From reinhard.irmer at kabelmail.de Tue Jul 1 13:58:08 2014 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Tue, 1 Jul 2014 13:58:08 +0200 Subject: AW: [Announce] GnuPG 1.4.18 released In-Reply-To: <87zjgu451y.fsf@vigenere.g10code.de> References: <87zjgu451y.fsf@vigenere.g10code.de> Message-ID: <000401cf9523$bd604270$3820c750$@irmer@kabelmail.de> > -----Urspr?ngliche Nachricht----- > Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag von > Werner Koch > Gesendet: Montag, 30. Juni 2014 20:37 > An: gnupg-announce at gnupg.org; info-gnu at gnu.org > Betreff: [Announce] GnuPG 1.4.18 released > > Hello! Hello Werner, > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.18. Installing gnupg-w32cli-1.4.18.exe on winXP works, but starting wpt.exe after installation, the monitor shows "Schl?sselcache internal error". Then rightclick on wptbutton/?ber(about) in the quickstartlist shows the right versionnumbers of wpt an gnupg. But clicking "Schl?sselverwaltung" a bugmessage arrives like this. Look here: http://666kb.com/i/cpp0j83n5s33h1doq.jpg I restarted the system but no solution. So I went back to 1.4.17 :-( -- regards Reinhard --- on OUTLOOK 2007 --- From emylistsddg at gmail.com Tue Jul 1 18:29:57 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Tue, 1 Jul 2014 09:29:57 -0700 Subject: howto revoke a key that has no secret key In-Reply-To: <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <1799786337.20140701092957@gmail.com> somehow i managed to send a key id to a key server that has no secret-key. so i would like to remove it. gpg --output keyrevoke.asc --gen-revoke 0x doesn't work since there is no secret key. at a loss as to how to remove/revoke this key From mailinglisten at hauke-laging.de Tue Jul 1 18:43:42 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 01 Jul 2014 18:43:42 +0200 Subject: howto revoke a key that has no secret key In-Reply-To: <1799786337.20140701092957@gmail.com> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> Message-ID: <7594671.DkxBqUVq5r@inno> Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg: > somehow i managed to send a key id to a key server that has no > secret-key. so i would like to remove it. > > gpg --output keyrevoke.asc --gen-revoke 0x > > doesn't work since there is no secret key. > > at a loss as to how to remove/revoke this key Your question is unclear (at least to me). 1) You cannot remove a certificate from a keyserver. Not even with the private key. 2) You can delete a key from your keyring but without the private mainkey you cannot revoke the key. Guess what the consequences would be if everyone (i.e. those without the private key) could revoke a key... Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From micha at rosetree.de Tue Jul 1 21:25:28 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Tue, 01 Jul 2014 21:25:28 +0200 Subject: Calculating the Private Key Message-ID: <53B30B28.6020209@rosetree.de> Dear gnupg users, I have a question regarding a feature from mailbox.org [0]. This provider offers to encrypt every unencrypted email you receive with your public key. Thus only encrypted emails will be stored on the server. Is there any security related problem, when an attacker has both, the encrypted and decrypted message? Looking at the RSA algorithm. Is it possible to calculate the private key when a message is available both encrypted and decrypted? Maybe not with just one message, but with a thousand? The RSA formula for decrypting messages with RSA is ? according to Wikipedia [1] ? $ m = c^(d) (mod N) $ where N is ? as a part of the public key ? always given, c is the encrypted message, m the decrypted message and d the private key. Can you solve this formula for d if everything else is given? At the moment I believe it is not possible to calculate the private key. That would be an enormous bug, because everyone could write a message and encrypt it with the public key to have the encrypted and the decrypted part. But I don?t know how to prove it using maths :). So I am very interested in *why* it is not working out, assuming that I am right. [0]: http://vimeo.com/97065221 [1]: https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29#A_worked_example Thanks in advance for your answer, Micha -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Jul 1 23:28:36 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 01 Jul 2014 17:28:36 -0400 Subject: Calculating the Private Key In-Reply-To: <53B30B28.6020209@rosetree.de> References: <53B30B28.6020209@rosetree.de> Message-ID: <53B32804.8000208@sixdemonbag.org> > Looking at the RSA algorithm. Is it possible to calculate the private > key when a message is available both encrypted and decrypted? Maybe not > with just one message, but with a thousand? Assuming you mean "RSA as used in GnuPG", it is not feasible with the kinds of computers we know how to build. It will take science-fiction level breakthroughs in either engineering, mathematics, or both, to do this. > The RSA formula for decrypting messages with RSA is ? according to > Wikipedia [1] ? $ m = c^(d) (mod N) $ where N is ? as a part of the > public key ? always given, c is the encrypted message, m the decrypted > message and d the private key. Can you solve this formula for d if > everything else is given? Same answer as above. > But I don?t know how to prove it using maths :). Nobody else does, either. If you can prove that it's not possible to solve the integer factorization problem in a reasonable time period, then you'll have just proven P != NP and will be eligible for a cash prize of a cool million dollars. No, I'm not kidding. The integer factorization problem (the math RSA is built upon) is conjectured to be infeasible to break. There is no formal proof of it, though. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Tue Jul 1 23:37:32 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 01 Jul 2014 23:37:32 +0200 Subject: Calculating the Private Key In-Reply-To: <53B32804.8000208@sixdemonbag.org> References: <53B30B28.6020209@rosetree.de> <53B32804.8000208@sixdemonbag.org> Message-ID: <2609511.VfKM2gKUEq@inno> Am Di 01.07.2014, 17:28:36 schrieb Robert J. Hansen: > The integer factorization problem (the math RSA is built upon) is > conjectured to be infeasible to break. Yeah, but someone told us (pointed us at) here some time ago that breaking RSA was NOT the same like breaking RSA... ;-) -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Tue Jul 1 23:42:33 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 01 Jul 2014 17:42:33 -0400 Subject: Calculating the Private Key In-Reply-To: <2609511.VfKM2gKUEq@inno> References: <53B30B28.6020209@rosetree.de> <53B32804.8000208@sixdemonbag.org> <2609511.VfKM2gKUEq@inno> Message-ID: <53B32B49.7080105@sixdemonbag.org> > Yeah, but someone told us (pointed us at) here some time ago that > breaking RSA was NOT the same like breaking RSA... ;-) Dan Boneh has a really interesting paper showing that RSAP may not be the same as IFP, yes. But that paper exists on a very abstract plane: my math is enough that I can read it and get the rough outlines and understand the broad strokes, but I wouldn't want to make anyone think I was any kind of an expert on it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From jerome at jerome.cc Wed Jul 2 03:26:07 2014 From: jerome at jerome.cc (=?ISO-8859-1?Q?J=E9r=F4me_Pinguet?=) Date: Wed, 02 Jul 2014 03:26:07 +0200 Subject: RSA or DSA keylength as an anti-spam feature Message-ID: <53B35FAF.9060008@jerome.cc> Bonjour! Thanks to the recent bikeshedding, I learnt that doubling keysize on an asymetric key algorithm based on discrete logarithm or integer factorization doesn't, by far, double the resistance to bruteforcing, which in itself is seldom if ever the weak link in a secure communication scheme. It increases the resistance to bruteforcing only negligeably, and at the same time, it increases the CPU time needed to encrypt/decrypt & sign/verify *a lot*. Could this last property of bigger keys, significantly increasing CPU time needed to send encrypted/signed messages, be used as an anti-spam feature? OpenPGP as a kind of HashCash / proof of work solution to spam? If this proposition makes sense, that would open the way for a huge increase in user base! :-) I'm thinking about automatically sending a reply (Wanna contact me? Install GPG or use my https://encrypt.to OpenPGP.js contact form...) then deleting unencrypted emails, at the MUA level. Does this make sense? j?r?me -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 726 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Wed Jul 2 05:17:51 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 01 Jul 2014 23:17:51 -0400 Subject: RSA or DSA keylength as an anti-spam feature In-Reply-To: <53B35FAF.9060008@jerome.cc> References: <53B35FAF.9060008@jerome.cc> Message-ID: <53B379DF.70506@sixdemonbag.org> > Could this last property of bigger keys, significantly increasing CPU > time needed to send encrypted/signed messages, be used as an anti-spam > feature? Not really. If you've got a hijacked botnet of 50,000 machines, what do you care if the CPU gets pegged? You're not the machine's owner. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Wed Jul 2 05:31:57 2014 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 01 Jul 2014 20:31:57 -0700 Subject: howto revoke a key that has no secret key In-Reply-To: <1799786337.20140701092957@gmail.com> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> Message-ID: <53B37D2D.8000003@dougbarton.us> Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, save the list address and start a completely new message. hope this helps, Doug From 2014-667rhzu3dc-lists-groups at riseup.net Wed Jul 2 05:32:34 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Wed, 2 Jul 2014 04:32:34 +0100 Subject: RSA or DSA keylength as an anti-spam feature In-Reply-To: <53B35FAF.9060008@jerome.cc> References: <53B35FAF.9060008@jerome.cc> Message-ID: <865277101.20140702043234@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 2 July 2014 at 2:26:07 AM, in , J?r?me Pinguet wrote: > OpenPGP as a kind of HashCash / proof of work solution > to spam? > If this proposition makes sense, that would open the > way for a huge increase in user base! :-) Mail encryption is vastly superior to HashCash, in my opinion, since it protects the message content rather than merely wasting CPU effort. > I'm thinking about automatically sending a reply (Wanna > contact me? Install GPG or use my https://encrypt.to > OpenPGP.js contact form...) then deleting unencrypted > emails, at the MUA level. Does this make sense? Depends on context. One of the banks I use eschews all email contact but has a contact form on their "secure" website. But generally speaking, auto-replies of the type "you sent an email to , please click this link or reply to this message..." result in my not bothering, and potentially doing business with somebody who is easier to contact. By the way, I tried to send a test message to myself from but was thwarted by its assumption that the email address for message delivery would be found in the recipient's key, which mine is not. I then sent myself a test message encrypted to a revoked key, so I guess either Encrypt.to or OpenPGP.js needs a bit of tweaking. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Learning without thought is naught; thought without learning is dangerous. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlOzfVhXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pdGcD/3pn5kbdoum4JsVAH6Sl7GWOTMZKGZOOYZL7 yL/IGnlAnFQ4cycWkxlGzQIhy/V2bJQiRzjP1rsYZXfdbFkx2Ei2OJOumASxDW4c qGjyEQryo31DFdhMAZMng2fP5xi7xKrn61hr72JhgYOQRunGv29alwaKlTBWOhiq wqPgehAx =TPRt -----END PGP SIGNATURE----- From emylistsddg at gmail.com Wed Jul 2 06:45:15 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Tue, 1 Jul 2014 21:45:15 -0700 Subject: howto revoke a key that has no secret key In-Reply-To: <7594671.DkxBqUVq5r@inno> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> <7594671.DkxBqUVq5r@inno> Message-ID: <336237293.20140701214515@gmail.com> > Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg: >> somehow i managed to send a key id to a key server that has no >> secret-key. so i would like to remove it. >> gpg --output keyrevoke.asc --gen-revoke 0x >> doesn't work since there is no secret key. >> at a loss as to how to remove/revoke this key > Your question is unclear (at least to me). > 1) You cannot remove a certificate from a keyserver. Not even with the > private key. > 2) You can delete a key from your keyring but without the private > mainkey you cannot revoke the key. Guess what the consequences would be > if everyone (i.e. those without the private key) could revoke a key... well i managed to create a pub key without a priv key. that is, it only has a pub part. thats what gpa key manager is telling me. so i thought i would remove it and recreate a new key pair for that email addr. if you or someone can tell me how i can create a priv key for that email address that i created with only a pub key? i don't know how i did that with the gpa key manager. hope that clarifies it a bit -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B From micha at rosetree.de Wed Jul 2 08:37:28 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Wed, 02 Jul 2014 08:37:28 +0200 Subject: Calculating the Private Key In-Reply-To: <53B32804.8000208@sixdemonbag.org> References: <53B30B28.6020209@rosetree.de> <53B32804.8000208@sixdemonbag.org> Message-ID: <53B3A8A8.6020904@rosetree.de> On 01.07.2014 23:28, Robert J. Hansen wrote: > Assuming you mean "RSA as used in GnuPG", it is not feasible with the > kinds of computers we know how to build. It will take science-fiction > level breakthroughs in either engineering, mathematics, or both, to do this. > > The integer factorization problem (the math RSA is built upon) is > conjectured to be infeasible to break. There is no formal proof of it, > though. Thanks for your answer. Then I am convinced that the feature offered by mailbox.org is useful. Maybe we'll have to look at this topic again in 10 years or so. Have a nice day. -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From gnupg at lists.grepular.com Wed Jul 2 10:27:10 2014 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Wed, 2 Jul 2014 09:27:10 +0100 Subject: Calculating the Private Key In-Reply-To: <53B3A8A8.6020904@rosetree.de> References: <53B30B28.6020209@rosetree.de> <53B32804.8000208@sixdemonbag.org> <53B3A8A8.6020904@rosetree.de> Message-ID: <20140702082710.GA19310@glue.grepular.com> * on the Wed, Jul 02, 2014 at 08:37:28AM +0200, Micha Rosenbaum wrote: >> Assuming you mean "RSA as used in GnuPG", it is not feasible with the >> kinds of computers we know how to build. It will take science-fiction >> level breakthroughs in either engineering, mathematics, or both, to do this. >> >> The integer factorization problem (the math RSA is built upon) is >> conjectured to be infeasible to break. There is no formal proof of it, >> though. > > Thanks for your answer. Then I am convinced that the feature offered by > mailbox.org is useful. Maybe we'll have to look at this topic again in > 10 years or so. FWIW, if you run your own mail system, this is a fairly trivial feature to set up. I've been doing it myself for about three and a half years. Here's how I do it, including links to the software: https://grepular.com/Automatically_Encrypting_all_Incoming_Email -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 598 bytes Desc: Digital signature URL: From wk at gnupg.org Wed Jul 2 13:29:22 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 Jul 2014 13:29:22 +0200 Subject: AW: [Announce] GnuPG 1.4.18 released In-Reply-To: <000401cf9523$bd604270$3820c750$@irmer@kabelmail.de> (Reinhard Irmer's message of "Tue, 1 Jul 2014 13:58:08 +0200") References: <87zjgu451y.fsf@vigenere.g10code.de> <000401cf9523$bd604270$3820c750$@irmer@kabelmail.de> Message-ID: <87fvik2e3x.fsf@vigenere.g10code.de> On Tue, 1 Jul 2014 13:58, reinhard.irmer at kabelmail.de said: > Installing gnupg-w32cli-1.4.18.exe on winXP works, but starting > wpt.exe after installation, the monitor shows "Schl?sselcache internal > error". Then rightclick on wptbutton/?ber(about) in the quickstartlist I don't have the time to look at the WinPT code. But is should easily reveal the problem. A common problem in the past was that WinPT did not properly parse the colon separated messages and bailed out if a new field was added. However, 1.4.18 has just two changes: A fix to the regression which does not change the interface at all. And a changed key generation which limits RSA keys to 4096 bits - but it does so in the same way gpg rounds up a provided key size. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From micha at rosetree.de Wed Jul 2 18:42:25 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Wed, 02 Jul 2014 18:42:25 +0200 Subject: Calculating the Private Key In-Reply-To: <20140702082710.GA19310@glue.grepular.com> References: <53B30B28.6020209@rosetree.de> <53B32804.8000208@sixdemonbag.org> <53B3A8A8.6020904@rosetree.de> <20140702082710.GA19310@glue.grepular.com> Message-ID: <53B43671.1020002@rosetree.de> On 02.07.2014 10:27, Mike Cardwell wrote: > FWIW, if you run your own mail system, this is a fairly trivial feature to > set up. I've been doing it myself for about three and a half years. Here's > how I do it, including links to the software: > > https://grepular.com/Automatically_Encrypting_all_Incoming_Email That's definitely good to know. Thank you for providing this link. At the moment I don't run my own mail server, but I don't know what I'll be doing in the future ;). -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jerome at jerome.cc Wed Jul 2 19:28:47 2014 From: jerome at jerome.cc (=?ISO-8859-1?Q?J=E9r=F4me_Pinguet?=) Date: Wed, 02 Jul 2014 19:28:47 +0200 Subject: RSA or DSA keylength as an anti-spam feature In-Reply-To: <865277101.20140702043234@my_localhost> References: <53B35FAF.9060008@jerome.cc> <865277101.20140702043234@my_localhost> Message-ID: <53B4414F.3090107@jerome.cc> On 02/07/2014 05:32, MFPA wrote: > Hi > > > On Wednesday 2 July 2014 at 2:26:07 AM, in > , J?r?me Pinguet wrote: > > > > OpenPGP as a kind of HashCash / proof of work solution > > to spam? > > > If this proposition makes sense, that would open the > > way for a huge increase in user base! :-) > > Mail encryption is vastly superior to HashCash, in my opinion, since > it protects the message content rather than merely wasting CPU effort. > > > > > I'm thinking about automatically sending a reply (Wanna > > contact me? Install GPG or use my https://encrypt.to > > OpenPGP.js contact form...) then deleting unencrypted > > emails, at the MUA level. Does this make sense? > > Depends on context. One of the banks I use eschews all email contact > but has a contact form on their "secure" website. But generally > speaking, auto-replies of the type "you sent an email to > , please click this link or reply to this > message..." result in my not bothering, and potentially doing business > with somebody who is easier to contact. Most of my first contacts with potential new customers or business partners go through a contact form on my websites anyway, so that wouldn't be a problem for me. > > By the way, I tried to send a test message to myself from > but was thwarted by its assumption that the email > address for message delivery would be found in the recipient's key, > which mine is not. I then sent myself a test message encrypted to a > revoked key, so I guess either Encrypt.to or OpenPGP.js needs a bit > of tweaking. I'm following the project on GitHub, everyting is GPLv3, I'll open issues for those two problems, thanks for reporting! Git is https://github.com/encrypt-to I'm aware that OpenPGP.js is a relatively new project and less secure than GnuPG, but it might be a step forward to get people interested and to allow people who make the effort to create a key to be able to receive messages by end users. Thanks again for your answer and reports. j?r?me -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 726 bytes Desc: OpenPGP digital signature URL: From linuxdebian at zoho.com Wed Jul 2 19:38:41 2014 From: linuxdebian at zoho.com (Linux DEBIAN) Date: Wed, 2 Jul 2014 19:38:41 +0200 Subject: How to verify a signed mail (silly question maybe, sorry ;) Message-ID: <201407021939.19164.linuxdebian@zoho.com> Hello all, now I use KMail post client where it's alla automatically checked but when I am on the webmail where the signing and verifying is not "built-in" supported and when I receive an e-mail with an attchement "signature.asc", how can I verify the signature, please ? Someone asked the same question a time ago, see here :) http://ubuntuforums.org/showthread.php?t=1543478 OS: Linux debian 3.2.0-4-686-pae #1 SMP Debian 3.2.57-3+deb7u2 i686 GNU/Linux, KDE Thanks in advance for explanation for a still newbie :) Elis ? ______________________________________________________________ The message signed / encrypted by my public gnuPG key. Key ID: DBEB2B6A Key fingerprint: 5935 A6BF B301 C1AA 2218 E0E5 7D58 BAE0 DBEB 2B6A Check out the trust of the key is possible at gnuPG/PGP servers: https://keyserver.pgp.com/vkd/GetWelcomeScreen.event http://keyserver.stack.nl/ http://pgp.mit.edu/ Search keyword: linuxdebian at zoho.com http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance- will-you-tolerate-to-keep-the-nsa-away/ http://www.gpg4win.org https://gpgtools.org http://www.glump.net/howto/cryptography/practical-introduction-to-gnu-privacy- guard-in-windows https://en.wikipedia.org/wiki/GNU_Privacy_Guard ______________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5935A6BFB301C1AA2218E0E57D58BAE0DBEB2B6A.asc Type: application/pgp-keys Size: 12305 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: This is a digitally signed message part. URL: From linuxdebian at zoho.com Thu Jul 3 08:49:12 2014 From: linuxdebian at zoho.com (Linux DEBIAN) Date: Thu, 3 Jul 2014 08:49:12 +0200 Subject: [fa-ml@ariis.it: Re: How to verify a signed mail (silly question maybe, sorry ; )] In-Reply-To: <20140703014304.GB15687@x60s.casa> References: <20140703014304.GB15687@x60s.casa> Message-ID: <201407030849.29636.linuxdebian@zoho.com> Hello, thanks for your reply. Maybe I do soemthing wrong and following the instructions, still receiving 'bad signature'. It's my mail and my signature (for testing purposes) so I'm sure signature is ok, btw. Does it matter if in the beginning of the part is: Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable and the whole copied part ends with: =3D Also, when I copy the text, when using Kate (text editor for KDE, Linux), I always use utf-8 for opening/saving documents. Shall I change to another charset ? There is no choice for exactly 'ascii', just e.g. western european ISO 8859-1 and many others. Thanks for tips & help. Elis ? ______________________________________________________________ The message signed / encrypted by my public gnuPG key. Key ID: DBEB2B6A Key fingerprint: 5935 A6BF B301 C1AA 2218 E0E5 7D58 BAE0 DBEB 2B6A Check out the trust of the key is possible at gnuPG/PGP servers: https://keyserver.pgp.com/vkd/GetWelcomeScreen.event http://keyserver.stack.nl/ http://pgp.mit.edu/ Search keyword: linuxdebian at zoho.com http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance- will-you-tolerate-to-keep-the-nsa-away/ http://www.gpg4win.org https://gpgtools.org http://www.glump.net/howto/cryptography/practical-introduction-to-gnu-privacy- guard-in-windows https://en.wikipedia.org/wiki/GNU_Privacy_Guard ______________________________________________________________ > I forward this to you as sometimes my mails to gnupg-users get bounced > > > ----- Forwarded message from Francesco Ariis ----- > > Date: Thu, 3 Jul 2014 03:42:01 +0200 > From: Francesco Ariis > To: gnupg-users at gnupg.org > Subject: Re: How to verify a signed mail (silly question maybe, sorry ;) > User-Agent: Mutt/1.5.21 (2010-09-15) > > On Wed, Jul 02, 2014 at 07:38:41PM +0200, Linux DEBIAN wrote: > > [...] when I am on the webmail where the signing and verifying is not > > "built-in" supported and when I receive an e-mail with an attchement > > "signature.asc", how can I verify the signature, please ? > > Can you access the source of the email/raw-format from web interface? > If so, follow the instructions on ^RFC 3156, page 5^ [1], i.e. copy the > portion which in the example is indicated with prepended '&'s. > This will include the body of the message but also lines like: > > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > Be careful /not/ to include the last newline character. Once you saved that > to file, it's just matter of > > gpg --verify signature.asc message.txt > > > [1] https://tools.ietf.org/html/rfc3156#page-5 > > > > ----- End forwarded message ----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5935A6BFB301C1AA2218E0E57D58BAE0DBEB2B6A.asc Type: application/pgp-keys Size: 12305 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Thu Jul 3 10:56:48 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Jul 2014 10:56:48 +0200 Subject: GnuPG 2.1.0-beta442: t-timestuff.c:118: test 17 failed In-Reply-To: <20140624023813.GA28837@x2.esmtp.org> (Claus Assmann's message of "Mon, 23 Jun 2014 19:38:13 -0700") References: <20140624023813.GA28837@x2.esmtp.org> Message-ID: <871tu2252n.fsf@vigenere.g10code.de> On Tue, 24 Jun 2014 04:38, ca+gnupg at esmtp.org said: > This patch (hack?) fixes it for me (local timezone is PDT). I changed the test to use timegm and only if that is missing I use this patch. Thanks, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Jul 3 12:05:07 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Jul 2014 12:05:07 +0200 Subject: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing Message-ID: <87simizrjg.fsf@vigenere.g10code.de> Hello! I just released the fifth *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out new features and to fix the bugs in the last beta. If you need a stable and fully maintained version of GnuPG, you should use version 2.0.25 or 1.4.18. This versions is marked as BETA and as such it should in general not be used for real work. However, the core functionality is solid enough for a long time and I am using this code base for a couple of years now. What's new in 2.1.0-beta751 since beta442 ========================================= * gpg: Make export of secret keys work again. * gpg: Create revocation certificates during key generation. * gpg: Create exported secret keys and revocation certifciates with mode 0700 * gpg: The output of --list-packets does now print the offset of the packet and information about the packet header. * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617] * gpg: Screen keyserver responses to avoid importing unwanted keys from rogue servers. * gpg: The validity of user ids is now shown by default. To revert this add "list-options no-show-uid-validity" to gpg.conf. * gpg: Print more specific reason codes with the INV_RECP status. * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended key generation. * scdaemon: Support reader Gemalto IDBridge CT30 and pinpad of SCT cyberJack go. * The speedo build system has been improved. It is now also possible to build a partly working installer for Windows. Getting the Software ==================== GnuPG 2.1.0-beta751 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta751.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta751.tar.bz2.sig and soon on all mirrors . A patch against the last beta is also available. Please read the README file ! Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.1.0-beta751.tar.bz2 you would use this command: gpg --verify gnupg-2.1.0-beta751.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6 The distribution key 4F25E3B6 is signed by the well known key 1E42B367. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.1.0-beta751.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.1.0-beta751.tar.bz2 and check that the output matches this: 3d6dd8a377775780626428d98dba80dbbc5c27ac gnupg-2.1.0-beta751.tar.bz2 Documentation ============= The file gnupg.info has the complete user manual of the system. Separate man pages are included as well; however they have not all the details available in the manual. It is also possible to read the complete manual online in HTML format at https://www.gnupg.org/documentation/manuals/gnupg-devel/ The chapters on gpg-agent, gpg and gpgsm include information on how to set up the whole thing. You may also want search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. Almost all mail clients support GnuPG-2. Mutt users may want to use the configure option "--enable-gpgme" during build time and put a "set use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the reworked OpenPGP support. Support ======= Please consult the archive of the gnupg-users mailing list before reporting a bug . We suggest to send bug reports for a new release to this list in favor of filing a bug at . We also have a dedicated service directory at: https://www.gnupg.org/service.html Maintaining and improving GnuPG is costly. For more than a decade, g10 Code GmbH, a German company owned and headed by GnuPG's principal author Werner Koch, is bearing the majority of these costs. To help them carry on this work, they need your support. See https://gnupg.org/donate/ Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, and answering questions on the mailing lists. Happy Hacking, The GnuPG Team -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 180 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mailinglist at krebs.uno Thu Jul 3 12:50:50 2014 From: mailinglist at krebs.uno (Daniel Krebs) Date: Thu, 03 Jul 2014 12:50:50 +0200 Subject: Analogien um das Prinzip von PGP zu =?ISO-8859-15?Q?erkl=E4ren?= Message-ID: <53B5358A.7060500@krebs.uno> Hallo, da ich das gerade mit Matthias von der FSFE im Rahmen von #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt ihr, wenn ihr Menschen das Prinzip von PGP/GPG erkl?rt? Ich verwende ich meistens folgende Version: Es gibt ein Schloss mit zwei Schl?ssell?chern. Jeder Schl?ssel funktioniert nur in eine Richtung, also entweder Ge?ffnetes schlie?en oder Geschlossenes ?ffnen. Daran kann man dann auch das signieren erkl?ren, was ja bei der "klassischen Metapher" (?ff. Schl?ssel = Schloss, priv. Schl?ssel = Schl?ssel) nicht funktioniert. Also: Verschl?sseln: Jemand verschlie?t mit meinem ?ffentlichen Schl?ssel, ich ?ffne mit meinem geheimen. Signieren: Ich signiere mit meinem privaten Schl?ssel, jemand anders ?berpr?ft mit meinem ?ffentlichen. Anregungen, Meinungen? -- kind regards daniel krebs From wk at gnupg.org Thu Jul 3 13:32:43 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Jul 2014 13:32:43 +0200 Subject: Analogien um das Prinzip von PGP zu =?utf-8?Q?erkl=C3=A4ren?= In-Reply-To: <53B5358A.7060500@krebs.uno> (Daniel Krebs's message of "Thu, 03 Jul 2014 12:50:50 +0200") References: <53B5358A.7060500@krebs.uno> Message-ID: <877g3uznhg.fsf@vigenere.g10code.de> On Thu, 3 Jul 2014 12:50, mailinglist at krebs.uno said: > Anregungen, Meinungen? You should translate your question to English or send it to gnupg-de at gnupg.org. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From neal at walfield.org Thu Jul 3 13:46:33 2014 From: neal at walfield.org (Neal H. Walfield) Date: Thu, 03 Jul 2014 13:46:33 +0200 Subject: Analogien um das Prinzip von PGP zu =?UTF-8?B?ZXJrbMOkcmVu?= In-Reply-To: <53B5358A.7060500@krebs.uno> References: <53B5358A.7060500@krebs.uno> Message-ID: <87vbre64x2.wl%neal@walfield.org> At Thu, 03 Jul 2014 12:50:50 +0200, Daniel Krebs wrote: > da ich das gerade mit Matthias von der FSFE im Rahmen von > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erkl?rt? > Ich verwende ich meistens folgende Version: > > Es gibt ein Schloss mit zwei Schl?ssell?chern. Jeder Schl?ssel > funktioniert nur in eine Richtung, also entweder Ge?ffnetes schlie?en > oder Geschlossenes ?ffnen. Daran kann man dann auch das signieren > erkl?ren, was ja bei der "klassischen Metapher" (?ff. Schl?ssel = > Schloss, priv. Schl?ssel = Schl?ssel) nicht funktioniert. Also: > Verschl?sseln: > Jemand verschlie?t mit meinem ?ffentlichen Schl?ssel, ich ?ffne mit > meinem geheimen. > Signieren: > Ich signiere mit meinem privaten Schl?ssel, jemand anders ?berpr?ft mit > meinem ?ffentlichen. > > Anregungen, Meinungen? You might want to take a look a this: https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ Email encryption, although cryptographically straightforward, appears too complicated for laypeople to understand. In our project, we aimed to understand why this problem has eluded researchers for well over a decade and expand the design space of possible solutions to this and similar challenges at the intersection of security and usability. ... In PGP?s metaphors, each user posses two items, a private key and a public key. Have you inferred how the protocol works yet? Unless you have previous exposure to cryptography, likely not. Why do I have two keys? What do these keys open? Aren?t all keys private? When you want to send a message to someone, you encrypt it with his public key, which is known to everyone. The recipient can decrypt it with his private key, which only he possesses. But can?t anyone use the public key to decrypt the message again? Nope. A public key can only encrypt, not decrypt. Just trust us on that one. You?re probably starting to understand why secure email is so hard to use. Bear with us for one paragraph longer. ... We decided to test whether better metaphors might be able to close this gap between security and usability. Specifically, we wanted metaphors that represented the cryptographic actions a user performs to send secure email and were evocative enough that users could reason about the security properties of PGP without needing to read a lengthy, technical introduction. We settled on four objects: a key, lock, seal and imprint. To send someone a message, secure it with that person?s lock. Only this recipient has the corresponding key, so only they can open it. To prove your identity, stamp the message with your seal. Since everyone knows what your seal?s imprint looks, it?s easy to verify that the message came from you. Neal From mailinglist at krebs.uno Thu Jul 3 14:06:04 2014 From: mailinglist at krebs.uno (Daniel Krebs) Date: Thu, 03 Jul 2014 14:06:04 +0200 Subject: This time in English: How to explain the principles of PGP, looking for metaphors Message-ID: <53B5472C.9050907@krebs.uno> Sorry! I picked the wrong language / list last time... So in English: What metaphors do you use when explaining people PGP? Two examples: 1. A lock with two keys? 2. A lock (public) and a key (private) Something completely different? Problems with both: 1. Seems to be kind of hard to understand for most people, because a lock with one key to open and one key to close is rather special. 2. Signing emails is hard to explain this way. Signining by putting a lock on it? Any ideas are appreciated. An Interesting approach (Thanks Neal for the link): Using 4 items: key, lock, seal and imprint. https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ -- kind regards daniel krebs From pete at heypete.com Thu Jul 3 13:13:31 2014 From: pete at heypete.com (Pete Stephenson) Date: Thu, 3 Jul 2014 13:13:31 +0200 Subject: =?UTF-8?Q?Re=3A_Analogien_um_das_Prinzip_von_PGP_zu_erkl=C3=A4ren?= In-Reply-To: <53B5358A.7060500@krebs.uno> References: <53B5358A.7060500@krebs.uno> Message-ID: I seem to recall someone on this list using a mailbox like the one at [1] as an analogy for public-key encryption: anyone can walk up to the mailbox and place a letter in the slot ("encrypting a message to the recipient's public key"), but they cannot retrieve any other letters in the box [2]. That type of mailbox is essentially a "one-way" device, and messages placed in the mailbox can only be retrieved by someone who has the key to unlock it (the "private key" belonging to the recipient). I'm not really sure of a similar analogy for signing. [1] http://www.signaturehardware.com/outdoor/mailboxes-and-slots/castle-locking-wall-mount-mailbox-with-newspaper-roll.html [2] Obviously mailboxes can be broken into with relative ease, but it's merely an example. 2014-07-03 12:50 GMT+02:00 Daniel Krebs : > Hallo, > da ich das gerade mit Matthias von der FSFE im Rahmen von > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt ihr, > wenn ihr Menschen das Prinzip von PGP/GPG erkl?rt? > Ich verwende ich meistens folgende Version: > > Es gibt ein Schloss mit zwei Schl?ssell?chern. Jeder Schl?ssel > funktioniert nur in eine Richtung, also entweder Ge?ffnetes schlie?en > oder Geschlossenes ?ffnen. Daran kann man dann auch das signieren > erkl?ren, was ja bei der "klassischen Metapher" (?ff. Schl?ssel = > Schloss, priv. Schl?ssel = Schl?ssel) nicht funktioniert. Also: > Verschl?sseln: > Jemand verschlie?t mit meinem ?ffentlichen Schl?ssel, ich ?ffne mit > meinem geheimen. > Signieren: > Ich signiere mit meinem privaten Schl?ssel, jemand anders ?berpr?ft mit > meinem ?ffentlichen. > > Anregungen, Meinungen? > > -- > kind regards > daniel krebs > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Pete Stephenson -------------- next part -------------- An HTML attachment was scrubbed... URL: From frase at frase.id.au Thu Jul 3 14:56:30 2014 From: frase at frase.id.au (Fraser Tweedale) Date: Thu, 3 Jul 2014 22:56:30 +1000 Subject: Analogien um das =?iso-8859-1?Q?Prinzi?= =?iso-8859-1?Q?p_von_PGP_zu_erkl=E4ren?= In-Reply-To: <87vbre64x2.wl%neal@walfield.org> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> Message-ID: <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> On Thu, Jul 03, 2014 at 01:46:33PM +0200, Neal H. Walfield wrote: > At Thu, 03 Jul 2014 12:50:50 +0200, > Daniel Krebs wrote: > > da ich das gerade mit Matthias von der FSFE im Rahmen von > > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erkl?rt? > > Ich verwende ich meistens folgende Version: > > > > Es gibt ein Schloss mit zwei Schl?ssell?chern. Jeder Schl?ssel > > funktioniert nur in eine Richtung, also entweder Ge?ffnetes schlie?en > > oder Geschlossenes ?ffnen. Daran kann man dann auch das signieren > > erkl?ren, was ja bei der "klassischen Metapher" (?ff. Schl?ssel = > > Schloss, priv. Schl?ssel = Schl?ssel) nicht funktioniert. Also: > > Verschl?sseln: > > Jemand verschlie?t mit meinem ?ffentlichen Schl?ssel, ich ?ffne mit > > meinem geheimen. > > Signieren: > > Ich signiere mit meinem privaten Schl?ssel, jemand anders ?berpr?ft mit > > meinem ?ffentlichen. > > > > Anregungen, Meinungen? > > You might want to take a look a this: > > https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ > > Email encryption, although cryptographically straightforward, > appears too complicated for laypeople to understand. In our > project, we aimed to understand why this problem has eluded > researchers for well over a decade and expand the design space of > possible solutions to this and similar challenges at the > intersection of security and usability. > > ... > > In PGP?s metaphors, each user posses two items, a private key and a > public key. Have you inferred how the protocol works yet? Unless > you have previous exposure to cryptography, likely not. Why do I > have two keys? What do these keys open? Aren?t all keys private? > When you want to send a message to someone, you encrypt it with his > public key, which is known to everyone. The recipient can decrypt > it with his private key, which only he possesses. But can?t anyone > use the public key to decrypt the message again? Nope. A public > key can only encrypt, not decrypt. Just trust us on that one. > Not so; this analogy might seem useful for explaining message encryption, but will lead to more confusion when attempting to understand/explain signing - where indeed the public key is used to decrypt a digest encrypted by a public key. Fraser > > You?re probably starting to understand why secure email is so hard > to use. Bear with us for one paragraph longer. > > ... > > We decided to test whether better metaphors might be able to close > this gap between security and usability. Specifically, we wanted > metaphors that represented the cryptographic actions a user performs > to send secure email and were evocative enough that users could > reason about the security properties of PGP without needing to read > a lengthy, technical introduction. We settled on four objects: a > key, lock, seal and imprint. To send someone a message, secure it > with that person?s lock. Only this recipient has the corresponding > key, so only they can open it. To prove your identity, stamp the > message with your seal. Since everyone knows what your seal?s > imprint looks, it?s easy to verify that the message came from you. > > > Neal > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From frase at frase.id.au Thu Jul 3 15:08:06 2014 From: frase at frase.id.au (Fraser Tweedale) Date: Thu, 3 Jul 2014 23:08:06 +1000 Subject: This time in English: How to explain the principles of PGP, looking for metaphors In-Reply-To: <53B5472C.9050907@krebs.uno> References: <53B5472C.9050907@krebs.uno> Message-ID: <20140703130805.GV1419@bacardi.hollandpark.frase.id.au> On Thu, Jul 03, 2014 at 02:06:04PM +0200, Daniel Krebs wrote: > Sorry! > I picked the wrong language / list last time... > So in English: > What metaphors do you use when explaining people PGP? Two examples: > 1. A lock with two keys? > 2. A lock (public) and a key (private) > Something completely different? > > Problems with both: > 1. Seems to be kind of hard to understand for most people, because a > lock with one key to open and one key to close is rather special. > 2. Signing emails is hard to explain this way. Signining by putting a > lock on it? > > Any ideas are appreciated. > The way I attempt to explain public key encryption and signing: Each key in the keypair - one kept private to the owner, the other made public - is both: a) A set of instructions for building a lock that *only* the other key can unlock; and b) The key for such a lock as could be built with the other key. Therefore, a encrypted message can be sent to someone by using their public key to build a "lock" for the message. Only the private key is able to "unlock" it. Similarly, a sender of some message can authenticate it by using their private key to "lock" the message. If it can be "unlocked" by their public key, only a person who possesses the private key could have built that lock. I hope this explanation makes sense. Let me know if you could suggest improvements to this analogy. Cheers, Fraser > An Interesting approach (Thanks Neal for the link): Using 4 items: key, > lock, seal and imprint. > https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ > > > -- > kind regards > daniel krebs > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From frase at frase.id.au Thu Jul 3 15:10:00 2014 From: frase at frase.id.au (Fraser Tweedale) Date: Thu, 3 Jul 2014 23:10:00 +1000 Subject: Analogien um das =?iso-8859-1?Q?Prinzi?= =?iso-8859-1?Q?p_von_PGP_zu_erkl=E4ren?= In-Reply-To: <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> Message-ID: <20140703130959.GW1419@bacardi.hollandpark.frase.id.au> On Thu, Jul 03, 2014 at 10:56:30PM +1000, Fraser Tweedale wrote: > On Thu, Jul 03, 2014 at 01:46:33PM +0200, Neal H. Walfield wrote: > > At Thu, 03 Jul 2014 12:50:50 +0200, > > Daniel Krebs wrote: > > > da ich das gerade mit Matthias von der FSFE im Rahmen von > > > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > > > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erkl?rt? > > > Ich verwende ich meistens folgende Version: > > > > > > Es gibt ein Schloss mit zwei Schl?ssell?chern. Jeder Schl?ssel > > > funktioniert nur in eine Richtung, also entweder Ge?ffnetes schlie?en > > > oder Geschlossenes ?ffnen. Daran kann man dann auch das signieren > > > erkl?ren, was ja bei der "klassischen Metapher" (?ff. Schl?ssel = > > > Schloss, priv. Schl?ssel = Schl?ssel) nicht funktioniert. Also: > > > Verschl?sseln: > > > Jemand verschlie?t mit meinem ?ffentlichen Schl?ssel, ich ?ffne mit > > > meinem geheimen. > > > Signieren: > > > Ich signiere mit meinem privaten Schl?ssel, jemand anders ?berpr?ft mit > > > meinem ?ffentlichen. > > > > > > Anregungen, Meinungen? > > > > You might want to take a look a this: > > > > https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ > > > > Email encryption, although cryptographically straightforward, > > appears too complicated for laypeople to understand. In our > > project, we aimed to understand why this problem has eluded > > researchers for well over a decade and expand the design space of > > possible solutions to this and similar challenges at the > > intersection of security and usability. > > > > ... > > > > In PGP?s metaphors, each user posses two items, a private key and a > > public key. Have you inferred how the protocol works yet? Unless > > you have previous exposure to cryptography, likely not. Why do I > > have two keys? What do these keys open? Aren?t all keys private? > > When you want to send a message to someone, you encrypt it with his > > public key, which is known to everyone. The recipient can decrypt > > it with his private key, which only he possesses. But can?t anyone > > use the public key to decrypt the message again? Nope. A public > > key can only encrypt, not decrypt. Just trust us on that one. > > > Not so; this analogy might seem useful for explaining message > encryption, but will lead to more confusion when attempting to > understand/explain signing - where indeed the public key is used to > decrypt a digest encrypted by a public key. > Whups. The digest is encrypted by the *private* key, of course :) > Fraser > > > > > You?re probably starting to understand why secure email is so hard > > to use. Bear with us for one paragraph longer. > > > > ... > > > > We decided to test whether better metaphors might be able to close > > this gap between security and usability. Specifically, we wanted > > metaphors that represented the cryptographic actions a user performs > > to send secure email and were evocative enough that users could > > reason about the security properties of PGP without needing to read > > a lengthy, technical introduction. We settled on four objects: a > > key, lock, seal and imprint. To send someone a message, secure it > > with that person?s lock. Only this recipient has the corresponding > > key, so only they can open it. To prove your identity, stamp the > > message with your seal. Since everyone knows what your seal?s > > imprint looks, it?s easy to verify that the message came from you. > > > > > > Neal > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From olav at enigmail.net Thu Jul 3 14:00:27 2014 From: olav at enigmail.net (Olav Seyfarth) Date: Thu, 03 Jul 2014 14:00:27 +0200 Subject: =?UTF-8?B?QW5hbG9naWVzIHRvIGV4cGxhaW4gdGhlIGJhc2ljIHByaW5jaXBsZXM=?= =?UTF-8?B?IG9mIGVuY3J5cHRpb24gYXMgdXNlZCBieSBPcGVuUEdQICh3YXM6IFJlOiBBbmE=?= =?UTF-8?B?bG9naWVuIHVtIGRhcyBQcmluemlwIHZvbiBQR1AgenUgZXJrbMOkcmVuKQ==?= In-Reply-To: <87vbre64x2.wl%neal@walfield.org> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> Message-ID: <53B545DB.3010009@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Daniel, I'd also rather use the analogy of a "padlock without key" to be distributed by the receipient of a message. That way you're able to explain the prerequisite for asymmetric crypto as we use it in OpenPGP: the receipent must "do something" BEFORE anyone can send anything (secured by that means) to him. Everyone knows what happens if you snap the lever into the lock - you're only able to unlock it if you have the key (or a big tool, OK). Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJTtUXYAAoJEKGX32tq4e9W6CIL/A/fs634GpvCyGjc0adwSygW fBu29jUwyeA5WkNf6nfEG4t7Ez+4eI8ME7msOz/z3RVv/Ugey5IUy8abuNV1QPhZ anWTsRcZF6tCIcKSj/zxSN+ShaRWhmHo+98hliltuxBzkZVzli6G86NJwcNyzgtV vpXRP0paKvYEeZf/v/YqdW+MkCfKTVcXh4mMwy3aP4ZrlHXsAR1VsPj930iJhA26 LIdTVZEirnclE/4EUP5giweh+XDkXh/ke5wBJdaYQMzADGTygIFmuWsbAuATvkDq INd5F3/s8fbXLcHgNAJiPW4B8qs/NpGH/Of3gCsgGZjT0PaXk3wjMNxoHasD1y52 zaeGcwHZ/NmI35QVeeBGxdH6tuIwpwxyr21Zv4U/8lOa85o91hmyFsSAOTueyLh1 TLn0NsiQrUB7WgoL/K4ic+y9KJkGXyM/8c53V6V4KQHTLHNsidebKv99uH1S06d3 BsgHNAOgjYgKqVVbQkMOjpQbI9dJ7elaLA8OEbPhRA== =hiE3 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Jul 3 15:27:24 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Jul 2014 09:27:24 -0400 Subject: Analogien um das Prinzip von PGP zu =?ISO-8859-1?Q?erkl=E4re?= =?ISO-8859-1?Q?n?= In-Reply-To: References: <53B5358A.7060500@krebs.uno> Message-ID: <53B55A3C.6060904@sixdemonbag.org> > I seem to recall someone on this list using a mailbox like the one at > [1] as an analogy for public-key encryption: anyone can walk up to the > mailbox and place a letter in the slot ("encrypting a message to the > recipient's public key"), but they cannot retrieve any other letters in > the box [2]. 'Twas me. :) From mailinglist at krebs.uno Thu Jul 3 15:41:57 2014 From: mailinglist at krebs.uno (Daniel Krebs) Date: Thu, 03 Jul 2014 15:41:57 +0200 Subject: Analogies to explain the basic principles of encryption as used by OpenPGP In-Reply-To: <53B545DB.3010009@enigmail.net> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <53B545DB.3010009@enigmail.net> Message-ID: <53B55DA5.8050800@krebs.uno> Hi Olav, Am 03.07.2014 14:00, schrieb Olav Seyfarth: > I'd also rather use the analogy of a "padlock without key" to be distributed by > the receipient of a message. That way you're able to explain the prerequisite > for asymmetric crypto as we use it in OpenPGP: the receipent must "do something" > BEFORE anyone can send anything (secured by that means) to him. Everyone knows > what happens if you snap the lever into the lock - you're only able to unlock it > if you have the key (or a big tool, OK). But how would you explain signing from that point of view? -- kind regards daniel krebs From wk at gnupg.org Thu Jul 3 16:16:59 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Jul 2014 16:16:59 +0200 Subject: Analogien um das Prinzip von PGP zu =?utf-8?Q?erkl=C3=A4ren?= In-Reply-To: <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> (Fraser Tweedale's message of "Thu, 3 Jul 2014 22:56:30 +1000") References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> Message-ID: <87tx6yy1b8.fsf@vigenere.g10code.de> On Thu, 3 Jul 2014 14:56, frase at frase.id.au said: > encryption, but will lead to more confusion when attempting to > understand/explain signing - where indeed the public key is used to > decrypt a digest encrypted by a public key. Signing is a very different thing than encryption. It has nothing to do with encryption. Using the terms decryption or encryption to describe signature creation and verification leads to confusion (it is actually only partly true for the RSA algorithm). We use two different keys, one for encryption and for signatures. OpenPGP merely puts them together on the same "keyring" (technically called a keyblock) for convenience. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Jul 3 16:24:17 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Jul 2014 16:24:17 +0200 Subject: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing In-Reply-To: <53B53E05.3090205@sumptuouscapital.com> (Kristian Fiskerstrand's message of "Thu, 03 Jul 2014 13:27:01 +0200") References: <87simizrjg.fsf@vigenere.g10code.de> <53B53E05.3090205@sumptuouscapital.com> Message-ID: <87pphmy0z2.fsf@vigenere.g10code.de> On Thu, 3 Jul 2014 13:27, kristian.fiskerstrand at sumptuouscapital.com said: > Functionally things are working nicely for me using git master. A > feature request might be to make the number of objects for a keyserver > refresh customizable as I can't refresh my keyring using 2.1 (but can > using 2.0), anyhow, more importantly. I'll be on vacation the next two weeks. I'll take care of it then (patches anyone)? > These all belong in tests/pkits. Please find enclosed logs of the > failing tests. I have not run pkits tests for ages ;-). Needs to be checked of course. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kloecker at kde.org Thu Jul 3 19:52:24 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Thu, 3 Jul 2014 19:52:24 +0200 Subject: How to verify a signed mail (silly question maybe, sorry ;) In-Reply-To: <201407021939.19164.linuxdebian@zoho.com> References: <201407021939.19164.linuxdebian@zoho.com> Message-ID: <3191102.GjyOqOso6m@thufir.ingo-kloecker.de> On Wednesday 02 July 2014 19:38:41 Linux DEBIAN wrote: > Hello all, > > > now I use KMail post client where it's alla automatically checked > but when I am on the webmail where the signing and verifying is not > "built-in" supported and when I receive an e-mail with an attchement > "signature.asc", how can I verify the signature, please ? I think you've left out a few constraints. When you are on webmail, what tools are available to you? It seems obvious to me, that Linux is not available to you (because otherwise you'd most likely also have KMail available). What else is not available to you? What is available to you? Why do you only have webmail? Regardless of your answers to those questions, my suggestion is to switch to a webmail solution with built-in support for OpenPGP/MIME. Alternatively, if you do not want to make a complete switch, then still create an account at a webmail provider that does support OpenPGP/MIME and then forward signed messages for verification to this webmail solution. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kloecker at kde.org Thu Jul 3 20:11:34 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Thu, 3 Jul 2014 20:11:34 +0200 Subject: [fa-ml@ariis.it: Re: How to verify a signed mail (silly question maybe, sorry ; )] In-Reply-To: <201407030849.29636.linuxdebian@zoho.com> References: <20140703014304.GB15687@x60s.casa> <201407030849.29636.linuxdebian@zoho.com> Message-ID: <1670493.4IbohRZGOf@thufir.ingo-kloecker.de> On Thursday 03 July 2014 08:49:12 Linux DEBIAN wrote: > Hello, > > thanks for your reply. > > Maybe I do soemthing wrong and following the instructions, still > receiving 'bad signature'. I'm not surprised. It seems that Francesco Ariis has left out a crucial step (or you have removed it when you quoted his message). RFC 3156 reads ===== Upon receipt of a signed message, an application MUST: (1) Convert line endings to the canonical sequence before the signature can be verified. This is necessary since the local MTA may have converted to a local end of line convention. (2) Pass both the signed data and its associated content headers along with the OpenPGP signature to the signature verification service. ===== > It's my mail and my signature (for testing purposes) so I'm sure > signature is ok, btw. > > Does it matter if in the beginning of the part is: > > Content-Type: Text/Plain; > charset="utf-8" > Content-Transfer-Encoding: quoted-printable No. > and the whole copied part ends with: > > =3D It shouldn't matter. > Also, when I copy the text, when using Kate (text editor for KDE, > Linux), I always use utf-8 for opening/saving documents. > Shall I change to another charset ? > There is no choice for exactly 'ascii', just e.g. western european ISO > 8859-1 and many others. The charset should be irrelevant because quoted-printable encoded text does not contain any non-ASCII characters. Concerning (1) in the excerpt of RFC 3156 quoted above, you have to tell Kate to switch the line endings to Windows line endings (Tools->End of Line->Windows/DOS) before saving the text to a file. Or run unix2dos on the saved text to convert the line endings on the command line. If you do all of this correctly, then you might be lucky that the signature verification succeeds. You might not be so lucky when the next signed message arrives. IMHO trying to verify an OpenPGP/MIME-signed message by hand is at most a nice exercise, but it's certainly nothing one should do regularly. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kristian.fiskerstrand at sumptuouscapital.com Thu Jul 3 13:27:01 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 03 Jul 2014 13:27:01 +0200 Subject: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing In-Reply-To: <87simizrjg.fsf@vigenere.g10code.de> References: <87simizrjg.fsf@vigenere.g10code.de> Message-ID: <53B53E05.3090205@sumptuouscapital.com> On 07/03/2014 12:05 PM, Werner Koch wrote: > Hello! > > I just released the fifth *beta version* of GnuPG 2.1. It has been > released to give you the opportunity to check out new features and > to fix the bugs in the last beta. > Looking good. Functionally things are working nicely for me using git master. A feature request might be to make the number of objects for a keyserver refresh customizable as I can't refresh my keyring using 2.1 (but can using 2.0), anyhow, more importantly. As we're running more frequent betas when enabling tests again it shows that on my computer the following 3 of 18 tests failed (its not a recent regression, but something that has been happening for a while, hence I've kept tests restricted for a while). FAIL: import-all-certs FAIL: validate-all-certs FAIL: signature-verification These all belong in tests/pkits. Please find enclosed logs of the failing tests. This is running on a Gentoo system with the live ebuild from layman[mercurial]:k_f. The regular build system is happening in a sandboxed environment. -- ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Manus manum lavat One hand washes the other -------------- next part -------------- A non-text attachment was scrubbed... Name: import-all-certs.log Type: text/x-log Size: 48714 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: validate-all-certs.log Type: text/x-log Size: 165892 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature-verification.log Type: text/x-log Size: 1642 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Jul 4 05:22:27 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Jul 2014 23:22:27 -0400 Subject: riseup.net OpenPGP Best Practices article In-Reply-To: <53AE4004.70006@sixdemonbag.org> References: <20140624035552.GB1419@bacardi.hollandpark.frase.id.au> <53AC3B98.1060201@fifthhorseman.net> <53AC7D41.5010906@sixdemonbag.org> <6134419.xed50sakqP@inno> <53AC926D.1030007@sixdemonbag.org> <87d2duddsy.fsf@vigenere.g10code.de> <53ADDBC9.4040802@sixdemonbag.org> <53AE4004.70006@sixdemonbag.org> Message-ID: <53B61DF3.4050905@fifthhorseman.net> On 06/28/2014 12:09 AM, Robert J. Hansen wrote: > When faced with that, it's only a matter of time until Alice decides to > put 3DES first in her own preference list. And then all her > communications to Bob have 112 bits of keyspace, not the 256 Bob > demands. I think you're talking about personal-cipher-preferences here, which Alice uses to govern the cipher she uses. Note that she could even put IDEA first here. Are you suggesting that she *removes* all other cipher algorithms from her advertised preference list as well, or does she actually advertise all ciphers her openPGP implementation is capable of? > And unless Bob is paranoid enough to check the symmetric > algorithm used on every single encrypted message, Bob will never know > that Alice's communications to him have been degraded. well, OK. Alice could also publish the cleartext on her blog, and Bob would never know it if he doesn't read her blog. Bob can't control what Alice does; what he can do is to advertise his preferences in a cryptographically-verifiable way, and set *his own* personal-cipher-preferences to prefer stronger ciphers. then, unless Alice has actively removed all ciphers from her advertised preferences except for 3DES, Bob's personal-cipher-preferences will take precedence in the messages that he sends. I feel like i shouldn't have to point this out, but: * This is what the best practices page we've been discussing is suggesting. This is the right thing to do, and Bob should do it, regardless of whatever bad advice Alice has bought into. Arguing that it's hopeless/pointless/harmful to prefer stronger ciphers yourself because one of your correspondents might be tricked into disabling stronger ciphers makes no sense from either a security or interoperability perspective. I'm really sorry to hear about your graduate student debt, Rob, but this is not the best way to pay it off :P > Werner and others are absolutely right: there is no *technical* way to > degrade things to 3DES. But given that cipher preference lists are > fundamentally a *human* decision, well... the human being is always > exploitable. Of course. And we should make our defaults better and encourage stronger mechanisms for everyone, instead of trying to claim that using well-known, widely-adopted, clearly-specified, longstanding algorithms is somehow "breaking the spec". I'm sure you're not trying to claim that AES is actually a worse cipher than DES, or that members of the SHA-2 family are actually worse digests than SHA-1. So i think the scenario you paint above reinforces the points made by the riseup best practices document. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 05:54:39 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Jul 2014 23:54:39 -0400 Subject: Key distribution via NFC Message-ID: <53B6257F.7090403@sixdemonbag.org> A good friend just gave me a handful of NFC tags that are capable of storing about 400 bytes. It's a convenient form factor: a cardboard disk with an adherent backing, perhaps 2.5cm across. Bring it close to a mobile phone and presto, bang, it can access the 400 bytes. This is too large to store an RSA or DSA2 certificate, unfortunately. But it got me thinking that with the move to elliptical-curve crypto in GnuPG 2.1, it might be interesting to think about the possibility of using NFC tags for certificate distribution. Keep an NFC tag on your keychain. If someone asks you for your certificate, you don't have to trade a SHA-1 fingerprint -- just put down your keychain and let the person wave a cell phone over it. Obviously there are risks associated with NFC, and I haven't done any real looking at the security model of NFC -- it's very likely there are big things I'm overlooking. But the ability to store 400 bytes, to access it quickly and easily, and all in a tag that costs less than a dollar and can be read with almost any modern smartphone, is kind of cool. It might be worth thinking how this can be used. :) From mailinglisten at hauke-laging.de Fri Jul 4 06:04:12 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 04 Jul 2014 06:04:12 +0200 Subject: Key distribution via NFC In-Reply-To: <53B6257F.7090403@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> Message-ID: <3961180.ttMiNocHUy@inno> Am Do 03.07.2014, 23:54:39 schrieb Robert J. Hansen: > Bring it close > to a mobile phone and presto, bang, it can access the 400 bytes. > > This is too large to store an RSA or DSA2 certificate, unfortunately. I don't even have a smartphone... but 1) might it be possible to combine several of these storage devices (reading them one after the other) to add up their capacity? 2) wouldn't it be enough to transfer the mainkey? Or even a fingerprint? The rest could be safely taken from the keyservers. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Fri Jul 4 06:08:04 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 00:08:04 -0400 Subject: riseup.net OpenPGP Best Practices article In-Reply-To: <53B61DF3.4050905@fifthhorseman.net> References: <20140624035552.GB1419@bacardi.hollandpark.frase.id.au> <53AC3B98.1060201@fifthhorseman.net> <53AC7D41.5010906@sixdemonbag.org> <6134419.xed50sakqP@inno> <53AC926D.1030007@sixdemonbag.org> <87d2duddsy.fsf@vigenere.g10code.de> <53ADDBC9.4040802@sixdemonbag.org> <53AE4004.70006@sixdemonbag.org> <53B61DF3.4050905@fifthhorseman.net> Message-ID: <53B628A4.5050200@sixdemonbag.org> > I think you're talking about personal-cipher-preferences here, which > Alice uses to govern the cipher she uses. Correct. > Note that she could even put IDEA first here. Sure, but it wouldn't take unless Bob had IDEA in his preference list. If Bob's preference list is AES256 CAMELLIA256 3DES, then if Alice's choice of IDEA will be ignored. The choice of 3DES won't be, which is why 3DES is relevant here. > actually advertise all ciphers her openPGP implementation is capable of? I'm saying only that she puts 3DES ahead of Bob's preferred 256-bit ciphers in her personal-cipher-preferences. Bob is all about "I must have at least 256 bits of keyspace in all my email!" But Bob can't do that, because Alice can *always* degrade him to 112 bits by choosing 3DES. And since Bob is the target, and since we're assuming the enemy is well-financed and professional and capable of tricking people, Bob needs to stop thinking he can somehow guarantee 256 bits of keyspace in his emails. Bob can guarantee 256 bits of keyspace in *what he generates*. Bob cannot guarantee 256 bits of keyspace in *what he receives*. Telling people to use extremely large keys because "then your correspondents will be using RSA-ungodly, which has an effective something-ridiculous keyspace" sounds nice, but it's not true. Bob can only guarantee up to 112 bits of keyspace in the traffic that gets sent to him, because Bob can't prohibit his correspondents from using 3DES. Anyone who simply, glibly, says "use long certificates because they give a larger effective keyspace," is committing fraud, IMO. You're making promises that aren't true and which you can't back up. "Using long certificates *may* give a larger effective keyspace, but really, you can only ever be certain of 112 bits of keyspace, so you should design your security model such that it only relies on 112 bits of keyspace" is accurate. But I think if long certificates were to be marketed that way, a lot of people would blink a few times and ask, "well, what's the point, then?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 06:15:16 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 00:15:16 -0400 Subject: Key distribution via NFC In-Reply-To: <53B6257F.7090403@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> Message-ID: <53B62A54.4030503@sixdemonbag.org> > This is too large to store an RSA or DSA2 certificate, unfortunately. Too *small*. Sorry. Time for me to go drink coffee straight from the pot. Also, for Americans, happy Fourth of July. :) From rjh at sixdemonbag.org Fri Jul 4 06:18:56 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 00:18:56 -0400 Subject: Key distribution via NFC In-Reply-To: <3961180.ttMiNocHUy@inno> References: <53B6257F.7090403@sixdemonbag.org> <3961180.ttMiNocHUy@inno> Message-ID: <53B62B30.6020605@sixdemonbag.org> > 1) might it be possible to combine several of these storage devices > (reading them one after the other) to add up their capacity? Probably, but once you've got a dozen of these things they sort of stop being a convenient form factor. :) > 2) wouldn't it be enough to transfer the mainkey? Or even a fingerprint? > The rest could be safely taken from the keyservers. Yes, but... Remember why the keyservers exist: because when a key is several thousand bytes it's pretty inconvenient to keep it with you. Only keeping a 40-hexit SHA-1 hash is much more convenient: give the recipient that and let them look it up on the keyservers. But what if giving them your key was as simple as putting down a read-only NFC token and telling people, "there, scan that"? It might be popular with the crowd that shuns keyservers, for whatever reason. ("I don't like spammers," "I think they're probably monitored," "I don't know the keyserver operators so how can I trust them," etc. -- many of these reasons are ridiculous, but that doesn't mean there aren't a lot of people who hold those beliefs.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Jul 4 06:57:53 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 04 Jul 2014 00:57:53 -0400 Subject: Key distribution via NFC In-Reply-To: <53B6257F.7090403@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> Message-ID: <53B63451.7070009@fifthhorseman.net> On 07/03/2014 11:54 PM, Robert J. Hansen wrote: > the ability to store 400 bytes, to > access it quickly and easily, and all in a tag that costs less than a > dollar and can be read with almost any modern smartphone, is kind of cool. it is cool indeed. You can also get all of the above properties, plus the ability for (sighted) humans to detect any deliberate interference, and to know when the device is reasonably shielded from eavesdroppers, with a QR code or other medium-density bar code for which free readers are available. The monkeysign project and the guardian project are both doing good work in that direction. Moving the signalling from visible light to the RF part of the spectrum seems like it would be a regression to me. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Jul 4 07:01:23 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 04 Jul 2014 01:01:23 -0400 Subject: riseup.net OpenPGP Best Practices article In-Reply-To: <53B628A4.5050200@sixdemonbag.org> References: <20140624035552.GB1419@bacardi.hollandpark.frase.id.au> <53AC3B98.1060201@fifthhorseman.net> <53AC7D41.5010906@sixdemonbag.org> <6134419.xed50sakqP@inno> <53AC926D.1030007@sixdemonbag.org> <87d2duddsy.fsf@vigenere.g10code.de> <53ADDBC9.4040802@sixdemonbag.org> <53AE4004.70006@sixdemonbag.org> <53B61DF3.4050905@fifthhorseman.net> <53B628A4.5050200@sixdemonbag.org> Message-ID: <53B63523.90405@fifthhorseman.net> On 07/04/2014 12:08 AM, Robert J. Hansen wrote: > Bob is all about "I must have at least 256 bits of keyspace in all my > email!" But Bob can't do that, because Alice can *always* degrade him > to 112 bits by choosing 3DES. Of course. And Alice can always send Bob cleartext too. does that mean that Bob shouldn't offer any encryption key at all because there's no guarantee that it will be used? > And since Bob is the target, and since > we're assuming the enemy is well-financed and professional and capable > of tricking people, Bob needs to stop thinking he can somehow guarantee > 256 bits of keyspace in his emails. stronger keys are not about guaranteeing any particular level of security -- they are about *permitting* that level of security (or, more likely, about providing that much larger of a buffer against unknown mathematical advances), should the other actors in the game do something different. GnuPG's current default of a 2048-bit RSA key is roughly 103-bit symmetric equivalent. When using keys of that size, breaking the key is more likely to be accessible to a well-funded attacker than breaking the symmetric cipher itself. And consider the value of the different parts of the cryptosystem: breaking the asymmetric key lets you break all the ciphertexts ever encrypted to that key, whereas breaking the symmetric cipher only allows access to a single ciphertext... > "Using long certificates *may* give a larger effective keyspace, but > really, you can only ever be certain of 112 bits of keyspace, so you > should design your security model such that it only relies on 112 bits > of keyspace" is accurate. Except that you can't even rely on 112 bits of keyspace at all. even if alice doesn't just send cleartext, she could select bad keys for 3DES, or have a compromised RNG, or lots of other failure modes. You can't be certain of any of it. What you *can* do is offer stronger keys so that the buffer against attack is able to be larger should the other aspects hold up. > But I think if long certificates were to be > marketed that way, a lot of people would blink a few times and ask, > "well, what's the point, then?" let's look at it the other way: if you do assume that the symmetric ciphers in use give you 112-bit security, wouldn't a lot of people blink a few times and ask "well, why would use an asymmetric key with 1/500th the resistance to brute force attack?" --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 07:19:42 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 01:19:42 -0400 Subject: riseup.net OpenPGP Best Practices article In-Reply-To: <53B63523.90405@fifthhorseman.net> References: <20140624035552.GB1419@bacardi.hollandpark.frase.id.au> <53AC3B98.1060201@fifthhorseman.net> <53AC7D41.5010906@sixdemonbag.org> <6134419.xed50sakqP@inno> <53AC926D.1030007@sixdemonbag.org> <87d2duddsy.fsf@vigenere.g10code.de> <53ADDBC9.4040802@sixdemonbag.org> <53AE4004.70006@sixdemonbag.org> <53B61DF3.4050905@fifthhorseman.net> <53B628A4.5050200@sixdemonbag.org> <53B63523.90405@fifthhorseman.net> Message-ID: <53B6396E.1050805@sixdemonbag.org> > Of course. And Alice can always send Bob cleartext too. does that mean > that Bob shouldn't offer any encryption key at all because there's no > guarantee that it will be used? It means Bob should have a line item for that in his security model. "Alice may send me cleartext." It also means Bob should have a line in his security model, "Even if Alice correctly uses OpenPGP to encrypt her email to me, I can only rely on 112 bits of keyspace." > stronger keys are not about guaranteeing any particular level of > security -- they are about *permitting* that level of security (or, more > likely, about providing that much larger of a buffer against unknown > mathematical advances), should the other actors in the game do something > different. I love this idea: "permits." Who permits it? When designing a system, you must assume that anything that's not a game-over is under the enemy's control. You're relying on *the enemy permitting it*. If I'm trying to break your traffic, Daniel, the last thing I'll do is tackle even 80-bit crypto. Seriously. Life's too short. But if I have to, the very first thing I'll do is find a way to degrade you into using an inferior level than your model expects. I'll go after Alice. I'll find some way to convince her to shift to 3DES. And just like that, I, the enemy, will revoke your permission to have 256-bit crypto on the Alice->you link. You'll have 112, because that's what I'll allow. > GnuPG's current default of a 2048-bit RSA key is roughly 103-bit > symmetric equivalent. According to one group; according to NIST, it's 112. That's quibbling, though: a factor of 2**9 is irrelevant. > Except that you can't even rely on 112 bits of keyspace at all. even if > alice doesn't just send cleartext, she could select bad keys for 3DES, > or have a compromised RNG, or lots of other failure modes. Sure, but this requires me to compromise Alice's box and violates the game-over assumption that the endpoints are secure. > let's look at it the other way: if you do assume that the symmetric > ciphers in use give you 112-bit security, wouldn't a lot of people blink > a few times and ask "well, why would use an asymmetric key with 1/500th > the resistance to brute force attack?" Because (a) according to NIST they're equivalent, (b) nine bits is irrelevant, and (c) if you check the archives you'll discover I've been rather kind to RSA-3072; it's beyond that where I've always said "oh, give me a break already." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 07:24:53 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 01:24:53 -0400 Subject: Key distribution via NFC In-Reply-To: <53B63451.7070009@fifthhorseman.net> References: <53B6257F.7090403@sixdemonbag.org> <53B63451.7070009@fifthhorseman.net> Message-ID: <53B63AA5.8090306@sixdemonbag.org> > You can also get all of the above properties... *Almost*. NFC is significantly more convenient than fumbling with your phone's camera app, taking a snapshot, etc. Wave it and it's done. NFC has some interesting human interface engineering behind it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From johanw at vulcan.xs4all.nl Fri Jul 4 08:05:47 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 04 Jul 2014 08:05:47 +0200 Subject: Key distribution via NFC In-Reply-To: <53B62B30.6020605@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> <3961180.ttMiNocHUy@inno> <53B62B30.6020605@sixdemonbag.org> Message-ID: <53B6443B.8050408@vulcan.xs4all.nl> On 04-07-2014 6:18, Robert J. Hansen wrote: > But what if giving them your key was as simple as putting down a > read-only NFC token and telling people, "there, scan that"? Read-only you say? NFC writers are cheap (they were even sold out here when someone foud out you could use them to top-up the new public transportation cards with them). Maybe even my phone could do it. And with Android 4.4 or Cyanogenmod, you could even try setting it in NFC host mode and use the phone as NFC tag. Although that might be not as easy as it should, I tried programming my phone to replace the badge I have to enter my work but failed (it uses some Mifare classic chip). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From micha at rosetree.de Fri Jul 4 08:36:02 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Fri, 04 Jul 2014 08:36:02 +0200 Subject: Analogien um das Prinzip von PGP zu =?UTF-8?B?ZXJrbMOkcmVu?= In-Reply-To: <87tx6yy1b8.fsf@vigenere.g10code.de> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> <87tx6yy1b8.fsf@vigenere.g10code.de> Message-ID: <53B64B52.5030100@rosetree.de> On 03.07.2014 16:16, Werner Koch wrote: > Signing is a very different thing than encryption. It has nothing to do > with encryption. Using the terms decryption or encryption to describe > signature creation and verification leads to confusion I think the term ?signing? leads to confusion, too. When I receive a signed statement from a good friend, I have no chance to prove whether he signed or not. And proving if something was added after he signed it is even more difficult. But as far as I know this is all possible with an OpenPGP signature. So are there analogies that can easily explain what signing does? -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 08:49:37 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 02:49:37 -0400 Subject: riseup.net OpenPGP Best Practices article In-Reply-To: <53B63523.90405@fifthhorseman.net> References: <20140624035552.GB1419@bacardi.hollandpark.frase.id.au> <53AC3B98.1060201@fifthhorseman.net> <53AC7D41.5010906@sixdemonbag.org> <6134419.xed50sakqP@inno> <53AC926D.1030007@sixdemonbag.org> <87d2duddsy.fsf@vigenere.g10code.de> <53ADDBC9.4040802@sixdemonbag.org> <53AE4004.70006@sixdemonbag.org> <53B61DF3.4050905@fifthhorseman.net> <53B628A4.5050200@sixdemonbag.org> <53B63523.90405@fifthhorseman.net> Message-ID: <53B64E81.2050102@sixdemonbag.org> This will be my last on the thread. You've said several times that your interest is in making sure crypto isn't the weak link in the chain. Well, it's not. We know it's not. (And not just because of XKCD, either.[*]). Roughly one in four desktop PCs is already exploited. Applications are a seething morass of Metasploit targets. Physical access trumps all and that the government is skilled at using Van Eyck devices, black bag teams, subpoenas, national security letters, and more to get what they want. Organized crime has even fewer scruples and nothing's off the table for them, including field expedient dentistry. Given what a target-rich environment the net is, the difference between a 3DES level of keyspace and an AES256 level of keyspace does not matter a tinker's damn to whether your communications are safe. I want to emphasize this: the changes that you are passionately arguing about *do* *not* *matter*. And passionate argument about things that don't matter is... bikeshedding. No more bikeshedding. My final statements about this thread: * I've seen very little support from the list for your proposed best practices document, * I conclude the community's sentiment is that the defaults are good, * The FAQ will continue to recommend people use the defaults. [**] [*] http://xkcd.com/538/ [**] as always, Werner gets final say! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Jul 4 08:51:10 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 02:51:10 -0400 Subject: Key distribution via NFC In-Reply-To: <53B6443B.8050408@vulcan.xs4all.nl> References: <53B6257F.7090403@sixdemonbag.org> <3961180.ttMiNocHUy@inno> <53B62B30.6020605@sixdemonbag.org> <53B6443B.8050408@vulcan.xs4all.nl> Message-ID: <53B64EDE.5030404@sixdemonbag.org> > Read-only you say? Given I've only been playing around with these things for the last few hours, you'll have to forgive the occasional newbie mistake. :) But damn, they're *neat*! From micha at rosetree.de Fri Jul 4 10:01:56 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Fri, 04 Jul 2014 10:01:56 +0200 Subject: Analogien um das Prinzip von PGP zu =?UTF-8?B?ZXJrbMOkcmVu?= In-Reply-To: <53B64B52.5030100@rosetree.de> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> <87tx6yy1b8.fsf@vigenere.g10code.de> <53B64B52.5030100@rosetree.de> Message-ID: <53B65F74.6020000@rosetree.de> On 04.07.2014 09:22, Martin Behrendt wrote: >> So are there analogies that can easily explain what signing does? > > My first try (I think someone wrote something similar before, just > slightly different context): I give you (everyone) a key, to a > (pad)lock which only I can build. And I lock my message with that > (pad)lock. If the key I gave you fits and opens the lock you know the > message came from me. > > You just have to make clear that this lock doesn't prevent anyone from > reading the message because everyone has the key to it. You're right. That's hard to impart that the message will be readable to everyone. Also it doesn't prevent anyone from changing the message content after you send (and signed) it. I don't see, how you could do this with your (pad)lock analogy. (I am answering to the list with permission from Martin, who said he hit the wrong button per mistake.) -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From burhanik at evosys.co.in Thu Jul 3 21:46:29 2014 From: burhanik at evosys.co.in (Burhani Kara) Date: Thu, 3 Jul 2014 23:46:29 +0400 Subject: Fwd: gnupg 1.4.14 Installation Problem In-Reply-To: References: Message-ID: Hi, Greetings !!! We are trying to installed package for encryption on Solaris 10 but we are not able to download the right package for GnuPG. Kindly guide us for installing gnupg 1.4.14 package. Please let us know the quote and the support you offer. Regards, Burhani S Kara Evolutionary Systems Project Manager Contact no: +971 528038539 (UAE) +971-566637539 -------------- next part -------------- An HTML attachment was scrubbed... URL: From burks at burks.de Fri Jul 4 12:11:08 2014 From: burks at burks.de (Burkhard Schroeder) Date: Fri, 04 Jul 2014 12:11:08 +0200 Subject: Analogien um das Prinzip von PGP zu =?ISO-8859-15?Q?erkl=E4r?= =?ISO-8859-15?Q?en?= In-Reply-To: <53B5358A.7060500@krebs.uno> References: <53B5358A.7060500@krebs.uno> Message-ID: <53B67DBC.1010207@burks.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03-Jul-14 12:50 PM, Daniel Krebs wrote: > Anregungen, Meinungen? http://www.german-privacy-fund.de/e-mails-verschlusseln-leicht-gemacht/ Burks :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTtn28AAoJELfcD90rortPTxUH/jhLKPPU+99rAoRURc4bIBGT oeLD609YfrMtCVblWJTP8w1UM5BNKl5FcxN9UzWGV+Lx7BQyuFMAlGixaCp5q/30 I57pUq9mRgBuakRL7+/2YoGVus0bdkW+J1ZHzx2ciTSeKRmHsI1w/Obi/XDuWZrB rjKWjOcxNIu/Y/GxvNvJuIdVCp6QU90RT4oMNTNsM/dqGJYLqkZc+FlCEqDAKgmx IGLKpCbt0SKQ/gex8TbIiQqfsYDBMn6Wxi2yKV94hJt+uSfIS6nkk/4ICAnEXAq6 0GD1CyaIO5v0YSyGC5jDkrQ8WOGXDei/TYtx7sUB1ZR2bgrNyJzgCLJjqe0hCk8= =bKHw -----END PGP SIGNATURE----- From mailinglist at krebs.uno Fri Jul 4 15:25:13 2014 From: mailinglist at krebs.uno (Daniel Krebs) Date: Fri, 04 Jul 2014 15:25:13 +0200 Subject: Analogien um das Prinzip von PGP zu =?ISO-8859-1?Q?erkl=E4re?= =?ISO-8859-1?Q?n?= In-Reply-To: <87tx6yy1b8.fsf@vigenere.g10code.de> References: <53B5358A.7060500@krebs.uno> <87vbre64x2.wl%neal@walfield.org> <20140703125629.GU1419@bacardi.hollandpark.frase.id.au> <87tx6yy1b8.fsf@vigenere.g10code.de> Message-ID: <53B6AB39.3020504@krebs.uno> Am 03.07.2014 16:16, schrieb Werner Koch: > Signing is a very different thing than encryption. It has nothing to > do > with encryption. Using the terms decryption or encryption to describe > signature creation and verification leads to confusion (it is actually > only partly true for the RSA algorithm). > > We use two different keys, one for encryption and for signatures. > OpenPGP merely puts them together on the same "keyring" (technically > called a keyblock) for convenience. You're right, the more I think about it, the more I like the idea of using the terms "key, lock, seal and imprint". They differentiate between signing & encryption but are rather intuitive if you are not familiar with the technical details of PKI. -- kind regards daniel krebs From davidq at lelantos.org Fri Jul 4 15:47:27 2014 From: davidq at lelantos.org (David Q.) Date: Fri, 4 Jul 2014 13:47:27 -0000 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140519131638.Horde.Qk58l-9UrkbhZU539k8IBA1@mail.sixdemonbag.org> References: <537A1B92.5040803@mail.ru> <20140519131638.Horde.Qk58l-9UrkbhZU539k8IBA1@mail.sixdemonbag.org> Message-ID: <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> (I'm continuing my thread from May 2014.) I have been reading through this thread. Most of you don't seem worried about the possibility of 4096 qubits happening (i.e., of RSA-2048 being cracked) at all before you are dead. But what about younger people here in their teens, 20s or 30s? What am I missing? * Is there simply no general interest to address this at this time in the cryptographic/PGP community? * Maybe I should ask again in 10 years? If people notice that Moore's Law is holding up for qubits after 10 years, maybe they'll more eagerly start looking for solutions? Right now my main worry is that people will store a lot of encrypted data long-term and crack it open in 50-60 years using a quantum computer. Because of this, every time I use PGP I have to ask myself: Do I care if people crack this after 50 years? It's cumbersome. From rjh at sixdemonbag.org Fri Jul 4 20:02:06 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 14:02:06 -0400 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> References: <537A1B92.5040803@mail.ru> <20140519131638.Horde.Qk58l-9UrkbhZU539k8IBA1@mail.sixdemonbag.org> <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> Message-ID: <53B6EC1E.2020502@sixdemonbag.org> > Most of you don't seem worried about the possibility of 4096 qubits > happening (i.e., of RSA-2048 being cracked) at all before you are > dead. Excited, maybe. Not worried. > But what about younger people here in their teens, 20s or 30s? What > am I missing? I had an aunt that I was really close to. She was diagnosed with terminal, inoperable cancer in 1980 and given no more than three to five years to live. Two years later new oncological medicine dialed the clock back and gave her another three to five years. A few years after that, it repeated. Ultimately she died in 2005, twenty-five years after her initial three-to-five prognosis, after outliving two of her oncologists. She was a tough old bird. But cancer still got her, and I'm still angry at cancer over that. So what you're saying is ... if huge quantum computers come to pass, what you're worried about is your personal emails being readable by someone who's spent the last fifty years laboriously archiving everything? Man, I'm *welcoming* the future. The possibility of using really large quantum computers to efficiently do simulation of large, complex phenomena -- like drug interactions with cancer! -- is so cool that if I could, if I could wave a magic wand and drop computing technology from 100 years in the future on us right now, I'd do it in a heartbeat and have a big smile on my face as I caused everyone's secrets to be exposed. Because it would also mean we'd be a hundred years closer to curing cancer. A hundred years closer to curing HIV. A hundred years closer to being able to efficiently and quickly discover new classes of antibiotics to fight the current drug-resistant regimes. A hundred years closer to... Am I worried about the future? Oh, heavens, no. I'm greeting it with my arms wide open and screaming at it, "Faster, please!" And I think you should, too. I think all of us should. Oh, yes, there will be drawbacks to progress -- there always are -- but that cannot be a reason for us to look at progress with anything less than awe and joyful expectation! > Because of this, every time I use PGP I have to ask myself: Do I care > if people crack this after 50 years? It's cumbersome. If you're using OpenPGP to secure things for 50+ years, you're using the wrong tool. PGP stands for Pretty Good Privacy. Not perfect, and not 50+ years. Just Pretty Good. From rjh at sixdemonbag.org Fri Jul 4 20:29:48 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Jul 2014 14:29:48 -0400 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53B6EC1E.2020502@sixdemonbag.org> References: <537A1B92.5040803@mail.ru> <20140519131638.Horde.Qk58l-9UrkbhZU539k8IBA1@mail.sixdemonbag.org> <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> <53B6EC1E.2020502@sixdemonbag.org> Message-ID: <53B6F29C.2030806@sixdemonbag.org> >> But what about younger people here in their teens, 20s or 30s? What >> am I missing? (For the record: at 39 I am close to outside of David's target audience, but I'm still within it. :) ) From johanw at vulcan.xs4all.nl Fri Jul 4 23:01:55 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 04 Jul 2014 23:01:55 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> References: <537A1B92.5040803@mail.ru> <20140519131638.Horde.Qk58l-9UrkbhZU539k8IBA1@mail.sixdemonbag.org> <69c76c75185ad3de3d88185b124d8b40.squirrel@lelantoss7bcnwbv.onion> Message-ID: <53B71643.9060408@vulcan.xs4all.nl> On 04-07-2014 15:47, David Q. wrote: > * Is there simply no general interest to address this at this time in the > cryptographic/PGP community? There exists public-key algorithms that are resistant against quantum computers, see https://en.wikipedia.org/wiki/NTRUEncrypt for example, an overview can be found on https://en.wikipedia.org/wiki/Post-quantum_cryptography . However, they are usually not as well analysed als ElGamal and RSA, and they often require quite large keys to be secure against known attacks. For these reasons I would not trust them yet. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From mwood at IUPUI.Edu Fri Jul 4 23:05:52 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Fri, 4 Jul 2014 17:05:52 -0400 Subject: Key distribution via NFC In-Reply-To: <53B6257F.7090403@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> Message-ID: <20140704210552.GB19835@IUPUI.Edu> First thought: wow, someone came up with an NFC application that I would actually accept as not obviously horrible security. Second thought: you could just keep your public key in a saved TXT and just send it to the other's phone that way. Even my unsmart phone with the 4.5cm screen can do that. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From rethab at rethab.ch Fri Jul 4 11:52:47 2014 From: rethab at rethab.ch (=?UTF-8?Q?Reto_Habl=C3=BCtzel?=) Date: Fri, 4 Jul 2014 11:52:47 +0200 Subject: Is it possible to set a passphrase_cb in gpgme with openpgp protocol Message-ID: Hi, I have set a passphrase callback with the gpgme library, but still I am prompted by an external window to enter my passphrase when I call a function that needs it. Please note that I did not (intentionally) start the gpg-agent. Is there a way to force the callback being used rather than that external window? I would really like to handle this programmatically in this case. I read in the ruby-bindings library that this only worked with version 1.X but seems not to work anymore with 2.X. Is there any truth to this? - Reto -------------- next part -------------- An HTML attachment was scrubbed... URL: From tytower at yahoo.com Sat Jul 5 02:31:03 2014 From: tytower at yahoo.com (Yahoo) Date: Sat, 5 Jul 2014 10:31:03 +1000 Subject: ./configure ...error Message-ID: <20140705103103.f262905744ce4b1fa049824d@yahoo.com> I am trying to install GnuPg I have the latest libgpg-error installed and have tried with various libraries from 1.11 up. I still get the below error message on all of them . The script seems to look for " gpg-error-config" script and I have checked and found it where it should be and the system can find it OK but the configure script appears not to recognise it Any help appreciated *** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgpg-error *** (at least version 1.11 is required.) *** configure: error: configure: error: *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. *** -- Yahoo From tytower at yahoo.com Sat Jul 5 13:05:36 2014 From: tytower at yahoo.com (Yahoo) Date: Sat, 5 Jul 2014 21:05:36 +1000 Subject: ./configure ...error Message-ID: <20140705210536.33b0712312ada2cd05fce0d0@yahoo.com> Further to my last email I ran the script sh gpg-error-config --version and it gave 1.10 so this is why its not being accepted ? I have installed version 1.13? I don't know how this happens but what should i do to get an installation of gpg-error-config of 1.11 or greater ? -- Yahoo From kloecker at kde.org Sat Jul 5 22:59:54 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 5 Jul 2014 22:59:54 +0200 Subject: ./configure ...error In-Reply-To: <20140705210536.33b0712312ada2cd05fce0d0@yahoo.com> References: <20140705210536.33b0712312ada2cd05fce0d0@yahoo.com> Message-ID: <1923282.NiZ7RLHahV@thufir.ingo-kloecker.de> On Saturday 05 July 2014 21:05:36 Yahoo wrote: > Further to my last email I ran the script > sh gpg-error-config --version and it gave 1.10 so this is why its > not being accepted ? I have installed version 1.13? I don't know how > this happens but what should i do to get an installation of > gpg-error-config of 1.11 or greater ? What distribution are you using? How did you install gpg-error 1.13? Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From whirlpool at blinkenshell.org Sun Jul 6 09:59:52 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Sun, 6 Jul 2014 09:59:52 +0200 Subject: Key distribution via NFC In-Reply-To: References: Message-ID: <20140706075952.GB14303@blinkenshell.org> It seems that APG and OpenKeychain on Android supports GPG key exchange via NFC just like BBM pin exchange via QRcode. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From whirlpool at blinkenshell.org Sun Jul 6 09:36:05 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Sun, 6 Jul 2014 09:36:05 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: References: Message-ID: <20140706073605.GA65057@blinkenshell.org> Using GPG encryption is still good, although it's vulnerable to quantum cryptodecryption. It's a good idea to set an expiration for each of your GPG key. So that, when the expiration time comes, you'll be able to generate a new GPG key to address a possibility of your old keys being cracked. GPG is not perfect. It's just pretty good as the name suggest. At least, it'll be able to protect your secured data for the rest of your life or for the time specified at the expiration date. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From 2014-667rhzu3dc-lists-groups at riseup.net Sun Jul 6 13:48:05 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 6 Jul 2014 12:48:05 +0100 Subject: Key distribution via NFC In-Reply-To: <53B63AA5.8090306@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> <53B63451.7070009@fifthhorseman.net> <53B63AA5.8090306@sixdemonbag.org> Message-ID: <493627119.20140706124805@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 4 July 2014 at 6:24:53 AM, in , Robert J. Hansen wrote: > NFC is significantly more convenient than > fumbling with your phone's camera app, taking a > snapshot, etc. Wave it and it's done. NFC has some > interesting human interface engineering behind it. Reading QR codes tends to be more "select your QR reader app, point the camera at a QR code, it is automatically read" than your description. So unless the user has NFC-reading enabled all the time, an un-necessary drain on their phone battery, they need to enable the function in order to read the NFC tag, making it not really much quicker or easier than reading a QR code. But the NFC tag idea definitely sounds "cool." - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Dollar sign - An S that's been double crossed -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO5N35XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pdVAEAJ2kG5Wxz8/3NeIRwXRLSQiLjV2rtkibKljV /4YHQ+gSr0y9NfCCznTqVMYt6KgnUldAqBYyT/TUBBfxfmQNkf1Nex1lChpKvwXt VqDpjRzWNo/RgAEX8Oz1b9pnMGyVWmQTwx9pM6+MrPNOkI0btdAGYRyHC1fyZ2aR 5SUooGjJ =0kVL -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Sun Jul 6 13:53:26 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 6 Jul 2014 12:53:26 +0100 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140706073605.GA65057@blinkenshell.org> References: <20140706073605.GA65057@blinkenshell.org> Message-ID: <619995917.20140706125326@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 6 July 2014 at 8:36:05 AM, in , The Fuzzy Whirlpool Thunderstorm wrote: > Using GPG encryption is still good, although it's > vulnerable to quantum cryptodecryption. It's a good > idea to set an expiration for each of your GPG key. So > that, when the expiration time comes, you'll be able to > generate a new GPG key to address a possibility of your > old keys being cracked. At the same time, would you advocate decrypting all your encrypted files and encrypting them to the new key? Or were you just referring to encrypted communications? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net It is not necessary to have enemies if you go out of your way to make friends hate you. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO5OL1XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pOaYEAMPOGTFQO+0oSNtJETxH3OxzwpcxRYJgurGN nGVq70eSGo6HK+SH/J95rsI1g40UinTkp76n9U4EQpaHctW8NlnlS2z3ISueud2y iz7KlVsMEd8VMAumKLtV2iYyFC1m/8KumWrhpmFT6Q61hFwdBFUzuTwFpE5OiuH6 MatrcVzo =avfT -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Sun Jul 6 16:25:57 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sun, 06 Jul 2014 16:25:57 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140706073605.GA65057@blinkenshell.org> References: <20140706073605.GA65057@blinkenshell.org> Message-ID: <53B95C75.5030209@vulcan.xs4all.nl> On 06-07-2014 9:36, The Fuzzy Whirlpool Thunderstorm wrote: > Using GPG encryption is still good, although it's vulnerable to quantum > cryptodecryption. > It's a good idea to set an expiration for each of your GPG key. > So that, when the expiration time comes, you'll be able to generate a > new GPG key to address a possibility of your old keys being cracked. I don't see the relation between these two. You don't know when quantum computers who can break > 1024 RSA will be a reality so when should you set the expiration date? And you can always revoke a key if something like this happens, no need for expiration dates there either. Since I don't know when I will consider a key compromised or weak, I don't work with expiry dates but revoke the key in such a case. > GPG is not perfect. It's just pretty good as the name suggest. > At least, it'll be able to protect your secured data for the rest of > your life or for the time specified at the expiration date. If a key expires data will not be automatically decrypted. Nor will it become unusable. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Sun Jul 6 18:21:13 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 06 Jul 2014 12:21:13 -0400 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140706073605.GA65057@blinkenshell.org> References: <20140706073605.GA65057@blinkenshell.org> Message-ID: <53B97779.8020905@sixdemonbag.org> On 7/6/2014 3:36 AM, The Fuzzy Whirlpool Thunderstorm wrote: > Using GPG encryption is still good, although it's vulnerable to > quantum cryptodecryption. In point of fact, we don't know this. Theoretically, science-fiction level breakthroughs in quantum computation would break RSA. But the problem with theory is some of the things that theory permits turn out to be impossible in reality. For instance, there's nothing in the laws of physics that prohibit things from having negative mass, but we've never encountered negative-mass material anywhere: not in the lab, not in the world, not in deep space, not anywhere. It's good to be skeptical of quantum computation. It's interesting to read up on, but be immensely skeptical of all predictions. From ndk.clanbo at gmail.com Sun Jul 6 19:35:58 2014 From: ndk.clanbo at gmail.com (NdK) Date: Sun, 06 Jul 2014 19:35:58 +0200 Subject: Key distribution via NFC In-Reply-To: <53B6257F.7090403@sixdemonbag.org> References: <53B6257F.7090403@sixdemonbag.org> Message-ID: <53B988FE.6070402@gmail.com> Il 04/07/2014 05:54, Robert J. Hansen ha scritto: > If someone asks you for your certificate, you don't have to > trade a SHA-1 fingerprint -- just put down your keychain and let the > person wave a cell phone over it. Just place in the tag the URL where to retrieve your key. > Obviously there are risks associated with NFC, and I haven't done any > real looking at the security model of NFC -- it's very likely there are > big things I'm overlooking. But the ability to store 400 bytes, to > access it quickly and easily, and all in a tag that costs less than a > dollar and can be read with almost any modern smartphone, is kind of cool. Or, as suggested, use the whole phone as a smart tag, placing it in "device mode" with a suitable applet that sends your whole key w/o the limit of 400 bytes. Too bad it's quite easy to reprogram the tags, IIUC, so the applet method should be preferred. IMOP, such an applet should be able to use bluetooth, too, to allow sending the key to non-nfc enabled phones (but maybe a simple file manager could be enough for this? Maybe some file managers already allow to send via NFC too)... BYtE, Diego. From mmfische at web.de Sun Jul 6 23:18:20 2014 From: mmfische at web.de (Matthias Fischer) Date: Sun, 6 Jul 2014 23:18:20 +0200 Subject: Encrypt directly to keyfile Message-ID: Hi folks, I already asked the question here about half a year ago, but IIRC didn't get any reaction: Imagine you have a file containing one or more PGP-Public-Keys, and you want to encrypt something for this key, without adding the key to your public keyring. Is there some commandline option to easily achieve this? I would expect something like: $ gpg --recipient-file -e instead of: $ gpg --recipient -e I can achieve something similar, by using: $ gpg --no-default-keyring --keyring /tmp/keyring.once --import $ gpg --no-default-keyring --keyring /tmp/keyring.once --trust-model always --recipient -e But this requires an additional temporary file (which needs to be deleted), and I still have to look for the Key-IDs in the file, to give them as parameters. If there isn't an option for this, I think it would be a neat feature to implement. One might ask what this is good for: I'm thinking mostly about automated systems. Imagine a webforum, mailinglist or something similar. The interface could provide the user with an input-area to paste a public key(s) into, and then every automated mail (like forgotten-password, notifications or reminders) could be encrypted directly to those keys. Regards, MM From mailinglisten at hauke-laging.de Mon Jul 7 00:53:18 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 07 Jul 2014 00:53:18 +0200 Subject: Encrypt directly to keyfile In-Reply-To: References: Message-ID: <1934508.8RpDS71JHv@inno> Am So 06.07.2014, 23:18:20 schrieb Matthias Fischer: > I can achieve something similar, by using: > $ gpg --no-default-keyring --keyring /tmp/keyring.once --import > $ gpg --no-default-keyring --keyring /tmp/keyring.once > --trust-model always --recipient -e > > But this requires an additional temporary file (which needs to be > deleted), and I still have to look for the Key-IDs in the file, to > give them as parameters. > > If there isn't an option for this, I think it would be a neat feature > to implement. Why should a feature be added that can so easily be emulated by a simple script? gpgdir="/tmp/keyring.$$" test -d "$gpgdir" && rm -r "$gpgdir" gpg --homedir "$gpgdir" --import KEYFILE KEY_ID="$(gpg --homedir "$gpgdir" --with-colons --list-keys | awk -F: '$1 == "pub" {print $5;}')" gpg --homedir "$gpgdir" --recipient "$KEY_ID" --encrypt FILE rm -r "$gpgdir" Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From 2014-667rhzu3dc-lists-groups at riseup.net Mon Jul 7 01:40:13 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 7 Jul 2014 00:40:13 +0100 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53B95C75.5030209@vulcan.xs4all.nl> References: <20140706073605.GA65057@blinkenshell.org> <53B95C75.5030209@vulcan.xs4all.nl> Message-ID: <1954608605.20140707004013@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 6 July 2014 at 3:25:57 PM, in , Johan Wevers wrote: > Since I don't know when I will consider a key > compromised or weak, I don't work with expiry dates but > revoke the key in such a case. I don't know quite what /The Fuzzy Whirlpool Thunderstorm/ had in mind, but I would say setting expiry dates can maybe act as a reminder to consider such matters from time to time. Of course, it could just come around when you are too busy to consider any such thing, so you blindly extend the expiry date anyway. Or you set them too short, so extending becomes run-of-the-mill. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Don't ask me, I'm making this up as I go! -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO53mNXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pQIAEAISmyU2jyp8tYBRwqq1U1PTUtgdoyFVsh0mn CvnyvbKtAT45swzyZwqcPihxus5vYXHZGBGYXc+3jFW1KIJiLICfUJqyEHnwBUeR jTxtDc7+zXJayfG4cldoVJMtFn1EKuwI1LxRMUKPEFOQ2gxaBWddCyzcWeXvtPcK /8OiJ9bW =nTSB -----END PGP SIGNATURE----- From emylistsddg at gmail.com Mon Jul 7 01:25:38 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Sun, 6 Jul 2014 16:25:38 -0700 Subject: howto revoke a key that has no secret key In-Reply-To: <7594671.DkxBqUVq5r@inno> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> <7594671.DkxBqUVq5r@inno> Message-ID: <1877144085.20140706162538@gmail.com> > Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg: >> somehow i managed to send a key id to a key server that has no >> secret-key. so i would like to remove it. >> gpg --output keyrevoke.asc --gen-revoke 0x >> doesn't work since there is no secret key. >> at a loss as to how to remove/revoke this key > Your question is unclear (at least to me). > 1) You cannot remove a certificate from a keyserver. Not even with the > private key. > 2) You can delete a key from your keyring but without the private > mainkey you cannot revoke the key. Guess what the consequences would be > if everyone (i.e. those without the private key) could revoke a key... i found my error and the priv key. i had created this pair on a linux vm some time ago and had forgotten that. back then when i exported it and imported into a win machine something didn't quite take. i'm in the process of updating the db, and getting things in sync. appreciate your reply and help - From 2014-667rhzu3dc-lists-groups at riseup.net Mon Jul 7 02:47:32 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 7 Jul 2014 01:47:32 +0100 Subject: Encrypt directly to keyfile In-Reply-To: References: Message-ID: <1909778959.20140707014732@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 6 July 2014 at 10:18:20 PM, in , Matthias Fischer wrote: > I can achieve something similar, by using: > $ gpg --no-default-keyring --keyring /tmp/keyring.once > --import > $ gpg --no-default-keyring --keyring /tmp/keyring.once > --trust-model always --recipient -e > > But this requires an additional temporary file (which > needs to be deleted), and I still have to look for the > Key-IDs in the file, to give them as parameters. In place of , can't you use a substring match such as "*@" or "*." (without quotes)? Either of those would match any key's user-id if it contained an email address. > The interface could > provide the user with an input-area to paste a public > key(s) into, and then every automated mail (like > forgotten-password, notifications or reminders) could > be encrypted directly to those keys. There was a project called Encreep [1] mentioned on this list about six months ago. It is closed-source, time unlimited trialware. Keys are pasted in or loaded from keyfiles - no keyrings or trust models. Messages or files to encrypt/sign are pasted or loaded in the same way. [1] But if the user is pasting a public key for future use, why not save them all to a keyring and associate the key-ID or fingerprint with the user's records, then use that key-ID or fingerprint to select the right key to encrypt the forgotten-password messages, notifications or reminders? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The trouble with words is that you never know whose mouths they've been in. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO57i5XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p6ZcD/1Idhyjc5kBldo/lqpKH/gO3UfFMT0/mXrjV cRbFHIfdhGu6xw52yfLAB5dpumvSxriMSxlQfMew2KXsKzTUinNFF4oeIN/IQ6gz 0Jfyk49lE8q/U8AFNNQxUN9v/cz5gUXz6ddNkm/olLe1dnZwEUfUXXaRX10udgzc yZs/wLeb =DCnE -----END PGP SIGNATURE----- From tux.tsndcb at free.fr Mon Jul 7 10:08:35 2014 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Mon, 7 Jul 2014 10:08:35 +0200 (CEST) Subject: Smart card reader security In-Reply-To: <1382025329.2267.15.camel@mars.weinz> Message-ID: <1610298515.53601874.1404720515313.JavaMail.root@zimbra33-e6.priv.proxad.net> Hello Christian >I bought a cyberJack go [1] to use it with my openPGP smart card for >authentification. Since the firmware of that device is upgradeable and >is capable of saving atleast 2 GB of data, how can I be sure it is not a >security threat by saving sensitive data? May be done an encrypted partition on it. Best Regards From whirlpool at blinkenshell.org Mon Jul 7 10:09:41 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Mon, 7 Jul 2014 10:09:41 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <619995917.20140706125326@my_localhost> References: <20140706073605.GA65057@blinkenshell.org> <619995917.20140706125326@my_localhost> Message-ID: <20140707080941.GA5161@blinkenshell.org> On Sun, Jul 06, 2014 at 12:53:26PM +0100, MFPA wrote: > At the same time, would you advocate decrypting all your encrypted > files and encrypting them to the new key? Or were you just referring > to encrypted communications? It depends on how important the data is. Of course, if the data is so important, when the expiration time comes, all the data encrypted with the old key need to be decrypted and encrypted with the new generated key. Although it's not truly necessary to do this work when the data is no longer considered as important. For encrypted communication, it's better to use the new generated key when the expiration time comes. I don't enforce my idea to be applied by everyone. This is an advice for myself to do a good gpg practice. Someone may refer to a key revocation rather than enforcing an expiration time. That's also good practice. I believe everyone of you has a method to prevent quantum cryptodecryption on your public keys. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From whirlpool at blinkenshell.org Mon Jul 7 10:21:41 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Mon, 7 Jul 2014 10:21:41 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: References: Message-ID: <20140707082141.GB5161@blinkenshell.org> On Sun, Jul 06, 2014 at 07:35:05PM +0200, gnupg-users-request at gnupg.org wrote: > On 06-07-2014 9:36, The Fuzzy Whirlpool Thunderstorm wrote: > > > Using GPG encryption is still good, although it's vulnerable to quantum > > cryptodecryption. > > It's a good idea to set an expiration for each of your GPG key. > > So that, when the expiration time comes, you'll be able to generate a > > new GPG key to address a possibility of your old keys being cracked. > > I don't see the relation between these two. You don't know when quantum > computers who can break > 1024 RSA will be a reality so when should you > set the expiration date? And you can always revoke a key if something > like this happens, no need for expiration dates there either. > > Since I don't know when I will consider a key compromised or weak, I > don't work with expiry dates but revoke the key in such a case. > This is also a good practice. Revoking a key which is suspected to be compromised seems a good gpg practice. Because we don't know when quantum computing will be ready to use. Maybe 50 years later, or maybe 10 years later? Just find out how Intel is shrinking miroprocessor die size every year. Quantum computing is still long way to go. For now, as long as we stick to good gpg practice, no need to worry of compromised keys. > > GPG is not perfect. It's just pretty good as the name suggest. > > At least, it'll be able to protect your secured data for the rest of > > your life or for the time specified at the expiration date. > > If a key expires data will not be automatically decrypted. Nor will it > become unusable. I know that when the expiration time comes, the data will not be automatically decrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From peter at digitalbrains.com Mon Jul 7 11:50:30 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 07 Jul 2014 11:50:30 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53B95C75.5030209@vulcan.xs4all.nl> References: <20140706073605.GA65057@blinkenshell.org> <53B95C75.5030209@vulcan.xs4all.nl> Message-ID: <53BA6D66.5030304@digitalbrains.com> On 06/07/14 16:25, Johan Wevers wrote: > I don't see the relation between these two. I agree. This conversation is still a mystery to me. "The Fuzzy Whirlpool Thunderstorm", it seems to me you advocate revoking an encryption key, or letting it expire, when you suspect the key could be cracked by an adversary. This does not help at all for anything already encrypted to that key, it only prevents people (who have fetched the revocation) to encrypt any new data to that key. Any old data can still be decrypted by your adversary, who has computed your private key. The method works reasonably well for signature keys, apart from the fact that your adversary can still fake a signature in the past, when your signature key was still valid. Also, your correspondents still need to fetch the revocation before they realise new signatures are invalid. Could you explain what you mean? I'm really getting the impression we're talking about cracking an encryption key, and I don't see how revoking such a key would help significantly for that. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From whirlpool at blinkenshell.org Mon Jul 7 15:35:08 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Mon, 7 Jul 2014 15:35:08 +0200 Subject: GPG's vulnerability to quantum cryptography Message-ID: <20140707133508.GA23349@blinkenshell.org> Date: Mon, 7 Jul 2014 15:26:36 +0200 From: The Fuzzy Whirlpool Thunderstorm To: Peter Lebbing ;, gnupg-users at gnupg.org Subject: Re: GPG's vulnerability to quantum cryptography Message-ID: <20140707132636.GA64824 at blinkenshell.org> References: <20140706073605.GA65057 at blinkenshell.org> <53B95C75.5030209 at vulcan.xs4all.nl> <53BA6D66.5030304 at digitalbrains.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline In-Reply-To: <53BA6D66.5030304 at digitalbrains.com> User-Agent: Mutt/1.5.23 (2014-03-12) --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 07, 2014 at 11:50:30AM +0200, Peter Lebbing wrote: > Could you explain what you mean? I'm really getting the impression we're > talking about cracking an encryption key, and I don't see how revoking > such a key would help significantly for that. >=20 > Peter. I mean, to prevent private key compromise, it's a good practice to set an expiration date to your keys. So that, when the keys expire, you can generate better keys to prevent a probability that the old keys have been compromised. I don't say that this is the safest thing to do to prevent old data being decrypted. I'm pretty sure, when the quantum systems are publicly available, GPG will be updated with new algorithm to ensure key safety against such systems. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From bernhard at intevation.de Mon Jul 7 16:01:14 2014 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 7 Jul 2014 16:01:14 +0200 Subject: ECC and CMS (Re: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing) In-Reply-To: <87simizrjg.fsf@vigenere.g10code.de> References: <87simizrjg.fsf@vigenere.g10code.de> Message-ID: <201407071601.19846.bernhard@intevation.de> On Thursday 03 July 2014 at 12:05:07, Werner Koch wrote: > I just released the fifth *beta version* of GnuPG 2.1. ?It has been > released to give you the opportunity to check out new features and > to fix the bugs in the last beta. Congratulations on the new beta! About th ECC support in GnuPG 2.1: Does this work with OpenPGP and CMS? With the same algorithms? Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From kristian.fiskerstrand at sumptuouscapital.com Mon Jul 7 16:08:09 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Mon, 07 Jul 2014 16:08:09 +0200 Subject: ECC and CMS (Re: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing) In-Reply-To: <201407071601.19846.bernhard@intevation.de> References: <87simizrjg.fsf@vigenere.g10code.de> <201407071601.19846.bernhard@intevation.de> Message-ID: <53BAA9C9.8000002@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/07/2014 04:01 PM, Bernhard Reiter wrote: > On Thursday 03 July 2014 at 12:05:07, Werner Koch wrote: >> I just released the fifth *beta version* of GnuPG 2.1. It has >> been released to give you the opportunity to check out new >> features and to fix the bugs in the last beta. > > Congratulations on the new beta! > > About th ECC support in GnuPG 2.1: Does this work with OpenPGP and > CMS? ECC support for OpenPGP is defined in RFC6637[0] > With the same algorithms? Only the NIST P-curves are currently defined for OpenPGP although some serpent and brainpool curves also works using the basic framework of RFC6637 - these are also included in SKS. See e.g. [1] for discussion on Ed25519 that is currently implemented in GnuPG 2.1 but does not yet have an RFC. References: [0] http://tools.ietf.org/html/rfc6637 [1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07194.html - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Docendo discimus We learn by teaching -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTuqnJAAoJEPw7F94F4Tagz3AP/2dlnuXLFFiRe4x88uwQda8n 293pqKs+O+7lu7P+SlQbrckGyDSqydl4r0PMeXj5eImwKFPbIPqmw1pOcmf5TpEs 65W6/dfq4jiXgc+qV+YiH0lJ7ER870uRrxBKJDKc98dmH/kAZWobgRrWHgqx+nNN LVW7UToosG2Z9hfAjvQlSXM1Ba9bcFgmnWsseYX9gpFFSY8+qATrvWHbv+TYUr3g wClqd/KbQ4lB25qRhHydA2GxQSG5uhgKAwItIe42IGp6htBKsaXGE0nbegSXa8Ng m01Xv/H/w3OlIOnRhKl5NwR36CO5QTXkFnix7lzxpWzn9Lx9qandL+n5iWvNKHF9 pF/n7rjuJ8jG8T0WdIUmHGJ4kkm0qI5efOGHLtF+5wzyLLezH0c8Ev7nls9OOp1c vLXcXW1ttq7+g85+TYAzAHn4e7SU3mhFL7RC5m1mXcbtktWFxP4RBXsOtUxF9m0Z 5d/Q1X6nEeJ34+JYGBytQWt0UYj/C4NAmA6SyLFpfbvFB867dQgH/al50NGVvryI TgYgNQnspkZ+MbEO0bPQBWulo7QYNVIqy3Vf2jPk4F3r3wN5EEJtBvBC5HVMhKgA B8n9yE+o4QfvS6CA4E5cC+Ivi0Q6i2WfBQJQSDBIUih0B34LvmTwWSu/vreLUgTY 8zfmZAFg+nAODmUn2gp6 =kAPT -----END PGP SIGNATURE----- From trial at gmx.org Mon Jul 7 16:37:48 2014 From: trial at gmx.org (Walter Lange) Date: Mon, 07 Jul 2014 16:37:48 +0200 Subject: Encrypt a signed text In-Reply-To: <53BAA29D.8070207@gmx.org> References: <53BAA29D.8070207@gmx.org> Message-ID: <53BAB0BC.8010707@gmx.org> Hi mailing list! I would like to encrypt a signed (with ASCII armor) text. It should take two steps, because I want to use two different machines, a local one to sign and a remote machine which encrypts. The result should be the same as the encrypted and signed one in one step. Is that possible? Thanks to all experts! Regards Walter From stakanov at freenet.de Mon Jul 7 17:36:00 2014 From: stakanov at freenet.de (stakanov at freenet.de) Date: Mon, 07 Jul 2014 17:36:00 +0200 Subject: secret key vs pubblic key Message-ID: Hi. I once encountered the following situation. One of my contacts did send his/her private key on the public key server. Claiming that this was his/her public key. Funnily enough I did import that key and did not get aware it was a secret key. And as far as I remember it worked to decrypt her messages. First question: was this possible because you can decrypt messages from a counterpart also with his/her private key (having it imported from a key server) using your private key? Or (I do sincerely not remember) did s(he) send me the public key separately maybe and this is why I was able to decrypt) Kgpg has a very strange policy in communicating the import of a key. It always speaks of "secret key" imported whether this is a public or private key At least in opensuse when you do "export your public key" and "export your secret key" both will have the same aspect AFAIC (name.asc). Is this intentional and could this be changed to make things like this happen less? (Note: more people will use encryption so the level of knowledge of the program is to be expected to lower not to get higher at least statistically. It is true that in the most recent version of kgpg this has changed and a dialogue should make people understand they are exporting a private key (at least when exporting to a file, however, I do not know if this warning happens also when people export to a key-server). That brings me to this question: is there a way, once I have to keys let us say "Paul.asc" a public one and "Paul.asc" a private one that should not have been exported, to understand immediately what kind of key is this. What would be the command on the command line? Last question: why a does a key server for public keys accept "private keys" anyway? Isn't there a way in the infrastructure to block those errors from the very origin? Thank, you. --- Alle Postf?cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen From vedaal at nym.hush.com Mon Jul 7 18:49:41 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 07 Jul 2014 12:49:41 -0400 Subject: Encrypt a signed text In-Reply-To: <53BAB0BC.8010707@gmx.org> References: <53BAA29D.8070207@gmx.org> <53BAB0BC.8010707@gmx.org> Message-ID: <20140707164941.F2344C00D6@smtp.hushmail.com> On 7/7/2014 at 10:42 AM, "Walter Lange" wrote: >I would like to encrypt a signed (with ASCII armor) text. It >should take >two steps, because I want to use two different machines, a local >one to >sign and a remote machine which encrypts. The result should be the >same >as the encrypted and signed one in one step. Is that possible? ===== Not the way you want it. It will have the same end result, in that the signature can be verified, on the same text, and the decryption will show the text and verify the signature, But in the case where it is a one step process, the decrypted plaintext will not have the signature as part of the text. The other way is possible. It is possible to encrypt and sign as one step, and then armor the signature and attach it to the decrypted plaintext to make it look like it was first clearsigned, or armored signed, and then encrypted. The problem with doing it the way you want, is that while it is possible to remove the signature and save it as a detached signature, it is not (afaik) possible to bind that detached signature to the plaintext and have it encrypted as one process. I would need to be zipped together or otherwise connected first. vedaal From vedaal at nym.hush.com Mon Jul 7 20:54:02 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 07 Jul 2014 14:54:02 -0400 Subject: Encrypt a signed text In-Reply-To: <53BAB0BC.8010707@gmx.org> References: <53BAA29D.8070207@gmx.org> <53BAB0BC.8010707@gmx.org> Message-ID: <20140707185402.1FD43C00CF@smtp.hushmail.com> > it is not (afaik) possible to bind that detached signature to the plaintext and have it encrypted as one process. I would need to be zipped together or otherwise connected first. ===== I haven't tried this, so i don't know how it would work, but you might try to CAT and pipe to gpg encrypt, i.e. split the signature from the plaintext CAT the plaintext and the .sig file into one file then pipe it into gpg --encrypt if anyone has actually done this, please post, TIA, vedaal From free10pro at gmail.com Mon Jul 7 21:00:54 2014 From: free10pro at gmail.com (Paul R. Ramer) Date: Mon, 07 Jul 2014 12:00:54 -0700 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <1954608605.20140707004013@my_localhost> References: <20140706073605.GA65057@blinkenshell.org> <53B95C75.5030209@vulcan.xs4all.nl> <1954608605.20140707004013@my_localhost> Message-ID: <0ce48921-6104-4430-b6fd-a1d0ce1b0acb@email.android.com> On July 6, 2014 4:40:13 PM PDT, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hi > > >On Sunday 6 July 2014 at 3:25:57 PM, in >, Johan Wevers wrote: > > > >> Since I don't know when I will consider a key >> compromised or weak, I don't work with expiry dates but >> revoke the key in such a case. > >I don't know quite what /The Fuzzy Whirlpool Thunderstorm/ had in >mind, but I would say setting expiry dates can maybe act as a reminder >to consider such matters from time to time. Of course, it could just >come around when you are too busy to consider any such thing, so you >blindly extend the expiry date anyway. Or you set them too short, so >extending becomes run-of-the-mill. Uh, yeah. That can happen. I will not say that I did that once upon a time but ... :-) Cheers, -Paul -- PGP: 3DB6D884 From johanw at vulcan.xs4all.nl Mon Jul 7 22:17:06 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 07 Jul 2014 22:17:06 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140707080941.GA5161@blinkenshell.org> References: <20140706073605.GA65057@blinkenshell.org> <619995917.20140706125326@my_localhost> <20140707080941.GA5161@blinkenshell.org> Message-ID: <53BB0042.3020503@vulcan.xs4all.nl> On 07-07-2014 10:09, The Fuzzy Whirlpool Thunderstorm wrote: > It depends on how important the data is. Of course, if the data is so > important, when the expiration time comes, all the data encrypted with > the old key need to be decrypted and encrypted with the new generated > key. However, if your communication lines are bugged the attacker already has the data encrypted with the old key. This is only valid if cold storage data is at risk. In such cases an encrypted disk using some symmetric algorithm that is likely not vulnerable to quantum computers is a safer option. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From emylistsddg at gmail.com Mon Jul 7 23:49:23 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Mon, 7 Jul 2014 14:49:23 -0700 Subject: one key/pair for multiple email accounts In-Reply-To: References: Message-ID: <1319122865.20140707144923@gmail.com> in practice, do users of gnupg find that having multiple email account id's added to one key/pair using that key/pair to sign and/or encrypt emails & files more efficient to manage? i have mulitple email accounts and in the past had generated a key/pair for each, each with its own unique passphrase. i'm rethinking that approach. curious how other uses in this situation manage their gnupg? From ekleog at gmail.com Mon Jul 7 23:52:25 2014 From: ekleog at gmail.com (Leo Gaspard) Date: Mon, 7 Jul 2014 23:52:25 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53B97779.8020905@sixdemonbag.org> References: <20140706073605.GA65057@blinkenshell.org> <53B97779.8020905@sixdemonbag.org> Message-ID: <20140707215225.GB2043@leortable> On Sun, Jul 06, 2014 at 12:21:13PM -0400, Robert J. Hansen wrote: > On 7/6/2014 3:36 AM, The Fuzzy Whirlpool Thunderstorm wrote: > > Using GPG encryption is still good, although it's vulnerable to > > quantum cryptodecryption. > > In point of fact, we don't know this. > > Theoretically, science-fiction level breakthroughs in quantum > computation would break RSA. But the problem with theory is some of the > things that theory permits turn out to be impossible in reality. For > instance, there's nothing in the laws of physics that prohibit things > from having negative mass, but we've never encountered negative-mass > material anywhere: not in the lab, not in the world, not in deep space, > not anywhere. Wasn't there an experiment running, one or two years ago, about trying to make anti-electrons anti-gravitate? I don't remember of having read any result, though... > It's good to be skeptical of quantum computation. It's interesting to > read up on, but be immensely skeptical of all predictions. Weren't you the one who preached to assume the worst? It seems rather reasonable to assume that somewhere in the future quantum cryptography (or any other kind or huge advance in science) will break whatever cipher we are currently using... after all, vigenere-like ciphers are almost ridiculous nowadays, while they were once state-of-the-art. From rjh at sixdemonbag.org Tue Jul 8 00:11:36 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 07 Jul 2014 18:11:36 -0400 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <20140707215225.GB2043@leortable> References: <20140706073605.GA65057@blinkenshell.org> <53B97779.8020905@sixdemonbag.org> <20140707215225.GB2043@leortable> Message-ID: <53BB1B18.1070505@sixdemonbag.org> On 7/7/2014 5:52 PM, Leo Gaspard wrote: > Wasn't there an experiment running, one or two years ago, about > trying to make anti-electrons anti-gravitate? I don't remember of > having read any result, though... It's been done a few times but without results, which is unsurprising: on an atomic level gravity is ridiculously weak. It's still being researched. Smart money is that antimatter has a gravitic attraction just like regular matter: if it doesn't, a whole lot of our commonsense notions of reality have to get thrown out. > Weren't you the one who preached to assume the worst? Yes, but there's a big difference between saying "it is possible that RSA will be susceptible to quantum computation in the near future, so let's account for that in our threat model," and saying, "RSA is susceptible to quantum attacks." Reality should always be described as accurately as possible. Threat models should be constructed under a pessimistic interpretation of that accurately-stated reality. :) From aarcane at aarcane.org Tue Jul 8 04:59:07 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Mon, 7 Jul 2014 19:59:07 -0700 Subject: Greetings everybody, new user here Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone. I just signed up to this list and thought to introduce myself. I've been aware of gpg for a long time, but seldom have I had occasion to actually use it. Well, now I do, so I'm all signed up and introducing myself. As you can probably see, my name is Christ. I work in the web development industry and have ties to the security sector. Surprising as it is, most people I communicate with simply don't use GPG, so I've never had occasion to use it beyond the occasional verification of a package or download. Well, now I have my own key, 389B07F6, published to the local keyservers, and I joined the list. I have a few minor issues I'll post about separately as occasion arises. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTu15mAAoJEFiHuRCpy1pBNrIIANJnpETE/AtFGJyzeFEcvvD/ CwBC7clA6Wl2SkqSTU8sV140YwtcmDhWoFDG1qav5hCUjqwOyxX/yprwBoj12T+I egghupb2pQHPOW2ZzDL83w2hZuk/uQcqQ0+TxUDQAR8dD1jxM7rc2Ew1pc7sje8Z yEN3TXlvFynL++CeFBy/eVXVhhymDF+NKWnHjsrE8zGBXdg5527fZOyxOegmSzHV AH6aAXl83USBQyJZafo2+s4TR1ijOWxB6cNVx+Di9RpROJsOeN3gyf1g7lBsgG5i zrTfjnlEJYZJ7ZB6d08cL/zlx5rv2Tt88/zGX2GyvCLlPYZteDXG0t9eSNsSj4o= =zVNz -----END PGP SIGNATURE----- From aarcane at aarcane.org Tue Jul 8 05:04:01 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Mon, 7 Jul 2014 20:04:01 -0700 Subject: Key server long propagation delays? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was recently setting up my new keys along with some other people, and I discovered that as soon as one of my cohorts sent their keys and recieved confirmation, I could retrieve the keys and they showed up. When I sent stuff to the key servers, however, they couldn't retrieve them for upwards of several minutes. Later in the evening, we both sent each other's signed certificates back to the key servers, and that propagation delay was several HOURS in duration. We made sure to both send to the same key servers, and we tried multiple different keyservers, but ultimately the only solution was to wait. Furthermore, I failed in attempts to google this problem, and couldn't find any documentation on key server change propagation delays. I wanted to know if what we've observed is Normal, and if so, if there's any way we can reduce the time it takes our keys to be visible to each other. Thanks in advance! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTu1+fAAoJEFiHuRCpy1pB6CYH/iYgqoJqNwV+nsLdUNX+OT5c i9fKkkkDcigmHAIOONyed4MCTyyAs2GWwwIoMyNSc3jA4SnSun7qL+jZ/ujsppzL z9mGwEHbe7DmO2GcWUNfX9cW014tRB1wnBQ1k4Z9jvEiGXHR1vDr/wx4MFitwDr6 hkjIqpizLE1xbh4JuSX70ESMlSyLE3fk+cqs10lD1KOGKizlLEoR1QZ9zs1YmLQR MxZQGFhJjruO+z3gpT+xnr6GoamkgWXgiORec9b0mnG6du6ioGX+mvRv38pC6PYE M5qOAolcOFOLN8+K1/ZAR/9uVdJiKpFKO8UCIlCLwbGa9AVRGOuh4NrViWkqbmQ= =a6pQ -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Jul 8 06:31:54 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Jul 2014 00:31:54 -0400 Subject: Greetings everybody, new user here In-Reply-To: References: Message-ID: <53BB743A.5070203@sixdemonbag.org> > Hi everyone. I just signed up to this list and thought to introduce > myself. Welcome to the community! We're a pretty friendly bunch here. Hasn't been any blood drawn in quite a while, honestly. :) With respect to delays in the keyserver network, the major address that people tend to use (pool.sks-keyservers.net) is not a single box but a confederation of them. It's sort of like how when you visit google.com you're visiting one of thousands of boxes configured to respond to that address. If by some chance you and your correspondent happen to hit the exact same keyserver the propagation delay will be measured in milliseconds. Otherwise the certificate has to be propagated from one machine's database to another. This process, while normally very quick (sub-minute), sometimes has problems. Imagine there's Box A and Box B and then the Big Cloud of Boxes that represents the keyserver network. A gets all its updates from B, and B gets its updates from the Big Cloud of Boxes. If for some reason the network link from A to B goes down, A will fall behind B (and the rest of the Big Cloud of Boxes) in synchronization. The good news is that most of the time propagation speed is extremely fast. Network problems do occur, but generally they're not significant enough to be a major worry. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From caoxingk at gmail.com Tue Jul 8 08:04:05 2014 From: caoxingk at gmail.com (Hugo Almeida) Date: Tue, 8 Jul 2014 07:04:05 +0100 Subject: Fwd: Help, batch mode not working for --edit-key option ? In-Reply-To: References: Message-ID: Hi, I want to add many subkeys under a primary key, now I can use `gpg --edit-key ` and type addkey command blah blah... to do it manually, then repeat these steps again and again, until enough subkeys for current key I have. But before it, I use batch mode to auto-create (unattended) new primary key, its so cool for bash script, but batch mode seems not work for --edit-key option, I want a unattended way to add subkeys. I've read FAQ, man page of gpg, source tree of doc/DETAILS, and do so many google, but cant help myself, then I am here. Thanks a lot. From 2014-667rhzu3dc-lists-groups at riseup.net Tue Jul 8 08:17:31 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 8 Jul 2014 07:17:31 +0100 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53BB1B18.1070505@sixdemonbag.org> References: <20140706073605.GA65057@blinkenshell.org> <53B97779.8020905@sixdemonbag.org> <20140707215225.GB2043@leortable> <53BB1B18.1070505@sixdemonbag.org> Message-ID: <1685839493.20140708071731@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 7 July 2014 at 11:11:36 PM, in , Robert J. Hansen wrote: > It's been done a few times but without results, which > is unsurprising: on an atomic level gravity is > ridiculously weak. It's still being researched. Smart > money is that antimatter has a gravitic attraction just > like regular matter: if it doesn't, a whole lot of our > commonsense notions of reality have to get thrown out. Many write-ups of atomic/sub-atomic level phenomena seem to me to involve considerable deviations from our commonsense notions of reality. (-; - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net You can't build a reputation on what you are going to do -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO7jQFXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pbkAD/0egxRzbgJ4X5Py4JbivMdrhypIW1irh7MQs kz/f8rwPDsqbY1sacOp0flfefaYOvLobBTg1LFKx2w5fa0DOyFUW295SyQMlgwab 4IMlNnE0X6J676Qh7ZQULOQFgW2flkZ5RCK5D5gIOu1pkfxYEtmauOkR2uZRia/n VS/MugTe =3Z60 -----END PGP SIGNATURE----- From micha at rosetree.de Tue Jul 8 08:22:38 2014 From: micha at rosetree.de (Micha Rosenbaum) Date: Tue, 08 Jul 2014 08:22:38 +0200 Subject: one key/pair for multiple email accounts In-Reply-To: <1319122865.20140707144923@gmail.com> References: <1319122865.20140707144923@gmail.com> Message-ID: <53BB8E2E.9020500@rosetree.de> On 07.07.2014 23:49, eMyListsDDg wrote: > in practice, do users of gnupg find that having multiple email account id's added to one key/pair using that key/pair to sign and/or encrypt emails & files more efficient to manage? > > curious how other uses in this situation manage their gnupg? I'm using one key pair for multiple email addresses. But I think it depends on the usage of your email addresses. If you use one for business and don't want your partners to see your private email address (maybe something like bunny309 at example.com), then I'd prefer two key pairs ;). But I'm not using gnupg for long now and I'm curious what other say, too. Maybe there are best practises about this topic? -- PGP: 0x7694EB9B (http://rosetree.de/pgp) http://www.email-nur-an-dich.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Jul 8 08:40:06 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Jul 2014 02:40:06 -0400 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <1685839493.20140708071731@my_localhost> References: <20140706073605.GA65057@blinkenshell.org> <53B97779.8020905@sixdemonbag.org> <20140707215225.GB2043@leortable> <53BB1B18.1070505@sixdemonbag.org> <1685839493.20140708071731@my_localhost> Message-ID: <53BB9246.4070309@sixdemonbag.org> > Many write-ups of atomic/sub-atomic level phenomena seem to me to > involve considerable deviations from our commonsense notions of > reality. (-; Nonsense. What, you don't find quantum mechanics to be common-sense and wholly intuitive? ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Tue Jul 8 09:56:38 2014 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 8 Jul 2014 09:56:38 +0200 Subject: ECC and CMS (Re: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing) In-Reply-To: <53BAA9C9.8000002@sumptuouscapital.com> References: <87simizrjg.fsf@vigenere.g10code.de> <201407071601.19846.bernhard@intevation.de> <53BAA9C9.8000002@sumptuouscapital.com> Message-ID: <201407080956.38736.bernhard@intevation.de> Kristian, On Monday 07 July 2014 at 16:08:09, Kristian Fiskerstrand wrote: > On 07/07/2014 04:01 PM, Bernhard Reiter wrote: > > On Thursday 03 July 2014 at 12:05:07, Werner Koch wrote: > >> I just released the fifth *beta version* of GnuPG 2.1. It has > >> been released to give you the opportunity to check out new > >> features and to fix the bugs in the last beta. > > > > Congratulations on the new beta! > > > > About th ECC support in GnuPG 2.1: Does this work with OpenPGP and > > CMS? > > ECC support for OpenPGP is defined in RFC6637[0] > > > With the same algorithms? > > Only the NIST P-curves are currently defined for OpenPGP although some > serpent and brainpool curves also works using the basic framework of > RFC6637 - these are also included in SKS. See e.g. [1] for discussion > on Ed25519 that is currently implemented in GnuPG 2.1 but does not yet > have an RFC. thanks for the pointers! Do you also know the status of CMS (x.509) for S/MIME? > References: > [0] http://tools.ietf.org/html/rfc6637 > [1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07194.html -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Jul 8 10:02:32 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 08 Jul 2014 10:02:32 +0200 Subject: ECC and CMS (Re: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing) In-Reply-To: <201407080956.38736.bernhard@intevation.de> References: <87simizrjg.fsf@vigenere.g10code.de> <201407071601.19846.bernhard@intevation.de> <53BAA9C9.8000002@sumptuouscapital.com> <201407080956.38736.bernhard@intevation.de> Message-ID: <53BBA598.8050204@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/08/2014 09:56 AM, Bernhard Reiter wrote: > Kristian, > ... > thanks for the pointers! Do you also know the status of CMS > (x.509) for S/MIME? > No, I don't pay too much attention to S/MIME as I have a *strong preference* for OpenPGP myself (and to be honest there is enough to keep track of there :) ) - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Cogito ergo sum I think, therefore I am -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTu6WYAAoJEPw7F94F4TagDTQP/jDBti1WA/ffyeLEmqkQqPsN qToD65zJb2MQTA7hoBEni+nhy+dTTp81oJHhtUIF0QZeyFpNbiM1LfiFF25jWqfD sYjq67jFQErAmTQW6XY3WhLQ9Z30q5orpW77WPuoBAVpMNByXbtzNSxImWVR0QAK LDY9F4g5vTRjWf/doPjH1XoExSXXvb8SO/N2Vc4GMbJmZnN+FdfyeBaNY8EJ2a4d gKKHeRSCqkNi3N1c6zz5JL3zM5t0JE2dvhVVoGdVCDjdV06s2TboPiN9K1Mg8K2J 8fJyrxG1o0PyjgpGrhOpvujrIrHg7lnTI2P6tjzKpC+5D2IrLAEMeVkx60aJnUQD UO4IbSOI7cFg2Rc04Tw1lSadLfd6cBMGaxyJZYYaSSyFfg+SxAnXhgN+A9YjIw8B rD6mTNyzfA8y90Bs7cj/NoRf2t0m9DodJR/TklCxMK/Gg7wWVY2J0xs9juHWpU1Z UeFi113+9TmnUgB5Zu9GIeIU9B7Jr5Z0dpblyEJjrt3WuI9AT1PegQkZimzY06tR xFJihAxkw/qXkE/T6KVjuxxvprdAUJ3uWIexElgkEJIBDFPfvTifLV0DEixSTqkv F38kf9ZI/X/k8ItoaI7Wcw4zfDinuNGc/SQf4EqCn+CMyMIiUrEL6BD5jM/p/i+l W1K1pH9q+8DeksOH9F/6 =JkFc -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Tue Jul 8 10:08:58 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 08 Jul 2014 10:08:58 +0200 Subject: Fwd: Help, batch mode not working for --edit-key option ? In-Reply-To: References: Message-ID: <3995921.D4Wc2KKv0L@inno> Am Di 08.07.2014, 07:04:05 schrieb Hugo Almeida: > but batch mode seems not work for --edit-key option, > I want a unattended way to add subkeys. It does work. You can have a look at my script which does that: http://www.openpgp-schulungen.de/scripte/keygeneration/key-generation.sh The script is in German only yet. But you can search for addkey and see how it works. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Jul 8 10:28:25 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 08 Jul 2014 10:28:25 +0200 Subject: Greetings everybody, new user here In-Reply-To: <53BB743A.5070203@sixdemonbag.org> References: <53BB743A.5070203@sixdemonbag.org> Message-ID: <53BBABA9.9090307@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/08/2014 06:31 AM, Robert J. Hansen wrote: >> Hi everyone. I just signed up to this list and thought to >> introduce myself. > .. > > Imagine there's Box A and Box B and then the Big Cloud of Boxes > that represents the keyserver network. A gets all its updates from > B, and B gets its updates from the Big Cloud of Boxes. If for some > reason the network link from A to B goes down, A will fall behind B > (and the rest of the Big Cloud of Boxes) in synchronization. To get a graphical overview of the network, have a look at the chart on [0] (if the IP change for that hasn't propagated yet, try [1] instead) References: [0] http://storage.sks-keyservers.net/2014-07-sks-network.png [1] http://sks.kfwebs.com/2014-07-sks-network.png - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "There is no urge so great as for one man to edit another man's work." (Mark Twain) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTu6upAAoJEPw7F94F4Tag7Y4QAJVm2XWV0ufYYrjk6czTsXh5 CPiiQTOcdLEj1K22Rm97cJ538u6nmlhEfMtXnPLLx/of75dSQarFpTKrG0dAgpOv P1nddB4MF3hLtjfBphjUr/sdqbySEPLA5s8QuD5R8IQf6NcbrJom43H/93/T+p35 FaPZmYjcxJY6sxaxp785iMT61AD9RRV6gJUui7WPKhr5h3MGZlUx9mY+9+W1TB9V 1FCpMIJYHaKbqmlk5RBBM6iFhb8m2+CPMetPzaoRIe8VP8t5DZww0aUFVxigKa6F W5STPu3ZbFCRTY2UqV/0LqznFFfm3MJ0K+rlKjEneVKI3ncCXAjGPlCDjO/yqu5B 1Cw2bmGJsFmz86/tgzLluQTY7Q6cVZloBdhvasKsLbaJ8Eol4uJlJQ5kpO2+ppLW LD9wvsbJxnRsN5rnonjIe+KdvQIVqjtItW/tvPFdlmk+u9jVaHGqEwr6oyKCfI8O NJnFynrbn/427cizmC/gAOsO61A04r+sEDiUfDCy4aLiK3DHDuXfcA6QYGVtlYVk n0Mx5LxzxzkQA2sMX+YE3e4GZetviRu42wuGiZhupHHcKbPmFeALku5L/h8M+xLo wsjreTGqv+60u1RWrdGnHrAS98w7wi2IBN2k9XJXBdjaV94l8VxOTHdUi9+SlSVq xpvpZ8JXqflhePpQ8/GQ =bvU3 -----END PGP SIGNATURE----- From whirlpool at blinkenshell.org Tue Jul 8 10:44:06 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Tue, 8 Jul 2014 10:44:06 +0200 Subject: one key/pair for multiple email accounts In-Reply-To: References: Message-ID: <20140708084406.GA46262@blinkenshell.org> > in practice, do users of gnupg find that having multiple email account > id's > +added to one key/pair using that key/pair to sign and/or encrypt > emails & files > +more efficient to manage? > > i have mulitple email accounts and in the past had generated a > key/pair for > +each, each with its own unique passphrase. i'm rethinking that > approach. > > curious how other uses in this situation manage their gnupg? This depends on your situation. If you want to be identified as one single person for all mails, you are better use one key id and add each mail address to your primary key as additional identities. If you want to hide your real identity by having multiple email addresses, you may create a separate identity key for each mail address. That's what I thought. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Jul 8 10:54:18 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 08 Jul 2014 10:54:18 +0200 Subject: one key/pair for multiple email accounts In-Reply-To: <20140708084406.GA46262@blinkenshell.org> References: <20140708084406.GA46262@blinkenshell.org> Message-ID: <53BBB1BA.7080202@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/08/2014 10:44 AM, The Fuzzy Whirlpool Thunderstorm wrote: >> in practice, do users of gnupg find that having multiple email >> account id's +added to one key/pair using that key/pair to sign >> and/or encrypt emails & files +more efficient to manage? >> >> >> i have mulitple email accounts and in the past had generated a >> key/pair for +each, each with its own unique passphrase. i'm >> rethinking that approach. >> >> curious how other uses in this situation manage their gnupg? > > This depends on your situation. If you want to be identified as one > single person for all mails, you are better use one key id and add > each mail address to your primary key as additional identities. If > you want to hide your real identity by having multiple email > addresses, you may create a separate identity key for each mail > address. That's what I thought. Wouldn't necessarily be to _hide_ anything either. I tend to use it as a role-based approach, e.g. I have an own key for my work address (that is barely used at all, but it _is_ available). The primary reason for this is that I have that key located on the company computer which is under the control of the IT department, not me, so wouldn't want to use my own personal keys for that. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Carpe noctem Seize the night -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTu7G6AAoJEPw7F94F4TagCEsP/j2NW8lSZA5/h8ecReODQF/0 J4jA6M+SkrX3gqObzbfWlN2GFObf8ADJkcNiwAxKHkmB7kw5YC7d7+zK/DVj2Kdc iHkSR15vGPf1xT5FRDcU+VFy30s8UYfjPGVnyhAUF890rKCw7QUxPPfv+1MhmU2V qeAkLPdELr0Rv2qUsQUpwecsDpiwb1j6zm1hMcnIVSNAiIpXS3SsGR4JCfDZQqpW MF1EuGC58qswIHrHGeL3qwOVcHQPCh4ZAlqTcxl7q9wOtm9o9FdY13x/61gTMVrs J0zwSh2mKPRLT7VoN6Dhjebtd6onLzZVBXUq/3L8Zyo+cSxOAe68JRxH+iBxXtZs oxOJF44TgQc5ISIO1rxNldhTJrI1sTi2kNja0l7dNQs9hrjWCcf6WBNXJFtp3oIf 1Oz+PliPLlt7YNqRaXL+A+9yt5aukMJ7cyiuqXW7sMWBl+xOmk+UW39U8jomKpOZ a20E1TG+rtoVUYDs5bMXTNPop5KVdyPHz+P60KEwbC3AGIJ/DtU9RDCmEqreEPQ7 L9Bu8nn8j/hTH7pesRRGoeSeGM8NFB6AEJ7VKW/F/35Ztz1+NN6fvdsTrHMdYYQL ghCW7FCNDGagGCtPEIPzxnqGKQTnd617SMeZ8G8LK6bkciyHlFnzDhS9ySvfAOg0 EJqGNNneFHEHQJ0AO08m =0yX4 -----END PGP SIGNATURE----- From whirlpool at blinkenshell.org Tue Jul 8 11:15:50 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Tue, 8 Jul 2014 11:15:50 +0200 Subject: one key/pair for multiple email accounts In-Reply-To: <53BBB1BA.7080202@sumptuouscapital.com> References: <20140708084406.GA46262@blinkenshell.org> <53BBB1BA.7080202@sumptuouscapital.com> Message-ID: <20140708091550.GA63635@blinkenshell.org> On Tue, Jul 08, 2014 at 10:54:18AM +0200, Kristian Fiskerstrand wrote: > Wouldn't necessarily be to _hide_ anything either. I tend to use it as > a role-based approach, e.g. I have an own key for my work address > (that is barely used at all, but it _is_ available). The primary > reason for this is that I have that key located on the company > computer which is under the control of the IT department, not me, so > wouldn't want to use my own personal keys for that. There is no limitation of how many keys can be associated with a single mail address. You may generate one key for each computer you are using and tell your contacts to encrypt the messages with a specified key. For example, on a private subject - you may use the key stored on your private computer, so that the sender will ensure that you read the encrypted message on your private pc not on your public system. If privacy isn't absolutely needed, you may use the key stored on your public system managed by another administrator. Your key is safe, as long as you protect it with an uncrackable passphrase. The system administrator may gain access to your private key file, but not to your private key usage right. One last thing to remember: if you don't trust the system, don't store any private key on it. That's a bit paranoid, but it's better to be safe than to trust and regret later. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Jul 8 11:18:05 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 08 Jul 2014 11:18:05 +0200 Subject: one key/pair for multiple email accounts In-Reply-To: <20140708091550.GA63635@blinkenshell.org> References: <20140708084406.GA46262@blinkenshell.org> <53BBB1BA.7080202@sumptuouscapital.com> <20140708091550.GA63635@blinkenshell.org> Message-ID: <53BBB74D.5040004@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/08/2014 11:15 AM, The Fuzzy Whirlpool Thunderstorm wrote: > On Tue, Jul 08, 2014 at 10:54:18AM +0200, Kristian Fiskerstrand > wrote: >> Wouldn't necessarily be to _hide_ anything either. I tend to use >> it as a role-based approach, e.g. I have an own key for my work >> address (that is barely used at all, but it _is_ available). The >> primary reason for this is that I have that key located on the >> company computer which is under the control of the IT department, >> not me, so wouldn't want to use my own personal keys for that. > There is no limitation of how many keys can be associated with a > single mail address. You may generate one key for each computer you > are using and tell your contacts to encrypt the messages with a > specified key. If you are talking about subkeys here, that works nicely for signing keys, not so much for multiple encryption subkeys. > > For example, on a private subject - you may use the key stored on > your private computer, so that the sender will ensure that you read > the encrypted message on your private pc not on your public > system. > > If privacy isn't absolutely needed, you may use the key stored on > your public system managed by another administrator. Your key is > safe, as long as you protect it with an uncrackable passphrase. The > system administrator may gain access to your private key file, but > not to your private key usage right. > What is to stop them from installing a keylogger if they wanted to? > One last thing to remember: if you don't trust the system, don't > store any private key on it. That's a bit paranoid, but it's better > to be safe than to trust and regret later. Thats not paranoid, that is good security management. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Audaces fortuna iuvat Fortune favors the brave -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTu7dNAAoJEPw7F94F4TagePIP/14KSkfCJZu+H3aKb7Tz75Sa n9JmzlEfPmj8vxOdtCujUYfvDrqep3pSJySTQe/UL1eaFftX5fLALt5wYrFL3td8 VmakW3rOyV6vSw2KiYQgALUWIzaNl6Zakh3Pr4n7Eqid2JujIZj3FB1upWUYljRp eoSPfnYrYYBo4CjohQzljnKB1256Gcrbv/CdBVn5hby8D9OwkTKH3ggByxwnKtfM bt+cqtxxJPSoXlMl9F7ikOMPfis1zQmc4MSD31xzvjYKT+sl8FR9NI9LAMwxv5DU +hoOVCUzQOkXg3aN+c07pn26fzQ2Dryg8t21mLzpV+g1W9txFOuqhM4/qrISNtD6 reortHhHFhz7C9BI0WVBc5XRNbn097byfOKmOGOxcXrInP8lgVKOOFMeHT59P61E H7+/MmKOm2KMs8bgBzlHdtTlp9fzFZpwEYZutKxhjuQWAQ9nFnucxiABpEoqJL1c 0KLWUTBrVJO+OBkztTyuhu684xPlYXrY3F26aSKkukzSdDu+T1OvXPptI9k94/cO 4LyUOahzAK6TOOCLkNMuQVCCq+xqxUHnXCY8n4WuC4MC0RxbComZqqJguBmmVYV0 SSAzq+nrDjWxFkhAUjJ7XV+RRaZbbKB10LLCvR5JPzNYyGsVn4QtnrBJ81AHq9W6 GskUifIhMgOCn/ymIRGp =AAy0 -----END PGP SIGNATURE----- From bernhard.kleine at gmx.net Tue Jul 8 10:38:12 2014 From: bernhard.kleine at gmx.net (Dr. Bernhard Kleine) Date: Tue, 8 Jul 2014 10:38:12 +0200 Subject: gpg4win Message-ID: <001301cf9a87$f5215aa0$df640fe0$@gmx.net> Do you know of a maillist or a forum for gpg4win ? I have problems to install. Bernhard -------------- next part -------------- An HTML attachment was scrubbed... URL: From cai.0407 at gmail.com Tue Jul 8 11:40:34 2014 From: cai.0407 at gmail.com (Kosuke Kaizuka) Date: Tue, 08 Jul 2014 18:40:34 +0900 Subject: gpg4win In-Reply-To: <001301cf9a87$f5215aa0$df640fe0$@gmx.net> References: <001301cf9a87$f5215aa0$df640fe0$@gmx.net> Message-ID: <53BBBC92.3030702@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, On Tue, 8 Jul 2014 10:38:12 +0200, Dr. Bernhard Kleine wrote: > Do you know of a maillist or a forum for gpg4win ? > > I have problems to install. There are mailing lists and support forums in English and German. Eniglish ones are more active than German ones. http://www.gpg4win.org/community.html - -- Kosuke Kaizuka -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBCgAGBQJTu7ySAAoJEFI91dNOjkjZb/sQAKT6oz0wSNGghuiO60BoTDuI u7kFlB2lwpEBJrDmIUJ+7j+V8fRKeYtEQIKaDxEjTuXbFOd68n1078/p7SMhpC52 99/c1rlwcX43BGbpWZfhGvnX/hA24knXwLiqt1sQNqXHgkaNqamzb8yAUvq0O3uJ C96ZABV+JI+XotJdvFzEgRJu+FH7ISW0j09FhKzHJKj95w2m2hkuqrjbVx3ul6dN V3MX39Qwb4VDiwfjuH15Aa7uQRRhxmXrr8qr1uF6OT4WkKSYoyc9Os/mRJ20BjNr kGjSzfou7LGJLNqSBTfWBmxawGp0HFl2dULV7VbgUJm9dTrwJUI1OOZMmQr4P4vX H97AK9MwSafEJ+c9OJTAhvwxWcHkGNj1zPukyleiS+MWZ+qpw5a30k+Xo42j0yYo eKBxSzPnzyGfTPquSZoU7d7Rkd7BozfF2KtLnhhUtWZfpwCIiANUiP/mEyKfQAjf /DLRRN15uOABwy4+VEBrjG779COMICQ052kgH5rF+2XQ1eqikq1AS8+ImVwcRebW /BQcbplVhNlCsPTFIU2uM9mpyNsaJGx8BSToq59X9gMV02fmcDsbZhZfyovSFgPY gQ9zvqgCQsFVo+rTJYieCfRYDptJyo0CiklLKUyL0rly8B0QYMT+lmQzMp1DSM8w NzhvtsgPMVNHK1XvItzf =ihBs -----END PGP SIGNATURE----- From Eddie.Harari at verint.com Tue Jul 8 14:20:02 2014 From: Eddie.Harari at verint.com (Harari, Eddie) Date: Tue, 8 Jul 2014 12:20:02 +0000 Subject: gpg2 and eToken Pro 72k aladin Message-ID: <3CC5F6ED1A9E104CBB4CD0941AD90EB550F757@TLVMBX1.verint.corp.verintsystems.com> Hi all and thanks for taking the time, I have an aladin eToken pro 72K. It works fine with pcsc-lite tools, I was able to store keys and certificate on it's slots and read those with the usual tools (PCSCD , opensc-tool etc...). I am trying to get it to work with gpg2 but with no success and need some pointers how to debug my problem. gpg2 --card-edit ---> admin ---> generate outputs the following: gnupg-pkcs11-scd[7060]: chan_4 <- GENKEY --timestamp=20140703T190553 --force 1 gnupg-pkcs11-scd[7060]: chan_4 -> S KEY-FPR E3F15FC6366EBF27158EA216AB17A748DCBF0562 gnupg-pkcs11-scd[7060]: chan_4 -> S KEY-CREATED-AT 1404414353 gnupg-pkcs11-scd[7060]: chan_4 -> S SERIALNO D2760001240111111111111111111111 0 gnupg-pkcs11-scd[7060]: chan_4 -> S KEY-DATA n 00AB33104306F037880A73F3B20A27B254DF74A7D581A1CE003EA7E134D1892118BAF4FEF139115BC997AFE299D71E017878420B7A09D59FB5936DFA32476030DF21D18EB8908E8D09C2A1B22D1BE0B42B74F71490E9601A1BCE09636B4FB863B44AEDD3BE8E7DDF193A0B3B38F251A914637CB0343A14045FDC0183901877B131 gnupg-pkcs11-scd[7060]: chan_4 -> S KEY-DATA e 010001 gnupg-pkcs11-scd[7060]: chan_4 -> OK gnupg-pkcs11-scd[7060]: chan_4 <- SERIALNO openpgp gnupg-pkcs11-scd[7060]: chan_4 -> S SERIALNO D2760001240111111111111111111111 0 gnupg-pkcs11-scd[7060]: chan_4 -> OK gnupg-pkcs11-scd[7060]: chan_4 <- SETDATA B144D637C97E2D1EAC6A190E86D091E48230EB98 gnupg-pkcs11-scd[7060]: chan_4 -> OK gnupg-pkcs11-scd[7060]: chan_4 <- PKSIGN --hash=sha1 D2760001240111111111111111111111/CBBABA9286B9EEA507FD4105F5F14285EC08E5B5 gnupg-pkcs11-scd[7060]: chan_4 -> INQUIRE NEEDPIN PIN required for token 'CA-Token' (try 0) gnupg-pkcs11-scd[7060]: chan_4 <- [ 44 20 33 30 30 36 37 31 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ] gnupg-pkcs11-scd[7060]: chan_4 <- END gnupg-pkcs11-scd[7060]: chan_4 -> INQUIRE NEEDPIN PIN required for token 'CA-Token' (try 1) gnupg-pkcs11-scd[7060]: chan_4 <- [ 44 20 33 30 30 36 37 32 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ] gnupg-pkcs11-scd[7060]: chan_4 <- END gnupg-pkcs11-scd[7060]: chan_4 -> ERR 108 Card error gpg: signing failed: Card error gpg: make_keysig_packet failed: Card error Key generation failed: Card error What is ERR 108 ? I am looking for any way that can help me debug this problem , Thanks , Eddie. This electronic message may contain proprietary and confidential information of Verint Systems Inc., its affiliates and/or subsidiaries. The information is intended to be for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient (or authorized to receive this e-mail for the intended recipient), you may not use, copy, disclose or distribute to anyone this message or any information contained in this message. If you have received this electronic message in error, please notify us by replying to this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Gould at lexisnexis.com Tue Jul 8 15:09:01 2014 From: Michael.Gould at lexisnexis.com (Gould, Michael (RIS-BCT)) Date: Tue, 8 Jul 2014 13:09:01 +0000 Subject: how to do Message-ID: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B@RISALPMBXP002.risk.regn.net> Currently we use do not use pgp for email, only to decrypt and/or encrypt customer files for processing. We currently use a single user id for this however this doesn't allow us to audit the use. What I was wondering is can I create a public key that has everyone's email address in it that should have access to a specific private key? If not any other suggestions or example or URL of places that have detailed explanations would be appreciated. Best Regards Michael Gould ----------------------------------------- The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product and as such is privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From emylistsddg at gmail.com Tue Jul 8 21:48:30 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Tue, 8 Jul 2014 12:48:30 -0700 Subject: one key/pair for multiple email accounts In-Reply-To: <53BBB74D.5040004@sumptuouscapital.com> References: <20140708084406.GA46262@blinkenshell.org> <53BBB1BA.7080202@sumptuouscapital.com> <20140708091550.GA63635@blinkenshell.org> <53BBB74D.5040004@sumptuouscapital.com> Message-ID: <56568996.20140708124830@gmail.com> @Kristian @TheFuzzyWhirlpoolThunderstorm @Micha appreciate all the replies. all good insights. i've got a better picture in my head of how to manage my keys now. > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > On 07/08/2014 11:15 AM, The Fuzzy Whirlpool Thunderstorm wrote: >> On Tue, Jul 08, 2014 at 10:54:18AM +0200, Kristian Fiskerstrand >> wrote: >>> Wouldn't necessarily be to _hide_ anything either. I tend to use >>> it as a role-based approach, e.g. I have an own key for my work >>> address (that is barely used at all, but it _is_ available). The >>> primary reason for this is that I have that key located on the >>> company computer which is under the control of the IT department, >>> not me, so wouldn't want to use my own personal keys for that. >> There is no limitation of how many keys can be associated with a >> single mail address. You may generate one key for each computer you >> are using and tell your contacts to encrypt the messages with a >> specified key. > If you are talking about subkeys here, that works nicely for signing > keys, not so much for multiple encryption subkeys. >> For example, on a private subject - you may use the key stored on >> your private computer, so that the sender will ensure that you read >> the encrypted message on your private pc not on your public >> system. >> If privacy isn't absolutely needed, you may use the key stored on >> your public system managed by another administrator. Your key is >> safe, as long as you protect it with an uncrackable passphrase. The >> system administrator may gain access to your private key file, but >> not to your private key usage right. > What is to stop them from installing a keylogger if they wanted to? >> One last thing to remember: if you don't trust the system, don't >> store any private key on it. That's a bit paranoid, but it's better >> to be safe than to trust and regret later. > Thats not paranoid, that is good security management. -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B From johanw at vulcan.xs4all.nl Tue Jul 8 22:16:52 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue, 08 Jul 2014 22:16:52 +0200 Subject: GPG's vulnerability to quantum cryptography In-Reply-To: <53BB9246.4070309@sixdemonbag.org> References: <20140706073605.GA65057@blinkenshell.org> <53B97779.8020905@sixdemonbag.org> <20140707215225.GB2043@leortable> <53BB1B18.1070505@sixdemonbag.org> <1685839493.20140708071731@my_localhost> <53BB9246.4070309@sixdemonbag.org> Message-ID: <53BC51B4.9030600@vulcan.xs4all.nl> On 08-07-2014 8:40, Robert J. Hansen wrote: > Nonsense. What, you don't find quantum mechanics to be common-sense and > wholly intuitive? ;) After some time you just get used to it. :-) -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From 2014-667rhzu3dc-lists-groups at riseup.net Wed Jul 9 00:27:49 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 8 Jul 2014 23:27:49 +0100 Subject: one key/pair for multiple email accounts In-Reply-To: <1319122865.20140707144923@gmail.com> References: <1319122865.20140707144923@gmail.com> Message-ID: <306788327.20140708232749@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 7 July 2014 at 10:49:23 PM, in , eMyListsDDg wrote: > i have mulitple email accounts and in the past had > generated a key/pair for each, each with its own unique > passphrase. i'm rethinking that approach. > curious how other uses in this situation manage their > gnupg? I use multiple email addresses and frequently change some of them. I have included no "real" name or valid email address in my key's user-id: the way I use email addresses would otherwise require multiple keys and/or an accumulation of redundant UIDs (if the keys were on keyservers - otherwise I could just delete the redundant UIDs). Also, I happen to believe that:- (1) knowing an email address or a (sufficiently unique) name should enable somebody to find a key to use for encryption. (2) access to a public key should not of itself compromise the privacy of the key "owner" by leaking additional personal data about said "owner." My current solution achieves (2) nut not (1). There are two down sides to this approach. Firstly, the lack of email address makes it harder for other people to use my key. Secondly, if I wanted to participate in the web of trust, the lack of "real" name would make it difficult. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Raining cats and dogs is better than hailing taxis. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO8cHlXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pkIwD/i4nTlHppDY20AgJDnzjZliQ4GtJcrgwVmo3 Kw8FYb7ogJy0p/bfjd4NOpq/IDrcOv6FMLpHLgDPUO1PGfVr1fLRghvC0yZYnd/O 6AOSNUfZWmKoUIYsUIGeZTfn6vfutWmb44mjp+Nn0CKc2OuEO8Ts5Jyzlax/8gcM NK44+wR8 =Drdk -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Wed Jul 9 00:40:22 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 8 Jul 2014 23:40:22 +0100 Subject: Key server long propagation delays? In-Reply-To: References: Message-ID: <1194312416.20140708234022@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 8 July 2014 at 4:04:01 AM, in , Schlacta, Christ wrote: > Later in > the evening, we both sent each other's signed > certificates back to the key servers, [snipped] > if there's any way we can reduce the time it > takes our keys to be visible to each other. The obvious point leaping into my mind is that after signing your colleague's key, emailing it straight to said colleague would eliminate keyserver propagation delays. It would also afford them the opportunity to review youe editing of their key before it was published on the keyserver network. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Pain is inevitable, but misery is optional. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO8c1xXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pfdwEAL7+1tJf9bLeAKX88rKOvm1JNVsqhj1HJbYL jn7J3MIy5SRkYgteKHn2IuZ8pixK4db9DMmwmRRRVPMeO8kTE0SQbjvx/u1zFjCT /3T75atK560T5B+RGuUsENdhCESKlesbaeQsyUxguVu0Km1ZHHg1jjXekzC0lMgV CpLPsNY6 =HmXx -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Jul 9 09:29:04 2014 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 09 Jul 2014 00:29:04 -0700 Subject: one key/pair for multiple email accounts In-Reply-To: <1319122865.20140707144923@gmail.com> References: <1319122865.20140707144923@gmail.com> Message-ID: <53BCEF40.7030706@dougbarton.us> Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, save the list address and start a completely new message. hope this helps, Doug From sudhir at sudhirkhanger.com Wed Jul 9 12:46:42 2014 From: sudhir at sudhirkhanger.com (Sudhir Khanger) Date: Wed, 9 Jul 2014 16:16:42 +0530 Subject: Is it possible to keep password cached for a whole session? Message-ID: I have been told that gpg-agent keeps password cached for the session so that I don't have to constantly enter password to unlock gpg key. My personal experience and a little research says there is nothing like that being done automatically by upstream. I was wondering if anyone could shed light on it? I could get gpg-agent to keep the keys unlocked by adding following lines. ~/.gnupg/gpg-agent.conf default-cache-ttl 34560000 max-cache-ttl 34560000 I am trying to track the following bug https://bugs.kde.org/show_bug.cgi?id=336955 -- Regards, Sudhir Khanger. sudhirkhanger.com https://github.com/donniezazen From jdavidboyd at adboyd.com Tue Jul 8 20:41:36 2014 From: jdavidboyd at adboyd.com (J. David Boyd) Date: Tue, 08 Jul 2014 14:41:36 -0400 Subject: how to do References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B__41041.9547967196$1404839756$gmane$org@RISALPMBXP002.risk.regn.net> Message-ID: "Gould, Michael (RIS-BCT)" writes: > Currently we use do not use pgp for email, only to decrypt and/or > encrypt customer files for processing. We currently use a single user > id for this however this doesn?t allow us to audit the use. What I was > wondering is can I create a public key that has everyone?s email > address in it that should have access to a specific private key? If > not any other suggestions or example or URL of places that have > detailed explanations would be appreciated. > > Best Regards > > Michael Gould > You _can_ do that. I have several email addresses associated with my gpg key. The problem is that all the 'users' will have to know the pass phrase to the secret key to be able to crypt/decrypt, which means that any of them can make changes to your keys. Dave From mailinglisten at hauke-laging.de Wed Jul 9 18:54:36 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 09 Jul 2014 18:54:36 +0200 Subject: how to do In-Reply-To: References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B__41041.9547967196$1404839756$gmane$org@RISALPMBXP002.risk.regn.net> Message-ID: <3222188.kZ1ztGDBqg@inno> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd: > The problem is that all the 'users' will have to know the > pass phrase to the secret key to be able to crypt/decrypt, That is right. > which > means that any of them can make changes to your keys. And that is wrong. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From aarcane at aarcane.org Wed Jul 9 18:53:11 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Wed, 9 Jul 2014 09:53:11 -0700 Subject: how to do In-Reply-To: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B@RISALPMBXP002.risk.regn.net> References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B@RISALPMBXP002.risk.regn.net> Message-ID: Depending on how many users are expected to have access to this file, you can just maintain a public keyring that everyone has. You then have everyone encrypt to the list of everyone, and then anyone can decrypt it with their private key and password and re encrypt to everyone. This solution scales poorly, and so should be used only on a small scale. For a larger scale, you probably want a more robust solution. On Jul 8, 2014 10:16 AM, "Gould, Michael (RIS-BCT)" < Michael.Gould at lexisnexis.com> wrote: > Currently we use do not use pgp for email, only to decrypt and/or > encrypt customer files for processing. We currently use a single user id > for this however this doesn?t allow us to audit the use. What I was > wondering is can I create a public key that has everyone?s email address in > it that should have access to a specific private key? If not any other > suggestions or example or URL of places that have detailed explanations > would be appreciated. > > > > Best Regards > > > > Michael Gould > > > > ------------------------------ > > * The information contained in this e-mail message is intended only for > the personal and confidential use of the recipient(s) named above. This > message may be an attorney-client communication and/or work product and as > such is privileged and confidential. If the reader of this message is not > the intended recipient or an agent responsible for delivering it to the > intended recipient, you are hereby notified that you have received this > document in error and that any review, dissemination, distribution, or > copying of this message is strictly prohibited. If you have received this > communication in error, please notify us immediately by e-mail, and delete > the original message. * > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From 2014-667rhzu3dc-lists-groups at riseup.net Wed Jul 9 20:40:06 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Wed, 9 Jul 2014 19:40:06 +0100 Subject: how to do In-Reply-To: <3222188.kZ1ztGDBqg@inno> References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B__41041.9547967196$1404839756$gmane$org@RISALPMBXP002.risk.regn.net> <3222188.kZ1ztGDBqg@inno> Message-ID: <638466689.20140709194006@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 9 July 2014 at 5:54:36 PM, in , Hauke Laging wrote: > Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd: >> which means that any of them can make changes to your >> keys. > And that is wrong. Please can you elaborate on how it is incorrect to say that somebody who knows the passphrase to a secret key can make changes to that key. Would this maybe be the case when using an encryption subkey with an offline main key? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net An idealist is a person who helps other people to be prosperous -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlO9jJZXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pVL0D/0Mu8Ndm67MXYE/LRe4vzMBkhN8//1PE9e5H 5fCZzzNkHbdCCfzY/MbYXAJEn72ZU3yCObAx+V1UViVxkPywHg8YgNRkhcPMZ2Y3 FPIXfqkOYu9iiYlY3jfof2XYBuD0yeLhebvkqFO0cMg6Ntxh/dEuW5G1iN4y4VPR wxlxthQD =viV7 -----END PGP SIGNATURE----- From ikrabbe.ask at gmail.com Wed Jul 9 20:59:59 2014 From: ikrabbe.ask at gmail.com (Ingo Krabbe) Date: Wed, 9 Jul 2014 20:59:59 +0200 Subject: pinentry-curses and dumb terminals Message-ID: <6fc0b1b4469be8e6d826118be1dfba84@krabbe.dyndns.org> Hey, this is just a first idea to change pinentry-curses for dumb terminals: ============ BEGIN commit 0207ab455a36e6e49017e2a8e44b31a3200f5c14 Author: Ingo Krabbe Date: Wed Jul 9 18:50:11 2014 +0000 added \n for the dialog default sequence I use very plain dumb terminals from plan9 to connect to my servers and I still want to use gpg with pinentry to unlock my keys. This is just a first quick patch to (re) enable the Enter key to finish the dialog, as my terminal posts \n not \r for an enter key. Actually that is no terminal but a plain text connection over the network, which is much less interpreted and much simpler than using full tty emulations. Maybe I will replace the dialog with a plain no-echo dialog, when the terminal is "dumb" diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 58da255..2f02780 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -888,7 +888,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) done = -2; break; - case '\r': + case '\r': case '\n': switch (diag.pos) { case DIALOG_POS_PIN: ====================== END cheers ingo krabbe From free10pro at gmail.com Thu Jul 10 01:26:28 2014 From: free10pro at gmail.com (Paul R. Ramer) Date: Wed, 09 Jul 2014 16:26:28 -0700 Subject: how to do In-Reply-To: <638466689.20140709194006@my_localhost> References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B__41041.9547967196$1404839756$gmane$org@RISALPMBXP002.risk.regn.net> <3222188.kZ1ztGDBqg@inno> <638466689.20140709194006@my_localhost> Message-ID: On July 9, 2014 11:40:06 AM PDT, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hi > > >On Wednesday 9 July 2014 at 5:54:36 PM, in >, Hauke Laging wrote: > > >> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd: >>> which means that any of them can make changes to your >>> keys. > >> And that is wrong. > >Please can you elaborate on how it is incorrect to say that somebody >who knows the passphrase to a secret key can make changes to that key. >Would this maybe be the case when using an encryption subkey with an >offline main key? If you make encryption and signing subkeys you can export them (i.e. the secret subkeys), create a new gnupg home directory, import the subkeys, change the password on them, and finally, export and distribute them to the people who are supposed to use them. By doing this you can have a person who manages the master key separately under another password and the authorized users can use the encryption and signing secret subkeys without being able to make changes to them. The person who manages the master key can add new UIDs for the any new user and give that person a copy of the secret subkeys with the password. The only problem that I see right away is revoking control when one of the users leaves. One way that you could remedy this is to revoke the old subkeys and issue new ones. I am not recommending this method but it is a way that it can be done. Anyway... Cheers, -Paul -- PGP: 3DB6D884 From jdavidboyd at adboyd.com Thu Jul 10 15:13:30 2014 From: jdavidboyd at adboyd.com (J. David Boyd) Date: Thu, 10 Jul 2014 09:13:30 -0400 Subject: how to do References: <84A040C5B93A2B41AE6B78E16B48A4F33A83742B__41041.9547967196$1404839756$gmane$org@RISALPMBXP002.risk.regn.net> <3222188.kZ1ztGDBqg@inno> <638466689.20140709194006@my_localhost> Message-ID: "Paul R. Ramer" writes: > On July 9, 2014 11:40:06 AM PDT, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA512 >> >>Hi >> >> >>On Wednesday 9 July 2014 at 5:54:36 PM, in >>, Hauke Laging wrote: >> >> >>> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd: >>>> which means that any of them can make changes to your >>>> keys. >> >>> And that is wrong. >> >>Please can you elaborate on how it is incorrect to say that somebody >>who knows the passphrase to a secret key can make changes to that key. >>Would this maybe be the case when using an encryption subkey with an >>offline main key? > > If you make encryption and signing subkeys you can export them > (i.e. the secret subkeys), create a new gnupg home directory, import > the subkeys, change the password on them, and finally, export and > distribute them to the people who are supposed to use them. > > By doing this you can have a person who manages the master key > separately under another password and the authorized users can use the > encryption and signing secret subkeys without being able to make > changes to them. > > The person who manages the master key can add new UIDs for the any new > user and give that person a copy of the secret subkeys with the > password. The only problem that I see right away is revoking control > when one of the users leaves. One way that you could remedy this is > to revoke the old subkeys and issue new ones. > > I am not recommending this method but it is a way that it can be done. > > Anyway... > > Cheers, > > -Paul > > -- > PGP: 3DB6D884 Wow, that would be a lot of work. Actually, I didn't even know you could do that. GPG is versatile, to say the least. Dave PGP: 96569433 From tux.tsndcb at free.fr Thu Jul 10 19:28:32 2014 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Thu, 10 Jul 2014 19:28:32 +0200 (CEST) Subject: Cyberjack go plus new internal storage size In-Reply-To: <2053149833.65479876.1405012764551.JavaMail.root@zimbra33-e6.priv.proxad.net> Message-ID: <433906789.65504102.1405013312249.JavaMail.root@zimbra33-e6.priv.proxad.net> Hello all, Just for information, it seems than ReinerSCT have change internal storage size from 2 Go to 4 Go. Best Regards From ricul77 at gmail.com Thu Jul 10 21:44:07 2014 From: ricul77 at gmail.com (Richard Ulrich) Date: Thu, 10 Jul 2014 21:44:07 +0200 Subject: using different encryption key in evolution Message-ID: <1405021447.5704.22.camel@XPS13dev> I realize, this question is more related to evolution than gpg directly, but people here might know better than in an evolution mailing list (which I'm not subscribed anyway). Suppose a company has a mail address that is distributed among a group of employees. E.g. if I send a mail to sales at compa.ny that mail is forwarded to alice at compa.ny and bob at compa.ny. Now I want to send an encrypted mail to sales at compa.ny, but there is no gpg key to that address. Instead I find keys for some people that will finally get the mail. Is there a way in evolution to explicitly state which encryption keys to use? Judging from the gpg manpage, it could be done on the commandline, but that would be difficult to then send as a regular email, I guess. Rgds Richard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ndk.clanbo at gmail.com Fri Jul 11 11:41:56 2014 From: ndk.clanbo at gmail.com (NdK) Date: Fri, 11 Jul 2014 11:41:56 +0200 Subject: using different encryption key in evolution In-Reply-To: <1405021447.5704.22.camel@XPS13dev> References: <1405021447.5704.22.camel@XPS13dev> Message-ID: <53BFB164.6010204@gmail.com> Il 10/07/2014 21:44, Richard Ulrich ha scritto: > Is there a way in evolution to explicitly state which encryption keys to > use? > Judging from the gpg manpage, it could be done on the commandline, but > that would be difficult to then send as a regular email, I guess. Try putting the individual addresses in cc. While there's no key for the main address, it should find others' keys and use 'em so that they all can read it. Just guessing, since I don't use evolution. BYtE, Diego. From david at gbenet.com Fri Jul 11 11:45:12 2014 From: david at gbenet.com (david at gbenet.com) Date: Fri, 11 Jul 2014 10:45:12 +0100 Subject: GPG4Win question Message-ID: <53BFB228.3060803@gbenet.com> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x8716853A.asc Type: application/pgp-keys Size: 1926 bytes Desc: not available URL: From philip.jackson at nordnet.fr Fri Jul 11 15:10:45 2014 From: philip.jackson at nordnet.fr (Philip Jackson) Date: Fri, 11 Jul 2014 15:10:45 +0200 Subject: GPG4Win question In-Reply-To: <53BFB228.3060803@gbenet.com> References: <53BFB228.3060803@gbenet.com> Message-ID: <53BFE255.2000905@nordnet.fr> On 11/07/14 11:45, david at gbenet.com wrote: > > Hi All, > > In what folder does gpg4win store it's gpa.conf and pubring.gpg files? > In Windows 7, 64bit, these files are in /Users/your_user_name/AppData/Roaming/gnupg/ regards, Philip -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x23543A63.asc Type: application/pgp-keys Size: 5190 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From pete at heypete.com Fri Jul 11 14:50:48 2014 From: pete at heypete.com (Pete Stephenson) Date: Fri, 11 Jul 2014 14:50:48 +0200 Subject: GPG4Win question In-Reply-To: <53BFB228.3060803@gbenet.com> References: <53BFB228.3060803@gbenet.com> Message-ID: On Fri, Jul 11, 2014 at 11:45 AM, david at gbenet.com wrote: > > Hi All, > > In what folder does gpg4win store it's gpa.conf and pubring.gpg files? > In Windows 7 at least, it's in %appdata%\Roaming\gnupg -- Pete Stephenson -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at gbenet.com Sat Jul 12 10:02:09 2014 From: david at gbenet.com (david at gbenet.com) Date: Sat, 12 Jul 2014 09:02:09 +0100 Subject: GPG4Win question In-Reply-To: <53BFE255.2000905@nordnet.fr> References: <53BFB228.3060803@gbenet.com> <53BFE255.2000905@nordnet.fr> Message-ID: <53C0EB81.2070706@gbenet.com> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x8716853A.asc Type: application/pgp-keys Size: 1926 bytes Desc: not available URL: From kloecker at kde.org Sat Jul 12 18:22:21 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 12 Jul 2014 18:22:21 +0200 Subject: GPG4Win question In-Reply-To: <53C0EB81.2070706@gbenet.com> References: <53BFB228.3060803@gbenet.com> <53BFE255.2000905@nordnet.fr> <53C0EB81.2070706@gbenet.com> Message-ID: <1545438.rpClIEyLCG@thufir.ingo-kloecker.de> Hi David, On Saturday 12 July 2014 09:02:09 david at gbenet.com wrote: > > > > >
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
[snip] > -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - class="moz-txt-link-freetext" > href="http://www.enigmail.net/">http://www.enigmail.net/

> iJwEAQECAAYFAlPA62MACgkQPsGd8ZKwe+f+pgQAlV7P/TqmX47kU5dt3xrW4c > Jg
> rpFuCr1KVKUJHE4WOvv1LI/FN9QUejK9M1+7OmfO5xpBrJDbOeiJMovwaTFQ4aEz< > br> > FITE3eiNGt57hhuZp/F5LOdLTnuaVx23mTXAHSV4fGQxtjTGSgtK9CPi2I5X6Uol
> LUBORhgPEu2L0pSUDd8=
> =P4Ev
> -----END PGP SIGNATURE-----
>
> > You are sending your mails in HTML format and you are trying to use inline PGP signatures. This doesn't work. The HTML formatting breaks the inline PGP signatures. There are two ways to make it work: a) Tell Thunderbird to send plain text messages instead of HTML messages. b) Tell the Enigmail-plugin to use OpenPGP/MIME instead of inline OpenPGP for signatures. The third option you have is to do a) and b), i.e. send OpenPGP/MIME- signed plain text messages. That's what I do. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From david at gbenet.com Sat Jul 12 18:48:01 2014 From: david at gbenet.com (david at gbenet.com) Date: Sat, 12 Jul 2014 17:48:01 +0100 Subject: GPG4Win question In-Reply-To: <1545438.rpClIEyLCG@thufir.ingo-kloecker.de> References: <53BFB228.3060803@gbenet.com> <53BFE255.2000905@nordnet.fr> <53C0EB81.2070706@gbenet.com> <1545438.rpClIEyLCG@thufir.ingo-kloecker.de> Message-ID: <53C166C1.9000609@gbenet.com> On 12/07/14 17:22, Ingo Kl?cker wrote: > Hi David, > > On Saturday 12 July 2014 09:02:09 david at gbenet.com wrote: >> >> >> >> >>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
> [snip] >> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - > class="moz-txt-link-freetext" >> href="http://www.enigmail.net/">http://www.enigmail.net/

>> iJwEAQECAAYFAlPA62MACgkQPsGd8ZKwe+f+pgQAlV7P/TqmX47kU5dt3xrW4c >> Jg
>> rpFuCr1KVKUJHE4WOvv1LI/FN9QUejK9M1+7OmfO5xpBrJDbOeiJMovwaTFQ4aEz< >> br> >> FITE3eiNGt57hhuZp/F5LOdLTnuaVx23mTXAHSV4fGQxtjTGSgtK9CPi2I5X6Uol
>> LUBORhgPEu2L0pSUDd8=
>> =P4Ev
>> -----END PGP SIGNATURE-----
>>
>> >> > > You are sending your mails in HTML format and you are trying to use > inline PGP signatures. This doesn't work. The HTML formatting breaks the > inline PGP signatures. There are two ways to make it work: > a) Tell Thunderbird to send plain text messages instead of HTML > messages. > b) Tell the Enigmail-plugin to use OpenPGP/MIME instead of inline > OpenPGP for signatures. > > The third option you have is to do a) and b), i.e. send OpenPGP/MIME- > signed plain text messages. That's what I do. > > > Regards, > Ingo > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > hi Ingo, I realised my errors - I just re-installed Linux - and changed my partners Windows machine to Linux. All I have now to do is sort out her Thunderbird Mail to move it over to Linux. Thanks for reminding me :) David -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html - http://gbenet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x8716853A.asc Type: application/pgp-keys Size: 1926 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 381 bytes Desc: OpenPGP digital signature URL: From emylistsddg at gmail.com Mon Jul 14 00:18:11 2014 From: emylistsddg at gmail.com (eMyListsDDg) Date: Sun, 13 Jul 2014 15:18:11 -0700 Subject: one key/pair for multiple email accounts In-Reply-To: <306788327.20140708232749@my_localhost> References: <1319122865.20140707144923@gmail.com> <306788327.20140708232749@my_localhost> Message-ID: <969024867.20140713151811@gmail.com> Hello MFPA, Tuesday, July 8, 2014, 3:27:49 PM, you wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > Hi > On Monday 7 July 2014 at 10:49:23 PM, in > , eMyListsDDg wrote: >> i have mulitple email accounts and in the past had >> generated a key/pair for each, each with its own unique >> passphrase. i'm rethinking that approach. >> curious how other uses in this situation manage their >> gnupg? > I use multiple email addresses and frequently change some of them. I > have included no "real" name or valid email address in my key's > user-id: the way I use email addresses would otherwise require > multiple keys and/or an accumulation of redundant UIDs (if the keys > were on keyservers - otherwise I could just delete the redundant > UIDs). > Also, I happen to believe that:- > (1) knowing an email address or a (sufficiently unique) name should > enable somebody to find a key to use for encryption. > (2) access to a public key should not of itself compromise the > privacy of the key "owner" by leaking additional personal data > about said "owner." > My current solution achieves (2) nut not (1). > There are two down sides to this approach. Firstly, the lack of email > address makes it harder for other people to use my key. Secondly, if I > wanted to participate in the web of trust, the lack of "real" name > would make it difficult. good points. thanks for the insight. i see some tweaks i'll incorporate. From rdohm321 at gmail.com Mon Jul 14 01:10:32 2014 From: rdohm321 at gmail.com (Randolph) Date: Mon, 14 Jul 2014 01:10:32 +0200 Subject: Fwd: AE for OpenSUSE Message-ID: fwd fyi > Adaptive Echo for OpenSUSE > http://1.1.1.1/bmi/goldbug.sourceforge.net/img/AE.png > https://sourceforge.net/projects/goldbug/files/goldbug-im_OPENSUSE13.1/ > https://twitter.com/GoldBugIM/status/488382578609889280/photo/1 > http://software.opensuse.org/package/goldbug?search_term=goldbug > > Windows: http://sourceforge.net/projects/goldbug/files/?source=navbar From dougb at dougbarton.us Mon Jul 14 03:26:00 2014 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 13 Jul 2014 18:26:00 -0700 Subject: using different encryption key in evolution In-Reply-To: <1405021447.5704.22.camel@XPS13dev> References: <1405021447.5704.22.camel@XPS13dev> Message-ID: <53C331A8.2050302@dougbarton.us> On 07/10/2014 12:44 PM, Richard Ulrich wrote: > I realize, this question is more related to evolution than gpg directly, > but people here might know better than in an evolution mailing list > (which I'm not subscribed anyway). > > Suppose a company has a mail address that is distributed among a group > of employees. E.g. if I send a mail to sales at compa.ny that mail is > forwarded to alice at compa.ny and bob at compa.ny. > > Now I want to send an encrypted mail to sales at compa.ny, but there is no > gpg key to that address. Instead I find keys for some people that will > finally get the mail. If you know you have keys for all the recipients of the sales@ list, you can create a group in your gpg.conf file which contains the key Ids. You may have to experiment with the group "name" to get the interface between evolution and gnupg to recognize the group name as an e-mail address. For example: group sales at company.ny = key1 key2 ... group = key1 key2 ... etc. hope this helps, Doug From aarcane at aarcane.org Mon Jul 14 06:06:50 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Sun, 13 Jul 2014 21:06:50 -0700 Subject: How to add secondary uid? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've googled, and I've searched, and I've tried and I've screwed up and deleted without sending to keyserver... but I can't for the life of me figure out how to add my lesser used e-mails to my gpg key as secondaries. Every time I try, they become the primary uid, and completely unsigned by the people who have signed my primary UID, as well. Not sure how to add the secondaries... but I figure one of you will know. How do I add secondary UIDs to my gpg key? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTw1dLAAoJEFiHuRCpy1pBtP4H+wRRD6b9/BYfSBZu4kl9v6m3 GNi55gzA94rydQY6v4F3TJyVAqSl0BY8i1m3/H/YIbB9o1rnh7sgQs/4pxDBJ9xN jYrzcNjLwlYMEe5n8SjL4Rey07Aiu0uDNWkSyWgCnwoBnuyFMaZjO7sikpP5Kjza l+jjQFJagfW6ZclvmXBKfspWOOX9jp9Q6llXGjvM+DNcW6YDvaqTGu/40s5LRLYv VMAfabBZKnWCoP6LQGq/ASmCl5DdRIDJznUX5TBJUOfho4jEJnEppqSA5HYEiXuQ sYVgculebCArcSskgYax0n3KF5MH1hC+8yO9/oBaLza0Y91OcmOBQcJKreAz10s= =n8+1 -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Mon Jul 14 06:17:06 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 14 Jul 2014 06:17:06 +0200 Subject: How to add secondary uid? In-Reply-To: References: Message-ID: <1602681.irneR60Q4V@inno> Am So 13.07.2014, 21:06:50 schrieb Schlacta, Christ: > I've googled, and I've searched, and I've tried and I've screwed up > and deleted without sending to keyserver... but I can't for the life > of me figure out how to add my lesser used e-mails to my gpg key as > secondaries. Every time I try, they become the primary uid, and > completely unsigned by the people who have signed my primary UID, as > well. Not sure how to add the secondaries... but I figure one of you > will know. How do I add secondary UIDs to my gpg key? The answer is simple: You cannot "add a secondary UID" to a certificate. You can "add a UID" only. The new one does not become a "primary UID" in a technical sense. It is just shown first because it has the newest self signature. You have to explicitly mark one as primary: gpg --edit-key 0x12345678 gpg> uid 2 gpg> primary gpg> save Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From an at fh-wedel.de Sat Jul 12 22:33:28 2014 From: an at fh-wedel.de (Michael Anders) Date: Sat, 12 Jul 2014 22:33:28 +0200 Subject: how to do In-Reply-To: References: Message-ID: <1405197208.3542.48.camel@an> > >Please can you elaborate on how it is incorrect to say that somebody > >who knows the passphrase to a secret key can make changes to that key. > >Would this maybe be the case when using an encryption subkey with an > >offline main key? > > If you make encryption and signing subkeys you can export them (i.e. the secret subkeys), create a new gnupg home directory, > import the subkeys, change the password on them, and finally, export > and distribute them to the people who are supposed to use them. > By doing this you can have a person who manages the master key separately under another password and the authorized users can > use the encryption and signing secret subkeys without being able to make changes to them.... I think we are in danger of working with different concepts of what "not being able to" means. On a first level, if you have read/write access to the key-file, it is just a file and you can do pretty much anything with it. On a second level, proper cryptographic protection may prevent you from doing anything sensible with it, if you don't have access to the protecting secret(e.g.the GnuPG access passphrase). On a third level you may know the secret access key but within the small world of a particular cryto tool (GnuPG in this case) you "cannot do". You may sit down and code it yourself, however. This third level of "cannot do" is usually disregarded by cryptographers and IT-security people, yet I think this is probably the kind of "cannot do" we are talking about here. I have to admit I don't know much about the way the subkey structure is organized internally in OpenPGP, so if there is some true cryptographic protection of the subkey relationships, may someone who knows about it please tell me. If there were true cryptographic protection, it would have to work without a password. This might be very interesting crypto stuff then :-).. My gut feeling makes me believe this protection is impossible with cryptographically independent keys, however, and that you could always at least embed the exported subkey into a newly created parent key structure and newly design whatever sub/super-key structure you like around the exported key. So unless there is convincing cryptographic reasoning about why you cannot do something to the key you have the access password to, I would not rely on the "cannot do". Regards, Michael Anders From alittlephoenix at 163.com Mon Jul 14 04:42:51 2014 From: alittlephoenix at 163.com (alittlephoenix) Date: Mon, 14 Jul 2014 10:42:51 +0800 Subject: Bug report:data lost Message-ID: <20140714104251.00007249@unknown> Hi? I found a critical bug of GPG4win,which may cause data loss.It's that,when I select several files that with Chinese character names,right click and select encrypt and/or sign,and do it ,then these several files can not packaged and encrypted to a .tar.gpg archive.The data lost,not packaged in the archive.That may cause data lost.The issue is that ,the GPG don't support Chinese character well.In the above case,if the file named English letters,there's no problem.The same thing happens when select a folder which include several files named with Chinese characters and right click to encrypt or sign.This is very inconvenient. Is that a problem? Thanks for solving it. Best regards. littlephoenix 2014-07-14 From dkg at fifthhorseman.net Mon Jul 14 16:35:02 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 14 Jul 2014 10:35:02 -0400 Subject: Bug report:data lost In-Reply-To: <20140714104251.00007249@unknown> References: <20140714104251.00007249@unknown> Message-ID: <53C3EA96.80906@fifthhorseman.net> On 07/13/2014 10:42 PM, alittlephoenix wrote: > Hi? > I found a critical bug of GPG4win,which may cause data loss.It's > that,when I select several files that with Chinese character names,right > click and select encrypt and/or sign,and do it ,then these several > files can not packaged and encrypted to a .tar.gpg archive.The data > lost,not packaged in the archive.That may cause data lost.The issue is > that ,the GPG don't support Chinese character well.In the above case,if > the file named English letters,there's no problem.The same thing > happens when select a folder which include several files named with > Chinese characters and right click to encrypt or sign.This is very > inconvenient. > > Is that a problem? This does sound like a problem. it would be good to know if this is an issue with gpg archiving mechanism, or something to do with the gpg4win graphical interface. I don't have a windows machine handy, but I would like to try to replicate the problem on a unix-like platform. Can you give an example of filenames that get lost? Also, have you tried using the command line tools to create the archive? I don't know what the command is called in gpg4win, but on unix the command would be: gpg-zip --encrypt --output test.tar.gpg -r WHOEVER FILE1 FILE2 (replace WHOEVER with the name of the recipient, and replace FILE1 and FILE2 with the filenames to be included in the archive) hope this helps, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 949 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Mon Jul 14 17:44:19 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 14 Jul 2014 17:44:19 +0200 Subject: email bot for PGP/MIME PGP/Inline conversion Message-ID: <1941784.HI3FAsm8DL@inno> Hello, first I admit that this is not a GnuPG problem. AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME yet. Wouldn't it be nice to have a mail service where you can send a PGP/MIME mail to and get it back in PGP/Inline format (or more general: in the other format)? If the message is encrypted then there would not even be a privacy concern. Unencrypted mail could be forwarded (and sent back) encryptedly. The service provider could read it though. If such services become established (of course, after so much time the smartphone apps should finally be fixed...) then the mail providers could offer this service themselves. They already know the mail content anyway. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From martijn.list at gmail.com Mon Jul 14 18:06:37 2014 From: martijn.list at gmail.com (martijn.list) Date: Mon, 14 Jul 2014 18:06:37 +0200 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <1941784.HI3FAsm8DL@inno> References: <1941784.HI3FAsm8DL@inno> Message-ID: <53C4000D.3060908@gmail.com> On 07/14/2014 05:44 PM, Hauke Laging wrote: > Hello, > > first I admit that this is not a GnuPG problem. > > AFAIK the smartphone OpenPGP clients are incapable of handling > PGP/MIME yet. Wouldn't it be nice to have a mail service where you > can send a PGP/MIME mail to and get it back in PGP/Inline format > (or more general: in the other format)? > > If the message is encrypted then there would not even be a privacy > concern. > > Unencrypted mail could be forwarded (and sent back) encryptedly. > The service provider could read it though. > > If such services become established (of course, after so much time > the smartphone apps should finally be fixed...) then the mail > providers could offer this service themselves. They already know > the mail content anyway. Unfortunately this won't work. You cannot convert a PGP/MIME message into a PGP/INLINE message and vice versa. With a PGP/MIME message, the complete MIME structure is signed and/or encrypted. This includes attachments etc. With PGP/INLINE every individual MIME part is signed and/or encrypted. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail From mailinglisten at hauke-laging.de Mon Jul 14 18:12:05 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 14 Jul 2014 18:12:05 +0200 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <53C4000D.3060908@gmail.com> References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> Message-ID: <3769515.DsBsmzaLWn@inno> Am Mo 14.07.2014, 18:06:37 schrieb martijn.list: > Unfortunately this won't work. ...with emails which have an attachment. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From dougb at dougbarton.us Mon Jul 14 18:18:17 2014 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 14 Jul 2014 09:18:17 -0700 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <53C4000D.3060908@gmail.com> References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> Message-ID: <53C402C9.1090005@dougbarton.us> On 07/14/2014 09:06 AM, martijn.list wrote: > Unfortunately this won't work. You cannot convert a PGP/MIME message > into a PGP/INLINE message and vice versa. With a PGP/MIME message, the > complete MIME structure is signed and/or encrypted. This includes > attachments etc. In the absence of attachments, I'm fairly certain you're wrong about that. I've written a script to verify the signature of PGP/MIME messages, and the signature is over the message itself (again, in the absence of attachments). It should be fairly simple to take that script and output the message body with a synthesized inline signature. Attachments add a lot of complexity, but even there it should be doable, just a SMOP. The thing that would trip you up are message types that can only be successfully signed with PGP/MIME, like HTML, and certain character encodings. So you could never have a completely successful solution, but you could probably get to 80% or so with a minimum of difficulty. hth, Doug From martijn.list at gmail.com Mon Jul 14 18:33:37 2014 From: martijn.list at gmail.com (martijn.list) Date: Mon, 14 Jul 2014 18:33:37 +0200 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <53C402C9.1090005@dougbarton.us> References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> <53C402C9.1090005@dougbarton.us> Message-ID: <53C40661.8080400@gmail.com> On 07/14/2014 06:18 PM, Doug Barton wrote: > On 07/14/2014 09:06 AM, martijn.list wrote: > >> Unfortunately this won't work. You cannot convert a PGP/MIME message >> into a PGP/INLINE message and vice versa. With a PGP/MIME message, the >> complete MIME structure is signed and/or encrypted. This includes >> attachments etc. > > In the absence of attachments, I'm fairly certain you're wrong about > that. I've written a script to verify the signature of PGP/MIME > messages, and the signature is over the message itself (again, in the > absence of attachments). It should be fairly simple to take that script > and output the message body with a synthesized inline signature. Yes with a text only message it should work. But if you have a multipart/alternative message (i.e., text and html part) you'll run into troubles. > Attachments add a lot of complexity, but even there it should be doable, > just a SMOP. But how? you can of course show the complete MIME structure but that is not very informative I would think. Perhaps I'm missing something though. > The thing that would trip you up are message types that can only be > successfully signed with PGP/MIME, like HTML, and certain character > encodings. So you could never have a completely successful solution, but > you could probably get to 80% or so with a minimum of difficulty. With "unfortunately won't work", I meant won't work in the general case :) Of course there will be cases where it will work. The problem is that since the original message is encrypted, you cannot know for sure for which message it will work and for which message it won't. But if someone is happy with 80% reliability then you might make people happy with such a service. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail From dougb at dougbarton.us Mon Jul 14 19:30:06 2014 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 14 Jul 2014 10:30:06 -0700 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <53C40661.8080400@gmail.com> References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> <53C402C9.1090005@dougbarton.us> <53C40661.8080400@gmail.com> Message-ID: <53C4139E.8010704@dougbarton.us> On 07/14/2014 09:33 AM, martijn.list wrote: > The problem is that since the original message is encrypted Signed is the common case, and I believe what the OP was asking about. Of course decrypting PGP/MIME is trivial, and then you're right back to what I wrote in the previous message about dealing with the parts. Doug From johanw at vulcan.xs4all.nl Mon Jul 14 20:00:56 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 14 Jul 2014 20:00:56 +0200 Subject: gnupg - pgp reading signed files Message-ID: <53C41AD8.90806@vulcan.xs4all.nl> Hello, Due to a discussion on sci.crypt I tried pgp 2.6 accept a file signed by gnupg. This worked, but only when I set the compression to 0 (none). Doesn't pgp 2.6 use zip compression? I have in gpg.conf: compress-algo 0 cipher-algo IDEA digest-algo MD5 s2k-cipher-algo IDEA s2k-digest-algo MD5 rfc1991 pgp2 gpg --sign --armor file.txt results in file.txt.asc pgp 2 can interpret it just fine. I use gnupg 1.4.18 and pgp 2.6.3ia (compiled myself as 32 bit win32 commandline executable). If I use another value for compress-algo pgp gives: ERROR: Nested data has unexpected format. CTB=0x90 -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From aarcane at aarcane.org Mon Jul 14 19:49:29 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Mon, 14 Jul 2014 10:49:29 -0700 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: <53C40661.8080400@gmail.com> References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> <53C402C9.1090005@dougbarton.us> <53C40661.8080400@gmail.com> Message-ID: Verify, strip, resign. Of course each person would have to configure their own trusted MTA. If it got compromised, it could either falsely verify inbound mail to them, or spoof out bound mail as them. Dependent on which function it was configured to perform. On Jul 14, 2014 10:22 AM, "martijn.list" wrote: > On 07/14/2014 06:18 PM, Doug Barton wrote: > > On 07/14/2014 09:06 AM, martijn.list wrote: > > > >> Unfortunately this won't work. You cannot convert a PGP/MIME message > >> into a PGP/INLINE message and vice versa. With a PGP/MIME message, the > >> complete MIME structure is signed and/or encrypted. This includes > >> attachments etc. > > > > In the absence of attachments, I'm fairly certain you're wrong about > > that. I've written a script to verify the signature of PGP/MIME > > messages, and the signature is over the message itself (again, in the > > absence of attachments). It should be fairly simple to take that script > > and output the message body with a synthesized inline signature. > > Yes with a text only message it should work. But if you have a > multipart/alternative message (i.e., text and html part) you'll run into > troubles. > > > Attachments add a lot of complexity, but even there it should be doable, > > just a SMOP. > > But how? you can of course show the complete MIME structure but that is > not very informative I would think. Perhaps I'm missing something though. > > > The thing that would trip you up are message types that can only be > > successfully signed with PGP/MIME, like HTML, and certain character > > encodings. So you could never have a completely successful solution, but > > you could probably get to 80% or so with a minimum of difficulty. > > With "unfortunately won't work", I meant won't work in the general case > :) Of course there will be cases where it will work. The problem is that > since the original message is encrypted, you cannot know for sure for > which message it will work and for which message it won't. But if > someone is happy with 80% reliability then you might make people happy > with such a service. > > Kind regards, > > Martijn Brinkers > > -- > CipherMail email encryption > > Open source email encryption gateway with support for S/MIME, OpenPGP > and PDF messaging. > > http://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Mon Jul 14 20:50:59 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 14 Jul 2014 20:50:59 +0200 Subject: how to do In-Reply-To: <1405197208.3542.48.camel@an> References: <1405197208.3542.48.camel@an> Message-ID: <53C42693.5040505@digitalbrains.com> On 12/07/14 22:33, Michael Anders wrote: > I think we are in danger of working with different concepts of what > "not being able to" means. The scenario painted is this: The primary key is used for creating new UIDs and certifying other people's keys. The subkeys are used for signing data and messages, and for encryption. The "authorized people" who can do decryption and signatures simply do not have access to the key material of the primary secret key; they have only been given the secret subkeys. They are cryptographically prevented from adding UIDs or certifying other people's keys because they only have the public key for the primary key. For example, in the case of RSA, there is no copy of the two large primes of the primary key on their computer; not even an encrypted copy. The data is simply absent. > My gut feeling makes me believe this protection is impossible with > cryptographically independent keys The primary key and the subkeys are independent from a cryptographic standpoint; it is only by (signed) data that they are linked, not by math. This is precisely the reason why this works, so I suspect you've accidentally left out a negation in that sentence or put one in too many. > and that you could always at least embed the exported subkey into a > newly created parent key structure and newly design whatever > sub/super-key structure you like around the exported key. GnuPG uses a "dummy-S2K" for this purpose, which signals that what follows is not actually private key material, but an omission of that. It looks like this when using --list-packets: :secret key packet: version 4, algo 1, created 1331982780, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-dummy S2K, algo: 3, SHA1 protection, hash: 2 protect IV: keyid: 98B67DE4DCDFDFA4 :user ID packet: "Test Teststra (Koning van Wezel) " :signature packet: algo 1, keyid 98B67DE4DCDFDFA4 version 4, created 1405363401, md5len 0, sigclass 0x13 [...] :secret sub key packet: version 4, algo 1, created 1331982780, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 263ca1c908ec3b00 protect count: 1966080 (174) protect IV: ad 80 21 8a a8 71 0f 7a encrypted stuff follows keyid: 211601B877A3395A :signature packet: algo 1, keyid 98B67DE4DCDFDFA4 version 4, created 1331982780, md5len 0, sigclass 0x18 [...] Note how for the subkey it says "encrypted stuff follows" whereas for the primary key it just says "dummy". skey[0] and skey[1] are, in spite of their names, public key components which correspond to pkey[0] and pkey[1] in public key packets, HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.us Mon Jul 14 22:10:22 2014 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 14 Jul 2014 13:10:22 -0700 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: References: <1941784.HI3FAsm8DL@inno> <53C4000D.3060908@gmail.com> <53C402C9.1090005@dougbarton.us> <53C40661.8080400@gmail.com> Message-ID: <53C4392E.9080600@dougbarton.us> On 07/14/2014 10:49 AM, Schlacta, Christ wrote: > Verify, strip, resign. That would be exactly the wrong way to do it. The only reasonably secure way, and the only way anyone knowledgeable about cryptography would accept, is to synthesize an inline message which contained the original signature. Your points about the bot becoming compromised are exactly why not to do what you suggested. Doug From whirlpool at blinkenshell.org Tue Jul 15 00:42:44 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Tue, 15 Jul 2014 00:42:44 +0200 Subject: email bot for PGP/MIME PGP/Inline conversion In-Reply-To: References: Message-ID: <20140714224244.GA7627@blinkenshell.org> > Message: 7 > Date: Mon, 14 Jul 2014 17:44:19 +0200 > From: Hauke Laging > To: gnupg-users at gnupg.org > Subject: email bot for PGP/MIME PGP/Inline conversion > Message-ID: <1941784.HI3FAsm8DL at inno> > Content-Type: text/plain; charset="utf-8" > > Hello, > > first I admit that this is not a GnuPG problem. > > AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME > yet. Wouldn't it be nice to have a mail service where you can send a > PGP/MIME mail to and get it back in PGP/Inline format (or more general: > in the other format)? > > If the message is encrypted then there would not even be a privacy > concern. > > Unencrypted mail could be forwarded (and sent back) encryptedly. The > service provider could read it though. > > If such services become established (of course, after so much time the > smartphone apps should finally be fixed...) then the mail providers > could offer this service themselves. They already know the mail content > anyway. > > > Hauke There is a mail program supporting pgp messages. It's K9-Mail with APG encryption software. It supports PGP/MIME message format. Whenever a PGP encrypted message is detected, it calls APG to do the cryptographic tasks and view the decrypted message. Of course, there is no way to convert PGP/MIME to inline PGP because this will break the PGP signature validity. I recommend to leave the smartphone as is and do the encrypted mails on a pc. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4575 bytes Desc: not available URL: From rose-indorf at gmx.de Tue Jul 15 01:10:35 2014 From: rose-indorf at gmx.de (Sebastian Rose-Indorf) Date: Tue, 15 Jul 2014 01:10:35 +0200 Subject: AW: [Announce] GnuPG 1.4.18 released In-Reply-To: <000401cf9523$bd604270$3820c750$@irmer@kabelmail.de> References: <87zjgu451y.fsf@vigenere.g10code.de> <000401cf9523$bd604270$3820c750$@irmer@kabelmail.de> Message-ID: <006801cf9fb8$d22395a0$766ac0e0$@de> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello, WinPT works also with GnuPG 1.4.18 very well. But occasionally WinPT reacts to a faulty configuration of GnuPG with a cold, however. Regards Sebastian > -----Urspr?ngliche Nachricht----- > Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag von > Reinhard Irmer > Gesendet: Dienstag, 1. Juli 2014 13:58 > An: gnupg-users at gnupg.org > Cc: gnupg-de at gnupg.org > Betreff: AW: [Announce] GnuPG 1.4.18 released > > > -----Urspr?ngliche Nachricht----- > > Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag > von > > Werner Koch > > Gesendet: Montag, 30. Juni 2014 20:37 > > An: gnupg-announce at gnupg.org; info-gnu at gnu.org > > Betreff: [Announce] GnuPG 1.4.18 released > > > > Hello! > > Hello Werner, > > > We are pleased to announce the availability of a new stable GnuPG-1 > > release: Version 1.4.18. > > Installing gnupg-w32cli-1.4.18.exe on winXP works, but starting wpt.exe > after installation, the monitor shows "Schl?sselcache internal error". > Then rightclick on wptbutton/?ber(about) in the quickstartlist shows > the right versionnumbers of wpt an gnupg. But clicking > "Schl?sselverwaltung" a bugmessage arrives like this. Look here: > http://666kb.com/i/cpp0j83n5s33h1doq.jpg > I restarted the system but no solution. So I went back to 1.4.17 :-( > > -- > regards > Reinhard > > --- on OUTLOOK 2007 --- > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGrelay v0.962 iD8DBQFTxGN3oNLoClWVo8MRA0MfAKCVLauqGzhrfyNda0uMP0YFO6a5UgCeLZKL U/RkYcnNRX2xyp5TWJtFbOE= =MQMh -----END PGP SIGNATURE----- From vedaal at nym.hush.com Tue Jul 15 16:12:14 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Tue, 15 Jul 2014 10:12:14 -0400 Subject: gnupg - pgp reading signed files In-Reply-To: <53C41AD8.90806@vulcan.xs4all.nl> Message-ID: <20140715141214.ACD72A00B0@smtp.hushmail.com> On 7/14/2014 at 2:04 PM, "Johan Wevers" wrote: > >Hello, > >Due to a discussion on sci.crypt I tried pgp 2.6 accept a file >signed by >gnupg. This worked, but only when I set the compression to 0 >(none). >Doesn't pgp 2.6 use zip compression? ===== In the pgp 2.6 config.txt file there are only two options for compression: Compress = off or Compress = on Tried looking through the documentation 'which' compression 2.x uses, but couldn't find the specific one. but did find that there was a problem with 'decompression' in 2.4 which was changed to 2.6 It may be that it's a variant unique to pgp. I'll try to see what happens in Disastry's version, if it will accept gnupg's compression vedaal From faramir.cl at gmail.com Wed Jul 16 04:33:56 2014 From: faramir.cl at gmail.com (Faramir) Date: Tue, 15 Jul 2014 22:33:56 -0400 Subject: howto revoke a key that has no secret key In-Reply-To: <336237293.20140701214515@gmail.com> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> <7594671.DkxBqUVq5r@inno> <336237293.20140701214515@gmail.com> Message-ID: <53C5E494.9010808@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 02-07-2014 0:45, eMyListsDDg escribi?: ... > well i managed to create a pub key without a priv key. that is, it > only has a pub part. thats what gpa key manager is telling me. That's not possible, since the public key is based on the secret key. Maybe it got deleted somehow, but at some point of the key generation it was there, and I'd bet if you didn't delete it by mistake, it should still be there, somewhere. I'm not good at troubleshooting, but maybe you should post the version of GnuPG you are using, and the operating system too, so other people can tell you where to look for the missing secret key. As a general advice, always add an expiration date to the key, that way if you ever lose the private key and revocation certifies, at least it will die a natural death and stop haunting you. As long as you have the private key, you can modify the expiration date and increase the key life span. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTxeSUAAoJEMV4f6PvczxATP0H+gPRIweBKDJR7e97VGXd2JBs KB3gW7YRXnj1qyW234PkG3ryD2cPWX3DjSwKIDVu77LqetJ1v1UoCiMriU1kBYNn V7tbk6XtqfjBU7pKzOZuwNd3j99zqd/bb+NuJUzohryKFGViWU99cNYCIURsity8 1b9KQNB/jFoS7BRKa471OLBZghN2d8w5k289AYX3X3fCNUiHyV2ImXBnb0YPAcLF XzZbSD+kfy5P1d0AGmKCWM/pBoW1glD2S5ulMxSNNdLNlaRTF8xPoWcRGi4QWh1C AScBQNFyLYzmqxX6BqQ5ezgxHy4s+5zHNyRBHP5pA28jgFiY22BPoL8kuhCXdDI= =QEbw -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Jul 16 04:36:15 2014 From: faramir.cl at gmail.com (Faramir) Date: Tue, 15 Jul 2014 22:36:15 -0400 Subject: howto revoke a key that has no secret key In-Reply-To: <1877144085.20140706162538@gmail.com> References: <87zjgu451y.fsf@vigenere.g10code.de> <53b2b9c5.2e30c20a.52b4.ffffeae1SMTPIN_ADDED_BROKEN@mx.google.com> <1799786337.20140701092957@gmail.com> <7594671.DkxBqUVq5r@inno> <1877144085.20140706162538@gmail.com> Message-ID: <53C5E51F.5090405@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 06-07-2014 19:25, eMyListsDDg escribi?: > > i found my error and the priv key. i had created this pair on a > linux vm some time ago and had forgotten that. back then when i > exported it and imported into a win machine something didn't quite > take. i'm in the process of updating the db, and getting things in > sync. Nice. Just in case, I'd suggest you to set an expiration date and to generate a rev cert (but don't import it!) and store it in a safe place. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTxeUfAAoJEMV4f6PvczxAEx0H/0BSkoUbysYyDvs+aN+oMNC8 OxXajevNESScMQU2wcLt2V11j3WkhsjIZwU0vU4FFLLf7EluuRnb78k9OCX3mxrv XuHhgG0osdKr1vO+t4tXWsJwNRphoSTMgcShlW3x5XEB2iZxlAfR69hGg2VPSkR0 IypzBQiElTj8PYGnvu81UdckJ5AZywuK8gkKYpWrwaEYZcNA5p40aCZsch3eH6eA AdpvqthcGrUZnIwTqxhO+NI5ZV8wgQBOaYqAzakeI0SXJHM+ZYmkmWVrEjvZre0M +HZOyrr0qLQaSfpexRM9loaK0MM+9AzKgAK3wyc99NcQItNTPQxyRsffkO4F7EI= =g1cU -----END PGP SIGNATURE----- From psusi at ubuntu.com Thu Jul 17 06:24:15 2014 From: psusi at ubuntu.com (Phillip Susi) Date: Thu, 17 Jul 2014 00:24:15 -0400 Subject: Different passwords for subkeys Message-ID: <53C74FEF.9010502@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I keep a subkey pair for daily use that I keep a copy of on my work machine, and reissue each yea and the master key only at home. I would like to protect the master key with a password that is different from that used on the daily use subkey, but when I use --edit-key and specify the master key id, and use the passwd command to change the password, it applies it to all subkeys. How can I set a different password only for the master key? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTx0/vAAoJEI5FoCIzSKrwQz4H/RwNb9yzewefxaESSHI9pUe1 +0gYlEWPeVF/GtLS7E7TQoXWcNnhX6v1h9CFdIRUJZ/NsbZv+dzxS+gODCVzkNpC NGSmotlW4fpStiflq3ZybFq9CJOY1lN+fY9ZxX6oGXZhGE2NegB4PX6SODGMu77n XefMO3YgTQxo4hiA11fa3aU6RuWXc9bxTdjgmEjKc5lGosPSoGnmIcmCiDjRG2Lv 9+oX+rRj1jLPKVxaA03WK/P8CqJXgJlWxnaR5F+bTMbmR7+GKRplhWSP+fpEaEZL CJU+wepjd/tKfW1cZhgvua90+fm15CdjXBNka/BEjbnbIPTBcdqbA0JLCR9SNMM= =v9vy -----END PGP SIGNATURE----- From flapflap at riseup.net Thu Jul 17 10:44:15 2014 From: flapflap at riseup.net (flapflap) Date: Thu, 17 Jul 2014 08:44:15 +0000 Subject: Different passwords for subkeys In-Reply-To: <53C74FEF.9010502@ubuntu.com> References: <53C74FEF.9010502@ubuntu.com> Message-ID: <53C78CDF.1070409@riseup.net> Phillip Susi: > I keep a subkey pair for daily use that I keep a copy of on my work > machine, and reissue each yea and the master key only at home. I > would like to protect the master key with a password that is different > from that used on the daily use subkey, but when I use --edit-key and > specify the master key id, and use the passwd command to change the > password, it applies it to all subkeys. How can I set a different > password only for the master key? see http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047172.html :) in short: use gpgsplit to split the key, then import one part, set passphrase A, export it (encrypted with A), delete it, then import the other part, set passphrase B. ~flapflap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From andreas.schwier.ml at cardcontact.de Thu Jul 17 12:39:53 2014 From: andreas.schwier.ml at cardcontact.de (Andreas Schwier) Date: Thu, 17 Jul 2014 12:39:53 +0200 Subject: Status of ECDSA in GPGSM/SCDAEMON Message-ID: <53C7A7F9.2050205@cardcontact.de> Sorry, pressed the send button too early. Hi list, we are working on an integration of the SmartCard-HSM in scdaemon. We have the code working for RSA, but have trouble getting it to work with 320 bit and SHA-256. Signature generation works fine, but during verification gpgsm claims "a 256 bit hash is not valid for a 320 bit ECC key" What's the reason for GPGSM to reject a 256 bit hash with a 320 bit key. Usually hash input is just padded to the full bit size for verification. We also have an issue with gpgsm if the keyid starts with 0xFFFF.. In that case gpgsm does not find the key, even though it's shown in gpgsm --list-secret-keys. We are working on master from the gpg git repo. Andreas From 2014-667rhzu3dc-lists-groups at riseup.net Fri Jul 18 00:39:53 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 17 Jul 2014 23:39:53 +0100 Subject: Different passwords for subkeys In-Reply-To: <53C78CDF.1070409@riseup.net> References: <53C74FEF.9010502@ubuntu.com> <53C78CDF.1070409@riseup.net> Message-ID: <838381485.20140717233953@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 17 July 2014 at 9:44:15 AM, in , flapflap wrote: > in short: use gpgsplit to split the key, then import > one part, set passphrase A, export it (encrypted with > A), delete it, then import the other part, set > passphrase B. Do you actually need gpgsplit to achieve this? I thought you could achieve the same thing by using GnuPG's export-secret-subkeys command. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Can you imagine a world with no hypothetical situations? -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPIUMxXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pEPkEALkSUZf9pQMsriZHmsYnFr+Xpb/81nVLE/zB 1zbjDpNm9uktiBCTcNawPDOHrg7EEzlT6qOhHJo67GthTLbMbPlVornXm0j1cr5m BrFt/9r1BapdwiAyJI5c7Y7Za0PxuuLs9NhtaR2HAAUr0mHwzX7uEmclMPGJIweO MlwJMk5I =lKsM -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Fri Jul 18 01:09:15 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Jul 2014 01:09:15 +0200 Subject: Different passwords for subkeys In-Reply-To: <838381485.20140717233953@my_localhost> References: <53C74FEF.9010502@ubuntu.com> <53C78CDF.1070409@riseup.net> <838381485.20140717233953@my_localhost> Message-ID: <3051297.7qa259cmzO@inno> Am Do 17.07.2014, 23:39:53 schrieb MFPA: > > in short: use gpgsplit to split the key, then import > > one part, set passphrase A, export it (encrypted with > > A), delete it, then import the other part, set > > passphrase B. > > Do you actually need gpgsplit to achieve this? I thought you could > achieve the same thing by using GnuPG's export-secret-subkeys command. That doesn't help as you don't have to export secret keys but have to import them. For some reason it is not possible (with 1.4.x and 2.0.x) to import secret components for a key which is already part of the secret keyring. Thus you have to a) either change the passphrase of single components within the secret keyring (which GnuPG doesn't support) b) or import a secret key file which already contains components with different passphrases. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Fri Jul 18 02:03:24 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Jul 2014 02:03:24 +0200 Subject: symmetric email encryption Message-ID: <9032428.AOpJcMyzLH@inno> Hello, is there any OpenPGP mail client which supports symmetric encryption? I think that would be a nice feature for recipients who don't have an asymmetric key (those 99%). Many new communication systems have a fallback option for symmetric encryption in case the preferred way is unavailable. And, quite important: It would not require serious development effort as this possibility is built-in with GnuPGP. Anyone using Linux (and a mail client with OpenPGP support) could use that directly. The others would just have to install e.g. Gpg4win and Enigmail but would not have to configure it. Is there any reason *not* to support symmetric-only encryption in a mail client? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Fri Jul 18 03:02:06 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 17 Jul 2014 21:02:06 -0400 Subject: symmetric email encryption In-Reply-To: <9032428.AOpJcMyzLH@inno> References: <9032428.AOpJcMyzLH@inno> Message-ID: <53C8720E.7090701@sixdemonbag.org> > I think that would be a nice feature for recipients who don't have an > asymmetric key (those 99%). But given the overwhelming majority of GnuPG users have an asymmetric key, this is ... kind of pointless. > Is there any reason *not* to support symmetric-only encryption in a mail > client? Besides, "if you already have a secure channel over which you can send a key, why not just use that channel for your communications"? From mailinglisten at hauke-laging.de Fri Jul 18 03:13:38 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Jul 2014 03:13:38 +0200 Subject: symmetric email encryption In-Reply-To: <53C8720E.7090701@sixdemonbag.org> References: <9032428.AOpJcMyzLH@inno> <53C8720E.7090701@sixdemonbag.org> Message-ID: <31968404.2vkRhOBsFo@inno> Am Do 17.07.2014, 21:02:06 schrieb Robert J. Hansen: > > I think that would be a nice feature for recipients who don't have > > an > > asymmetric key (those 99%). > > But given the overwhelming majority of GnuPG users have an asymmetric > key, this is ... kind of pointless. You haven't understood whom I want that for. People who have a certificate usually would not use this with each other, of course. But even the majority of people who "use" GnuPG (without being aware of that) don't have one: The Linux users who have GnuPG installed because the package manager needs it. And the 99% aren't even GnuPG users. My claim is that it is easier to make someone just install GnuPG and e.g. Enigmail than to make him do that plus care about certificates. I would not advise using OpenPGP without certificates but often it may end up as "take this or nothing". Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mmfische at web.de Fri Jul 18 09:54:25 2014 From: mmfische at web.de (Matthias Fischer) Date: Fri, 18 Jul 2014 09:54:25 +0200 Subject: Aw: Re: Encrypt directly to keyfile In-Reply-To: <1934508.8RpDS71JHv@inno> References: , <1934508.8RpDS71JHv@inno> Message-ID: Hauke schrieb: > Why should a feature be added that can so easily be emulated by a simple > script? To spare people the work of writing the same ?simple script? over and over again. > gpgdir="/tmp/keyring.$$" > test -d "$gpgdir" && rm -r "$gpgdir" > gpg --homedir "$gpgdir" --import KEYFILE > KEY_ID="$(gpg --homedir "$gpgdir" --with-colons --list-keys | > awk -F: '$1 == "pub" {print $5;}')" > gpg --homedir "$gpgdir" --recipient "$KEY_ID" --encrypt FILE > rm -r "$gpgdir" Does this really work? I mean especially the part: --recipient "$KEY_ID" in case the string contains more than one ID, my version of GnuPG only encrypts to the first one mentioned. I have to specify --recipient KEY1 --recipient KEY2 and so on. bye M. From thomasasta at googlemail.com Fri Jul 18 06:37:00 2014 From: thomasasta at googlemail.com (Thomas Asta) Date: Fri, 18 Jul 2014 06:37:00 +0200 Subject: symmetric email encryption In-Reply-To: <9032428.AOpJcMyzLH@inno> References: <9032428.AOpJcMyzLH@inno> Message-ID: Evaluate http://bitmail.sf.net Am 18.07.2014 02:04 schrieb "Hauke Laging" : > Hello, > > is there any OpenPGP mail client which supports symmetric encryption? > > I think that would be a nice feature for recipients who don't have an > asymmetric key (those 99%). Many new communication systems have a > fallback option for symmetric encryption in case the preferred way is > unavailable. And, quite important: It would not require serious > development effort as this possibility is built-in with GnuPGP. Anyone > using Linux (and a mail client with OpenPGP support) could use that > directly. The others would just have to install e.g. Gpg4win and > Enigmail but would not have to configure it. > > Is there any reason *not* to support symmetric-only encryption in a mail > client? > > > Hauke > -- > Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ > http://userbase.kde.org/Concepts/OpenPGP_Help_Spread > OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kloecker at kde.org Fri Jul 18 15:40:34 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Fri, 18 Jul 2014 15:40:34 +0200 Subject: symmetric email encryption In-Reply-To: <9032428.AOpJcMyzLH@inno> References: <9032428.AOpJcMyzLH@inno> Message-ID: <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> On Friday 18 July 2014 02:03:24 Hauke Laging wrote: > Hello, > > is there any OpenPGP mail client which supports symmetric encryption? KMail does not. At least, KMail does not support creating such messages. It's possible that KMail would be able to read such messages since the decryption is delegated to gpgme. And for the odd message (containing an inline PGP MESSAGE block) sent to this list gpg-agent asks for a symmetric encryption password when I open the message in KMail. > I think that would be a nice feature for recipients who don't have an > asymmetric key (those 99%). Many new communication systems have a > fallback option for symmetric encryption in case the preferred way is > unavailable. And, quite important: It would not require serious > development effort as this possibility is built-in with GnuPGP. I think you underestimate the development effort. Besides, AFAIK, there is no standard for this. > Anyone > using Linux (and a mail client with OpenPGP support) could use that > directly. The others would just have to install e.g. Gpg4win and > Enigmail but would not have to configure it. > > Is there any reason *not* to support symmetric-only encryption in a > mail client? There are plenty of reasons. I already mentioned the lack of a standard. Then there's the problem of key exchange which you completely ignore. Related to this, you did not answer Robert's question "if you already have a secure channel over which you can send a key, why not just use that channel for your communications?". Instead of support for symmetric encryption I'd rather love to see automatic asymmetric encryption to be added to mail clients: OpenPGP keys are created and uploaded to some key server automatically, and they are looked up and used automatically (e.g. with trust-on-first-sight similar to SSH keys) when sending a message. I'd prefer this to be done in an opt-out fashion, i.e. unless the user explicitly tells the mail client not to do it, the mail client would simply do it. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From andreas.schwier.ml at cardcontact.de Fri Jul 18 16:44:42 2014 From: andreas.schwier.ml at cardcontact.de (Andreas Schwier) Date: Fri, 18 Jul 2014 16:44:42 +0200 Subject: scdaemon support for SmartCard-HSM Message-ID: <53C932DA.9030903@cardcontact.de> Hi list, we've added support for the SmartCard-HSM to scdaemon. Please find the patch that applies to master at [1]. The driver allows read/only operations with keys and certificates on a SmartCard-HSM. To generate keys and certificates please use OpenSC, XCA or the tools in OpenSCDP. There are three issues left that we couldn't resolve 1. Signing with ECDSA: Apparently gpgsm puts the wrongs (RSAEncryption) algorithm identifier in SignerInfo when using ECDSA. As a result verification of the CMS fails with "conflicting use". 2. At least on Kubuntu the PIN callback to prompt the user to enter the PIN at the reader PIN PAD does not work. gpgsm is reporting an invalid IPC call. Working directly with scdaemon does not have the problem. 3. Apparently kleopatra only support TCOS card. It's unclear to my why this restriction is in place. Andreas [1] http://www.cardcontact.de/download/0001-sc-hsm-Add-support-for-SmartCard-HSM.patch From mailinglisten at hauke-laging.de Fri Jul 18 17:20:27 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Jul 2014 17:20:27 +0200 Subject: symmetric email encryption In-Reply-To: <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> Message-ID: <1570028.cpTUGa577n@inno> Am Fr 18.07.2014, 15:40:34 schrieb Ingo Kl?cker: > > And, quite important: It would not require serious > > development effort as this possibility is built-in with GnuPGP. > > I think you underestimate the development effort. That is easily possible. But what would have to be done (at least)? a) You need a new button. b) Pressing this button would replace --recipient 0x12345678 --encrypt by --symmetric in gpg terms ? I am not familiar with gpgme but for obvious reasons it has to be quite similar. > Besides, AFAIK, there is no standard for this. Of course, there is. Otherwise you would not be asked for a symmetric password for certain messages, would you? "gpg --symmetric" is not a GnuPG extension. The OpenPGP RfC covers the case of "symmetric" encryption (which still is hybrid). http://tools.ietf.org/html/rfc4880#section-5.3 > > Is there any reason *not* to support symmetric-only encryption in a > > mail client? > > There are plenty of reasons. I would be satisfied with a single one. > I already mentioned the lack of a standard. Yeah > Then there's the problem of key exchange which you > completely ignore. Which I can easily ignore as it is out of the scope of message handling. How have users ever successfully exchanged encrypted ZIP archives without ZIP providing an infrastructure for key exchange...? Why does OpenPGP cover symmetric encryption without providing an infrastructure for symmetric key exchange...? Users are capable of exchanging sheets of paper or having phone calls. The typical ways for safe fingerprint exchange are safe enough for password exchange, too. This is not about offering a great new concept to the public but about making an already existing (on the file level) and easily understandable feature available for email with very little effort. > Related to this, you did not answer Robert's > question "if you already have a secure channel over which you can > send a key, why not just use that channel for your communications?". I not only read it but I think that I gave a quite precise reply to that. > Instead of support for symmetric encryption I'd rather love to see There are many features which would be nice to have. What do you think how many orders of magintude this one is more effort to implement than my proposal? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From whirlpool at blinkenshell.org Fri Jul 18 18:18:39 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Fri, 18 Jul 2014 18:18:39 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: References: Message-ID: <20140718161839.GB51174@blinkenshell.org> Hello, I wonder if Mutt can be configured to decrypt inline pgp messages automatically, without piping the attachment to `gpg --decrypt`. I know, piping works, but it'd be more convenient to have mutt do the piping task and automatically display the decrypted message inside. If anyone has an idea or experience with Mutt, please give your answer. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4575 bytes Desc: not available URL: From andreas.schwier.ml at cardcontact.de Fri Jul 18 18:31:54 2014 From: andreas.schwier.ml at cardcontact.de (Andreas Schwier) Date: Fri, 18 Jul 2014 18:31:54 +0200 Subject: APDU buffer in pcsc-wrapper too short Message-ID: <53C94BFA.7020903@cardcontact.de> While scd/apdu.c assumes a maximum length of 4096 byte for an extended length APDU, scd/pcsc-wrapper allocates only 1024 byte for the response. As most certificates are larger than 1024, reading them with extended length fails. The attached patch fixes the buffer size. Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-pcsc-Enlarged-APDU-buffer-to-4096-as-most-certificat.patch Type: text/x-diff Size: 769 bytes Desc: not available URL: From dougb at dougbarton.us Fri Jul 18 18:46:14 2014 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 18 Jul 2014 09:46:14 -0700 Subject: symmetric email encryption In-Reply-To: <31968404.2vkRhOBsFo@inno> References: <9032428.AOpJcMyzLH@inno> <53C8720E.7090701@sixdemonbag.org> <31968404.2vkRhOBsFo@inno> Message-ID: <53C94F56.5070003@dougbarton.us> Hauke, I think you skated past a previous question about your idea, and I'm also interested in the answer so I'll ask it again. :) If you have a secure channel of communication by which you can exchange the symmetric password (which you would need to make your scheme work), why don't you use that channel for communication, rather than e-mail? Doug From mailinglisten at hauke-laging.de Fri Jul 18 19:21:05 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Jul 2014 19:21:05 +0200 Subject: symmetric email encryption In-Reply-To: <53C94F56.5070003@dougbarton.us> References: <9032428.AOpJcMyzLH@inno> <31968404.2vkRhOBsFo@inno> <53C94F56.5070003@dougbarton.us> Message-ID: <3926637.jtvkRO2VUC@inno> Am Fr 18.07.2014, 09:46:14 schrieb Doug Barton: > Hauke, > > I think you skated past a previous question about your idea, and I'm > also interested in the answer so I'll ask it again. :) > > If you have a secure channel of communication by which you can > exchange the symmetric password (which you would need to make your > scheme work), why don't you use that channel for communication, > rather than e-mail? If I have understood everything right then this is not the same question. But I am really surprised that you ask why you should communicate via email with someone "though" you e.g. meet him once per month. Or with someone whom you could call instead. Is that really your question? Symmetric keys and fingerprints have to be exchanged through a secure channel only once. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From fcn-bel2 at noon.org Fri Jul 18 18:22:31 2014 From: fcn-bel2 at noon.org (Deacon Symeon) Date: Fri, 18 Jul 2014 09:22:31 -0700 Subject: Different passwords for subkeys In-Reply-To: <53C74FEF.9010502@ubuntu.com> References: <53C74FEF.9010502@ubuntu.com> Message-ID: <53C949C7.1000808@noon.org> On 07/16/2014 09:24 PM, Phillip Susi wrote: > I would like to protect the master key with a password that is different > from that used on the daily use subkey.... I take the Low Road and use two different key rings, the "master" key ring in a non-default location ("gpg --homedir /path/to/master ..."). Changing the password on the master ring only affects that ring. /Fr. Symeon From kloecker at kde.org Fri Jul 18 19:39:05 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Fri, 18 Jul 2014 19:39:05 +0200 Subject: symmetric email encryption In-Reply-To: <3926637.jtvkRO2VUC@inno> References: <9032428.AOpJcMyzLH@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> Message-ID: <2633788.4XHihU3CWG@thufir.ingo-kloecker.de> On Friday 18 July 2014 19:21:05 Hauke Laging wrote: > Am Fr 18.07.2014, 09:46:14 schrieb Doug Barton: > > Hauke, > > > > I think you skated past a previous question about your idea, and I'm > > also interested in the answer so I'll ask it again. :) > > > > If you have a secure channel of communication by which you can > > exchange the symmetric password (which you would need to make your > > scheme work), why don't you use that channel for communication, > > rather than e-mail? > > If I have understood everything right then this is not the same > question. > > But I am really surprised that you ask why you should communicate via > email with someone "though" you e.g. meet him once per month. Or with > someone whom you could call instead. Is that really your question? > > Symmetric keys and fingerprints have to be exchanged through a secure > channel only once. Sure. But the fingerprint is only used once (for verifying the key). And it's not even secret information, so exchange via an insecure channel is not an issue (at least, not a severe issue). OTOH, symmetric keys really should be exchanged via a secure channel. Moreover, reusing a symmetric key is a big no-no. And exchanging a new symmetric key for each new message is completely impractical (unless you use assymmetric keys for this). Exchanging a large number of symmetric keys at the same time is a bit less impractical, but then you need to keep track of which symmetric key is used next. Long ago people have found a good solution for all those problems concerning the exchange of symmetric keys: Assymmetric encryption. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Fri Jul 18 19:49:54 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 Jul 2014 13:49:54 -0400 Subject: symmetric email encryption In-Reply-To: <3926637.jtvkRO2VUC@inno> References: <9032428.AOpJcMyzLH@inno> <31968404.2vkRhOBsFo@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> Message-ID: <53C95E42.20304@sixdemonbag.org> > Symmetric keys and fingerprints have to be exchanged through a secure > channel only once. Whoa, let's back that up a moment. Fingerprints and symmetric keys need to be exchanged *as often as they change*. Which, in the case of symmetric keys, is quite frequently. If/when a key is compromised, all traffic that has been generated or will be generated with that key gets compromised, and there's no guarantee about whether you'll know the key is compromised -- so it's only sane to have an agreed-upon rekeying policy. "Keys will be used for three days tops", for instance, limits your exposure to a three-day window, but it requires you to rekey every few days. Key management is a killer problem. If you don't take it dead seriously it'll hug you and love you and name you George[*]. [*] http://www.youtube.com/watch?v=ArNz8U7tgU4 From peter at digitalbrains.com Fri Jul 18 21:01:54 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 18 Jul 2014 21:01:54 +0200 Subject: symmetric email encryption In-Reply-To: <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> Message-ID: <53C96F22.40808@digitalbrains.com> On 18/07/14 15:40, Ingo Kl?cker wrote: > OpenPGP keys are created and uploaded to some key server > automatically, and they are looked up and used automatically This creates a privacy issue with key lookup. It exposes correspondents to the keyserver, including time-of-use. Also, you need to define some negative-acknowledge time to live (terminology borrowed from DNS). If on first contact an address does not exist at the keyserver, when do you re-check? And since it can, in unfavourable circumstances, take a while for a public key to propagate through the keyserver network, if somebody just created an e-mail address and key and uploaded it, then starts communicating, people will check a keyserver and not see the key. Now their client will wait the defined period before re-checking, adding even more to the propagation delay. Thirdly, if this is the default mode of operation, I think you need automatic decryption before storing the mail, because searching mail is an important feature, and searching encrypted mails a big usability issue. An e-mail system with a default big usability issue will get swapped out for a more pleasant to use one. Finally, I think people might take issue with their e-mail address automatically being posted to a public keyserver. And if it catches wind, and many, many people use it, I think spammers might look again at harvesting addresses versus generating them. Now it's a small pool to fish from, but if most people have their address on the keyserver network, the odds might change. Given all the issues, I agree with Hauke when he wrote: > There are many features which would be nice to have. What do you > think how many orders of magintude this one is more effort to > implement than my proposal? That said, I'm not commenting on the symmetric encryption proposal, purely on your encryption-by-default proposal. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From vedaal at nym.hush.com Fri Jul 18 21:23:08 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Fri, 18 Jul 2014 15:23:08 -0400 Subject: symmetric email encryption In-Reply-To: <53C95E42.20304@sixdemonbag.org> References: <9032428.AOpJcMyzLH@inno> <31968404.2vkRhOBsFo@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> <53C95E42.20304@sixdemonbag.org> Message-ID: <20140718192308.47A05A0147@smtp.hushmail.com> On 7/18/2014 at 1:52 PM, "Robert J. Hansen" wrote: > >> Symmetric keys and fingerprints have to be exchanged through a >secure ===== I think what Hauke meant was an exchange of the *passphrase* for the symmetric encryption, not the session key. The symmetric keys would always change with each new email message, using gnupg symmetric encryption. The only annoyance with this type of approach, is that it needs a separate passphrase for each correspondent, (which we don't bother with ordinarily, since encrypting the symmetric session key to a correspondent's public key makes it unnecessary). Hushmail has a one-way variant of this approach. A Hushmail user can send an encrypted message to someone who does not have encryption or Hushmail, by having the Hushmail user give the recipient an answer to a question. The email message is encrypted symmetrically using that answer as a passphrase. (Hushmail makes it intentionally easier, (albeit less secure), by making the 'answer' case insensitive, and ignoring spaces and punctuation characters). The receiver gets a message that an encrypted e-mail has been sent, and is directed to the Hushmail server where the sender's question is asked, and the receiver has 3 chances to provide the correct answer. A correct answer decrypts the symmetrically encrypted e-mail and the plaintext is displayed on the Hushmail server. The e-mail is removed from the server after 72 hours. A few people who have received this type of message from me, thought it was interesting and convenient, and signed up for their own hushmail accounts, and are now well on their way to learning gnupg, so it might be an approach to get people who have never used encryption, to try it. (My apologies, Hauke, in advance if I mis-understood you and this discussion). vedaal From htd at fritha.org Fri Jul 18 20:59:27 2014 From: htd at fritha.org (Heinz Diehl) Date: Fri, 18 Jul 2014 20:59:27 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718161839.GB51174@blinkenshell.org> References: <20140718161839.GB51174@blinkenshell.org> Message-ID: <20140718185927.GA1715@fritha.org> On 18.07.2014, The Fuzzy Whirlpool Thunderstorm wrote: > I wonder if Mutt can be configured to decrypt inline pgp messages > automatically, without piping the attachment to `gpg --decrypt`. You can't. Put this into your .procmailrc. It'll transform your inline pgp mails accordingly: :0 * !^Content-Type: multipart/encrypted { :0 fBw * ^-----BEGIN PGP MESSAGE----- * ^-----END PGP MESSAGE----- | formail \ -i "Content-Type: application/pgp; format=text; x-action=encrypt" } :0 * !^Content-Type: multipart/ { :0 fBw * ^-----BEGIN PGP SIGNED MESSAGE----- * ^-----BEGIN PGP SIGNATURE----- * ^-----END PGP SIGNATURE----- | formail \ -i "Content-Type: application/pgp; format=text; x-action=sign" } From rjh at sixdemonbag.org Fri Jul 18 22:47:53 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 Jul 2014 16:47:53 -0400 Subject: symmetric email encryption In-Reply-To: <20140718192308.47A05A0147@smtp.hushmail.com> References: <9032428.AOpJcMyzLH@inno> <31968404.2vkRhOBsFo@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> <53C95E42.20304@sixdemonbag.org> <20140718192308.47A05A0147@smtp.hushmail.com> Message-ID: <53C987F9.4090007@sixdemonbag.org> > I think what Hauke meant was an exchange of the *passphrase* for the > symmetric encryption, not the session key. Same issue, although now you're sharing the seed to a random number generator for which you want the seed to expire very quickly. You can mitigate this somewhat using gating and some other RNG tricks, but fundamentally it's the same problem: once the passphrase goes, the security of the entire system goes, so therefore change the passphrase frequently. From holtzm at cox.net Fri Jul 18 23:10:11 2014 From: holtzm at cox.net (Bob Holtzman) Date: Fri, 18 Jul 2014 14:10:11 -0700 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718161839.GB51174@blinkenshell.org> References: <20140718161839.GB51174@blinkenshell.org> Message-ID: <20140718211011.GB848@cox.net> On Fri, Jul 18, 2014 at 06:18:39PM +0200, The Fuzzy Whirlpool Thunderstorm wrote: > Hello, > I wonder if Mutt can be configured to decrypt inline pgp messages > automatically, without piping the attachment to `gpg --decrypt`. > I know, piping works, but it'd be more convenient to have mutt do the > piping task and automatically display the decrypted message inside. > If anyone has an idea or experience with Mutt, please give your answer. mutt-users at mutt.org -- Bob Holtzman A man is a man who will fight with a sword or tackle Mt Everest in snow, but the bravest of all owns a '34 Ford and tries for 6000 in low. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From galex-713 at galex-713.eu Fri Jul 18 23:07:13 2014 From: galex-713 at galex-713.eu (Garreau, Alexandre) Date: Fri, 18 Jul 2014 23:07:13 +0200 Subject: symmetric email encryption In-Reply-To: <2633788.4XHihU3CWG@thufir.ingo-kloecker.de> ("Ingo \=\?utf-8\?Q\?Kl\=C3\=B6cker\=22's\?\= message of "Fri, 18 Jul 2014 19:39:05 +0200") References: <9032428.AOpJcMyzLH@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> <2633788.4XHihU3CWG@thufir.ingo-kloecker.de> Message-ID: On 2014-07-18 at 19:39, Ingo Kl?cker wrote: > Sure. But the fingerprint is only used once (for verifying the key). And > it's not even secret information, so exchange via an insecure channel is > not an issue (at least, not a severe issue). > > OTOH, symmetric keys really should be exchanged via a secure channel. The fact is that you can use symmetric-keys when the other doesn?t have yet a public key. So you can send her this understandable message and *then* say her ?here the key that?ll allow you to read the message?. That could be used if the message *must* be transmitted by mail, because it?s a file, because it?s large, because it have to be *before* or other reason, so in some rare cases it can be useful, and since the message has already been sent, it?s easier to convince the other to begin using cryptography. Then she could decrypt the mail, and you can start trying to convince her to use asymmetric cryptography, at this point it?ll be easier. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 948 bytes Desc: not available URL: From kloecker at kde.org Sat Jul 19 00:34:19 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 19 Jul 2014 00:34:19 +0200 Subject: symmetric email encryption In-Reply-To: <53C96F22.40808@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> Message-ID: <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> On Friday 18 July 2014 21:01:54 Peter Lebbing wrote: > On 18/07/14 15:40, Ingo Kl?cker wrote: > > OpenPGP keys are created and uploaded to some key server > > automatically, and they are looked up and used automatically > > This creates a privacy issue with key lookup. It exposes > correspondents to the keyserver, including time-of-use. Sure. But the NSA already knows the correspondents of all of our mail anyway. Keyserver lookups do not add any additional data (except of the information that you are trying to look up a key resp. that you are talking to a keyserver). Okay, the keyserver owner may collect data. But the keyserver (owner) has to be trustworthy anyway. > Also, you need to define some negative-acknowledge time to live > (terminology borrowed from DNS). If on first contact an address does > not exist at the keyserver, when do you re-check? And since it can, > in unfavourable circumstances, take a while for a public key to > propagate through the keyserver network, if somebody just created an > e-mail address and key and uploaded it, then starts communicating, > people will check a keyserver and not see the key. Now their client > will wait the defined period before re-checking, adding even more to > the propagation delay. So what? My scheme is not supposed to work instantaneously. It is supposed to work eventually, i.e. it will work after the propagation delay has passed. This is way better than our current status quo: No encryption at all for almost all email. > Thirdly, if this is the default mode of operation, I think you need > automatic decryption before storing the mail, because searching mail > is an important feature, and searching encrypted mails a big > usability issue. Good point. Automatic decryption should be possible for those that want it. My scheme is mostly meant as in-transit encryption which again is way better than our current status quo. > An e-mail system with a default big usability issue > will get swapped out for a more pleasant to use one. Exactly. > Finally, I think people might take issue with their e-mail address > automatically being posted to a public keyserver. And if it catches > wind, and many, many people use it, I think spammers might look again > at harvesting addresses versus generating them. Now it's a small pool > to fish from, but if most people have their address on the keyserver > network, the odds might change. How exactly does one harvest email addresses from the keyservers? Can I ask keyservers to give me all keys it has in storage? Or do I need to search for keys matching a certain substring? I honestly don't know. Anyway, if this really becomes a problem than key lookup probably needs to be made as inconvenient as trying to send email probes to randomly generated email addresses. For my scheme to work the keyservers would only need to return keys where the email address part of a uid exactly matches the recipient's email address. Moreover, for my scheme to work no key certification is necessary, i.e. crawling from one key to the next via certification signatures wouldn't be possible. The scheme has more issues: For example, there's no message integrity protection (via signing) whatsoever. But that's the current status quo anyway. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From whirlpool at blinkenshell.org Sat Jul 19 00:50:58 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Sat, 19 Jul 2014 00:50:58 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718194530.GB3081@fritha.org> References: <20140718161839.GB51174@blinkenshell.org> <20140718194530.GB3081@fritha.org> Message-ID: <20140718225058.GB51875@blinkenshell.org> Yeah, thanks for giving me this idea. I've asked on mutt mailing list and got the answer that inline pgp messages can be manually decrypted using ESC + P button. Automatic decryption is invoked by putting `set pgp_auto_decode=yes` on ~/.muttrc file. So this is the most convenient method for me. Again, thanks for giving me your idea. On Fri, Jul 18, 2014 at 09:45:30PM +0200, Heinz Diehl wrote: > Hi, > > the list seems to be extraordinarily slow today, so I'm sending my > reply directly to you. > > You can convert inline pgp mails via procmail. Then, mutt will display > them directly. Just put this in your .procmailrc, it's pretty much > self-explaining: > > :0 > * !^Content-Type: multipart/encrypted > { > :0 fBw > * ^-----BEGIN PGP MESSAGE----- > * ^-----END PGP MESSAGE----- > | formail \ > -i "Content-Type: application/pgp; format=text; > x-action=encrypt" > } > > :0 > * !^Content-Type: multipart/ > { > :0 fBw > * ^-----BEGIN PGP SIGNED MESSAGE----- > * ^-----BEGIN PGP SIGNATURE----- > * ^-----END PGP SIGNATURE----- > | formail \ > -i "Content-Type: application/pgp; format=text; > x-action=sign" > } > > > Greetings from Western Norway, > Heinz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From mbauer at mailbox.org Sat Jul 19 00:17:06 2014 From: mbauer at mailbox.org (Mathias Bauer) Date: Sat, 19 Jul 2014 00:17:06 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718185927.GA1715@fritha.org> References: <20140718161839.GB51174@blinkenshell.org> <20140718185927.GA1715@fritha.org> Message-ID: <20140718221706.GA18742@mailbox.org> Hello, * Heinz Diehl wrote on Fri, 18 Jul 2014, at 20:59 (+0200): > On 18.07.2014, The Fuzzy Whirlpool Thunderstorm wrote: > > > I wonder if Mutt can be configured to decrypt inline pgp > > messages automatically, without piping the attachment to `gpg > > --decrypt`. > > You can't. Put this into your .procmailrc. It'll transform your > inline pgp mails accordingly: > > :0 > * !^Content-Type: multipart/encrypted > { > :0 fBw > * ^-----BEGIN PGP MESSAGE----- > * ^-----END PGP MESSAGE----- > | formail \ > -i "Content-Type: application/pgp; format=text; > x-action=encrypt" > } > > :0 > * !^Content-Type: multipart/ > { > :0 fBw > * ^-----BEGIN PGP SIGNED MESSAGE----- > * ^-----BEGIN PGP SIGNATURE----- > * ^-----END PGP SIGNATURE----- > | formail \ > -i "Content-Type: application/pgp; format=text; > x-action=sign" > } There are several points worth considering before using the above procmail recipes: a) The latest Mutt-GnuPG-PGP-HOWTO is quite old (Feb 2000) [1]. b) RFC3156, which defines PGP/MIME, originates from Aug 2001 [2]. c) The current procmail v3.22 has some issues with the B flag [3]. and most important d) You can't catch all curiosities automatically. Therefore I suggest using some modified/extended recipes instead: :0 * ! ^Content-Type:[ \t]+message/ * ! ^Content-Type:[ \t]+multipart/ * ! ^Content-Type:[ \t]+application/pgp { :0 f w * B ?? ^-----BEGIN PGP MESSAGE----- * B ?? ^-----END PGP MESSAGE----- |formail -b -f -i 'Content-Type: application/pgp; format=text; x-action=encrypt' :0 f w * B ?? ^-----BEGIN PGP SIGNED MESSAGE----- * B ?? ^-----BEGIN PGP SIGNATURE----- * B ?? ^-----END PGP SIGNATURE----- |formail -b -f -i 'Content-Type: application/pgp; format=text; x-action=sign' } But as Bob already mentioned, further details should better be discussed on mutt-users at mutt.org. Regards, Mathias [1] http://tldp.org/HOWTO/Mutt-GnuPG-PGP-HOWTO-8.html [2] http://www.ietf.org/rfc/rfc3156.txt [3] http://pm-doc.sourceforge.net/doc/#flags_hb_at_top_of_recipe_warning -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From kloecker at kde.org Sat Jul 19 01:42:19 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 19 Jul 2014 01:42:19 +0200 Subject: symmetric email encryption In-Reply-To: <1570028.cpTUGa577n@inno> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <1570028.cpTUGa577n@inno> Message-ID: <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> On Friday 18 July 2014 17:20:27 Hauke Laging wrote: > Am Fr 18.07.2014, 15:40:34 schrieb Ingo Kl?cker: > > > And, quite important: It would not require serious > > > > > > development effort as this possibility is built-in with GnuPGP. > > > > I think you underestimate the development effort. > > That is easily possible. But what would have to be done (at least)? > > a) You need a new button. Yeah. Let's add yet another button to the UI. Let's add an "Encypt symmetrically" button and let's rename the "Encrypt" button to "Encrypt assymmetrically". If we add enough buttons then users will eventually start pressing them. (Sorry, for being sarcastic, but I really don't see how adding another button can possibly improve the users' willingness to use email encryption.) > b) Pressing this button would replace > > --recipient 0x12345678 --encrypt > > by > > --symmetric > > in gpg terms ? I am not familiar with gpgme but for obvious reasons it > has to be quite similar. There is a difference between symmetric and assymmetric encryption that could make it a bit more difficult than simply calling a different gpgme function. The latter doesn't require any user input, hence it can be done synchronously. OTOH, the former requires user input, the password to use for symmetric encryption, so it's advisable to do it asynchronously. BTW, additionally to the above mentioned new button the user has to press he also has to enter a password for each message he wants to send encrypted. How this additional inconvenience is going to win us more OpenPGP users is beyond me. > > Besides, AFAIK, there is no standard for this. > > Of course, there is. Otherwise you would not be asked for a symmetric > password for certain messages, would you? This is for inline OpenPGP and that's not part of any standard about email encryption I know of. Since you are also using KMail I invite you to test whether KMail is able to decrypt symmetrically encrypted OpenPGP/MIME messages out-of-the-box. It might just work, but I'm too lazy and too tired to test this right now. > > > Is there any reason *not* to support symmetric-only encryption in > > > a > > > mail client? > > > > There are plenty of reasons. > > I would be satisfied with a single one. > > > I already mentioned the lack of a standard. > > Yeah > > > Then there's the problem of key exchange which you > > completely ignore. > > Which I can easily ignore as it is out of the scope of message > handling. How have users ever successfully exchanged encrypted ZIP > archives without ZIP providing an infrastructure for key exchange...? Probably by using the same trivial password for all encrypted ZIPs they exchange with anybody. Which brings me to another issue I have with your proposal: How do you want to prevent the users from using the same trivial symmetric encryption password for all "encrypted" messages? And what's your threat model, i.e. what do you want to achieve by your symmetric email encryption scheme? > Why does OpenPGP cover symmetric encryption without providing an > infrastructure for symmetric key exchange...? Let's check the PGP 2.6.3i User's Guide (ftp://ftp.pgpi.org/pub/pgp/2.x/doc/pgpdoc1.txt). ===== Using Just Conventional Encryption ---------------------------------- Sometimes you just need to encrypt a file the old-fashioned way, with conventional single-key cryptography. This approach is useful for protecting archive files that will be stored but will not be sent to anyone else. Since the same person that encrypted the file will also decrypt the file, public key cryptography is not really necessary. To encrypt a plaintext file with just conventional cryptography, type: pgp -c textfile This example encrypts the plaintext file called textfile, producing a ciphertext file called textfile.pgp, without using public key cryptography, key rings, user IDs, or any of that stuff. It prompts you for a pass phrase to use as a conventional key to encipher the file. This pass phrase need not be (and, indeed, SHOULD not be) the same pass phrase that you use to protect your own secret key. [...] ===== Apparently, Phil Zimmermann had a specific use-case in mind for "conventional encryption". And this specific use-case does not require any symmetric key or passphrase exchange with a second user. I doubt that Phil Zimmermann meant "conventional encryption" to be used for exchanging encrypted messages. > Users are capable of exchanging sheets of paper or having phone calls. > The typical ways for safe fingerprint exchange are safe enough for > password exchange, too. I very much disagree, but I think we have very different threat models in mind. > This is not about offering a great new concept to the public but about > making an already existing (on the file level) and easily > understandable feature available for email with very little effort. Little effort for whom? For the developers of email clients? Maybe. Maybe not. For the users of those email clients? I don't see "coming up with and exchanging passwords" as very little effort for the users. Contrast this with my proposal: More effort for the developers, but, in the extreme case where the mail client does everything automatically, no additional effort at all for the user. > > Related to this, you did not answer Robert's > > question "if you already have a secure channel over which you can > > send a key, why not just use that channel for your communications?". > > I not only read it but I think that I gave a quite precise reply to > that. No. You snipped this part of Robert's message and didn't reply at all to it. Later you did give an answer to this question in your reply to Doug Barton's message (who also pointed out that you "skated past" this question) though. > > Instead of support for symmetric encryption I'd rather love to see > > There are many features which would be nice to have. What do you think > how many orders of magintude this one is more effort to implement > than my proposal? See above. Yes, more effort to implement, but magnitudes less additional effort to use (and in the extreme case even infinitely less effort because "some non-zero additional effort to use" for your proposal divided by "zero additional effort to use" for my proposal equals infinitely more additional effort for your proposal). Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Sat Jul 19 03:46:56 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 19 Jul 2014 03:46:56 +0200 Subject: symmetric email encryption In-Reply-To: <53C95E42.20304@sixdemonbag.org> References: <9032428.AOpJcMyzLH@inno> <3926637.jtvkRO2VUC@inno> <53C95E42.20304@sixdemonbag.org> Message-ID: <1643281.2c8EIDBDr7@inno> Am Fr 18.07.2014, 13:49:54 schrieb Robert J. Hansen: > If/when a key is compromised, all traffic that has been generated or > will be generated with that key gets compromised, and there's no > guarantee about whether you'll know the key is compromised -- so it's > only sane to have an agreed-upon rekeying policy. "Keys will be used > for three days tops", for instance, limits your exposure to a > three-day window, but it requires you to rekey every few days. > > Key management is a killer problem. If you don't take it dead > seriously it'll hug you and love you and name you George[*]. Are symmetric keys more probable to be compromised than asymmetric ones? Who even on this list makes a keyring update at least every three days? I guess this discussion does not go well because of a misunderstanding or wrong expectations. You and Ingo are talking about "real crypto" issues. BTW: I had thought that meanwile my image here should be that I take key management (and other stuff) too seriously instead of not seriously enough. Usually I suggest something and the reaction is something like "Let's not make it more complicated; who is supposed to use it yet?" What I am suggesting is neither an alternative to regular OpenPGP encryption nor meant as "real crypto" at all. I think we all can agree that those 99% have decided not to use e2e crypto at all. Let alone real e2e crypto. Snowden has caused only a small change to that. I could tell you stories (a few days old) from German universities and IT security associations which would probably make you cry. So nobody knows if, when and why this may change. Maybe Ingo's suggestion does the job. Haven't herad about STEED for quite a while though. And I appreciate every effort in this area. But I don't think that it can be implemented only if mine is not... I am talking about a feature for those who don't care to use crypto *at all*. I would like to offer something easy to these people. Not "easy" in a "You have 30 contacts and have to send 5 emails to each" scenario or even in a "well calculated" sense but "easy" as in a) "You just have to install a software" (people are used to installing software and not afraid of it) and "You need not configure it" b) "You just need a password." Everyone knows what a password is and isn't afraid of using one. Nobody knows what key pairs are and why you should authenticate them. This is not a replacement feature for people who often encrypt mails. This is supposed to be for people who want to encrypt a single mail or a few of them. And these "I have no clue" people most probably do not expect the same security level from such an ad hoc solution like from real crypto technology - which they would have to understand and learn first. Thus IMHO it does not make sense to discuss possible security glitches about this because they are not an issue for the group of people who would otherwise not use crypto at all. Like vedaal I assume that people who use this feature often would probably change to asymmetric crypto. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Sat Jul 19 04:37:56 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 19 Jul 2014 04:37:56 +0200 Subject: symmetric email encryption In-Reply-To: <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <1570028.cpTUGa577n@inno> <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> Message-ID: <12036754.oebnaX5LxD@inno> Am Sa 19.07.2014, 01:42:19 schrieb Ingo Kl?cker: > If we add enough buttons then users will > eventually start pressing them. (Sorry, for being sarcastic, but I > really don't see how adding another button can possibly improve the > users' willingness to use email encryption.) Yeah and this works the other way round, doesn't it? Doing nothing about the GUI will finally magically improve the situation... https://bugs.kde.org/show_bug.cgi?id=318005 (Please not that this was written before the Cryptoparty community became well known.) > BTW, additionally to the above mentioned new button the user has to > press he also has to enter a password for each message he wants to > send encrypted. Yes, until someone decides to combine this with kwallet... > How this additional inconvenience is going to win us > more OpenPGP users is beyond me. That is quite easy to understand though: As the handling of asymmetric keys is easier (and the "encrypt symmetrically" feature would point the user at this fact every time) there is a certain pressure upon the user to switch to asymmetric keys. Is there any easier solution with symmetric encryption? Sometimes poeple are told to use encrypted ZIP archives. I have no idea how often this is done. But this is a "how big is your desire to encrypt this email?" problem. If the user wants it encrypted then he will enter the password. If people who are not prepared to use asymmetric crypto (those 99%) want password encryption in a certain situation then I don't want them to have to use something different from OpenPGP. I don't want them to have an "This big thing can't even handle password encryption" experience. I want them to have a "This can handle password encryption but it can do better and more convenient if you spend some time learning how" experience. > Since you are also using KMail I invite > you to test whether KMail is able to decrypt symmetrically encrypted > OpenPGP/MIME messages out-of-the-box. It might just work, but I'm too > lazy and too tired to test this right now. It does work. It seems not to work with Thunderbird/Enigmail though. But maybe I have done something wrong. The Enigmail console output looks good to me... I have prepared a mail file for those who want to give this a try: http://www.crypto-fuer-alle.de/docs/mail-symmetric/mail.cr-lf.eml > Probably by using the same trivial password for all encrypted ZIPs > they exchange with anybody. Which brings me to another issue I have > with your proposal: How do you want to prevent the users from using > the same trivial symmetric encryption password for all "encrypted" > messages? The only thing I want to prevent them from doing is using some other technology for symmetric encryption. I am not going to advocate this as "the way to go". It seems to me that you (and Rob) are completely missing the intention. > And what's your threat model, i.e. what do you want to achieve by your > symmetric email encryption scheme? Same answer: This is for users who don't need any threat model consideration. What do you think what the computers of people who didn't care to create a key pair yet look like? Stronger crypto is the last thing they need. Even bad crypto is the most secure part of their digital life. I don't want to achieve anything technical by this. I want to achive something social by this. I want to exploit people's familiarity with passwords for pushing them in the right direction. > [PGP 2.6.3i User's Guide] > Since the same person that encrypted the file will also > decrypt the file, public key cryptography is not really necessary. Doesn't make any sense to me. If I encrypt data for myself then I encrypt it for my own key. The exception to this rule is data which may be needed on systems which don't have my private key installed. And that's precisely the same for my proposal: It's for encryption for people who don't have a private key at all. > Little effort for whom? For the developers of email clients? Maybe. > Maybe not. For the users of those email clients? I don't see "coming > up with and exchanging passwords" as very little effort for the > users. And you are probably right if the number of emails or contacts exceeds a certain value. But this is probably not how users act. They will not try to understand both systems in order to calculate what is easier (in the long run). They will compare a) install software and do something I understand (password) with b) install software, configure software which I don't understand and do something I don't understand (asymmetric key handling). I bet the majority of the 99% prefers to start with (a). This is a smaller step which prepares them for the next one (which has become smaller due to their getting familiar with encryption). > Contrast this with my proposal: More effort for the developers, but, > in the extreme case where the mail client does everything > automatically, no additional effort at all for the user. I am in no way trying to prevent you from developing that. I don't understand what this comparison shall be good for. That would be relevant if using resources for implementing mine would prevent yours from being done. But the resources used for this thread already would probably be enough for implementing mine. > > I not only read it but I think that I gave a quite precise reply to > > that. > > No. You snipped this part of Robert's message and didn't reply at all > to it. You didn't understand that my remark was a reply. I wouldn't dare to ignore Robert's questions anyway... His question ? as I understand it ? was completely unrelated to my proposal as he criticized something that would never happen. He argued with the behaviour of a group who is not supposed to use this feature at all. > See above. Yes, more effort to implement, but magnitudes less > additional effort to use OK when will it be there? Five years from now? Mine could be there tomorrow. How many new users would be generated by my proposal over the next five years? I don't even believe that using crypto must become easier. Using it on average level is already easier that more or less everything you learn at school. I guess the solution is educating the people. Not because of technical difficulties but because of laziness and group effects. even if your idea is ready one day then people will still have to learn to do it the right way. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Sat Jul 19 04:51:13 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 Jul 2014 22:51:13 -0400 Subject: symmetric email encryption In-Reply-To: <1643281.2c8EIDBDr7@inno> References: <9032428.AOpJcMyzLH@inno> <3926637.jtvkRO2VUC@inno> <53C95E42.20304@sixdemonbag.org> <1643281.2c8EIDBDr7@inno> Message-ID: <53C9DD21.7030906@sixdemonbag.org> > Are symmetric keys more probable to be compromised than asymmetric ones? Immensely. An asymmetric key is a secret held by one person; a symmetric key is a secret shared by two or more. > What I am suggesting is neither an alternative to regular OpenPGP > encryption nor meant as "real crypto" at all. If you're not interested in providing real solutions, then I'm not interested in having this conversation. From mailinglisten at hauke-laging.de Sat Jul 19 05:09:31 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 19 Jul 2014 05:09:31 +0200 Subject: symmetric email encryption In-Reply-To: <53C9DD21.7030906@sixdemonbag.org> References: <9032428.AOpJcMyzLH@inno> <1643281.2c8EIDBDr7@inno> <53C9DD21.7030906@sixdemonbag.org> Message-ID: <5713156.THT9A2Q2Cd@inno> Am Fr 18.07.2014, 22:51:13 schrieb Robert J. Hansen: > > Are symmetric keys more probable to be compromised than asymmetric > > ones? > Immensely. An asymmetric key is a secret held by one person; a > symmetric key is a secret shared by two or more. A factor of two is "immense" to you...? Furthermore it seems to me that you ignore the fact that in a typical scenario you need only one of the asymmetric keys in order to be able to read the whole communication between two (or even more as long as all are part of it) people as the default behaviour is to encrypt for the recipient's key and also for the sender's key. Thus every mail can be read by each of the private keys. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mirimir at riseup.net Sat Jul 19 05:41:10 2014 From: mirimir at riseup.net (Mirimir) Date: Fri, 18 Jul 2014 21:41:10 -0600 Subject: symmetric email encryption In-Reply-To: <12036754.oebnaX5LxD@inno> References: <9032428.AOpJcMyzLH@inno> <1570028.cpTUGa577n@inno> <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> <12036754.oebnaX5LxD@inno> Message-ID: <53C9E8D6.4010108@riseup.net> On 07/18/2014 08:37 PM, Hauke Laging wrote: > I have prepared a mail file for those who want to give this a try: > > http://www.crypto-fuer-alle.de/docs/mail-symmetric/mail.cr-lf.eml I just emailed that to myself using Thunderbird + Enigmail in Ubuntu. I was prompted for a password, and "foo" decrypted the symmetrically encrypted block. From whirlpool at blinkenshell.org Sat Jul 19 11:35:01 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Sat, 19 Jul 2014 11:35:01 +0200 Subject: Problems invoking gpgsm with curses interface. Message-ID: <20140719093501.GB54018@blinkenshell.org> Hello, Gnupg has s/MIME component to manage x509 certificate, which is called gpgsm. Running gpgsm with a working desktop such as KDE is fine. But when I'm running it on a shell, using pinentry-curses as passphrase input backend, I got an error saying that LC-CTYPE is unknown. gpgsm: pinentry-curses: no LC_CTYPE known - assuming UTF-8 I've set GPG_TTY environment variable and started gpg-agent as daemon. For your information, I run gpgsm to import a p12 certificate `gpgsm --import mycert.p12` Is there any workaround to fix this strange gpgsm behavior? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From peter at digitalbrains.com Sat Jul 19 14:26:44 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 19 Jul 2014 14:26:44 +0200 Subject: Automatic e-mail encryption In-Reply-To: <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> Message-ID: <53CA6404.2000600@digitalbrains.com> On 19/07/14 00:34, Ingo Kl?cker wrote: > Sure. But the NSA already knows the correspondents of all of our mail > anyway. Keyserver lookups do not add any additional data Pssh. What an argument. Please refrain from such useless rhetorics. > But the keyserver (owner) has to be trustworthy anyway. First of all, "trustworthy" is a really ill-defined notion. Should I give them my credit card? Secondly: why? Why does a keyserver need to be trustworthy? In fact, why do I even need a keyserver? It's a convenience. But I can just exchange keys with my peers. I don't need to trust any keyserver operator. Unless it is silently done behind my back, that is. Here's an idea: when elliptic curve becomes ubiquitous, simply include your public key in the header of every e-mail you send. That's way closer to how SSH works, since it uses only one channel, in this case the e-mails themselves. Perhaps it would be a good idea to only include the actual EC public key, and not the whole OpenPGP packet, to keep it small. You say signing isn't covered... I don't see why not. Just as you automatically decrypt; automatically sign. There still is the large issue of private key distribution. I have several machines all connected to my e-mail account. It seems to me there's a *lot* of infrastructure still missing for this to be almost transparent to the end-user. This topic, if discussed at all, should be discussed by itself and not as some kind of counter-offer to symmetric encryption, because the problem space is vastly different. By the way: if we had a working alternative to SSL/TLS, all the mail servers could talk to eachother securely without eavesdropping. That way the contents of e-mails is only exposed on the sending SMTP server and the receiving SMTP and mailbox servers (f.e., IMAP). The mailbox server already knows when you use automatic decryption to facilitate searching, and the receiving SMTP server is probably under the control of the same people that control the receiving mailbox server. So they are probably about equally difficult to access. And likewise, the sender will have a decrypted copy in his Sent folder on his mailbox server, and the sending SMTP server is again close to that server. So if only we had a way to properly authenticate SMTP servers, I think we get almost the same effective protection for the users, albeit without signatures. And this requires only changes to a "couple of" servers, instead of to all endpoints. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From John at enigmail.net Sat Jul 19 15:29:44 2014 From: John at enigmail.net (John Clizbe) Date: Sat, 19 Jul 2014 08:29:44 -0500 Subject: Fwd: [Enigmail] [ANN] Enigmail v1.7 available In-Reply-To: <53C16068.4010900@enigmail.net> References: <53C16068.4010900@enigmail.net> Message-ID: <53CA72C8.406@enigmail.net> As there are many Enigmail users who read this list, but not [Enigmail], I'm forwarding the announcement of the newest release of Enigmail, v1.7. There are quite a few changes in this release. As Patrick writes in the announcement: > As usually, it will take up to two weeks until the version will be > available from addons.mozilla.org. Until then, Enigmail 1.7 may be obtained two ways: 1) From https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/ Until the AMO staff finish their review, new versions will be available only from Version History list ('View other versions' link below-right from the Download button). 2) Visit the Enigmail project's download page and download from there. https://www.enigmail.net/download/ Debian/Ubuntu users will need to wait until Enigmail 1.7 has been packaged for your use. There will no doubt be support questions. The BEST, and recommended, place to address them is the Enigmail mailing list: > enigmail-users mailing list > enigmail-users at enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net The list is moderated to reduce SPAM. Subscribe if you do not with to wait in the moderation queue -------- Forwarded Message -------- Subject: [Enigmail] [ANN] Enigmail v1.7 available Date: Sat, 12 Jul 2014 18:20:56 +0200 From: Patrick Brunschwig Reply-To: Enigmail user discussion list To: Enigmail user discussion list I'm happy to announce the availability of Enigmail v1.7 for Thunderbird 24 - 31, and SeaMonkey 2.20 and newer. This version brings many new features (special thanks to Nico Josuttis!) plus a lot bug fixes. Furthermore, this version ensures compatibility with the upcoming releases of Thunderbird and SeaMonkey. Notable Changes =============== * New "convenience" mode for sending mails * Automatic encryption if all keys are known * More intuitive view of encryption/signing states in icons and menus * Possibility to filter in the key selection dialog * Better selection options for importing keys from address book * Menu items and labels were changed from "OpenPGP" to "Enigmail" * Better algorithm for selecting best key for an email address * More fine-grained options for displaying dialog before message sending * Better fault tolerance at many places * Some support for PGP/MIME mails deformed by Exchange servers Obtaining Enigmail ================== Enigmail can be downloaded from The changelog is available from As usually, it will take up to two weeks until the version will be available from addons.mozilla.org. -Patrick _______________________________________________ enigmail-users mailing list enigmail-users at enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net From 2014-667rhzu3dc-lists-groups at riseup.net Sat Jul 19 16:30:54 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 19 Jul 2014 15:30:54 +0100 Subject: symmetric email encryption In-Reply-To: <20140718192308.47A05A0147@smtp.hushmail.com> References: <9032428.AOpJcMyzLH@inno> <31968404.2vkRhOBsFo@inno> <53C94F56.5070003@dougbarton.us> <3926637.jtvkRO2VUC@inno> <53C95E42.20304@sixdemonbag.org> <20140718192308.47A05A0147@smtp.hushmail.com> Message-ID: <931874494.20140719153054@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 18 July 2014 at 8:23:08 PM, in , vedaal at nym.hush.com wrote: > The only annoyance with this type of approach, is that > it needs a separate passphrase for each correspondent, How? Running "gpg --symmetric test.txt" only gives me the opportunity to enter one passphrase for the encryption. > Hushmail has a one-way variant of this approach. [snipped] > The receiver gets a message that an encrypted e-mail > has been sent, and is directed to the Hushmail server > where the sender's question is asked, and the receiver > has 3 chances to provide the correct answer. A correct > answer decrypts the symmetrically encrypted e-mail and > the plaintext is displayed on the Hushmail server. The > e-mail is removed from the server after 72 hours. It is a good idea to tell the recipient in advance. Otherwise they just see yet another unsolicited email suggesting to follow a link or visit an unfamiliar website. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Don't cry because it is over - smile because it happened -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPKgS5XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pXkgD/j3s56ApdFNwcjFY3SREkocyGxXGDtONA8Z4 nYeO60nOP3w95+p9t49aBfKxNTjoaix3MwlAzSbvtr8JU+0ZoiAZ6Kmlg88eLYYm Zbt2eQqIpqwPhZjBCe9p2ZyTKW5gBnVSbYIZpB7Wj5fle+RoRpJHMMogjmhakdlc YGmDRaVH =8lgV -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Sat Jul 19 16:55:15 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 19 Jul 2014 15:55:15 +0100 Subject: symmetric email encryption In-Reply-To: <53C9E8D6.4010108@riseup.net> References: <9032428.AOpJcMyzLH@inno> <1570028.cpTUGa577n@inno> <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> <12036754.oebnaX5LxD@inno> <53C9E8D6.4010108@riseup.net> Message-ID: <36306341.20140719155515@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 19 July 2014 at 4:41:10 AM, in , Mirimir wrote: > I just emailed that to myself using Thunderbird + > Enigmail in Ubuntu. I was prompted for a password, and > "foo" decrypted the symmetrically encrypted block. I did a similar thing and my email program prompted me to "Input OpenPGP key passphrase for ." Mine decrypted OK, as well. If I encrypt it to my key as well as to a passphrase, it does not list among the passphrase entry options, but does encrypt with the test passphrase as well as with my key. As an aside, the gui frontend I use for key management has a "current window" or "clipboard" encrypt function, which allows to add "symmetrical" by ticking a box (and prompting to enter the passphrase twice). - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net She looked like butter wouldn't melt in her mouth - or anywhere else. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPKht5XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pR+oD/jOiZ9BXJ8AuOrFkVU90FU+OaXAcr3Oq5lwv ThRMsX7YqXGntJ4etopopt90yPc93iDLpIJJpFjtS4uYbdEN4IozyJQiBUeeERHL 70ziw6aOpo78XykP6TuplNxpZ+1DlAP1LsAN8iXs1ei5Zne/I3dmcKNbqLzhbvtL hfypitfs =C7J1 -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Sat Jul 19 17:51:23 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 19 Jul 2014 16:51:23 +0100 Subject: symmetric email encryption In-Reply-To: <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> Message-ID: <1179964937.20140719165123@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 18 July 2014 at 11:34:19 PM, in , Ingo Kl?cker wrote: > Sure. But the NSA already knows the correspondents of > all of our mail anyway. Keyserver lookups do not add > any additional data (except of the information that you > are trying to look up a key resp. that you are talking > to a keyserver). Time of use is a big piece of information that a keyserver lookup could add. And, maybe, IP address, operating system, software... > Good point. Automatic decryption should be possible for > those that want it. My scheme is mostly meant as > in-transit encryption which again is way better than > our current status quo. And the choice whether to store their emails encrypted or decrypted. Storing decrypted could be an issue, especially if the emails are stored on a server rather than the user's machine. > Peter Lebbing wrote: >> An e-mail system with a default big usability issue >> will get swapped out for a more pleasant to use one. It might, but Outlook is in widespread use despite major usability issues. > Peter Lebbing wrote: >> Finally, I think people might take issue with their >> e-mail address automatically being posted to a public >> keyserver. A certain minority would take exception to this, including myself. It is less of a problem for me with the automatic upload of just a single email address per key and no name/identity information. > How exactly does one harvest email addresses from the > keyservers? Can I ask keyservers to give me all keys it > has in storage? Or do I need to search for keys > matching a certain substring? I honestly don't know. > Anyway, if this really becomes a problem than key > lookup probably needs to be made as inconvenient as > trying to send email probes to randomly generated > email addresses. Isn't key lookup already more inconvenient than randomly generating email addresses? Or have I missed something? > For my scheme to work the keyservers would only need to > return keys where the email address part of a uid > exactly matches the recipient's email address. The email address could be hashed in the key UID that's automatically uploaded... > Moreover, for my scheme to work no key certification is > necessary, i.e. crawling from one key to the next via > certification signatures wouldn't be possible. Some people have specific use cases where key certification is needed. But most email communication doesn't have a way of being sure who controls the address. > The scheme has more issues: For example, there's no > message integrity protection (via signing) whatsoever. There's no reason not to have it. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Live your life as though every day it was your last. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPKlAZXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pFTIEAJ1acb0+CvHLkAuCtqnTed1L6v8xsvbvbNXz TS8oaZ7cCzBo9PK3nllDl1AM/qw4tpopLpwNH5H3ByjrzrPZjyonV8bSZoyFffwd U+hhSeaPEFI5Ox5pAdtnb3Mu0troNatcnKAdbgdykMlwsyEy0ez48qWeudlRy0Nr xiBR99za =wmKi -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sat Jul 19 19:55:45 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 19 Jul 2014 13:55:45 -0400 Subject: symmetric email encryption In-Reply-To: <5713156.THT9A2Q2Cd@inno> References: <9032428.AOpJcMyzLH@inno> <1643281.2c8EIDBDr7@inno> <53C9DD21.7030906@sixdemonbag.org> <5713156.THT9A2Q2Cd@inno> Message-ID: <53CAB121.9050401@sixdemonbag.org> > A factor of two is "immense" to you...? Yes. A secret that only I know I can keep; a secret known to two people can only be kept for a while. Yes, that's an immense difference. From kloecker at kde.org Sat Jul 19 21:40:11 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 19 Jul 2014 21:40:11 +0200 Subject: symmetric email encryption In-Reply-To: <1643281.2c8EIDBDr7@inno> References: <9032428.AOpJcMyzLH@inno> <53C95E42.20304@sixdemonbag.org> <1643281.2c8EIDBDr7@inno> Message-ID: <3137448.noJxCFnCuZ@thufir.ingo-kloecker.de> On Saturday 19 July 2014 03:46:56 Hauke Laging wrote: > I guess this discussion does not go well because of a misunderstanding > or wrong expectations. > > > You and Ingo are talking about "real crypto" issues. Actually, concerning your proposal, I'm more talking about usability. To encrypt a message using your proposal the sender needs to * write the message, * tell his mail client that he wants to encrypt the message, * come up with and enter the password that should be used for encrypting the message, (-> minor inconvenience) * tell the recipient the password, (-> major inconvenience) * and, finally, send the message. That's three more steps than for sending an unencrypted message. And for one of those steps a completely different communication channel needs to be used. This is so inconvenient that I cannot see this helping our cause. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kloecker at kde.org Sat Jul 19 22:15:55 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 19 Jul 2014 22:15:55 +0200 Subject: Automatic e-mail encryption In-Reply-To: <53CA6404.2000600@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> Message-ID: <1432254.Q1CiJGq48L@thufir.ingo-kloecker.de> Hi Peter, please do not send me direct replies. I am subscribed so reply-to-list is sufficient. (I wouldn't ask this of you if I'd receive two copies of your replies, but I only receive the direct replies and this means I cannot use reply-to-list. The mailing list is correctly configured, so I blame a fancy deduplication feature of the receiving Exchange mail server.) On Saturday 19 July 2014 14:26:44 Peter Lebbing wrote: > Here's an idea: when elliptic curve becomes ubiquitous, simply include > your public key in the header of every e-mail you send. That's way > closer to how SSH works, since it uses only one channel, in this case > the e-mails themselves. Perhaps it would be a good idea to only > include the actual EC public key, and not the whole OpenPGP packet, > to keep it small. I like this idea. > You say signing isn't covered... I don't see why not. Just as you > automatically decrypt; automatically sign. It doesn't feel right to automatically sign messages with automatically created keys. Also, signing is irrelevant for my use case: end-to-end encryption. > There still is the large issue of private key distribution. I have > several machines all connected to my e-mail account. It seems to me > there's a *lot* of infrastructure still missing for this to be almost > transparent to the end-user. Yeah. Usage of multiple machines/devices is an unsolved problem. > This topic, if discussed at all, should > be discussed by itself and not as some kind of counter-offer to > symmetric encryption, because the problem space is vastly different. Right. I guess I simply grabbed the opportunity. > By the way: if we had a working alternative to SSL/TLS, all the mail > servers could talk to eachother securely without eavesdropping. That > way the contents of e-mails is only exposed on the sending SMTP > server and the receiving SMTP and mailbox servers (f.e., IMAP). The > mailbox server already knows when you use automatic decryption to > facilitate searching, unless the decrypted messages are only stored locally. Yes, this would break server-side searching and is problematic on devices with limited storage capacity. > and the receiving SMTP server is probably under > the control of the same people that control the receiving mailbox > server. So they are probably about equally difficult to access. And > likewise, the sender will have a decrypted copy in his Sent folder on > his mailbox server, unless ... > and the sending SMTP server is again close to > that server. So if only we had a way to properly authenticate SMTP > servers, I think we get almost the same effective protection for the > users, albeit without signatures. And this requires only changes to a > "couple of" servers, instead of to all endpoints. Good news: I think we do have such a way. It's called DANE (DNS-based Authentication of Named Entities) [1]. Support for DANE has been added to Postfix a few months ago and a few German mail providers recently started using it. Regards, Ingo [1] https://tools.ietf.org/html/rfc6698 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kloecker at kde.org Sat Jul 19 22:37:24 2014 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sat, 19 Jul 2014 22:37:24 +0200 Subject: symmetric email encryption In-Reply-To: <12036754.oebnaX5LxD@inno> References: <9032428.AOpJcMyzLH@inno> <37999459.zfsQ8Y7tUm@thufir.ingo-kloecker.de> <12036754.oebnaX5LxD@inno> Message-ID: <1430811.KlSd5llqvy@thufir.ingo-kloecker.de> On Saturday 19 July 2014 04:37:56 Hauke Laging wrote: > Am Sa 19.07.2014, 01:42:19 schrieb Ingo Kl?cker: > > Since you are also using KMail I invite > > you to test whether KMail is able to decrypt symmetrically encrypted > > OpenPGP/MIME messages out-of-the-box. It might just work, but I'm > > too > > lazy and too tired to test this right now. > > It does work. It seems not to work with Thunderbird/Enigmail though. > But maybe I have done something wrong. The Enigmail console output > looks good to me... > > I have prepared a mail file for those who want to give this a try: > > http://www.crypto-fuer-alle.de/docs/mail-symmetric/mail.cr-lf.eml Thanks for testing (also to Mirimir and MFPA). > > And what's your threat model, i.e. what do you want to achieve by > > your symmetric email encryption scheme? > > Same answer: This is for users who don't need any threat model > consideration. Huh? Why would those users want to encrypt a message if they don't have a threat in mind? I'm not replying to anything else because I think I have nothing more to add. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Sat Jul 19 23:02:19 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 19 Jul 2014 23:02:19 +0200 Subject: symmetric email encryption In-Reply-To: <1430811.KlSd5llqvy@thufir.ingo-kloecker.de> References: <9032428.AOpJcMyzLH@inno> <12036754.oebnaX5LxD@inno> <1430811.KlSd5llqvy@thufir.ingo-kloecker.de> Message-ID: <2483907.iUy4l94nr1@inno> Am Sa 19.07.2014, 22:37:24 schrieb Ingo Kl?cker: > > > And what's your threat model, i.e. what do you want to achieve by > > > your symmetric email encryption scheme? > > > > Same answer: This is for users who don't need any threat model > > consideration. > > Huh? Why would those users want to encrypt a message if they don't > have a threat in mind? I guess the typical case would be that either the sender or the recipient wants the communication encrypted (probably uses real crypto himself) and would use symmetric encryption as the fastest and easiest way to enable the other one to do that (or the only way the other party accepts at that moment). Furthermore: Usually when people start using a new tool or new technology they don't use it right. Probably at least 90% of the OpenPGP users use OpenPGP in a way I would not consider good. They do it because it's OK for them. They probably haven't put much consideration into that ? as you have to know a lot about the area to make these considerations. Noone cares about that with normal crypto. Why should this be a hard criterion in this case? I haven't seen the new Enigmail 1.7 yet but the default settings of 1.6 are a nightmare. GPGTools takes worst practice to a new level by doing the same like Enigmail ? but without the (easy to find?) option to change it. And even more showing off on the bad side: Certifying keys *without* showing the fingerprint! GnuPG doesn't tell you at which (maximum) level a certain key has been signed. There is no transparency in authenticity, no transparency in key security (part of that: no transparency about PC security, see (German) http://www.crypto-fuer-alle.de/wishlist/securitylevel/), no trancparency in key usage, the current WoT is crap because it offers nearly none of the information you need... That is the current crypto reality. And people are talking about security problems and thread models for symmetric encryption, fighting for good crypto usage? Really? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Sun Jul 20 02:08:22 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 19 Jul 2014 20:08:22 -0400 Subject: symmetric email encryption In-Reply-To: <2483907.iUy4l94nr1@inno> References: <9032428.AOpJcMyzLH@inno> <12036754.oebnaX5LxD@inno> <1430811.KlSd5llqvy@thufir.ingo-kloecker.de> <2483907.iUy4l94nr1@inno> Message-ID: <53CB0876.7080704@sixdemonbag.org> > I guess the typical case would be that either the sender or the > recipient wants the communication encrypted (probably uses real crypto > himself) and would use symmetric encryption as the fastest and easiest > way to enable the other one to do that (or the only way the other party > accepts at that moment). When technically savvy people make guesses about the "typical use case," we are usually wrong on levels we don't even imagine. This is why real usability studies with real users are essential. At any rate, no one is telling you that you can't do this. All you've heard is that you've not convinced other people to implement it for you. The GnuPG and Enigmail sources are both freely available: start hacking. If you're right and people start using this in droves, I'll cheerfully be the first one to admit I was wrong. With this, I'm out of this thread. :) From holtzm at cox.net Sun Jul 20 02:46:02 2014 From: holtzm at cox.net (Bob Holtzman) Date: Sat, 19 Jul 2014 17:46:02 -0700 Subject: symmetric email encryption In-Reply-To: <53CAB121.9050401@sixdemonbag.org> References: <9032428.AOpJcMyzLH@inno> <1643281.2c8EIDBDr7@inno> <53C9DD21.7030906@sixdemonbag.org> <5713156.THT9A2Q2Cd@inno> <53CAB121.9050401@sixdemonbag.org> Message-ID: <20140720004602.GA13567@cox.net> On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote: > > A factor of two is "immense" to you...? > > Yes. A secret that only I know I can keep; a secret known to two people > can only be kept for a while. Yes, that's an immense difference. Old Hell's Angels saying, "3 people can keep a secret if two of them are dead". Not a very sophisticated bunch but.......... > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Bob Holtzman A man is a man who will fight with a sword or tackle Mt Everest in snow, but the bravest of all owns a '34 Ford and tries for 6000 in low. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Sun Jul 20 07:17:56 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 20 Jul 2014 01:17:56 -0400 Subject: Fwd: [Enigmail] [ANN] Enigmail v1.7 available In-Reply-To: <53CA72C8.406@enigmail.net> References: <53C16068.4010900@enigmail.net> <53CA72C8.406@enigmail.net> Message-ID: <53CB5104.7080306@fifthhorseman.net> On 07/19/2014 09:29 AM, John Clizbe wrote: > Debian/Ubuntu users will need to wait until Enigmail 1.7 has been packaged for > your use. Enigmail 1.7 is already packaged and present in debian unstable and debian testing. I'll look into backporting it to debian stable later this week. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 949 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Jul 20 11:21:39 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 20 Jul 2014 11:21:39 +0200 Subject: [Enigmail] [ANN] Enigmail v1.7 available In-Reply-To: <53CB5104.7080306@fifthhorseman.net> References: <53C16068.4010900@enigmail.net> <53CA72C8.406@enigmail.net> <53CB5104.7080306@fifthhorseman.net> Message-ID: <8fc84888164d94239c9c5f3e517842b2@butters.digitalbrains.com> On 2014-07-20 07:17, Daniel Kahn Gillmor wrote: > Enigmail 1.7 is already packaged and present in debian unstable and > debian testing. > > I'll look into backporting it to debian stable later this week. Thanks! Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wardhan.v.1.0 at gmail.com Mon Jul 21 10:33:23 2014 From: wardhan.v.1.0 at gmail.com (war.dhan) Date: Mon, 21 Jul 2014 14:03:23 +0530 Subject: even after deleting the 1st key pair, owner's trust is defaulting to ultimate Message-ID: <53CCD053.3040306@gmail.com> i have created a key pair using the defaults at first. et the owners trust as ultimate using enigmail 1.7. then i realised about not adding : personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed since i have not uploaded the key to public server, i immediately deleted the key. added the above three lines gnupg.conf. created a key pair with same credentials for both key pairs: name: myname email: myname at email.com to my surprise the 2nd key pair has owners trust as ultimate. is this intended behaviour or is anything abnormal ? or is there any specific reason ? i am using gnupg 2.0.25-1 on manjaro. thanks & regards, war.dhan From wk at gnupg.org Mon Jul 21 14:54:23 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Jul 2014 14:54:23 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718161839.GB51174@blinkenshell.org> (The Fuzzy Whirlpool Thunderstorm's message of "Fri, 18 Jul 2014 18:18:39 +0200") References: <20140718161839.GB51174@blinkenshell.org> Message-ID: <87oawi6feo.fsf@vigenere.g10code.de> On Fri, 18 Jul 2014 18:18, whirlpool at blinkenshell.org said: > I wonder if Mutt can be configured to decrypt inline pgp messages > automatically, without piping the attachment to `gpg --decrypt`. IIRC, I implemented that about a decade ago. Simply put set crypt_use_gpgme into your ~/.muttrc. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mwood at IUPUI.Edu Mon Jul 21 15:12:36 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 21 Jul 2014 09:12:36 -0400 Subject: symmetric email encryption In-Reply-To: <20140720004602.GA13567@cox.net> References: <9032428.AOpJcMyzLH@inno> <1643281.2c8EIDBDr7@inno> <53C9DD21.7030906@sixdemonbag.org> <5713156.THT9A2Q2Cd@inno> <53CAB121.9050401@sixdemonbag.org> <20140720004602.GA13567@cox.net> Message-ID: <20140721131236.GA27644@IUPUI.Edu> On Sat, Jul 19, 2014 at 05:46:02PM -0700, Bob Holtzman wrote: > On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote: > > > A factor of two is "immense" to you...? > > > > Yes. A secret that only I know I can keep; a secret known to two people > > can only be kept for a while. Yes, that's an immense difference. > > Old Hell's Angels saying, "3 people can keep a secret if two of them are > dead". Not a very sophisticated bunch but.......... Often attributed to Benjamin Franklin. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From wk at gnupg.org Mon Jul 21 15:18:33 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Jul 2014 15:18:33 +0200 Subject: even after deleting the 1st key pair, owner's trust is defaulting to ultimate In-Reply-To: <53CCD053.3040306@gmail.com> (war dhan's message of "Mon, 21 Jul 2014 14:03:23 +0530") References: <53CCD053.3040306@gmail.com> Message-ID: <87fvhu6eae.fsf@vigenere.g10code.de> On Mon, 21 Jul 2014 10:33, wardhan.v.1.0 at gmail.com said: > to my surprise the 2nd key pair has owners trust as ultimate. Ultimate trust is always set for newly created keys. It is not set if you import a key. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jul 21 15:16:26 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Jul 2014 15:16:26 +0200 Subject: scdaemon support for SmartCard-HSM In-Reply-To: <53C932DA.9030903@cardcontact.de> (Andreas Schwier's message of "Fri, 18 Jul 2014 16:44:42 +0200") References: <53C932DA.9030903@cardcontact.de> Message-ID: <87k3766edx.fsf@vigenere.g10code.de> Hi Andreas, On Fri, 18 Jul 2014 16:44, andreas.schwier.ml at cardcontact.de said: > we've added support for the SmartCard-HSM to scdaemon. Please find the > patch that applies to master at [1]. If you want me to apply that patch please read doc/DETAILS on how to send a DCO. (I'd appreciate a sample card for testing but that is not a requirement). Some quick remarks: If you took anoyher app-*.c as template, please add all the copyright lines from that file and add your own copyright line (unless you have an assignbment for GnuPG with the FSF) Lines should in general not be longer that 80 characters, I spotted one or two which are longer. Someone needs to proofread the code of course ;-) > 1. Signing with ECDSA: Apparently gpgsm puts the wrongs (RSAEncryption) > algorithm identifier in SignerInfo when using ECDSA. As a result > verification of the CMS fails with "conflicting use". I doubt that gpgsm really support ECC. Thus such problems are to be expected. > 2. At least on Kubuntu the PIN callback to prompt the user to enter the > PIN at the reader PIN PAD does not work. gpgsm is reporting an invalid GnuPG does this on itself - no need for a callback. Well, it should do that. What pinentry are you (Kubuntu) using? > 3. Apparently kleopatra only support TCOS card. It's unclear to my why > this restriction is in place. The contract specified that card and thus Kleopatra did a minimal job to fulfill the requirements. For better card support you should use GPA (you may want to add support for your card there as well). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mwood at IUPUI.Edu Mon Jul 21 15:32:57 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 21 Jul 2014 09:32:57 -0400 Subject: Automatic e-mail encryption In-Reply-To: <53CA6404.2000600@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> Message-ID: <20140721133257.GB27644@IUPUI.Edu> On Sat, Jul 19, 2014 at 02:26:44PM +0200, Peter Lebbing wrote: > By the way: if we had a working alternative to SSL/TLS, all the mail > servers could talk to eachother securely without eavesdropping. That way Please remind me why we need an alternative to TLS. > the contents of e-mails is only exposed on the sending SMTP server and > the receiving SMTP and mailbox servers (f.e., IMAP). The mailbox server I treat hop-by-hop encryption, not as an alternative to end-to-end, but as defense in depth. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From wk at gnupg.org Mon Jul 21 15:34:23 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Jul 2014 15:34:23 +0200 Subject: ECC and CMS (was: [Announce] The fifth Beta for GnuPG 2.1 is now available for testing) In-Reply-To: <201407080956.38736.bernhard@intevation.de> (Bernhard Reiter's message of "Tue, 8 Jul 2014 09:56:38 +0200") References: <87simizrjg.fsf@vigenere.g10code.de> <201407071601.19846.bernhard@intevation.de> <53BAA9C9.8000002@sumptuouscapital.com> <201407080956.38736.bernhard@intevation.de> Message-ID: <877g366dk0.fsf_-_@vigenere.g10code.de> On Tue, 8 Jul 2014 09:56, bernhard at intevation.de said: > Do you also know the status of CMS (x.509) for S/MIME? May work but likely needs a bit of testing and code fiddling. I have lost most interest in CMS, thus better do not expect that I will spend time on it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jul 21 15:46:56 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Jul 2014 15:46:56 +0200 Subject: Is it possible to set a passphrase_cb in gpgme with openpgp protocol In-Reply-To: ("Reto =?utf-8?Q?Habl=C3=BCtzel=22's?= message of "Fri, 4 Jul 2014 11:52:47 +0200") References: Message-ID: <8738du6cz3.fsf@vigenere.g10code.de> On Fri, 4 Jul 2014 11:52, rethab at rethab.ch said: > I read in the ruby-bindings library that this only worked with version 1.X > but seems not to work anymore with 2.X. Is there any truth to this? Right. GnuPG-2 require the gpg-agent and the gpg-agent is soley responsible for asking for the passphrase. Check out the mail archives on how to work around this (pinentry wrapper). But: On common request GnuPG 2.1 (currently in beta) has a feature to allow gpg-agent to call back to gpg (and in turn to gpgme etc) for the passphrase (see --allow-looopback-pinentry and pinentry-mode). GPGME supports this. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Mon Jul 21 16:16:08 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 21 Jul 2014 10:16:08 -0400 Subject: even after deleting the 1st key pair, owner's trust is defaulting to ultimate In-Reply-To: <53CCD053.3040306@gmail.com> References: <53CCD053.3040306@gmail.com> Message-ID: <53CD20A8.6050009@fifthhorseman.net> On 07/21/2014 04:33 AM, war.dhan wrote: > i have created a key pair using the defaults at first. > et the owners trust as ultimate using enigmail 1.7. > then i realised about not adding : > personal-digest-preferences SHA256 > cert-digest-algo SHA256 > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES > CAST5 ZLIB BZIP2 ZIP Uncompressed > since i have not uploaded the key to public server, i immediately > deleted the key. > added the above three lines gnupg.conf. > created a key pair with same credentials for both key pairs: > name: myname > email: myname at email.com > > to my surprise the 2nd key pair has owners trust as ultimate. > is this intended behaviour or is anything abnormal ? > or is there any specific reason ? Any key created by GnuPG is automatically set to "ultimate" ownertrust by default, on the assumption that this is your key, so you are willing to believe any certifications that you make. If you want the 2nd key to have some other ownertrust than the first one, you should change that explicitly. But since it sounds like it is your personal key (and your only key), i don't see why you'd want to reduce the ownertrust from ultimate. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 949 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Mon Jul 21 18:23:51 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 21 Jul 2014 18:23:51 +0200 Subject: Automatic e-mail encryption In-Reply-To: <20140721133257.GB27644@IUPUI.Edu> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> Message-ID: <53CD3E97.1040303@digitalbrains.com> On 21/07/14 15:32, Mark H. Wood wrote: > Please remind me why we need an alternative to TLS. Well, I actually meant X.509 and the CA system, which is what is currently abundantly used in SSL and TLS. If you plug in a different form of authentication, I think the rest is okay. > I treat hop-by-hop encryption, not as an alternative to end-to-end, > but as defense in depth. Yes. I already explained why I think there is little difference when the mails are stored unencrypted on a mailbox server. If you only decrypt to local storage, then I agree. By the way, regarding DANE as an alternative to the CA system: I think a proper implementation of authentication through DNS could well be way better than the CA system: at least you can only be screwed by people having access to signing keys for the root and the TLD, instead of anyone with access to a CA certificate. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From holtzm at cox.net Mon Jul 21 20:49:57 2014 From: holtzm at cox.net (Bob Holtzman) Date: Mon, 21 Jul 2014 11:49:57 -0700 Subject: symmetric email encryption In-Reply-To: <20140721131236.GA27644@IUPUI.Edu> References: <9032428.AOpJcMyzLH@inno> <1643281.2c8EIDBDr7@inno> <53C9DD21.7030906@sixdemonbag.org> <5713156.THT9A2Q2Cd@inno> <53CAB121.9050401@sixdemonbag.org> <20140720004602.GA13567@cox.net> <20140721131236.GA27644@IUPUI.Edu> Message-ID: <20140721184957.GA4593@cox.net> On Mon, Jul 21, 2014 at 09:12:36AM -0400, Mark H. Wood wrote: > On Sat, Jul 19, 2014 at 05:46:02PM -0700, Bob Holtzman wrote: > > On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote: > > > > A factor of two is "immense" to you...? > > > > > > Yes. A secret that only I know I can keep; a secret known to two people > > > can only be kept for a while. Yes, that's an immense difference. > > > > Old Hell's Angels saying, "3 people can keep a secret if two of them are > > dead". Not a very sophisticated bunch but.......... > > Often attributed to Benjamin Franklin. Wow! Didn't know he was a h.a. or that he could ride. > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Bob Holtzman A man is a man who will fight with a sword or tackle Mt Everest in snow, but the bravest of all owns a '34 Ford and tries for 6000 in low. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From 2014-667rhzu3dc-lists-groups at riseup.net Mon Jul 21 21:15:34 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 21 Jul 2014 20:15:34 +0100 Subject: Automatic e-mail encryption In-Reply-To: <53CD3E97.1040303@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> <53CD3E97.1040303@digitalbrains.com> Message-ID: <186006538.20140721201534@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 21 July 2014 at 5:23:51 PM, in , Peter Lebbing wrote: > On 21/07/14 15:32, Mark H. Wood wrote: >> Please remind me why we need an alternative to TLS. > Well, I actually meant X.509 and the CA system, which > is what is currently abundantly used in SSL and TLS. If > you plug in a different form of authentication, I think > the rest is okay. Doesn't Monkeysphere [0] allow the use of the OpenPGP web of trust to authenticate certificates for TLS? [0] - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net None are so fond of secrets as those who do not mean to keep them -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPNZuRXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pT4EEAMC4kI/KJAPc875se1/JPjtCKRcerlH1seD6 lASS+0xhYrOVTX8cg0bUl56ef4og4wnAVtTQ162pYB3ce6iltWFh5f2jPxbnvmbH xOOcGXQ7tkXgAgbr8YoU03s5AygLHbH6bTn8Z4idy/PCSh/EKRLxrbnij+JHsRvz 0n2cCXsu =15Ic -----END PGP SIGNATURE----- From peter at digitalbrains.com Mon Jul 21 21:56:21 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 21 Jul 2014 21:56:21 +0200 Subject: Automatic e-mail encryption In-Reply-To: <186006538.20140721201534@my_localhost> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> <53CD3E97.1040303@digitalbrains.com> <186006538.20140721201534@my_localhost> Message-ID: <53CD7065.7040805@digitalbrains.com> On 21/07/14 21:15, MFPA wrote: > Doesn't Monkeysphere [0] allow the use of the OpenPGP web of trust to > authenticate certificates for TLS? I don't think this helps much authenticating one SMTP server to another. Even if it would be possible, they are usually operated by ISP's; I don't see them using the WoT for that any time soon. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.us Mon Jul 21 22:33:56 2014 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 21 Jul 2014 13:33:56 -0700 Subject: Automatic e-mail encryption In-Reply-To: <53CD3E97.1040303@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> <53CD3E97.1040303@digitalbrains.com> Message-ID: <53CD7934.8020900@dougbarton.us> On 07/21/2014 09:23 AM, Peter Lebbing wrote: > By the way, regarding DANE as an alternative to the CA system: I think a proper > implementation of authentication through DNS could well be way better than the > CA system: at least you can only be screwed by people having access to signing > keys for the root and the TLD, instead of anyone with access to a CA certificate. SSL/TLS is designed to (primarily) do two things, of roughly equivalent importance depending on the context: 1. Provide a framework to cryptographically secure the communication channel 2. Provide some level of assurance that the endpoint you've connected to is actually the entity you intended to communicate with What DANE does is provide a DNS resource record which gives you the signature of the certificate that's relevant to the host name you want to connect to. The system assumes that both the host record and the DANE RR (TLSA) are signed with DNSSEC. This facilitates purpose number 1 above as it allows the connection to start off encrypted. It also allows your client to verify that the certificate it gets is the one it was looking for. Assuming that you have the same level of confidence in the organization you're communicating with to manage their DNSSEC keys properly as you do for them to manage their SSL keys properly, it also fulfills purpose number 2. As Peter points out however, you're simply transferring your trust in the hierarchy "above" the organization you're communicating with from the CAs to the TLD and root zone operators. The good news is that for now the TLDs have proven very trustworthy in their handling of their own DNSSEC keys, and replacing them due to a compromise is orders of magnitude easier than revoking/replacing CA signing certs. I will leave judgment of how the root zone operators are doing up to the reader, as my opinion would undoubtedly be biased. :) hth, Doug From jeffenstein at gmail.com Mon Jul 21 21:23:47 2014 From: jeffenstein at gmail.com (Jeff Fisher) Date: Mon, 21 Jul 2014 21:23:47 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140718161839.GB51174@blinkenshell.org> References: <20140718161839.GB51174@blinkenshell.org> Message-ID: <20140721192347.GA8199@olive> On Fri, Jul 18, 2014 at 06:18:39PM +0200, The Fuzzy Whirlpool Thunderstorm wrote: > I wonder if Mutt can be configured to decrypt inline pgp messages > automatically, without piping the attachment to `gpg --decrypt`. I > know, piping works, but it'd be more convenient to have mutt do the > piping task and automatically display the decrypted message inside. > If anyone has an idea or experience with Mutt, please give your > answer. I use this in my ~/.muttrc, which seems to work: message-hook '!(~g|~G) ~b"^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"' "exec check-traditional-pgp" It's borrowed from someone, but I don't remember where I originally saw it. You can also use P in the message pager to manually check a message. Cheers, Jeff From 2014-667rhzu3dc-lists-groups at riseup.net Tue Jul 22 03:21:28 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 22 Jul 2014 02:21:28 +0100 Subject: Automatic e-mail encryption In-Reply-To: <53CD7065.7040805@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> <53CD3E97.1040303@digitalbrains.com> <186006538.20140721201534@my_localhost> <53CD7065.7040805@digitalbrains.com> Message-ID: <1537008672.20140722022128@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 21 July 2014 at 8:56:21 PM, in , Peter Lebbing wrote: > I don't think this helps much authenticating one SMTP > server to another. Even if it would be possible, they > are usually operated by ISP's; I don't see them using > the WoT for that any time soon. But an individual user could use it for authenticating the first/last hop between their MUA or browser or SMTP server and their ISP or email provider's servers. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net 1 + 1 = 3, for large values of 1 -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPNvKhXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pn/cD/A0PU2IdxpzHiU9Wdone+m7oB+EIJXKq7tpq f4u3cNYmndDNPiFTFu3RY+lVPYMWmcOjWMh4Taftmy7zvNP8lj6JEaYQEep7BJlE WsAWL+wFRBqL1yaTleqGs7vWQb22Bxcne7/ycaqMUlA54PMDMoLEP72eoHtKNThA yYQfdoCp =h3fC -----END PGP SIGNATURE----- From htd at fritha.org Tue Jul 22 10:08:06 2014 From: htd at fritha.org (Heinz Diehl) Date: Tue, 22 Jul 2014 10:08:06 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <87oawi6feo.fsf@vigenere.g10code.de> References: <20140718161839.GB51174@blinkenshell.org> <87oawi6feo.fsf@vigenere.g10code.de> Message-ID: <20140722080806.GA12979@fritha.org> On 21.07.2014, Werner Koch wrote: > IIRC, I implemented that about a decade ago. Simply put > set crypt_use_gpgme into your ~/.muttrc. Besides that this requires mutt to be compiled with "--enable-gpgme", it never worked for me. The inline gpg/pgp mail is just showed as plain text. Anyway, nobody really wants inline pgp email either, so I'm just happy with my simple procmail rules. Thanks, Mathias, for your improvements! From gnupg at lists.grepular.com Tue Jul 22 10:33:55 2014 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Tue, 22 Jul 2014 09:33:55 +0100 Subject: Automatic e-mail encryption In-Reply-To: <53CD3E97.1040303@digitalbrains.com> References: <9032428.AOpJcMyzLH@inno> <1511324.JV07jhlCr5@thufir.ingo-kloecker.de> <53C96F22.40808@digitalbrains.com> <1460534.5JfKcsUOYz@thufir.ingo-kloecker.de> <53CA6404.2000600@digitalbrains.com> <20140721133257.GB27644@IUPUI.Edu> <53CD3E97.1040303@digitalbrains.com> Message-ID: <20140722083355.GA8280@glue.grepular.com> * on the Mon, Jul 21, 2014 at 06:23:51PM +0200, Peter Lebbing wrote: > By the way, regarding DANE as an alternative to the CA system: I think a proper > implementation of authentication through DNS could well be way better than the > CA system: at least you can only be screwed by people having access to signing > keys for the root and the TLD, instead of anyone with access to a CA certificate. I believe Postfix already has support for using DANE and it's on the roadmap for Exim too. I already have it set up for my own domain "grepular.com": mike at flan:~$ dig +short mx grepular.com 10 mx1.grepular.com. 20 mx2.grepular.com. mike at flan:~$ dig +short tlsa _25._tcp.mx1.grepular.com 3 0 1 3469CFEC16545C38CCADC72D5E7A11E11254D53AA69E587C135D9874 300FF144 mike at flan:~$ dig +short tlsa _25._tcp.mx2.grepular.com 3 0 1 6643FEEA7C7B382BE1D09422FAABEB6B47642BE87178BDD73637B175 CE34370E mike at flan:~$ My SMTP certs are also signed by a traditional CA at the same time, so there's two ways of verifying that the certs are correct. I also have it set up for the website at https://grepular.com/ - If you're using Firefox, have a DNSSEC capable resolver and are using the addon from https://www.dnssec-validator.cz/, it will display a nice green icon in the address bar to show you that DNSSEC is in use, and another to show you that DANE validated, when visiting https://grepular.com/ Thanks to signed DNS, you can also fetch my PGP key safely and independently of keyservers: gpg --auto-key-locate pka -ear mike.cardwell(NOSPAM)@grepular.com That command will cause GnuPG to perform the following DNS lookup: mike at flan:~$ dig +short TXT mike.cardwell(NOSPAM)._pka.grepular.com "v=pka1\;fpr=35BCAF1D3AA21F843DC3B0CF70A5F5120018461F\;uri=http://grepular.com/0018461F.pub.asc" mike at flan:~$ Then fetches the key from http://grepular.com/0018461F.pub.asc and validates that the fingerprint matches the one in the DNS response. Also, all of my email is encrypted at rest thanks to GnuPG. Even the stuff which was not encrypted when it was sent: https://grepular.com/Automatically_Encrypting_all_Incoming_Email https://grepular.com/Automatically_Encrypting_all_Incoming_Email_Part_2 -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 598 bytes Desc: Digital signature URL: From enigmail at josuttis.de Tue Jul 22 09:40:10 2014 From: enigmail at josuttis.de (Nicolai Josuttis (enigmail)) Date: Tue, 22 Jul 2014 09:40:10 +0200 Subject: mailto with pgp fingerprint Message-ID: <53CE155A.30700@josuttis.de> More and more we seem to have the problem of faked keys in the key servers. This especially applies to "well known" keys such as authors of magazines and famous tools. In addition, I have the problem that I'd like to use a special reply-to address, which is not listed in the keyservers, but it should be easy to associate that with a (known) public key. So, I was wondering whether it is possible to force somehow the usage of a specific pgp key identified by its fingerprint. One obvious approach might be to extend the mailto format (see http://www.rfc-editor.org/rfc/rfc2368.txt). I was wondering whether it make sense to standardize something like > or > > so that we can provide elements in websites and emails that force mailers to automatically choose the right public key (either from internal list or from key servers). The semantics would be: - use the passed pgp key with the following email address Mailers/PGP-tools could even use this to update their key rings. (but with appropriate interaction and/or warning/error handling, because this can be a simple security hole if a link just would assign faked associated keys.). We could even use a syntax like: >> or >> to force the usage of a pgp key and derive the email address from there. Questions: - Would such a thing make sense or am I missing something? - Is there even something like that already there or on the way? - If not, is somebody familiar with the process or even willing to propose this as a RFC? - Other thoughts? And BTW, if this is too much out of scope of GnuPG issues: - What would be the right place to discuss such a thing? Best Nico -- Nicolai M. Josuttis www.josuttis.de mailto:nico at enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 From whirlpool at blinkenshell.org Tue Jul 22 11:22:40 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Tue, 22 Jul 2014 11:22:40 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <87oawi6feo.fsf@vigenere.g10code.de> References: <20140718161839.GB51174@blinkenshell.org> <87oawi6feo.fsf@vigenere.g10code.de> Message-ID: <20140722092240.GA55163@blinkenshell.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jul 21, 2014 at 02:54:23PM +0200, Werner Koch wrote: > On Fri, 18 Jul 2014 18:18, whirlpool at blinkenshell.org said: > > > I wonder if Mutt can be configured to decrypt inline pgp messages > > automatically, without piping the attachment to `gpg --decrypt`. > > IIRC, I implemented that about a decade ago. Simply put > > set crypt_use_gpgme > > into your ~/.muttrc. Yes, gpgme backend is great. But there is a problem with s/mime handling. Before doing any s/mime decryption/encryption, a p12 private key is needed. Since gpgme backend uses gpgsm to handle s/mime, I need to import my p12 certificate. The problem is pinentry doesn't come to foreground when I invoke `gpgsm - --import mycertkey.p12`. Shell is hanging up waiting for pinentry-curses to provide the passphrase. Is there any workaround to fix gpgsm and pinentry behavior to work as expected? S/MIME works with openssl backend, via `smime_keys add_p12 mycertkey.p12` -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJTzi1gAAoJEOyCOarSHYdhTx4QAKuCXkeuncna5TKZUMIsA92f 9ULu80jLC2xPU4qaC2Hz0OL91GGnY1Z7z9SnTp+JPlF+gH7XJMpFTnVKn18QEXk1 nAEmbrG0LoEQnPLlZqG6qgY+0RCXpbPMmFFQK9f0Tak3gf8B3eZvxUjFlKx2mkWg dT42PlwgtL5G28zBsDepYckKLz9JOoeoqqwKi61pQAcqAcweNgiovgQ2Fv7OWO+L lvW756+u/zSrygLTRyhpRn6A1pctcjolI9QNDPOGGuAKFwHLkRNUaGnDJw0NijEf jzvxAiltEJGCjJefkWJ7CbxDycZMYdM9p2/elBxHQf/1LneQSpQMq3A5oiKw+P9+ QMHS0zERBzQWVc6PfB9+JGEOgXgkxgXEBLhlgUXaywnocLfmOiUWQ2PhjOnkDzMw L+ykA5xJHxoBtBJ4lnm+W3X2oqip49lr2anZtnxNzlUv7Nk4HTrLtsiIX1k0b8c8 rXyg9fbdxSaWanIoeduiVzKpvH8lcfA+rcpDtCCyNZSp+mNrWnrIpP/cBUyM2Iba CeF0uw7kRPCnUVAQ6nHkhkJPVghWEZRkZhHG14Kz6FORBdzob6HR/gB8oXrq0P2j bQ3Kim0Vy73/kEu0bSazh46phxWmYVgjxa395EuESmdOffcpO5klxxYo6vmZ/lW2 eSOcA8LGGvqCdaJRL0Sk =FrQr -----END PGP SIGNATURE----- From whirlpool at blinkenshell.org Tue Jul 22 11:46:23 2014 From: whirlpool at blinkenshell.org (The Fuzzy Whirlpool Thunderstorm) Date: Tue, 22 Jul 2014 11:46:23 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <87oawi6feo.fsf@vigenere.g10code.de> References: <20140718161839.GB51174@blinkenshell.org> <87oawi6feo.fsf@vigenere.g10code.de> Message-ID: <20140722094623.GA9705@blinkenshell.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jul 21, 2014 at 02:54:23PM +0200, Werner Koch wrote: > On Fri, 18 Jul 2014 18:18, whirlpool at blinkenshell.org said: > > > I wonder if Mutt can be configured to decrypt inline pgp messages > > automatically, without piping the attachment to `gpg --decrypt`. > > IIRC, I implemented that about a decade ago. Simply put > > set crypt_use_gpgme > > into your ~/.muttrc. Yeah, I love the gpgme idea. But I dislike the gpgme part is not working with s/mime. I mean there is always problem to invoke passphrase input dialog on s/mime messages. Is there any workaround to fix s/mime issue? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJTzjLvAAoJEOyCOarSHYdhF4IQAKwLsnqO7Ccbj2dmBCUhXbA8 bra3Oly28j9eK7TyV7u3Ta8r+gdj9pMGMuK5wdVewapS+ceonCipscT4ky6/J3Yk IURdUQwq2pMLOrW4jq9ucQqEugJfnL6EQ0lk8c+QC+HjdYbt/ArD91jRlqIHCFZT 6i+553SF8zaP+AIxNbGREjCNJt/sN1RNFGdhIhZde1kBK/1Ewu0bRWFZ4aHoZ1xz V9Wf+2Uet+Uk7T2JPEJSKlglW0MXZQ6t5BiX15vd2ZAciXToV+iySxdw7vyc4O+T uYE7oDj9jgFPgQL98DKnXfO5tNfjDdX9DMSA3yd5F5pYifNTEDPnIExdf+qHYHwD HXYOuVak9Q2Oj3O/LeZ9BRzb3McAwXq40oeCgF4sz4cWtGfuM6agy2oSwi+JOeRH SvqGL6Kcac1Q762zSh+voX7Dc7jV5Ym0l5S03wRf42SUpl6dGKwtF9wY83ouDnu3 BNocA0onnVZX8e4gG0sHQ24hDByhOuEsc4sr393UGKEBWgDUYblRPhnU4ktnTgyK Q8gbQiIipXnlL6pFJO5Ilp81s72hoO9FuMuthtJNBkGYNSihj1UdFFgWa63oPWC9 Xf2c0zmuiAOYjoLT3hlqxauK/CGzfobx4jXFiPpMxO+Uq8P7lGTepw5jqXTQ+uaC zweB0lleWVygLob/97xs =IOeX -----END PGP SIGNATURE----- From wk at gnupg.org Tue Jul 22 13:07:05 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Jul 2014 13:07:05 +0200 Subject: Mutt: Decrypting inline gpg format directly In-Reply-To: <20140722092240.GA55163@blinkenshell.org> (The Fuzzy Whirlpool Thunderstorm's message of "Tue, 22 Jul 2014 11:22:40 +0200") References: <20140718161839.GB51174@blinkenshell.org> <87oawi6feo.fsf@vigenere.g10code.de> <20140722092240.GA55163@blinkenshell.org> Message-ID: <878unlzm7a.fsf@vigenere.g10code.de> On Tue, 22 Jul 2014 11:22, whirlpool at blinkenshell.org said: > The problem is pinentry doesn't come to foreground when I invoke `gpgsm > --import mycertkey.p12`. Shell is hanging up waiting for pinentry-curses > to provide the passphrase. Is there any workaround to fix gpgsm and The only problem I remember is that sometimes you need to use ^L to redraw the mutt screen. I have not much experience with the curses backend because I use it only on my certification laptop. It used to work but its really a long time since I used mutt for crypto mails. I should spend some time on testing it again. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jul 22 16:27:38 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Jul 2014 16:27:38 +0200 Subject: mailto with pgp fingerprint In-Reply-To: <53CE155A.30700@josuttis.de> (Nicolai Josuttis's message of "Tue, 22 Jul 2014 09:40:10 +0200") References: <53CE155A.30700@josuttis.de> Message-ID: <87tx69wjs5.fsf@vigenere.g10code.de> On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said: > More and more we seem to have the problem of faked keys in the key > servers. This especially applies to "well known" keys such as > authors of magazines and famous tools. This is actually the problem of checking the validity of the key. Granted, gpg is not smart enough to figure out the best matching key but that is something which can be fixed. A more simple way of tackling this is to use PKA or DANE for key validation: For sending mail you already need DNS and thus it would be easy to retrieve the matching key from the DNS. The drawback is that this must be configured by the key owner and can't be changed by the sender. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From sam.mxracer at gmail.com Thu Jul 24 02:14:18 2014 From: sam.mxracer at gmail.com (Sam Gleske) Date: Wed, 23 Jul 2014 20:14:18 -0400 Subject: mailto with pgp fingerprint In-Reply-To: <87tx69wjs5.fsf@vigenere.g10code.de> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> Message-ID: I'm hoping keybase.io will hopefully resolve the issue of identity checking with key fingerprints. For example, my keybase account is... https://keybase.io/samrocketman My friends who regularly interact with me on github (and more rarely twitter) as well as the domain(s) I own will help to give my recipients the benefit of the doubt that my key is what I say it is when they only see it in an email. On Tue, Jul 22, 2014 at 10:27 AM, Werner Koch wrote: > On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said: > > More and more we seem to have the problem of faked keys in the key > > servers. This especially applies to "well known" keys such as > > authors of magazines and famous tools. > > This is actually the problem of checking the validity of the key. > Granted, gpg is not smart enough to figure out the best matching key but > that is something which can be fixed. > > A more simple way of tackling this is to use PKA or DANE for key > validation: For sending mail you already need DNS and thus it would be > easy to retrieve the matching key from the DNS. The drawback is that > this must be configured by the key owner and can't be changed by the > sender. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- GPG FINGERPRINT 4096 KEY 8D8B F0E2 42D8 A068 572E BF3C E8F7 3234 7257 E65F -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at gpgtools.org Wed Jul 23 22:02:23 2014 From: steve at gpgtools.org (steve) Date: Wed, 23 Jul 2014 22:02:23 +0200 Subject: mailto with pgp fingerprint In-Reply-To: <87tx69wjs5.fsf@vigenere.g10code.de> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> Message-ID: <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> Wouldn?t it be a nice solution, if key server software had a mechanism for users to verify their UserID by sending a mail to the mail address in question. Those verified keys then could be prioritized over the not verified keys when a search is done. Could still be faked, but would make faking a lot harder. I assume this has already been discussed on some key server devel list? But have not followed that discussion, so I?m not aware. All the best, steve Am 22.07.2014 um 16:27 schrieb Werner Koch : > On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said: >> More and more we seem to have the problem of faked keys in the key >> servers. This especially applies to "well known" keys such as >> authors of magazines and famous tools. > > This is actually the problem of checking the validity of the key. > Granted, gpg is not smart enough to figure out the best matching key but > that is something which can be fixed. > > A more simple way of tackling this is to use PKA or DANE for key > validation: For sending mail you already need DNS and thus it would be > easy to retrieve the matching key from the DNS. The drawback is that > this must be configured by the key owner and can't be changed by the > sender. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 831 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter at digitalbrains.com Thu Jul 24 12:27:36 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Jul 2014 12:27:36 +0200 Subject: mailto with pgp fingerprint In-Reply-To: References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> Message-ID: <53D0DF98.6010607@digitalbrains.com> On 24/07/14 02:14, Sam Gleske wrote: > I'm hoping keybase.io will hopefully resolve the > issue of identity checking with key fingerprints. I've just scanned through [1]. I'm not convinced. This quote is from the front page: > If you trust the client (our reference client is open source), then > the server can't give you the wrong key for maria without getting > caught or also compromising her twitter and github accounts. This one from [1]: > For instance, when Joe wants to establish a connection to an identity > on Twitter, he would sign a statement of the first form, and then > post that statement both on Twitter and Keybase. Outside observers > can then reassure themselves that the accounts Joe on Keybase and > MrJoe on Twitter are controlled by the same person. This person is > usually the intended keyholder, but of course could be an attacker > who broke into both accounts. The basic reasoning seems to be: if you want multiple websites to report incorrect data to the user, you need to hack multiple websites. Huh? You only need to be able to MITM close to the victim, and manipulate all data your victim sees. There's no need to hack any server; you only need to hack one router and be able to fake SSL certificates. No matter how many accounts you "link", github, twitter, facebook, security is not increased against a MITM close to you. If they thought of this, why is there no mention at all of a MITM'ing attacker? It's perfectly possible to write a program that scans all data for OpenPGP signatures by a specific key, and replaces them on the fly by OpenPGP signatures by another key. There's no need to MITM all SSL web traffic: just do the keybase.io traffic, parse the response, and then MITM the sites mentioned by keybase.io, which the keybase client will now check. A laptop "on the move", *not* always using the same VPN, might quickly escape from the attacker and see the real data. However, the damage might already be done. You might already have given your attacker that plaintext that you were so worried about that you encrypted it. The documentation in [1] is superficial, and my analysis is even more superficial. This is just something that stood out to me. HTH, Peter. [1] https://keybase.io/docs/server_security -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From 2014-667rhzu3dc-lists-groups at riseup.net Fri Jul 25 14:26:35 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Fri, 25 Jul 2014 13:26:35 +0100 Subject: mailto with pgp fingerprint In-Reply-To: <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> Message-ID: <251048739.20140725132635@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 23 July 2014 at 9:02:23 PM, in , steve wrote: > Wouldn?t it be a nice solution, if key server software > had a mechanism for users to verify their UserID by > sending a mail to the mail address in question. If I recall correctly, PGP's keyserver "PGP Global Directory" sends an email to each email address in the uids when a key is submitted, and only lists those uids whose email address replies. It re-sends these verification emails every six months, and deletes keys if there is no reply. It also allows anybody with access to your email address to delete your key and upload a different one, according to Wikipedia [0]. [0] - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Yellow snow is not lemon flavoured -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPSTQtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p/rMD/2jee+I7sU1i7Dj7dD1U1NXfxfeXADVVpoSg O+cdMw4rhJLUbYg4c6GIvnvN6EeqvV5I85QMEvwpgimvY910Md2/KViqb6S215wY WbtwAmVLyRdrB3pa8+03iTbGpaqlP6hjULDo8qEP0t63PLXHXujPqjoMmkg1/JHk CXLcHH/4 =+CbD -----END PGP SIGNATURE----- From aarcane at aarcane.org Fri Jul 25 15:01:28 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Fri, 25 Jul 2014 06:01:28 -0700 Subject: mailto with pgp fingerprint In-Reply-To: <251048739.20140725132635@my_localhost> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> <251048739.20140725132635@my_localhost> Message-ID: On Jul 25, 2014 5:30 AM, "MFPA" <2014-667rhzu3dc-lists-groups at riseup.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Wednesday 23 July 2014 at 9:02:23 PM, in > , steve wrote: > > > > Wouldn?t it be a nice solution, if key server software > > had a mechanism for users to verify their UserID by > > sending a mail to the mail address in question. > > If I recall correctly, PGP's keyserver "PGP Global Directory" sends an > email to each email address in the uids when a key is submitted, and > only lists those uids whose email address replies. It re-sends these > verification emails every six months, and deletes keys if there is no > reply. It also allows anybody with access to your email address to > delete your key and upload a different one, according to Wikipedia > [0]. I just recently published a number of keys, and never noticed any such emails. > > [0] < https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Problems_with_keyservers > > > - -- > Best regards > > MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net > > Yellow snow is not lemon flavoured > -----BEGIN PGP SIGNATURE----- > > iPQEAQEKAF4FAlPSTQtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl > bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 > N0VDQTAzAAoJEKipC46tDG5p/rMD/2jee+I7sU1i7Dj7dD1U1NXfxfeXADVVpoSg > O+cdMw4rhJLUbYg4c6GIvnvN6EeqvV5I85QMEvwpgimvY910Md2/KViqb6S215wY > WbtwAmVLyRdrB3pa8+03iTbGpaqlP6hjULDo8qEP0t63PLXHXujPqjoMmkg1/JHk > CXLcHH/4 > =+CbD > -----END PGP SIGNATURE----- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From 2014-667rhzu3dc-lists-groups at riseup.net Fri Jul 25 15:44:54 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Fri, 25 Jul 2014 14:44:54 +0100 Subject: mailto with pgp fingerprint In-Reply-To: References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> <251048739.20140725132635@my_localhost> Message-ID: <771799718.20140725144454@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 25 July 2014 at 2:01:28 PM, in , Schlacta, Christ wrote: > On Jul 25, 2014 5:30 AM, "MFPA" > <2014-667rhzu3dc-lists-groups at riseup.net> wrote: >> If I recall correctly, PGP's keyserver "PGP Global >> Directory" sends an email to each email address in the >> uids when a key is submitted, and only lists those >> uids whose email address replies. It re-sends these >> verification emails every six months, and deletes keys >> if there is no reply. It also allows anybody with >> access to your email address to delete your key and >> upload a different one, according to Wikipedia [0]. > I just recently published a number of keys, and never > noticed any such emails. Did you publish them to the (stand-alone) "PGP Global Directory?" rather than to one of the keyservers that propagates the keys to each other? It's possible the "PGP Global Directory" has changed it's processes, but any such change is not yet reflected in their FAQ page [0], which still says:- "What new features are available with the PGP Global Directory? The PGP Global Directory uses next-generation keyserver technology; it sends verification messages to the email addresses on a submitted key and lets you manage your own key, including removing it--features not available on keyservers with older keyserver technology." and:- "Does the PGP Global Directory use any other methods for keeping itself free of unusable keys? Yes. The PGP Global Directory re-verifies keys every six months by sending a renewal email message to the email address on the key. If the key owner does not respond, the key will be removed from the directory. In order for the key to remain on the PGP Global Directory, the owner must approve the renewal request. This feature ensures the PGP Global Directory will always contain only current keys." [0] . - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The cure for anything is salt water - sweat, tears, or the sea. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPSX1xXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pBioD/j0j6cGF9Half1AQsqrvJvyAZo78qkPygBsK USkWeGrc1cFWuuqb6tAWJ5EFX46ez/JWbodD106so0ltNLPLgcrkor+ZEDjquI7C iHtH33j7h0ZEoCbwdtodhr+9C7ejwh+DahhpSNuHZgHfl4iG8xH8WpmMaJTSLu/i th42v9JR =Zdfe -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Fri Jul 25 16:36:24 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Fri, 25 Jul 2014 15:36:24 +0100 Subject: mailto with pgp fingerprint In-Reply-To: <20140725101258.a18ae6eadac2f5426df7c59c@gmail.com> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> <251048739.20140725132635@my_localhost> <771799718.20140725144454@my_localhost> <20140725101258.a18ae6eadac2f5426df7c59c@gmail.com> Message-ID: <1761979727.20140725153624@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 25 July 2014 at 3:12:58 PM, in , Thomas Harning wrote: > While PGP Global Directory provides for some basic > level of "this email address belongs to this key"... > its key signing policy leads to "cruft" buildup. Yes, I wasn't promoting it. Just replying to Steve's post about keyservers verifying UIDs by sending emails being a "nice solution" and had it been discussed - by showing him that it had actually been tried and there is an instance publicly available. I was hoping that Steve would then search for discussions on "PGP Global Directory" to see arguments for and against, or maybe that somebody would briefly summarise here. > Back in April 2011 I signed up for it and got a series > of key signatures every few weeks until January 2012 > when I got fed up with it. There are now 14 expired > signatures 'stuck' on my key and published to the > directories... And I guess these have been leaked onto the networked keyservers, rather than being confined to PGP Global Directory? I never really saw the point of those signatures from the directory: if it was listed there, it had been verified in the last six months, and once a user had downloaded and used it for communication, they knew whether or not it worked. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Courage is not the absence of fear, but the mastery of it. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPSa3RXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p8LoD/RN/S+yms9N/Igu0XJbpCxai6MVbYuZ8FW8R evzqYbR7E08R3ThgSfXOakwBEJkuCII60XYzF27g3ztK+qdcHtDZvQUwe4OwgdkU YxEcES9x8glee3WudRCl1NXpOBDyKkBfb/ESaIvjK0RdVEYpStMGx3b6X1/gzEM+ d8jDOc74 =TeLf -----END PGP SIGNATURE----- From leckse at leckse.net Fri Jul 25 15:27:20 2014 From: leckse at leckse.net (Alexander Reiter) Date: Fri, 25 Jul 2014 15:27:20 +0200 Subject: mailto with pgp fingerprint In-Reply-To: <251048739.20140725132635@my_localhost> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> <251048739.20140725132635@my_localhost> Message-ID: <20140725132445.GA11867@kumo.leckse.net> MFPA wrote: > If I recall correctly, PGP's keyserver "PGP Global Directory" sends an > email to each email address in the uids when a key is submitted, and > only lists those uids whose email address replies. It re-sends these > verification emails every six months, and deletes keys if there is no > reply. It also allows anybody with access to your email address to > delete your key and upload a different one, according to Wikipedia > [0]. "Instead of revoking your key, simply remove it from the directory." -- PGP Global Directory Frequently Asked Questions (FAQ) Meaning that gpg --keyserver ldap://keyserver.pgp.com --refresh-keys would result in unchanged keys, even if I had revoked them. From harningt at gmail.com Fri Jul 25 16:12:58 2014 From: harningt at gmail.com (Thomas Harning) Date: Fri, 25 Jul 2014 10:12:58 -0400 Subject: mailto with pgp fingerprint In-Reply-To: <771799718.20140725144454@my_localhost> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <109D2E39-C8DC-4CBC-A404-A5BD1B1309AD@gpgtools.org> <251048739.20140725132635@my_localhost> <771799718.20140725144454@my_localhost> Message-ID: <20140725101258.a18ae6eadac2f5426df7c59c@gmail.com> On Fri, 25 Jul 2014 14:44:54 +0100 MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Friday 25 July 2014 at 2:01:28 PM, in > , > Schlacta, Christ wrote: > > > > On Jul 25, 2014 5:30 AM, "MFPA" > > <2014-667rhzu3dc-lists-groups at riseup.net> wrote: > >> If I recall correctly, PGP's keyserver "PGP Global > >> Directory" sends an email to each email address in the > >> uids when a key is submitted, and only lists those > >> uids whose email address replies. It re-sends these > >> verification emails every six months, and deletes keys > >> if there is no reply. It also allows anybody with > >> access to your email address to delete your key and > >> upload a different one, according to Wikipedia [0]. > > > I just recently published a number of keys, and never > > noticed any such emails. > > > Did you publish them to the (stand-alone) "PGP Global Directory?" > rather than to one of the keyservers that propagates the keys to each > other? > > It's possible the "PGP Global Directory" has changed it's processes, > but any such change is not yet reflected in their FAQ page [0], which > still says:- > > "What new features are available with the PGP Global Directory? > The PGP Global Directory uses next-generation keyserver technology; it > sends verification messages to the email addresses on a submitted key > and lets you manage your own key, including removing it--features not > available on keyservers with older keyserver technology." > > and:- > > "Does the PGP Global Directory use any other methods for keeping > itself free of unusable keys? > Yes. The PGP Global Directory re-verifies keys every six months by > sending a renewal email message to the email address on the key. If > the key owner does not respond, the key will be removed from the > directory. In order for the key to remain on the PGP Global Directory, > the owner must approve the renewal request. This feature ensures the > PGP Global Directory will always contain only current keys." > > > [0] . > > > - -- > Best regards > > MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net > > The cure for anything is salt water - sweat, tears, or the sea. > -----BEGIN PGP SIGNATURE----- > > iPQEAQEKAF4FAlPSX1xXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl > bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 > N0VDQTAzAAoJEKipC46tDG5pBioD/j0j6cGF9Half1AQsqrvJvyAZo78qkPygBsK > USkWeGrc1cFWuuqb6tAWJ5EFX46ez/JWbodD106so0ltNLPLgcrkor+ZEDjquI7C > iHtH33j7h0ZEoCbwdtodhr+9C7ejwh+DahhpSNuHZgHfl4iG8xH8WpmMaJTSLu/i > th42v9JR > =Zdfe > -----END PGP SIGNATURE----- While PGP Global Directory provides for some basic level of "this email address belongs to this key"... its key signing policy leads to "cruft" buildup. Back in April 2011 I signed up for it and got a series of key signatures every few weeks until January 2012 when I got fed up with it. There are now 14 expired signatures 'stuck' on my key and published to the directories... -- Thomas Harning -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: not available URL: From sudhir at sudhirkhanger.com Fri Jul 25 19:40:01 2014 From: sudhir at sudhirkhanger.com (Sudhir Khanger) Date: Fri, 25 Jul 2014 23:10:01 +0530 Subject: Where to save passphrases? Message-ID: I am slowly getting the hang of GnuPG. I was wondering once you have a working setup where do you save your passphrases of your master and multiple subkeys. Is it safe to use some soft of password manager? Not really ideal but I use LastPass. -- Regards, Sudhir Khanger. sudhirkhanger.com https://github.com/donniezazen From mbauer at mailbox.org Fri Jul 25 23:36:05 2014 From: mbauer at mailbox.org (Mathias Bauer) Date: Fri, 25 Jul 2014 23:36:05 +0200 Subject: Where to save passphrases? In-Reply-To: References: Message-ID: <20140725213605.GA18068@mailbox.org> * Sudhir Khanger wrote on Fri, 25 Jul 2014, at 23:10 (+0530): > I was wondering once you have a working setup where do you save > your passphrases of your master and multiple subkeys. Usually it's *one* passphrase for the whole GnuPG key material. And even more usually this one is stored in one's human brain. (Some special scenarios may handle this differently.) > Is it safe to use some soft of password manager? Not really > ideal but I use LastPass. Maybe human brain is not ready for storing a great and still growing number of passwords, but it is capable to store at least a very small number of important passphrases. For all those other passwords using a password manager may be just fine. So, if you're using a password manager for your GnuPG passphrase, you will either run immediately into a chicken egg dilemma as the manager needs a password, too. Or you might not be concerned at all about security and might ask yourself why using GnuGP anyway. I'm sorry, there are only these two possibilities. Regards, Mathias -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From aarcane at aarcane.org Sat Jul 26 00:25:14 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Fri, 25 Jul 2014 15:25:14 -0700 Subject: Where to save passphrases? In-Reply-To: <20140725213605.GA18068@mailbox.org> References: <20140725213605.GA18068@mailbox.org> Message-ID: I might suggest using the same passphrase you use for your password manager for GPG. So long as you use a strong passphrase and practice good password practices on this password, it should remain uncompromised. On Fri, Jul 25, 2014 at 2:36 PM, Mathias Bauer wrote: > * Sudhir Khanger wrote on Fri, 25 Jul 2014, at 23:10 (+0530): > >> I was wondering once you have a working setup where do you save >> your passphrases of your master and multiple subkeys. > > Usually it's *one* passphrase for the whole GnuPG key material. > And even more usually this one is stored in one's human brain. > (Some special scenarios may handle this differently.) > >> Is it safe to use some soft of password manager? Not really >> ideal but I use LastPass. > > Maybe human brain is not ready for storing a great and still > growing number of passwords, but it is capable to store at least > a very small number of important passphrases. For all those > other passwords using a password manager may be just fine. > > So, if you're using a password manager for your GnuPG passphrase, > you will either run immediately into a chicken egg dilemma as the > manager needs a password, too. Or you might not be concerned at > all about security and might ask yourself why using GnuGP anyway. > > I'm sorry, there are only these two possibilities. > > Regards, > Mathias > > -- > CAcert Assurer > > Do you want to encrypt your mail? Then join CAcert and get your SSL > certificate from https://www.CAcert.org. If you have any questions, > don't hesitate to ask. > > OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net > Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From mbauer at mailbox.org Sat Jul 26 01:43:26 2014 From: mbauer at mailbox.org (Mathias Bauer) Date: Sat, 26 Jul 2014 01:43:26 +0200 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> Message-ID: <20140725234326.GA24165@mailbox.org> * Schlacta, Christ wrote on Fri, 25 Jul 2014, at 15:25 (-0700): > I might suggest using the same passphrase... I don't want to sound harsh, but at this point you should hold on reading. "Using the same passphrase" should nowadays lead to big red STOP signs flashing up. > ...you use for your password manager for GPG. So long as you > use a strong passphrase and practice good password practices on > this password, it should remain uncompromised. Solving the problem of memorizing/storing the GnuPG passphrase by using another layer of software means adding further complexity. Although this possibly may not tear down security completely, the general level of security is not improved. Most likely it will decrease. Whether this is acceptable, depends on your scenarios, the known present ones and the possible future ones. Being more aware of the consequences of these small actions like "using the same password" surely belongs to the lessons learned at least in the past year. And, of course, how to prioritize security in contrast to, e.g., usability. Regards, Mathias -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From sudhir at sudhirkhanger.com Sat Jul 26 08:59:33 2014 From: sudhir at sudhirkhanger.com (Sudhir Khanger) Date: Sat, 26 Jul 2014 12:29:33 +0530 Subject: Where to save passphrases? In-Reply-To: <20140725213605.GA18068@mailbox.org> References: <20140725213605.GA18068@mailbox.org> Message-ID: On Sat, Jul 26, 2014 at 3:06 AM, Mathias Bauer wrote: > Usually it's *one* passphrase for the whole GnuPG key material. Do you not need to set different passphrase for each subkey? If it is just one passphrase than I could probably remember it myself considering it will be used for several sensitive purposes. -- Regards, Sudhir Khanger. sudhirkhanger.com https://github.com/donniezazen From mbauer at mailbox.org Sat Jul 26 09:28:49 2014 From: mbauer at mailbox.org (Mathias Bauer) Date: Sat, 26 Jul 2014 09:28:49 +0200 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> Message-ID: <20140726072849.GA13622@mailbox.org> * Sudhir Khanger wrote on Sat, 26 Jul 2014, at 12:29 (+0530): > On Sat, Jul 26, 2014 at 3:06 AM, Mathias Bauer wrote: > > Usually it's *one* passphrase for the whole GnuPG key > > material. > > Do you not need to set different passphrase for each subkey? No, usually not. If you generate a key using some GUI or if you are working on some terminal and use the command $ gpg --gen-key you will be asked for one passphrase only. Although this will create a main key and a subkey. There are more sophisticated scenarios which may use multiple passphrases. For example, if you want to use a so called "offline key", you will have at least two passphrases: one for your offline key and one for your "daily working key". Regards, Mathias -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From sudhir at sudhirkhanger.com Sat Jul 26 10:19:52 2014 From: sudhir at sudhirkhanger.com (Sudhir Khanger) Date: Sat, 26 Jul 2014 13:49:52 +0530 Subject: Where to save passphrases? In-Reply-To: <20140726072849.GA13622@mailbox.org> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> Message-ID: On Sat, Jul 26, 2014 at 12:58 PM, Mathias Bauer wrote: > * Sudhir Khanger wrote on Sat, 26 Jul 2014, at 12:29 (+0530): > >> On Sat, Jul 26, 2014 at 3:06 AM, Mathias Bauer wrote: > >> > Usually it's *one* passphrase for the whole GnuPG key >> > material. >> >> Do you not need to set different passphrase for each subkey? > > No, usually not. If you generate a key using some GUI or if you > are working on some terminal and use the command > > $ gpg --gen-key > > you will be asked for one passphrase only. Although this will > create a main key and a subkey. > > There are more sophisticated scenarios which may use multiple > passphrases. For example, if you want to use a so called > "offline key", you will have at least two passphrases: one for > your offline key and one for your "daily working key". > > Regards, > Mathias Is using some single-sign-on method, like keychain or pam, to keep gpg passphrase cached in gpg-agent for the length of user session, so that one doesn't have to enter gpg key passphrase every time one is sending an email, considered a common practice? Or does that again fall in risky behavior category? -- Regards, Sudhir Khanger. sudhirkhanger.com https://github.com/donniezazen From htd at fritha.org Sat Jul 26 12:41:53 2014 From: htd at fritha.org (Heinz Diehl) Date: Sat, 26 Jul 2014 12:41:53 +0200 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> Message-ID: <20140726104153.GA8394@fritha.org> On 26.07.2014, Sudhir Khanger wrote: > Or does that again fall in risky behavior category? Only you can answer this question, because the answer depends entirely on your thread model. How big is the danger of your passphrase getting stolen when kept in memory? Are there others which have physical access to your machine? Is there swapspac which the passphrase could be dumped into? Does the (any) risk increase because gpg-agent holds the passphrase over time? Is it worth the risk, matched up against the drawbacks? Only you can know. From peter at digitalbrains.com Sat Jul 26 13:40:25 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 26 Jul 2014 13:40:25 +0200 Subject: Where to save passphrases? In-Reply-To: <20140726104153.GA8394@fritha.org> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> Message-ID: <53D393A9.7060102@digitalbrains.com> On 26/07/14 12:41, Heinz Diehl wrote: > Only you can answer this question, because the answer depends entirely on > your thread model. I completely agree. > Are there others which have physical access to your machine? If an attacker has physical access, you've lost; game over. > Is there swapspac which the passphrase could be dumped into? I highly suspect gpg-agent marks memory pages with key material as non-swappable. By the way, I think passphrase caching in gpg-agent is a rather common deployment. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mbauer at mailbox.org Sat Jul 26 13:43:36 2014 From: mbauer at mailbox.org (Mathias Bauer) Date: Sat, 26 Jul 2014 13:43:36 +0200 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> Message-ID: <20140726114336.GA2815@mailbox.org> * Sudhir Khanger wrote on Sat, 26 Jul 2014, at 13:49 (+0530): > Is using some single-sign-on method, like keychain or pam, to > keep gpg passphrase cached in gpg-agent for the length of user > session, so that one doesn't have to enter gpg key passphrase > every time one is sending an email, considered a common > practice? Or does that again fall in risky behavior category? You know your working scenarios, we on this mailing list don't (at least as long as you don't give more details). So it's only you who can evaluate these and who must decide finally. As always, the evaluation of the scenarios comes first, the selection of the means (software) to face them comes afterwards. I think you should invest some time to go through the man pages of all the commands you intend to use. For example gpg-agent(1): --default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently. The default is 2 hours (7200 seconds). If unsure, keep using the defaults. Regards, Mathias -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From htd at fritha.org Sat Jul 26 14:04:54 2014 From: htd at fritha.org (Heinz Diehl) Date: Sat, 26 Jul 2014 14:04:54 +0200 Subject: Where to save passphrases? In-Reply-To: <53D393A9.7060102@digitalbrains.com> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> Message-ID: <20140726120454.GA13317@fritha.org> On 26.07.2014, Peter Lebbing wrote: > If an attacker has physical access, you've lost; game over. Yes. But it must not neccessarily be an "attacker". It's e.g. quite common that members of a familiy share a computer. It would be less likely that one of them installs malicious software on it. But it can have some serious sideeffects if somebody else than you e.g. could read your encrypted email, because all he/she has to do is to click on it (because the passphrase is still cached). It entirely depends. From sudhir at sudhirkhanger.com Sat Jul 26 15:05:09 2014 From: sudhir at sudhirkhanger.com (Sudhir Khanger) Date: Sat, 26 Jul 2014 18:35:09 +0530 Subject: Where to save passphrases? In-Reply-To: <20140726114336.GA2815@mailbox.org> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726114336.GA2815@mailbox.org> Message-ID: On Sat, Jul 26, 2014 at 5:13 PM, Mathias Bauer wrote: > I think you should invest some time to go through the man pages > of all the commands you intend to use. For example gpg-agent(1): > > --default-cache-ttl n > Set the time a cache entry is valid to n seconds. The > default is 600 seconds. > --max-cache-ttl n > Set the maximum time a cache entry is valid to n seconds. > After this time a cache entry will be expired even if it > has been accessed recently. The default is 2 hours (7200 > seconds). > > If unsure, keep using the defaults. I use those for an arbitrary 400 days to keep passphrases cached the whole session. I have been reading up on GnuPG but I haven't found good articles on safe practices and workflow. So that is why I had start a discussion here. -- Regards, Sudhir Khanger. sudhirkhanger.com https://github.com/donniezazen From 2014-667rhzu3dc-lists-groups at riseup.net Sat Jul 26 15:23:36 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 26 Jul 2014 14:23:36 +0100 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> Message-ID: <978533013.20140726142336@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 26 July 2014 at 9:19:52 AM, in , Sudhir Khanger wrote: > Is using some single-sign-on method, like keychain or > pam, to keep gpg passphrase cached in gpg-agent for the > length of user session, so that one doesn't have to > enter gpg key passphrase every time one is sending an > email, considered a common practice? Or does that again > fall in risky behavior category? I would think that caching passphrase, whether for the whole session or for a set time period, is probably a common practice. Whether it is "risky" depends on your threat model. For instance, if you are in an open-plan office, is the risk greater that you will not always lock your computer when you pop away from your desk, or that you may be overlooked when typing your passphrase? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Take my advice - I don't use it anyway. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPTq+FXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pdd4D/AgRdTUmcYA+G3KKvu4OpwsO4R4y8oUXQYoV pt2JNDLRRKkruOaJr1bhodV/glkiDYitiJZEr4yaGunQ5bbAQTBbFYFd24atWn9O vzxzsOAQaWwARVpn9xxiw0kkrItq3Hsk7mmAJqIf10OyJLtDnu4NxJJO0bpvpI/Z XOU9Xi5B =w8us -----END PGP SIGNATURE----- From wk at gnupg.org Sat Jul 26 21:07:47 2014 From: wk at gnupg.org (Werner Koch) Date: Sat, 26 Jul 2014 21:07:47 +0200 Subject: Where to save passphrases? In-Reply-To: <20140726120454.GA13317@fritha.org> (Heinz Diehl's message of "Sat, 26 Jul 2014 14:04:54 +0200") References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> <20140726120454.GA13317@fritha.org> Message-ID: <87zjfwrla4.fsf@vigenere.g10code.de> On Sat, 26 Jul 2014 14:04, htd at fritha.org said: > some serious sideeffects if somebody else than you e.g. could read > your encrypted email, because all he/she has to do is to click on it > (because the passphrase is still cached). gpgconf --reload gpg-agent clears the passphrase cache. Call that before leaving the computer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wardhan.v.1.0 at gmail.com Sun Jul 27 12:11:07 2014 From: wardhan.v.1.0 at gmail.com (war.dhan) Date: Sun, 27 Jul 2014 15:41:07 +0530 Subject: even after deleting the 1st key pair, owner's trust is defaulting to ultimate In-Reply-To: <87fvhu6eae.fsf@vigenere.g10code.de> References: <53CCD053.3040306@gmail.com> <87fvhu6eae.fsf@vigenere.g10code.de> Message-ID: <53D4D03B.9020709@gmail.com> On 07/21/2014 06:48 PM, Werner Koch wrote: > On Mon, 21 Jul 2014 10:33, wardhan.v.1.0 at gmail.com said: > >> to my surprise the 2nd key pair has owners trust as ultimate. > > Ultimate trust is always set for newly created keys. It is not set if > you import a key. > > > Salam-Shalom, > > Werner > excuse for replying so late... thank you for clarifying the issue. From pedro.markov at ml1.net Mon Jul 28 00:51:13 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Mon, 28 Jul 2014 00:51:13 +0200 Subject: CRC error Message-ID: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> Hi, I'm a new user to the GPG world, and i haven't find information about the "CRC" error when importing a key. What does CRC means? When importing a corrupted key the following message apears: gpg: CRC error; 9BAD9F - 00F1D7 gpg: read_block: read error: invalid keyring gpg: import from `key' failed: invalid keyring gpg: Total number processed: 0 I would like to know what does 9BAD9F - 00F1D7 means. Is is possible to fix a corrupted key? Is is possible to know wich line of a corrupted key is wrong? Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From flapflap at riseup.net Mon Jul 28 08:25:43 2014 From: flapflap at riseup.net (flapflap) Date: Mon, 28 Jul 2014 06:25:43 +0000 Subject: CRC error In-Reply-To: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> Message-ID: <53D5ECE7.7020704@riseup.net> Hi, pedro.markov at ml1.net: > I'm a new user to the GPG world, and i haven't find information > about the "CRC" error when importing a key. > > What does CRC means? I don't know the details for GnuPG, but CRC stands for Cyclic Redundancy Check https://en.wikipedia.org/wiki/Cyclic_redundancy_check CRC is an easy to compute "check sum" - it allows you to detect errors in a dataset. Your data could be split into two parts: a stream of bits for real data (payload), and a fixed amount of CRC bits (seems to be 3 bytes/24 bits here). The transmitter of a message computes the CRC on the payload to be send, then sends the payload and the result of the CRC calculation. The receiver also computes the CRC code for the data and compares it with the the one received. If they do not match, the transmitted data was somehow damaged (e.g. some bits flipped, noisy channel). (*) > > When importing a corrupted key the following message apears: > gpg: CRC error; 9BAD9F - 00F1D7 > gpg: read_block: read error: invalid keyring > gpg: import from `key' failed: invalid keyring > gpg: Total number processed: 0 > > I would like to know what does 9BAD9F - 00F1D7 means. Is is > possible to fix a corrupted key? I guess one of the two values is the one stored in the key file, and the other one GnuPG expects it to be with the given data. As they mismatch, there's some data consistency problem with the key ("corrupted key"). CRC only allows error detection, but _no_ error correction. So no, you cannot fix/reconstruct a corrupted key. > > Is is possible to know wich line of a corrupted key is wrong? That has to answer someone with more knowledge in the GnuPG file format. I guess there are several records/blocks that each have a CRC. If so, it is possible to determine the damaged block (but not where in the block), but I'd say that it's not easily doable. (*) The explanation is a bit simplified: Usually a receiver computes the CRC for the _payload and the CRC_, i.e. everything received. If the data is valid, the computed CRC should be 0, if it is not 0, the data is damaged. But basically it's the same as computing the CRC for the payload only and comparing it with the received CRC. ~flapflap From wk at gnupg.org Mon Jul 28 09:36:18 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 28 Jul 2014 09:36:18 +0200 Subject: CRC error In-Reply-To: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> (pedro markov's message of "Mon, 28 Jul 2014 00:51:13 +0200") References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> Message-ID: <87bnsarl3h.fsf@vigenere.g10code.de> On Mon, 28 Jul 2014 00:51, pedro.markov at ml1.net said: > I'm a new user to the GPG world, and i haven't find information > about the "CRC" error when importing a key. The CRC is a simple checksum to detect transmission errors in the ASCII armor (the "----BEGIN PGP......-----END PGP..." text format often used to transfer keys). The CRC is used to detect such errors before the data is processed by the actual OpenPGP software (which would also exhibit an error then). Common reasons for such an error is mail software mangling the data in the transfer. You may use the gpg option --ignore-crc-error to, well, ignoire the error but in almost all cases you will then get another error from the actual OpenPGP parsing part. > Is is possible to know wich line of a corrupted key is wrong? Not by means of the CRC. Manual inspection may reveal obvious problems. You better ask the sender to send the key again. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ryk5108 at gmail.com Mon Jul 28 04:10:36 2014 From: ryk5108 at gmail.com (Robert Kong) Date: Mon, 28 Jul 2014 11:40:36 +0930 Subject: Problem during compilation of gnupg-2.0.25 Message-ID: Hi, I am trying to compile gnupg-2.0.25 under Ubuntu 14.04 (amd64) and I am experiencing an error: liggcrypt.so.20 not found. Any help would be appreciated. I have the following libs installed: libgpg-error-1.13 libgcrypt-1.6.1 libksba-1.3.0 libassuan-2.1.1 pinentry-0.8.3 Thank you. Regards, Robert for file in gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi tools.texi ; do \ ./yat2m -I . --release "GnuPG 2.0.25" --source "GNU Privacy Guard" --store \ `test -f '$file' || echo './'`$file ; done yat2m: writing 'gnupg.7' yat2m: writing 'gpg2.1' yat2m: writing 'gpgsm.1' yat2m: writing 'gpg-agent.1' yat2m: writing 'scdaemon.1' yat2m: writing 'watchgnupg.1' yat2m: writing 'gpgv2.1' yat2m: writing 'addgnupghome.8' yat2m: writing 'gpgconf.1' yat2m: writing 'applygnupgdefaults.8' yat2m: writing 'gpgsm-gencert.sh.1' yat2m: writing 'gpg-preset-passphrase.1' yat2m: writing 'gpg-connect-agent.1' yat2m: writing 'gpgparsemail.1' yat2m: writing 'symcryptrun.1' yat2m: writing 'gpg-zip.1' mv -f yat2m-stamp.tmp yat2m-stamp make[3]: Leaving directory `/home/robert/gnupg-2.0.25/doc' make[2]: Leaving directory `/home/robert/gnupg-2.0.25/doc' Making all in tests make[2]: Entering directory `/home/robert/gnupg-2.0.25/tests' Making all in openpgp make[3]: Entering directory `/home/robert/gnupg-2.0.25/tests/openpgp' echo '#!/bin/sh' >./gpg_dearmor echo "../../g10/gpg2 --homedir . --no-options --no-greeting \ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor chmod 755 ./gpg_dearmor ./gpg_dearmor > ./pubring.gpg < ./pubring.asc ../../g10/gpg2: error while loading shared libraries: libgcrypt.so.20: cannot open shared object file: No such file or directory make[3]: *** [pubring.gpg] Error 127 make[3]: Leaving directory `/home/robert/gnupg-2.0.25/tests/openpgp' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/robert/gnupg-2.0.25/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/robert/gnupg-2.0.25' make: *** [all] Error 2 ldconfig -v reports the following: ... /usr/local/lib: libassuan.so.0 -> libassuan.so.0.4.1 libksba.so.8 -> libksba.so.8.11.1 libgpg-error.so.0 -> libgpg-error.so.0.11.0 libgcrypt.so.20 -> libgcrypt.so.20.0.1 ... -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at gbenet.com Mon Jul 28 07:35:44 2014 From: david at gbenet.com (david at gbenet.com) Date: Mon, 28 Jul 2014 06:35:44 +0100 Subject: CRC error In-Reply-To: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> Message-ID: <53D5E130.1080402@gbenet.com> On 27/07/14 23:51, pedro.markov at ml1.net wrote: > Hi, > I'm a new user to the GPG world, and i haven't find information about the "CRC" error when > importing a key. > > What does CRC means? > > When importing a corrupted key the following message apears: > > gpg: CRC error; 9BAD9F - 00F1D7 > gpg: read_block: read error: invalid keyring > gpg: import from `key' failed: invalid keyring > gpg: Total number processed: 0 > > I would like to know what does 9BAD9F - 00F1D7 means. Is is possible to fix a corrupted key? > Is is possible to know wich line of a corrupted key is wrong? > > Thanks!! > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Hello Pedro, CRC = Cyclic redundancy check ie the detection of accidental or deliberate changes to raw data. I think you first line of crc error refers to colour (red) did you try and import some one's key? did you try updating your keyring? David -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html - http://gbenet.com From robertc at broadcom.com Mon Jul 28 19:04:18 2014 From: robertc at broadcom.com (Bob (Robert) Cavanaugh) Date: Mon, 28 Jul 2014 17:04:18 +0000 Subject: Where to save passphrases? In-Reply-To: <87zjfwrla4.fsf@vigenere.g10code.de> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> <20140726120454.GA13317@fritha.org> <87zjfwrla4.fsf@vigenere.g10code.de> Message-ID: <8F0B09FC6339FA439524099BFCABC11F2D3370AF@IRVEXCHMB11.corp.ad.broadcom.com> My two cents (FWIW): At work I cache my passphrase for two hours only. It is a pain to re-enter the passphrase, but is required by our threat model. At home, each member of my family has their own computers and I cache my passphrase per session. However I always completely shut down my laptop, I do not hibernate or sleep. Thanks, Bob Cavanaugh -----Original Message----- From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werner Koch Sent: Saturday, July 26, 2014 12:08 PM To: Heinz Diehl Cc: gnupg-users at gnupg.org Subject: Re: Where to save passphrases? On Sat, 26 Jul 2014 14:04, htd at fritha.org said: > some serious sideeffects if somebody else than you e.g. could read > your encrypted email, because all he/she has to do is to click on it > (because the passphrase is still cached). gpgconf --reload gpg-agent clears the passphrase cache. Call that before leaving the computer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From pedro.markov at ml1.net Mon Jul 28 19:53:45 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Mon, 28 Jul 2014 19:53:45 +0200 Subject: CRC error In-Reply-To: <53D5E130.1080402@gbenet.com> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> Message-ID: <53D68E29.50408@ml1.net> Thanks for the answers about the CRC error, i found what i needed, but it took me now to other questions. Actually i got the CRC error when i modified some strings of a public key and then i tried to import it. I told to my self that it would be interesting as securing method to sign stuff with a private key "with out having the public key". this would mean that only the person who has public key would have access to the data with out needing a password. (and the person with the private key too i think, it would be great if only the person with the public key can decrypt the data, maybe there is one option, i'll check for that.) So why i was asking about the CRC error? Well, i was thinking that storing such Public key would be insecure. but storing a modified public key would be good. If the CRC error doesn't indicates where there problem is, only the person who knows how to re-build the public key would have access to the data. To become this method secure,the public key should not be stored in the key ring so people can not export it ( in case the computer get compromised ) when i was testing this method, i removed the keys from my keyring, and then i imported only the secret key. For my surprise there was also the public key. Is there anyway to only import the secret key? Thanks again, Pedro markov > On 27/07/14 23:51, pedro.markov at ml1.net wrote: >> Hi, >> I'm a new user to the GPG world, and i haven't find information about the "CRC" error when >> importing a key. >> >> What does CRC means? >> >> When importing a corrupted key the following message apears: >> >> gpg: CRC error; 9BAD9F - 00F1D7 >> gpg: read_block: read error: invalid keyring >> gpg: import from `key' failed: invalid keyring >> gpg: Total number processed: 0 >> >> I would like to know what does 9BAD9F - 00F1D7 means. Is is possible to fix a corrupted key? >> Is is possible to know wich line of a corrupted key is wrong? >> >> Thanks!! >> >> >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From robertc at broadcom.com Mon Jul 28 20:42:29 2014 From: robertc at broadcom.com (Bob (Robert) Cavanaugh) Date: Mon, 28 Jul 2014 18:42:29 +0000 Subject: CRC error In-Reply-To: <53D68E29.50408@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> Message-ID: <8F0B09FC6339FA439524099BFCABC11F2D3370E8@IRVEXCHMB11.corp.ad.broadcom.com> Pedro, Do not use a CRC as a security measure, it is very easy to spoof. CRC is only used as an indication of data integrity, not of data security. That is why SHA was developed, to provide a secure method of detecting attempted tampering of a data set. Thanks, Bob Cavanaugh From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of pedro.markov at ml1.net Sent: Monday, July 28, 2014 10:54 AM To: gnupg-users at gnupg.org Subject: Re: CRC error Thanks for the answers about the CRC error, i found what i needed, but it took me now to other questions. Actually i got the CRC error when i modified some strings of a public key and then i tried to import it. I told to my self that it would be interesting as securing method to sign stuff with a private key "with out having the public key". this would mean that only the person who has public key would have access to the data with out needing a password. (and the person with the private key too i think, it would be great if only the person with the public key can decrypt the data, maybe there is one option, i'll check for that.) So why i was asking about the CRC error? Well, i was thinking that storing such Public key would be insecure. but storing a modified public key would be good. If the CRC error doesn't indicates where there problem is, only the person who knows how to re-build the public key would have access to the data. To become this method secure,the public key should not be stored in the key ring so people can not export it ( in case the computer get compromised ) when i was testing this method, i removed the keys from my keyring, and then i imported only the secret key. For my surprise there was also the public key. Is there anyway to only import the secret key? Thanks again, Pedro markov On 27/07/14 23:51, pedro.markov at ml1.net wrote: Hi, I'm a new user to the GPG world, and i haven't find information about the "CRC" error when importing a key. What does CRC means? When importing a corrupted key the following message apears: gpg: CRC error; 9BAD9F - 00F1D7 gpg: read_block: read error: invalid keyring gpg: import from `key' failed: invalid keyring gpg: Total number processed: 0 I would like to know what does 9BAD9F - 00F1D7 means. Is is possible to fix a corrupted key? Is is possible to know wich line of a corrupted key is wrong? Thanks!! _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at heypete.com Mon Jul 28 20:04:23 2014 From: pete at heypete.com (Pete Stephenson) Date: Mon, 28 Jul 2014 20:04:23 +0200 Subject: CRC error In-Reply-To: <53D68E29.50408@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> Message-ID: On Mon, Jul 28, 2014 at 7:53 PM, wrote: > > > Thanks for the answers about the CRC error, i found what i needed, but it > took me now to other questions. Actually i got the CRC error when i modified > some strings of a public key and then i tried to import it. The CRC checksum can't tell the difference between intentional modification of the type you describe and data corruption; it simply knows that the checksum doesn't match what it thinks it should be, so it presents the error. > I told to my self that it would be interesting as securing method to sign > stuff with a private key "with out having the public key". this would mean that only > the person who has public key would have access to the data with out needing > a password. When would this be useful? The public key is public, and anyone with it could decode the message. To secure a message such that only the desired recipient can read it, you should encrypt a message to the recipient's public key so that only their private key can decrypt it. Simply put, I don't understand a situation where using your system would be an improvement over the current system, but perhaps I misunderstand sometihng. > (and the person with the private key too i think, it would be great if only the person > with the public key can decrypt the data, maybe there is one option, i'll check for that.) > > So why i was asking about the CRC error? Because the key was modified in a way that GPG did not expect. > when i was testing this method, i removed the keys from my keyring, and then > i imported only the secret key. For my surprise there was also the public key. > Is there anyway to only import the secret key? The public key can be (and is) regenerated as needed from the private key. If you import a private key and there is no corresponding public key in the keyring, GPG automatically recreates the public key and puts it in the keyring. As far as I know there is no way to import only a private key without the corresponding public key. Cheers! -Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From htd at fritha.org Mon Jul 28 21:54:37 2014 From: htd at fritha.org (Heinz Diehl) Date: Mon, 28 Jul 2014 21:54:37 +0200 Subject: Where to save passphrases? In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D3370AF@IRVEXCHMB11.corp.ad.broadcom.com> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> <20140726120454.GA13317@fritha.org> <87zjfwrla4.fsf@vigenere.g10code.de> <8F0B09FC6339FA439524099BFCABC11F2D3370AF@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: <20140728195437.GA13832@fritha.org> On 28.07.2014, Bob (Robert) Cavanaugh wrote: > It is a pain to re-enter the passphrase, > but is required by our threat model. Maybe a smartcard could be the solution. After you have installed your key on the card, only a numeric PIN is required, which is MUCH easier to enter frequently. From pedro.markov at ml1.net Mon Jul 28 22:08:58 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Mon, 28 Jul 2014 22:08:58 +0200 Subject: CRC error In-Reply-To: References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> Message-ID: <53D6ADDA.4060809@ml1.net> On 07/28/2014 08:04 PM, Pete Stephenson wrote: > > I told to my self that it would be interesting as securing method to > sign > > stuff with a private key "with out having the public key". this > would mean that only > > the person who has public key would have access to the data with out > needing > > a password. > > When would this be useful? The public key is public, and anyone with > it could decode the message. To secure a message such that only the > desired recipient can read it, you should encrypt a message to the > recipient's public key so that only their private key can decrypt it. > Simply put, I don't understand a situation where using your system > would be an improvement over the current system, but perhaps I > misunderstand sometihng. > Using this method there is no "password required", it is only need to know how to rebuild the public key. So you can safely store a "damaged public key" on your computer/web server/ whatever and if some one steal it he won't be able to get your information. I find this very attractive, because i could damage the key and still remember how to fix it many years after, But it is by sure that i wont remember an unic password 5 or 10 years after. ( maybe other people can ) > > (and the person with the private key too i think, it would be great > if only the person > > with the public key can decrypt the data, maybe there is one option, > i'll check for that.) > > > > So why i was asking about the CRC error? > > Because the key was modified in a way that GPG did not expect. > This one was funny, actually it was a rhetorical question, and the explanation was the following text. (My English is not pretty good and my syntax is not American...) > > when i was testing this method, i removed the keys from my keyring, > and then > > i imported only the secret key. For my surprise there was also the > public key. > > Is there anyway to only import the secret key? > > The public key can be (and is) regenerated as needed from the private > key. If you import a private key and there is no corresponding public > key in the keyring, GPG automatically recreates the public key and > puts it in the keyring. As far as I know there is no way to import > only a private key without the corresponding public key. Thanks, this information was really useful. I can still making a super complicated password and store the damaged public key. If some day i forget the password I'll be able to rebuild the public key! From enigmail at josuttis.de Mon Jul 28 17:24:00 2014 From: enigmail at josuttis.de (Nicolai Josuttis (enigmail)) Date: Mon, 28 Jul 2014 17:24:00 +0200 Subject: DANE (was: mailto with pgp fingerprint) In-Reply-To: <87tx69wjs5.fsf@vigenere.g10code.de> References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> Message-ID: <53D66B10.8070003@josuttis.de> Are you or is someone working on DANE support for GnuPG? Any schedule? Am 22.07.2014 16:27, Werner Koch schrieb/wrote: > > On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said: >> More and more we seem to have the problem of faked keys in the >> key servers. This especially applies to "well known" keys such >> as authors of magazines and famous tools. > > This is actually the problem of checking the validity of the key. > Granted, gpg is not smart enough to figure out the best matching > key but that is something which can be fixed. > > A more simple way of tackling this is to use PKA or DANE for key > validation: For sending mail you already need DNS and thus it would > be easy to retrieve the matching key from the DNS. The drawback is > that this must be configured by the key owner and can't be changed > by the sender. > > > Shalom-Salam, > > Werner > -- Nicolai M. Josuttis www.josuttis.de mailto:nico at enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 From flapflap at riseup.net Mon Jul 28 23:04:52 2014 From: flapflap at riseup.net (flapflap) Date: Mon, 28 Jul 2014 21:04:52 +0000 Subject: CRC error In-Reply-To: <53D6ADDA.4060809@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> Message-ID: <53D6BAF4.3080703@riseup.net> pedro.markov at ml1.net: >> When would this be useful? The public key is public, and anyone with >> it could decode the message. To secure a message such that only the >> desired recipient can read it, you should encrypt a message to the >> recipient's public key so that only their private key can decrypt it. >> Simply put, I don't understand a situation where using your system >> would be an improvement over the current system, but perhaps I >> misunderstand sometihng. >> > Using this method there is no "password required", it is only need to > know how to rebuild the public key. So you can safely store > a "damaged public key" on your computer/web server/ whatever and if > some one steal it he won't be able to get your information. > > I find this very attractive, because i could damage the key and still > remember how to fix it many years after, But it is by sure that > i wont remember an unic password 5 or 10 years after. ( maybe other > people can ) This does not make sense to me. You want to protect the information your public key reveals from an attacker with access to your machine. This sounds like you manually want to, for example, fill the field for "email" with "XXXXXXXX" and only you know that the key is valid when you write "email at example.com" in it. (have I understood it correctly so far?) Why would you create a key with "email at example.com" as "email" in the first place when you actually don't want "email at example.com" to be in public? Why not just create a key saying "" or "XXXXX" for "email" instead? ~flapflap From pedro.markov at ml1.net Mon Jul 28 23:35:19 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Mon, 28 Jul 2014 23:35:19 +0200 Subject: CRC error In-Reply-To: <53D6BAF4.3080703@riseup.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> <53D6BAF4.3080703@riseup.net> Message-ID: <53D6C217.8050805@ml1.net> You lost me with the "emails" stuff. ( i don't know what do they have to do in this topic) What I'm saying it is pretty easy, I'm bad with passwords, so i rather damage the key than remember a password. After the answers that people gave me, i improved so much my method, so this is a step by step. 1) Create keypair, and give some hint in the comment, so you don't forget it for exmple "what was your first girlfriends name?" or some silly question. (This is just for extra protection. You could even write the real password on the comment but be aware that this will be public on your public key) 2) Export the public and secure key. 3) Remove the keys from keyring, and re-import the public key. 4) Damage my private key. (Ex: inverse X and X line, Replace X and X characters, etc.) 5) Encrypt everything that you have to encrypt with the public key, you can even make it "Public". With this method, the day that you try to decrypt your data you wont need to remember a password. Also, if some Mallory gets in to your computer/server/whatever even if he gets a copy of your private key he won't be able to load it and try to use Brute force on it. He will need to repair the key before ( and good luck for that ) Note. I think that for extra security i will generate the keys in a usb stick that i'll overwrite with zeros after corrupting the private key. This will prevent some smart mallory from using software as testdisk to recover deleted data. Pedro Markov, or not?~ On 07/28/2014 11:04 PM, flapflap wrote: > pedro.markov at ml1.net: >>> When would this be useful? The public key is public, and anyone with >>> it could decode the message. To secure a message such that only the >>> desired recipient can read it, you should encrypt a message to the >>> recipient's public key so that only their private key can decrypt it. >>> Simply put, I don't understand a situation where using your system >>> would be an improvement over the current system, but perhaps I >>> misunderstand sometihng. >>> >> Using this method there is no "password required", it is only need to >> know how to rebuild the public key. So you can safely store >> a "damaged public key" on your computer/web server/ whatever and if >> some one steal it he won't be able to get your information. >> >> I find this very attractive, because i could damage the key and still >> remember how to fix it many years after, But it is by sure that >> i wont remember an unic password 5 or 10 years after. ( maybe other >> people can ) > This does not make sense to me. > You want to protect the information your public key reveals from an > attacker with access to your machine. This sounds like you manually > want to, for example, fill the field for "email" with "XXXXXXXX" and > only you know that the key is valid when you write "email at example.com" > in it. (have I understood it correctly so far?) > > Why would you create a key with "email at example.com" as "email" in the > first place when you actually don't want "email at example.com" to be in > public? > > Why not just create a key saying "" or "XXXXX" for "email" instead? > > ~flapflap > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From flapflap at riseup.net Tue Jul 29 00:44:27 2014 From: flapflap at riseup.net (flapflap) Date: Mon, 28 Jul 2014 22:44:27 +0000 Subject: CRC error In-Reply-To: <53D6C217.8050805@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> <53D6BAF4.3080703@riseup.net> <53D6C217.8050805@ml1.net> Message-ID: <53D6D24B.9070104@riseup.net> pedro.markov at ml1.net: > You lost me with the "emails" stuff. ( i don't know what do they have to do > in this topic) > > What I'm saying it is pretty easy, I'm bad with passwords, so i rather > damage the key than remember a password. > > After the answers that people gave me, i improved so much my > method, so this is a step by step. > > 1) Create keypair, and give some hint in the comment, > so you don't forget it for exmple "what was your first girlfriends > name?" or some silly > question. (This is just for extra protection. You could even write the > real password on the comment > but be aware that this will be public on your public key) > > 2) Export the public and secure key. > 3) Remove the keys from keyring, and re-import the public key. > 4) Damage my private key. (Ex: inverse X and X line, Replace X and X > characters, etc.) > 5) Encrypt everything that you have to encrypt with the public key, you > can even make it "Public". > > With this method, the day that you try to decrypt your data you wont > need to remember a password. > > Also, if some Mallory gets in to your computer/server/whatever even if > he gets a copy of your private key he won't > be able to load it and try to use Brute force on it. He will need to > repair the key before ( and good luck for that ) I'm pretty sure (though more knowledgeable people should comment on this to clarify) that the changes/"damaging" you do (basically symmetric operations via you keyboard) are much weaker than real cryptographic operations. GnuPG - if you specify a passphrase - stores the secret key encrypted. If an attacker gets his/her hands on the secret key, s/he can do nothing with it. So GnuPG already does what you need/want. I understand that you don't like to remember the passphrase, but it's less secure and convenient to manually fuddle with the keyfile (which is also some kind of "passphrase", but much weaker than using GnuPG). Are you aware of https://xkcd.com/936/ ? It should be pretty easy to get to an easy-to-remember passphrase, just think of some strange situation/image/... that's worth to remember. E.g. "eleven camels climb on mt. everest for skiing" (don't use that one of course as it's public now) And if you type it a couple of times/regularely, because you need to decrypt/sign emails/files/..., it should be easy to remember in the long term. > Note. I think that for extra security i will generate the keys in a usb > stick that i'll overwrite > with zeros after corrupting the private key. This will prevent some > smart mallory from using > software as testdisk to recover deleted data. Caution! https://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html#index2h1 Logically overwriting contents on a flash drive does not necessarily overwrite the data on the physical medium. Flash drives use wear-leveling algorithms that map the logical to physical addresses, to limit the damages/wear-out due to writing the same physical locations too often. So if you "overwrite" a logical address, your written data actually goes to another physical cell and the old data is still there. An attacker that just unsolders the flash ICs could read the entire physical data, including what's not visible from the logical/software layer. ~flapflap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Jul 29 08:18:21 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 29 Jul 2014 08:18:21 +0200 Subject: DANE In-Reply-To: <53D66B10.8070003@josuttis.de> (Nicolai Josuttis's message of "Mon, 28 Jul 2014 17:24:00 +0200") References: <53CE155A.30700@josuttis.de> <87tx69wjs5.fsf@vigenere.g10code.de> <53D66B10.8070003@josuttis.de> Message-ID: <878uncofgy.fsf@vigenere.g10code.de> On Mon, 28 Jul 2014 17:24, enigmail at josuttis.de said: > Are you or is someone working on DANE support for GnuPG? > Any schedule? We have kind of this for years. There is the original PKA thing which is older than DKIM and there is the flexible kDNS method to locate keys in the DNS. I am not aware of the latest OpenPGP version of DANE but we discussed this here some time ago. What I do not understand is why SHA-224 is used to map the mail address. This sounds pretty overkill, in particular with OpenPGP which uses SHA-1 a lot. SHA-1 is good enough for such kind of mappings and the resulting name is shorter. BTW, with DANE we introduce a hierarchical trust model into the decentralized OpenPGP system. It is probably good for a first time contact and to seed a trust on first use database (TOFU [1]) but I doubt that the DNSSEC part is that important. Yes, I am in favor of DNSSEC but it is not the silver bullet to solve the problem of man in the middle attacks. Shalom-Salam, Werner [1] "Trust On First Use" or related to your quoting style "Text Oben Full-Quote Unten" ;-) -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From aarcane at aarcane.org Tue Jul 29 08:31:54 2014 From: aarcane at aarcane.org (Schlacta, Christ) Date: Mon, 28 Jul 2014 23:31:54 -0700 Subject: Where to save passphrases? In-Reply-To: <20140728195437.GA13832@fritha.org> References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> <20140726120454.GA13317@fritha.org> <87zjfwrla4.fsf@vigenere.g10code.de> <8F0B09FC6339FA439524099BFCABC11F2D3370AF@IRVEXCHMB11.corp.ad.broadcom.com> <20140728195437.GA13832@fritha.org> Message-ID: As much as I'm sure there will be objections to this, I'd like to re-suggest that you utilize the "one password for all keyrings" method. So long as those keyrings are physically on premises, and you practice good password habits, such as never using your master password for remote services, changing them often, and using a strong password; you should be fine On Jul 28, 2014 12:57 PM, "Heinz Diehl" wrote: > On 28.07.2014, Bob (Robert) Cavanaugh wrote: > > > It is a pain to re-enter the passphrase, > > but is required by our threat model. > > Maybe a smartcard could be the solution. After you have installed your > key on the card, only a numeric PIN is required, which is MUCH easier > to enter frequently. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From 2014-667rhzu3dc-lists-groups at riseup.net Tue Jul 29 13:43:27 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 29 Jul 2014 12:43:27 +0100 Subject: Where to save passphrases? In-Reply-To: References: <20140725213605.GA18068@mailbox.org> <20140726072849.GA13622@mailbox.org> <20140726104153.GA8394@fritha.org> <53D393A9.7060102@digitalbrains.com> <20140726120454.GA13317@fritha.org> <87zjfwrla4.fsf@vigenere.g10code.de> <8F0B09FC6339FA439524099BFCABC11F2D3370AF@IRVEXCHMB11.corp.ad.broadcom.com> <20140728195437.GA13832@fritha.org> Message-ID: <1004071011.20140729124327@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 29 July 2014 at 7:31:54 AM, in , Schlacta, Christ wrote: > As much as I'm sure there will be objections to this, > I'd like to re-suggest that you utilize the "one > password for all keyrings" method. So long as those > keyrings are physically on premises, and you practice > good password habits, such as never using your master > password for remote services, changing them often, and > using a strong password; you should be fine. Do you mean the same password for all private keys? As far as I know, keyrings aren't usually password-protected. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Pain is inevitable, but misery is optional. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlPXiPtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pG3QD/0GP/UQb1N9/Fh7IIh6nnoZN1kYayR8XTodF VnKe79xGsuGEmZv12EF0YXcY0Y6DPrWS5mU+9ALybUqd9bevwKdb/BRKuT1ZEfwP +tVDrF+3sFIGcXQIcEkoA92eCR8wG0X7Uv+tdRpdjmhkTevtjQTKlkejXvYIUBVj hN7vKp7x =Qkvd -----END PGP SIGNATURE----- From MichaelQuigley at TheWay.Org Tue Jul 29 14:44:24 2014 From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org) Date: Tue, 29 Jul 2014 08:44:24 -0400 Subject: CRC error In-Reply-To: References: Message-ID: "Gnupg-users" wrote on 07/28/2014 05:33:56 PM: > ----- Message from pedro.markov at ml1.net on Mon, 28 Jul 2014 23:35:19 > +0200 ----- > > To: > > gnupg-users at gnupg.org > > Subject: > > Re: CRC error . . . . . . . . . > > With this method, the day that you try to decrypt your data you wont > need to remember a password. Except you'll have to repair your private key every time you want to decrypt anything (unless I'm grossly mistaken). When something is decrypted with your public key, you can only decrypt it with the private key. If you're only encrypting things for long term storage and infrequent access, perhaps this won't be so challenging. But if so, then why not simply store them on some media secured away in something like a safe? If you will need frequent or even occasional access to the encrypted data, I would think it far easier to learn and remember a password. Or better yet a smartcard with a simple PIN--as has been suggested. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Tue Jul 29 19:02:59 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 29 Jul 2014 19:02:59 +0200 Subject: CRC error In-Reply-To: <53D6C217.8050805@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> <53D6BAF4.3080703@riseup.net> <53D6C217.8050805@ml1.net> Message-ID: <53D7D3C3.4050005@digitalbrains.com> On 28/07/14 23:35, pedro.markov at ml1.net wrote: > 4) Damage my private key. (Ex: inverse X and X line, Replace X and X > characters, etc.) This is a really, really bad idea. Please don't invent your own crypto. For instance, I only need one seventh of your secret RSA key to fully reconstruct it using the public key I also have! Looky here at an RSA private key{1}: :secret key packet: version 4, algo 1, created 1300458324, expires 0 skey[0]: [2048 bits] skey[1]: [17 bits] skey[2]: [2046 bits] skey[3]: [1024 bits] skey[4]: [1024 bits] skey[5]: [1024 bits] I myself can reconstruct your private key if I either have skey[3] or skey[4]. I can decrypt your messages if I just have skey[2]. And I think someone who actually knows his stuff can do it with skey[5]; I might be able too if I read up on the Chinese Remainder Theorem{2}. And I can see whether it worked or not, so I can just take the one you didn't damage. Again: give me your public key and the 1024 bits of skey[3] and I can compute your private key. Using only a seventh of the whole secret key packet. And this "secret key packet" isn't even the full secret key that you are wilfully damaging; there are even more packets in there, including completely harmless ones that won't bother an attacker the slightest bit. You might make the attacker laugh, though. Don't be creative! You need either a good passphrase or good physical protection or both, not some mangling of data. > Pedro Markov, > or not?~ Oh, the suspense! Are you Pedro, .... or not? Tadadadaaaaa..... ;) Oh, I see it. The ~ is a logical not, so it's a double inverse, so either you're Pedro or you converted Pedro to a boolean, depending on whether you ask a logician or a C programmer... HTH, Peter. {1} To reproduce: make a test key that you don't password protect. Suppose the key ID of your test key is AB1256CD34, enter the following: $ gpg2 --export-secret-key AB1256CD34 | gpg2 --list-packets But first understand what that command does, because you shouldn't type in commands that strangers tell you to type in. {2} For context for people who know what I'm talking about but don't know the order of components by heart, the 5 MPI's are, in order: n, e, d, p, q and u (u = p^-1 mod q). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Tue Jul 29 21:35:57 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 29 Jul 2014 21:35:57 +0200 Subject: crypto code of conduct ("Crypto-Knigge") Message-ID: <2727325.tUTsSUxKWR@inno> Hello, I would like to abuse this list for something IMHO important though slightly off-topic... I think we (and "we" is "the Internet users" not just "those who write on gnupg-users"...) are missing a culture of secured communication (which can mean encrypted, signed or anonymous or a combination of that) and that an accpeted (by "those who write on gnupg-users" ;-) ) code of conduct (my German term: "Crypto-Knigge") would be quite useful to get there (or at least nearer). I am not talking about technical recommendations but about "organizational" (behaviour / attitude) recommendations. It's not the reason for the selection but I assume that it's easier to get a concensus in that area... :-) I have written a draft for that. And now it's getting even more off- topic: It's in German; thus this mainly addresses the Gerrman speaking (i.e. understanding) people on this list who might be interested in contributing: http://www.crypto-fuer-alle.de/crypto-knigge/ https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.crypto-fuer-alle.de%2Fcrypto-knigge%2F&edit-text= The idea is not OpenPGP- / GnuPG-specific but for obvious reasons my view is... But if there is enough interest from people who don't understand German then I would try to make a good translation. I wrote it in German because (a) most of my crypto-related articles are an German and (b) something big (compared to former crypto stuff affecting the general public) is going to happen in Germany later this year which could help a lot to make this more common. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From pedro.markov at ml1.net Tue Jul 29 22:02:39 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Tue, 29 Jul 2014 22:02:39 +0200 Subject: CRC error In-Reply-To: <53D7E6D0.3080401@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> <53D6BAF4.3080703@riseup.net> <53D6C217.8050805@ml1.net> <53D6D24B.9070104@riseup.net> <53D7E6D0.3080401@ml1.net> Message-ID: <53D7FDDF.3010505@ml1.net> On 07/29/2014 08:24 PM, pedro.markov at ml1.net wrote: > > > On 07/29/2014 12:44 AM, flapflap wrote: >> pedro.markov at ml1.net: >>> You lost me with the "emails" stuff. ( i don't know what do they have to do >>> in this topic) >>> >>> What I'm saying it is pretty easy, I'm bad with passwords, so i rather >>> damage the key than remember a password. >>> >>> After the answers that people gave me, i improved so much my >>> method, so this is a step by step. >>> >>> 1) Create keypair, and give some hint in the comment, >>> so you don't forget it for exmple "what was your first girlfriends >>> name?" or some silly >>> question. (This is just for extra protection. You could even write the >>> real password on the comment >>> but be aware that this will be public on your public key) >>> >>> 2) Export the public and secure key. >>> 3) Remove the keys from keyring, and re-import the public key. >>> 4) Damage my private key. (Ex: inverse X and X line, Replace X and X >>> characters, etc.) >>> 5) Encrypt everything that you have to encrypt with the public key, you >>> can even make it "Public". >>> >>> With this method, the day that you try to decrypt your data you wont >>> need to remember a password. >>> >>> Also, if some Mallory gets in to your computer/server/whatever even if >>> he gets a copy of your private key he won't >>> be able to load it and try to use Brute force on it. He will need to >>> repair the key before ( and good luck for that ) >> I'm pretty sure (though more knowledgeable people should comment on this >> to clarify) that the changes/"damaging" you do (basically symmetric >> operations via you keyboard) are much weaker than real cryptographic >> operations. >> GnuPG - if you specify a passphrase - stores the secret key encrypted. >> If an attacker gets his/her hands on the secret key, s/he can do nothing >> with it. So GnuPG already does what you need/want. >> I understand that you don't like to remember the passphrase, but it's >> less secure and convenient to manually fuddle with the keyfile (which is >> also some kind of "passphrase", but much weaker than using GnuPG). >> >> Are you aware ofhttps://xkcd.com/936/ ? >> It should be pretty easy to get to an easy-to-remember passphrase, just >> think of some strange situation/image/... that's worth to remember. >> E.g. "eleven camels climb on mt. everest for skiing" >> (don't use that one of course as it's public now) >>> Note. I think that for extra security i will generate the keys in a usb >>> stick that i'll overwrite >>> with zeros after corrupting the private key. This will prevent some >>> smart mallory from using >>> software as testdisk to recover deleted data. >> Caution! >> https://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html#index2h1 >> Logically overwriting contents on a flash drive does not necessarily >> overwrite the data on the physical medium. Flash drives use >> wear-leveling algorithms that map the logical to physical addresses, to >> limit the damages/wear-out due to writing the same physical locations >> too often. So if you "overwrite" a logical address, your written data >> actually goes to another physical cell and the old data is still there. >> An attacker that just unsolders the flash ICs could read the entire >> physical data, including what's not visible from the logical/software layer. >> >> ~flapflap > This was very interesting, thanks for the information, i didn't know it! >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pedro.markov at ml1.net Tue Jul 29 22:03:16 2014 From: pedro.markov at ml1.net (pedro.markov at ml1.net) Date: Tue, 29 Jul 2014 22:03:16 +0200 Subject: CRC error In-Reply-To: <53D7EC40.2060508@ml1.net> References: <1406501473.10988.146242369.313D43B5@webmail.messagingengine.com> <53D5E130.1080402@gbenet.com> <53D68E29.50408@ml1.net> <53D6ADDA.4060809@ml1.net> <53D6BAF4.3080703@riseup.net> <53D6C217.8050805@ml1.net> <53D7D3C3.4050005@digitalbrains.com> <53D7EC40.2060508@ml1.net> Message-ID: <53D7FE04.40908@ml1.net> ??\\---/?? ??-??-??-???$??N! On 07/29/2014 08:47 PM, pedro.markov at ml1.net wrote: > > On 07/29/2014 07:02 PM, Peter Lebbing wrote: >> On 28/07/14 23:35, pedro.markov at ml1.net wrote: >>> 4) Damage my private key. (Ex: inverse X and X line, Replace X and X >>> characters, etc.) >> This is a really, really bad idea. Please don't invent your own crypto. >> >> For instance, I only need one seventh of your secret RSA key to fully >> reconstruct it using the public key I also have! Looky here at an RSA >> private key{1}: >> >> :secret key packet: >> version 4, algo 1, created 1300458324, expires 0 >> skey[0]: [2048 bits] >> skey[1]: [17 bits] >> skey[2]: [2046 bits] >> skey[3]: [1024 bits] >> skey[4]: [1024 bits] >> skey[5]: [1024 bits] >> >> I myself can reconstruct your private key if I either have skey[3] or >> skey[4]. I can decrypt your messages if I just have skey[2]. And I think >> someone who actually knows his stuff can do it with skey[5]; I might be >> able too if I read up on the Chinese Remainder Theorem{2}. >> >> And I can see whether it worked or not, so I can just take the one you >> didn't damage. >> >> Again: give me your public key and the 1024 bits of skey[3] and I can >> compute your private key. Using only a seventh of the whole secret key >> packet. And this "secret key packet" isn't even the full secret key that >> you are wilfully damaging; there are even more packets in there, >> including completely harmless ones that won't bother an attacker the >> slightest bit. You might make the attacker laugh, though. >> >> Don't be creative! You need either a good passphrase or good physical >> protection or both, not some mangling of data. >> > I wasn't aware of this, thanks for the info! > ("i made good" to ask here before doing creative stuff.. haha ) > >>> Pedro Markov, >>> or not?~ >> Oh, the suspense! Are you Pedro, .... or not? Tadadadaaaaa..... ;) >> >> Oh, I see it. The ~ is a logical not, so it's a double inverse, so >> either you're Pedro or you converted Pedro to a boolean, depending on >> whether you ask a logician or a C programmer... > > This one was funny!, should i respond or let the suspense? xD > > I 13iu1ccy 81i5 c, 9 ausi 4o uyi8on uro7r1mm9n7 1n4 21s8 so i85 > 3omm5ni w1s 6unny :) > T89s 19n'i my r51c n1m5, 9 ausi 4on'i c9b5 my n1m5 1n4 5m19c io 25 > uu2c9s8 ov5r i85 > uu2c93 9ni5rn5i 2531us5 i85 m19c9n7 c9sis :) > > >> HTH, >> >> Peter. >> >> {1} To reproduce: make a test key that you don't password protect. >> Suppose the key ID of your test key is AB1256CD34, enter the following: >> >> $ gpg2 --export-secret-key AB1256CD34 | gpg2 --list-packets >> >> But first understand what that command does, because you shouldn't type >> in commands that strangers tell you to type in. >> >> {2} For context for people who know what I'm talking about but don't >> know the order of components by heart, the 5 MPI's are, in order: n, e, >> d, p, q and u (u = p^-1 mod q). >> > I'll really check this its seems pretty interesting From mirimir at riseup.net Tue Jul 29 22:04:13 2014 From: mirimir at riseup.net (Mirimir) Date: Tue, 29 Jul 2014 14:04:13 -0600 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <2727325.tUTsSUxKWR@inno> References: <2727325.tUTsSUxKWR@inno> Message-ID: <53D7FE3D.6060502@riseup.net> On 07/29/2014 01:35 PM, Hauke Laging wrote: > Hello, > > I would like to abuse this list for something IMHO important though > slightly off-topic... > > I think we (and "we" is "the Internet users" not just "those who write > on gnupg-users"...) are missing a culture of secured communication > (which can mean encrypted, signed or anonymous or a combination of that) > and that an accpeted (by "those who write on gnupg-users" ;-) ) code of > conduct (my German term: "Crypto-Knigge") would be quite useful to get > there (or at least nearer). > > I am not talking about technical recommendations but about > "organizational" (behaviour / attitude) recommendations. It's not the > reason for the selection but I assume that it's easier to get a > concensus in that area... :-) > > I have written a draft for that. And now it's getting even more off- > topic: It's in German; thus this mainly addresses the Gerrman speaking > (i.e. understanding) people on this list who might be interested in > contributing: > > http://www.crypto-fuer-alle.de/crypto-knigge/ > > https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.crypto-fuer-alle.de%2Fcrypto-knigge%2F&edit-text= > > The idea is not OpenPGP- / GnuPG-specific but for obvious reasons my > view is... > > But if there is enough interest from people who don't understand German > then I would try to make a good translation. Please :) The Google translation is quite coherent, but then I don't know German. > I wrote it in German because (a) most of my crypto-related articles are > an German and (b) something big (compared to former crypto stuff > affecting the general public) is going to happen in Germany later this > year which could help a lot to make this more common. Are you looking for comments? > Hauke > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From mailinglisten at hauke-laging.de Tue Jul 29 22:22:30 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 29 Jul 2014 22:22:30 +0200 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <53D7FE3D.6060502@riseup.net> References: <2727325.tUTsSUxKWR@inno> <53D7FE3D.6060502@riseup.net> Message-ID: <2882506.aI6jmRjDDl@inno> Am Di 29.07.2014, 14:04:13 schrieb Mirimir: > Are you looking for comments? Sure but not on this list; I don't want it to be flooded by an OT discussion. Those who want to contribute should send me an email. Depending on the number of people I would move that to a dedicated mailing list or something more suitable. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Wed Jul 30 00:17:20 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 30 Jul 2014 00:17:20 +0200 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <270838A78E5A5342BB9669898FB4CF200EEFA9CE@EX10MBOX01.pnnl.gov> References: <2727325.tUTsSUxKWR@inno> <270838A78E5A5342BB9669898FB4CF200EEFA9CE@EX10MBOX01.pnnl.gov> Message-ID: <1979134.hTAYaUTsJL@inno> Am Di 29.07.2014, 21:25:07 schrieb Smith, Cathy: > Hi > > If you've posted here, are you trying to determine the level of > interest out-side of the German-speaking community? Both communities because they would require different reactions by me. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From Cathy.Smith at pnnl.gov Tue Jul 29 23:25:07 2014 From: Cathy.Smith at pnnl.gov (Smith, Cathy) Date: Tue, 29 Jul 2014 21:25:07 +0000 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <2727325.tUTsSUxKWR@inno> References: <2727325.tUTsSUxKWR@inno> Message-ID: <270838A78E5A5342BB9669898FB4CF200EEFA9CE@EX10MBOX01.pnnl.gov> Hi If you've posted here, are you trying to determine the level of interest out-side of the German-speaking community? I certainly would be interested in reading an English translation. Regards, Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Phone:????? 509.375.2687 Fax:??? ????509.375.2330 Email:????? cathy.smith at pnnl.gov -----Original Message----- From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Hauke Laging Sent: Tuesday, July 29, 2014 12:36 PM To: gnupg-users at gnupg.org Subject: crypto code of conduct ("Crypto-Knigge") Hello, I would like to abuse this list for something IMHO important though slightly off-topic... I think we (and "we" is "the Internet users" not just "those who write on gnupg-users"...) are missing a culture of secured communication (which can mean encrypted, signed or anonymous or a combination of that) and that an accpeted (by "those who write on gnupg-users" ;-) ) code of conduct (my German term: "Crypto-Knigge") would be quite useful to get there (or at least nearer). I am not talking about technical recommendations but about "organizational" (behaviour / attitude) recommendations. It's not the reason for the selection but I assume that it's easier to get a concensus in that area... :-) I have written a draft for that. And now it's getting even more off- topic: It's in German; thus this mainly addresses the Gerrman speaking (i.e. understanding) people on this list who might be interested in contributing: http://www.crypto-fuer-alle.de/crypto-knigge/ https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.crypto-fuer-alle.de%2Fcrypto-knigge%2F&edit-text= The idea is not OpenPGP- / GnuPG-specific but for obvious reasons my view is... But if there is enough interest from people who don't understand German then I would try to make a good translation. I wrote it in German because (a) most of my crypto-related articles are an German and (b) something big (compared to former crypto stuff affecting the general public) is going to happen in Germany later this year which could help a lot to make this more common. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 From bernhard at intevation.de Thu Jul 31 10:38:50 2014 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 31 Jul 2014 10:38:50 +0200 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <2727325.tUTsSUxKWR@inno> References: <2727325.tUTsSUxKWR@inno> Message-ID: <201407311038.56684.bernhard@intevation.de> On Tuesday 29 July 2014 at 21:35:57, Hauke Laging wrote: > I have written a draft for that. And now it's getting even more off- > topic: It's in German; thus this mainly addresses the Gerrman speaking > (i.e. understanding) people on this list who might be interested in > contributing: > > http://www.crypto-fuer-alle.de/crypto-knigge/ Note that there is http://lists.gnupg.org/mailman/listinfo/gnupg-de for German speaking discussions about GnuPG usage and related topics. From my point of view you are missing to discuss the problem that most people and companies are not willing to invest resources (time, money) in more IT security. If all users of GnuPG and Ggp4win gave us one Euro a year, this would a real funding. The products are still too hard to use, but there is not enough economic incentive to change this. It will need funding because it really is hard work. Your draft already recommends a lot from possible users, I doubt that this is a good way to bring the masses to crypto. It seems to make life more difficult for those that at least try something. > (b) something big (compared to former crypto stuff > affecting the general public) is going to happen in Germany later this > year which could help a lot to make this more common. Okay, a mysterious cliff-hanger. What do you know that we don't? -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Thu Jul 31 10:43:32 2014 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 31 Jul 2014 10:43:32 +0200 Subject: Problem during compilation of gnupg-2.0.25 In-Reply-To: References: Message-ID: <201407311043.33654.bernhard@intevation.de> On Monday 28 July 2014 at 04:10:36, Robert Kong wrote: > ../../g10/gpg2: error while loading shared libraries: libgcrypt.so.20: > cannot open shared object file: No such file or directory What does ldd on the ../../g10/gpg2 say? And then check ls -l on the full paths of /usr/local/lib/libgcrypt.so.20 /usr/local/lib/libgcrypt.so.20.0.1 and the contents of LD_LIBRARYPATH > ldconfig -v reports the following: > ... > /usr/local/lib: > ? ? ? ? libassuan.so.0 -> libassuan.so.0.4.1 > ? ? ? ? libksba.so.8 -> libksba.so.8.11.1 > ? ? ? ? libgpg-error.so.0 -> libgpg-error.so.0.11.0 > ? ? ? ? libgcrypt.so.20 -> libgcrypt.so.20.0.1 -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Thu Jul 31 11:30:37 2014 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 31 Jul 2014 11:30:37 +0200 Subject: mutt, S/MIME and gpgme (Re: Mutt: Decrypting inline gpg format directly) In-Reply-To: <20140722092240.GA55163@blinkenshell.org> References: <87oawi6feo.fsf@vigenere.g10code.de> <20140722092240.GA55163@blinkenshell.org> Message-ID: <201407311130.42502.bernhard@intevation.de> On Tuesday 22 July 2014 at 11:22:40, The Fuzzy Whirlpool Thunderstorm wrote: > > set crypt_use_gpgme > > into your ~/.muttrc. In my setup I am using gpgme with mutt successfully for more than 10 years now. (Full disclosure, I was on the team that implemented it together with Werner. I am only an occasional mutt user.) > Yes, gpgme backend is great. But there is a problem with s/mime > handling. Before doing any s/mime decryption/encryption, a p12 private > key is needed. Since gpgme backend uses gpgsm to handle s/mime, I need > to import my p12 certificate. > The problem is pinentry doesn't come to foreground when I invoke `gpgsm > --import mycertkey.p12`. Shell is hanging up waiting for pinentry-curses > to provide the passphrase. Is there any workaround to fix gpgsm and > pinentry behavior to work as expected? I remember there is an issue with importing, using this command line path. Last time I did this, I dropped back using a x11 pinentry. I may work if you place the gpg-agent on a shell by itself or using the right options. I don't remember precisely. After the import, pinentry-curses works for me nicely in mutt with S/MIME. Best Regards, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3955 bytes Desc: not available URL: From green at mm.st Thu Jul 31 10:42:37 2014 From: green at mm.st (Wolf) Date: Thu, 31 Jul 2014 09:42:37 +0100 Subject: gpg: checking created signature failed: Bad signature Message-ID: <20140731084236.GA3261@arch_revo> Hello everyone. I'm new to mailing lists so apologies in advance if I commit any faux pas. I'm trying to sign a public PGP key but am encountering a 'Bad signature' error: gpg --edit-key someone at somedomain.com ... gpg> sign ... You need a passphrase to unlock the secret key for user: "My User " 2048-bit RSA key, ID 12345678, created 2012-01-01 I enter my passphrase then get: gpg: checking created signature failed: Bad signature gpg: signing failed: Bad signature gpg: signing failed: Bad signature I'm also sporadically getting the same result when clearsigning messages in mutt. I've done some searching online but can only find old, unrelated posts or ones relating to smart cards, which I'm not using. The wording of the error seems to suggest that gpg is attempting to verify the signature it just created but is failing? I'm running gnupg 2.0.25-1 on an Arch Linux box via a PuTTY SSH connection. Any help gratefully received! -- /Wolf [GnuPG Key: A8E50255] From thomasasta at googlemail.com Thu Jul 31 19:18:43 2014 From: thomasasta at googlemail.com (Thomas Asta) Date: Thu, 31 Jul 2014 19:18:43 +0200 Subject: crypto code of conduct ("Crypto-Knigge") In-Reply-To: <2727325.tUTsSUxKWR@inno> References: <2727325.tUTsSUxKWR@inno> Message-ID: Dear Hauke, thanks for this initiative, it is and your website is great. Is there a wiki to add improvements to your draft? I think it needs some change in wording, in strategy and "Duktus", also from content. You seem to be a trainer for encryption and you have many experiences in how people react when they first time step into this. Much of your text is unfortunately written not in an encuraging way. we should turn that all in a better wording. e.g. instead of "1. Werden Sie sich der eigenen Grenzen bewusst" you might want to say: "1. Kommen Sie mit Verschl?sselung Schritt f?r Schritt in Kontakt und erlernen Sie es auf eine spielerische Art und Weise gemeinsam mit einem Partner", or: "2. Rechnen Sie mit Fehlern und Unkenntnis der anderen" could be turned into "2. Helfen Sie Ihrem Kommunikationspartner mit geteiltem Wissen und geduldigen und ausf?hrlichen Hinweisen - denn jeder hat mal Klein angefangen", further "3. Verbreiten Sie nur gesicherte Informationen" could be "4. Helfen Sie als Multiplikator mit, Ihr Wissen zum Thema Kyrptographie zu teilen - aber achten sie auch auf eine Qualit?tskontrolle, indem Sie ihr Wissen zum Thema Kryptographie kontinuierlich vertiefen und verbreitern". I would not spit it into K?r and Pflicht, as it is in some sense redundant. Two chapters end with buy a website and buy a domain. Both in the chapter for make it easy and dont do it know, this stresses the user too much, to hear the need to order first a webserver before starting with crypto. You might want to intent the opposite. And might be a result of beeing fixed on a certain encryption technology. We have a problem when you pretend a fixed view of the world and speak as well of "Nischentechnik" - you might want to say the opposite: Evaluate all tools. But you pretend to say: Use only OTR. Here a discussion about the technical aspects might rise, as you do not want Monopols, but suggest one. OTR has as well negative aspects like a too short MAC key and renewal options only per session. Other tools allow to renew the symmetric key instantly per knopfdruck and have a much longer MAC key. So dont suggest the tools, but rather some criteria. E.g. the multi encrypting messenger http://goldbug.sf.net has on the website 6 criteria published, which you could integrate into your considerations. One important thing is, that the source code of the app, and as well the chat server is open source. E.g. Bleep, the new Bittorrent Chat Tool is very straigth focusing on geeting users by integrating a key server with phone number, email address and key - but no one knows, if the tool is working when this server is down or how to insert DHT bootstrapers. As well the D/H key exchange for OTR is broken, if the xmpp servers communicate only point to point and not end to end. A man in the middle is possible?! Your last suggestion to not encrypt everything is not consistent. Of course we need in every place the infrastructure for encryption that means each email with an encryption key as an offer. If a user, who encrypts all, or a user, who encrypts only the important emails, is more in the focus of agencies.. this might be discussed on another list.. Okay.. for me it might be a summary to suggest you to not only suggest to others only one tool or technique. Try to be open and evaluate more tools: http://wiki.vorratsdatenspeicherung.de/List_of_Secure_Instant_Messengers Maybe you can extend your training to all these tools and the mentioned criteria could be part of the Knigge, you suggest. For me most important is, that the chat server is open source and cannot log any plaintext. Plugin-Encryption is that not. Kind regards Tom On Tue, Jul 29, 2014 at 9:35 PM, Hauke Laging wrote: > Hello, > > missing a culture of secured communication > code of conduct (my German term: "Crypto-Knigge") would be quite useful to > get there (or at least nearer). > > I am not talking about technical recommendations but about > "organizational" (behaviour / attitude) recommendations. > http://www.crypto-fuer-alle.de/crypto-knigge/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: