only: in practice useless, moot, crippled, broken, and terminally back-doored with all the malware, adware, spyware, worms, viruses, trojans, keyloggers, and screenscrapers inherent to such systems as Google Android, Microsoft Windows, and Apple OS. The Democrats will stop at nothing to keep it that way at all costs, and the Republicans just don't care. = Maybe *proprietary* encryption is theoretical only.What problems do you have with GnuPG as a FOSS program ? Ordinarily, I'm on the cautious, [maybe even borderline paranoid ;-) ] side of things, and I don't just trust things lightly. But I *DO* trust GnuPG, WK, and the host of other people who have put the time and effort into GnuPG, releasing the source code routinely so that it can be compiled by the end user on FOSS platforms (Linux, Ubuntu. etc.) You sound capable enough to review source-code, and use a Linux variant. Why do you think GnuPG is useless if you check the source-code, run it on hardware you trust, and a Linux variant you trust, with a Chromium/Iron browser, and avoid anything google or microsoft or apple or any non-FOSS product? If I misunderstand you, and your beef is not with GnuPG, only with Google, Android, MS, apple etc.then I apologize. That said, can i ask you to trim your posts from the political rants, much as they may be deserved. There are other forums ideally suited to that. Thanks. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [k9mail/k-9] Makes PGP sign-only mails very difficult (#2375)
On 2/5/2019 at 4:50 PM, "justina colmena via Gnupg-users" wrote:>THE DATE PROBLEM. Only the body of the email is signed, not the envelope headers, namely the subject and intended >recipients, and probably most importantly, the date. It would be nice to have an option to automatically include some of >these headers in the body of the signed message when composing a signed email message. >THE STRIPPING PROBLEM. Currently, each attachment is signed separately and independently by the PGP-MIME >standard. It would be preferable to digitally sign SHA hashes of the main message and all attachments in a single >additional attachment. This would leave an indication of any attachments that may have been "stripped" from the email >message, but without breaking the signatures of remaining attachments in such cases. = In this case, there is a simple workaround : [1] Put the subject, the intended recipients, and the date, in the introductory line(s) in the plaintext. [2] enarmor all the attachments, [ using the GnuPG --enarmor command (-a command in PGP) ], and paste the enarmored text into the body of the message, at the end of the message, right after a line saying; here are the following attachments :[3] Sign and encrypt the entire message composed of parts [1] and [2] and send it off this has the following 3 advantages: (a) no one knows what kind of attachments are being sent, or how many. (b) all the important data is in the Plaintext, where it belongs, and not vulnerable to MIMT attacks (c) backward compatibility in maintained, and no new standards have to be designed vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pgp-phone (was Gnupg-users Digest, Vol 184, Issue 22)
On 2/1/2019 at 2:48 PM, "Stefan Claas" wrote:Maybe someone, in the future, can pick-up the idea of PGPfone and develop it further so that it can be used on Linux too or modern macOS. The old Windows version still runs fine, under Windows 7, for example. = Can be done on Ubuntu, or any Linux OS running Oracle Virtual Box with win 7, (and maybe on VB with old dos 6,2, but have not actually tried it on dos) vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg - difference --encrypt-to and --recipient
On 1/3/2019 at 10:14 PM, "MFPA" wrote:> [3] only for the overly paranoid who revel in tedious > work-arounds 8^) : > (a) Encrypt to both yourself and the recipient > (b) Remove your own id packet from the ciphertext, > (c) Re-calculate the crc of the ciphertext > (d) Send the 'hacked' ciphertext along to the > original recipient > (e) Store the first ciphertext from (a) along with > the one from (d), in your sent folder > (f) now you will always be able to decrypt and > retrieve the original plaintext Would the ciphertext at (d) be much different than encrypting to the recipient and hidden-encrypt-to your own key? = Yes. The ciphertext in (d) would have no indication that it was being encrypted to anyone else. Using 'hidden-encrypt' to your own key, would show that it was encrypted to another key, but undetectable to whom. As a concrete difference, if you used the command: gpg --try-all-secrets on the file encrypted to the recipient and hidden-encrypt-to your own key, it would decrypt to your own key. Even from the ciphertext, it is detectable because it is 'longer' (i.e., has another key-packet). Try encrypting to only one recipient, and the encrypting the same plaintext to the same recipient, while also using hidden-encrypt to, and look at the difference in length. vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg - difference --encrypt-to and --recipient
On 1/2/2019 at 3:59 PM, "justina colmena via Gnupg-users" wrote: >My opinion is that should be the case. However, most MUAs I've used >include the BCC recipients' keys in the encryption along with the To >and CC recipients' keys, so any email addresses in the user-IDs of >these keys are visible to all recipients. >As an exception, one MAU I used with an OpenPGP add-on would instead >send an individual copy of the message to each BCC recipient, >encrypted only to their key. >This seems like better practice. Also I would want to encrypt the transmitted email message only to the intended recipient, >and the copy stored in my "Sent" folder only to myself. >With hidden-recipient or hidden-encrypt-to or throw-keyids, it is >clear how many keys were encrypted to, but the key IDs and user-IDs >are not present. I am not terribly comfortable with this situation. It almost seems rather creepy to me to receive an encrypted message that is also encrypted for the benefit or verification of one or more unknown and unidentified third parties. I start suspecting things like a foreign government mandated key escrow or secret government backdoor on behalf of some foreign spy or law enforcement agency. = you have 3 tedious options, 1 more tedious than the other 8^) : [1] use default-recipient-self, and explain in an n.b. in your plaintext that you want to have a record of what you sent, but don't want to leave it in plaintext, and you will have an encrypted copy in your sent box openable by you (this is very common). [2] encrypt only to the sender, but also encrypt the plaintext only to you, and store the encrypted file in your sent or other convenient folder, with the date and the recipient. [3] only for the overly paranoid who revel in tedious work-arounds 8^) : (a) Encrypt to both yourself and the recipient (b) Remove your own id packet from the ciphertext, (c) Re-calculate the crc of the ciphertext (d) Send the 'hacked' ciphertext along to the original recipient (e) Store the first ciphertext from (a) along with the one from (d), in your sent folder (f) now you will always be able to decrypt and retrieve the original plaintext btw, I don't recommend this, but it is *possible* to add a (not yet done, but not terribly complicated either) patch to gnupg to 'display' the session key in the terminal window, (while you are encrypting only to one recipient), and then you can encrypt that session key to your key, and store it, or a (also not yet done, but not terribly complicated either) patch, to allow gnupg to use a session key supplied by the user as an entry in the command line(i.e. --use-session-key (64 character string from step (a) above) That session key is as random as any done by gnupg, and isn't really being 're-used', it's just being stored in the encrypted file from step (a) and is being sent with the same message encrypted to the same recipient as in step (a) This is just to point out, that if someone wants to think paranoidly about 'who else knows' what is encrypted in your encrypted e-mail that was encrypted only to you, it 'can' be done, (extremely tedious, and afaik , has not been implemented by any open-pgp variant program out there 8^) ) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP key verification + legal framework
On 11/5/2018 at 3:39 PM, "Viktor" wrote: >You can register a Google account with any email address. Simply, >instead of creating an account on our service (another password >that >needs to be saved), you create an account on Google, or use an >existing one. = Ok, But suppose I want to use my existing key that I made over 10 years ago, and it is known and trusted by the people I deal with, but it happens to have more than 1 e-mail ID (not rare to switch an e-mail account in 10 years) Does this mean that it cannot be used in your system, even if you can get the preferred email to register in google, and you have passport personal verification, just because there is another ID attached? It seems unnecessarily restrictive. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on Android
On 11/4/2018 at 4:58 PM, "Roland" wrote: > >Hello list, > >I share the wish for encrypted email on Android, but I am afraid >of storing a secret key on my android phone. (theft, hacking, >loss, etc) > >How do you feel about that? = Exactly the same way. Android phones (software) are made by Google. Google archives data from every source connecting to one of its applications, Chrome, search engine, gmail, etc. I don't trust them, and have no way of verifying any claim of what they do, or do not, store. Also, if you have any app that required 'rooting' of your phone, then even Google doesn't trust it, and expressly says that it will not guarantee false (malicious) expenditures by Google Wallet. So the 'rooted' app probably does have access to your android gnupg data. Annoying, I know, to not use gnupg on android, but prudently safe. fwiw, the gnupg apps work well on android, but I just don't trust the phone. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
Am Donnerstag, den 01.11.2018, 17:42 +0100 schrieb Stefan Claas: > On Thu, 01 Nov 2018 16:09:56 +0100, Dirk Gottschalk wrote: > That is the reason why i like to sign the .pdf, containing my key > data, with a qualified eIDAS conform signature. The detached GnuPG > sig should be an additional info, that matches the key data in the > document. = This will work well in that if the signature verifies, then the information in the .pdf can be considered reliable. It is, however, very easy for a MITM attack to 'break' the signature by very subtly altering the pdf. Try this: [1] Take your finished pdf and select all the text and copy it into a new Libre Office document. [2] At the end of your text, just add a period. [3] Use Libre Office's font coloring to change the color of the added period to white. [4] Export this new document as a pdf with the same file name as your original pdf, and the same metadata. [5] The pdf looks exactly the same, but the signature will no longer verify. I don't trust a detached, signed pdf (Again, I do, if it verifies, but am not sure if it doesn't verify). A simple, but slightly tedious workaround, would be to GnuPG Armor Sign the .pdf The elDAS signature will still work, but the Armored Signed message is much harder to alter, and such alteration is detectable as malicious rather than a 'mistake. Also, If you are planning to post your public keyblock in this pdf, please be aware that pdf treats a line return as empty whitespace, so when trying to import the key, GnuPG does not recognize the empty whitespace, and reads the version line as continuous with the keyblock, and it won't import. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cannot decrypt file symmetric encrypted
On 8/2/2018 at 3:01 PM, "Dirk Gottschalk via Gnupg-users" wrote: >Am Donnerstag, den 02.08.2018, 14:11 +0200 schrieb Stefano >Tranquillini: >> Hi all, >> last year I encrypted some files, today i tried to decrypt them >but >> the >> decryption fails > >> stefano@~/Downloads/words$ gpg -d words.1.gpg >> gpg: AES256 encrypted data >> gpg: encrypted with 1 passphrase >> gpg: decryption failed: Bad session key ... >Are you sure you used the correct passphrase to decrypt? = It was probably not the correct passphrase. The error that gpg2 gives when entering the wrong passphrase for a symmetrically encrypted message is exactly: gpg: decryption failed: Bad session key This is the same whether you are off for even 1 character of the passphrase, or even if you just press 'enter' without a passphrase at all. Here is a sample symmetrically encrypted message: -BEGIN PGP MESSAGE- Version: GnuPG v1 Comment: Passphrase: sss jA0EBwMCPJYegoCPRBRg0jkBnZym0Pr+ggBpBJYtHlYJgf90SL6YbWa1vcbLdl7H jwxeR5cIFoNhytyUIFxdvrLNP59qkqzLKkI= =pHIB -END PGP MESSAGE- First enter the correct passphrase, sss gpg (V1 and V2) decrypts it as is should be. now enter just ss or anything except the correct passphrase, or just press enter, and you get: gpg: decryption failed: bad key (when using Version 1.4.x) gpg: decryption failed: Bad session key (when using Version 2.x) (Something to do with the string-to-key formation. When the passphrase is off, the 'key' generated from it, is wrong, and when that wrong 'key' is used to attempt decryption, gpg rightfully gives an error message that the 'key' is bad. maybe worthy of a note in the FAQ ... ) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.
On 22/05/2018 02:16, Mauricio Tavares wrote: Stupid question: what is wrong with a "encrypt/decrypt old format" flag/config option? If I have the need to use old stuff, I can turn that on. All I see here is a "do not open old stuff" as a default setting which should solve most issues. ... There would be nothing wrong with that whatsoever from the perspective of users who need to access old encrypted data (e.g. archival access purposes), which is the particular use case I have been pointing out. However, I don't think this would satisfy those who want to ensure that users cannot encrypt new data with legacy standards. In order to prevent users from doing this (which, to be clear, is something I agree with) there needs to be some way to make it difficult or impossible = There is a simple solution that would satisfy everybody ;-) Keep an 'old' edition of GnuPG 1.4x for anyone who needs to decrypt 'old data', (or encrypt new data the 'old' way ...). As one of the original die-hard pgp2.x users who still uses pgp (Disastry's 2.6.3 multi), I can comfortably say, that 2.x diehard users still use 2.x among themselves, and don't care about GnuPG. The real issue is, that it's not easy to compile 2.x on newer systems, and people who have migrated to GnuPG on some remailer groups, still want to use their v3 keys, and need encrypting capability, which again would be solved by letting them use an 'old' version of 1.4.x, and as long as these versions are still being archived (which is reasonable for the forseeable future), they should have no problems. So, to put in a vote for RJH, “Break backwards compatibility already: it’s time. Ignore the haters. I trust you.” vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Efail or OpenPGP is safer than S/MIME
Werner Koch, wk, at gnupg.org wrote on Mon May 14 19:32:18 CEST 2018: ... I am all in favor of this and even considered to that some time ago. However, not too long ago we removed support for PGP-2 keys which unfortunately resulted in lots of angry mails from people who now think they need to use gnupg 1.4 every day because they seem to read mails >From the last century on a regular base. Well, they think and they were quite vocal. Now telling them they need to enable an option to read certain not that old mail (e.g. creating by other OpenPGP implementations) will a) lead to even more angry mails and b) they will keep on using that option for all mails. Thus my tentative plan was to make the next major version hard fail on messages without MDC and slowly start using our forthcoming AEAD encryption mode. Well okay, with the new support of the Ehtmlfail paper we could now point to that paper and always hard error out if no MDC is used even for old algorithms. Shall we consider this? ... = Yes. As an Old PGP 2.x user, I can say that the majority of PGP 2.x users communicating among them selves, DON'T use GnuPG at all. Those who do use GnuPG, have a new V4 key and use exclusively that, and can easily handle the hardwired MDC fail, and will even be thankful for the GnuPG 'protection'. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
DRM
Robert J. Hansen rjh at sixdemonbag.org wrote on Tue Jan 16 17:42:29 CET 2018 : ... >> The mechanism to prove you are the owner of a public key is pretty much >> in place :-). A mechanism where you can have a signed statement saying >> "on 2018-01-16, I allow my key to show up on keyservers" >It is theoretically and practically possible to have a keyserver that >honors such requests, but what many people want is *enforcement*. Not >merely a voluntary system that's trivially circumventable, but some >mechanism by which their public keys can be actively kept out of >circulation. = It could be done automatically by the keyservers if they wanted to, and if they made it that *the only way* a Public key can be uploaded to that keyserver, if it were accompanied by a signed statement by that key, stating " I allow my key to show up on keyservers". Ideally, if this could be done by gnupg by editing the key, much the same as editing an e-mail address, it would streamline the process; i.e. something like this: gpg --edit-key foo ... Secret key is available. ... [ultimate] (1). foo <f...@key.test> gpg> --allow-keyserver-publication gpg: This requires you to sign that you allow keyserver publication of your key, and will be added as a comment to your key. Do you really want to do this? Y/N gpg: Please enter passphrase to sign gpg; your key now has a comment "Keyserver Publication Allowed" gpg: you may upload this key to any participating keyserver or something along those lines, assuming that keyservers will abide by this and require this 'comment' before accepting a key vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: question about determining the key length
On 11/14/2017 at 5:46 PM, "Cathy Smith" wrote: Is there a way to determine the key length and the type of key (RSA or other) used when generating the keyring? I have a RHEL 5 box using gpg 1.4.5 where I need to determine how a key ring was generated. Even on an Ubuntu box using gpg2, the –list-secret-keys option does not print out that information. = To find the details about a key generated some time ago, export the key in .asc form and do: gpg --list-packets keyname.asc To see all the information about the key as it is being generated, use the options of --expert --verbose --verbose The full command would then be: gpg --expert --verbose --verbose --gen-key vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New smart card / token alternative
On 11/7/2017 at 12:10 PM, "Peter Lebbing" <pe...@digitalbrains.com> wrote: >How exactly can the identity ever be unknown when we're talking >about stuff encrypted to an OpenPGP public key or signed by one? That's a >completely unique identifier! = Well, if someone were really *crazy enough* he could send the PGP encrypted message using --throw-keyid to all email sites listed on PGP keyservers ... (i hope no one is *that* crazy ... ;-) ) or, more practically, just post anonymously to a blog or website, using --throw-keyid, with a pre-arranged understanding that the sender and receiver post to and check certain websites This could be facilitated by Tails/Tor, although there are still some vulnerabilities: https://tails.boum.org/doc/about/warning/index.en.html#index2h1 vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New smart card / token alternative
On 11/6/2017 at 4:55 PM, "Tim Steiner" <t...@crp.to> wrote: \We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required. We set out to solve this problem -"Man, I really wish I could read this PGP message, or send this message, or open this file, or sign this file, but I don't have my laptop with me" With this solution you can keep the key offline, carry it with you and it works even on a computer where you can't install software - https://www.kickstarter.com/projects/1048259057/onlykey-quantum-future-ready-encryption-for-everyo We are interested to hear feedback on this approach from the community. = Using this on anything except your own computer, or laptop, is problematic, as the 'host' computer can have a key-logger or screen capturer, and copy the decrypted plaintext, or the plaintext to be encrypted. Can it be made to work with Tails/Tor which uses GunPG ? (The 'insecure' browser on Tails not involving Tor, is a Firefox variant. If it can work on that, then booting from the Tails USB avoids a screencapturer, and using on on-screen keyboard avoids a hardware keyboard logger. But even so, there are problems with using it on an 'unknown' computer : https://tails.boum.org/doc/about/warning/index.en.html#index2h1 vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: [don't know]: 1st length byte missing
On 10/21/2017 at 1:14 PM, "Felix E. Klee" wrote:See the attached file. When I try to decrypt it using `gpg -d`, I get: gpg: [don't know]: 1st length byte missing = gnupg mailing list automatically scrubs attachments. please list the encrypted text as part of the inline message. Thanks, vedaal___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4
On 10/12/2017 at 3:18 AM, "Werner Koch" wrote: -Yes, you should get 1.7. And while you are already at it, you better -also update to gpg 2.2.1. There are just too many fixes and changes we -did since January 2016. = OK, did this, and downloaded all of the dependent libraries to ./configure gnupg-2.2.1 all went well until trying to 'make' ntbtls Here is what happened : =[begin quoted output]= NTBTLS v0.1.2 has been configured as follows: Revision: a68e81e (42638) Platform: x86_64-pc-linux-gnu londo@londo-earth-trinket:~/gnupg-2.2.1/ntbtls-0.1.2$ make make all-recursive make[1]: Entering directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2' Making all in src make[2]: Entering directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2/src' /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..-I/usr/local/include -I/usr/local/include -g -O2 -fvisibility=hidden -Wall -Wno-pointer-sign -Wpointer-arith -MT visibility.lo -MD -MP -MF .deps/visibility.Tpo -c -o visibility.lo visibility.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -g -O2 -fvisibility=hidden -Wall -Wno-pointer-sign -Wpointer-arith -MT visibility.lo -MD -MP -MF .deps/visibility.Tpo -c visibility.c -fPIC -DPIC -o .libs/visibility.o In file included from ntbtls-int.h:251:0, from visibility.h:24, from visibility.c:24: context.h:24:18: fatal error: zlib.h: No such file or directory compilation terminated. Makefile:593: recipe for target 'visibility.lo' failed make[2]: *** [visibility.lo] Error 1 make[2]: Leaving directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2/src' Makefile:456: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2' Makefile:387: recipe for target 'all' failed make: *** [all] Error 2 londo@londo-earth-trinket:~/gnupg-2.2.1/ntbtls-0.1.2$ =[end quoted output]= Should I try ntbtls 0.1.1 or an even earlier version? TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4
On 10/11/2017 at 2:33 AM, "Werner Koch" wrote:On Tue, 10 Oct 2017 20:26, ved...@nym.hush.com said: > gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. You left out the line which tells the libgcrypt version numbers like in $ gpg --version gpg (GnuPG) 2.2.1-beta1 libgcrypt 1.8.1 [...] = Sorry, here it is: londo@londo-earth-trinket:~$ gpg2 --verbose --verbose --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Should I get the new Libcrypt? TIA Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4
I recently got a new laptop, and installed Ubuntu 16.0.4 LTS and used the Ubuntu Software to install Kleopatra. Ubuntu 16.0.4 has GnuPG 1.4.20 installed by default. After installation, I tried to generate a keypair and could not. Here is what happened: =[begin quoted terminal]= p { margin-bottom: 0.1in; line-height: 120%; } londo@londo-earth-trinket:~$ gpg2 --gen-key gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: kleo sixteenOfour Email address: k...@test.key You selected this USER-ID: "kleo sixteenOfour " Change (N)ame, (E)mail, or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: agent_genkey failed: Not supported Key generation failed: Not supported londo@londo-earth-trinket:~$ gpg2 --full-gen-key gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: kleo sixteenOfour Email address: k...@test.key Comment: local keysigning only You selected this USER-ID: "kleo sixteenOfour (local keysigning only) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: agent_genkey failed: Not supported Key generation failed: Not supported londo@londo-earth-trinket:~$ =[end quoted terminal]= What am I forgetting/doing wrong? TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: E-mail with deniable authentication
On 8/29/2017 at 2:26 PM, "Mario Castelán Castro" wrote:Is there any existing, convenient way to do deniable authentication for e-mail? = There are workarounds to accomplish this: [1] Sender 1 sends a signed and encrypted pgp e-mail to Receiver 1, giving Receiver 1 a 'passphrase' which they will agree to use for the next encrypted messages. [2] Sender 1 and Receiver 1 now send conventionally encrypted messages with this passphrase, but without signatures. [3] They both know that only the person who knows the passphrase could have sent it. [4] If they want deniability, they can say that the passphrase 'leaked out' and anybody who it leaked to could have sent it. Alternatively, One can generate a keypair with a random name, and send it to the other one, and they can both sign with it, but encrypt to their own non-shared keys. Again, this signing key can be 'leaked' to the public for deniability, if necessary. There are probably other similar variations of this approach. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SHA1 collision found
On 2/23/2017 at 4:52 PM, si...@web.de wrote:... Not sure about you but I am not able to see the difference between a valid pgp key and "gibberish" ;) ... = In the example of the 2 pdf's, they started with one pdf, made another pdf, then multiple (more than billions) trials of adding a string to the second pdf so that it hashes to the first. With regard to generating a new key that hashes to a known specific key, the forger must do 2 things simultaneously; [1] generating new key material [2] seeing that the hashed fingerprint of the new key matches that of the first key The forger does not start with a newly generated key and add material so that the hash would match the first key (the case of the pdf's). If that were the case, then the key system would be broken now for the SHA1 hash. Even for v3 keys, which were not SHA1 hashed, the only way to generate a new key with the same fingerprint, would be to allow the key size to vary (usually to a bizarre key size that would be quite suspect, and not believed). Now, for a V4 key with an SHA1 hash, and a further restriction that the forged key size be the same as the first key, this is not known to be doable day, even with the google cloud computer sharing efforts, and the breakthrough of finding pdf's with the same hash. Again, I fully support moving to a secure hash, but I do think that users have more than enough time until the open-pgp group issues the official standard. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SHA1 collision found
On 2/23/2017 at 1:27 PM, si...@web.de wrote:Today was announced that SHA1 is now completely broken https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html A few weeks back it was mentioned that there is a new proposal for a openpgp standart including a new algorithm for pgp fingerprints. As this is currently not applicable in practice, I would like to know what this new development means for pgp-gnupg and the use of SHA1 for key identification. After researching how the fingerprint is generated, I think it would be easy to include a new option in gnupg to print a fingerprint using sha256. Would that be something that will/can be included in future versions of gnupg = The Openpgp standards group is working on this. The link you give for the collision used 2 PDF's. Using a PDF is sort-of 'cheating', and does not extrapolate to being 'completely broken'. Assuming that it is possible to find a pre-image collision, i.e: [1] m1.txt 1 has an SHA1 hash of H1 [2] m2.txt will now have the same SHA1 hash H1 What will happen to in order to generate m2.txt is that there will be many trials of a gibberrish string added to the plaintext of m2.txt until one is found that has the same SHA1 hash as m1.txt BUT This will be quite visible in the plaintext of m2.txt, and won't fool anyone. With a PDF, the 'extra gibberish string' is 'hidden'. It is not in the actual PDF the receiver reads, only in the meta-data, the appended PDF 'Suffix'. While this is *do-able* and a good reason to move on to a future SHA256 hash, it would not be transferable (at this time, based on the PDF collision data), to find a fingerprint collision for any v4 key. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you let your M.D. know about emailselfdefense.org and gnupg.org so that it's easier for folks unfamiliar to setup and use than having to go over the too long material, the too complicated m
On 12/1/2016 at 7:40 PM, "Don Saklad" wrote:How do you let your M.D. know about emailselfdefense.org and gnupg.org so that it's easier for folks unfamiliar to setup and use than having to go over the too long material, the too complicated material? = Hushmail has a marketing pitch to Medical Personnel about compliance with medical privacy laws, and allows hushmail users to send encrypted e-mails to any email address even if the receiver does not use hushmail. The receiver gets a message that an encrypted e-mail has been sent, and a link to a site where it is stored for only 72 hours. Upon following the link, the receiver types in an answer to a pre-arranged question between the doctor and the patient, and sees the plaintext, and/or the file attachment. The receiver is allowed only 3 tries, and if all are wrong, the message is removed from the site. So it's pretty simple to use, (simple enough that busy doctors are not interested in learning GnuPG :-( ) The doctor calls the patient, and arranges the question and answer, and then can send files encrypted as attachments. An MITM attack is not practical as the doctor and patient share the secret over a different channel (phone, person to person in the office, etc.) It is, however, very vulnerable to a DNS attack. The MITM can simply access the site, enter the wrong answer 3 times, and the message is removed. I pointed this out to a doctor who uses this, and his response was basically that it's "not in his threat model", (although it was much longer in ordinary language.) The only suggestion I would have, is for a similar e-mail service that uses GnuPG, without a backdoor for the government, which Hushmail has, and market this to the "Patients", and have a link to an easy GnuPG gui tutorial, once people think that encryption can be useful and 'fun'. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Should always add myself as recipient when ecrypting?
On 3/21/2016 at 3:04 PM, "Werner Koch" <w...@gnupg.org> wrote:On Mon, 21 Mar 2016 10:44, paolo.bolzoni.br...@gmail.com said: > myself as recipient when encrypting a file, of course, in addition of > the real recipient. That allows you to delete the plaintext while still being able to get it back. > Is there a reason not to? If you want to send an anonymous message it is better not to encrypt to an additional key. It is also smart not to use a wildcard (--throw-keyid) for your own key so that in case your secret key leaks it won't be possible to show that the message has also been encrypted to you. = A simple working to accomplish this, is to additionally symmetrically encrypt the message. Use the session key from a message encrypted only to your secret key, as the passphrase for the additionally symmetrically encrypted message. ( (afaik), there is minimal danger in continuing to use this passphrase for additional symmetrical messages.) It will allow decryption of sent messages, while providing anonymity. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cipher used when both --encrypt and --symmetric is specified
On 2/29/2016 at 5:51 AM, "Martin Ilchev" <martini5...@gmail.com> wrote: >There is one thing I would like to understand - the man page says: > --s2k-cipher-algo name > Use name as the cipher algorithm used to protect >secret >keys. The default cipher is CAST5. This cipher is also used for >conventional encryption if --personal-cipher-pref‐ > erences and --cipher-algo is not given. > >So CAST5 is the preferred cipher for secret keys and is also the >default >for symmetric. On the other hand using --personal-cipher- >preferences does >not seem to apply to symmetric + public encryption. Is this by >design? = Sort-of, yes ... The user's most important part of GnuPG, is the user's private key. So it seems reasonable, that the symmetric algorithm the user picked to protect the private key, (--s2k-algo ciphername), is the symmetric algorithm that the user would prefer for symmetric encryption, as long as the receiver can decrypt it. In practice, (standard, not hacked, non-customized ) GnupG, can decrypt ANY of the symmetric algorithms any GnuPG user can use. Since the original user, the sender, is encrypting the message, it is again reasonable that the sender be able to choose the algorithm with which the sender feels most comfortable. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cipher used when both --encrypt and --symmetric is specified
On 2/26/2016 at 5:48 AM, "Martin Ilchev" <martini5...@gmail.com> wrote: >I did set my key preferences a few months ago and made sure the >key had >them as well. Here is the output of showperf: > > Cipher: AES256, AES192, AES, CAST5, 3DES . >> > 2. Symmetrically encrypt and also encrypt for my own public >key: >> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF >> > decrypting the file shows that the cipher used is CAST5 = 0x1234567890ABCDEF is obviously not your real key id. I suspect the key was generated some time ago, when the default cipher to protect one's secret key, was CAST5 GnuPG's default choice for the encryption algorithm for a symmetric cipher will be what the s2k-cipher-algo is. In your case for that key, it is CAST 5 Try This: gpg2 --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r 0x1234567890ABCDEF filename The encryptions should now be with AES256 for both the symmetric part and the part encrypted to your key. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'
If you want a simple random list, look at diceware: http://world.std.com/~reinhold/diceware.html Both the page and the diceware lists are available in many languages, including German vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trusting other keys a message was encrypted to
On 11/6/2015 at 10:11 AM, "MFPA" wrote: While writing in the "TOFU for GnuPG" thread it occurred to me that GnuPG does not look at whether we "trust" the other keys to which an incoming message was encrypted. Wouldn't it be reasonable to also look at whether we "trust" other keys that are seen to be a party to the conversation? = GnuPG already does. It will ask for each key that you want to encrypt to, if you haven't trusted it, and ask if you really want to do this. Assuming that you trusted the person who sent it to you, then it's reasonable "for that person' to encrypt to other keys that that person trusts. You should encrypt only to keys you trust, and if they trust someone else's keys they can encrypt your reply to them. This will defeat an interesting man in the middle attack: Suppose Alice wants to encrypt to Bob, and Eve, and Rumplestiltsken, and sends a signed and encrypted message to Bob showing that it was also encrypted to Rumplestiltsken, whom Bob does not know. Mallory can intercept this mail, remove the ESK packet for Rumplestiltsken, make his own fake Rumplestiltsken key, and encrypt 'any' session key to it, and then add the ESK packet, and make a new checksum and replace it, and send on the message. Since you are not able to encrypt either the real or the fake Rumplestiltsken key, you have no way of knowing if the session key is genuine or not in that packet. Now if you routinely encrypt to all the keys when you reply, then Mallory can decrypt the message. A prudent workaround when encrypting to multiple keys, is to mention in the signed plaintext which keys and fingerprints are being encrypted to, and then if there is some pressing reason to multiple encrypt, then the receiver who trusts the sender's *trust* of the other keys, can go ahead and multliple encrypt the reply. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trusting other keys a message was encrypted to
vedaal at nym.hush.com vedaal at nym.hush.com wrote on Fri Nov 6 16:46:21 CET 2015 : Since you are not able to encrypt either the real or the fake Rumplestiltsken key, you have no way of knowing if the session key is genuine or not in that packet. = Sorry, typo, meant to say decrypt instead of encrypt vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On 8/16/2015 at 12:34 PM, Stefan Claas ad...@zwiebelfreund.de wrote: Should now GnuPG been enhaned, or the Key Server's been updated, similar to the pgp.com one.in order to allow such things not in the future? = It would be very helpful if such a protection against unwanted key signatures could be instituted. Here is a possible suggestion on how it might be done: [1] Have GnuPG require a 'cross-certification' of signatures, similar to the cross-certification of subkeys. [2] Have GnuPG give a message upon importing a public key, that Signatures from keyid's [...], [], and [...] have not been cross-certified by their owner, Clean these signatures, y / n ? (Alternatively, the default could be: These signatures will be removed. If you want to keep them, enter 'keep-sig' , and then each new sig would be displayed, and if the importer wants the sig, the importer would need to enter 'keep-sig' for each sig individually.) This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want. It would also be a bit of work for the owners to cross-certify all the 'good' signatures they were happy to get. Just a suggestion. The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Archaic PGP usage
On 7/23/2015 at 2:58 PM, A.T. Leibson jupell...@riseup.net wrote: Do people (other than John Young) still use PGP? Why would someone want to do that? = The only possible reasons I can think of are: [1] Remailer use, Original remailers used PGP 2.x and even though some use GnuPG, others are reluctant to change anything. [2] Large File Transfers PGP 2.x can be used as a uuencode, and automatically split a signed and encrypted armored file into 100 smaller files ready to be emailed and reconstitued by the receiver. The default for file splitting, is 720 armored lines, but have done it for much more, and successfully sent a 1 gb Truecrypt container and reconstituted it. If you are thinking of looking at PGP 2.x, I would recommend Disastry's version, as it is not limited to MD5 and IDA but can use any HASH and any encryption algorithm except for Camelia. http://www.spywarewarrior.com/uiuc/disastry/263multi.htm (btw, If anyone knows how to install this on 64 bit Ubuntu 14.04 please let me know. It wouldn't compile on Ubuntu 12.x, but was able to install the linux executable PGP on a 32 bit system, but can't on 14.x 64 bit.) TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [openpgp] Unuploadable Keys
On 7/21/2015 at 5:11 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: Concretely, it should be possible to mark a key as not exportable to a keyserver or to provide a list of key servers (perhaps described using regular expressions as per Section 8 of RFC 4880) to which it may be exported. This could be implemented as a new signature subpacket. . However, this arrangement (or your signature subpacket proposal) has a set of problems that make it far from ideal protection, especially in the face of potentially adversarial users: 0) Any existing key (one with a self-sig that does *not* have this feature set) can't add this feature in a reliable way -- a new self-sig can just be stripped out of the certificate and the remaining certificate (with the previous self-sig) will be back to being exportable. 1) The keyservers would need to respect the value and decline to accept or propagate such keys. SKS currently doesn't even respect the non-exportable flag for non-self-sigs (https://bitbucket.org/skskeyserver/sks-keyserver/pull- request/20), let alone verify the cryptographic validity of signatures. = There could be a workaround, where the key is uploaded to the keyservers, but functionally unusable except to individuals whom the key-creator wants to use it: [1] Encrypt part of the public key symmetrically, the same way that the private key is symmetrically encrypted. [2] Send the passphrase to whomever you want to send the public key, encrypted to their public key. [3] Upload the key to keyservers. It will be usable only by those whom you choose to give the passphrase. (* Unless* you misjudged someone to whom you sent the passphrase, and he turns maliciously on you, and uploads the decrypted form ) If such a key-type were implemented, would it need a change in 4880, other than a notice to allow it? vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: s2k-cipher-mode default
On 6/2/2015 at 3:49 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Given this, I would feel much better if Werner were to spend his time reviewing the code for exploitable bugs than spending even five minutes changing the s2k default from AES-128 to AES-256. = Agreed, but here's a consequence you might want to consider adding into your FAQ : The s2k default is also the default for symmetrically encrypted messages (which is fine, as long as people know about it). If a person wants to symmetrically encrypt a message or file with AES 256, or any other symmetric algorithm, then the user will need to specify the option either in gnupg.conf or on the command line. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Lower Bound for Primes during GnuPG key generation
On 5/22/2015 at 3:01 AM, Werner Koch w...@gnupg.org wrote: Yes. If you create an RSA key you generate two primes of the same size. Libgcrypt as well as GnuPG 1.4 will only consider candidates with the two high bits set so that the final modulus will have the exact size. = Approximately what interval is meant by 'primes of the same size' ? i.e. for a 4096 RSA key the interval would be [ 2^(2048 + k) - 2^(2048 - k) ] What would the range of k be? n.b. Any interval of primes can be approximated by: n(U)[log(n(U))] - n(L)[log(n(L))] where U is the uppermost prime, and L is the lowermost prime https://primes.utm.edu/howmany.html (The Prime Number Theorem, Consequence Two: The nth prime is about n log n ) So, to give a trivial example, If the interval of primes chosen is from 2^2047 to 2^2049, then this interval is only log(2) [ 2049^2 - 2047^2] = 5678 which is a fairly small number of primes to check, for this type of attack to find the GnuPG keypair. Also, does GnuPG automatically reject twin primes ( p, p+2) , and Sophie-Germain primes (p, 2p+1) ? TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Lower Bound for Primes during GnuPG key generation
On 5/22/2015 at 12:03 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: I think you're calculating the wrong thing. That same link points out that the number of primes less than x can be approximated as pi(x) = x/(log(x)-1). Very rough approximation below, dealing with this stuff in integer so i don't have to worry about floating point precision: - #!/usr/bin/python import math def pi(x): return x//(int(math.log(x) - 1)) print(pi(2**2049) - pi(2**2047)) Produces: 3414566770186655994404438379880237752289275853601443153843712876451 7106455003913618433496010529759521130797881149503110281852350331307 6748346315130154722343603670415899310676791001520948946303896102170 4767238030738398330774862856393736234748500545533360423420463740160 3112241209544524188755360669738591593193745235562705749858506233297 2052480087122621997414717056433422819795492200612038244015831024661 0014630770483358467188964179436800746042429708401186006929782110316 9614694882157095281778056383498229906388753003349920901696154376284 3548757751395862879269607910869512589725531458623570829193465282940 49800053111 That's a lot of primes to choose from! :) - Ouch!;-) my mistake (forgot it's exponential)! even using the n log(n) calculation, the interval is: 2^2049 [ 2049 log 2 ] - 2^2047 [2047 log 2] which is an infeasibly large interval to attack this way. = does GnuPG automatically reject twin primes ( p, p+2) , and Sophie-Germain primes (p, 2p+1) ? - Why should GnuPG reject these primes? Surely, it wouldn't want to both elements of a pair like that (i.e. for RSA you don't want q = p+2 because it's a trivial test to factor that composite), but is there a reason to reject using a p that meets these categories with some other, unrelated q? - Sorry, I meant does GnuPG automatically reject the PAIR since they are trivial to factor. Thanks, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Lower Bound for Primes during GnuPG key generation (was Re: [Enigmail] Popescu and keys)
On 5/21/2015 at 3:45 PM, Werner Koch w...@gnupg.org wrote: Some guy downloaded most RSA keys from a keyserver and tried to factor 1.9 million moduli. They found 30 keys with a subkey having one of the first 1000 primes as a factor. I looked at 8 of those keys and found that 2 are likely PGP created and 6 are by GPG. = When GnuPG creates and RSA keypair, is there a minimum *low* for primes it will ignore? (i.e. Will GnuPG reject a prime for key generation if it is one of the first 1000 primes, or first million primes, or any fixed lower level?) And if so, Is it feasible to mount an attack on a keypair by starting with trying successive primes greater than this lower bound, and possibly successfully find *some* GnuPG secret keys? TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: AES-NI, symmetric key generation
On 3/10/2015 at 4:19 PM, Maricel Gregoraschko maricelgregorasc...@yahoo.com wrote: I agree, using key instead of passphrase doesn't enhance security (assuming an attacker knows that the key was derived from a passphrase and with what key derivation algorithm? I assume the randomness/entropy of the key itself is high enough regardless of the passphrase strength?). The reason I was asking if it's a possibility to store the symmetric key to decrypt with later, was to protect against future changes in the key derivation algorithm, that would make gpg generate a different key for the same passphrase, useless to decrypt previously encrypted data.Thank you for your support. - If you don't want to keep your passsphrase, and want only to keep the session key, and you want this to have no weakness because of a questionably strong enough password that was used to generate the key, then there is an easy way to do what you want: [1] Encrypt a test message to any of your own keys. [2] Decrypt this test message, with the option of --show-session-key [3] Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message). [4] Decrypt your symmetrically encrypted file or message, using the option of --show-session-key [5] Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step [1] ). The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password. You can't find a better password (especially even one that you don't have to remember ;-) ) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
This month's Wired has an article about encryption for voice and text using pgp, and intercompatibility between i-phone and android while using it. http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ I wouldn't trust it with my real key, but would make a new 'smartphone' key signed with my real key, and comment it as for phone use only. If this catches on, as Wired thinks, then it might be a new way of introducing pgp encryption to the general public, and from there it's not such a difficult step to getting phone users to try encrypting e-mails and files, ... and breathe new life into pgp encryption ... vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On 2/12/2015 at 5:42 PM, Xavier Maillard xav...@maillard.im wrote: Hello, in my quest of the perfect setup, I am asking myself what is the prefered way to sign a message: inline (like this one) or using a MIME header ? = If, by 'perfect', you mean that it's as close to possible to not be mangled, and/or tampered with, then there is a simple but often overlooked way to do this, while including any meta-data you wish to add: Armor Sign it ;-) Assuming everyone you correspond with, who is interested in your signature, is using GnuPG, then they can easily verify it. Assuming you just want to do this for the mailing list, where most people don't sign their messages anyway, then just send the plaintext without worrying about the signature. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to detect extraneous content in clearsigned (--clearsign) files?
On 1/12/2015 at 1:50 PM, Patrick Schleizer patrick-mailingli...@whonix.org wrote: gpg --verify --output OUT SIGNEDDATA - gpg --output ./out --verify ./sha512sums.asc When it exits 0, then this approach is sound, sane and fine? - There is a way of addition to clearsigned messages that is not detectable: Adding 'spaces' at the end of the line of visible characters. Here is a clearsigned message without any spaces added: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This Is Just a Test -BEGIN PGP SIGNATURE- Comment: Fingerprint: C982 4216 3053 B6F3 62F2 7DC0 506F 4FA1 D35F B186 Comment: Key ID: 0xD35FB186 Comment: nothing added to cleartext iQIcBAEBCAAGBQJUtCfmAAoJEFBvT6HTX7GGJlUP+QGHkTWBRvXUsfsVi5QyqJji WKt5KkJIu+cv5dKVwJuWHVnhlCrdpqvVToofgk+oVJQp2KrnkesxkdwbPi87oJO9 nSc/4BCQedvYqa9nZ54YPGdRse9yttfzpwLtlbCWPqaMHN5trOwmBervAEW7GhCR kmUeM7ZlPAj9QUVS8TKzWXlMu63YpYwrRGt1EXevbTaMcUWOOG9+azQy5nYw04oq yuDDhdzV6MqL6bgxcnH4Psw5ykB59nlAEHjAeTVAObR6SzkSrOUhAL6velZcIJXq kVLvKustBhTQ12JVL52S7Y+CMKQPE8SA2apvbhALV9RjnQK6jG99oradSFpQtlfh PnM2ENRWZXi1D1BO5PJft4JzsMh2v6WqaiYJy5rmrJbbZyoo0vBqfizon1Mx2rtc YmIOw7bvClV4oG/zOlC0aeI0QNKPGcESWWV5THEPVBGOx9edVcuzADJMJGbbIC/0 Ufs4lngy4zrKlLSWqwKM6MoYyXiRHsHaUCcGbXVGnbSspnUbEybDAPskBcqVp+DC VH5NxDmQQEWUdTQEyiSmygXpa9GojX3KCFkF85Ohh3SUZ3O88ila+zpbDpfrXkJL D2w6dyIqKghQuM9hivMYUNdLTYmWHNgDSbFyCcZuhzAbPCRx3tjle+BRSMKT3V6X y0ofhIQ+3QeZzkHWkL+R =M/in -END PGP SIGNATURE- It is possible to add blank spaces to the end of the visible characters on each line, as long as it doesn't result in a new line wrap, and the signature will still verify. Don't know of any practical exploits of this property, other than possibly intentionally padding the files to use up someone's storage, (not likely in today's large storage capacity ;-) ) It could be useful if a sender and receiver would agree on a special code as to the padding, i.e. if someone is being forced to sign something, the sender and receiver could agree that adding the following spaces to each line for 4 lines: 7 7 2 4 would signify the hidden message: signing against my will (but this could also easily be forged by anyone who knew the system ...) Anyway, just a curiosity of which users should be aware. Absolutely *no* suggestions/requests to change GnuPG in any way (which wouldn't be backward compatible anyway) Armored signing, or a detached signature of a text file, *will* detect any spaces added on to a line. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Unable to encrypt file with private/public key
On 12/18/2014 at 10:38 AM, Dhiraj Haritwal dhiraj.harit...@ap.sony.com wrote: About the below command, it's asking for passphrase whereas my requirement is to use only keys to encrypt/sign it. gpg2 -u FFEEDDCC -r AABBCCDD -se supersecret.txt - '-s' in the above command means that you want to sign. Whenever you want to sign, GnuPG asks for your passphrase to unlock your signing key. = I tried below command which shows confirmation screen where I have entered y (yes) now able to see a file named supersecret.txt.gpg. m not sure what file it is because it think encrypted file should has an .asc extension. ./gpg --encrypt --hidden-recipient AABBCCDD supersecret.txt - 'supersecret.txt.gpg' is the GnuPG encrypted output of the file 'supersecret.txt'. If unspecified, GnuPG will produce a .gpg file rather than a .asc file. If you want a .asc file, you need to include the option of '--armor' or '-a' in your encryption command: gpg2 -u FFEEDDCC -r AABBCCDD -a -e supersecret.txt vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How much information can be gleaned about a gpg key by possessing both plaintext and ciphertext?
On 11/21/2014 at 4:57 AM, Christ Schlacta aarc...@aarcane.org wrote: how much information does GPG reveal in such situations? = GnuPG works by using hybrid encryption: [1] The plaintext is converted to ciphertext using a block cipher, with GnuPG generating a random session key for the encryption [2] The random session key is then encrypted to the recipient's public key. [3] The recipient uses the private key to recover the session key in [2], which is then used to decrypt the plaintext in [1]. No amount of plaintext and ciphertext reveal anything about the recipient's *Private* key. (The recipient's public key is usually *public* and known already). That said, Any attacker can simultaneously encrypt to a 'Target' public key, and to the Attacker's own public key. The Attacker can then recover the session key by decrypting with the Attacker's private key. This 'session key' is the only thing that can be used as the plaintext that is encrypted to the Target's public key. An attacker now knows: (a) The *ciphertext*, which is the session key encrypted to the Target's public key. (b) *PART* of the *plaintext*, which is the session key, since it was encrypted to the attacker's public key. (It is only *part* because the session key is padded with a *different* padding for each key to which it is encrypted, even when the same session key is simultaneous encrypted to different public keys.) (c) The Target's Public key. The Attacker can generate an unlimited amount of messages in this way. Using this information the attacker now wants to find/reconstruct the Target's Private key. I don't know that much about attacking RSA Key Pairs in trying to find the Private Key, (other than factoring the modulus), but suffice it to say, that in the over 20 years that RSA has been around and many different attacks have been tried, *this* type of attack has not seemed feasible enough for anyone to try. So, Short summary, No useful information can be gleaned. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How much information can be gleaned about a gpg key by possessing both plaintext and ciphertext?
On 11/21/2014 at 1:01 PM, Christ Schlacta aarc...@aarcane.org wrote: So to summarize, the best way to try this attack would be to encrypt lots of small messages to a dummy key and a target key because the only knowable plaintext is the session key. However, there's no known or reasonably suspected method of plaintext attack anyway, so all this data is believed to be a waste. = Correct. You could (more efficiently) isolate the Public GnuPG key as an RSA Public key, and use an implementation of RSA that does not use padding, and try all the plaintexts and known resulting ciphertexts, and still not construct the RSA Private key. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg4usb: Portable GUI for GnuPG
On 11/13/2014 at 5:23 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Putting it on CD-ROM might be a pretty cool idea = It's already been done by UPR. https://www.privacy-cd.org/en It uses Ubuntu 12.04 with GnuPG and pre-7.2 Truecrypt already installed. (open source roll-your-own available). I've tried it a few times and found it interesting, in that I couldn't access anything on the host computer's hard disc, or go online, features instituted to protect the UPR user, but also protects the host computer, (and makes it easier to get permission to *borrow* a frend's laptop to do some work on files on my usb ;-) ) Anyone here have any experience with it? TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key length/size RSA discussion/recommendations in the wiki
On 10/29/2014 at 3:22 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Why is brute force even mentioned in something about RSA? You couldn't brute-force a 128 bit RSA key. I'd say 2048 bit quite covers it 8-) - Surely Peter knows this too ;-) More likely 128 was a typo for the more common older RSA key of 1028 ... vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 9/19/2014 at 2:18 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Does this have to be done under Linux, or can it be done under Windows with the aid of something like MinGW or CodeBlocks? Unfortunately, this is not something I'd recommend for anyone except a handful of MinGW experts. It's technically possible, but daunting. The approved way of building Win32 executables of GnuPG is to cross-compile from Linux. = Can gnupg-2.1.0-beta834 be compiled on Cygwin ? I tried downloading it from the ftp link WK gave, and when trying to configure on Cygwin, got the following errors: configure: *** You need libgpg-error to build this program *** You need libassuan to build this program *** You need libska to build this program *** It is now required to build with support for the *** New Portable Threads Library (nPth). Please install *** this library first. configure: error: *** Required libraries not found. Please consult the above messages *** and install them before running configure again. Ok, Downloaded all the above libraries from the links provided, started with the first one mentioned, libgpg-error, and got as far as, config.status: creating po/Makefile libgpg-error-1.16 prepared for make Revision: 8f3187f (36657) Platform: i686-pc-cygwin Then after trying 'make', got the following: $ make make all-recursive make[1]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16' Making all in m4 make[2]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16/m4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16/m4' Making all in src make[2]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16/src' gawk -f ./mkerrnos.awk ./errnos.in code-to-errno.h gawk -f ./mkerrcodes1.awk ./errnos.in _mkerrcodes.h gcc -E _mkerrcodes.h | grep GPG_ERR_ | \ gawk -f ./mkerrcodes.awk mkerrcodes.h rm _mkerrcodes.h gcc -I. -I. -o mkerrcodes ./mkerrcodes.c ./mkerrcodes | gawk -f ./mkerrcodes2.awk code-from-errno.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ ./err-sources.h.in err-sources-sym.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ ./err-codes.h.in err-codes-sym.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ -v prefix=GPG_ERR_ -v namespace=errnos_ \ ./errnos.in errnos-sym.h gcc -g -O0 -I. -I. -o mkheader ./mkheader.c gcc -g -O2 -Wall -Wpointer-arithgen-posix-lock-obj.c -o gen-posix-lock-obj gen-posix-lock-obj.c:40:3: error: #error sizeof pthread_mutex_t is not known. gen-posix-lock-obj.c: In function ‘main’: gen-posix-lock-obj.c:69:21: error: ‘SIZEOF_PTHREAD_MUTEX_T’ undeclared (first use in this function) gen-posix-lock-obj.c:69:21: note: each undeclared identifier is reported only once for each function it appears in gen-posix-lock-obj.c:99:11: error: ‘HOST_TRIPLET_STRING’ undeclared (first use in this function) builtin: recipe for target `gen-posix-lock-obj' failed make[2]: *** [gen-posix-lock-obj] Error 1 make[2]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16/src' Makefile:402: recipe for target `all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16' Makefile:333: recipe for target `all' failed make: *** [all] Error 2 So, can it be done on Cygwin, using other steps/commands first? (btw, have not had any problems compiling, making, and installing gnupg 1.4.x on Cygwin). TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keeping .gnupg folder in cloud
On Thu Sep 18 17:13:58 CEST 2014 Werner Koch w...@gnupg.org wrote: But right, there are other files which should not be published. Is it possible to have .gnupg on a smart card ? vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/17/2014 at 4:25 AM, Werner Koch w...@gnupg.org wrote: Users with very advanced requests are expected to use a very advanced version (2.1-beta) .-) = Seems to need a 'very advanced' downloading too ;-) Could not find 2.1-beta on the GnuPG download page. Where is it available? TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/16/2014 at 10:51 AM, Werner Koch w...@gnupg.org wrote: To put this discussion to an end, he may simply do a jump to the left and put the option --faked-system-time ISODATESTRING on his command line. = Does this work on GnuPG 1.4.x ? GnuPG (1.4.16) gives me the following error: gpg: Invalid option --faked-system-time vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/16/2014 at 2:56 PM, Hauke Laging mailinglis...@hauke-laging.de wrote: What I want would make life easier mostly for the contacts of those who don't manage their keys well. = Which is especially reasonable, since it seems that the option of '--faked-system-time' (which used to work on earlier versions of GnuPG 2.x), but doesn't work on current versions of 2.x, and never worked on 1.x, now make it especially cumbersome to encrypt to an expired key, (by requiring changing the system clock and changing it back again). As the '--faked-system-time' option is interesting, maybe re-implementing it in both 2.x and 1.x might be an easy workaround in those cases where a user has forgotten to update an expired key. With regard to the resulting sign and encrypt problem, a simple workaround would be to clearsign first, and the encrypt the clearsigned mesage with the '--faked-system-time' option . vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/15/2014 at 3:57 PM, Robert J. Hansen r...@sixdemonbag.org wrote: if you really need the ability to encrypt to expired certificates, go right ahead and do it. However, there is something to be said for making people go through an additional couple of hoops before shooting themselves in the foot. = GnuPG tries to be very accommodating to almost all types of users, and has succeeded admirably in this case. I always wondered why anyone would ever really 'need' an expiration date, and how they would know in advance that they would need it to expire in the exact time they listed when the key was generated. A simple way to work around it, is to designate another one of the person's most trusted keys, as the 'revoker' key, or to generate a revocation certificate right after the key was made, and that way, if there is any future reason to not want people to encrypt to that key, to just revoke it then. But, if for whatever reason, one didn't do so, and lost the key or forgot the passphrase, and wanted the key to eventually 'pass on', then one could insure for its painless expiration, by making a timely expiration date ... Now, suppose someone got into the habit of routinely making an 'expiration' date, but still has the the secret key and passphrase, and didn't yet generate a newer encryption key, then it's nice for him to know that GnuPG allows for the possibility for people to still encrypt to that key, until he makes other arrangements, and that GnuPG is prudently set up so that it 'shouldn't be 'too easy' to do, so that one will think twice it one 'really' needs to do it. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to sign a message with multiple digest algorithms?
On 9/6/2014 at 6:46 PM, Pete Stephenson p...@heypete.com wrote: Hi all, Is it possible to sign a message (or certify a key) with multiple digest algorithms? For example, one might wish to sign a message with both SHA256 and RIPEMD160. If so, how would one go about doing this? I would imagine that, if possible, the command would be similar to gpg --armor --digest-algo SHA256 RIPEMD160 --clearsign but this fails. If it is possible, how does GPG handle multiple signatures? = It can be done if a separate signing subkey is used for each different digest. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hal Finney
On 9/1/2014 at 3:46 PM, Robert J. Hansen r...@sixdemonbag.org wrote: I knew Hal, though not well. In my brief experiences with him he was witty, funny, and unfailingly kind. = Back when I first started in PGP, and asked many silly questions that exposed my ignorance, Hal Finney was one of the few who answered me kindly and patiently. My thoughts are with his family. The world is diminished with his absence. = Appealing to the science-fiction tendencies latent in many of the cryptographic community, maybe the cryo-preservation will someday be found to work, and the world will have him back again ... with Profound Respect, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [openpgp] SHA-2 support should be mandatory – change defaults
On 8/12/2014 at 11:46 PM, David Shaw ds...@jabberwocky.com wrote: Rather than fixing RFC-1991 support, why not go in the other direction and make it clear that it isn't supported, and won't work? = As a pgp 2 user, I agree with all the above, and taking whatever steps are felt to be easier to maintain and move GnuPG forward. Those who insist on using pgp2.x for whatever things (actually very very few) they feel cannot be accomplished with GnuPG, will do so anyway. I ask only, that acceptance of V3 keys be maintained, as many of us have used our V3 keys in GnuPG, (with SHA 2 and 64 bit algorithms), Otherwise, all our encrypted messages will not be able to be decrypted in later versions of GnuPG, and if the encrypted messages were signed, they would no longer be able to be verified, (as even Disastry's version, while able to decrypt everything except Camellia, cannot verify a V4 key signature). vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: symmetric email encryption
On 7/18/2014 at 1:52 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Symmetric keys and fingerprints have to be exchanged through a secure = I think what Hauke meant was an exchange of the *passphrase* for the symmetric encryption, not the session key. The symmetric keys would always change with each new email message, using gnupg symmetric encryption. The only annoyance with this type of approach, is that it needs a separate passphrase for each correspondent, (which we don't bother with ordinarily, since encrypting the symmetric session key to a correspondent's public key makes it unnecessary). Hushmail has a one-way variant of this approach. A Hushmail user can send an encrypted message to someone who does not have encryption or Hushmail, by having the Hushmail user give the recipient an answer to a question. The email message is encrypted symmetrically using that answer as a passphrase. (Hushmail makes it intentionally easier, (albeit less secure), by making the 'answer' case insensitive, and ignoring spaces and punctuation characters). The receiver gets a message that an encrypted e-mail has been sent, and is directed to the Hushmail server where the sender's question is asked, and the receiver has 3 chances to provide the correct answer. A correct answer decrypts the symmetrically encrypted e-mail and the plaintext is displayed on the Hushmail server. The e-mail is removed from the server after 72 hours. A few people who have received this type of message from me, thought it was interesting and convenient, and signed up for their own hushmail accounts, and are now well on their way to learning gnupg, so it might be an approach to get people who have never used encryption, to try it. (My apologies, Hauke, in advance if I mis-understood you and this discussion). vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg - pgp reading signed files
On 7/14/2014 at 2:04 PM, Johan Wevers joh...@vulcan.xs4all.nl wrote: Hello, Due to a discussion on sci.crypt I tried pgp 2.6 accept a file signed by gnupg. This worked, but only when I set the compression to 0 (none). Doesn't pgp 2.6 use zip compression? = In the pgp 2.6 config.txt file there are only two options for compression: Compress = off or Compress = on Tried looking through the documentation 'which' compression 2.x uses, but couldn't find the specific one. but did find that there was a problem with 'decompression' in 2.4 which was changed to 2.6 It may be that it's a variant unique to pgp. I'll try to see what happens in Disastry's version, if it will accept gnupg's compression vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encrypt a signed text
On 7/7/2014 at 10:42 AM, Walter Lange tr...@gmx.org wrote: I would like to encrypt a signed (with ASCII armor) text. It should take two steps, because I want to use two different machines, a local one to sign and a remote machine which encrypts. The result should be the same as the encrypted and signed one in one step. Is that possible? = Not the way you want it. It will have the same end result, in that the signature can be verified, on the same text, and the decryption will show the text and verify the signature, But in the case where it is a one step process, the decrypted plaintext will not have the signature as part of the text. The other way is possible. It is possible to encrypt and sign as one step, and then armor the signature and attach it to the decrypted plaintext to make it look like it was first clearsigned, or armored signed, and then encrypted. The problem with doing it the way you want, is that while it is possible to remove the signature and save it as a detached signature, it is not (afaik) possible to bind that detached signature to the plaintext and have it encrypted as one process. I would need to be zipped together or otherwise connected first. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]
On 6/27/2014 at 9:59 AM, shm...@riseup.net wrote: is it really a case of obdurateness, if it ain't broke don't fix it, or an unwillingness to use and get accustomed to something new and/or different, perhaps a new gui - look, i completely sympathise with the latter especially for older people if i may generalise if you're a windows user you'll have to upgrade after 10 years if you want to keep safe or pay ($) for it; ok, now i sympathise with people not wanting a new gui with windows 8 Why should anyone cater to users of PGP 8.x in 2014 when we have an opportunity to provide a stronger cryptographic baseline for everyone else? Because there are still people using it. = And it supports/promotes wider cryptography usage ... We, (the Cryptography community in general, and the GnuPG community in particular) want to encourage more widespread cryptography use, and to have newbies who finally take the step of using it, to then find problems in e-mailing other users of different programs because of incompatibilities it could be discouraging enough to just stop using it before one has had a chance to appreciate what it can do, and come to love it. Many thanks to WK and the GnuPG development team for taking the trouble to provide backward compatibility even as GnuPG grows better and more robust. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Mascot_p
UPR 12.04r1, ( https://www.privacy-cd.org/en ), Ubuntu Privacy Remix's new bootable modified Ubuntu static install disc, with GnuPG and Truecrypt already on it, has a very cute 3D armored robo-lizard on it's boot screen. (no picture available on the UPR site ;-(( ) Maybe an armored robotic #D Gnu might be a consideration. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users