Re: A postmortem on Efail

Ben McGinnes wrote: |On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: |> On 21/05/2018 13:34, Ben McGinnes wrote: |> |>> I agree with most of the article and largely with the need to break ... |Mine too, it's why I keep a copy of 1.4 installed at all. It's

Re: v1.4.22: re--importing --export'ed key from --export-secret-subkeys dir cannot --encrypt

A nice Monday afternoon i wish, i have a post scriptum. Steffen Nurpmeso wrote in <20180604134413.sljyg%stef...@sdaoden.eu>: |Last saturday i search/stumbled over an interesting Debian page |(Subkey.html) which describes how to generate a dedicated siging |subkeys, and how to create a n

v1.4.22: re--importing --export'ed key from --export-secret-subkeys dir cannot --encrypt

Hello. Last saturday i search/stumbled over an interesting Debian page (Subkey.html) which describes how to generate a dedicated siging subkeys, and how to create a new key pool via --export-secret-subkeys which does not contain (all parts of) the real private key, so that the secret key can be

Re: keyserver-options: self-sigs-only, import-clean, import-minimal

Werner Koch via Gnupg-users wrote in <87lfxfsiz0@wheatstone.g10code.de>: |On Tue, 2 Jul 2019 11:00, d...@fifthhorseman.net said: ... |import-clean does this: ... |[.]In contrast import-minimal |does this ... I (still user of GPG1, it is only your newer key which this cannot do for

Re: keyserver-options: self-sigs-only, import-clean, import-minimal

Teemu Likonen wrote in <87zhlvta73@iki.fi>: |Steffen Nurpmeso [2019-07-03 17:08:32+02:00] wrote: | |> My question: is there any better way than a shell script over |> --list-keys --with-colon | grep ^pub | ...etc... to "minimize" keys in |> my keyring (

Re: GnuPG and SSH_AUTH_SOCK value

Daniel Kahn Gillmor via Gnupg-users wrote in <87ftnup18e.fsf@fifthhorsem\ an.net>: |On Fri 2019-06-28 10:04:44 +0200, Michael Kesper wrote: |> On 23.06.19 12:21, Matthias Apitz wrote: |>> I'm used to use 'startx' and ~/.xinitrc to bring up Xorg+KDE: |> |> This makes your setup depend on a

Extraction of public key from an encrypted etc. message

Hello. Is there a way to extract the public key that can be seen when doing --list-packets from any XY where this very circumstance is true? In times where people use Autocrypt headers to distribute their (stripped etc.) public key with each message they send, it really makes me a bit sad that

Re: Extraction of public key from an encrypted etc. message

ved...@nym.hush.com wrote in <20191118020337.0881ac0...@smtp.hushmail.com>: |On 11/15/2019 at 7:26 PM, "Steffen Nurpmeso" wrote:\ |The public key _is_ in there, no? |= |No. | |Only the public Key ID is in there, not the entire public key, and \ |and even this keyID c

Re: FAQ: seeking consensus

Steffen Nurpmeso wrote in <20191021160908.4_hgk%stef...@sdaoden.eu>: |Vincent Breitmoser wrote in <2UJQOP6NMJE80.2FS52GC36TCEU@my.amazin.horse>: ||> Especially if the key is shipped alongside the message already || ||Are you sure that it is though? Seems to me you're giving o

Re: FAQ: seeking consensus

Vincent Breitmoser wrote in <2UJQOP6NMJE80.2FS52GC36TCEU@my.amazin.horse>: | |> Especially if the key is shipped alongside the message already | |Are you sure that it is though? Seems to me you're giving out ill-informed |advice here. Bad advice of mine yes, PGP does not do it the way S/MIME

Re: FAQ: seeking consensus

Steffen Nurpmeso wrote in <20191021160908.4_hgk%stef...@sdaoden.eu>: 'Just want to add that the DKIM i refer to in my first message is in my eyes not a solution but a desastrous demolition ball of the mail standard, and as such hatred by me, and the reply-to: that was pointing to Tony Lane'

Re: a new free smime service, but...

P.S.: Steffen Nurpmeso wrote in <20191023224323.kaodd%stef...@sdaoden.eu>: ... ||> I think it is common that S/MIME and SSL certificates are ||> delivered via PKCS12, including the private key. You then seem to ||> extract the individual things like || ||I think this is a

Re: a new free smime service, but...

Hello, please excuse the late reply. Uwe Brauer via Gnupg-users wrote in <874kzz1var@mat.ucm.es>: |> MFPA via Gnupg-users wrote in <1171562612.20191022004056@my_localhost_AR\ |> >: |>|On Sunday 20 October 2019 at 3:20:41 PM, in |>|, Uwe Brauer via Gnupg-users wrote:- |>| |>|> I just

Re: a new free smime service, but...

Hello, sorry for the late reply. Ralph Seichter wrote in <87pninuqns@wedjat.horus-it.com>: |* Steffen Nurpmeso: |> I think it is common that S/MIME and SSL certificates are delivered |> via PKCS12, including the private key. You then seem to extract the |> in

Re: FAQ: seeking consensus

Tony Lane via Gnupg-users wrote in : |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA512 That seems to be a good choice. |On 10/17/19 3:38 PM, Steffen Nurpmeso wrote: |> You know, i would say people should be advised to use the most |> compatible, most secure keys available for their

Re: FAQ: seeking consensus

Hello Tony. Tony Lane via Gnupg-users wrote in : |On 10/18/19 2:12 PM, Steffen Nurpmeso wrote: |> (redacted)... there are drugs and other specialists which |> can make you talk and reveal that presence. At some later time |> i would expect a court order to access log

Re: FAQ: seeking consensus

Robert J. Hansen wrote in <99710af5-92ac-dbdd-afe9-d60d89614a76@sixdemon\ bag.org>: ... |1. How should we handle the SKS keyserver attacks? ... |Another says, "with a recent GnuPG release SKS may be used productively |and we should keep the current advice." I am using them, and have had

Re: a new free smime service, but...

Robert J. Hansen wrote in <7e1208e4-aa1b-2e4c-3b3b-b74901456101@sixdemon\ bag.org>: |> Why doesn't Let's Encrypt offer this service? | |Because it's outside the scope of what Let's Encrypt exists to do, which |is make it easy to provide HTTPS support to small websites. | |SMTP is *totally*

Re: a new free smime service, but...

MFPA via Gnupg-users wrote in <1171562612.20191022004056@my_localhost_AR>: |On Sunday 20 October 2019 at 3:20:41 PM, in |, Uwe Brauer via Gnupg-users wrote:- | |> I just found that |> https://extrassl.actalis.it/portal/uapub/doProcess | |> Provides a free smime certificate. ... |> does

(GPG1) Download of false key? Key not included?

Hello. Can anyone tell me what is actually going on here. If it is as easy as "use GPG2" do not waste that much time, however, doesn't the below use RSA plus SHA-512, what v1 supports? ( Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES,

libgcrypt: random source via library on Linux?

Hello. This is maybe the wrong list, but only here i am subscribed and to me this is one project in the end, but i apologise for that. Yesterday i installed an OpenBSD 6.7 VM here, and was not able to start it with my default config (-device virtio-rng-pci) because libgcrypt failed with

Re: libgcrypt: random source via library on Linux?

Hello! Werner Koch via Gnupg-users wrote in <875zcgtizp@wheatstone.g10code.de>: |On Tue, 26 May 2020 15:35, Steffen Nurpmeso said: |> Fatal: no entropy gathering module detected | |Which version of libgcrypt is that and what build options were used? Oh, sorry. That is on C

Re: libgcrypt: random source via library on Linux?

Hello. Werner Koch wrote in <87sgfjrqf1@wheatstone.g10code.de>: |On Thu, 28 May 2020 14:43, Steffen Nurpmeso said: |> ./configure \ |> --prefix=/usr \ |> --disable-padlock-support \ |> --enable-static=yes |> make |> m

Re: libgcrypt: random source via library on Linux?

Hello Werner, all. Steffen Nurpmeso wrote in <20200529155411.tgyu1%stef...@sdaoden.eu>: |Werner Koch wrote in |<87sgfjrqf1@wheatstone.g10code.de>: ||On Thu, 28 May 2020 14:43, Steffen Nurpmeso said: ... |out for NAME_OF_DEV_*RANDOM at all .. hmm .. i must admit |rando

Re: libgcrypt: random source via library on Linux?

Steffen Nurpmeso wrote in <20200529202134.6lzbj%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in |<20200529155411.tgyu1%stef...@sdaoden.eu>: ||Werner Koch wrote in ||<87sgfjrqf1@wheatstone.g10code.de>: |||On Thu, 28 May 2020 14:43, Steffen Nurpmeso said: ... |So with

Re: libgcrypt: random source via library on Linux?

Steffen Nurpmeso wrote in <20200530145210.ewnne%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in |<20200529202134.6lzbj%stef...@sdaoden.eu>: ||Steffen Nurpmeso wrote in ||<20200529155411.tgyu1%stef...@sdaoden.eu>: |||Werner Koch wrote in |||<87sgfjrqf1@wheatstone.g10

Re: Which keyserver

Stefan Claas wrote in <20200919201736.2...@300baud.de>: |Robert J. Hansen wrote: |>> It is true the attacks were what brought it down, but the amount \ |>> of effort was not a "sustained |>> attack" by any measure. The invested resources are somewhere around \ |>> "couple hours and

Re: Follow-up on L'Affaire Stallman

This is solely my opinion. But i have to say it now. Robert J. Hansen wrote in <3e47e65a-790f-e323-7a0c-c14660cd2...@sixdemonbag.org>: |A few weeks have passed, and I figured a recap might be appropriate: | | * FSF continues to support RMS I have no opinion on that. I do not know him,

Re: [Announce] A New Future for GnuPG

Robert J. Hansen wrote in : |Werner, this is amazing news. Thank you for sharing it! | |For the list: as you may remember, each Christmas I run a fundraiser for |GnuPG. You pledge $X and I match it, that sort of thing. I didn't do |one this year because Werner contacted me earlier

Re: Pinentry problem with different home dir

Werner Koch via Gnupg-users wrote in <87r0lhzxgu@jacob.g10code.de>: |On Wed, 25 Oct 2023 18:51, Michael Richardson said: ... |Use a different home directory. Actually running | gpg --homedir /somewhere -s something |should be enough but the agent and dirmngr started on the fly won't be

Re: Seeking Assurance on Security and Memory Leaks in SuSE GnuPG

Tony Lee wrote in : |On Aug 27 I submitted a query to this mailing list on the same Subject ... |The concept that no thought may be given within gpg to the protection of |passwords, and that deprecated cryptographic functions may be in use |(despite commands to the contrary), seems to me

Re: ADK's (was: [Announce] GnuPG 2.4.1 released)

gnupg-users@gnupg.org wrote in <20230428230349.429d3d3a@localhost>: |Johan Wevers via Gnupg-users wrote: |>On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote: |> |>> * gpg: New command --quick-add-adsk and other ADSK features. |>> [T6395, https://gnupg.org/blog/20230321-adsk.html]

Re: OT: DKIM signatures on email messages from lists.gnupg.org

Konstantin Ryabitsev wrote in <20230612-landline-jawless-f2c113@meerkat>: |On Mon, Jun 12, 2023 at 06:45:37PM +0200, Alessandro Vesely via Gnupg-us\ |ers wrote: |>> What the list-software would need to do is to strip the original \ |>> DKIM signature |> |> Why? Original signatures can

Re: OT: DKIM signatures on email messages from lists.gnupg.org

Konstantin Ryabitsev wrote in <20230612-rename-satirical-b8339e@meerkat>: |On Mon, Jun 12, 2023 at 09:54:45PM +0200, Steffen Nurpmeso wrote: |>|No it isn't. Changing the subject and adding the footer is a damaging |>|anti-pattern from mid-nineties. If the end-user wants to

Re: OT: DKIM signatures on email messages from lists.gnupg.org

Alessandro Vesely wrote in <8fe44a06-cb26-db9b-bf9a-8251baf56...@tana.it>: ... |d= is not aligned. Really, you gain nothing by removing DKIM-Signature:\ |'s, |except saving a few bytes. Most non-spam non-patch messages i see have an exorbitant text / header data relation. I could not tell

Re: OT: DKIM signatures on email messages from lists.gnupg.org

Alexander Leidinger wrote in <20230613091839.horde.xomd2-klk1ptncda-lgs...@webmail.leidinger.net>: |Quoting Steffen Nurpmeso (from Mon, 12 Jun 2023 |21:54:45 +0200): ... |> non-deleted things from there (also automatically). I am happy |> that many lists i am on con

Re: expiration date for the keys pgp (automatism)

Werner Koch wrote in <875y7wvn4y@wheatstone.g10code.de>: |On Mon, 5 Jun 2023 14:49, broussard marc said: | |> => does pgp can tell when the key is becoming soon expired? | |That is easy on Unix: | | $ gpg --list-keys --with-colons \ || awk -F: -v days=60 \ | 'BEGIN {

Re: expiration date for the keys pgp (automatism)

P.S.: Steffen Nurpmeso wrote in <20230609132434.xs7mr%stef...@sdaoden.eu>: |Werner Koch wrote in | <875y7wvn4y@wheatstone.g10code.de>: ||On Mon, 5 Jun 2023 14:49, broussard marc said: || ||> => does pgp can tell when the key is becoming soon expired? || ||Th

Re: expiration date for the keys pgp (automatism)

P.P.S.: .. and getting off-topic .. Leonardo Taccari posted a brilliant idea to the already closed nawk issue that should not be concealed, to which i just now responded --- Forwarded from Steffen Nurpmeso --- |Hello! | |Leonardo Taccari wrote in | : ||@sdaoden another possible way