From dkg at fifthhorseman.net Sat Mar 1 09:40:56 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 01 Mar 2014 08:40:56 +0000 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <1456109.8X6Fp28V1Q@inno> References: <5203664.LZo7IKJdkj@inno> <530F83BA.7020803@dougbarton.us> <1456109.8X6Fp28V1Q@inno> Message-ID: <53119D18.50402@fifthhorseman.net> On 02/28/2014 02:58 PM, Hauke Laging wrote: > a) Maybe I was not clear enough about that but I do not suggest this as > a "Set the flag once (and do the other stuff) and after that you are > safe forever" feature. This feature would have to be used for every > encryption, too. (I guess it would be easily possible with RSA > signatures today i.e. without changes to GnuPG.) > > Thus your "when you're not using that flag" point is never reached. Asking the end users to routinely choose a novel high-entropy seed for randomness *without* relying on OS-level feature like /dev/random or /dev/urandom seems even worse than the case you're trying to defend against. It reduces the problem of breaking the encryption to that of figuring out what data was used as the seed for randomness. How do you prevent users from choosing the same seed multiple times? How is the user supposed to come up with this entropy? In practice, i think this won't happen reliably, and users will be exposed to all the usual attacks possible against broken RNGs if they try to use this proposed feature. -dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Mon Mar 3 04:16:44 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 03 Mar 2014 04:16:44 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <53119D18.50402@fifthhorseman.net> References: <5203664.LZo7IKJdkj@inno> <1456109.8X6Fp28V1Q@inno> <53119D18.50402@fifthhorseman.net> Message-ID: <1747862.n9NlyRAGsu@inno> Am Sa 01.03.2014, 08:40:56 schrieb Daniel Kahn Gillmor: > Asking the end users to routinely choose a novel high-entropy seed for > randomness *without* relying on OS-level feature like /dev/random or > /dev/urandom seems even worse than the case you're trying to defend > against. Probably. But this is not a proposal for "users" but for the kind of people who regularly write on this list. People who know what they are doing. Security improvements never(?) come for free. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Mon Mar 3 04:55:42 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 02 Mar 2014 22:55:42 -0500 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <1747862.n9NlyRAGsu@inno> References: <5203664.LZo7IKJdkj@inno> <1456109.8X6Fp28V1Q@inno> <53119D18.50402@fifthhorseman.net> <1747862.n9NlyRAGsu@inno> Message-ID: <5313FD3E.7030309@sixdemonbag.org> > Probably. But this is not a proposal for "users" but for the kind of > people who regularly write on this list. People who know what they are > doing. That, by itself, is a compelling reason not to do it. A feature that will be used by under 0.1% of the userbase is a feature not worth introducing. The likelihood of introducing a bug which may affect everyone is orders of magnitude greater than the limited benefit that will be enjoyed by one user in a thousand. From eye.of.the.8eholder at gmail.com Mon Mar 3 11:24:39 2014 From: eye.of.the.8eholder at gmail.com (Khelben Blackstaff) Date: Mon, 3 Mar 2014 12:24:39 +0200 Subject: Removing Policy URLs In-Reply-To: <20131121181752.7870ff5c@tardis.info> References: <20131121181752.7870ff5c@tardis.info> Message-ID: <20140303122439.7e2c1799@tardis.info> On Thu, 21 Nov 2013 18:17:52 +0200 Khelben Blackstaff wrote: > Greetings. > > I would like to know how can i remove a policy url from a (sub)key > (it isn't stored on a key server). There is probably a very easy way > to do it but i could not find it in the manpage or the mailing list > archive. > > I use set-policy-url in gpg.conf and it works fine but i forgot it > when i generated a new authentication key and it got the policy url. > I tried "set-policy-url none" together with a expire date change so > that the signature is modified but the policy wasn't touched. I tried > "key 3" and delsig but delsig needs a uid and not a subkey. > > How can i delete the policy url (or the whole signature and recreate > it) from a subkey ? > > Thank you for your time. Greetings. I am writing again in case my first message went unnoticed. Forgive me if "bumping" a question is considered bad manners. As i said in my original question, is there a way to remove a Policy URL from a (sub)key ? Thank you again. From mailinglisten at hauke-laging.de Mon Mar 3 13:49:00 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 03 Mar 2014 13:49 +0100 Subject: Removing Policy URLs In-Reply-To: <20140303122439.7e2c1799@tardis.info> References: <20131121181752.7870ff5c@tardis.info> <20140303122439.7e2c1799@tardis.info> Message-ID: <7031377.pk1pAkOKyP@inno> Am Mo 03.03.2014, 12:24:39 schrieb Khelben Blackstaff: > As i said in my original question, is there a way to remove a Policy > URL from a (sub)key ? I have tried that some time ago and didn't find any way to do that. I guess that is due to the fact that hardly anybody uses this feature so that its support is probably limited. It is possible with UID signatures but in that case with tricks only, too. And these tricks are nor available for subkeys. Thus I am afraid this is not possible with the official version of GnuPG. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From detlev at reymann.org Mon Mar 3 14:42:29 2014 From: detlev at reymann.org (Detlev Reymann) Date: Mon, 03 Mar 2014 14:42:29 +0100 Subject: Unsubsrcibe Message-ID: <531486C5.8000302@reymann.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Detlev Reymann - -- Detlev Reymann Albert-Schweitzer-Strasse 34 65366 Geisenheim http://www.reymann.eu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTFIbAAAoJEM6JTkpQd1J1qYEH/RKcPhbMHIyjnjNZ7VmvHiN8 QG3Q9Cb++CLiaqXBmexC7VYnHjLQVyzjcwB+l8efSeL/o+SWllG3ipNVpVOpH5Dm DM19TUl3rGcasH6QWN5TCEY/KMluxseavzEYLP/QtqUieR2SWj225zCBAbk9Hxlm H+AitiRfOSPwI7BhUKqqHeq9LameNBNIhh1XOcCv7SugwfzrwKHbaAXmp5ws0Fdl leacY8iIOUM18cXyag4hWGRjqR5G0VU0y2tIg/vWflt2Ttj0cPsGdJTiNau5i2Y/ jNoOksnaqjpoGeVuJfeEj5tKlkvspqt4XXuoSD3wQej/6LTxWNRqIXGgxX/mybg= =t04l -----END PGP SIGNATURE----- From eye.of.the.8eholder at gmail.com Mon Mar 3 15:29:18 2014 From: eye.of.the.8eholder at gmail.com (Khelben Blackstaff) Date: Mon, 3 Mar 2014 16:29:18 +0200 Subject: Removing Policy URLs In-Reply-To: <7031377.pk1pAkOKyP@inno> References: <20131121181752.7870ff5c@tardis.info> <20140303122439.7e2c1799@tardis.info> <7031377.pk1pAkOKyP@inno> Message-ID: <20140303162918.1c39fe4b@tardis.info> On Mon, 03 Mar 2014 13:49 +0100 Hauke Laging wrote: > I have tried that some time ago and didn't find any way to do that. I > guess that is due to the fact that hardly anybody uses this feature > so that its support is probably limited. > > It is possible with UID signatures but in that case with tricks only, > too. And these tricks are nor available for subkeys. > > Thus I am afraid this is not possible with the official version of > GnuPG. > > > Hauke Thank you for the quick reply. I had the impression that it cannot be done but because notations can be removed, i thought i should ask. From steve.strobel at link-comm.com Sat Mar 8 00:29:16 2014 From: steve.strobel at link-comm.com (Steve Strobel) Date: Fri, 7 Mar 2014 16:29:16 -0700 Subject: Size of client key jumped from 2KB to 25KB Message-ID: We have a Windows application that automatically generates a key pair on first startup (no passphrase), then sends its public key to a server. It exports its public key to a file with a command like this: gpg --output client-key.gpg --export -a ID49C207DF I recently got an error message caused by the keyfile it created exceeding a 10 KB threshold in the application code. It is normally 2 KB or 3 KB, but in this case it was 25KB. Its size apparently jumped suddenly rather than growing slowly, or it would have errored out at 11 KB rather than at 25 KB. The extra-large key file has typical GPG headers and footers, but a lot more data between them than usual. Renaming the gnupg directory (which forces it to generate a new key pair) resolved the issue for now, but I would like to know what might have gone wrong to make the public key so large. In both cases, the info about the keys looks normal, something like this: $ gpg --list-keys C:/Documents and Settings/steve.strobel/Application Data/gnupg\pubring.gpg -------------------------------------------------------------------------- pub 2048R/49C207DF 2014-03-07 uid ID49C207DF (N/A) uid IDLINKTDS I would be glad to send the keyring file if that would make troubleshooting easier (the keys are not valuable). Thanks for any pointers. Steve -- Steve Strobel Link Communications, Inc. 1035 Cerise Rd Billings, MT 59101-7378 (406) 245-5002 ext 102 (406) 245-4889 (fax) WWW: http://www.link-comm.com MailTo:steve.strobel at link-comm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Sat Mar 8 10:42:36 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 08 Mar 2014 10:42:36 +0100 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: References: Message-ID: <531AE60C.3010206@digitalbrains.com> On 08/03/14 00:29, Steve Strobel wrote: > The extra-large key file has typical GPG headers and footers, but a lot more > data between them than usual. You can inspect the data with a command like: $ gpg --list-packets "C:/Documents and Settings/steve.strobel/Application Data/gnupg\pubring.gpg" (that's one line) It will spew a lot of stuff like the following: :public key packet: version 4, algo 1, created 1258029184, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: AC46EFE6DE500B3E :user ID packet: "Peter Lebbing " :signature packet: algo 1, keyid AC46EFE6DE500B3E version 4, created 1382876493, md5len 0, sigclass 0x13 [...] :public sub key packet: version 4, algo 1, created 1258031707, expires 0 [...] You can send me the oddly large key and a normal one, and I can take a look at it and compare them. I won't spend a whole lot of time on it, but it sounds like it will rather stand out, since it is, well, large :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From johanw at vulcan.xs4all.nl Sat Mar 8 10:53:10 2014 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat, 08 Mar 2014 10:53:10 +0100 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: References: Message-ID: <531AE886.5050609@vulcan.xs4all.nl> On 08-03-2014 0:29, Steve Strobel wrote: > We have a Windows application that automatically generates a key pair on > first startup (no passphrase), then sends its public key to a server. > I recently got an error message caused by the keyfile it created > exceeding a 10 KB threshold in the application code. Perhaps it collected a lot of signatures? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From mailinglisten at hauke-laging.de Sat Mar 8 21:12:28 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 08 Mar 2014 21:12:28 +0100 Subject: marking offline mainkeys / smartcard keys in --edit-key toggle Message-ID: <16217208.2OouWbbVGv@inno> Hello, I have just been pointed at the fact that --list-secret-keys does mark offline mainkeys but --edit-key toggle doesn't. The same effect occurs with smartcards. The one who complained about that (not some noob but a CS student) considers this confusing. I never had this problem myself but I agree that this doesn't make sense. Thus I suggest the small change of being consistent over the different ways of key display. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From steve.strobel at link-comm.com Mon Mar 10 16:36:18 2014 From: steve.strobel at link-comm.com (Steve Strobel) Date: Mon, 10 Mar 2014 09:36:18 -0600 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: <531AE60C.3010206@digitalbrains.com> References: <531AE60C.3010206@digitalbrains.com> Message-ID: Johan Wevers > Perhaps it collected a lot of signatures? I would not have said so, but you are right. On Sat, Mar 8, 2014 at 2:42 AM, Peter Lebbing wrote: > You can inspect the data with a command like: > $ gpg --list-packets "C:/Documents and Settings/steve.strobel/Application > Data/gnupg\pubring.gpg" > Thanks for that command. It does show a couple dozen additional sections for the large key, sections like this: :trust packet: flag=00 sigcache=03 :signature packet: algo 1, keyid E497A900BC02EE05 version 4, created 1392850339, md5len 0, sigclass 0x13 digest algo 2, begin of digest 15 d2 hashed subpkt 2 len 4 (sig created 2014-02-19) hashed subpkt 27 len 1 (key flags: 2F) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID E497A900BC02EE05) data: [2040 bits] Our application doesn't use the trust system for much, but the client does assign ultimate trust to the server's key. Maybe it is doing that more than once (such as each time the program is started). It could skip that step if it has already been done. Is there a better way to check that than to use --list-packets and parse the output? When we export the public key with a command like "gpg --output client-key.gpg --export -a ID49C207DF", is there a way to do so without the signatures? We send that key to the server so it can be used to encrypt data for the client, but we don't really need to transfer any information about how trusted the client is. Does that make sense? Now that I think about it, the client key shouldn't have any signatures at all; there is nothing else in the system to attest to them. I posted the complete --list-packets (and --list-keys) output at the URLs below in case it is helpful: Thanks, Peter and Johan, for your help. Steve -- Steve Strobel Link Communications, Inc. 1035 Cerise Rd Billings, MT 59101-7378 (406) 245-5002 ext 102 (406) 245-4889 (fax) WWW: http://www.link-comm.com MailTo:steve.strobel at link-comm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at heypete.com Mon Mar 10 17:18:58 2014 From: pete at heypete.com (Pete Stephenson) Date: Mon, 10 Mar 2014 17:18:58 +0100 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: References: <531AE60C.3010206@digitalbrains.com> Message-ID: On Mon, Mar 10, 2014 at 4:36 PM, Steve Strobel wrote: > When we export the public key with a command like "gpg --output > client-key.gpg --export -a ID49C207DF", is there a way to do so without the > signatures? We send that key to the server so it can be used to encrypt > data for the client, but we don't really need to transfer any information > about how trusted the client is. Does that make sense? Now that I think > about it, the client key shouldn't have any signatures at all; there is > nothing else in the system to attest to them. I posted the complete > --list-packets (and --list-keys) output at the URLs below in case it is > helpful: Adding "--export-options export-minimal" should do the trick. That is, "gpg --output client-key.gpg --export --export-options export-minimal -a ID49C207DF". See http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Input-and-Output.html for details. Cheers! -Pete -- Pete Stephenson From olav at enigmail.net Mon Mar 10 17:31:15 2014 From: olav at enigmail.net (Olav Seyfarth) Date: Mon, 10 Mar 2014 17:31:15 +0100 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: References: <531AE60C.3010206@digitalbrains.com> Message-ID: <531DE8D3.101@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Steve, maybe you just want to clean sigs using one of the import/export options. Olav ___ - From /man gpg/ *--import-options parameters* This is a space or comma delimited string that gives options for importing keys. Options can be prepended with a `no-' to give the opposite meaning. The options are: import-local-sigs Allow importing key signatures marked as "local". This is not generally useful unless a shared keyring scheme is being used. Defaults to no. repair-pks-subkey-bug During import, attempt to repair the damage caused by the PKS keyserver bug (pre v. 0.9.6) that mangles keys with multiple subkeys. Note that this cannot completely repair the damaged key as some crucial data is removed by the keyserver, but it does at least give you back one subkey. Defaults to no for regular --import and to yes for keyserver --recv-keys. merge-only During import, allow key updates to existing keys, but do not allow any new keys to be imported. Defaults to no. import-clean After import, compact (remove all signatures except the self-signature) any user IDs from the new key that are not usable. Then, remove any signatures from the new key that are not usable. This includes signatures that were issued by keys that are not present on the keyring. This option is the same as running the --edit-key command "clean" after import. Defaults to no. import-minimal Import the smallest key possible. This removes all signatures except the most recent self-signature on each user ID. This option is the same as running the --edit-key command "minimize" after import. Defaults to no. *--export-options parameters* This is a space or comma delimited string that gives options for exporting keys. Options can be prepended with a `no-' to give the opposite meaning. The options are: export-local-sigs Allow exporting key signatures marked as "local". This is not generally useful unless a shared keyring scheme is being used. Defaults to no. export-attributes Include attribute user IDs (photo IDs) while exporting. This is useful to export keys if they are going to be used by an OpenPGP program that does not accept attribute user IDs. Defaults to yes. export-sensitive-revkeys Include designated revoker information that was marked as "sensitive". Defaults to no. export-reset-subkey-passwd When using the --export-secret-subkeys command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn't necessarily make sense. Defaults to no. export-clean Compact (remove all signatures from) user IDs on the key being exported if the user IDs are not usable. Also, do not export any signatures that are not usable. This includes signatures that were issued by keys that are not present on the keyring. This option is the same as running the --edit-key command "clean" before export except that the local copy of the key is not modified. Defaults to no. export-minimal Export the smallest key possible. This removes all signatures except the most recent self-signature on each user ID. This option is the same as running the --edit-key command "minimize" before export except that the local copy of the key is not modified. Defaults to no. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJTHejNAAoJEKGX32tq4e9WRPUL/2X97yjHHcA4//Mm9BOqmkLz B5T6/baDVzVxrNVSVPtrCE3wOqjrtVEJ1Pv+RET3v3X0pK3ncIZm1GM8pz1oYQrk 4CX6zIN3NtXXayNOAai9AVx/Rtsk2+Rs7RHqmqjq1kvx+wk6AvFnoJ7EposwYnbY 9hHNjbF7S5zaLvPrIhVO+TZTxVFWASe3feeF6ikdza547TgR5RibNPvkglM1VyZE NjEcnpNxk0hMCp9VBkvuioDxJJySbzxYQmnANDkCw8yJ0EfWQ2vJqRka7Nn5qB6M jtY364RVtAxJoc+wMDbXqkaIs+q5ltAyMO/geBZSNZc2m+JpHmDFdM8f1FxEnUdk jY5lE6GX6/W1WqwQ7AXE2mpbDB9/S3nKd8Y6v+09lWG1CTjyVJYjEPl80SYMv0ET Hxt/37/bs6PW1GE+189Q0qMOh5uy9L/jJMJzQXTjqBFMF7XcpFCri1sgmVIIj1vD gU6nPf8KqW0zuMDiOUWjkVdkzSLzhulUkmNF2Umi0Q== =FsQP -----END PGP SIGNATURE----- From peter at digitalbrains.com Mon Mar 10 22:40:25 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 10 Mar 2014 22:40:25 +0100 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: References: <531AE60C.3010206@digitalbrains.com> Message-ID: <531E3149.50907@digitalbrains.com> A short reply, because this is not the time. > Johan Wevers > >> Perhaps it collected a lot of signatures? > > I would not have said so, but you are right. I wouldn't have said so either, because as I understand it, you are generating the key, so it does not have any signatures from others yet. > :signature packet: algo 1, keyid E497A900BC02EE05 > version 4, created 1392850339, md5len 0, sigclass 0x13 > digest algo 2, begin of digest 15 d2 > hashed subpkt 2 len 4 (sig created 2014-02-19) > hashed subpkt 27 len 1 (key flags: 2F) > hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) > hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) > hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) > hashed subpkt 30 len 1 (features: 01) > hashed subpkt 23 len 1 (key server preferences: 80) > subpkt 16 len 8 (issuer key ID E497A900BC02EE05) > data: [2040 bits] This is a self-signature, a signature made by the key itself. I'm fairly sure Johan was talking about signatures from other people. Perhaps it created a whole bunch of self-signatures? Could you still send me the overlong key and one that has been "correctly" generated? I'm curious if we can figure out what it was. That's all it is to me, a hobby :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Tue Mar 11 17:10:12 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Mar 2014 17:10:12 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <531EE8F5.8040809@bootc.net> (Chris Boot's message of "Tue, 11 Mar 2014 10:44:05 +0000") References: <531EE8F5.8040809@bootc.net> Message-ID: <87d2hsaf8b.fsf@vigenere.g10code.de> On Tue, 11 Mar 2014 11:44, bootc at bootc.net said: > reverse the last two APDUs (e6 then 44 rather than 44 then e6). I > believe that E6 is 'TERMINATE DF' and 44 is 'ACTIVATE FILE', so the 2009 > instructions are probably correct while the 2013 ones are not. IIRC, early v2 cards have a bug which partly reverses terminate and activate. Thus there should actually be 4 versions of the instructions. Unfortunately I have never worked out the details. My way of resetting the card is using the commands several times while inbetween removing the card from the reader. > run on them, please? I can't even get gpg-connect-agent to talk to the > cards now ("gpg: OpenPGP card not available: Not supported"), nor even > tools like opensc-explorer. There is a little trick here: > scd reset OK > scd serialno undefined S SERIALNO FF7F00 0 The SEARIALNO command takes an option argument to select the application. You may use 'undefined' followed by standard APDU commands: @subsection The Undefined card application ``undefined'' This is a stub application to allow the use of the APDU command even if no supported application is found on the card. This application is not used automatically but must be explicitly requested using the SERIALNO command. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From steve.strobel at link-comm.com Tue Mar 11 20:11:15 2014 From: steve.strobel at link-comm.com (Steve Strobel) Date: Tue, 11 Mar 2014 13:11:15 -0600 Subject: Size of client key jumped from 2KB to 25KB In-Reply-To: <531E3149.50907@digitalbrains.com> References: <531AE60C.3010206@digitalbrains.com> <531E3149.50907@digitalbrains.com> Message-ID: Thanks, Olav and Pete, for the info about how to clean up the signatures. Adding the "--export-options export-minimal" option reduced the file to the expected size. So that is a great solution for the keys I already have. Peter Lebbing wrote: > Perhaps it created a whole bunch of self-signatures? I don't know why it would have, but I haven't looked specifically for that either. > Could you still send me the overlong key and one that has been "correctly" > generated? I'm curious if we can figure out what it was. That's all it is to me, > a hobby :). Sure. I will send you those keys by direct email. Steve -- Steve Strobel Link Communications, Inc. 1035 Cerise Rd Billings, MT 59101-7378 (406) 245-5002 ext 102 (406) 245-4889 (fax) WWW: http://www.link-comm.com MailTo:steve.strobel at link-comm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From bootc at bootc.net Tue Mar 11 11:44:05 2014 From: bootc at bootc.net (Chris Boot) Date: Tue, 11 Mar 2014 10:44:05 +0000 Subject: Resetting an OpenPGP smart card "bricks" it Message-ID: <531EE8F5.8040809@bootc.net> Hi, I've reset two OpenPGP smart cards using the instructions at http://lists.gnupg.org/pipermail/gnupg-users/2013-March/046261.html and both have been rendered unusable. Both are OpenPGP V2 cards. I notice the instructions at http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037413.html reverse the last two APDUs (e6 then 44 rather than 44 then e6). I believe that E6 is 'TERMINATE DF' and 44 is 'ACTIVATE FILE', so the 2009 instructions are probably correct while the 2013 ones are not. Is there a way to recover cards that have had the erroneous procedure run on them, please? I can't even get gpg-connect-agent to talk to the cards now ("gpg: OpenPGP card not available: Not supported"), nor even tools like opensc-explorer. Please CC me as I'm not subscribed. Cheers, Chris -- Chris Boot bootc at bootc.net From bootc at bootc.net Tue Mar 11 18:20:59 2014 From: bootc at bootc.net (Chris Boot) Date: Tue, 11 Mar 2014 17:20:59 +0000 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <87d2hsaf8b.fsf@vigenere.g10code.de> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> Message-ID: <531F45FB.9040405@bootc.net> On 11/03/14 16:10, Werner Koch wrote: > On Tue, 11 Mar 2014 11:44, bootc at bootc.net said: > >> reverse the last two APDUs (e6 then 44 rather than 44 then e6). I >> believe that E6 is 'TERMINATE DF' and 44 is 'ACTIVATE FILE', so the 2009 >> instructions are probably correct while the 2013 ones are not. > > IIRC, early v2 cards have a bug which partly reverses terminate and > activate. Thus there should actually be 4 versions of the instructions. > Unfortunately I have never worked out the details. My way of resetting > the card is using the commands several times while inbetween removing > the card from the reader. Hi Werner, Hmm. I did my two cards by: 1. Plugging in reader with embedded card (I'm using Gemalto IDBridge K30 and K50 readers). 2. gpg2 --card-status 3. gpg-connect-agent, then run commands as per your email 4. Unplug reader with card. 5. Plug in again and find that gpg2 --card-status fails. If it's any use, the two cards in question have serial numbers: - 000500001BDE - 0005000020D5 >> run on them, please? I can't even get gpg-connect-agent to talk to the >> cards now ("gpg: OpenPGP card not available: Not supported"), nor even >> tools like opensc-explorer. > > There is a little trick here: > > > scd reset > OK > > scd serialno undefined > S SERIALNO FF7F00 0 > > The SEARIALNO command takes an option argument to select the > application. You may use 'undefined' followed by standard APDU > commands: > > @subsection The Undefined card application ``undefined'' > > This is a stub application to allow the use of the APDU command even > if no supported application is found on the card. This application is > not used automatically but must be explicitly requested using the > SERIALNO command. Hi Werner, Unfortunately, neither "bricked" card appears to want to respond to the serialno command: $ gpg-connect-agent > /hex > reset OK > scd serialno undefined ERR 100663356 Not supported > scd apdu 00 e6 00 00 ERR 100663351 Invalid value > scd apdu 00 44 00 00 ERR 100663351 Invalid value > This is running GnuPG 2.0.22. Cheers, Chris -- Chris Boot bootc at bootc.net From peter at digitalbrains.com Tue Mar 11 22:00:40 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Mar 2014 22:00:40 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <531F45FB.9040405@bootc.net> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> Message-ID: <531F7978.8010908@digitalbrains.com> On 11/03/14 18:20, Chris Boot wrote: >> > scd reset > [...] >> reset You forgot the 'scd' prefix on reset. That might be the problem. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From gnupg-users at mlists.thewrittenword.com Tue Mar 11 19:30:24 2014 From: gnupg-users at mlists.thewrittenword.com (Albert Chin) Date: Tue, 11 Mar 2014 13:30:24 -0500 Subject: [Announce] [security fix] GnuPG 2.0.22 released In-Reply-To: <87eh803y1c.fsf@vigenere.g10code.de> References: <87eh803y1c.fsf@vigenere.g10code.de> Message-ID: <20140311183024.GB13293@china> On Sat, Oct 05, 2013 at 10:46:39AM +0200, Werner Koch wrote: > We are pleased to announce the availability of a new stable GnuPG-2 > release: Version 2.0.22. This is a *security fix* release and all > users are advised to updated to this version. See below for the > impact of the problem. > > [[ snip snip ]] > > What's New in 2.0.22 > ==================== > > * Fixed possible infinite recursion in the compressed packet > parser. [CVE-2013-4402] Does libgpg-error need updating as well? According to https://bugzilla.redhat.com/show_bug.cgi?id=1015685 and https://lwn.net/Articles/571943/ there is some indication of this but looking at the changes between 1.10 and 1.11, I see nothing to indicate an update to libgpg-error is necessary. -- albert chin (china at thewrittenword.com) From wk at gnupg.org Wed Mar 12 09:14:31 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Mar 2014 09:14:31 +0100 Subject: [Announce] [security fix] GnuPG 2.0.22 released In-Reply-To: <20140311183024.GB13293@china> (Albert Chin's message of "Tue, 11 Mar 2014 13:30:24 -0500") References: <87eh803y1c.fsf@vigenere.g10code.de> <20140311183024.GB13293@china> Message-ID: <87bnxb96l4.fsf@vigenere.g10code.de> On Tue, 11 Mar 2014 19:30, gnupg-users at mlists.thewrittenword.com said: > Does libgpg-error need updating as well? According to Yes. It is not a security issue but a general maintenance thing. New error codes are from time to time added to libgpg-error and by requiring a newer version of libgpg-error we avoid adding error code replacement macros to gnupg. > looking at the changes between 1.10 and 1.11, I see nothing to > indicate an update to libgpg-error is necessary. configure checks for 1.11. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bootc at bootc.net Tue Mar 11 22:21:32 2014 From: bootc at bootc.net (Chris Boot) Date: Tue, 11 Mar 2014 21:21:32 +0000 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <531F7978.8010908@digitalbrains.com> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <531F7978.8010908@digitalbrains.com> Message-ID: <531F7E5C.2030806@bootc.net> On 11/03/2014 21:00, Peter Lebbing wrote: > On 11/03/14 18:20, Chris Boot wrote: >>> > scd reset >> [...] >>> reset > > You forgot the 'scd' prefix on reset. That might be the problem. Sadly that makes no difference either :-( Cheers, Chris -- Chris Boot bootc at bootc.net From wk at gnupg.org Wed Mar 12 14:54:20 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Mar 2014 14:54:20 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <531F45FB.9040405@bootc.net> (Chris Boot's message of "Tue, 11 Mar 2014 17:20:59 +0000") References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> Message-ID: <87vbvj7cab.fsf@vigenere.g10code.de> On Tue, 11 Mar 2014 18:20, bootc at bootc.net said: >> scd serialno undefined > ERR 100663356 Not supported > This is running GnuPG 2.0.22. Oops. I am sorry, this is not implemented in 2.0. I am using 2.1 for so long now that I didn't remember that "undefined" only works in master. pcsclite should have tool to send APDUs to a card. My old gscutils card tools have been replaced by scdaemon's APDU command. You may find them somewhere but using the tools from pcsc should be easier. Maybe useful to backport the changes. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Wed Mar 12 16:21:21 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 12 Mar 2014 16:21:21 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <87vbvj7cab.fsf@vigenere.g10code.de> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <87vbvj7cab.fsf@vigenere.g10code.de> Message-ID: On 2014-03-12 14:54, Werner Koch wrote: > pcsclite should have tool to send APDUs to a card. My old gscutils > card > tools have been replaced by scdaemon's APDU command. You may find > them > somewhere but using the tools from pcsc should be easier. Back in January, in a similar situation, I found[1] someone had written a little python script[2] to send the APDU's. If the smartcard isn't pleased by the order of the two APDU's, try them in reverse order (the code is easy to read). HTH, Peter. [1] http://lists.gnupg.org/pipermail/gnupg-users/2014-January/048836.html [2] http://lists.gnupg.org/pipermail/gnupg-devel/2013-March/027518.html -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From vedaal at nym.hush.com Wed Mar 12 18:05:19 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 12 Mar 2014 13:05:19 -0400 Subject: ? incompatibilty issue ? In-Reply-To: <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> References: <20140305022004.D7B8B2038C@smtp.hushmail.com> <4F5E7B93-1566-467D-939F-022A40CD0334@yeovilleproductions.com> <20140310145231.D1217200F0@smtp.hushmail.com> <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> Message-ID: <20140312170519.B44A9200D4@smtp.hushmail.com> Happened to notice a minor incompatibility that was not there in previous versions of gnupg 1.x, before IDEA was included. Created the following symmetrically encrypted message using Disastry's version of PGP 2.x -----BEGIN PGP MESSAGE----- Version: PGP 2.6.3ia-multi06 Comment: Passphrase: sss pgAAADPRnyFTsp5qCgKjgKpouoMqq1orcvEsZry5uRprNq9Qce3FqUzZT8BbeuGO Vah6crraHF4= =8GSP -----END PGP MESSAGE----- This was the command, using Twofish as the preferred cipher: V:zdm6dj32>pgp -ca -jt c:hct.txt TWOFISH chosen for conventional encryption. Pretty Good Privacy(tm) 2.6.3ia-multi06 - Public-key encryption for the masses (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2002-04-22 International version - for use everywhere (including USA). Current time: 2014/03/12 13:42 GMT PGP is now using TWOFISH with MD5. You need a pass phrase to encrypt the file. Enter pass phrase: sss Output file 'c:hct.asc' already exists. Overwrite (y/N)? y Now, when trying to decrypt, this is what happens in GnuPG 1.4.16 : C:g1416>gpg -d c:hct.asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: PGP 2.6.3ia-multi06 gpg: armor header: Comment: Passphrase: sss :encrypted data packet: length: 51 gpg: assuming IDEA encrypted data gpg: session key: `1:9F6E6800CFAE7749EB6C486619254B9C' gpg: out of memory while allocating 1746465999 bytes Is there something in the way that pgp 2.x makes symmetrical messages, that gnupg recognizes as 2.x, and therefore assumes IDEA ? (I did not use 'pgp 2' in the options in gpg.conf.) vedaal -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at nym.hush.com Wed Mar 12 18:11:59 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 12 Mar 2014 13:11:59 -0400 Subject: ?incompatibility issue? In-Reply-To: <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> References: <20140305022004.D7B8B2038C@smtp.hushmail.com> <4F5E7B93-1566-467D-939F-022A40CD0334@yeovilleproductions.com> <20140310145231.D1217200F0@smtp.hushmail.com> <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> Message-ID: <20140312171159.84006200D4@smtp.hushmail.com> For some reason, none of the backward slashes '' were included in the posting in Gnupg users mailing list website. vedaal -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at nym.hush.com Wed Mar 12 19:10:51 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 12 Mar 2014 14:10:51 -0400 Subject: ? incompatibility issue ? In-Reply-To: <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> References: <20140305022004.D7B8B2038C@smtp.hushmail.com> <4F5E7B93-1566-467D-939F-022A40CD0334@yeovilleproductions.com> <20140310145231.D1217200F0@smtp.hushmail.com> <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> Message-ID: <20140312181051.EF23D200D4@smtp.hushmail.com> Gnupg 1.4.16 decrypts the above 2.x message fine when using the --override-session-key and just changing the 1 in the shown session key to a 10. C:g1416>gpg --override-session-key 10:9F6E6800CFAE7749EB6C486619254B9C c:hct. asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: PGP 2.6.3ia-multi06 gpg: armor header: Comment: Passphrase: sss :encrypted data packet: length: 51 gpg: TWOFISH encrypted data gpg: session key: `10:9F6E6800CFAE7749EB6C486619254B9C' :unknown packet: type 49, length 46 dump: b2 89 33 64 9e 9f e6 56 9a 6a e7 2d da 57 2b a9 40 e3 34 5f e7 47 46 86 24: 78 c3 13 0c 6a 5b f4 EOF gpg: decryption okay gpg: WARNING: message was not integrity protected C:g1416> vedaalAttach a file -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Wed Mar 12 19:12:06 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Mar 2014 19:12:06 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <53207FD7.2020304@bootc.net> (Chris Boot's message of "Wed, 12 Mar 2014 15:40:07 +0000") References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <87vbvj7cab.fsf@vigenere.g10code.de> <53207FD7.2020304@bootc.net> Message-ID: <87mwgv70cp.fsf@vigenere.g10code.de> On Wed, 12 Mar 2014 16:40, bootc at bootc.net said: > $ scriptor > No reader given: using Gemalto USB Shell Token V2 (2BAA4AC2) 00 00 > Using T=1 protocol > Reading commands from STDIN > 00 44 00 00 > > 00 44 00 00 > < 6A 88 : Wrong parameter(s) P1-P2. Referenced data not found. Try sending 00 E6 00 00 first. Then unplug and insert the card and try the 00 44 00 00. Salam-Shalom, Werner p.s. Meanwhile I backported the "SERIALNO undefined" feature to 2.0. Thus 2.0.23 should make it a bit easier to play with it. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 12 19:22:11 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Mar 2014 19:22:11 +0100 Subject: ? incompatibilty issue ? In-Reply-To: <20140312170519.B44A9200D4@smtp.hushmail.com> (vedaal@nym.hush.com's message of "Wed, 12 Mar 2014 13:05:19 -0400") References: <20140305022004.D7B8B2038C@smtp.hushmail.com> <4F5E7B93-1566-467D-939F-022A40CD0334@yeovilleproductions.com> <20140310145231.D1217200F0@smtp.hushmail.com> <101513B6-19DF-4888-B14E-4B35787CFEFF@yeovilleproductions.com> <20140312170519.B44A9200D4@smtp.hushmail.com> Message-ID: <87ha736zvw.fsf@vigenere.g10code.de> On Wed, 12 Mar 2014 18:05, vedaal at nym.hush.com said: > Is there something in the way that pgp 2.x makes symmetrical messages, > that gnupg recognizes as 2.x, and therefore assumes IDEA ? Right. If there is no session key packet (3) gpg uses IDEA if available. Use --cipher TWOFISH to set a different algo. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Wed Mar 12 19:38:46 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 12 Mar 2014 19:38:46 +0100 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <5320883D.5000501@bootc.net> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <87vbvj7cab.fsf@vigenere.g10code.de> <5320883D.5000501@bootc.net> Message-ID: <5320A9B6.4050301@digitalbrains.com> On 12/03/14 17:15, Chris Boot wrote: > 00 a4 04 00 06 d2 76 00 01 24 01 > > 00 a4 04 00 06 d2 76 00 01 24 01 > < XX YY : {{ NVRAM not changed }} > [...] > Note the line that says XX YY and NVRAM not changed is from memory; I > remember it saying about the NVRAM having _not_ being changed, but it > worked anyway. That is probably because the program didn't recognise the exact status code, but was able to place it in the class "NVRAM not changed". The class is defined in a different standard than the exact status code, and the program gives the best interpretation it can. > For others following this thread, 'scriptor' is in the pcsc-tools > package in Debian, and seems to be a pretty neat if scary tool for > sending raw ADPUs to smart cards. That's indeed a nice thing to have, although the "SERIALNO undefined" method in scdaemon means that I wouldn't have to start pcscd since it uses the GnuPG internal CCID driver, and thus requires less keystrokes for me to use in practice :). But scriptor's more verbose status logging can come in pretty handy I suppose. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From hans at guardianproject.info Thu Mar 13 01:54:01 2014 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Wed, 12 Mar 2014 20:54:01 -0400 Subject: GnuPrivacyGuard for Android v0.3 released! Message-ID: <532101A9.4090009@guardianproject.info> GnuPrivacyGuard for Android (GPGA) brings GnuPG, the most trusted name in encryption, to Android. Easily encrypt, decrypt, sign and verify files of any kind, just by sharing them to GPGA. This app aims to provide a complete, integrated cryptographic toolkit integrated into the Android experience. GPGA provides solid encryption for files private, and for verifying that files are who you think they are. It includes optimizations to make it operate many times faster than other encryption packages on Android. GPGA provides an integrated experience, so clicking on OpenPGP files "just works". You can also share files to GPGA to decrypt, encrypt, sign, or verify them. GPGA will respond when you click on a OpenPGP fingerprint URL (one that starts with openpgp4fpr:). GPGA also gives you complete command line access to the entire GnuPG suite of encryption software. It also serves as the test bed for complete Android integration for all of GnuPG's crypto services, including OpenPGP, symmetric encryption, and more. GPGA is available in: Arabic (???????), English, French (Fran?ais), German (Deutsch), Norwegian (Norsk), Portuguese (Portugu?s), Spanish (Espa?ol). Don?t see your language? Join us and help translate the app: * https://www.transifex.com/projects/p/gpg For a list of issues addressed in this version: * https://dev.guardianproject.info/versions/90 For more info: * https://guardianproject.info/code/gnupg/ * https://dev.guardianproject.info/projects/gpgandroid/wiki ***Download*** * Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.gpg * FDroid: https://f-droid.org/repository/browse/?fdid=info.guardianproject.gpg * direct download: ** https://guardianproject.info/releases/GnuPrivacyGuard-release-0.3.apk ** https://guardianproject.info/releases/GnuPrivacyGuard-release-0.3.apk.sig ** SHA1: dd36d1c8ea933d11a40586302376feaa4da28b0d ***Setup*** Before using GPGA, be sure to launch the app and let it finish its installation process. Once it has completed, then you're ready to use it! If you want to use the command line, the easiest way to get started with GPGA is to install Android Terminal Emulator. GPGA will automatically configure Android Terminal Emulator as long as you have the "Allow PATH extensions" settings enabled. Get the Android Terminal Emulator at https://play.google.com/store/apps/details?id=jackpal.androidterm ***Please Report Bugs*** This is a big project, so there will inevitably be bugs. Help us improve this software by filing bug reports about any problem that you encounter. Feature requests are also welcome! https://dev.guardianproject.info/projects/gpgandroid/issues -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 969 bytes Desc: OpenPGP digital signature URL: From Vikash.X.Kumar at in.tesco.com Wed Mar 12 14:07:38 2014 From: Vikash.X.Kumar at in.tesco.com (Kumar, Vikash X) Date: Wed, 12 Mar 2014 18:37:38 +0530 Subject: Encrypting File with passphrase Message-ID: Hi Team, Could you please help me to understand the following query. We are using gpg encryption method for encryption and decryption in our application. We have generated the keypairs on server A and public key is imported on server B also a passphrase say "Strange" was provided while generating the key. Now I am trying to encrypt the file on server B using this public key, I am able to do so without any matter I pass the passphrase or not. So my ask is, if a key pair is generated with passphrase it won't restrict the encryption incase incorrect passphrase or no passphrase is passed? Also I was able to encrypt the file on server B by providing any random passphrase, but decryption is possible with correct passphrase only. Many Thanks for your help. Regards, Vikash Kumar ________________________________ This is a confidential email. Tesco may monitor and record all emails. The views expressed in this email are those of the sender and not Tesco. Tesco Stores Limited Company Number: 519500 Registered in England Registered Office: Tesco House, Delamare Road, Cheshunt, Hertfordshire EN8 9SL VAT Registration Number: GB 220 4302 31 -------------- next part -------------- An HTML attachment was scrubbed... URL: From bootc at bootc.net Wed Mar 12 16:40:07 2014 From: bootc at bootc.net (Chris Boot) Date: Wed, 12 Mar 2014 15:40:07 +0000 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: <87vbvj7cab.fsf@vigenere.g10code.de> References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <87vbvj7cab.fsf@vigenere.g10code.de> Message-ID: <53207FD7.2020304@bootc.net> On 12/03/14 13:54, Werner Koch wrote: > > On Tue, 11 Mar 2014 18:20, bootc at bootc.net said: >>> scd serialno undefined >> ERR 100663356 Not supported > >> This is running GnuPG 2.0.22. > > Oops. I am sorry, this is not implemented in 2.0. I am using 2.1 for > so long now that I didn't remember that "undefined" only works in master. > > pcsclite should have tool to send APDUs to a card. My old gscutils card > tools have been replaced by scdaemon's APDU command. You may find them > somewhere but using the tools from pcsc should be easier. > > Maybe useful to backport the changes. Hi Werner, I tried using 'scriptor' to send "00 44 00 00" to the card, but the card refused that too. Not being a Smart Card expert, I really don't know what else I should try to send to the card to get meaningful replies from it. $ scriptor No reader given: using Gemalto USB Shell Token V2 (2BAA4AC2) 00 00 Using T=1 protocol Reading commands from STDIN 00 44 00 00 > 00 44 00 00 < 6A 88 : Wrong parameter(s) P1-P2. Referenced data not found. Thanks, Chris -- Chris Boot bootc at bootc.net From bootc at bootc.net Wed Mar 12 17:15:57 2014 From: bootc at bootc.net (Chris Boot) Date: Wed, 12 Mar 2014 16:15:57 +0000 Subject: Resetting an OpenPGP smart card "bricks" it In-Reply-To: References: <531EE8F5.8040809@bootc.net> <87d2hsaf8b.fsf@vigenere.g10code.de> <531F45FB.9040405@bootc.net> <87vbvj7cab.fsf@vigenere.g10code.de> Message-ID: <5320883D.5000501@bootc.net> On 12/03/14 15:21, Peter Lebbing wrote: > On 2014-03-12 14:54, Werner Koch wrote: >> pcsclite should have tool to send APDUs to a card. My old gscutils card >> tools have been replaced by scdaemon's APDU command. You may find them >> somewhere but using the tools from pcsc should be easier. > > Back in January, in a similar situation, I found[1] someone had written > a little python script[2] to send the APDU's. If the smartcard isn't > pleased by the order of the two APDU's, try them in reverse order (the > code is easy to read). > > HTH, > > Peter. > > [1] http://lists.gnupg.org/pipermail/gnupg-users/2014-January/048836.html > [2] http://lists.gnupg.org/pipermail/gnupg-devel/2013-March/027518.html Peter, THANK YOU! Your pointers helped me recover both cards. I didn't use the Python script at [2], but I sent the two APDUs that it sends to the cards using 'scriptor', which recovered them. Unfortunately I closed the window shortly after celebrating so I don't have the exact transcript of the session, but it looked something like: $ scriptor No reader given: using Gemalto USB Shell Token V2 (D4182110) 00 00 Using T=1 protocol Reading commands from STDIN 00 a4 04 00 06 d2 76 00 01 24 01 > 00 a4 04 00 06 d2 76 00 01 24 01 < XX YY : {{ NVRAM not changed }} 00 44 00 00 > 00 44 00 00 < 90 00 : Normal processing. Note the line that says XX YY and NVRAM not changed is from memory; I remember it saying about the NVRAM having _not_ being changed, but it worked anyway. I really wish I hadn't fat-fingered my terminal and closed it. For others following this thread, 'scriptor' is in the pcsc-tools package in Debian, and seems to be a pretty neat if scary tool for sending raw ADPUs to smart cards. Thanks again Peter for pointing me at that Python script. Cheers, Chris -- Chris Boot bootc at bootc.net From luto at mit.edu Thu Mar 13 00:55:15 2014 From: luto at mit.edu (Andrew Lutomirski) Date: Wed, 12 Mar 2014 16:55:15 -0700 Subject: Downloading public key from OpenPGP card Message-ID: I have an OpenPGP card (an applet on a Yubikey NEO). $ gpg --card-edit gpg: detected reader `Yubico Yubikey NEO OTP+CCID 00 00' Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: [not set] Language prefs ...: en Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 6 Signature key ....: 846D E20B 0ED9 0A19 5822 C7C6 3A95 152C 6C0E A581 created ....: 2014-03-12 22:46:33 Encryption key....: 2BAC ADC6 725A 6D63 4BC7 9E2C 5A84 2069 31F7 0484 created ....: 2014-03-12 22:46:33 Authentication key: C1F5 5179 D6AA E857 1C82 2AEF 20BB B0ED 8FE0 9C06 created ....: 2014-03-12 22:46:33 General key info..: [none] I want to read those public keys into my keyring. How do I do this? The OpenPGP specification says that this is GENERATE ASYMMETRIC KEY PAIR, subcommand 0x81. The scd function that corresponds to this is iso7816_read_public_key How do I get gpg to issue that command? gpg2 2.0.22 doesn't seem any more useful in this regard. From micha137 at gmx.de Thu Mar 13 11:07:45 2014 From: micha137 at gmx.de (Michael Anders) Date: Thu, 13 Mar 2014 11:07:45 +0100 Subject: Encrypting File with passphrase, In-Reply-To: References: Message-ID: <1394705265.6588.8.camel@micha137-myAMD-CM1740> Hi Vikash On Thu, 2014-03-13 at 10:36 +0100, gnupg-users-request at gnupg.org wrote: > Encrypting File with passphrase >Now I am trying to encrypt the file on server B using this public key, >I am able to do so without any matter I pass the passphrase or not. > >So my ask is, if a key pair is generated with passphrase it won't >restrict the encryption incase incorrect passphrase or no passphrase is >passed? Also I was able to encrypt the file on server B by providing >any random passphrase, but decryption is possible with correct >passphrase only. You do not need a passpharase for operations with a public key (encryption or signature verification) because the key is not secret. Everyone is allowed to access it, so there is no need to protect it with a passphrase. This is the essence of asymmetric cryptography. Apparently Gnupg just ignores a password given when it is not needed. This seems reasonable to me. regards Michael Anders (http://www.fh-wedel.de/~an/) From gnupg at lists.grepular.com Thu Mar 13 12:01:02 2014 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Thu, 13 Mar 2014 11:01:02 +0000 Subject: GnuPrivacyGuard for Android v0.3 released! In-Reply-To: <532101A9.4090009@guardianproject.info> References: <532101A9.4090009@guardianproject.info> Message-ID: <20140313110102.GA22659@glue.grepular.com> * on the Wed, Mar 12, 2014 at 08:54:01PM -0400, Hans-Christoph Steiner wrote: > GnuPrivacyGuard for Android (GPGA) brings GnuPG, the most trusted name in > encryption, to Android. Easily encrypt, decrypt, sign and verify files of any > kind, just by sharing them to GPGA. This app aims to provide a complete, > integrated cryptographic toolkit integrated into the Android experience. Does it supply a system of interaction with other apps via intents, like APG does? I'm just wondering if other apps will be able to integrate with it in the same way that K-9 Mail integrates with APG to add OpenPGP encryption for email... -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 598 bytes Desc: Digital signature URL: From martin-gnupg-users at dkyb.de Thu Mar 13 11:44:08 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Thu, 13 Mar 2014 11:44:08 +0100 Subject: Multiple Subkey Pairs Message-ID: <53218BF8.8@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device What I want to do is to have a different "pair" for my mobile device or work computer than on my machine. I want to give those pairs a shorter lifetime like 1 year (depending on the paranoia level) so I can change them more frequently. (Besides the hopefully security advantages this also would make changing outdated subkeys more easily because there will be still a working keypair while people still update to the new keypairs) To setup a key with subkeys is not to big of a problem. There are enough tutorials out there. I just didn't find a nice key management tool for that. Especially exporting keys with only one of the subkey pairs requires some work ... Now the following problem arises (at least from the reading I have done). As I understand gpg only uses one of the encryption subkeys to encrypt the message. So the question is, is it possible to encrypt to all encryption subkeys in a key? And if yes, is there an easy way to do it, so also not just me can handle that, but also the people who sent me encrypted mails. (And if not, does it make sense to implement something like this in gnupg?) And a more general question: This approach generates some overhead so is there maybe a way to achieve something similar more easily? Thanks for ideas and input. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREKAAYFAlMhi+oACgkQ/6vdZgk46sgnowCcCRLJKxcWaDlrFQqSuWsYg6EY 2mAAn0PqF30Mq/MDKuinw8nZR6yXUogk =ZGtB -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Mar 13 13:08:11 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 13 Mar 2014 08:08:11 -0400 Subject: Encrypting File with passphrase In-Reply-To: References: Message-ID: On Mar 12, 2014, at 9:07 AM, Kumar, Vikash X wrote: > Hi Team, > > Could you please help me to understand the following query. > > We are using gpg encryption method for encryption and decryption in our application. We have generated the keypairs on server A and public key is imported on server B also a passphrase say ?Strange? was provided while generating the key. > > Now I am trying to encrypt the file on server B using this public key, I am able to do so without any matter I pass the passphrase or not. > > So my ask is, if a key pair is generated with passphrase it won?t restrict the encryption incase incorrect passphrase or no passphrase is passed? Also I was able to encrypt the file on server B by providing any random passphrase, but decryption is possible with correct passphrase only. In short, yes (though you don't need to provide a passphrase at all to encrypt to a public key - the passphrase has no meaning there). Encrypting to a public key does not use a passphrase at all. Only decrypting with the private key uses a passphrase. David From dkg at fifthhorseman.net Thu Mar 13 14:49:19 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 13 Mar 2014 09:49:19 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <53218BF8.8@dkyb.de> References: <53218BF8.8@dkyb.de> Message-ID: <5321B75F.1090705@fifthhorseman.net> Hi Martin-- On 03/13/2014 06:44 AM, Martin Behrendt wrote: > I want to achieve the following: > 1. A Master signing key > 2. A subkey signing/enc pair for my normal machine > 3. A subkey signing/enc pair for e.g. my mobile device > Now the following problem arises (at least from the reading I have > done). As I understand gpg only uses one of the encryption subkeys to > encrypt the message. So the question is, is it possible to encrypt to > all encryption subkeys in a key? And if yes, is there an easy way to > do it, so also not just me can handle that, but also the people who > sent me encrypted mails. (And if not, does it make sense to implement > something like this in gnupg?) ultimately, the problem here is that the people who correspond with you don't know what device you're going to be reading the encrypted message on, so they cannot choose which encryption-capable subkey to encrypt to. In practice, it doesn't make sense to have more than one encryption-capable subkey active at a time; for signing-capable subkeys, you can have one per device as you describe. So here is what i consider to be best practice for those people who end up using more than one machine: 0) a master certifying key (possibly offline) 1) an encryption-capable subkey (shared across all machines) 2) one signing-capable subkey per device (never shared) in the event of machine compromise, use the master certifying key to revoke the encryption-capable subkey and the signing subkey specific to the compromised machine; add a new encryption-capable subkey and distribute it to your remaining non-compromised devices. Publish all these changes to the public keyservers (as well as any other channels by which you've normally published your keys). You can also choose some schedule to regularly revoke (or expire) any of the subkeys and replace them with new ones as a matter of routine maintenance if you're concerned about key leakage through overuse, or you just prefer to pre-emptively rotate keys. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Thu Mar 13 15:31:06 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 13 Mar 2014 15:31:06 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <53218BF8.8@dkyb.de> References: <53218BF8.8@dkyb.de> Message-ID: <1730446.9J4b6oayU7@inno> Am Do 13.03.2014, 11:44:08 schrieb Martin Behrendt: > Hi, > > I want to achieve the following: > 1. A Master signing key > 2. A subkey signing/enc pair for my normal machine > 3. A subkey signing/enc pair for e.g. my mobile device This is not possible in a useful sense and furthermore it doesn't make much either (in today's technical situation; this could change). The main problem is that (in a kind of normal scenario) you don't control which keys other people use for encrypting data to you. Similarly bad is the point that you make keys which are of quite different quality look equal. That is the opposite of what we need. In theory this transparency could be achieved within a certificate by marking subkeys differently (signature notations) but today you should use separate certificates at any rate. > Now the following problem arises (at least from the reading I have > done). As I understand gpg only uses one of the encryption subkeys to > encrypt the message. So the question is, is it possible to encrypt to > all encryption subkeys in a key? gpg --recipient 0xD4BC64B8\! --recipient 0x7CDBED88\! Not explicitly. There is no --encrypt-to-all-subkeys option. > And if yes, is there an easy way to > do it, so also not just me can handle that, but also the people who > sent me encrypted mails. I guess that would be quite complicated. I am not even aware of such a feature in the mail clients on the certificate level. Unfortunately my proposal for conditional blocks in gpg.conf was declined... That would allow for such a feature: "If it is an encryption operation to 0x12345678; then encrypt-to 0xD4BC64B8\! encrypt-to 0x7CDBED88\! fi" > (And if not, does it make sense to implement > something like this in gnupg?) Good luck... > And a more general question: This approach generates some overhead so > is there maybe a way to achieve something similar more easily? We need transparency of the security level of keys (not just in OpenPGP): http://www.crypto-fuer-alle.de/wishlist/securitylevel/ (German only, sorry) Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From vedaal at nym.hush.com Thu Mar 13 16:42:51 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Thu, 13 Mar 2014 11:42:51 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <53218BF8.8@dkyb.de> Message-ID: <20140313154252.196D4608CA@smtp.hushmail.com> On Thursday, March 13, 2014 at 8:03 AM, "Martin Behrendt" wrote:Hi, >I want to achieve the following: >1. A Master signing key >2. A subkey signing/enc pair for my normal machine >3. A subkey signing/enc pair for e.g. my mobile device >What I want to do is to have a different "pair" for my mobile device >or work computer than on my machine. I want to give those pairs a >shorter lifetime like 1 year (depending on the paranoia level) so I >can change them more frequently. ===== It is difficult to do what you want using subkeys, but you can easily accomplish what you want by making three new keypairs: Keypair 1 will have the Master signing key and the encryption subkey, with the comment " Principal Keypair" (or whatever descriptive comment you think is clear to your e-mail correspondence. Keypair 2 will have a signing key and encrypting subkey, with the comment "normal computer', and signed by your Master key. Keypair 3 will have a signing key and encrypting subkey with the comment "mobile device', and signed by your Master key. All 3 keypairs will have the same name and e-mail address. Keypairs 2 and 3 can have whatever shorter expiration you want. You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and e-mail address). This way you can read and correspond on whatever device you are using at the time. vedaal From martin-gnupg-users at dkyb.de Thu Mar 13 17:30:52 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Thu, 13 Mar 2014 17:30:52 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <20140313154252.196D4608CA@smtp.hushmail.com> References: <20140313154252.196D4608CA@smtp.hushmail.com> Message-ID: <5321DD3C.1040901@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 13.03.2014 16:42, schrieb vedaal at nym.hush.com: > > On Thursday, March 13, 2014 at 8:03 AM, "Martin Behrendt" > wrote:Hi, > >> I want to achieve the following: 1. A Master signing key 2. A >> subkey signing/enc pair for my normal machine 3. A subkey >> signing/enc pair for e.g. my mobile device > >> What I want to do is to have a different "pair" for my mobile >> device or work computer than on my machine. I want to give those >> pairs a shorter lifetime like 1 year (depending on the paranoia >> level) so I can change them more frequently. > > ===== You can let all your correspondents know that they can > encrypt simultaneously to all 3 of your keys that have the same > e-mail address (assuming that you give them the fingerprints and > long key id' s for the 3 keys, and they aren't going to be fooled > by some attacker making a new key with your name and e-mail > address). > Thank you, that sounds like a solution worth going for. I'm just not sure, how to e.g. tell thunderbird/enigmail to use multiple keys for one email address when sending (or will it do that by default?). If you have a hint for that would be nice, otherwise I will try to find out myself. My closest thoughts to a solution like this were, go set my reply-to to two email addresses and maybe play around with the subkey identities to achieve the same. Or also two different key pairs. One big key with subkeys would be nicer tho, to hide the "complexity" a little. @Hauke, Daniel Thx for your replies, too. Like I wrote, I am aware that multiple encryption subkeys are not used. Thats why I was asking, if changing that would make sense. Or what the bigger drawbacks are. Also the fact that it is hard to determine which key has which security level is correct and an important issue. But I think this is a problem which can be solved by a proper key management and presentation. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMh3TgACgkQ/6vdZgk46shm3QCeLD6yYByhhOnDCPCpZPPO/863 9+AAnj2J4NA53YWbO9rn30rEBwh5wR79 =m03k -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Thu Mar 13 17:39:37 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 13 Mar 2014 12:39:37 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <5321DD3C.1040901@dkyb.de> References: <20140313154252.196D4608CA@smtp.hushmail.com> <5321DD3C.1040901@dkyb.de> Message-ID: <5321DF49.10802@fifthhorseman.net> On 03/13/2014 12:30 PM, Martin Behrendt wrote: > Am 13.03.2014 16:42, schrieb vedaal at nym.hush.com: >> ===== You can let all your correspondents know that they can >> encrypt simultaneously to all 3 of your keys that have the same >> e-mail address (assuming that you give them the fingerprints and >> long key id' s for the 3 keys, and they aren't going to be fooled >> by some attacker making a new key with your name and e-mail >> address). > > > Thank you, that sounds like a solution worth going for. I'm just not > sure, how to e.g. tell thunderbird/enigmail to use multiple keys for > one email address when sending (or will it do that by default?). If > you have a hint for that would be nice, otherwise I will try to find > out myself. > My closest thoughts to a solution like this were, go set my reply-to > to two email addresses and maybe play around with the subkey > identities to achieve the same. Or also two different key pairs. One > big key with subkeys would be nicer tho, to hide the "complexity" a > little. what is the advantage of this approach? what threat are you trying to defend against? I'll work from the assumption that you are worried that an attacker might compromise one of your machines, copy that machine's decryption key, and then use its key do decrypt messages that had been sent prior to the compromise. In this case, having your recipients encrypt every message to all three keys is *exactly* as risky as having a single key shared across all machines -- a compromise of any one of the machines results in a decryption of all messages. so what are the differences between the two approaches (separate "per-machine" vs a single "shared" encryption keys)? 0) per-machine keying is more work for your peers -- they have to encrypt to K keys instead of 1. 1) on compromise, per-machine keying means you need to revoke a single key, and do no extra secret key distribution. shared keying means revoking a single key and doing a bit of extra secret key distribution. even if it was easy to convince clients like enigmail or other mechanisms to encrypt to multiple keys for a single user (i don't think it is), i don't think the per-machine approach to encryption-capable keys makes any sense. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From martin-gnupg-users at dkyb.de Thu Mar 13 19:25:46 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Thu, 13 Mar 2014 19:25:46 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <5321DF49.10802@fifthhorseman.net> References: <20140313154252.196D4608CA@smtp.hushmail.com> <5321DD3C.1040901@dkyb.de> <5321DF49.10802@fifthhorseman.net> Message-ID: <5321F82A.8020402@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 13.03.2014 17:39, schrieb Daniel Kahn Gillmor: > > what is the advantage of this approach? what threat are you trying > to defend against? > > I'll work from the assumption that you are worried that an > attacker might compromise one of your machines, copy that machine's > decryption key, and then use its key do decrypt messages that had > been sent prior to the compromise. > > In this case, having your recipients encrypt every message to all > three keys is *exactly* as risky as having a single key shared > across all machines -- a compromise of any one of the machines > results in a decryption of all messages. > One use case would be, if you use portable thunderbird only those encrypted messages get compromised which can be decrypted by the local key and which were composed in a certain time-frame. On my side, I still can read messages friend send me, which are only encrypted to e.g. make mass surveillance harder. But they don't have actual "important" content. On the other side, those friends of mine, more worried about the topic in general know how to only use my safer key. So the basic idea is, I'm always reachable via encryption but for insecure devices I have a short living key which I can change frequently while I still have a long term key out there which can more more trusted. I don't know if this makes much sense or if are there better ways. Or maybe thats a stupid problem to think about at all. I just thought about using gpg for multiple devices (especially insecure mobile ones) and approaches to increase the security. And now I want to see, what is technical possible and if there is a solution to it. If not maybe someone at least also starts thinking about the problem and comes up with a good solution. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMh+CkACgkQ/6vdZgk46sg1xwCgk3b9UyFmpOvAwoPQNIIXe1L+ /d4An1j5QQzTyKWVNNQhkyWd7+ejnrOG =Cas0 -----END PGP SIGNATURE----- From ekleog at gmail.com Thu Mar 13 19:48:53 2014 From: ekleog at gmail.com (Leo Gaspard) Date: Thu, 13 Mar 2014 19:48:53 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <5321F82A.8020402@dkyb.de> References: <20140313154252.196D4608CA@smtp.hushmail.com> <5321DD3C.1040901@dkyb.de> <5321DF49.10802@fifthhorseman.net> <5321F82A.8020402@dkyb.de> Message-ID: <20140313184853.GB26060@leortable> On Thu, Mar 13, 2014 at 07:25:46PM +0100, Martin Behrendt wrote: > One use case would be, if you use portable thunderbird only those > encrypted messages get compromised which can be decrypted by the local > key and which were composed in a certain time-frame. On my side, I > still can read messages friend send me, which are only encrypted to > e.g. make mass surveillance harder. But they don't have actual > "important" content. On the other side, those friends of mine, more > worried about the topic in general know how to only use my safer key. > So the basic idea is, I'm always reachable via encryption but for > insecure devices I have a short living key which I can change > frequently while I still have a long term key out there which can more > more trusted. > I don't know if this makes much sense or if are there better ways. Or > maybe thats a stupid problem to think about at all. I just thought > about using gpg for multiple devices (especially insecure mobile ones) > and approaches to increase the security. And now I want to see, what > is technical possible and if there is a solution to it. If not maybe > someone at least also starts thinking about the problem and comes up > with a good solution. Well... If you want to have messages sent to all machines by default, you can do this way (signing subkeys as usual) : * Generate high-security encryption subkey to be used only on secure machines * Generate low-security encryption subkey to be shared amongst all machines (Tinkering with timestamps could avoid the need to generate subkeys in this order.) By default (IIRC, not sure it's part of the standard though), all messages will be sent to the latest enc subkey, thus to all machines. Someone who wants to send secure messages can willingly encrypt to the other enc subkey. In case of compromise, revoke the low-sec enc subkey and generate another, and distribute it to the uncompromised machines. Does that fit your needs? Cheers & HTH, Leo From rjh at sixdemonbag.org Thu Mar 13 20:22:03 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Mar 2014 12:22:03 -0700 Subject: Multiple Subkey Pairs In-Reply-To: <5321F82A.8020402@dkyb.de> References: <20140313154252.196D4608CA@smtp.hushmail.com> <5321DD3C.1040901@dkyb.de> <5321DF49.10802@fifthhorseman.net> <5321F82A.8020402@dkyb.de> Message-ID: <20140313122203.Horde.AQYpg0ui2sft6h5Rms7a_w3@mail.sixdemonbag.org> > I still can read messages friend send me, which are only encrypted to > e.g. make mass surveillance harder. Your proposed solution won't work. Sorry to be so blunt, but that's the state of things. So far there's no credible reporting that any government is doing mass surveillance of email content. Instead, mass surveillance focuses on metadata: who's talking to whom, when, with what for a subject line, routed through which mail servers, and so on. GnuPG does not and cannot protect against that. If your concern is mass surveillance -- which is to say, metadata -- you need to look at other technologies. GnuPG will not protect your metadata. From 2014-667rhzu3dc-lists-groups at riseup.net Thu Mar 13 23:17:08 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 13 Mar 2014 22:17:08 +0000 Subject: Multiple Subkey Pairs In-Reply-To: <1730446.9J4b6oayU7@inno> References: <53218BF8.8@dkyb.de> <1730446.9J4b6oayU7@inno> Message-ID: <1223706165.20140313221708@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 NotDashEscaped: You need GnuPG to verify this message Hi On Thursday 13 March 2014 at 2:31:06 PM, in , Hauke Laging wrote: > gpg --recipient 0xD4BC64B8\! I've never see it with a backslash before the exclamation mark. What does the backslash add? -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Adults are obsolete children. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlMiLmxXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pw+EEAIr18xX3n/CY5HSEDqmMzoNKqia/Wn15zD9p TlyfWTGck+I0u2XHE+Pngu5h4xMnTr7BXFUVgIIhsh40E81qfV2IKyAeWdaajeK4 CNGNwUBG/4CJYk5SmcmTeg5Ih31ZHwJIc+MC1DOXS5FVkt30zxvs0i+LjWxWvnY4 HKxjr6Ii =V8nY -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Thu Mar 13 23:24:01 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 13 Mar 2014 18:24:01 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <1223706165.20140313221708@my_localhost> References: <53218BF8.8@dkyb.de> <1730446.9J4b6oayU7@inno> <1223706165.20140313221708@my_localhost> Message-ID: <53223001.6020301@fifthhorseman.net> On 03/13/2014 06:17 PM, MFPA wrote: > On Thursday 13 March 2014 at 2:31:06 PM, in > , Hauke Laging wrote: > >> gpg --recipient 0xD4BC64B8\! > > I've never see it with a backslash before the exclamation mark. > What does the backslash add? it tells your shell to avoid interpreting the ! as a shell metacharacter. If your shell doesn't care about ! then the backslash is unnecessary but shouldn't be a problem (standard shell escaping will swallow it before passing on the literal ! to the shell's subprocess (gpg in this case). --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Thu Mar 13 23:27:45 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 13 Mar 2014 18:27:45 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <1223706165.20140313221708@my_localhost> References: <53218BF8.8@dkyb.de> <1730446.9J4b6oayU7@inno> <1223706165.20140313221708@my_localhost> Message-ID: <21D79237-D06E-4069-827E-C3B12A1BB524@jabberwocky.com> On Mar 13, 2014, at 6:17 PM, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > NotDashEscaped: You need GnuPG to verify this message > > Hi > > > On Thursday 13 March 2014 at 2:31:06 PM, in > , Hauke Laging wrote: > > > >> gpg --recipient 0xD4BC64B8\! > > I've never see it with a backslash before the exclamation mark. > What does the backslash add? Probably escaping the exclamation mark to prevent it from being interpreted by the shell. In bash, at least, it's not necessary as a trailing ! mark doesn't get interpreted by the shell. Doesn't hurt to escape it though. David From mailinglisten at hauke-laging.de Thu Mar 13 23:38:00 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 13 Mar 2014 23:38 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <1223706165.20140313221708@my_localhost> References: <53218BF8.8@dkyb.de> <1730446.9J4b6oayU7@inno> <1223706165.20140313221708@my_localhost> Message-ID: <2384426.K3GNQFICji@inno> Am Do 13.03.2014, 22:17:08 schrieb MFPA: > > gpg --recipient 0xD4BC64B8\! > > I've never see it with a backslash before the exclamation mark. > What does the backslash add? That has nothing to do with GnuPG it is for the Shell. man bash: "History expansions are introduced by the appearance of the history expansion character, which is ! by default. Only backslash (\) and single quotes can quote the history expansion character." "Several characters inhibit history expansion if found immediately following the history expansion character, even if it is unquoted: space, tab, newline, carriage return, and =. If the extglob shell option is enabled, ( will also inhibit expansion." Thus the \ is not necessary in this case. But because I often forget which characters inhibit history expansion I got used to always escape "!". If history expansion is active in your shell (bash: "echo $-" contains "H") compare gpg --recipient 0xD4BC64B8\! with gpg --recipient "0xD4BC64B8!" Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From samctanner at gmail.com Thu Mar 13 21:05:38 2014 From: samctanner at gmail.com (Sam Tanner) Date: Thu, 13 Mar 2014 20:05:38 +0000 Subject: Configure Errors Message-ID: Hi, I'm hoping you might be able to provide some insight into whats going on... I'm still quite new to th whole using the terminal in Lubuntu, so this might even be a total noob question. when i try the ./configure command, after it runs through, i get the error message: "configure: error: no acceptable C compiler found in $PATH" I downloaded th package from a uk mirror for gnugp, have tried witha couple of them now and still get the same error. am i possibly missing something on my OS? many thanks sam -------------- next part -------------- An HTML attachment was scrubbed... URL: From psusi at ubuntu.com Fri Mar 14 14:58:55 2014 From: psusi at ubuntu.com (Phillip Susi) Date: Fri, 14 Mar 2014 09:58:55 -0400 Subject: Encrypting File with passphrase In-Reply-To: References: Message-ID: <53230B1F.20006@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/12/2014 9:07 AM, Kumar, Vikash X wrote: > Hi Team, > > Could you please help me to understand the following query. > > We are using gpg encryption method for encryption and decryption > in our application. We have generated the keypairs on server A and > public key is imported on server B also a passphrase say "Strange" > was provided while generating the key. > > Now I am trying to encrypt the file on server B using this public > key, I am able to do so without any matter I pass the passphrase > or not. > > So my ask is, if a key pair is generated with passphrase it won't > restrict the encryption incase incorrect passphrase or no > passphrase is passed? Also I was able to encrypt the file on server > B by providing any random passphrase, but decryption is possible > with correct passphrase only. The passphrase is only used to encrypt the private key so that even if someone gets ahold of your private keyring, they still can't use it. You can skip the password if you want, and that makes as much sense as writing the password down in a script that will be automatically using the private key to decrypt. Encryption only uses the public key, hence there is no password. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTIwsfAAoJEI5FoCIzSKrw5tAH/ih7zw3gm5/YL4Lmf3OePDWN XNpk18RCN2RNdmTSOWV6QZa/b4yt7C8Il95L9F4JwKLhnPrdl2x1mcXBK0+yg/xQ aNmOmsfKUMpu5zyUKuYaQQ/uFxer+zL3Xa456qFLgQF0UjWgYOuhw4LfVKb1Jy7P sxYmkmOWrN+DzciPrNQL2j6a/oGLF1Rz6rsPl7jFFSrVgCXugNIOaDGtzCjT9/dx Ig4L4znz9ZWZ0Z0e6gQEjlVIWjPZVE5FQhp2l9se3sKrXNqtxKIAMBEwtM6XU5In +o03VrQYCU6Iuf3n4wcM511yLufOhc2xrnY6yltMSPVYauSYE4y5KHrS7aFVIl0= =f2Al -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Mar 14 17:06:40 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 14 Mar 2014 09:06:40 -0700 Subject: Multiple Subkey Pairs In-Reply-To: References: Message-ID: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> > The NSA e.g. denies to archive content of us-american citizens mails. It is > thus perfectly reasonable to assume it does so with all other ones. They also deny being able to violate the Second Law of Thermodynamics: is it thus perfectly reasonable to assume they can violate the other ones? "Just because they deny X means it's reasonable to believe Y" is logic that will get you in a whole lot of trouble. If you have evidence to support your assertion I'm sure we'd all love to hear it -- but as I don't believe such evidence exists, the most we can reasonably say is "we don't know." > Besides, you believe their denials - are you kidding? Let me tell you a story about Allan. Allan was a great guy, one of the true heroes of American government. He never got the recognition he deserved. Allan was a veteran FBI agent with a Ph.D. in criminal justice, with a thesis that focused on police corruption. His life goal was to someday get appointed as a federal judge. He authored part of the FISA Act. Later in his life he was appointed by the Attorney General to become the Department of Justice's gatekeeper to the FISA Court. All warrant applications had to go through him. He thus had two compelling reasons to be strict about the warrants he presented to FISA. The first was that he hated corruption in a deep-in-his-bones way. The second was he knew that if he allowed any inadequate warrants to be presented to the FISA Court, those inadequate warrants would come up in Senate confirmation hearings for the federal judgeship he wanted. As a result, he had a reputation for being harder to convince of a warrant than the FISA Court itself was! -- Now, who told me about him first? My father, a federal judge who at one time was tapped for FISA. (He refused for personal reasons: he was approaching retirement and didn't want the additional responsibilities.) Dad had a good laugh about it and thought that if the American people ever knew it was harder to get Allan to bring a warrant application to FISA than it was to actually get FISA to approve a warrant, they'd be reassured. Dad would tell me all about how in all the time Allan had been responsible for bringing warrant applications to FISA, FISA had only ever denied three or four -- and that years later Allan was still sore about those! Nowadays, of course, the meme is "FISA has only rejected a handful of warrants in all its time! Clearly, it must be a rubber stamp court!" Nothing is further from the truth. For many years the reason why FISA so rarely bounced an warrant application is because Allan refused to bring inadequate ones to the Court. The former General Counsel of the National Security Agency, Stewart Baker, has written a fine book that I think everyone here should read: _Skating on Stilts_. Baker has some harsh words for Allan, claiming that he was such a hardass about warrant applications that he got in the way of many national security investigations. I first read this shortly after Allan's death and I almost bust a gut laughing. If he knew that his major claim to fame was having GC-NSA call him an obstruction to national security, I think he'd consider his place in posterity to be well-established. Allan died of cancer a few years ago -- but before he did, he achieved his life goal of being appointed to the federal bench. I had the honor of talking with him on several occasions from 2008 to 2010. Even dying of cancer, he was still a partisan for integrity in government. His commitment to it even in the face of imminent death impressed me as few things in the world have. Do I believe the NSA when they say that for U.S. persons only metadata is collected? No. But it was Allan's job to watch the NSA, and I trust that Allan didn't lie to me. I know that the common meme on this mailing list is, "ooh, government *bad*, government *always* looking for ways to exploit us." But that's an insulting and childish belief. It's about as grown-up and about as mature as believing there are monsters under the bed or a bogeyman in the closet. Government *can be* bad, sure. Absolutely. But government also has people like Allan, and when we forget that we diminish ourselves. Frankly, I think people on this list ought celebrate his birthday -- March 4 -- as some kind of holiday. You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. I'm going to make a donation to GnuPG today, in the memory of a government intelligence official who stood up for civil liberties. They *do* exist. Werner, if the donation I make later today could be credited as "In memory of the Honorable Allan N. Kornblum," that would be appreciated. http://en.wikipedia.org/wiki/Allan_Kornblum From david at systemoverlord.com Fri Mar 14 16:44:11 2014 From: david at systemoverlord.com (David Tomaschik) Date: Fri, 14 Mar 2014 08:44:11 -0700 Subject: Configure Errors In-Reply-To: References: Message-ID: If you're using Lubuntu, you probably just want to install the package via apt-get: "apt-get install gnupg" (or gnupg2 for gpg2). If its default packages are similar to ubuntu, GPG1 should be installed by default. If you really want to install from source, you'll need a C compiler installed along with all the various dependencies. The build-essential package should get you started, but you might still need more. On Thu, Mar 13, 2014 at 1:05 PM, Sam Tanner wrote: > Hi, > I'm hoping you might be able to provide some insight into whats going on... > > I'm still quite new to th whole using the terminal in Lubuntu, so this > might even be a total noob question. > > when i try the ./configure command, after it runs through, i get the error > message: > > "configure: error: no acceptable C compiler found in $PATH" > > I downloaded th package from a uk mirror for gnugp, have tried witha > couple of them now and still get the same error. > > am i possibly missing something on my OS? > > many thanks > > sam > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- David Tomaschik OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Fri Mar 14 17:33:23 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 14 Mar 2014 09:33:23 -0700 Subject: Multiple Subkey Pairs In-Reply-To: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> References: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> Message-ID: <20140314093323.Horde.fnUOtoa6Q_uVJkDe2QtyBA1@mail.sixdemonbag.org> > You know what? To hell with it. I /will/ celebrate his birthday, > just ten years late. Days. *Days* late. :) From tristan.santore at internexusconnect.net Fri Mar 14 18:08:28 2014 From: tristan.santore at internexusconnect.net (Tristan Santore) Date: Fri, 14 Mar 2014 17:08:28 +0000 Subject: Multiple Subkey Pairs In-Reply-To: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> References: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> Message-ID: <5323378C.4060707@internexusconnect.net> On 14/03/14 16:06, Robert J. Hansen wrote: >> The NSA e.g. denies to archive content of us-american citizens mails. >> It is >> thus perfectly reasonable to assume it does so with all other ones. > > They also deny being able to violate the Second Law of Thermodynamics: > is it thus perfectly reasonable to assume they can violate the other ones? > > "Just because they deny X means it's reasonable to believe Y" is logic > that will get you in a whole lot of trouble. If you have evidence to > support your assertion I'm sure we'd all love to hear it -- but as I > don't believe such evidence exists, the most we can reasonably say is > "we don't know." > >> Besides, you believe their denials - are you kidding? > > Let me tell you a story about Allan. Allan was a great guy, one of the > true heroes of American government. He never got the recognition he > deserved. Allan was a veteran FBI agent with a Ph.D. in criminal > justice, with a thesis that focused on police corruption. His life goal > was to someday get appointed as a federal judge. He authored part of > the FISA Act. Later in his life he was appointed by the Attorney > General to become the Department of Justice's gatekeeper to the FISA > Court. All warrant applications had to go through him. > > He thus had two compelling reasons to be strict about the warrants he > presented to FISA. The first was that he hated corruption in a > deep-in-his-bones way. The second was he knew that if he allowed any > inadequate warrants to be presented to the FISA Court, those inadequate > warrants would come up in Senate confirmation hearings for the federal > judgeship he wanted. As a result, he had a reputation for being harder > to convince of a warrant than the FISA Court itself was! > > -- Now, who told me about him first? My father, a federal judge who at > one time was tapped for FISA. (He refused for personal reasons: he was > approaching retirement and didn't want the additional > responsibilities.) Dad had a good laugh about it and thought that if > the American people ever knew it was harder to get Allan to bring a > warrant application to FISA than it was to actually get FISA to approve > a warrant, they'd be reassured. Dad would tell me all about how in all > the time Allan had been responsible for bringing warrant applications to > FISA, FISA had only ever denied three or four -- and that years later > Allan was still sore about those! > > Nowadays, of course, the meme is "FISA has only rejected a handful of > warrants in all its time! Clearly, it must be a rubber stamp court!" > Nothing is further from the truth. For many years the reason why FISA > so rarely bounced an warrant application is because Allan refused to > bring inadequate ones to the Court. > > The former General Counsel of the National Security Agency, Stewart > Baker, has written a fine book that I think everyone here should read: > _Skating on Stilts_. Baker has some harsh words for Allan, claiming > that he was such a hardass about warrant applications that he got in the > way of many national security investigations. I first read this shortly > after Allan's death and I almost bust a gut laughing. If he knew that > his major claim to fame was having GC-NSA call him an obstruction to > national security, I think he'd consider his place in posterity to be > well-established. > > Allan died of cancer a few years ago -- but before he did, he achieved > his life goal of being appointed to the federal bench. I had the honor > of talking with him on several occasions from 2008 to 2010. Even dying > of cancer, he was still a partisan for integrity in government. His > commitment to it even in the face of imminent death impressed me as few > things in the world have. > > Do I believe the NSA when they say that for U.S. persons only metadata > is collected? No. > > But it was Allan's job to watch the NSA, and I trust that Allan didn't > lie to me. > > I know that the common meme on this mailing list is, "ooh, government > *bad*, government *always* looking for ways to exploit us." But that's > an insulting and childish belief. It's about as grown-up and about as > mature as believing there are monsters under the bed or a bogeyman in > the closet. > > Government *can be* bad, sure. Absolutely. > > But government also has people like Allan, and when we forget that we > diminish ourselves. > > Frankly, I think people on this list ought celebrate his birthday -- > March 4 -- as some kind of holiday. > > You know what? To hell with it. I /will/ celebrate his birthday, just > ten years late. I'm going to make a donation to GnuPG today, in the > memory of a government intelligence official who stood up for civil > liberties. They *do* exist. Werner, if the donation I make later today > could be credited as "In memory of the Honorable Allan N. Kornblum," > that would be appreciated. > > http://en.wikipedia.org/wiki/Allan_Kornblum > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. They do process any US email going in and out of the US, be it by US citizens or not. Also, quite frankly, all of such assurances are totally meaningless, as we in the UK (GCHQ), do that work for you and vice versa. So, you see, the issue is not necessarily that the US government is spying on the German government, or the UK government, and they doing it on each other of course. The real issues are that they are a. violating UK law or US law by sharing information or getting the other party to use that information, which at least in the UK is so unlawful, you would need 50 negative words to describe how unlawful that approach is (according to a former Intelligence and Security Committee member). b. By intercepting any messages, by tapping into POPs or undersea cables you are by de-facto already obtaining communications content without warrants. Because of course that would make it almost impossible for them to gather information otherwise. They would be in court all day long. Quite frankly though even Germany and many other European governments co-operate in intelligence matters by sharing data on their citizens. Mrs Merkel was only appalled that her Governments stuff was being spied on, quite frankly I do not think she particularly cares about German citizens or residents. The fact is, now every citizen can communicate at will, with a lot of people at once, broadcasting their views without having a media organisation filter it, is scaring any executive in the world, be it China, Germany, the Uk, Russia, the US or anyone other country you can think of. Of course, all terrorists and organised crime people know they are being spied on. So, they already have changed heir tactics, even way before Edward Snowden released the files. That is, not communicate via mobile phones, email, or written letter. We had a prime example here in the UK, where terror suspects, who later got convicted, met in a public park. And that is where they would talk, now the only reason they got caught is, because of the old traditional intelligence gathering methods aka actually surveying the actual targets. Every time you hear politicians say mass surveillance stops terrorism without showing actual convictions, is rather laughable, especially if that surveillance covers national borders too. Anyway, enough of this. Pointless discussion really. Only thing you can do is complain to your MP, Congressman/Woman, Member of the Bundestag or maybe even Landtag(Bundesrat), or who/whatever is responsible in your country. Or better yet, unlawfully spy on your politicians, by planting bugs in their constituent offices, tap their mobiles send them malware, tap into their phone lines. Then broadcast all you found on the internet. Including their family affairs, potential conflicts of interest and corruption, including secret deals. They will love that I am sure. Note: This is a bit of sarcasm! We are world renown for that in the UK. Maybe then they will wise up to why mass interception is not only wrong, but also yields very little real useful information. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore at internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore at fedoraproject.org From micha137 at gmx.de Fri Mar 14 12:11:10 2014 From: micha137 at gmx.de (Michael Anders) Date: Fri, 14 Mar 2014 12:11:10 +0100 Subject: Multiple Subkey Pairs In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Fri Mar 14 18:28:55 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 14 Mar 2014 10:28:55 -0700 Subject: Multiple Subkey Pairs In-Reply-To: <5323378C.4060707@internexusconnect.net> References: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> <5323378C.4060707@internexusconnect.net> Message-ID: <20140314102855.Horde.paU_w5D34KfviT9m6ID2NQ1@mail.sixdemonbag.org> > Totally off-topic. But that your father was a highly positioned > judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. From tristan.santore at internexusconnect.net Fri Mar 14 21:28:07 2014 From: tristan.santore at internexusconnect.net (Tristan Santore) Date: Fri, 14 Mar 2014 20:28:07 +0000 Subject: Multiple Subkey Pairs In-Reply-To: <20140314102855.Horde.paU_w5D34KfviT9m6ID2NQ1@mail.sixdemonbag.org> References: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> <5323378C.4060707@internexusconnect.net> <20140314102855.Horde.paU_w5D34KfviT9m6ID2NQ1@mail.sixdemonbag.org> Message-ID: <53236657.7050301@internexusconnect.net> On 14/03/14 17:28, Robert J. Hansen wrote: >> Totally off-topic. But that your father was a highly positioned >> judge, would make you rather biased. > > Sure, just like someone being German would make them pretty biased > against Jews. > > What I just said was insensitive, offensive, and completely > inappropriate. So, too, was what you just said. Grow up. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Haha. Unfortunately for you, I am not German, so i am not insulted. But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. Excusing your behaviour after is hardly a sign of maturity. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father, which makes it hear-say. Further, getting facts from a second party about a third party about information, that would fall under a piece of legislation, which permits nobody to even discuss it, makes such statements meaningless. Further adding your comments about intelligence matters, that you clearly can not have any knowledge of, does not qualify you to make any such statements. Hence, my statement about you being biased. Further, all this discussion is quite meaningless anyway. Needless to say all this is totally off-topic, I just wanted to be sure that you got somebody else's opinion, as you were quite so dismissive about another person and their opinions on this list. I tend to side with people being "bullied". Now maybe we can get back to the perfectly legitimate issues regarding the use of sub-keys and the use of multiples of these. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore at internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore at fedoraproject.org From rjh at sixdemonbag.org Fri Mar 14 22:34:54 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 14 Mar 2014 14:34:54 -0700 Subject: Multiple Subkey Pairs In-Reply-To: <53236657.7050301@internexusconnect.net> References: <20140314090640.Horde.7NrvHB5Jat_vhEnESxF6OA1@mail.sixdemonbag.org> <5323378C.4060707@internexusconnect.net> <20140314102855.Horde.paU_w5D34KfviT9m6ID2NQ1@mail.sixdemonbag.org> <53236657.7050301@internexusconnect.net> Message-ID: <20140314143454.Horde.2plBA6xRraq-zvSRrtXVLQ1@mail.sixdemonbag.org> > But I do know loads of German's, which of course, with you making > such statements, not only shows that you have a serious problem, if > you have to offend people, just because you feel offended, but also > shows how ignorant you are. You are missing the point. It is contemptible to believe that just because someone is descended from X, they must therefore possess trait Y. This is not how civilized people behave. We judge people on their own choices -- not their parentage. To do otherwise is the act of a barbarian. > Unlike you, I based my statement on what you said in your email, > namely, that you got information from your father Quoting you: "That your father was a highly positioned judge, would make you rather biased," to be specific. You didn't say that my information would be biased: you said that *I* am biased based on my father's job. And that's simply beyond the pale. From rjh at sixdemonbag.org Sat Mar 15 17:59:28 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 15 Mar 2014 12:59:28 -0400 Subject: Regarding Allan Message-ID: <532486F0.4080706@sixdemonbag.org> Some people have expressed interest in redistributing my remarks about Allan. Please don't. I sent my remarks to his family for review and they found a couple of minor factual errors in what I wrote -- nothing serious, but -- well -- Allan would insist on total accuracy, so a writeup about him should, too. I have a fixed version that has been approved by his family. Email me off-list and I'll happily send it to you. It's in the public domain: please feel free to share it. From juha.heljoranta at iki.fi Sat Mar 15 20:53:44 2014 From: juha.heljoranta at iki.fi (Juha Heljoranta) Date: Sat, 15 Mar 2014 21:53:44 +0200 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash Message-ID: <1953372.7YTjIOk2IF@seven.lan> Hi, I am not able to get the gpg to verify a signature. Any advice how to fix this? Or could the key 9C973C92 be invalid/broken? $ mkdir -m 700 newgnupg $ echo foo > zinc-0.2.0.jar $ wget http://repo1.maven.org/maven2/com/typesafe/zinc/zinc/0.2.0/zinc-0.2.0.jar.asc $ gpg -vvv --homedir newgnupg --version gpg (GnuPG) 1.4.16 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: newgnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), CAMELLIA256 (S13) Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) $ gpg -vvv \ --homedir newgnupg \ --auto-key-locate keyserver \ --keyserver pgp.mit.edu \ --keyserver-options auto-key-retrieve \ --verify zinc-0.2.0.jar.asc zinc-0.2.0.jar gpg: using character set `utf-8' gpg: keyring `newgnupg/pubring.gpg' created gpg: armor: BEGIN PGP SIGNATURE gpg: armor header: Version: BCPG v1.46 :signature packet: algo 17, keyid 04918EA99C973C92 version 4, created 1352169028, md5len 0, sigclass 0x00 digest algo 2, begin of digest 6f 81 hashed subpkt 2 len 4 (sig created 2012-11-06) subpkt 16 len 8 (issuer key ID 04918EA99C973C92) data: [255 bits] data: [255 bits] gpg: Signature made Tue 06 Nov 2012 04:30:28 AM EET using DSA key ID 9C973C92 gpg: requesting key 9C973C92 from hkp server pgp.mit.edu gpg: armor: BEGIN PGP PUBLIC KEY BLOCK gpg: armor header: Version: SKS 1.1.4 gpg: armor header: Comment: Hostname: pgp.mit.edu :public key packet: version 4, algo 17, created 1330048372, expires 0 pkey[0]: [2048 bits] pkey[1]: [256 bits] pkey[2]: [2047 bits] pkey[3]: [2047 bits] keyid: 04918EA99C973C92 :user ID packet: "Peter Vlugter " :signature packet: algo 17, keyid 04918EA99C973C92 version 4, created 1330048372, md5len 0, sigclass 0x13 digest algo 8, begin of digest 21 9c hashed subpkt 2 len 4 (sig created 2012-02-24) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 04918EA99C973C92) data: [255 bits] data: [255 bits] :signature packet: algo 1, keyid 7CF8D72BE29DF322 version 4, created 1330052726, md5len 0, sigclass 0x10 digest algo 2, begin of digest 51 b6 hashed subpkt 2 len 4 (sig created 2012-02-24) subpkt 16 len 8 (issuer key ID 7CF8D72BE29DF322) data: [2047 bits] :public sub key packet: version 4, algo 16, created 1330048372, expires 0 pkey[0]: [2048 bits] pkey[1]: [3 bits] pkey[2]: [2047 bits] keyid: 4E7C8F86CA55236D :signature packet: algo 17, keyid 04918EA99C973C92 version 4, created 1330048372, md5len 0, sigclass 0x18 digest algo 8, begin of digest 0d ec hashed subpkt 2 len 4 (sig created 2012-02-24) hashed subpkt 27 len 1 (key flags: 0C) subpkt 16 len 8 (issuer key ID 04918EA99C973C92) data: [254 bits] data: [254 bits] gpg: pub 2048D/9C973C92 2012-02-24 Peter Vlugter gpg: writing to `newgnupg/pubring.gpg' gpg: newgnupg/trustdb.gpg: trustdb created gpg: using PGP trust model gpg: key 9C973C92: public key "Peter Vlugter " imported gpg: 1 keys cached (3 signatures) gpg: 0 keys processed (0 validity counts cleared) gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 gpg: DSA key 9C973C92 requires a 256 bit or larger hash gpg: Can't check signature: general error From cspitzer at godaddy.com Sun Mar 16 16:48:18 2014 From: cspitzer at godaddy.com (Charles Spitzer) Date: Sun, 16 Mar 2014 15:48:18 +0000 Subject: problem encrypting with someone else's key Message-ID: So, I used gpg 2.22 to import someone's key, and then encrypted a file with it. I sent it to them, and they couldn't decrypt it for some reason. I then exported the same key, and found that the export file doesn't match the key that I imported. Shouldn't it be the same, or is there something in the exported key that is specific to the machine it came from? How can I debug this? I don't know what they're using to decrypt, but they are certainly using pgp. Their -armor key block came in with a version of PGP Command Line v9.0.5 (Win32). The -armor key block that I exported showed GnuPG v2.0.22 (MingW32). Could there be some incompatibility between the 2 versions, or is there something I need to do on my end to ensure they can decrypt? Regards, Charlie Spitzer -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Sun Mar 16 18:41:38 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 16 Mar 2014 18:41:38 +0100 Subject: problem encrypting with someone else's key In-Reply-To: References: Message-ID: <2261575.OsMT05vzVs@inno> Am So 16.03.2014, 15:48:18 schrieb Charles Spitzer: > So, I used gpg 2.22 to import someone's key, and then encrypted a file > with it. I sent it to them, and they couldn't decrypt it for some > reason. It is difficult to debug this if you don't tell us how exactly you did this encryption. Did you encrypt on the command line? Run this for the encrypted file: gpg --list-only --list-packets tmp.txt.gpg You should get output like this: :pubkey enc packet: version 3, algo 1, keyid 764311F281F06169 data: [2045 bits] :encrypted data packet: length: 1703 mdc_method: 2 If it looks like this, run gpg --list-keys 764311F281F06169 Is that the key of the recipient? > I then exported the same key, and found that the export file doesn't > match the key that I imported. Shouldn't it be the same, or is there > something in the exported key that is specific to the machine it came > from? You may have made a public signature for the key which, of course, was not part of the certificate you imported. Or the import file contains signatures gpg ignores when importing (or at least when exporting): Useless and old signatures (replaced by newer ones) may be ignored. > How can I debug this? The same way: gpg --list-packets import_file gpg --list-packets export_file > I don't know what they're using to > decrypt, but they are certainly using pgp. May help to know the exact error message they get. They may get a better error message if they try to decrypt in the console: gpg -vvv your_file.gpg Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From cspitzer at godaddy.com Mon Mar 17 00:21:45 2014 From: cspitzer at godaddy.com (Charles Spitzer) Date: Sun, 16 Mar 2014 23:21:45 +0000 Subject: problem encrypting with someone else's key In-Reply-To: <2261575.OsMT05vzVs@inno> References: <2261575.OsMT05vzVs@inno> Message-ID: Even stranger, I had the same version of gpg installed on a friend's machine. He encrypted a file containing only a HelloWorld with the same key, and I did the same. The encrypted files weren't the same. He didn't use, to my knowledge, a sign on it. Here's the list-packets info. Yes, this was encrypted with the GIS key, which is what I used. C:\Users\cspitzer\Documents\GIS-WOTC>gpg --list-only --list-packets HelloWorld.txt.gpg :pubkey enc packet: version 3, algo 16, keyid 9AAF93486C842B6C data: [1021 bits] data: [1023 bits] :encrypted data packet: length: 38 gpg: encrypted with 1024-bit ELG key, ID 6C842B6C, created 2005-02-16 "GIS " C:\Users\cspitzer\Documents\GIS-WOTC>gpg --list-keys 9AAF93486c842B6C pub 1024D/9EBA10E1 2005-02-16 uid GIS sub 1024g/6C842B6C 2005-02-16 and here's the file he sent me: C:\Users\cspitzer\Documents\GIS-WOTC>gpg --list-only --list-packets HelloWorld.txt.bill.pgp :pubkey enc packet: version 3, algo 16, keyid 9AAF93486C842B6C data: [1024 bits] data: [1023 bits] :encrypted data packet: length: 32 gpg: encrypted with 1024-bit ELG key, ID 6C842B6C, created 2005-02-16 "GIS " which is the same key. When I exported my key, I used Kleopatra and didn't say to create an export with a sign, so I'm not sure what's exactly in the set of bytes that are in the file. I, of course, can't try to decrypt this, as I don't have their key. I'll have to ask what kind of errors they're getting, or whether they just get gibberish out of it. They only said it doesn't work. Thanks for your help. Regards, Charlie -----Original Message----- From: Hauke Laging [mailto:mailinglisten at hauke-laging.de] Sent: Sunday, March 16, 2014 10:42 AM To: gnupg-users at gnupg.org Cc: Charles Spitzer Subject: Re: problem encrypting with someone else's key Am So 16.03.2014, 15:48:18 schrieb Charles Spitzer: > So, I used gpg 2.22 to import someone's key, and then encrypted a file > with it. I sent it to them, and they couldn't decrypt it for some > reason. It is difficult to debug this if you don't tell us how exactly you did this encryption. Did you encrypt on the command line? Run this for the encrypted file: gpg --list-only --list-packets tmp.txt.gpg You should get output like this: :pubkey enc packet: version 3, algo 1, keyid 764311F281F06169 data: [2045 bits] :encrypted data packet: length: 1703 mdc_method: 2 If it looks like this, run gpg --list-keys 764311F281F06169 Is that the key of the recipient? > I then exported the same key, and found that the export file doesn't > match the key that I imported. Shouldn't it be the same, or is there > something in the exported key that is specific to the machine it came > from? You may have made a public signature for the key which, of course, was not part of the certificate you imported. Or the import file contains signatures gpg ignores when importing (or at least when exporting): Useless and old signatures (replaced by newer ones) may be ignored. > How can I debug this? The same way: gpg --list-packets import_file gpg --list-packets export_file > I don't know what they're using to > decrypt, but they are certainly using pgp. May help to know the exact error message they get. They may get a better error message if they try to decrypt in the console: gpg -vvv your_file.gpg Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 From mailinglisten at hauke-laging.de Mon Mar 17 02:29:28 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 17 Mar 2014 02:29:28 +0100 Subject: problem encrypting with someone else's key In-Reply-To: References: <2261575.OsMT05vzVs@inno> Message-ID: <6316613.Z8RdC73EQ7@inno> Am So 16.03.2014, 23:21:45 schrieb Charles Spitzer: > Even stranger, I had the same version of gpg installed on a friend's > machine. He encrypted a file containing only a HelloWorld with the > same key, and I did the same. The encrypted files weren't the same. They are never the same because of the session key which is unique for each encryption operation. Furthermore the compression configuration may be different. I am not familiar enough with RSA padding; maybe length differences can result from that, too. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Mon Mar 17 05:28:28 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 17 Mar 2014 05:28:28 +0100 Subject: locale bug in 1.4 Message-ID: <4336699.ORp4OK7q2g@inno> Hello, I may have found a locale bug in 1.4.12. I am aware that this is not the current version but I cannot easily install 1.4.16 now. 1.4.12 is the version in Knoppix 7.2. I have problems with non-ASCII characters when I use batch mode. The funny part is that this problem does not appear when I generate a mainkey (from a batch config file). It appears when I add UIDs later: echo adduid$'\n'"$name"$'\n'"${email}"$'\n'"${comment}"$'\n'save$'\n' | LC_ALL= LANGUAGE=en gpg --batch --passphrase foo \ --command-fd 0 --edit-key Hauke The man page says about --display-charset: "If this option is not used, the default character set is determined from the current locale." What you would expect. locale looks like this: LANG=de_DE.UTF-8 LANGUAGE=de LC_CTYPE="de_DE.UTF-8" LC_NUMERIC="de_DE.UTF-8" LC_TIME="de_DE.UTF-8" LC_COLLATE="de_DE.UTF-8" LC_MONETARY="de_DE.UTF-8" LC_MESSAGES="de_DE.UTF-8" LC_PAPER="de_DE.UTF-8" LC_NAME="de_DE.UTF-8" LC_ADDRESS="de_DE.UTF-8" LC_TELEPHONE="de_DE.UTF-8" LC_MEASUREMENT="de_DE.UTF-8" LC_IDENTIFICATION="de_DE.UTF-8" LC_ALL="de_DE.UTF-8" gpg --expert --gen-key leads to a message: "You are using the `utf-8` character set." The batch pipeline leads to: "You are using the `iso-8859-1` character set." Which IMHO pretty well explains the umlaut problems. But it doesn't make sense to me. Why does GnuPG guess it's not UTF-8 any more just because of the pipeline? Adding --display-charset utf-8 solves the problem. It does not occur with 2.0.22 (and some versions before). BTW: Unfortunately I have no clue about internationalization. Is it correct that LANG and all the LC_ variables have content of this kind LANG=de_DE.UTF-8 but that LANGUAGE has neither the _ part nor a character encoding? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From micha137 at gmx.de Mon Mar 17 08:45:25 2014 From: micha137 at gmx.de (Michael Anders) Date: Mon, 17 Mar 2014 08:45:25 +0100 Subject: Multiple Subkey Pairs In-Reply-To: References: Message-ID: <1395042325.3103.8.camel@micha137-myAMD-CM1740> I apologize for having triggered the emotionally agitated exchange in this thread culminating in someone bringing up the German-Jew trauma. I did not intend this and will try to make future points in a more moderate language. I acknowledge the outburst of true emotion by the person I responded to initially. Unfortunately my initial contribution was held for moderation and finally has been withheld for reasons unknown to me. All that was left is a belated, empty response under my name in the last digest. Since followers of this discussion cannot possibly understand the heated responses without the trigger, I'll try it again. Hopefully this will end the emotional part and will get the discussion back onto the appropriate technical track. This time I'll slightly redact my initial contribution so as to avoid it being held by a moderator. Here we go ->Quote: ************************************ > So far there's no credible reporting that any government is doing mass > surveillance of email content. Instead, mass surveillance focuses on > metadata: who's talking to whom, when, with what for a subject line, > routed through which mail servers, and so on. The YYY (->a famous three letter agency) e.g. denies to archive content of YYY citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They can easily do it, thus they do it. I am german, so I am free game for them anyways. Besides, you believe their denials - are you kidding? > GnuPG does not and > cannot protect against that. This is as regrettable as it is true. Worse still, it is much more cumbersome to protect your "metadata" than to protect content with e.g. GnuPG. You could achieve it easiest with YYYYY(->We all would know how to do this). A public key infrastructure is difficult to reconcile with anonymity. > > If your concern is mass surveillance -- which is to say, metadata -- sorry again, if we are speaking about the YYY, only metadata if recipient and sender are YYY citizens and if we believe what the agency says. Regarding the the security of the content, I share the view that lighting a firework of a dynamic subkey structure is not going to help. IMHO one properly kept key is enough and its security should last for decades. After all the "all or nothing" principle is at the core of cryptography in many contexts. There is no such thing as attrition of security by heavy usage of a public RSA or ECC key. When it comes to system compromise leading to broken security. This is not kind of an aging process smoothly proceeding with time and eventually leading to death. They target you or they don't. cheers Michael Anders (a reference to my project page) ******************************************* End of quote. The reference to my crypto project homepage which also contains a political statement, might also have been the problem. Those who are interested and dont't feel offended by a positive reference to a controversial person can find it via my homepage www.fh-wedel.de/~an/ following the link to Academic Signature. Best regards, Michael Anders From rjh at sixdemonbag.org Mon Mar 17 11:34:21 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Mar 2014 06:34:21 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <1395042325.3103.8.camel@micha137-myAMD-CM1740> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> Message-ID: <5326CFAD.9090203@sixdemonbag.org> > The YYY (->a famous three letter agency) e.g. denies to archive content > of YYY citizens mails. It is thus perfectly reasonable to assume it does > so with all other ones. This is not a reasonable inference. I deny being able to violate the Second Law of Thermodynamics. Is it perfectly reasonable to assume I can violate the First or the Third? No, clearly not: the inference is not logically sound. Neither is your original inference. > Besides, you believe their denials - are you kidding? See my previous post. > sorry again, if we are speaking about the YYY, only metadata if > recipient and sender are YYY citizens and if we believe what the agency > says. I cannot accept this assertion, as it is offered without either direct evidence or logically sound inferences. From martin-gnupg-users at dkyb.de Mon Mar 17 13:43:57 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Mon, 17 Mar 2014 13:43:57 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <5326CFAD.9090203@sixdemonbag.org> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> Message-ID: <5326EE0D.5010009@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 17.03.2014 11:34, schrieb Robert J. Hansen: >> The YYY (->a famous three letter agency) e.g. denies to archive >> content of YYY citizens mails. It is thus perfectly reasonable to >> assume it does so with all other ones. > > This is not a reasonable inference. > > I deny being able to violate the Second Law of Thermodynamics. Is > it perfectly reasonable to assume I can violate the First or the > Third? No, clearly not: the inference is not logically sound. > Neither is your original inference. > That is an odd comparison. What does a statement about a fundamental law of physics which you can't change have to do with a statement about what you are doing, where you are perfectly free to do something else than you say? If that is what you base you judgment as "not a reasonable inference" on I'm truly worried. > >> sorry again, if we are speaking about the YYY, only metadata if >> recipient and sender are YYY citizens and if we believe what the >> agency says. > > I cannot accept this assertion, as it is offered without either > direct evidence or logically sound inferences. > You have not spend time understanding how YYY work it seems to me. How they communicate with the public. How they bend the truth, redefine the meaning of certain words when communicating. How to be over-specific in their denials. - From my understanding it is a perfectly valid inference to assume that the YYY stores also content data of communication. You can find evidence for that in congressional hearings, in Newspapers and so forth. But since the last years revelations and how they dealt with them, how they communicated in congressional hearings, don't seem to be evidence enough for you, I'm afraid no one will be able to help you see that the inferences are reasonable. At first you need to be willing to question their motives and their "truthfulness". Otherwise it doesn't make sense to argue about reasonable or non reasonable inferences. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMm7gsACgkQ/6vdZgk46sipBgCgpCU6TjRXBFSU6HfWAJfoAo4s nwcAn0s7yQT6ZfYBXX1VClQ/0J9+2VCL =nTSx -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Mon Mar 17 15:39:58 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 17 Mar 2014 10:39:58 -0400 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <1953372.7YTjIOk2IF@seven.lan> References: <1953372.7YTjIOk2IF@seven.lan> Message-ID: <5327093E.4060401@fifthhorseman.net> On 03/15/2014 03:53 PM, Juha Heljoranta wrote: > I am not able to get the gpg to verify a signature. > > Any advice how to fix this? > Or could the key 9C973C92 be invalid/broken? > > > $ mkdir -m 700 newgnupg > $ echo foo > zinc-0.2.0.jar > $ wget http://repo1.maven.org/maven2/com/typesafe/zinc/zinc/0.2.0/zinc-0.2.0.jar.asc This is a signature ostensibly made by a 2048-bit DSA key, made over an SHA-1 digest. DSA keys larger than 1024-bits should generally make signatures over stronger digests than SHA-1. See section 4.2 of FIPS-186-4 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf for similar guidance. Perhaps the folks who publish zinc need to --enable-dsa2, or to remove any mistaken "digest-algo sha1" from their signing routines? You could point them at this thread in the gnupg-users archives if you think it would be useful. That said gpg seems to still accept signatures made by even stronger RSA keys over SHA-1. And it even accepts (with a warning) signatures by stronger RSA keys over MD5, which is even weaker than SHA1. So gpg's behavior seems to be non-uniform here. That said, i'd love to be able to tell gpg to ignore or explicitly reject signatures made by strong keys with MD5 digests. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Mon Mar 17 16:14:55 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 17 Mar 2014 11:14:55 -0400 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <1953372.7YTjIOk2IF@seven.lan> References: <1953372.7YTjIOk2IF@seven.lan> Message-ID: <89A4F9A4-D826-419A-A345-2E7084ECAF70@jabberwocky.com> On Mar 15, 2014, at 3:53 PM, Juha Heljoranta wrote: > Hi, > > I am not able to get the gpg to verify a signature. > > Any advice how to fix this? > Or could the key 9C973C92 be invalid/broken? The key may be fine, but the signature is invalid. DSA keys specify how many bits of hash are necessary to make a signature. This key says it needs a 256-bit hash: > gpg: requesting key 9C973C92 from hkp server pgp.mit.edu > gpg: armor: BEGIN PGP PUBLIC KEY BLOCK > gpg: armor header: Version: SKS 1.1.4 > gpg: armor header: Comment: Hostname: pgp.mit.edu > :public key packet: > version 4, algo 17, created 1330048372, expires 0 > pkey[0]: [2048 bits] > pkey[1]: [256 bits] ^^^^^^^^^^^^ But the signature is strange. It claims to be SHA-1: > :signature packet: algo 17, keyid 04918EA99C973C92 > version 4, created 1352169028, md5len 0, sigclass 0x00 > digest algo 2, begin of digest 6f 81 ^^^^^^^^^^^^^ But is way too large: > hashed subpkt 2 len 4 (sig created 2012-11-06) > subpkt 16 len 8 (issuer key ID 04918EA99C973C92) > data: [255 bits] ^^^^^^^^^^^^^^^ Basically, the signature failed verification because it's mangled somehow. I'm not sure how they managed to create it, but it's broken. David From david at systemoverlord.com Mon Mar 17 16:19:20 2014 From: david at systemoverlord.com (David Tomaschik) Date: Mon, 17 Mar 2014 08:19:20 -0700 Subject: locale bug in 1.4 In-Reply-To: <4336699.ORp4OK7q2g@inno> References: <4336699.ORp4OK7q2g@inno> Message-ID: On Sun, Mar 16, 2014 at 9:28 PM, Hauke Laging wrote: > Hello, > > I may have found a locale bug in 1.4.12. I am aware that this is not the > current version but I cannot easily install 1.4.16 now. 1.4.12 is the > version in Knoppix 7.2. > > I have problems with non-ASCII characters when I use batch mode. The > funny part is that this problem does not appear when I generate a > mainkey (from a batch config file). It appears when I add UIDs later: > > echo adduid$'\n'"$name"$'\n'"${email}"$'\n'"${comment}"$'\n'save$'\n' | > LC_ALL= LANGUAGE=en gpg --batch --passphrase foo \ > --command-fd 0 --edit-key Hauke > Why are you setting LC_ALL= LANGUAGE=en? This would cause the switch to iso-8859-1 (well, to the system-wide default charset, but that's most like iso-8859-1). > > The man page says about --display-charset: > "If this option is not used, the default character set is determined > from the current locale." > What you would expect. > > locale looks like this: > > LANG=de_DE.UTF-8 > LANGUAGE=de > LC_CTYPE="de_DE.UTF-8" > LC_NUMERIC="de_DE.UTF-8" > LC_TIME="de_DE.UTF-8" > LC_COLLATE="de_DE.UTF-8" > LC_MONETARY="de_DE.UTF-8" > LC_MESSAGES="de_DE.UTF-8" > LC_PAPER="de_DE.UTF-8" > LC_NAME="de_DE.UTF-8" > LC_ADDRESS="de_DE.UTF-8" > LC_TELEPHONE="de_DE.UTF-8" > LC_MEASUREMENT="de_DE.UTF-8" > LC_IDENTIFICATION="de_DE.UTF-8" > LC_ALL="de_DE.UTF-8" > > gpg --expert --gen-key > > leads to a message: > "You are using the `utf-8` character set." > > The batch pipeline leads to: > "You are using the `iso-8859-1` character set." > Which IMHO pretty well explains the umlaut problems. But it doesn't make > sense to me. Why does GnuPG guess it's not UTF-8 any more just because > of the pipeline? Adding --display-charset utf-8 solves the problem. It > does not occur with 2.0.22 (and some versions before). > > > BTW: Unfortunately I have no clue about internationalization. Is it > correct that LANG and all the LC_ variables have content of this kind > LANG=de_DE.UTF-8 but that LANGUAGE has neither the _ part nor a > character encoding? > > > Hauke > -- > Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ > http://userbase.kde.org/Concepts/OpenPGP_Help_Spread > OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- David Tomaschik OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Mon Mar 17 16:19:45 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 17 Mar 2014 11:19:45 -0400 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <5327093E.4060401@fifthhorseman.net> References: <1953372.7YTjIOk2IF@seven.lan> <5327093E.4060401@fifthhorseman.net> Message-ID: On Mar 17, 2014, at 10:39 AM, Daniel Kahn Gillmor wrote: > On 03/15/2014 03:53 PM, Juha Heljoranta wrote: > >> I am not able to get the gpg to verify a signature. >> >> Any advice how to fix this? >> Or could the key 9C973C92 be invalid/broken? >> >> >> $ mkdir -m 700 newgnupg >> $ echo foo > zinc-0.2.0.jar >> $ wget http://repo1.maven.org/maven2/com/typesafe/zinc/zinc/0.2.0/zinc-0.2.0.jar.asc > > This is a signature ostensibly made by a 2048-bit DSA key, made over an > SHA-1 digest. DSA keys larger than 1024-bits should generally make > signatures over stronger digests than SHA-1. > > See section 4.2 of FIPS-186-4 > http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf for similar > guidance. > > Perhaps the folks who publish zinc need to --enable-dsa2, or to remove > any mistaken "digest-algo sha1" from their signing routines? You could > point them at this thread in the gnupg-users archives if you think it > would be useful. It doesn't matter if you specify --digest-algo sha1. Regardless of the setting of enable-dsa2, it the key wants a 256-bit hash, gpg won't allow you to sign with SHA-1. There is no way to generate that signature, at least in gpg. David From wk at gnupg.org Mon Mar 17 16:49:01 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 17 Mar 2014 16:49:01 +0100 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <5327093E.4060401@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 17 Mar 2014 10:39:58 -0400") References: <1953372.7YTjIOk2IF@seven.lan> <5327093E.4060401@fifthhorseman.net> Message-ID: <874n2wvn9u.fsf@vigenere.g10code.de> On Mon, 17 Mar 2014 15:39, dkg at fifthhorseman.net said: > So gpg's behavior seems to be non-uniform here. That said, i'd love to As required by FIPS-186-3, 4.2: This Standard specifies the following choices for the pair L and N (the bit lengths of p and q, respectively): L = 1024, N = 160 L = 2048, N = 224 L = 2048, N = 256 L = 3072, N = 256 and RFC-4880: 13.6. DSA An implementation SHOULD NOT implement DSA keys of size less than 1024 bits. It MUST NOT implement a DSA key with a q size of less than 160 bits. DSA keys MUST also be a multiple of 64 bits, and the q size MUST be a multiple of 8 bits. The Digital Signature Standard (DSS) [FIPS186] specifies that DSA be used in one of the following ways: * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512 hash * 2048-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash * 3072-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash The above key and q size pairs were chosen to best balance the strength of the key with the strength of the hash. Implementations SHOULD use one of the above key and q size pairs when generating DSA keys. If DSS compliance is desired, one of the specified SHA hashes must be used as well. [FIPS186] is the ultimate authority on DSS, and should be consulted for all questions of DSS compliance. > be able to tell gpg to ignore or explicitly reject signatures made by > strong keys with MD5 digests. Run in enforced FIPS mode ;-) Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Mon Mar 17 17:54:39 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Mar 2014 12:54:39 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <5326EE0D.5010009@dkyb.de> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> Message-ID: <532728CF.3080100@sixdemonbag.org> > That is an odd comparison. What does a statement about a fundamental > law of physics which you can't change have to do with a statement > about what you are doing, where you are perfectly free to do something > else than you say? Try some variations. I deny that I've ever been to Vienna; is it logical to believe, based on that, that I've traveled extensively in Europe? I deny that I've ever seen _Star Wars Episode III_. Is it logical to believe, based only on that, that I've seen every other installment? I deny that I've ever read the second stanza of Coleridge's 'Kubla Khan'. Is it logical to believe, based only on that, that I've read the first? This is all rather irrelevant, though, since it's clear you _a priori_ believe nothing claimed by that outfit. (Which may be justified, mind you. Saying "I do not trust them and I consider all of their statements a nullity: I will only trust what I can independently verify" is a perfectly logical position.) > You have not spend time understanding how YYY work it seems to me. There are two options here: either I confess my ignorance, in which case you'll claim to be more knowledgeable and thus right, or I claim my knowledge, in which case you'll think I'm clearly "too close to them to be trusted." At this point, I don't care what you think. My original statement -- "I have seen no credible claims that anyone anywhere in the world is doing bulk surveillance of email content on an internet-wide scale" -- stands. I stand by that. No more and no less than that. From wk at gnupg.org Mon Mar 17 18:11:15 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 17 Mar 2014 18:11:15 +0100 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <5327093E.4060401@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 17 Mar 2014 10:39:58 -0400") References: <1953372.7YTjIOk2IF@seven.lan> <5327093E.4060401@fifthhorseman.net> Message-ID: <87zjkou4wc.fsf@vigenere.g10code.de> On Mon, 17 Mar 2014 15:39, dkg at fifthhorseman.net said: > So gpg's behavior seems to be non-uniform here. That said, i'd love to > be able to tell gpg to ignore or explicitly reject signatures made by > strong keys with MD5 digests. There is a new option in master: --allow-weak-digest-algos Signatures made with the broken MD5 algorithm are normally rejected with an ``invalid digest algorithm'' message. This option allows the verification of signatures made with such weak algorithms. Right, at some time we may need to add SHA-1 here. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From martin-gnupg-users at dkyb.de Mon Mar 17 19:49:50 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Mon, 17 Mar 2014 19:49:50 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <532728CF.3080100@sixdemonbag.org> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> Message-ID: <532743CE.8070608@dkyb.de> Am 17.03.2014 17:54, schrieb Robert J. Hansen: >> That is an odd comparison. What does a statement about a fundamental >> law of physics which you can't change have to do with a statement >> about what you are doing, where you are perfectly free to do something >> else than you say? > > Try some variations. > > I deny that I've ever been to Vienna; is it logical to believe, based on > that, that I've traveled extensively in Europe? > > I deny that I've ever seen _Star Wars Episode III_. Is it logical to > believe, based only on that, that I've seen every other installment? > > I deny that I've ever read the second stanza of Coleridge's 'Kubla > Khan'. Is it logical to believe, based only on that, that I've read the > first? > All this examples lack the dimension of illogical, untruthful and purposely misleading communication, humans are capable of. Of cause in a pure logical environment all of your examples have to be answered with: You can't draw these conclusions. But taking into account that humans are not strictly logical, and taking into account the past we can reasonably make conclusions which we can't by pure propositional logic. Just one example from the not so far past: "We are not and we will not spy on chancellor Merkel" Without any context and background information it is not "logical" to draw the conclusion that there has been spying in the past. But knowing e.g. who said that, it is reasonable to assume so. > This is all rather irrelevant, though, since it's clear you _a priori_ > believe nothing claimed by that outfit. (Which may be justified, mind > you. Saying "I do not trust them and I consider all of their statements > a nullity: I will only trust what I can independently verify" is a > perfectly logical position.) > >> You have not spend time understanding how YYY work it seems to me. > > There are two options here: either I confess my ignorance, in which case > you'll claim to be more knowledgeable and thus right, or I claim my > knowledge, in which case you'll think I'm clearly "too close to them to > be trusted." There are at least three options: 3. My impression is wrong. > At this point, I don't care what you think. My original statement -- "I > have seen no credible claims that anyone anywhere in the world is doing > bulk surveillance of email content on an internet-wide scale" -- stands. > I was referring to this statement of yours: > I cannot accept this assertion, as it is offered without either direct > evidence or logically sound inferences. I don't care about the direct evidence but the logically sound inference that bulk surveillance of email content on an internet-wide scale is happening is reasonable. But if you want evidence [1]: "At least some of the data traffic coming through the German internet exchange point DE-CIX is diverted to German intelligence and other agencies." They (and this is just the "Germans") divert a certain percentage. It would be illogical if they wound analyze that in some way. Therefor by pure logic a mass surveillance is happening. Now we can argue about how "mass" and "internet-wide scale" are defined, but my assumptions is, that for you this example doesn't fulfill the criteria and because there is no evidence that other countries doing the same your statement will stand. I hope you never have a reason to start caring about what I think. Because your world seems to be the more righteous and calm place and I wish I didn't have to worry about the future of free societies as much. [1] http://www.h-online.com/news/item/PRISM-scandal-internet-exchange-points-as-targets-for-surveillance-1909989.html From juha.heljoranta at iki.fi Mon Mar 17 20:05:13 2014 From: juha.heljoranta at iki.fi (Juha Heljoranta) Date: Mon, 17 Mar 2014 21:05:13 +0200 Subject: Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash In-Reply-To: <5327093E.4060401@fifthhorseman.net> References: <1953372.7YTjIOk2IF@seven.lan> <5327093E.4060401@fifthhorseman.net> Message-ID: <2331387.7k1yz6B7pv@seven.lan> On Monday, March 17, 2014 10:39:58 Daniel Kahn Gillmor wrote: > Perhaps the folks who publish zinc need to --enable-dsa2, or to remove > any mistaken "digest-algo sha1" from their signing routines? You could > point them at this thread in the gnupg-users archives if you think it > would be useful. Thanks! It seems they might sign their next release properly but I notified them just in case. Cheers, Juha From wk at gnupg.org Tue Mar 18 09:28:25 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Mar 2014 09:28:25 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <532743CE.8070608@dkyb.de> (Martin Behrendt's message of "Mon, 17 Mar 2014 19:49:50 +0100") References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> <532743CE.8070608@dkyb.de> Message-ID: <87ha6vud06.fsf@vigenere.g10code.de> On Mon, 17 Mar 2014 19:49, martin-gnupg-users at dkyb.de said: > think. Because your world seems to be the more righteous and calm place > and I wish I didn't have to worry about the future of free societies as I can't read that from Robert's mails. IIRC, the main point here was that traffic analysis is a much more powerful tool than wholesale content analysis. I am not able to decide this but from all what I know the former has a incredible better cost-benefit ratio. Rumors are the NSA employs some mathematicians so that they might be able to do their arithmetic. This does not mean I neglect that mail and other content is regularly scanned to find possible targets and what do I know. Actually we now that Google does this as well as Microsoft for Skype chats. Given that keeping content secret is way easier than mitigating traffic analysis, we need to be excellent in this craft before we are able to widely deploy traffic analysis countermeasures. Shalom-Salam, Werner p.s. Remember ENRON? You may use all their internal mails to play which traffic analysis tools . IIRC, there was even a website to view the connection graphs (enronscope?). -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Tue Mar 18 15:01:10 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Mar 2014 10:01:10 -0400 Subject: Multiple Subkey Pairs In-Reply-To: <87ha6vud06.fsf@vigenere.g10code.de> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> <532743CE.8070608@dkyb.de> <87ha6vud06.fsf@vigenere.g10code.de> Message-ID: <532851A6.1090809@sixdemonbag.org> > I can't read that from Robert's mails. IIRC, the main point here was > that traffic analysis is a much more powerful tool than wholesale > content analysis. I am not in a position to know whether it is for a fact, but that agrees with my understanding. My other position is that we have to be careful what we believe. In these times it's tempting to see shadows and jump at them, believing that we're seeing the bogeyman. We have to resist this temptation. In frightening times, we must pay special attention to logic and reason. From tristan.santore at internexusconnect.net Tue Mar 18 15:20:30 2014 From: tristan.santore at internexusconnect.net (Tristan Santore) Date: Tue, 18 Mar 2014 14:20:30 +0000 Subject: gpg: sending command `SCD PASSWD' to agent failed: ec=6.55 Message-ID: <5328562E.6060402@internexusconnect.net> Dear All, Has anyone seen this before, when trying to change pins or enter pins ? gpg: sending command `SCD PASSWD' to agent failed: ec=6.55 Package versions: gnupg2-smime-2.0.22-1.fc20.x86_64 gnupg2-2.0.22-1.fc20.x86_64 After downgrading to another version from our builders, namely, gnupg2-smime-2.0.21-1.fc20.x86_64 gnupg2-2.0.21-1.fc20.x86_64 this problem is solved. Do you want me to file this one on your bugzilla ? I would file it on ours, but then our poor triage people get to it, then the package maintainer and then it ends up with you anyway, so I may as well file it directly. How can I assist you in providing you more output, so you can debug it ? If, of course, you want me to file this one. Thank you. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore at internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore at fedoraproject.org From martin-gnupg-users at dkyb.de Tue Mar 18 18:53:26 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Tue, 18 Mar 2014 18:53:26 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <532851A6.1090809@sixdemonbag.org> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> <532743CE.8070608@dkyb.de> <87ha6vud06.fsf@vigenere.g10code.de> <532851A6.1090809@sixdemonbag.org> Message-ID: <53288816.3000900@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 18.03.2014 15:01, schrieb Robert J. Hansen: > > My other position is that we have to be careful what we believe. > In these times it's tempting to see shadows and jump at them, > believing that we're seeing the bogeyman. We have to resist this > temptation. In frightening times, we must pay special attention to > logic and reason. > Sorry if I sound cynical but the bogeyman says hallo [1]: "The National Security Agency has built a surveillance system capable of recording ?100 percent? of a foreign country?s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, [...]" and yes, they used that system. So I 100% agree with you, we must pay special attention to logic and reason. And I don't don't know what it takes, but if you still don't see logic and reason in taking the assumption that there is a mass and wide-scale surveillance also of also E-Mail content as fact, than again, I so would like to life in your world. [1] http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMoiBQACgkQ/6vdZgk46sjINwCdFKLlS5PM2oFFbuqF7EJxPVOD cBEAoLwwuW8dIhuMiiDlABtm2f76Vo4z =9EEP -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Mar 18 19:34:20 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Mar 2014 11:34:20 -0700 Subject: Multiple Subkey Pairs In-Reply-To: <53288816.3000900@dkyb.de> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> <532743CE.8070608@dkyb.de> <87ha6vud06.fsf@vigenere.g10code.de> <532851A6.1090809@sixdemonbag.org> <53288816.3000900@dkyb.de> Message-ID: <20140318113420.Horde.IPcXPz1uGUG-u7j7XJZbjQ1@mail.sixdemonbag.org> Quoting Martin Behrendt : > Sorry if I sound cynical but the bogeyman says hallo [1]: Strange: when my nephews were young they would also pass on messages from the Thing That Lived In The Closet. (They never called it the bogeyman. Just "That Thing That Lives In The Closet.") Despite all the times I opened the closet to look for it, I was never able to find it. Let's look at some of the problems here. (1) Given how many flat wrong things get printed in the newspaper, believing this reporting may not be wise. (2) Let's assume it's true. The story only says it can record 100% of a foreign country's telephone calls for up to a month, not that it can store *all* telephone calls for an indefinite period of time. There's still a lot of targeting that has to go on here. Claims of worldwide surveillance are still overblown. (3) The capability may exist, but the story never claims the system has been used. We've had nuclear weapons sitting idle in their silos for decades: this capability may be the information equivalent of a nuke in a silo. (4) Your "yes, they used that system," I simply can't believe, not without seeing supporting evidence. My uncle, a Korean War veteran, tells me that at one point during the war U.S. troops reported they were witnessing tactical nuclear strikes. It turned out this was just the 16-inch guns of the _U.S.S. Iowa_ battleship. Apparently, it's pretty easy to mistake a 16-inch shelling for a tactical nuclear strike. The relevance to our present situation is this: just as it was very easy for troops to see mind-blowingly huge explosions and to conclude the war had just gone nuclear, it is very easy for us to look at fragmentary and often-inaccurate news media reports and leap to conclusions about "that system must exist and it must be in use!" Be careful. Carefully separate out what you see from what cause you're ascribing to it. If you see X, I'm willing to accept that you see X. But so far you seem to be leaping towards "... therefore Y!", and there I think you're on much weaker ground. > And I don't don't know what it > takes, but if you still don't see logic and reason in taking the > assumption that there is a mass and wide-scale surveillance also of > also E-Mail content as fact, than again, I so would like to life in > your world. I never said we should not be aware of the possibility, nor have I ever said that such a thing cannot happen. I said that we should not treat it as fact, because facts are things which can be proven, and so far there's no proof here. Anyway. I've said my peace. I'm done here. From martin-gnupg-users at dkyb.de Tue Mar 18 20:12:57 2014 From: martin-gnupg-users at dkyb.de (Martin Behrendt) Date: Tue, 18 Mar 2014 20:12:57 +0100 Subject: Multiple Subkey Pairs In-Reply-To: <20140318113420.Horde.IPcXPz1uGUG-u7j7XJZbjQ1@mail.sixdemonbag.org> References: <1395042325.3103.8.camel@micha137-myAMD-CM1740> <5326CFAD.9090203@sixdemonbag.org> <5326EE0D.5010009@dkyb.de> <532728CF.3080100@sixdemonbag.org> <532743CE.8070608@dkyb.de> <87ha6vud06.fsf@vigenere.g10code.de> <532851A6.1090809@sixdemonbag.org> <53288816.3000900@dkyb.de> <20140318113420.Horde.IPcXPz1uGUG-u7j7XJZbjQ1@mail.sixdemonbag.org> Message-ID: <53289AB9.7030100@dkyb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 18.03.2014 19:34, schrieb Robert J. Hansen: > (1) Given how many flat wrong things get printed in the newspaper, > believing this reporting may not be wise. > While this in general is true, I really wonder why you say that in the current context. Especially an article where the main facts are backed up by quotes of officials. > (2) Let's assume it's true. The story only says it can record 100% > of a foreign country's telephone calls for up to a month, not that > it can store *all* telephone calls for an indefinite period of > time. There's still a lot of targeting that has to go on here. > Claims of worldwide surveillance are still overblown. > We were talking about mass surveillance on an internet-wide scale. Not of a worldwide 100% surveillance. > (3) The capability may exist, but the story never claims the system > has been used. We've had nuclear weapons sitting idle in their > silos for decades: this capability may be the information > equivalent of a nuke in a silo. > "The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for ?retrospective retrieval,? and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere." All quotes from [1]. > (4) Your "yes, they used that system," I simply can't believe, not > without seeing supporting evidence. > See above. Read the article. If you don't believe them ask them for their source material. "At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned." > My uncle, a Korean War veteran, tells me that at one point during > the war U.S. troops reported they were witnessing tactical nuclear > strikes. It turned out this was just the 16-inch guns of the > _U.S.S. Iowa_ battleship. Apparently, it's pretty easy to mistake > a 16-inch shelling for a tactical nuclear strike. The relevance to > our present situation is this: just as it was very easy for troops > to see mind-blowingly huge explosions and to conclude the war had > just gone nuclear, it is very easy for us to look at fragmentary > and often-inaccurate news media reports and leap to conclusions > about "that system must exist and it must be in use!" > I can't see how it is possible to compare a life threatening situation of an combat situation under stress with reading and understanding a newspaper report. But here are some more quotes from the article: "A senior manager for the program compares it to a time machine" "In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on ?specific alleged intelligence activities.? Speaking generally, she said ?new or emerging threats? are ?often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.?" > Be careful. Carefully separate out what you see from what cause > you're ascribing to it. If you see X, I'm willing to accept that > you see X. But so far you seem to be leaping towards "... therefore > Y!", and there I think you're on much weaker ground. > Yes we were talking about logic and reason. And I told you why I think, even without evidence my "therefore Y" is logically and reasonable. > I never said we should not be aware of the possibility, nor have I > ever said that such a thing cannot happen. > > I said that we should not treat it as fact, because facts are > things which can be proven, and so far there's no proof here. No what you said was this: >> sorry again, if we are speaking about the YYY, only metadata if >> recipient and sender are YYY citizens and if we believe what the >> agency says. > > I cannot accept this assertion, as it is offered without either > direct evidence or logically sound inferences. And I argued why it is a logically sound inference. [1] http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMomrkACgkQ/6vdZgk46siirQCgpJgaTnZn1dW7UgIPStOus57U cfgAn3mQXtElb8TSnlfVtOf2pKka0Wst =zjJY -----END PGP SIGNATURE----- From hans at guardianproject.info Thu Mar 20 14:53:35 2014 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Thu, 20 Mar 2014 09:53:35 -0400 Subject: GnuPrivacyGuard for Android v0.3 released! In-Reply-To: <20140313110102.GA22659@glue.grepular.com> References: <532101A9.4090009@guardianproject.info> <20140313110102.GA22659@glue.grepular.com> Message-ID: <532AF2DF.1010809@guardianproject.info> On 03/13/2014 07:01 AM, Mike Cardwell wrote: > * on the Wed, Mar 12, 2014 at 08:54:01PM -0400, Hans-Christoph Steiner wrote: > >> GnuPrivacyGuard for Android (GPGA) brings GnuPG, the most trusted name in >> encryption, to Android. Easily encrypt, decrypt, sign and verify files of any >> kind, just by sharing them to GPGA. This app aims to provide a complete, >> integrated cryptographic toolkit integrated into the Android experience. > > Does it supply a system of interaction with other apps via intents, like > APG does? I'm just wondering if other apps will be able to integrate > with it in the same way that K-9 Mail integrates with APG to add OpenPGP > encryption for email... We tried to provide the same Intent API as APG, but in the process discovered that in order you use that API, the app had to be pegged to APG anyhow. So instead, we've been working with Dominik Schuermann of OpenKeychain and the K-9 Mail devs to work out a new, better, open API for any app to implement as a OpenPGP provider, and any app to use for OpenPGP services. Our notes on the effort are here, feedback welcome: https://dev.guardianproject.info/projects/gpgandroid/wiki/API_Sketch .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 969 bytes Desc: OpenPGP digital signature URL: From wish at dumain.com Sun Mar 23 16:21:05 2014 From: wish at dumain.com (wish at dumain.com) Date: Sun, 23 Mar 2014 15:21:05 +0000 Subject: How to create GNUPGHOME Message-ID: I want to create an empty GNUPGHOME directory in a non-standard location into which I can import existing keys (both private and public). What is the best way to do this? Thanks in advance William From mailinglisten at hauke-laging.de Sun Mar 23 17:37:21 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 23 Mar 2014 17:37:21 +0100 Subject: How to create GNUPGHOME In-Reply-To: References: Message-ID: <3577687.mY3E3JUnWS@inno> Am So 23.03.2014, 15:21:05 schrieb wish at dumain.com: > I want to create an empty GNUPGHOME directory in a non-standard > location into which I can import existing keys (both private and > public). What is the best way to do this? export GNUPGHOME=/foo/bar mkdir --mode=700 -p "$GNUPGHOME" gpg --list-keys ... unset GNUPGHOME or mkdir --mode=700 -p /foo/bar GNUPGHOME=/foo/bar gpg --list-keys Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From postpics123 at gmail.com Sun Mar 23 13:37:30 2014 From: postpics123 at gmail.com (------ ------) Date: Sun, 23 Mar 2014 13:37:30 +0100 Subject: OpenPGP smartcard and RSA 8192 bit Message-ID: Hi! Just for the sake of curiosity, is it possible to store a 8192 bit RSA key on the OpenPGP smart card? Two keys ? Three keys? Thank you, please include me in CC for reply. John Peters -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin at martinpaljak.net Mon Mar 24 00:02:19 2014 From: martin at martinpaljak.net (Martin Paljak) Date: Sun, 23 Mar 2014 23:02:19 +0000 Subject: OpenPGP smartcard and RSA 8192 bit In-Reply-To: References: Message-ID: No. 4k is the reasonable maximum. -- Martin +372 515 6495 On Sun, Mar 23, 2014 at 12:37 PM, ------ ------ wrote: > Hi! > > Just for the sake of curiosity, is it possible to store a 8192 bit RSA key > on the OpenPGP smart card? Two keys ? Three keys? > > Thank you, please include me in CC for reply. > > John Peters > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From timprepscius at gmail.com Mon Mar 24 00:57:37 2014 From: timprepscius at gmail.com (Tim Prepscius) Date: Sun, 23 Mar 2014 19:57:37 -0400 Subject: test suite of pgp mime messages Message-ID: Is there a test suite of pgp mime messages somewhere in the source code? -tim From dshaw at jabberwocky.com Mon Mar 24 01:26:03 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 23 Mar 2014 20:26:03 -0400 Subject: OpenPGP smartcard and RSA 8192 bit In-Reply-To: References: Message-ID: <5F2A02C3-D397-46FC-AF3F-4073ABB6F387@jabberwocky.com> On Mar 23, 2014, at 8:37 AM, ------ ------ wrote: > Hi! > > Just for the sake of curiosity, is it possible to store a 8192 bit RSA key on the OpenPGP smart card? Two keys ? Three keys? No. You can store three 4096-bit RSA keys. Larger than that is not possible on the card (and not supported in GnuPG even not using a smartcard). David From timprepscius at gmail.com Sun Mar 23 21:27:22 2014 From: timprepscius at gmail.com (Tim Prepscius) Date: Sun, 23 Mar 2014 16:27:22 -0400 Subject: gpg debugging of signed mimes Message-ID: Hello, I'm working on a pgp based webmail. https://github.com/timprepscius/mv Yes, I know, javascript injection. Is there any way I can have gpg apple mail display exactly the part of the mime that was checked for a signature? I'm signing things incorrectly, but I think it is a white space issue... Not sure. It would be helpful if I could see what gpg/apple-mail thinks I signed. (or if anyone has any other hints as to a better way to debug this (besides reading the RFC which I have) ) -tim From postpics123 at gmail.com Mon Mar 24 10:07:13 2014 From: postpics123 at gmail.com (------ ------) Date: Mon, 24 Mar 2014 10:07:13 +0100 Subject: OpenPGP smartcard and RSA 8192 bit In-Reply-To: References: Message-ID: I just followed these instructions and generated a 8192 RSA key with gnupg. http://goo.gl/ycJZkj It works perfectly... John 2014-03-24 0:02 GMT+01:00 Martin Paljak : > No. 4k is the reasonable maximum. > -- > Martin > +372 515 6495 > > > On Sun, Mar 23, 2014 at 12:37 PM, ------ ------ > wrote: > > Hi! > > > > Just for the sake of curiosity, is it possible to store a 8192 bit RSA > key > > on the OpenPGP smart card? Two keys ? Three keys? > > > > Thank you, please include me in CC for reply. > > > > John Peters > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Mon Mar 24 17:46:21 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Mar 2014 09:46:21 -0700 Subject: OpenPGP smartcard and RSA 8192 bit In-Reply-To: References: Message-ID: <20140324094621.Horde.EOyvQVOcSRYnvEp8Mi6sZA6@mail.sixdemonbag.org> > I just followed these instructions and generated a 8192 RSA key with gnupg. > > http://goo.gl/ycJZkj > > It works perfectly... The limits on key size were chosen with great deliberation and for good reasons. Although you are certainly free to change these limits, it would be unwise to do so lightly. Most users who create extremely large certificates will immediately encounter three major problems: * It won't work with smartcards * Other GnuPG users can't verify signatures it makes * Other GnuPG users can't encrypt to it If you need a longer key, then wait for elliptical-curve cryptography to be added to GnuPG. (It should be coming along fairly soon.) From mmn at hethane.se Tue Mar 25 12:38:39 2014 From: mmn at hethane.se (Mikael Nordfeldth) Date: Tue, 25 Mar 2014 12:38:39 +0100 Subject: Trouble importing secret subkeys Message-ID: <53316ABF.5040803@hethane.se> Hello, I'm having trouble creating a subkey-chain to import on a machine that I don't want carrying the master key. Following the Debian subkeys-guide[1] I come pretty far but not all the way (though I can successfully follow it through if I generate a new keypair for testing) The problem I experience is when importing back the 'pubkeys' and 'subkeys' files (see Debian guide): """ $ LANG=C gpg --no-use-agent --allow-secret-key-import --import pubkeys subkeys gpg: key B52E9B31: "Mikael "MMN-o" Nordfeldth " not changed gpg: key B52E9B31: no user ID gpg: Total number processed: 2 gpg: unchanged: 1 gpg: secret keys read: 1 """ After this I cannot do 'gpg -K' (list secret keys). It gives me no output. Even though I have a "secret keys read" status of 1. I get the same result when importing this stuff to a brand new .gnupg config dir. That "no user ID" message seems to be what is the difference between a working import and non working import. And I find it odd that the "key B52E9B31" appears twice - the first time seeming to be correct, the second time giving the error "no user ID". Using minimum amounts of arguments (only --import) gives the same result. Also, I've tried getting this to work with both 'gpg' and 'gpg2' on various machines (generally I've run on latest updates of Debian 7 and some Ubuntu). Unfortunately I do not remember which version of gpg I originally generated my key on, but the creation date is Dec 8 2011, reasonably the 1.x branch. My workaround so far has been to rename the 'subkeys' file to replace 'secring.gpg'. It works, but afaik it's not recommended due to possible binary differences between gpg versions. Things I don't know may be related, but might: * I have multiple IDs with the same email address, mmn at hethane.se (of which I've revoked the "wrong" ones). (but problem remains even if I remove these before export) * I have quotes in the realname (but on my freshly generated test export/imports, that hasn't caused a problem) Here's a list of other users seeming to have the same, pretty uncommon, error message (dating back to 2001): http://www.gossamer-threads.com/lists/gnupg/users/5880 http://www.gossamer-threads.com/lists/gnupg/users/40969 Anyone got ideas if I have somehow corrupted keys so they cannot be imported properly (with --import), or whether I do not apply good practice with my UIDs or something? Thanks for any suggestions on how to get importing my subkeys without the main key to work. [1]. https://wiki.debian.org/Subkeys?action=show&redirect=subkeys -- Mikael "MMN-o" Nordfeldth XMPP/mail: mmn at hethane.se http://blog.mmn-o.se/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Mar 25 14:30:15 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 25 Mar 2014 09:30:15 -0400 Subject: Trouble importing secret subkeys In-Reply-To: <53316ABF.5040803@hethane.se> References: <53316ABF.5040803@hethane.se> Message-ID: <533184E7.6020507@fifthhorseman.net> On 03/25/2014 07:38 AM, Mikael Nordfeldth wrote: > The problem I experience is when importing back the 'pubkeys' and > 'subkeys' files (see Debian guide): Hm, i just ran through the instructions at https://wiki.debian.org/Subkeys with a dummy/test user, and they seemed to work for me. so something else is going on. can you show the output of "gpg --list-packets < subkeys" or "pgpdump < subkeys" ? the output of either of those commands isn't technically sensitive, but you may want to redact the salt and IV and s2k count from any secret key packet output, just to avoid giving anyone a way to start some sort of dictionary precomputation that would be useful should they find a way to get a copy of the subkeys file in the first place (i don't think this is a serious risk). or, if you don't want to broadcast it, you can send me that output offlist (you may encrypt it to my key, 0x0EE5BE979282D80B9F7540F1CCD2ED94D21739E9) and i can look over it privately, and see if i see any problems. if i find anything, i'd report back to you and you could then share with the list. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mmn at hethane.se Tue Mar 25 15:27:16 2014 From: mmn at hethane.se (Mikael "MMN-o" Nordfeldth) Date: Tue, 25 Mar 2014 15:27:16 +0100 Subject: Trouble importing secret subkeys In-Reply-To: <533184E7.6020507@fifthhorseman.net> References: <53316ABF.5040803@hethane.se> <533184E7.6020507@fifthhorseman.net> Message-ID: <53319244.7070603@hethane.se> On 2014-03-25 14:30, Daniel Kahn Gillmor wrote: > On 03/25/2014 07:38 AM, Mikael Nordfeldth wrote: >> The problem I experience is when importing back the 'pubkeys' and >> 'subkeys' files (see Debian guide): > > Hm, i just ran through the instructions at > https://wiki.debian.org/Subkeys with a dummy/test user, and they seemed > to work for me. so something else is going on. Thanks for trying it out. Yes, I can also do this without problems using a newly generated keypair, just not with my B52E9B31 subkeys. What I've tried since I sent my question is attempt to use a full secret export, i.e. --export-secret-keys vs. --export-secret-subkeys. Also I have tried importing the 'pubkeys' files first, and the 'subkeys' in a second run. Both methods had the same problem as before ("no user ID", resulting in no secret keys being imported). > can you show the output of "gpg --list-packets < subkeys" or "pgpdump < > subkeys" ? Because I wasn't entirely sure what the "begin of digest" bytes really imply, I replaced them with XX. But I guess the data in the signature packets are pretty public, right? Anyhow, output with redacted IVs and salts from the subkeys (the master key is, following the --export-secret-subkeys command, a dummy): """ $ gpg --list-packets < subkeys :secret key packet: version 4, algo 1, created 1323359625, expires 0 skey[0]: [4096 bits] skey[1]: [17 bits] gnu-dummy S2K, algo: 3, SHA1 protection, hash: 2 protect IV: keyid: C7CE635BB52E9B31 :secret sub key packet: version 4, algo 1, created 1383649687, expires 0 skey[0]: [4096 bits] skey[1]: [17 bits] [...redacted iter+salt and protect (count|IV) lines...] encrypted stuff follows keyid: AED68932ED2C0D84 :signature packet: algo 1, keyid C7CE635BB52E9B31 version 4, created 1383649687, md5len 0, sigclass 0x18 digest algo 2, begin of digest XX XX hashed subpkt 2 len 4 (sig created 2013-11-05) hashed subpkt 27 len 1 (key flags: 02) hashed subpkt 9 len 4 (key expires after 1y355d0h0m) subpkt 16 len 8 (issuer key ID C7CE635BB52E9B31) subpkt 32 len 540 (signature: v4, class 0x19, algo 1, digest algo 2) data: [4095 bits] :secret sub key packet: version 4, algo 1, created 1383649893, expires 0 skey[0]: [4096 bits] skey[1]: [17 bits] [...redacted iter+salt and protect (count|IV) lines...] encrypted stuff follows keyid: C1DAD4F249ABFC0A :signature packet: algo 1, keyid C7CE635BB52E9B31 version 4, created 1383649893, md5len 0, sigclass 0x18 digest algo 2, begin of digest XX XX hashed subpkt 2 len 4 (sig created 2013-11-05) hashed subpkt 27 len 1 (key flags: 0C) hashed subpkt 9 len 4 (key expires after 1y355d0h0m) subpkt 16 len 8 (issuer key ID C7CE635BB52E9B31) data: [4095 bits] """ If I failed to redact something that may be sensitive, I would be happy to be informed. But I assume the creation times, signature packets etc. aren't sensitive. Also: One thing I noticed is that my output from 'gpg -K' for the master keyring (which I'm exporting from) only has one UID (the JPEG photo), but not the primary UID 'Mikael "MMN-o" Nordfeldth ' which is listed when using the '--edit-key' argument. $ gpg -K /home/mmn/.gnupg/secring.gpg ---------------------------- sec 4096R/B52E9B31 2011-12-08 [expires: 2018-02-28] uid [jpeg image of size 3372] ssb 4096R/D1AC8558 2013-11-05 ssb 4096R/412DC5E3 2013-11-05 ssb 4096R/ED2C0D84 2013-11-05 ssb 4096R/49ABFC0A 2013-11-05 If this lack of UID in the list is related, how can I include my primary UID with the export? Why is it excluded at all? (all I found in the man-page was export-options and how to explicitly allow attribute UIDs, which makes me assume all "normal" UIDs should be included by default on export). -- Mikael "MMN-o" Nordfeldth XMPP/mail: mmn at hethane.se http://blog.mmn-o.se/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Mar 25 16:08:24 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 25 Mar 2014 11:08:24 -0400 Subject: Trouble importing secret subkeys In-Reply-To: <53319244.7070603@hethane.se> References: <53316ABF.5040803@hethane.se> <533184E7.6020507@fifthhorseman.net> <53319244.7070603@hethane.se> Message-ID: <53319BE8.7090208@fifthhorseman.net> On 03/25/2014 10:27 AM, Mikael "MMN-o" Nordfeldth wrote: > Also: One thing I noticed is that my output from 'gpg -K' for the master > keyring (which I'm exporting from) only has one UID (the JPEG photo), > but not the primary UID 'Mikael "MMN-o" Nordfeldth ' > which is listed when using the '--edit-key' argument. aha, this is likely to be the problem! RFC 4880 states that a valid transferable key needs to have at least one User ID: https://tools.ietf.org/html/rfc4880#section-11.1 You can see from your --list-packets dump of subkeys that no user ID is present. (take a look at your example dump from the test account and you'll see an extra user ID and signature packet) > If this lack of UID in the list is related, how can I include my primary > UID with the export? Why is it excluded at all? gpg has some rough edge cases when dealing with changed secret keys. I don't know how you've updated the key, or transferred the key between machines, etc, but it's entirely possible that you ran into something like: https://bugs.gnupg.org/gnupg/issue1543 when combined with a move from a separate home directory. The best advice i know of here is pretty clumsy: i'd use gpgsplit on your two separate files to break out the distinct packets, and then use cat to combine the uid and self-sig packets from the pubkeys file with the secrets from the subkeys file, feeding the result into gpg --import. so something like this: mkdir pubpackets subpackets (cd pubpackets && gpgsplit < ../pubkeys) (cd subpackets && gpgsplit < ../subkeys) cat subpackets/000001-005.secret_key \ pubpackets/000002-013.user_id \ pubpackets/000003-002.sig \ subpackets/000002-007.secret_subkey \ subpackets/000003-002.sig \ subpackets/000004-007.secret_subkey \ subpackets/000005-002.sig \ | gpg --import please let the list know if this works, or if you have any questions about it. regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mmn at hethane.se Tue Mar 25 17:18:06 2014 From: mmn at hethane.se (Mikael "MMN-o" Nordfeldth) Date: Tue, 25 Mar 2014 17:18:06 +0100 Subject: Trouble importing secret subkeys In-Reply-To: <53319BE8.7090208@fifthhorseman.net> References: <53316ABF.5040803@hethane.se> <533184E7.6020507@fifthhorseman.net> <53319244.7070603@hethane.se> <53319BE8.7090208@fifthhorseman.net> Message-ID: <5331AC3E.9040402@hethane.se> On 2014-03-25 16:08, Daniel Kahn Gillmor wrote: > On 03/25/2014 10:27 AM, Mikael "MMN-o" Nordfeldth wrote: >> If this lack of UID in the list is related, how can I include my primary >> UID with the export? Why is it excluded at all? > > [...] > > i'd use gpgsplit on your two separate files to break out the distinct > packets, and then use cat to combine the uid and self-sig packets from > the pubkeys file with the secrets from the subkeys file, feeding the > result into gpg --import. Great, thank you! gpgsplit let me export and thus rebuild the packages into a functioning state for my master and subkey keypairs. > mkdir pubpackets subpackets > (cd pubpackets && gpgsplit < ../pubkeys) > (cd subpackets && gpgsplit < ../subkeys) > > cat subpackets/000001-005.secret_key \ > pubpackets/000002-013.user_id \ > pubpackets/000003-002.sig \ > subpackets/000002-007.secret_subkey \ > subpackets/000003-002.sig \ > subpackets/000004-007.secret_subkey \ > subpackets/000005-002.sig \ > | gpg --import I tried that and then modified the command a little bit (because I figured I maybe can rebuild the entire keyrings): I started, as in your example, with subpackets/000001-006.public_key and then followed with just about all of the other packet-files: * I had to exclude pubpackets/000001-006.public_key because it caused gpg to output the "no user ID" error. * I also excluded the pubpackets/0000*-014.public_subkey files and their respective .sig files, because `gpg -K` then listed 'ssb' AND 'sub' entries, instead of just 'ssb' which I'm used to. So now I have all the desired parts of my public and master keys, from which I have been able export relevant secret subkeys to other machines without running into the "no user ID" error message. Thanks again Daniel! -- Mikael "MMN-o" Nordfeldth XMPP/mail: mmn at hethane.se http://blog.mmn-o.se/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From timprepscius at gmail.com Wed Mar 26 17:20:05 2014 From: timprepscius at gmail.com (Tim Prepscius) Date: Wed, 26 Mar 2014 12:20:05 -0400 Subject: building a pgp mime test suite Message-ID: Greetings, So, I'm slowly building a test suite of pgp mime for: https://github.com/timprepscius/mv If you'd like to help out, please send a mail (encrypted/signed/signed+encrypted/html/just-text/attachment/etc,etc/whatever-you-would-like) to: g at pmx.mooo.com g's public key is: http://pastebin.com/raw.php?i=rW3qmbnE If you'd like your mail to be put in a public set of mails+known-pgp-public-keys, (for other people besides me to test pgp-mime), please indicate in the body of your mail, else I will test with it only privately. If you have any problems sending mail to g, let me know, I'm using postfix with the default configuration, perhaps it needs to be tweaked. I would appreciate any help. Thanks, -tim From postpics123 at gmail.com Wed Mar 26 22:37:05 2014 From: postpics123 at gmail.com (------ ------) Date: Wed, 26 Mar 2014 22:37:05 +0100 Subject: GnuPG encryption with key file Message-ID: Hi, is it possible to encrypt a file with a symmetric cipher (e.g., AES256) using a key file (e.g., a binary file) instead of a password? Thanks. Please include me in CC for reply. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Thu Mar 27 12:36:51 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 27 Mar 2014 12:36:51 +0100 Subject: GnuPG encryption with key file In-Reply-To: References: Message-ID: <53340D53.2040700@digitalbrains.com> On 26/03/14 22:37, ------ ------ wrote: > Hi, > is it possible to encrypt a file with a symmetric cipher (e.g., AES256) using a > key file (e.g., a binary file) instead of a password? No. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dkg at fifthhorseman.net Thu Mar 27 14:30:11 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 27 Mar 2014 09:30:11 -0400 Subject: GnuPG encryption with key file In-Reply-To: References: Message-ID: <87k3bfkbvg.fsf@alice.fifthhorseman.net> On Wed 2014-03-26 17:37:05 -0400, ------ ------ wrote: > is it possible to encrypt a file with a symmetric cipher (e.g., AES256) > using a key file (e.g., a binary file) instead of a password? Yes, but you will need to translate the binary file into a long ascii string first (which means the exact same transformation needs to be done on the decrypting side too, or else decryption will fail). Here is an example, using "base64 -w0" as the translator, while creating the key file from /dev/urandom: 0 dkg at alice:~$ dd if=/dev/urandom of=key bs=256 count=1 1+0 records in 1+0 records out 256 bytes (256 B) copied, 0.000288545 s, 887 kB/s 0 dkg at alice:~$ echo secret info > secret.txt 0 dkg at alice:~$ base64 -w0 From dshaw at jabberwocky.com Thu Mar 27 14:35:21 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 27 Mar 2014 09:35:21 -0400 Subject: GnuPG encryption with key file In-Reply-To: References: Message-ID: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> On Mar 26, 2014, at 5:37 PM, ------ ------ wrote: > Hi, > is it possible to encrypt a file with a symmetric cipher (e.g., AES256) using a key file (e.g., a binary file) instead of a password? Not really, but you can sort of weakly approximate it via something like this: base64 -w0 binary-file-for-passphrase | gpg --passphase-fd 0 --symmetric file-to-encrypt Limitations of the method are that it's not really using the binary file as a key, but rather as a passphrase (so it gets the usual hash treatment), and there is a size limit on how large the passphrase can be (it's in the thousands of characters, but there is a limit). The reason for the base64 is that passphrase-fd stops reading after \n for obvious reasons, and text passphrases can't have \0 in them, so a naturally-occuring \n or \0 in the binary file will truncate your "passphrase". Same reason for the -w0, which tells base64 not to add any \n of its own. David From peter at digitalbrains.com Thu Mar 27 16:52:46 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 27 Mar 2014 16:52:46 +0100 Subject: GnuPG encryption with key file In-Reply-To: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> Message-ID: <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> On 2014-03-27 14:35, David Shaw wrote: > Limitations of the method Plus that it has the same problems as $ echo mysecret|gpg --passphrase-fd 0 That is, it ends up in your history if your shell keeps a history and you don't prevent it, and other users on a multi-user system can see the passphrase / the specific file used as a passphrase in the process list. These issues wouldn't exist if GnuPG actually *supported* key files, and would prompt for the key file as it does for a passphrase. That's why I simply said "no", as in "it is not supported". But you can hack it together. Also, key files easily lead to security-by-obscurity implementations where people think "an attacker doesn't know which file I use", whereas the attacker thinks "let's try all files, that's computationally feasible". But obviously that depends on the way you use it, it's just something to be aware of. > it's not really using the binary file as a key, but rather as a > passphrase I would consider this an advantage: the actual session key has good entropy, and the file is just used to encrypt the session key. Even if a "key file" would be properly supported by GnuPG, I would still prefer this two-step approach. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From vedaal at nym.hush.com Thu Mar 27 17:34:05 2014 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Thu, 27 Mar 2014 12:34:05 -0400 Subject: GnuPG encryption with key file In-Reply-To: <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> Message-ID: <20140327163406.0933B20390@smtp.hushmail.com> On Thursday, March 27, 2014 at 11:56 AM, "Peter Lebbing" wrote: >These issues wouldn't exist if GnuPG actually *supported* key >files, >and would prompt for the key file as it does for a passphrase. ..... >> it's not really using the binary file as a key, but rather as a >> passphrase ..... >the attacker thinks "let's try all files, that's computationally feasible". ===== Even Truecrypt, which does use keyfiles, doesn't do it this way. Truecrypt uses only the first 1mb of a keyfile, no matter how large the file is, and uses it to perform a cryptographic function on the passphrase, with that result then being used to to produce a header key for the encrypted volume. http://www.truecrypt.org/docs/keyfiles-technical-details The suggestions on how to use a keyfile for gnupg, are just using the file as the passphrase. It doesn't really add to the complexity against an attack, and may make it more vulnerable to an attack as pointed out above. If you want a simple way to generate a passphrase of maximum complexity for GnuPG, there is a very easy way to do it; [1] Encrypt a file to one of your private keys. [2] Decrypt the file using the option of '--show-session-key' [3] Use the 64 character session key as the passphrase for whatever you want to symmetrically encrypt with GnuPG. [4] Sore the encrypted file in [1] in a safe place. It is as difficult to brute force passphrase as it would be to brute force the GnuPG encrypted message session key itself. Much as I like different crypto options, I don't think it would really improve GnuPG to have a keyfile option. vedaal From peter at digitalbrains.com Thu Mar 27 17:47:06 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 27 Mar 2014 17:47:06 +0100 Subject: GnuPG encryption with key file In-Reply-To: <20140327163406.0933B20390@smtp.hushmail.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> <20140327163406.0933B20390@smtp.hushmail.com> Message-ID: <5334560A.2020102@digitalbrains.com> On 27/03/14 17:34, vedaal at nym.hush.com wrote: > Even Truecrypt, which does use keyfiles, doesn't do it this way. I don't understand what you mean with "this way", could you explain? I must be reading it differently than you. > Much as I like different crypto options, I don't think it would really > improve GnuPG to have a keyfile option. I don't think it would be an improvement either. I've never really believed in keyfiles in general. Especially because to everything else it is "just a file" instead of "highly sensitive secret data". This means you have to be very careful when handling the file, and assumptions by the tools you use (with regard to swapping out, etcetera) can be detrimental to the security. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From byrnejb at harte-lyne.ca Thu Mar 27 21:50:16 2014 From: byrnejb at harte-lyne.ca (James B. Byrne) Date: Thu, 27 Mar 2014 16:50:16 -0400 Subject: x.509 and gpg Message-ID: <04b61caf82019df04cf65bee7ee792eb.squirrel@webmail.harte-lyne.ca> i86_64 CentOS-6.5 OpenSSL-1.0.1e gnupg2-2.0.14 gpgsm (GnuPG) 2.0.14 libgcrypt 1.4.5 libksba 1.0.7 We operate a private X.509 Certificate Authority (CA) for our company's own use based upon OpenSSL-1.0.1e. Our expertise is limited to issuing and signing X.509 certificates for use with our https services. We are in the process of examining how to best provide email security and GnuPG seems to be the preferred choice. At least, I am unable to discover any reasonable alternative. Members of our staff already possess certificates and keys authenticated by our CA. Therefore it seemed reasonable that these certificates should form the basis of the PGP keys used by the same people. After some research we were able to determine the the process involves exporting the X.509 public and private keys into pksc12 format and then importing that format into gpg format using gpgsm. However, gpgsm does not seem to want to deal with our certificates and I lack the experience or knowledge to determine exactly why. So, I am here asking for your assistance to resolve this problem. I started with a single certificate and key issued to myself and signed by our CA: openssl pkcs12 -export -in 3F.pem -inkey 3F.key -out 3F.p12 I then attempted to import this into my gpg keyring via the command line using gpgsm: gpgsm --import 3F.p12 which resulted in this mess: gpgsm[5321]: can't connect to `/home/byrnejb/.gnupg/S.gpg-agent': No such file or directory gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default gpgsm: can't connect to `/home/byrnejb/.gnupg/S.gpg-agent': No such file or directory gpgsm: gpg-protect-tool: 2256 bytes of RC2 encrypted text gpgsm: gpg-protect-tool: processing certBag gpgsm: gpg-protect-tool: 2376 bytes of 3DES encrypted text gpgsm: gpg-protect-tool: keygrip: 87B740FA84281D0D48AD535A3A5526567FA2EDBF gpgsm: gpg-protect-tool: secret key file `/home/byrnejb/.gnupg/private-keys-v1.d/87B740FA84281D0D48AD535A3A5526567FA2EDBF.key' already existsdirmngr[5378]: error opening `/home/byrnejb/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[5378]: permanently loaded certificates: 0 dirmngr[5378]: runtime cached certificates: 0 dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found gpgsm: issuer certificate {13A6FB6414425B75F5F0F131CF608807E2601240} (#01/DC=harte-lyne.ca,L=Hamilton,ST=Ontario,C=CA,O=Harte & Lyne Limited,OU=Networked Data Services,CN=CA HLL ROOT) not found using authorityKeyIdentifier dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found gpgsm: issuer certificate (#/DC=harte-lyne.ca,L=Hamilton,ST=Ontario,C=CA,O=Harte & Lyne Limited,OU=Networked Data Services,CN=CA HLL ISSUER 01) not found dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found gpgsm: issuer certificate {13A6FB6414425B75F5F0F131CF608807E2601240} (#01/DC=harte-lyne.ca,L=Hamilton,ST=Ontario,C=CA,O=Harte & Lyne Limited,OU=Networked Data Services,CN=CA HLL ROOT) not found using authorityKeyIdentifier dirmngr[5378]: command LOOKUP failed: Not found gpgsm: dirmngr cache-only key lookup failed: Not found gpgsm: total number processed: 2 gpgsm: unchanged: 1 gpgsm: secret keys read: 1 gpgsm: secret keys unchanged: 1 I gather from the first line of error that I should be running gpg-agent. I have read how to start this for command line sessions but I am hesitant to do so before getting some expert help. The session manager I am using for this is gnome-terminal running from a non-privileged gnome desktop manager (gnome-desktop.x86_64-2.28.2). Should I start this from .bash_profile, which would imply that a new gpg-agent would be started for each new session window? or as some have suggested, start it from .Xsession? or perhaps gpg-agent should not be started at all and I should use some option on gpgsm to avoid the need for gpg-agent. In any case, I am also trying to determine how to load our CA root and CA issuer certificates or at least make them known to gpg/gpgsm as this seems necessary given what I have read in the man pages. Guidance on how to proceed at this point would be most welcome. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From peter at digitalbrains.com Fri Mar 28 12:48:52 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 28 Mar 2014 12:48:52 +0100 Subject: GnuPG encryption with key file In-Reply-To: <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> Message-ID: <533561A4.9060302@digitalbrains.com> On 27/03/14 16:52, Peter Lebbing wrote: > Plus that it has the same problems as > > $ echo mysecret|gpg --passphrase-fd 0 > > [...] > Also, key files easily lead to security-by-obscurity implementations where > people think "an attacker doesn't know which file I use", whereas the attacker > thinks "let's try all files, that's computationally feasible". I suddenly realise that in the "problems" I mention I'm making the exact same mistake as the one I'm warning for: I'm assuming that it is secret which file you use, rather than that the contents of the file is secret. If some other user on a multi-user system can see which file I'm using, but doesn't have the rights to access the contents of that file, they are none the wiser. So the "key file" method /is/ better than echo passphrase. It's still a risky thing to use, in my opinion, though. And the hack presented doesn't allow for the common scenario: a key file *as well as* a password. It might be possible to hack that in as well. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dkg at fifthhorseman.net Fri Mar 28 14:08:31 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 28 Mar 2014 09:08:31 -0400 Subject: GnuPG encryption with key file In-Reply-To: <533561A4.9060302@digitalbrains.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> <533561A4.9060302@digitalbrains.com> Message-ID: <5335744F.8050803@fifthhorseman.net> On 03/28/2014 07:48 AM, Peter Lebbing wrote: > And the hack presented doesn't allow for > the common scenario: a key file *as well as* a password. sorry, i think my assumption of the common scenario was very different from yours, or i wouldn't have recommended the conversion i did. i'd assumed that anyone using a "key file" was using it as the equivalent of a kerberos keytab -- a shared secret with some other party that would be closely guarded and kept secret. I sort of took it for granted that the base64-encoding of, say, /bin/ls on any version of any well-known operating system is not a secret and would never be used as a passphrase. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From nb.linux at xandea.de Fri Mar 28 20:09:35 2014 From: nb.linux at xandea.de (nb.linux) Date: Fri, 28 Mar 2014 19:09:35 +0000 Subject: GnuPG encryption with key file In-Reply-To: <533561A4.9060302@digitalbrains.com> References: <0C34F828-E13A-4A04-B80A-EF8497A71B33@jabberwocky.com> <9f69b75845abfa58c6444813414a50bb@butters.digitalbrains.com> <533561A4.9060302@digitalbrains.com> Message-ID: <5335C8EF.2030906@xandea.de> Peter Lebbing: > So the "key file" method /is/ better than echo passphrase. It's still a risky > thing to use, in my opinion, though. And the hack presented doesn't allow for > the common scenario: a key file *as well as* a password. It might be possible to > hack that in as well. hmm.. what about just using cryptsetup/LUKS with passphrase and key file (on a real file, not a block device)? of course that's then without GnuPG.. -- nb.linux From stakanov at freenet.de Mon Mar 31 09:50:24 2014 From: stakanov at freenet.de (stakanov at freenet.de) Date: Mon, 31 Mar 2014 09:50:24 +0200 Subject: Problem / Question about cryptostick Message-ID: <00bfd0f2e676e6a105664cdda4632ad4@email.freenet.de> Hello everybody, I am the owner of the nifty "crypto-stick" (https://www.crypto-stick.com/) but when using it in openSUSE 13.1 I was unable to reach the stick. After a patch the situation is like described in https://bugzilla.novell.com/show_bug.cgi?id=863294 that is: gpg card-status does give a result andthe card is seen:sudo gpg --card-statusscdaemon[7007]: updating slot 0 status: 0x0000->0x0007 (0->1)scdaemon[7007]: reading public key failed: Voce mancante nell'oggettoscdaemon[7007]: reading public key failed: Voce mancante nell'oggettoscdaemon[7007]: reading public key failed: Voce mancante nell'oggettoApplication ID ...: D2760001240102000005000015D60000Version ..........: 2.0Manufacturer .....: ZeitControlSerial number ....: 000015D6Name of cardholder: [not set]Language prefs ..: deSex ..............: unspecifiedURL of public key : [not set]Login data .......: [not set]Signature PIN ....: forcedKey attributes ...: 2048R 2048R 2048RMax. PIN lengths .: 32 32 32PIN retry counter : 3 0 1Signature counter : 0Signature key ....: [none]Encryption key....: [none]Authentication key: [none]General key info..: [none]But:sudo opensc-tool --atrroot's password:No smart card readers found.Kleopatra and gpa do not see any card. They should see it and ask for PIN.But gpg now gives at least the right result. The card is still virgin BTW. Now the question: one of the PIN has been inserted 3 times (probably while not getting feedback on doing it. Is the card blocked? In this case: does Kleopatra see "no card" because it is blocked or is there still a problem on how the support for openscards is done in 13.1? Gpa also does not see it. If I have to reset it, given the serial number and the users that did brick it with a wrong reset code: is the rested code given on the homepage of the stick applicable to mine? With other words, how to reset it without bricking it and b) should the card be visible to the kde apps even if it is blocked? --- Alle Postf?cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen From bw at norbl.com Mon Mar 31 20:18:05 2014 From: bw at norbl.com (Barnet Wagman) Date: Mon, 31 Mar 2014 11:18:05 -0700 Subject: Use own key with symmetric encryption? Message-ID: <5339B15D.2020409@norbl.com> In symmetric encryption (AES256), is it possible for me to supply my own key, rather than entering a passphrase and having a key generated by pgp? thanks From dshaw at jabberwocky.com Mon Mar 31 21:14:45 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 31 Mar 2014 15:14:45 -0400 Subject: Use own key with symmetric encryption? In-Reply-To: <5339B15D.2020409@norbl.com> References: <5339B15D.2020409@norbl.com> Message-ID: <8C134739-262A-4D76-819E-ECC194FDE100@jabberwocky.com> On Mar 31, 2014, at 2:18 PM, Barnet Wagman wrote: > In symmetric encryption (AES256), is it possible for me to supply my own key, rather than entering a passphrase and having a key generated by pgp? No. Not without patching the source. David