.
I don't think it is relevant, but I'm running Debian Squeeze/testing with
stock kernel and stock gnupg. But this can be changed if necessary, it's
just convenient (I mean the kernel and gnupg can be custom compiled, not
changing the distro).
Thank you for your time,
Peter Lebbing.
[1]http
wherever you go.
I totally agree. I like the idea of the separate keypad of, f.e., the SPR532
I have (even though I don't use it currently), but mobility is worth more.
Peter Lebbing.
PS: I accidentally backspaced over the 'l' in '.html' in the link to the
MyKey on the SCM site in the previous
I've just ordered the MyKey with the new model card reader. I'll report
whether it works when I have it.
Peter.
--
I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
Peter Lebbing wrote:
I've just ordered the MyKey with the new model card reader. I'll report
whether it works when I have it.
Well, bit of a disappointment, but hopefully it can be fixed. It turned out
that the reader included with the new model MyKey is the SCT3511. It seems
like a nice device
Florian Schüttler wrote:
If it is a v2 card as you mentioned earlier you should try using GnuPG
1.4.10.
I had pretty much the same issues with a PC/SC reader (ReinerSCT cyberjack
ecom plus) on Debian Lenny (1.4.9-3+lenny1) until I tried 1.4.10 with which
there were no problems, except
In a previous message [1] in the thread named Does the SCM SCR3320 work with
GnuPG?, I wrote that gnupg with Debian version 1.4.9-4 cannot use an OpenPGP v1
card in the SCT3511 reader. I've installed Debian version 1.4.10-1 from
unstable, and it seems there is no change in the situation.
I did
I think it is not a problem to decrypt the key file in the startup process,
isn't it!? Is it possible to access the card reader (omnikey 4040) and the
smartcard via gpg from the initrd ram disk? Has anyone ever tried it in a
similar way or are there any alternatives? Finally, is there a
Sven Radde wrote:
I thought that I would simply 'include' the primary key by adding
--secret-keyring secring2.gpg whenever I need it for these kinds of
operations, but GnuPG complains about missing parts of the secret key
regardless of whether this option is present of not.
AFAIK, GnuPG will
On -10/01/37 20:59, Joke de Buhr wrote:
You do not sacrifice legitimate incoming mail because there is an RFC that
clearly states mailservers do not operate from dynamic IP addresses.
Therefore
they can not be considered valid.
Which RFC would this be?
I could not find the word dynamic in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On -10/01/37 20:59, Aaron Whitehouse wrote:
How do I import a subkey into an existing secret key?
I managed to do this with gpgsplit and recombining. I'm doing this under Linux;
commands for other OSes might differ. Please read the whole mail before
I just got my new crypto-stick, and it's pretty slick. I understand why
I'd want to set my name and language preferences, but I was trying to
come up with a good scenario where my sex would be useful, or what the
rational was for including that field.
My guess is it is to address the user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On -10/01/37 20:59, Peter Pentchev wrote:
On Fri, Oct 08, 2010 at 12:24:17AM +0100, Lee Elcocks wrote:
[snip]
ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o
C:\encryptedfiles\%F.pgp
Erm... on this line, where are you telling GPG
On -10/01/37 20:59, Bo Berglund wrote:
On Sun, 16 Jan 2011 13:39:14 +, MFPA expires2...@ymail.com
I'm using GnuPG 1.4.x, not 2.x, and my copy of GPG man page is the
text file called gpg.man that lives in the DOC folder under my
GnuPG program directory.
I have installed GPG2 as part of
I think you are misunderstanding what I am inferring. For starters,
that is the 5th account that I have heard or known of that was hacked
in March alone. I am sure that the total is far higher based on a simple
statistical accounting of the number of accounts using GMail. Happy
Rob :)
You
On 19/07/11 01:20, J. Ottosson wrote:
Example: I have this newly installed GPG, through GPG4WIN. After having done
some checking and searching in manuals and on the list, I have come to
conclusion that entering the command gpg --card-status should make the
secret
key stubs appear in the
On 28/07/11 20:15, Jay Litwyn wrote:
In my case, that iz likely, because I yuuz only screen names on USENET.
yuuz? That's where I draw the line. This mailing list is for communication, not
showing your 1337 skillz. So please communicate in a way where I don't have to
read every other sentence
On 03/08/11 12:43, Sébastien wrote:
I know that gpg is an hybrid system. I want to know these numbers to check
with a mathematica-like program that numbers supposed to be primes are
actually real prime numbers.
And suppose GnuPG accidentally picked a composite. What would be the security
On 04/08/11 17:11, Johan Wevers wrote:
An even more subtle way to add a backdoor would be tampering with the
RNG that creates the session keys and the factors in key generation. A
bug such as this existed in the Unix version of pgp 5.0 and it took
quite some time before it was found.
Let's
Why is it coded like that ? Is it safe ?
I'm pretty sure there is only one inverse given n and e, that is, d is unique.
Accidentally choosing the wrong d because you made an algorithmic/programming
error will create a non-working keypair. I'd say, since it works, it is correct.
Perhaps the
On 04/08/11 20:30, Peter Lebbing wrote:
Perhaps the better question is: *why* does it work? Why are the operations
equivalent?
H. Per the Handbook of Applied Cryptography 5th ed[1], section 8.5,
computation of d can also be done modulo lambda, with
lambda = lcm(p-1,q-1) = (p-1)(q-1)/gcd(p-1
On 05/08/11 03:02, Luis de Bethencourt wrote:
device in debian:
crw-rw-r--+ 1 root root 189, 516 2011-08-05 00:46 /dev/bus/usb/005/005
device in gentoo:
crw-rw-r-- 1 root pcscd 189, 395 Aug 5 02:56 /dev/bus/usb/004/012
my user is part of the pcscd group. I just checked.
Look closely at
On 06/08/11 19:50, Luis de Bethencourt wrote:
Thanks for that information! I agree with you that if could also have a
similar
ACL in my gentoo machine it would work. Where is this set?
Unfortunately, I don't know much, hardly anything, about ConsoleKit and friends.
I suppose it is related to
On 04/08/11 17:14, Peter Lebbing wrote:
On 03/08/11 12:43, Sébastien wrote:
I know that gpg is an hybrid system. I want to know these numbers to check
with a mathematica-like program that numbers supposed to be primes are
actually real prime numbers.
And suppose GnuPG accidentally picked
On 14/08/11 13:41, Hubert Kario wrote:
From what I learned, RSA cracking is basically an exaustive search.
If your prime is composite, it is at most half as long as a real prime
would
be.
So, instead of a ~1024 bit prime you have a ~512 bit prime, which are tryvial
to crack.
Yes [1],
On 14/08/11 16:39, Hubert Kario wrote:
looking through full 512bit space will take 8192 less time than checking all
numbers between 2^525 and 2^526.
Or, equivalently, looking through full 512 bit space takes the same amount of
time as checking all numbers between 2^513 and 2^514. It's exactly
On 17/08/11 17:16, ved...@nym.hush.com wrote:
Here is a good overview (dated 1998, but not too many new RSA attack
approaches
since then:-) ) of 20 years of RSA attacks:
http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html
Thanks for the link!
Peter.
--
I use the GNU
On 26/09/11 23:11, Achim Cloer wrote:
During generating the keys, the pgp card is also generating a off-card copy.
But we fail to import this backup into OpenPGP.
It's been a while since I played with it, but it worked then. From the man page,
under --edit-key:
bkuptocard file
Restore the
On 28/09/11 15:50, Werner Koch wrote:
There is no feature for it. You may use gpgsplit to manually construct
a key from such a backup. You need to take the keybinding signature etc
from the matching public key. I have not tried, it though.
I'm fairly sure I tried it and it worked. It's a
On 01/10/11 18:51, brian m. carlson wrote:
Point being, both DSA and RSA have their good and bad points, and if
you're fairly confident that you have a good PRNG, such as /dev/urandom,
then there's not really much concern about k. After all, you also need
a good PRNG for CFB IVs as well,
On 05/10/11 08:15, Faramir wrote:
Would Paperkey be useful to do that? I guess no, since it encodes
the private key somehow... but maybe tweaking it?
IMHO, if you want to have a backup that also allows you to use the key without
the card, the following procedure is by far the easiest:
-
On 05/10/11 13:17, Robert J. Hansen wrote:
On 10/5/2011 5:31 AM, Laurent Jumet wrote:
In my opinion, a key-to-card key should *never* have an existent
backup.
There are many other use cases similar to this in which it makes good
sense to have certificates on hard drives as well as
I succeeded to write back this encryption key to the card. But PGP is
writing the same key to two positions in the card. So now I have a
Card with the same key in encryption and signature.
A bit odd. I hope it will not give problems. My suggestion: let the card
generate a new signature key
On 08/10/11 10:52, Robert J. Hansen wrote:
On 10/7/2011 11:56 PM, Jerome Baum wrote:
Why fix what's not broken?
Nobody has said sig2dot needs to be fixed.
However, Aaron Toponce wrote:
I'd be game for submitting a patch, if I had the patience to work with
Perl.
Sounds to me like like
On 18/10/11 14:36, Jerome Baum wrote:
* I'm going to take the word to mean what it says: key, not what I can
flexibly interpret it as: encrypted key.
One of those metal things in my pocket? What good are they for encryption? Even
if you manage to read it in, it still has way too little
On 18/10/11 14:53, takethe...@gmx.de wrote:
I read a smartcard is simply a chip card. Why is it save, what's a
PIN? Say I'm using it on a PC with a trojan in the background
that logs my keystrokes (my password) and can send data (my key)
via internet to an attacker. How is access
On 18/10/11 15:05, Robert J. Hansen wrote:
On 10/18/2011 8:36 AM, Jerome Baum wrote:
Have you looked at my original statement?
Yes.
Oddly, I don't recall Jerome ever making a statement remotely like If I steal
your decrypted key, I only remember him stating that he thought, as did I,
On 18/10/11 15:05, Robert J. Hansen wrote:
IIRC nowadays is store a separate file per key?
No, it's still a single file (pubring.gpg, for instance, is the public
keyring). I just can't promise that it's still a raw stream of RFC4880
octets.
ls ~/.gnupg/private-keys-v1.d/
Peter.
PS:
On 18/10/11 15:08, Jerome Baum wrote:
It's one thing to be picky when it adds to the discussion proper. That
would be the case when we're distinguishing between the key as it is
stored on disk (encrypted, inside a key-file/-ring/...) and the key as
it is stored in memory (unencrypted). That
On 18/10/11 15:23, Jerome Baum wrote:
It doesn't prevent a trojan from signing something other than what you
intended (if it's your master key on card, even another key or a new
sub-key) but whether this is a problem depends on your threat model.
The signature problem can still be solved by
On 18/10/11 16:00, Mark H. Wood wrote:
I don't see why the ISP has to be the entity providing DNS lookup.
Because it is the e-mail address of the recipient you look up; that's all the
data you have in this scenario. Thus, for me you would look up a key
corresponding to user peter at the domain
Werner, Marcus,
Thank you for thinking about taking end-to-end e-mail encryption to the next
level. I really like your ideas.
However, I think you're not ambitious enough when you opt for using DNS for key
distribution. Yes, the infrastructure and RR types[1] are already there. But it
brings
On 19/10/11 21:30, Peter Lebbing wrote:
that is a really major hurdle; probably a too steep one, IMHO.
Given that all normal, literal hurdles are at right angles to the ground, they
are all equally steep. Obviously I meant high :D.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination
On 19/10/11 22:43, Faramir wrote:
Ok, but if the online computer uses Windows, and the offline one
uses Linux, then it would be a multiplataform trojan horse... that is
not likely to be a common case.
Define your threat model... are we talking random trojan infection or a focused
attacker
On 24/10/11 19:25, Robert J. Hansen wrote:
With respect to your question: what we offer is privacy, but most people
do not understand privacy, do not care about privacy, and would not care
about privacy even if they understood it.
So if we can't motivate users by showing the bad stuff that can
On 25/10/11 14:54, Robert J. Hansen wrote:
Every now and again I'll meet someone who's interested in learning
about privacy and how to protect it. I do my best to help these
people along. That's what I can do, that's what's within my power,
that's the standard I judge myself by -- how well I
On 25/10/11 17:09, Robert J. Hansen wrote:
I disagree. The problem with the current proposal is it offers email
providers no payoff for their work. If it could credibly be said,
implement STEED and you'll get 25% less spam across your network,
email providers would be lining up around the
On 29/10/11 14:39, Peter Lebbing wrote:
On 29/10/11 13:31, Jerry wrote:
Thank you. I sort of have a contact at Microsoft that might be able to
lend me some assistance. However, I would need very specific
information.
Wouldn't the more generally applicable fix be to simply *not* mess
On 29/10/11 13:31, Jerry wrote:
Thank you. I sort of have a contact at Microsoft that might be able to
lend me some assistance. However, I would need very specific
information.
Wouldn't the more generally applicable fix be to simply *not* mess with the
layout of messages going through the
On 31/10/11 11:36, Werner Koch wrote:
Rfc822 addresses are merely properties of the MAPI message and used if the
message needs to be send via SMTP; this is done by a transport provider which
constructs a proper MIME message out of the MAPI message.
Now it all makes sense. Thanks for this
On 01/11/11 01:44, Hauke Laging wrote:
But I don't know whether key servers allow the search for subkeys.
$ gpg --search-keys DE6CDCA1
gpg: searching for DE6CDCA1 from hkp server pool.sks-keyservers.net
(1) Peter Lebbing pe...@digitalbrains.com
2048 bit RSA key DE500B3E, created
On 01/11/11 13:35, Aaron Toponce wrote:
The glitch is that for security AND trust, messages must be both
encrypted and signed.
In that case, I find it to be phrased very awkwardly.
Encryption provides encryption: people can't see what is in it. Period.
Signing provides a form of integrity:
m.aflakpar...@ut.ac.ir wrote:
Thank you Dave,
I tried again with this command:
gpg --decrypt-file myfile.gpg
and entered the passphrase when I was asekd to enter it.
But, this error comes up:
gpg: encrypted with 1 passphrase
gpg: decryption error: bad key!
Is that it, or is there
On 12/11/11 14:45, Chris Poole wrote:
I don't remember asking it before, but one reason I don't like Truecrypt is
that I use Duplicity to backup my local files, so having the individually
encrypted makes things easier (since it'll just ignore the ones already
backed up). Adding them to the
On 14/11/11 12:11, Chris Poole wrote:
2. `find maildir/ -not -name '*.gpg' | gpg ...` to encrypt these new files
At this point in the script now, I would want to hash the new files, but now
they'll have the `.gpg` output extension.
The following is just a sketch, I'm not completely checking
On 30/11/11 19:05, gn...@lists.grepular.com wrote:
You're correct. tcpdump has confirmed that the initial attempt is done
over IPv4. Still, the error message returned from gpg is misleading...
I also find the error message from curl somewhat misleading, although
technically correct. I would
On 30/11/11 23:47, Doug Barton wrote:
This usually happens when the OS has signaled that it has IPv6
available, but it's not actually configured on any interfaces. The usual
way to fix this is to flip the knob that says IPv6 is *not* available.
Ah, okay. I figured this was not the case because
On 17/12/11 14:23, gn...@lists.grepular.com wrote:
I find it strange that the keyservers don't do any sort of email
validation before accepting key submissions and that they just allow
anyone to upload signatures for your key without verifying if you want
to allow them first.
The key property
On 17/12/11 14:58, gn...@lists.grepular.com wrote:
It would only take one troll.
Yet, so far so good (in general). And the infrastructure has existed for quite
some years already.
OpenPGP might never become popular enough to attract childish people to the
keyserver network :). I certainly hope
Hi,
On 09/01/12 19:41, remesh_chan...@dell.com wrote:
I tried all those options; it generates the below error.
gpg: fatal: too many random bits requested; the limit is 4799
secmem usage: 3008/3008 bytes in 5/5 blocks of pool 3200/16384
You originally indicated the key was as such:
pub
On 21/01/12 23:01, Robert J. Hansen wrote:
Then they're signing it with *their* certificate, backed up by
credentials that you yourself checked. How is this a problem?
While I generally agree with you on the rest of your mail, this is not
necessarily the case. You met them at a keysigning
On 26/01/12 12:07, Peter Lebbing wrote:
I like it.
Maybe I should clarify that this is in no way a feature request; I just like the
pragmatic solution in itself.
I personally don't see a use case where one would be satisfied with an e-mail
address of the form
mailinglisten--noenum
Hi MFPA,
Can I ask what about the
dkg--noenum-0ee5be979282d80b9f7540f1ccd2ed94d2173...@fifthhorseman.net form does
not satisfy your requirement that the
mailinglisten--noenum-zttgfznhu3rnkfyaxjuym...@hauke-laging.de does? Or do you
not agree with the latter form either?
I'm not sure of your
On 26/01/12 02:02, MFPA wrote:
Definitely limited; I think of it as little more than a
privacy-enhancing defence against casual snooping rather than a
security measure. But is it really so marginal?
If you don't solve the key enumeration problem, it seems to me you're more
enhancing the
On 28/01/12 12:49, gerry lowry +1 705 250-0112 alliston ontario canada wrote:
(d) To:
Cc: gnupg-users@gnupg.org
[...]
(d) is the worst form imho because e-mails without a To: component
are the most likely to end up in one's spam folder; in some cases,
depending on one's isp, such
On 28/01/12 20:34, MFPA wrote:
Or is the point that searching on the email address doesn't find the
key, you have to search for the fingerprint (and the UID doesn't contain
the email address at all, not even obscured)?
Yes, exactly. The UID just says Anonymous or whatever you want it to say.
On 30/01/12 03:23, MFPA wrote:
Interestingly enough, your Sig Delimiter is bonked.
That is an unfortunate consequence of signing my message with GnuPG;
all lines lose trailing spaces and any line beginning with a dash gets
prefixed with a dash and a space.
Or: how a boring off-topic
On 30/01/12 12:27, Jerry wrote:
Now, thanks to you and a few other morons,
For crying out loud, stop crying out loud. Get over it. People will CC you.
Stop bothering us with your complaints every time. We all, including you,
have better things to do with our time than repeating this annyoing
On 31/01/12 00:09, John Clizbe wrote:
On the Netiquette part of this thread, I too set a Reply-To header that seems at
least one person regularly ignores. Please don't CC me on list replies. One copy
is enough.
Well, I don't know if you refer to me, my apologies if so. I know how that comes
On 07/02/12 11:11, gn...@lists.grepular.com wrote:
When GPG2 opens a popup to ask for a password, I can't switch to
another window without locking up the desktop. Neither the mouse
nor any key works anymore, not even the power button, and I have to
keep it pressed for 6 seconds to force
On 23/02/12 13:00, Johan Wevers wrote:
No. The files are compressed before encrypting (after encrypting they
should not be compressible so it has te be before) and the results
vary.
But isn't there a worst-case overhead for the compression algorithm
used? There most likely is.
From
On 03/03/12 01:25, brian m. carlson wrote:
It is not true that encryption amounts to XORing the message text
against the secret key.
[snip]
Also, CFB mode, what is XORed is the output of a block cipher
encryption of the previous ciphertext.
And the paper exploits exactly this fact by
On 06/03/12 19:36, auto15963...@hushmail.com wrote:
The revoked key appears to be on a keyserver. When I do a search and view
the result online, I can see my key ID number and user ID plainly identifying
this key as having now been revoked. I have not imported it.
The keyservers don't do any
On 06/03/12 21:14, Hauke Laging wrote:
You probably don't even use a seperate user account for key handling.
I don't even do that either. Sounds to me like mainly snake oil with an
insignificantly reduced actual hacking risk.
To clarify, an attacker is able to get into your personal user
On 06/03/12 22:31, Hauke Laging wrote:
AFAIK there is nearly no skill level required in order to get into an average
user account. There is software which creates malware. You don't have to
write it yourself. Just wait for the next exploit in a widely used (or known
to be used) software.
I
On 07/03/12 09:19, Alastair Langwell wrote:
Thanks to you and Robert for getting back to me. However this
unfortunately didn't solve the problem. I ran:
chown alastair:alastair ~/.gnupg/
and
chown alastair:alastair ~/.gnupg/*
Then I tried root:alastair and alastair:root but still no
On 18/03/12 09:13, freej...@is-not-my.name wrote:
Alright that's a good answer but aren't people just confirming the email
address belongs to a known signer when they sign a key? Does it really
matter what the UID comment is? I think it may be going a bit too far to say
the UID is guaranteed.
On 18/03/12 19:13, freej...@is-not-my.name wrote:
Not necessarily but even if they did, how do they have access to the key?
The attacker is doing you a real service getting /your/ key signed then :)
Wasn't the purpose of the attacker to get his /own/ key falsely signed? The key
he does have
On 18/03/12 19:13, freej...@is-not-my.name wrote:
I should note that many people actually *don't* check if the e-mail
address belongs to the person whose UID they sign.
That doesn't sound right.
We could have a simple misunderstanding here: I do think many people check if
the person whose
signature:
sig:::1:AC46EFE6DE500B3E:2011-11-01Peter Lebbing
pe...@digitalbrains.com:13x:
spk:30:1:1:%01
spk:27:1:1:%01
spk:23:1:1:%80
spk:22:1:3:%02%03%01
spk:21:1:3:%08%03%02
spk:16:0:8:%ACF%EF%E6%DEP%0B
spk:11:1:5:%07%09%08%03%02
spk:9:1:4:%05%95%0A%03
spk:2:1:4:N%AF%D7%1D
Referring to RFC 4880
On 19/04/12 14:38, Scott Armitage wrote:
For the record, I was using redirectors instead of the -o option
because apparently it has no effect (at least in Powershell on
Windows) if you use it after the --export option. I have now figured
out that I can use -ao file.asc before the
On 20/04/12 16:17, Werner Koch wrote:
$ gpg2 foo --armor
gpg: NOTE: `--armor' is not considered an option
usage: gpg [options] [filename]
If you really want --armor as a filename, the warning will of course not
be shown
Why is --armor dropped when it is not wanted as a filename?
And
On 20/04/12 18:55, Doug Barton wrote:
To the OP, rather than saying, Can you write better docs? how about
proposing changes that make sense to you? Not only is that closer to the
open source model, it's notoriously hard for developers to document
their own work, since it all makes perfect
On 21/04/12 19:54, Werner Koch wrote:
Sorry, I don't understand you. There is just a note telling the novice
that --armor is not an option.
Okay, I initially misunderstood. Never mind.
When one of the arguments to --export does not actually match a key in the
keyring, GnuPG v2.0.18 silently
On 24/04/12 14:20, da...@gbenet.com wrote:
I too ran the gpg -k on a new user accounts and got the same results as you.
The question
is: Are both run at launch time? Or can you set which one to run?
Perhaps you should explain what you are trying to accomplish in the end. I read
something
On 26/04/12 13:48, Anthony Papillion wrote:
and that will print out his key fingerprint. This would work for anyone
else with John Smith's key as well. So let's say I'm on the phone with
someone I think is John Smith but wanted to verify using his key
fingerprint. How would asking him to tell
On 04/05/12 20:54, Ali Lown wrote:
Might I point out that discussion is with respect to an 8k RSA SSH key
for SSH authentication, not for email. A 2 second delay during the
initialization of an SSH connection is not a problem.
And here is precisely something interesting: 8k RSA is discussed as
On 04/05/12 22:35, Milo wrote:
You can't tell consumer or end-user that he can't use 256-bit, symmetric
cipher for his (even!) porn stash because this is some kind of faux pas
and he is iconoclast because of this. It's up to him.
Why should the GnuPG authors include a feature they don't
On 05/05/12 12:49, Milo wrote:
1) You are responding to citation regarding symmetric crypto with
widely used key length.
Well it's not my fault someone else went off-topic is it? If you are
here to persuade the GnuPG authors to include AES256 you're too late.
I think you can perfectly discern
Milo,
I am sorry if I somehow offended you. That's the feeling I get from your
latest mail. It was not the intention.
I do want to note that no matter how careful you read, English is
multi-interpretable and ambiguous. So when someone interprets a
statement differently than you do, it does not
On 05/05/12 15:49, Hubert Kario wrote:
As far as I know, OpenSSH uses DH parameters of the same size as the RSA
keys:
for 8k DH you need 8k RSA or (which is unmaintainable) manually force use of
8k DH.
Okay, going out on a limb here, since all what I say is conjecture.
Actually consulting
On 06/05/12 01:42, Hubert Kario wrote:
But it's the size of prime used that sets the security level, which
just happens to share security evaluation with RSA as far as number
of bits is concerned (IOW: n-bit DH is considered to be as hard to
attack as n-bit RSA).
Ah, yes, I misunderstood your
It does say in the gpg --help output:
(See the man page for a complete listing of all commands and options)
There are many more options and also commands in the full man(ual) page.
I suppose it was thought that exporting a private key was such a
relatively rarely used command it did not need to
On 07/05/12 10:30, Werner Koch wrote:
On Sun, 6 May 2012 20:15, pe...@digitalbrains.com said:
I suppose it was thought
It is also possible that I
Haha! Nice one :)
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want
On 08/05/12 00:08, Rupali Chitre wrote:
It still gives same error. I added '--homedir DIR ' in command.
echo paraphrase|gpg.exe --homedir DIR --batch --secret-keyring temporary
--passphrase-fd 0 --decrypt-files E:\a.txt.gpg
gpg: keyblock resource `DIR/secring.gpg': No such file or
On 22/05/12 15:39, Christoph Anton Mitterer wrote:
Nevertheless I guess it could even help to find awkward bugs or other
issues that may not appear with the moderate key sizes.
Or bugs only affecting large keys are not found because so few people use it,
and it becomes an attack vector
On 22/05/12 19:10, Robert J. Hansen wrote:
Your claim may lead people to writing off your movement on the grounds
that one of two things are true. Either:
- They're a bunch of crazies who think that even the park
rangers are after them,
- Or, holy Toledo, even the park
On 22/05/12 20:00, da...@gbenet.com wrote:
On 22/05/12 18:23, Hubert Kario wrote: [...snip...]
David and Hubert, could you please trim the quotes in your replies? I'm typing
this with one hand because my scroll finger is cramping... ;) j/k
Peter.
--
I use the GNU Privacy Guard (GnuPG) in
On 23/05/12 11:19, Branko Majic wrote:
As a curiosity, any ideas on what you would do to avoid use of this system
for spam purposes? (although encrypted spam won't be of much use :)
A simple challenge-response system should suffice, I'd say. When a new user
mails to such an address, he receives
Is it possible to put comments to gpg.conf? With comments I mean gpg
--comment something.
Works for me. I just included this line in gpg.conf:
comment Works for me
It results in this line in an ASCII armoured signed message:
Comment: Works for me
HTH,
Peter.
--
I use the GNU Privacy
On 01/06/12 18:00, Mika Suomalainen wrote:
Do you mean -END PGP SIGNATURE- ?
If I had been the one designing the armour format, and I had thought of this
little detail, I'd have named the three headers something like:
- -BEGIN PGP SIGNED MESSAGE-
...
- -BEGIN PGP
1 - 100 of 1316 matches
Mail list logo