From lists at chrispoole.com Sat Jul 2 21:37:51 2011 From: lists at chrispoole.com (Chris Poole) Date: Sat, 2 Jul 2011 20:37:51 +0100 Subject: Change key prefs; few questions Message-ID: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> Hi, I changed the order of preferred ciphers and hash functions using setpref. My public key has changed, but not the fingerprint. Is the done thing now to ask anyone with the key to pull the latest version? (I've already updated the keyserver version.) Thanks From dshaw at jabberwocky.com Sun Jul 3 02:38:33 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 2 Jul 2011 20:38:33 -0400 Subject: Change key prefs; few questions In-Reply-To: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> Message-ID: On Jul 2, 2011, at 3:37 PM, Chris Poole wrote: > Hi, > I changed the order of preferred ciphers and hash functions using setpref. My public key has changed, but not the fingerprint. That is correct. Changing the various preferences does not change the fingerprint. The fingerprint remains constant no matter what you do to the key (changed/new preferences, new subkeys, new user IDs, etc). > Is the done thing now to ask anyone with the key to pull the latest version? (I've already updated the keyserver version.) You can ask them to update, if you like. It's up to you if the change you made to the preferred list is important enough. Some people refresh their keys periodically anyway. David From lists at chrispoole.com Sun Jul 3 10:37:55 2011 From: lists at chrispoole.com (Chris Poole) Date: Sun, 3 Jul 2011 09:37:55 +0100 Subject: Change key prefs; few questions In-Reply-To: References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> Message-ID: <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> Thanks. There's no way to change the cipher used for encrypting the private key itself (CAST5 I believe)? (Not that I would, as I'm sure the default is more than good enough for my needs.) Also, if I understand correctly, someone trying to brute-force the key would need to guess my passphrase, then pass it through the key stretching algorithm that gpg uses, before trying to decrypt the key. How often does the "work function" defining how long the key stretching process take, get updated? (I can't find an option to make it user configurable.) Thanks Chris On 3 Jul 2011, at 01:38, David Shaw wrote: > On Jul 2, 2011, at 3:37 PM, Chris Poole wrote: > >> Hi, >> I changed the order of preferred ciphers and hash functions using setpref. My public key has changed, but not the fingerprint. > > That is correct. Changing the various preferences does not change the fingerprint. The fingerprint remains constant no matter what you do to the key (changed/new preferences, new subkeys, new user IDs, etc). > >> Is the done thing now to ask anyone with the key to pull the latest version? (I've already updated the keyserver version.) > > You can ask them to update, if you like. It's up to you if the change you made to the preferred list is important enough. Some people refresh their keys periodically anyway. > > David > From dshaw at jabberwocky.com Sun Jul 3 16:24:15 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 3 Jul 2011 10:24:15 -0400 Subject: Change key prefs; few questions In-Reply-To: <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> Message-ID: On Jul 3, 2011, at 4:37 AM, Chris Poole wrote: > Thanks. > > There's no way to change the cipher used for encrypting the private key itself (CAST5 I believe)? It is CAST5 by default, but you can change it. To change the cipher, you need to set the passphrase since that's when the encryption for the secret key is set. You can take the opportunity to change the passphrase, or just use the same one as before. This will set your private key cipher to AES: gpg --s2k-cipher-name aes --edit-key (thekey) passwd save > Also, if I understand correctly, someone trying to brute-force the key would need to guess my passphrase, then pass it through the key stretching algorithm that gpg uses, before trying to decrypt the key. How often does the "work function" defining how long the key stretching process take, get updated? (I can't find an option to make it user configurable.) It's configurable in the same way that changing the encryption is: you need to do it while changing the password. Add "--s2k-count XXX" to the above command line and you can set how many iterations are done. It can range from 1024 to 65011712, and the default is 65536. Note that not all possible values are legal, and if you pick an illegal value, GnuPG will round it up to the next higher legal value. David From expires2011 at ymail.com Sun Jul 3 16:58:07 2011 From: expires2011 at ymail.com (MFPA) Date: Sun, 3 Jul 2011 15:58:07 +0100 Subject: Change key prefs; few questions In-Reply-To: References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> Message-ID: <858970447.20110703155807@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 3 July 2011 at 3:24:15 PM, in , David Shaw wrote: > This will set your private key cipher to AES: > gpg --s2k-cipher-name aes --edit-key (thekey) passwd > save Is there a reason to do this? - -- Best regards MFPA mailto:expires2011 at ymail.com A candle loses nothing by lighting another candle -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOEIOOnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pJQ8EAJP5 JY/HMV/KguC/wT0YfBxOw1/Q9LuoTtN69s2JpQwuW3Pdz/VNskZMttQIeoNhlQGQ pOvyN22LMuFEpFp1Kc2wGFRI00sXvCwRv44c2JLxz8qvlKaVfUKrcFIIO17YV3tL tirA7gYwayLUE/ZZJyGS1wDQUgoasDh0eRlinM8U =SZjq -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Jul 3 17:45:33 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 3 Jul 2011 11:45:33 -0400 Subject: Change key prefs; few questions In-Reply-To: <858970447.20110703155807@my_localhost> References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> <858970447.20110703155807@my_localhost> Message-ID: <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com> On Jul 3, 2011, at 10:58 AM, MFPA wrote: > On Sunday 3 July 2011 at 3:24:15 PM, in > , David Shaw > wrote: > > > >> This will set your private key cipher to AES: > >> gpg --s2k-cipher-name aes --edit-key (thekey) passwd >> save > > Is there a reason to do this? There are some obscure edge cases where you must have a 3DES or AES encrypted private key, but for the overwhelming majority of people, no, there is no reason to do this. The default (CAST5) is quite strong (which the original poster acknowledged). It's just helpful to know what the "knobs" are to understand how something as complex as OpenPGP is put together. David From lists at chrispoole.com Sun Jul 3 18:15:07 2011 From: lists at chrispoole.com (Chris Poole) Date: Sun, 3 Jul 2011 17:15:07 +0100 Subject: Change key prefs; few questions In-Reply-To: <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com> References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> <858970447.20110703155807@my_localhost> <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com> Message-ID: On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: > There are some obscure edge cases where you must have a 3DES or AES encrypted > private key, but for the overwhelming majority of people, no, there is no > reason to do this. ?The default (CAST5) is quite strong (which the original > poster acknowledged). ?It's just helpful to know what the "knobs" are to > understand how something as complex as OpenPGP is put together. Exactly, it's just good to know. I won't bother changing the cipher or count, but this leaves me with one final question: In a few years, assuming GPUs are faster than ever, Moore's law is still on track, and all that; should I change the number of iterations with --s2k-count? The default 65536 is probably fine for now, but it'll certainly end up being too slow. gpg won't do this for me, or counteract this in another way? Thanks Chris From dshaw at jabberwocky.com Mon Jul 4 05:01:39 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 3 Jul 2011 23:01:39 -0400 Subject: Change key prefs; few questions In-Reply-To: References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> <858970447.20110703155807@my_localhost> <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com> Message-ID: On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >> There are some obscure edge cases where you must have a 3DES or AES encrypted >> private key, but for the overwhelming majority of people, no, there is no >> reason to do this. The default (CAST5) is quite strong (which the original >> poster acknowledged). It's just helpful to know what the "knobs" are to >> understand how something as complex as OpenPGP is put together. > > Exactly, it's just good to know. I won't bother changing the cipher or count, > but this leaves me with one final question: > > In a few years, assuming GPUs are faster than ever, Moore's law is still on > track, and all that; should I change the number of iterations with --s2k-count? > The default 65536 is probably fine for now, but it'll certainly end up being too > slow. gpg won't do this for me, or counteract this in another way? GnuPG generally has its defaults updated every now and then. While some of the new possible defaults (DSA/Elgamal keys becoming RSA/RSA, new default key sizes) do require the generation of a new key to use, others (default preferences, secret key protection, and secret key iteration count) are available to any key. Since secret key cipher and iteration count are tied to the encryption of the secret key (via the passphrase), if you just change your passphrase with that new version of GnuPG, you'll automatically pick up a new cipher and iteration count. PGP has a clever trick to set an appropriate s2k-count without knowing anything about the various processors it will be run on: it simply figures out how many iterations it can do in 1/10 of a second (which always results in a value higher than 65536 these days), and uses that. I believe that the newer GPG (2.x) has some support for this design, but I don't recall offhand if it is using it fully yet. We should probably raise the (static) GPG 1.x count as well at some point. It's been 65536 for a long time (over a decade). It's not unreasonable to raise your s2k-count for your secret key. If you pick a value that is too high and you find it annoying, you can always set it back down to something lower. It doesn't cause any real harm if you go too high - just wastes some of your time (which is sort of the point!) That's for secret keys, of course. More complex is sending passphrase-encrypted messages (which also have a s2k-count), where you don't know the CPU capabilities of the recipient. There was a case a year or two back where receiving an OpenPGP message with a too-high s2k-count would cause a device to hit its deadman timer since it spent so much time iterating passphrases. Someone had created the message on a fast machine (and so didn't notice the delay), and sent it to someone on a slow machine which was clobbered by it. Of course, if you want extra security against brute forcing, even better than bumping up your s2k-count would be to just add a character or three to your passphrase. David From lists at chrispoole.com Mon Jul 4 08:37:05 2011 From: lists at chrispoole.com (Chris Poole) Date: Mon, 4 Jul 2011 07:37:05 +0100 Subject: Change key prefs; few questions In-Reply-To: References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> <858970447.20110703155807@my_localhost> <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com>

Message-ID: <8F1FBF0D-C102-4975-9733-E741D8722BB3@chrispoole.com> Thanks for the detailed reply. Since --s2k-count will just affect the encryption of my private key, I'll go ahead and give myself a half second delay. > sending passphrase-encrypted messages (which also have a s2k-count) By this you mean symmetrically-encrypted messages, with the -c flag? So I can just use the --s2k-count flag again, to change this. Presumably it's pretty pointless to change the count for asymmetrically-encrypted messages, since the session key will be long enough to discourage any brute forcing anyway. Cheers Chris On 4 Jul 2011, at 04:01, David Shaw wrote: > On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > >> On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >>> There are some obscure edge cases where you must have a 3DES or AES encrypted >>> private key, but for the overwhelming majority of people, no, there is no >>> reason to do this. The default (CAST5) is quite strong (which the original >>> poster acknowledged). It's just helpful to know what the "knobs" are to >>> understand how something as complex as OpenPGP is put together. >> >> Exactly, it's just good to know. I won't bother changing the cipher or count, >> but this leaves me with one final question: >> >> In a few years, assuming GPUs are faster than ever, Moore's law is still on >> track, and all that; should I change the number of iterations with --s2k-count? >> The default 65536 is probably fine for now, but it'll certainly end up being too >> slow. gpg won't do this for me, or counteract this in another way? > > GnuPG generally has its defaults updated every now and then. While some of the new possible defaults (DSA/Elgamal keys becoming RSA/RSA, new default key sizes) do require the generation of a new key to use, others (default preferences, secret key protection, and secret key iteration count) are available to any key. Since secret key cipher and iteration count are tied to the encryption of the secret key (via the passphrase), if you just change your passphrase with that new version of GnuPG, you'll automatically pick up a new cipher and iteration count. > > PGP has a clever trick to set an appropriate s2k-count without knowing anything about the various processors it will be run on: it simply figures out how many iterations it can do in 1/10 of a second (which always results in a value higher than 65536 these days), and uses that. I believe that the newer GPG (2.x) has some support for this design, but I don't recall offhand if it is using it fully yet. We should probably raise the (static) GPG 1.x count as well at some point. It's been 65536 for a long time (over a decade). > > It's not unreasonable to raise your s2k-count for your secret key. If you pick a value that is too high and you find it annoying, you can always set it back down to something lower. It doesn't cause any real harm if you go too high - just wastes some of your time (which is sort of the point!) That's for secret keys, of course. More complex is sending passphrase-encrypted messages (which also have a s2k-count), where you don't know the CPU capabilities of the recipient. There was a case a year or two back where receiving an OpenPGP message with a too-high s2k-count would cause a device to hit its deadman timer since it spent so much time iterating passphrases. Someone had created the message on a fast machine (and so didn't notice the delay), and sent it to someone on a slow machine which was clobbered by it. > > Of course, if you want extra security against brute forcing, even better than bumping up your s2k-count would be to just add a character or three to your passphrase. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Mon Jul 4 08:58:19 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 04 Jul 2011 08:58:19 +0200 Subject: Change key prefs; few questions In-Reply-To: (David Shaw's message of "Sun, 3 Jul 2011 23:01:39 -0400") References: <8C71EFB9-6B22-42AC-92FA-0B414187F584@chrispoole.com> <9625C6B4-76D3-409E-95C8-04E0F0D1CE1C@chrispoole.com> <858970447.20110703155807@my_localhost> <165AFCE3-C523-4703-83C2-04AC7A348666@jabberwocky.com>

Message-ID: <878vseedmc.fsf@vigenere.g10code.de> On Mon, 4 Jul 2011 05:01, dshaw at jabberwocky.com said: > figures out how many iterations it can do in 1/10 of a second (which > always results in a value higher than 65536 these days), and uses > that. I believe that the newer GPG (2.x) has some support for this > design, but I don't recall offhand if it is using it fully yet. We We have it working since 2.0.15 and gpg2 uses it. It would be easy to backport it to 1.4 and use it if use-agent is used (look for agent_get_s2k_count). We need to use a persistent process (like the agent) to do the calibration so that it does not take too long. You may use gpg-connect-agent 'getinfo s2k_count' /bye to see the number of iterations. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Mon Jul 4 09:53:31 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 04 Jul 2011 03:53:31 -0400 Subject: Len Sassaman Message-ID: <4E11717B.2080803@sixdemonbag.org> Len Sassaman, a former employee of PGP (during the 1998-2001 time period) who was also instrumental in writing the Mixmaster anonymous remailers, died yesterday in Belgium in an apparent suicide brought on by severe depression. I knew Len: not as well as many, more than most. We had a conflicted and mixed history. That said, no one who knew him could doubt his commitment to anonymity and privacy. These issues occupied a great deal of his time and life, and our community is stronger for his participation in it. /Accipe fraterno multum manantia fletu, Atque in perpetuum, frater, ave atque vale./ -- Catullus From marcus.brinkmann at ruhr-uni-bochum.de Mon Jul 4 19:05:40 2011 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 4 Jul 2011 19:05:40 +0200 Subject: [Announce] libassuan 2.0.2 released Message-ID: <4E11F2E4.7030902@ruhr-uni-bochum.de> Hi, libassuan 2.0.2 is a minor release of libassuan. It provides a shared library which is a dependency of of the upcoming versions of GPGME, GnupG 2.1.x and others. ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.2.tar.bz2 ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.2.tar.bz2.sig The sha1sums of these files are: e843fd96b4cb05eb737e465891034229f50469d4 libassuan-2.0.1-2.0.2.diff.bz2 dbcd96e2525d4c3a2da9e8054a06fa517f20a185 libassuan-2.0.2.tar.bz2 74b09f626c67ffe51ba21a38b7bed0ea35112c6b libassuan-2.0.2.tar.bz2.asc Noteworthy changes in version 2.0.2 (2010-06-16) ------------------------------------------------ * A new flag may now be used to convey comments via assuan_transact. * A new flag value may now be used to disable logging. * The gpgcedev.c driver now provides a log device. * It is now possible to overwrite socket and connect functions in struct assuan_system_hooks. * Interface changes relative to the 2.0.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASSUAN_CONVEY_COMMENTS NEW. ASSUAN_NO_LOGGING NEW. assuan_system_hooks_t CHANGED: Added socket and connect members. ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2. assuan_register_pre_cmd_notify NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From marcus.brinkmann at ruhr-uni-bochum.de Mon Jul 4 19:06:01 2011 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 4 Jul 2011 19:06:01 +0200 Subject: [Announce] GPGME 1.3.1 released Message-ID: <4E11F2F9.9050306@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.3.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.1.tar.bz2.sig It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel at gnupg.org The sha1sum checksums for this distibution are 7d19a95a2239da13764dad7f97541be884ec5a37 gpgme-1.3.1.tar.bz2 93316a81a8f903c5b604716b6937884ea7b0917a gpgme-1.3.1.tar.bz2.sig Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ * Ported to Windows CE. * Detect GPG versions not supporting ---passwd. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_EXPORT_MODE_MINIMAL NEW GPGME_STATUS_SUCCESS NEW gpgme_err_code_from_syserror NEW gpgme_err_set_errno NEW gpgme_error_from_errno CHANGED: Return gpgme_error_t (compatible type). gpgme_error_from_syserror NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mb at g10code.com Mon Jul 4 20:35:20 2011 From: mb at g10code.com (Marcus Brinkmann) Date: Mon, 04 Jul 2011 18:35:20 -0000 Subject: [Announce] GPGME 1.3.1 released Message-ID: <4DFA27BB.8090106@g10code.com> Hi, We are pleased to announce version 1.3.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.1.tar.bz2.sig It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel at gnupg.org The sha1sum checksums for this distibution are 7d19a95a2239da13764dad7f97541be884ec5a37 gpgme-1.3.1.tar.bz2 93316a81a8f903c5b604716b6937884ea7b0917a gpgme-1.3.1.tar.bz2.sig Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ * Ported to Windows CE. * Detect GPG versions not supporting ---passwd. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_EXPORT_MODE_MINIMAL NEW GPGME_STATUS_SUCCESS NEW gpgme_err_code_from_syserror NEW gpgme_err_set_errno NEW gpgme_error_from_errno CHANGED: Return gpgme_error_t (compatible type). gpgme_error_from_syserror NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mb at g10code.com Mon Jul 4 21:15:56 2011 From: mb at g10code.com (Marcus Brinkmann) Date: Mon, 04 Jul 2011 19:15:56 -0000 Subject: [Announce] libassuan 2.0.2 released Message-ID: <4DFA273E.3040807@g10code.com> Hi, libassuan 2.0.2 is a minor release of libassuan. It provides a shared library which is a dependency of of the upcoming versions of GPGME, GnupG 2.1.x and others. ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.2.tar.bz2 ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.2.tar.bz2.sig The sha1sums of these files are: e843fd96b4cb05eb737e465891034229f50469d4 libassuan-2.0.1-2.0.2.diff.bz2 dbcd96e2525d4c3a2da9e8054a06fa517f20a185 libassuan-2.0.2.tar.bz2 74b09f626c67ffe51ba21a38b7bed0ea35112c6b libassuan-2.0.2.tar.bz2.asc Noteworthy changes in version 2.0.2 (2010-06-16) ------------------------------------------------ * A new flag may now be used to convey comments via assuan_transact. * A new flag value may now be used to disable logging. * The gpgcedev.c driver now provides a log device. * It is now possible to overwrite socket and connect functions in struct assuan_system_hooks. * Interface changes relative to the 2.0.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASSUAN_CONVEY_COMMENTS NEW. ASSUAN_NO_LOGGING NEW. assuan_system_hooks_t CHANGED: Added socket and connect members. ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2. assuan_register_pre_cmd_notify NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From onemailid4mailinglists at edpnet.be Wed Jul 6 15:30:36 2011 From: onemailid4mailinglists at edpnet.be (Olivier N.) Date: Wed, 06 Jul 2011 15:30:36 +0200 Subject: Error messages when generating new keys In-Reply-To: <87sjqvjei9.fsf@vigenere.g10code.de> References: <4E03C16C.1040200@edpnet.be> <87y60nl6go.fsf@vigenere.g10code.de> <4E08BB32.9030408@edpnet.be> <87sjqvjei9.fsf@vigenere.g10code.de> Message-ID: <4E14637C.6070902@edpnet.be> Hello Werner, >> 2. I tried "$ gpg2 --gen-key", chose default options >> and entered my infos (email address, name,?) >> and I got: >> gpg: problem with the agent: Bad CA certificate >> gpg: problem with the agent: Invalid card >> gpg: Key generation canceled. > > You are either running a version of gpg-agent which is too old or gpg > started that version of gpg-agent but expected another one. Or there is > another daemon taking over the connection between gpg2 and gpg-agent. > Seahorse as well as the gnome-keychain(?) used to do this (which is > something they should not do). > > Adding the options "--verbose --debug 2048" to the command line may give > you some more insight. Make sure all gpg-agent's are stopped. I modified a lot my Linux box these last few days: upgrades, new WM (ratpoison instead of gnome) and so on. I then tried gpg2 again and I have no error message anymore. Great! Even though I have no idea what solved my problem. In a few days, I'll have to install it and use it on computers running Windows. Hope everything will run fine. Thanks again, Olivier From marcio.barbado at gmail.com Wed Jul 6 19:28:55 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Wed, 6 Jul 2011 14:28:55 -0300 Subject: Is the OpenPGP model still useful? In-Reply-To: <4DBAB94B.9000600@sixdemonbag.org> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> Message-ID: Hello, resuming this thread because I'm studying encryption options for KDE's Kopete IM client. So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? Regards, On Fri, Apr 29, 2011 at 10:12 AM, Robert J. Hansen wrote: > On 4/28/11 11:05 AM, Michel Messerschmidt wrote: >> Sounds very much like Off-the-Record messaging for every kind of >> communication. Or is there a difference I have missed? > > The barrier to usage is still high with OTR: users still have to > authenticate, and you can get horrible sync issues. ?Plus, let's not > forget the wacky hijinks that occur if you're logged into IM from two > places at once -- although this is explicitly supported by some IM > protocols (Jabber), with OTR it causes no end of troubles. > > The thought experiment here -- it's not a real proposal -- is, "what > would happen if we discarded authentication entirely, and went purely > for a require-brute-force approach to discover the random session key?" > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Marcio Barbado, Jr. From dkg at fifthhorseman.net Wed Jul 6 21:09:02 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 06 Jul 2011 15:09:02 -0400 Subject: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?] In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> Message-ID: <4E14B2CE.4050104@fifthhorseman.net> On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: > resuming this thread because I'm studying encryption options for KDE's > Kopete IM client. Hmm, i'm not sure this is the best place for this discussion, so i've marked the subject line OT for "off-topic" -- if you think there might be a better discussion list, feel free to follow up there. > So far, OTR adoption seems unjustifiable, really. I mean, it uses the > Diffie-Hellman key exchange method with block ciphers. Why does this seem unjustifiable to you? DH and block ciphers are widely-reviewed parts of the standard crypto toolkit. Do you have reason to believe they're generally bad? > As of what I got from your (Robert) explanation plus some preliminary > conclusions of my studies, making use of asymmetric algos with OpenPGP > would be more coherent and secure, mathematically. Is it correct? Not all of these decisions should be made on purely mathematical grounds. Consider, for example, pidgin's old GPG plugin (i dont know whether it is still in use or under development) It worked by signing and encrypting each message before it was sent, and decrypting and verifying each response. However, IM messages tend to be heavily context-dependent, which makes them vulnerable to replay attacks. For example, how many times have you written on IRC (or whatever IM network you use) the simple phrase "i agree"? If each message is individually signed and verified, it'd be relatively easy for an attacker to replay your "i agree" in another conversation, making it look like you agreed to something you hadn't actually agreed to. OTR's stream-based approach ensures that messages are only authenticated as part of a single, two-party conversation. There is no room for a replay attack. OTR also is designed so that a third-party (one not involved in the original communication can't conclusively prove that you wrote something. this is the "off the record" part of OTR. It's debatable how useful this so-called "repudiability" would be in, say, a court of law; but individually-signed messages clearly do *not* have this kind of repudiability; anyone in possession of one of these messages can convince any third party that you did in fact write the message. Note that we're just talking here about message/conversation signing, encryption, and verification; iirc, the original thread was asking about OpenPGP's certification model (that is, how multi-issuer OpenPGP certificates are used to bind identities to public keys), which is an entirely different (though related) topic. hope this helps, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Wed Jul 6 21:37:16 2011 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 06 Jul 2011 12:37:16 -0700 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> Message-ID: <4E14B96C.9080009@dougbarton.us> On 07/06/2011 10:28, Marcio B. Jr. wrote: > Hello, > resuming this thread because I'm studying encryption options for KDE's > Kopete IM client. > > So far, OTR adoption seems unjustifiable, really. I mean, it uses the > Diffie-Hellman key exchange method with block ciphers. > > As of what I got from your (Robert) explanation plus some preliminary > conclusions of my studies, making use of asymmetric algos with OpenPGP > would be more coherent and secure, mathematically. Is it correct? IDOYTM, which you haven't defined. Personally I've used OTR for years, and am a big fan. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From marcio.barbado at gmail.com Wed Jul 6 22:39:44 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Wed, 6 Jul 2011 17:39:44 -0300 Subject: Is the OpenPGP model still useful? In-Reply-To: <4E14B96C.9080009@dougbarton.us> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B96C.9080009@dougbarton.us> Message-ID: Dear Doug, I don't know what "IDOYTM" is supposed to mean, "and am" afraid I'm not enough-of-a-teenager to get really concerned with that. If the existence of big fans justifies quality, Amy Winehouse would be Teresa of Calcutta. My question, which, I must emphasize for you, is a question ? not an assertion, was on mathematical coherence. Regards, On Wed, Jul 6, 2011 at 4:37 PM, Doug Barton wrote: > On 07/06/2011 10:28, Marcio B. Jr. wrote: >> >> Hello, >> resuming this thread because I'm studying encryption options for KDE's >> Kopete IM client. >> >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >> Diffie-Hellman key exchange method with block ciphers. >> >> As of what I got from your (Robert) explanation plus some preliminary >> conclusions of my studies, making use of asymmetric algos with OpenPGP >> would be more coherent and secure, mathematically. Is it correct? > > IDOYTM, which you haven't defined. > > Personally I've used OTR for years, and am a big fan. > > -- > > ? ? ? ?Nothin' ever doesn't change, but nothin' changes much. > ? ? ? ? ? ? ? ? ? ? ? ?-- OK Go > > ? ? ? ?Breadth of IT experience, and depth of knowledge in the DNS. > ? ? ? ?Yours for the right price. ?:) ?http://SupersetSolutions.com/ > > Marcio Barbado, Jr. From rjh at sixdemonbag.org Wed Jul 6 22:49:52 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 06 Jul 2011 13:49:52 -0700 Subject: Is the OpenPGP model still =?UTF-8?Q?useful=3F?= In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> Message-ID: <9f90ae22ddbdf320de745e5899e91bbe@localhost> > So far, OTR adoption seems unjustifiable, really. I mean, it uses the > Diffie-Hellman key exchange method with block ciphers. Why is this a problem? > As of what I got from your (Robert) explanation plus some preliminary > conclusions of my studies, making use of asymmetric algos with OpenPGP > would be more coherent and secure, mathematically. Is it correct? "Coherent" and "secure" are in the eyes of the beholder. Your statement doesn't lend itself to a "yes, you're right" or a "no, you're wrong" answer -- it's just not something I can answer. Coherency and security are matters of personal taste and policy. From dougb at dougbarton.us Wed Jul 6 22:50:45 2011 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 06 Jul 2011 13:50:45 -0700 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B96C.9080009@dougbarton.us> Message-ID: <4E14CAA5.5040701@dougbarton.us> On 07/06/2011 13:39, Marcio B. Jr. wrote: > Dear Doug, > I don't know what "IDOYTM" is supposed to mean, It depends on your threat model. You haven't defined what you're guarding against, so it's impossible to judge how potential solutions may or may not help. > "and am" afraid I'm > not enough-of-a-teenager to get really concerned with that. > > If the existence of big fans justifies quality, Amy Winehouse would be > Teresa of Calcutta. Um, yeah, Ok. > My question, which, I must emphasize for you, is a question ? not an > assertion, was on mathematical coherence. And like I said (and Daniel said in more detail) OTR has some very valid uses cases, but without knowing what your goals are it's hard to respond intelligently. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From gnupg at oneiroi.net Thu Jul 7 01:52:42 2011 From: gnupg at oneiroi.net (Milo) Date: Thu, 7 Jul 2011 01:52:42 +0200 Subject: Is the OpenPGP model still useful? In-Reply-To: <9f90ae22ddbdf320de745e5899e91bbe@localhost> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> Message-ID: <20110706235242.GA24737@helcaraxe.net> On Wed, Jul 06, 2011 at 01:49:52PM -0700, Robert J. Hansen wrote: > (...) > > -- it's just not something I can answer. Coherency and security are > matters of personal taste and policy. Are you sure about that? then find a person who will tell you that (you like thought experiments, don't you?) during obvious live threat situation feels secure. You can imaging what will be a common anwser, right? Defining from the scratch all the terms and dictionaries before starting conversation is somehow bogus. Robert, if you will look around you will find fine and common/universal-enough definitions of security in context adequate to this thread. If you doubt about that start a thread for revisiting - for example - wikipedia's terms regarding IT/information security stuff. I think that most people (and I'm saying about _most_ of them) will agree that there are fine. Perhaps instead of serving extreme form of relativism is better to not anwser at all. I think that informative and didactic value of such response is negligible. -- Kind regards, Milo From rjh at sixdemonbag.org Thu Jul 7 05:47:15 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 06 Jul 2011 23:47:15 -0400 Subject: Is the OpenPGP model still useful? In-Reply-To: <20110706235242.GA24737@helcaraxe.net> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <20110706235242.GA24737@helcaraxe.net> Message-ID: <4E152C43.7050007@sixdemonbag.org> On 7/6/2011 7:52 PM, Milo wrote: > Are you sure about that? then find a person who will tell you that (you like > thought experiments, don't you?) during obvious live threat situation > feels secure. You can imaging what will be a common anwser, right? You must not know many United States Marines. They're a screwy bunch. They kind of like getting shot at: it keeps them on their toes. On the other side of the coin, consider someone suffering from combat-related post traumatic stress disorder, for whom there is literally no environment that allows them to feel safe. One group of people finds even "obvious live threat situations" to be invigorating and they feel quite confident about their ability to thrive in such situations, and another group of people considers all situations, even "obviously" safe ones, to be mortal threats. I think we ought be very careful in making universal statements about what all people agree upon with respect to security. It seems to me to be quite likely there are no such things. As with so many things in life, IDOYTM. Define your threat model, and then we can talk about "coherency" and "security." Not before then. From expires2011 at ymail.com Thu Jul 7 20:45:51 2011 From: expires2011 at ymail.com (MFPA) Date: Thu, 7 Jul 2011 19:45:51 +0100 Subject: Is the OpenPGP model still useful? In-Reply-To: <20110706235242.GA24737@helcaraxe.net> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <20110706235242.GA24737@helcaraxe.net> Message-ID: <1651735603.20110707194551@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 7 July 2011 at 12:52:42 AM, in , Milo wrote: > I think that informative and didactic value of such > response is negligible. Even if that were true, there would still be the entertainment value. But iconoclasm can be instructive; think for yourself, otherwise you have to believe what others tell you. - -- Best regards MFPA mailto:expires2011 at ymail.com Dollar sign - An S that's been double crossed -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOFf7nnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pChQEAJYQ Q4K6U5fTAnY3RuX759nGi0S9UJThGXqZxT21dipbJApwpf4pQ80deQ2oG6zkgnnS +HZWyiJegtryQhPm7K8FoIAI6q35Npao9bgPN0dbw/wznvWuMA+JFtspfXeHWfRJ 2o9pSC9aRlwasgolL0AoTPXjE9aDU/Q/pyw38AwF =BZ8J -----END PGP SIGNATURE----- From lists at meumonus.com Fri Jul 8 00:06:14 2011 From: lists at meumonus.com (Devin Fisher) Date: Thu, 7 Jul 2011 22:06:14 +0000 Subject: Keygrip Message-ID: <1653336350-1310076375-cardhu_decombobulator_blackberry.rim.net-1450061921-@b1.c27.bise6.blackberry> Hi, I'm trying to use the gpg-preset-passphrase command and it keeps failing. My thought is I'm not getting the keygrip correct. How do I discover the keygrip for a public certificate? From wk at gnupg.org Fri Jul 8 11:47:32 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 08 Jul 2011 11:47:32 +0200 Subject: Keygrip In-Reply-To: <1653336350-1310076375-cardhu_decombobulator_blackberry.rim.net-1450061921-@b1.c27.bise6.blackberry> (Devin Fisher's message of "Thu, 7 Jul 2011 22:06:14 +0000") References: <1653336350-1310076375-cardhu_decombobulator_blackberry.rim.net-1450061921-@b1.c27.bise6.blackberry> Message-ID: <87pqll5cjv.fsf@vigenere.g10code.de> On Fri, 8 Jul 2011 00:06, lists at meumonus.com said: > I'm trying to use the gpg-preset-passphrase command and it keeps > failing. My thought is I'm not getting the keygrip correct. How do I > discover the keygrip for a public certificate? With the stable 2.0 version of GnuPG the keygrip is only used for X.509; thus you may use $ gpgsm --with-keygrip -k foo Which displays the keygrip below the fingerprint line. With GnuPG-2 the keygrip is also used with gpg2; thus $ gpg --with-keygrip -k foo Another way is to somhow figure out the respective file in ~/.gnupg/private-keys-v1.d - the name of the file is the keygrip plus the suffix ".key". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From lists at chrispoole.com Fri Jul 8 16:10:47 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 8 Jul 2011 15:10:47 +0100 Subject: Check that s2k-count has changed Message-ID: When changing my secret key's passphrase, I bumped up the s2k-count to 6553600 (I just added two zeros; I don't notice any slow down when decrypting on a Core2Duo). How can I confirm that this count is being used? I ran gpg --list-packets ~/.gnupg/secring.gpg, which told me a number for "protect count" (in the secret key packet section). Does this map to the number I gave on the command line when changing my passphrase? Thanks Chris Poole From dshaw at jabberwocky.com Fri Jul 8 18:31:10 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 8 Jul 2011 12:31:10 -0400 Subject: Check that s2k-count has changed In-Reply-To: References: Message-ID: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> On Jul 8, 2011, at 10:10 AM, Chris Poole wrote: > When changing my secret key's passphrase, I bumped up the s2k-count to > 6553600 (I just added two zeros; I don't notice any slow down when > decrypting on a Core2Duo). > > How can I confirm that this count is being used? > > I ran gpg --list-packets ~/.gnupg/secring.gpg, which told me a number > for "protect count" (in the secret key packet section). Does this map > to the number I gave on the command line when changing my passphrase? Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. You might file an enhancement bug to print the decoded value in --list-packets. We already print it for symmetric encryption, and it's reasonable to print it for secret keys as well. David From dkg at fifthhorseman.net Fri Jul 8 18:49:44 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 08 Jul 2011 12:49:44 -0400 Subject: Check that s2k-count has changed In-Reply-To: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> Message-ID: <4E173528.8090700@fifthhorseman.net> On 07/08/2011 12:31 PM, David Shaw wrote: > Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. > > You might file an enhancement bug to print the decoded value in --list-packets. We already print it for symmetric encryption, and it's reasonable to print it for secret keys as well. or you can feed the secret key to pgpdump instead of gpg --list-packets; pgpdump provides both values (coded and decoded) in its output. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From lists at chrispoole.com Fri Jul 8 20:35:57 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 8 Jul 2011 19:35:57 +0100 Subject: Check that s2k-count has changed In-Reply-To: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> Message-ID: <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> On 8 Jul 2011, at 17:31, David Shaw wrote: > Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. I do indeed get 201. Out of interest, how is that calculated? I also changed the digest algorithm to SHA512; the iter+salt line shows this, but still mentions SHA1 protection. Am I right in thinking that this means SHA1 is always used as a kind of checksum for the passphrase (only that and a simple checksum being specified by RFC4880), but the passphrase itself is stored as a SHA512 digest after 6553600 iterations of the hash function? Cheers Chris From mailinglisten at hauke-laging.de Fri Jul 8 21:06:24 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 8 Jul 2011 21:06:24 +0200 Subject: Check that s2k-count has changed In-Reply-To: <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> Message-ID: <201107082106.30976.mailinglisten@hauke-laging.de> Am Freitag, 8. Juli 2011, 20:35:57 schrieb Chris Poole: > On 8 Jul 2011, at 17:31, David Shaw wrote: > > Yes. Note that the list-packets output shows the internal packed value: > > 6553600 should come out to 201. The default of 65536 would encode to > > 96. > > I do indeed get 201. Out of interest, how is that calculated? https://tools.ietf.org/html/rfc4880#section-3.7.1.3 The count is coded into a one-octet number using the following formula: #define EXPBIAS 6 count = ((Int32)16 + (c & 15)) << ((c >> 4) + EXPBIAS); The above formula is in C, where "Int32" is a type for a 32-bit integer, and the variable "c" is the coded count, Octet 10. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From dshaw at jabberwocky.com Fri Jul 8 21:08:02 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 8 Jul 2011 15:08:02 -0400 Subject: Check that s2k-count has changed In-Reply-To: <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> Message-ID: On Jul 8, 2011, at 2:35 PM, Chris Poole wrote: > On 8 Jul 2011, at 17:31, David Shaw wrote: >> Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. > > I do indeed get 201. Out of interest, how is that calculated? Brace yourself. This is not pretty: #define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) OpenPGP historically has a bit of a phobia about using two or four bytes when it could be squeezed into one. Or even better, part of one. That's why the range of valid s2k-count values is 1024 through 65011712, but not all values are actually possible. > I also changed the digest algorithm to SHA512; the iter+salt line shows this, but still mentions SHA1 protection. It's using SHA512 for passphrase mangling. The SHA1 protection it is referencing is a checksum on the while secret key packet itself. You can see the details in section 5.5.3 of RFC-4880, but basically it was added in response to the Klima-Rosa attack (which involved modifying the secret key in a way that the simple checksum used previously could not detect). David From lists at chrispoole.com Fri Jul 8 22:43:18 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 8 Jul 2011 21:43:18 +0100 Subject: Check that s2k-count has changed In-Reply-To: <201107082106.30976.mailinglisten@hauke-laging.de> References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> <201107082106.30976.mailinglisten@hauke-laging.de> Message-ID: <01CE3557-920D-4BD1-BA06-492088543F54@chrispoole.com> Thank you. On 8 Jul 2011, at 20:06, Hauke Laging wrote: > Am Freitag, 8. Juli 2011, 20:35:57 schrieb Chris Poole: >> On 8 Jul 2011, at 17:31, David Shaw wrote: >>> Yes. Note that the list-packets output shows the internal packed value: >>> 6553600 should come out to 201. The default of 65536 would encode to >>> 96. >> >> I do indeed get 201. Out of interest, how is that calculated? > > https://tools.ietf.org/html/rfc4880#section-3.7.1.3 > > The count is coded into a one-octet number using the following formula: > > #define EXPBIAS 6 > count = ((Int32)16 + (c & 15)) << ((c >> 4) + EXPBIAS); > > The above formula is in C, where "Int32" is a type for a 32-bit > integer, and the variable "c" is the coded count, Octet 10. > > > Hauke > -- > PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 From lists at chrispoole.com Fri Jul 8 22:54:31 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 8 Jul 2011 21:54:31 +0100 Subject: Check that s2k-count has changed In-Reply-To: References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> Message-ID: <5A1A70C3-6D6B-4F93-88A1-DB4E255405EF@chrispoole.com> Thanks for the detailed response. I've done some C programming so it's not too alien to me. I don't know if this would be of any real use (perhaps just for those that are pretty sure of the slowest machine they'll be decrypting their private key on), but a function to calculate how many rounds it takes to run for x.y seconds would be useful. KeePass, for example, automatically calculates how many rounds can be calculated in 1 second, and will set the count accordingly. On 8 Jul 2011, at 20:08, David Shaw wrote: > On Jul 8, 2011, at 2:35 PM, Chris Poole wrote: > >> On 8 Jul 2011, at 17:31, David Shaw wrote: >>> Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96. >> >> I do indeed get 201. Out of interest, how is that calculated? > > Brace yourself. This is not pretty: > > #define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) > > OpenPGP historically has a bit of a phobia about using two or four bytes when it could be squeezed into one. Or even better, part of one. That's why the range of valid s2k-count values is 1024 through 65011712, but not all values are actually possible. > >> I also changed the digest algorithm to SHA512; the iter+salt line shows this, but still mentions SHA1 protection. > > It's using SHA512 for passphrase mangling. The SHA1 protection it is referencing is a checksum on the while secret key packet itself. You can see the details in section 5.5.3 of RFC-4880, but basically it was added in response to the Klima-Rosa attack (which involved modifying the secret key in a way that the simple checksum used previously could not detect). > > David > From wk at gnupg.org Sat Jul 9 08:34:07 2011 From: wk at gnupg.org (Werner Koch) Date: Sat, 09 Jul 2011 08:34:07 +0200 Subject: Check that s2k-count has changed In-Reply-To: <5A1A70C3-6D6B-4F93-88A1-DB4E255405EF@chrispoole.com> (Chris Poole's message of "Fri, 8 Jul 2011 21:54:31 +0100") References: <9B4C2AD6-8E0F-42E7-92EF-0BD013B1A239@jabberwocky.com> <46BEDB83-4082-4B46-B06D-C8CF5B6E3EF7@chrispoole.com> <5A1A70C3-6D6B-4F93-88A1-DB4E255405EF@chrispoole.com> Message-ID: <87box455eo.fsf@vigenere.g10code.de> On Fri, 8 Jul 2011 22:54, lists at chrispoole.com said: > I don't know if this would be of any real use (perhaps just for those > that are pretty sure of the slowest machine they'll be decrypting > their private key on), but a function to calculate how many rounds it > takes to run for x.y seconds would be useful. KeePass, for example, See gnupg/agent/protect.c:calibrate_s2k_count . Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From sattva at pgpru.com Mon Jul 11 15:36:12 2011 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Mon, 11 Jul 2011 20:36:12 +0700 Subject: timestamp notation @gnupg.org In-Reply-To: References: <20110603193259.4C19B8C069@nym.dizum.nl> <201106161321.14462.mailinglisten@hauke-laging.de> <87fwnaory7.fsf@vigenere.g10code.de> <201106161627.13391.mailinglisten@hauke-laging.de> <87aad3mmr5.fsf@vigenere.g10code.de> Message-ID: <4E1AFC4C.1030300@pgpru.com> Jerome Baum: >> What I miss is a real use case for it. Is there someone implementing a >> general purpose time stamping service? IIRC, there used to be some 10 >> years or more ago. Still any? I don't know. > > There are a lot of general purpose time stamping services, such as > -- though that is the only one I > know of that is OpenPGP-based. 1. http://www.timemarker.org/en/ 2. https://www.metkavremeni.com/index-english.html Full disclosure: i've been involved in designing the first one and developed the second one top to bottom (except for the web UI unfortunately). The notation could have some (close to negligible) use in those cases, however i as well as Werner don't see much practical sense in timestamp-only sig type discussed in another subthread as all timestamping operations are performed with a dedicated key anyway. -- Vlad "SATtva" Miller 3d viz | security & privacy consulting www.vladmiller.info | www.pgpru.com From aaron.toponce at gmail.com Mon Jul 11 21:26:04 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 11 Jul 2011 13:26:04 -0600 Subject: Calculating ciphertext sizes Message-ID: <20110711192604.GF1758@poseidon.cocyt.us> When encrypting a plaintext source, is there a way to predict the size of the ciphertext output? I'm sure this depends on the cipher used, as well if compression or hashing algos are used. Just curious. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Mon Jul 11 22:26:07 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 11 Jul 2011 13:26:07 -0700 Subject: Calculating ciphertext sizes In-Reply-To: <20110711192604.GF1758@poseidon.cocyt.us> References: <20110711192604.GF1758@poseidon.cocyt.us> Message-ID: > When encrypting a plaintext source, is there a way to predict the size of > the ciphertext output? I'm sure this depends on the cipher used, as well if > compression or hashing algos are used. The short answer is "yes," but it's hard to give a more precise answer without knowing a lot of specifics. For instance, assuming you're running AES in ECB mode, your ciphertext will be of size ceil(size/16)*16. Running 3DES in CBC mode, your ciphertext will be of size (ceil(size/8)+1)*8. Etc., etc. For any given encryption algorithm and operation mode the output size is well-defined, but it's hard to give general answers for how it's computed. From dshaw at jabberwocky.com Mon Jul 11 22:59:19 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 11 Jul 2011 16:59:19 -0400 Subject: Calculating ciphertext sizes In-Reply-To: <20110711192604.GF1758@poseidon.cocyt.us> References: <20110711192604.GF1758@poseidon.cocyt.us> Message-ID: <8AC90581-C70C-4F47-A964-18627608C896@jabberwocky.com> On Jul 11, 2011, at 3:26 PM, Aaron Toponce wrote: > When encrypting a plaintext source, is there a way to predict the size of > the ciphertext output? I'm sure this depends on the cipher used, as well if > compression or hashing algos are used. The single largest thing that affects your output is the compression used, and how well your input compresses. For example, if you are encrypting straight text, you will get much better compression than if you are encrypting a movie file (which is generally already compressed, so can't be compressed much more, if at all). On top of that there is a bunch of general OpenPGP overhead (encrypted session key, etc). The cipher does make a difference here, but it's small and dwarfed by other factors. David From dkg at fifthhorseman.net Mon Jul 11 23:08:35 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 11 Jul 2011 17:08:35 -0400 Subject: Calculating ciphertext sizes In-Reply-To: <8AC90581-C70C-4F47-A964-18627608C896@jabberwocky.com> References: <20110711192604.GF1758@poseidon.cocyt.us> <8AC90581-C70C-4F47-A964-18627608C896@jabberwocky.com> Message-ID: <4E1B6653.8060407@fifthhorseman.net> On 07/11/2011 04:59 PM, David Shaw wrote: > On Jul 11, 2011, at 3:26 PM, Aaron Toponce wrote: > >> When encrypting a plaintext source, is there a way to predict the size of >> the ciphertext output? I'm sure this depends on the cipher used, as well if >> compression or hashing algos are used. > > The single largest thing that affects your output is the compression used, and how well your input compresses. For example, if you are encrypting straight text, you will get much better compression than if you are encrypting a movie file (which is generally already compressed, so can't be compressed much more, if at all). On top of that there is a bunch of general OpenPGP overhead (encrypted session key, etc). > > The cipher does make a difference here, but it's small and dwarfed by other factors. Note also that for material encrypted to public key(s), you'll need to factor in an extra chunk of data for each targetted key (the public-key encrypted session-key packet [0]); you can expect the size of this to vary with the algorithm of each targetted key. This isn't technically part of the "ciphertext", but it is part of the encrypted, OpenPGP-formatted message. Without it, those recipients won't be able to decrypt the message. For very short messages, the encrypted session key packets can actually dominate the contents of the resulting message. Regards, --dkg [0] https://tools.ietf.org/html/rfc4880#section-5.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Mon Jul 11 22:31:34 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 11 Jul 2011 14:31:34 -0600 Subject: Calculating ciphertext sizes In-Reply-To: References: <20110711192604.GF1758@poseidon.cocyt.us> Message-ID: <20110711203134.GG1758@poseidon.cocyt.us> On Mon, Jul 11, 2011 at 01:26:07PM -0700, Robert J. Hansen wrote: > The short answer is "yes," but it's hard to give a more precise answer > without knowing a lot of specifics. For instance, assuming you're running > AES in ECB mode, your ciphertext will be of size ceil(size/16)*16. Running > 3DES in CBC mode, your ciphertext will be of size (ceil(size/8)+1)*8. > Etc., etc. How can I get a breakdown of this with the various ciphers? Is it listed somewhere, or just read the source code? > For any given encryption algorithm and operation mode the output size is > well-defined, but it's hard to give general answers for how it's computed. Of course. I was looking more for a resource that might be able to explain it to me better. The reason for asking (which actually isn't realted to GnuPG) was I wanted to know the amount of data transferred over the wire with SCP. Knowing that SCP and GPG use similar algs, I thought I would ask here (there are other applications where GnuPG fits). From my limited testing, trying each of the various ciphers, I found that at most, 1.2x the amount of data was transferred, which surprised me, really. So, I figured this might get a good discussion going, and I can certainly learn more about encryption in the meantime. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Tue Jul 12 00:29:42 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 11 Jul 2011 18:29:42 -0400 Subject: Calculating ciphertext sizes In-Reply-To: <20110711203134.GG1758@poseidon.cocyt.us> References: <20110711192604.GF1758@poseidon.cocyt.us> <20110711203134.GG1758@poseidon.cocyt.us> Message-ID: > The reason for asking (which actually isn't realted to GnuPG) was I wanted > to know the amount of data transferred over the wire with SCP. Then this isn't a question related to encipherment: this is a protocol question. Once you start looking at the protocol layer, other things have enormously more impact than just encryption operations. For instance, if your wire protocol requires data be 7-bit clean binary data will expand out significantly. If your wire protocol supports compression, the transmitted data might substantially decrease. In the case of SCP, the OpenSSH geeks do their best to obfuscate the size of the transmitted data. They do this in order to make traffic analysis more difficult, but also makes predicting the amount of data sent more difficult. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 227 bytes Desc: This is a digitally signed message part URL: From aaron.toponce at gmail.com Tue Jul 12 00:52:31 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 11 Jul 2011 16:52:31 -0600 Subject: Calculating ciphertext sizes In-Reply-To: References: <20110711192604.GF1758@poseidon.cocyt.us> <20110711203134.GG1758@poseidon.cocyt.us> Message-ID: <20110711225231.GJ1758@poseidon.cocyt.us> On Mon, Jul 11, 2011 at 06:29:42PM -0400, Robert J. Hansen wrote: > > The reason for asking (which actually isn't realted to GnuPG) was I wanted > > to know the amount of data transferred over the wire with SCP. > > Then this isn't a question related to encipherment: this is a protocol question. Once you start looking at the protocol layer, other things have enormously more impact than just encryption operations. For instance, if your wire protocol requires data be 7-bit clean binary data will expand out significantly. If your wire protocol supports compression, the transmitted data might substantially decrease. > > In the case of SCP, the OpenSSH geeks do their best to obfuscate the size of the transmitted data. They do this in order to make traffic analysis more difficult, but also makes predicting the amount of data sent more difficult. Understood, however I disabled compression on the wire. I wanted raw data with raw packets, and because the encryption algorithm is the primary data manipulator, and I can only measure the data segment of the packets, ignoring headers, I would think this works fairly well, unless I'm missing something. At any rate, the mathematics table of predicting the output of each input, without compression or signing, would be very handy. Curious how you got the numbers from before. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Tue Jul 12 01:06:10 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 11 Jul 2011 19:06:10 -0400 Subject: Calculating ciphertext sizes In-Reply-To: <20110711225231.GJ1758@poseidon.cocyt.us> References: <20110711192604.GF1758@poseidon.cocyt.us> <20110711203134.GG1758@poseidon.cocyt.us> <20110711225231.GJ1758@poseidon.cocyt.us> Message-ID: > At any rate, the mathematics table of predicting the output of each input, > without compression or signing, would be very handy. Curious how you got > the numbers from before. AES is a 128-bit block cipher: it is incapable of producing outputs except in multiples of 128 bits (16 bytes). ECB mode is the simplest of all cipher operation modes: you read a block of plaintext (in this case, 16 bytes), if you read less than a block you null-pad it out to a block, you encrypt it, you move to the next block of plaintext. Hence, for a given size of plaintext, the AES-ECB output will be 16*ceil(size/16). 3DES is a 64-bit block cipher: ditto, except now it's 8 bytes. If you're running it in CBC mode then your first block of output is actually the initialization vector you're using for the output stream. So this will be 8*ceil(size/8) + 8, which I algebraically reduced to 8*(ceil(size/8) + 1). A good crypto reference book (I'd recommend _The Handbook of Applied Cryptography_: it's old, but it's aged well) will describe the various operation modes. Once you understand how the modes work and what the block size is of your cipher, you can start crunching the numbers. The algebra is pretty simple, but understanding the modes and what kinds of output they create can sometimes be a pain in the posterior. Some modes are very straightforward (ECB, CBC, etc.), and others are fairly complex. I'll pay $5 to anyone who can recreate Sophie Germain Counter Mode [1] from memory. ;) [1] http://eprint.iacr.org/2011/326.pdf From mhaber at vp44.com Tue Jul 12 16:48:08 2011 From: mhaber at vp44.com (Marc Haber) Date: Tue, 12 Jul 2011 16:48:08 +0200 Subject: Invoking gpg2.exe from C# script Message-ID: <41404f2241973603a45217158e0ff03a.squirrel@webmail.vp44.net> Hi guys. I'm currently working on a small C# utility that, among other things, has to decrypt files using GnuPG. I would like the user to avoid typing the password each time, but I'm not sure of how to call gpg2.exe while providing the passphrase on the command line. I tested this but it doesn't seem to work: string sCommandLine = "echo \"" + passphrase + "\" | gpg2.exe --passphrase-fd 0 -o \"" + outputFileNameFullPath + "\" --decrypt \"" + inputFileNameFullPath + "\""; Any tips? MH From rjh at sixdemonbag.org Tue Jul 12 19:31:25 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 12 Jul 2011 13:31:25 -0400 Subject: Invoking gpg2.exe from C# script In-Reply-To: <41404f2241973603a45217158e0ff03a.squirrel@webmail.vp44.net> References: <41404f2241973603a45217158e0ff03a.squirrel@webmail.vp44.net> Message-ID: <4E1C84ED.5010405@sixdemonbag.org> On 7/12/11 10:48 AM, Marc Haber wrote: > I would like the user to avoid typing the password each time, but I'm > not sure of how to call gpg2.exe while providing the passphrase on > the command line. I'd suggest using P/Invoke on GPGME. Doing this from within managed code is going to bring you nothing but tears. From dougb at dougbarton.us Tue Jul 12 21:09:12 2011 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 12 Jul 2011 12:09:12 -0700 Subject: Assertion failure from gnupg with enigmail 1.2 In-Reply-To: <4E1B9DA0.2090602@dougbarton.us> References: <4E1B9DA0.2090602@dougbarton.us> Message-ID: <4E1C9BD8.1070404@dougbarton.us> I sent the following message to the enigmail list but they punted me to you. :) To clarify, I can take the same command line and run it in a terminal against a text file just fine. If you lot can tell me what the failed assertion means, I can go back to the enigmail folks with more data. Thanks, Doug Howdy, I'm getting some odd errors with enigmail 1.2 and tb5 on FreeBSD. I just sent a message to a mailing list and the "sign replies to signed mail" auto-option kicked in, which is great. :) The problem is, the signature on my message fails to validate, which has never happened to me before. So then I tried sending myself a simple message and I get this: enigmail> /usr/local/bin/gpg2 --charset utf8 --batch --no-tty --status-fd 2 -t --clearsign -u 0x1A1ABC84 --use-agent Assertion failed: (data), function mpi_from_sexp, file pkglue.c, line 41. That line from pkglue.c: static gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item) { gcry_sexp_t list; gcry_mpi_t data; list = gcry_sexp_find_token (sexp, item, 0); assert (list); data = gcry_sexp_nth_mpi (list, 1, 0); assert (data); <<<<<<<<< line 41 gcry_sexp_release (list); return data; } Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dougb at dougbarton.us Tue Jul 12 23:59:39 2011 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 12 Jul 2011 14:59:39 -0700 Subject: Assertion failure from gnupg with enigmail 1.2 In-Reply-To: <4E1C9BD8.1070404@dougbarton.us> References: <4E1B9DA0.2090602@dougbarton.us> <4E1C9BD8.1070404@dougbarton.us> Message-ID: <4E1CC3CB.4040504@dougbarton.us> Ok, this patch was sent to me by someone who chose to reply privately. It works, does it seem like the right thing to do? http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2011-July/214517.html Thanks, Doug On 07/12/2011 12:09, Doug Barton wrote: > I sent the following message to the enigmail list but they punted me to > you. :) To clarify, I can take the same command line and run it in a > terminal against a text file just fine. If you lot can tell me what the > failed assertion means, I can go back to the enigmail folks with more data. > > > Thanks, > > Doug > > > > Howdy, > > I'm getting some odd errors with enigmail 1.2 and tb5 on FreeBSD. I just > sent a message to a mailing list and the "sign replies to signed mail" > auto-option kicked in, which is great. :) The problem is, the signature > on my message fails to validate, which has never happened to me before. > > So then I tried sending myself a simple message and I get this: > > enigmail> /usr/local/bin/gpg2 --charset utf8 --batch --no-tty > --status-fd 2 -t --clearsign -u 0x1A1ABC84 --use-agent > Assertion failed: (data), function mpi_from_sexp, file pkglue.c, line 41. > > That line from pkglue.c: > > static gcry_mpi_t > mpi_from_sexp (gcry_sexp_t sexp, const char * item) > { > gcry_sexp_t list; > gcry_mpi_t data; > > list = gcry_sexp_find_token (sexp, item, 0); > assert (list); > data = gcry_sexp_nth_mpi (list, 1, 0); > assert (data); <<<<<<<<< line 41 > gcry_sexp_release (list); > return data; > } > > > Doug > -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From david at systemoverlord.com Wed Jul 13 00:17:26 2011 From: david at systemoverlord.com (David Tomaschik) Date: Tue, 12 Jul 2011 18:17:26 -0400 Subject: Assertion failure from gnupg with enigmail 1.2 In-Reply-To: References: <4E1B9DA0.2090602@dougbarton.us> <4E1C9BD8.1070404@dougbarton.us> Message-ID: Sorry, this was intended to be sent to the entire list, but I composed it in a hurry.... my apologies. On Tue, Jul 12, 2011 at 4:24 PM, David Tomaschik wrote: > assert() kills the program if the value in the parentheses evaluates > to FALSE. ?In this case, that means that "data" evaluates to FALSE, > which is most likely NULL. > > In this particular case, I recommend looking at > http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2011-July/214517.html > > David > > > On Tue, Jul 12, 2011 at 3:09 PM, Doug Barton wrote: >> I sent the following message to the enigmail list but they punted me to >> you. :) To clarify, I can take the same command line and run it in a >> terminal against a text file just fine. If you lot can tell me what the >> failed assertion means, I can go back to the enigmail folks with more data. >> >> >> Thanks, >> >> Doug >> >> >> >> Howdy, >> >> I'm getting some odd errors with enigmail 1.2 and tb5 on FreeBSD. I just >> sent a message to a mailing list and the "sign replies to signed mail" >> auto-option kicked in, which is great. :) ?The problem is, the signature >> on my message fails to validate, which has never happened to me before. >> >> So then I tried sending myself a simple message and I get this: >> >> enigmail> /usr/local/bin/gpg2 --charset utf8 --batch --no-tty >> --status-fd 2 -t --clearsign -u 0x1A1ABC84 --use-agent >> Assertion failed: (data), function mpi_from_sexp, file pkglue.c, line 41. >> >> That line from pkglue.c: >> >> static gcry_mpi_t >> mpi_from_sexp (gcry_sexp_t sexp, const char * item) >> { >> ?gcry_sexp_t list; >> ?gcry_mpi_t data; >> >> ?list = gcry_sexp_find_token (sexp, item, 0); >> ?assert (list); >> ?data = gcry_sexp_nth_mpi (list, 1, 0); >> ?assert (data); ? ? ? ?<<<<<<<<< line 41 >> ?gcry_sexp_release (list); >> ?return data; >> } >> >> >> Doug >> >> -- >> >> ? ? ? ?Nothin' ever doesn't change, but nothin' changes much. >> ? ? ? ? ? ? ? ? ? ? ? ?-- OK Go >> >> ? ? ? ?Breadth of IT experience, and depth of knowledge in the DNS. >> ? ? ? ?Yours for the right price. ?:) ?http://SupersetSolutions.com/ >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > > > > -- > David Tomaschik, RHCE, LPIC-1 > System Administrator/Open Source Advocate > OpenPGP: 0x5DEA789B > http://systemoverlord.com > david at systemoverlord.com > -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From wk at gnupg.org Wed Jul 13 05:45:06 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 13 Jul 2011 05:45:06 +0200 Subject: Assertion failure from gnupg with enigmail 1.2 In-Reply-To: <4E1CC3CB.4040504@dougbarton.us> (Doug Barton's message of "Tue, 12 Jul 2011 14:59:39 -0700") References: <4E1B9DA0.2090602@dougbarton.us> <4E1C9BD8.1070404@dougbarton.us> <4E1CC3CB.4040504@dougbarton.us> Message-ID: <87hb6q269p.fsf@vigenere.g10code.de> On Tue, 12 Jul 2011 23:59, dougb at dougbarton.us said: > It works, does it seem like the right thing to do? Yes, this patch is correct. I was not aware that FreeBSD jumped to Libgcrypt 1.5.0 so fast ;-). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Wed Jul 13 05:59:41 2011 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 12 Jul 2011 20:59:41 -0700 Subject: Assertion failure from gnupg with enigmail 1.2 In-Reply-To: <87hb6q269p.fsf@vigenere.g10code.de> References: <4E1B9DA0.2090602@dougbarton.us> <4E1C9BD8.1070404@dougbarton.us> <4E1CC3CB.4040504@dougbarton.us> <87hb6q269p.fsf@vigenere.g10code.de> Message-ID: <4E1D182D.9010309@dougbarton.us> On 07/12/2011 20:45, Werner Koch wrote: > On Tue, 12 Jul 2011 23:59, dougb at dougbarton.us said: > >> It works, does it seem like the right thing to do? > > Yes, this patch is correct. I was not aware that FreeBSD jumped to > Libgcrypt 1.5.0 so fast ;-). We rock. :) -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From mhaber at vp44.com Wed Jul 13 10:02:11 2011 From: mhaber at vp44.com (Marc Haber) Date: Wed, 13 Jul 2011 10:02:11 +0200 Subject: Invoking gpg2.exe from C# script In-Reply-To: <4E1C84ED.5010405@sixdemonbag.org> References: <41404f2241973603a45217158e0ff03a.squirrel@webmail.vp44.net> <4E1C84ED.5010405@sixdemonbag.org> Message-ID: On Tue, July 12, 2011 7:31 pm, Robert J. Hansen wrote: > On 7/12/11 10:48 AM, Marc Haber wrote: >> I would like the user to avoid typing the password each time, but I'm >> not sure of how to call gpg2.exe while providing the passphrase on >> the command line. > > I'd suggest using P/Invoke on GPGME. Doing this from within managed > code is going to bring you nothing but tears. > > Thanks. That's exactly what I was looking for. Any good examples you can point me to? MH From rjh at sixdemonbag.org Wed Jul 13 13:52:32 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 13 Jul 2011 07:52:32 -0400 Subject: Invoking gpg2.exe from C# script In-Reply-To: References: <41404f2241973603a45217158e0ff03a.squirrel@webmail.vp44.net> <4E1C84ED.5010405@sixdemonbag.org> Message-ID: > Any good examples you can point me to? Examples of what? P/Invoke? For that, check MSDN. (If you Google "p/invoke," it's the third or fourth link.) Of GPGME? Check the documentation. Of using P/Invoke with GPGME? Not aware of any: the technique is sufficiently straightforward, once you understand P/Invoke and GPGME, that it doesn't need much documentation. From lists at chrispoole.com Wed Jul 13 13:28:50 2011 From: lists at chrispoole.com (Chris Poole) Date: Wed, 13 Jul 2011 12:28:50 +0100 Subject: Why sign as well as encrypt files stored on untrusted drives? Message-ID: Hi Say I encrypt a file to myself using my public key, and only I will ever need or want to access the plaintext. The file will be stored on an untrusted drive somewhere. I don't care about authenticity, in the sense that I'll never need to prove to someone else that it was actually I that sent that file. All I care is that I can get the plaintext, and no-one else can. I've read that it's a good idea to sign this file too, but I'm not sure why. Surely if the file is changed then I've lost that data anyway, and the file will fail to decrypt. Is there some feasible attack that could change the encrypted data in such a way that I won't notice it when I decrypt the file, but somehow the file will still decrypt? Thanks Chris Poole PGP key: BAD246F9 From rjh at sixdemonbag.org Wed Jul 13 14:45:49 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 13 Jul 2011 08:45:49 -0400 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: Message-ID: <695E31C0-93B4-43DD-9296-5931C45FC962@sixdemonbag.org> > I've read that it's a good idea to sign this file too, but I'm not sure why. In case your needs change in the future. That's really all there is to it. (Also, where did you read this?) From lists at chrispoole.com Wed Jul 13 15:04:00 2011 From: lists at chrispoole.com (Chris Poole) Date: Wed, 13 Jul 2011 14:04:00 +0100 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: <695E31C0-93B4-43DD-9296-5931C45FC962@sixdemonbag.org> References: <695E31C0-93B4-43DD-9296-5931C45FC962@sixdemonbag.org> Message-ID: On Wed, Jul 13, 2011 at 1:45 PM, Robert J. Hansen wrote: > In case your needs change in the future. ?That's really all there is to it. OK thanks. I won't bother then, as it's more hassle to have to type my passphrase each time (I don't want to keep it on the agent). > (Also, where did you read this?) I can't remember, but possibly some Duplicity documentation. It's a backup program that uses gpg for encryption, and allows for both encryption and signing. Cheers Chris Poole [PGP BAD246F9] From jerome at jeromebaum.com Wed Jul 13 15:04:37 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 13 Jul 2011 15:04:37 +0200 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: Message-ID: > Say I encrypt a file to myself using my public key, > Is there some feasible attack that could change the encrypted data in > such a way that I won't notice it when I decrypt the file, but somehow > the file will still decrypt? You've said it yourself. The attack is to encrypt something else to your public key. -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From jerome at jeromebaum.com Wed Jul 13 15:10:34 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 13 Jul 2011 15:10:34 +0200 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: <695E31C0-93B4-43DD-9296-5931C45FC962@sixdemonbag.org> Message-ID: > OK thanks. I won't bother then, as it's more hassle to have to type my > passphrase each time (I don't want to keep it on the agent). Have you considered a separate key for the signature? -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From dshaw at jabberwocky.com Wed Jul 13 15:48:50 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 13 Jul 2011 09:48:50 -0400 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: Message-ID: On Jul 13, 2011, at 7:28 AM, Chris Poole wrote: > Hi > > Say I encrypt a file to myself using my public key, and only I will > ever need or want to access the plaintext. The file will be stored on > an untrusted drive somewhere. I don't care about authenticity, in the > sense that I'll never need to prove to someone else that it was > actually I that sent that file. All I care is that I can get the > plaintext, and no-one else can. > > I've read that it's a good idea to sign this file too, but I'm not sure why. > > Surely if the file is changed then I've lost that data anyway, and the > file will fail to decrypt. > > > Is there some feasible attack that could change the encrypted data in > such a way that I won't notice it when I decrypt the file, but somehow > the file will still decrypt? Yes. This was an concern in early PGP that was addressed in OpenPGP. Given the sort of encryption used (CFB), it was possible to chop/mangle the end of an encrypted blob and still have it decrypt properly. A contrived example would be "Hey, give $1,000,000 to Fred. Just kidding!". Fred could then arrange to mangle the end. (It's not that simple, as there are other issues involved, and Fred has to get access to the file anyway, etc, etc, but you get the idea). Signing does eliminate this possible problem, yes, which is possibly why you saw that advice out there (though you have to remember to check the signature). However, OpenPGP has a built-in protection for this sort of thing: the MDC. This is a hash of the message contents, included in the encrypted message, that protects against message tampering like this. When decrypting, you would see something like "WARNING: encrypted message has been manipulated!" if the MDC turned out bad. The MDC has been on by default for many years now, so it is likely you have it enabled for your key, unless it is very old. To check, run: gpg --edit-key (yourkey) showpref Look in the "Features" line for "MDC". So short answer is that you most likely don't need to sign your files just to avoid tampering - there was a reason for signing at one point, but it's no longer there. Back to your original issue though, note that if Fred can get access to your (untrusted) drive, he can just replace the whole file with whatever he likes (since he just needs your public key to encrypt a new file), with no fussy message tampering needed. That may or may not be an issue in your situation. Signing does help there since Fred presumably doesn't have access to your secret key. David From aaron.toponce at gmail.com Wed Jul 13 16:09:55 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 13 Jul 2011 08:09:55 -0600 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: Message-ID: <20110713140955.GP1758@poseidon.cocyt.us> On Wed, Jul 13, 2011 at 12:28:50PM +0100, Chris Poole wrote: > Surely if the file is changed then I've lost that data anyway, and the > file will fail to decrypt. Not true. If the drive is an untrusted drive, then you must assume others have access to the data. Because all that is needed is your public key to encrypt data to you, the encrypted file could be replaced by another encrypted file, and you would be none the wiser until you decrypted it. Signing the file requires access to your private key, something you should only have access to. However, even if the file is signed, that still doesn't prevent someone from replacing the file. After all, it is an untrusted drive. But, at least the signature could be a preventative measure you could take before decryption, to ensure that the file is indeed the one you encrypted yourself. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From lists at chrispoole.com Wed Jul 13 17:27:29 2011 From: lists at chrispoole.com (Chris Poole) Date: Wed, 13 Jul 2011 16:27:29 +0100 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References:

Message-ID: On Wed, Jul 13, 2011 at 2:04 PM, Jerome Baum wrote: > You've said it yourself. The attack is to encrypt something else to your > public key. You're right. Somehow I hadn't thought about someone being able to simply encrypt a file with the same filename as an existing file to me, with some nefarious content. A separate encrypted file is kept, storing a manifest of the backed up files (i.e., which file is in which encrypted container), so I think it'd be more along the lines of getting lucky, since the program (Duplicity) would realise that a file that should be in a certain container isn't, or something extra is there in its place. > Have you considered a separate key for the signature? I use a separate signing key anyway, for all my signatures. How would using a separate key help here?... I'd still need to give my passphrase somehow. Cheers Chris Poole [PGP BAD246F9] From lists at chrispoole.com Wed Jul 13 17:34:55 2011 From: lists at chrispoole.com (Chris Poole) Date: Wed, 13 Jul 2011 16:34:55 +0100 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References:

Message-ID: On Wed, Jul 13, 2011 at 2:48 PM, David Shaw wrote: > Look in the "Features" line for "MDC". My key does indeed have this feature; thanks for the informative reply. > Back to your original issue though, note that if Fred can get access to your > (untrusted) drive, he can just replace the whole file with whatever he likes > (since he just needs your public key to encrypt a new file), with no fussy > message tampering needed. ?That may or may not be an issue in your > situation. ?Signing does help there since Fred presumably doesn't have access > to your secret key. I had failed to realise this, somehow. A separate manifest file (also encrypted) keeps track of which encrypted containers hold which files, so the attack is definitely harder (or at least more noticeable). I think it's still best to sign though, just to remove more possible attack vectors. Cheers Chris Poole [PGP BAD246F9] From Roland.Lorenz at commerzbank.com Wed Jul 13 14:49:26 2011 From: Roland.Lorenz at commerzbank.com (Lorenz, Roland) Date: Wed, 13 Jul 2011 14:49:26 +0200 Subject: BUG 1253 hace 8 horas *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop chatting diegoas Message-ID: <333F42CEF4600645A5546B1DA78297900B03A221@SE002593.cs.commerzbank.com> Hi, I tried to build gnupg-1.4.11 on a local Solaris 10 zone and got the same error as described in bug 1253: make[1]: *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop. I could not resolve the problem by using a current gnu make instead of the Solaris make. The problem is stated as "solved" in your tasklist, but unfortunately I cannot look into the solution. Please assist. Mit freundlichen Gr??en Roland Lorenz Commerzbank AG Group Information Technology GS-ITR 3.2.1 - SAP Technical Services Postanschrift: 60261 Frankfurt am Main Gesch?ftsr?ume: Mainzer Landstr. 155, 60327 Frankfurt am Main DLZ4 05.66.228 Tel.: +49 69 136 - 459 23 roland.lorenz at commerzbank.com http://www.commerzbank.de Commerzbank Aktiengesellschaft, Frankfurt am Main Handelsregister/Commercial Register: Amtsgericht Frankfurt am Main, HRB 32000 Vorsitzender des Aufsichtsrates/Chairman of the Supervisory Board: Klaus-Peter M?ller Vorstand/Board of Managing Directors: Martin Blessing (Vorsitzender/Chairman), Frank Annuscheit, Markus Beumer, Achim Kassow, Jochen Kl?sges, Michael Reuther, Stefan Schmittmann, Ulrich Sieber, Eric Strutz, Martin Zielke -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron at aaronkaufman.com Thu Jul 14 04:07:43 2011 From: aaron at aaronkaufman.com (Aaron Kaufman) Date: Wed, 13 Jul 2011 19:07:43 -0700 Subject: keysigning parties Message-ID: <20110714020743.GB86502@epic.fisix.net> Hello, This is my first post to this list so please excuse me if i violate any etiquette. I am having a really hard time finding any *current* info on key signing parties. I was wondering if someone could point me in the right direction. Thanks, -- Aaron From jerome at jeromebaum.com Thu Jul 14 05:58:50 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Thu, 14 Jul 2011 05:58:50 +0200 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References:

Message-ID: >> Have you considered a separate key for the signature? > > I use a separate signing key anyway, for all my signatures. How would using a > separate key help here?... I'd still need to give my passphrase somehow. You mentioned not wanting to keep the passphrase in gpg-agent. That problem might disappear with a separate key. On the manifest file, if you're hashing the encrypted files then it's really useless (the attacker can just re-hash and re-encrypt for the manifest file). However, it can still be useful -- if you sign only the manifest file, you only have to enter your passphrase once, and you can still verify a given file. (Watch out though: You have to make sure all the files are authentic before you hash them -- e.g. by checking the old hashes -- but what happens if I replace a file just after you've verified it but before you're about to re-hash it? Kind of like a bait-and-switch.) -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From dshaw at jabberwocky.com Thu Jul 14 06:14:12 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 14 Jul 2011 00:14:12 -0400 Subject: keysigning parties In-Reply-To: <20110714020743.GB86502@epic.fisix.net> References: <20110714020743.GB86502@epic.fisix.net> Message-ID: <8FA3936F-45CB-4EDC-B7FF-5CFB4562A6E3@jabberwocky.com> On Jul 13, 2011, at 10:07 PM, Aaron Kaufman wrote: > Hello, > > This is my first post to this list so please excuse me if i violate any > etiquette. I am having a really hard time finding any *current* info on > key signing parties. I was wondering if someone could point me in the > right direction. Are you looking to find a party to get your key signed? If so, check out www.biglumber.com. That has both individual people as well as events (parties). Are you looking for information about what happens at the parties (i.e. the keysigning protocols)? If so, check out the "methods" links under www.keysigning.org. That site has some event info as well. There are other sites, but those are good starting points. David From rjh at sixdemonbag.org Thu Jul 14 06:15:47 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 14 Jul 2011 00:15:47 -0400 Subject: keysigning parties In-Reply-To: <20110714020743.GB86502@epic.fisix.net> References: <20110714020743.GB86502@epic.fisix.net> Message-ID: <65D194CC-C6E1-489B-955D-D592AEEBB9FE@sixdemonbag.org> > I am having a really hard time finding any *current* info on > key signing parties. I was wondering if someone could point me in the > right direction. What sort of information do you need? If it's, "how do I find one?", the best answer is, "throw one!" Turn it into a social event: do something like host a doubleheader of _Sneakers_ and _The Conversation_, tell people to BYOB and bring printed slips with their certificate fingerprints. If it's, "how do we share certificate fingerprints quickly?", the general protocol is this. Before the party, everyone gets told a headcount for attendees. Each participant is required to bring a number of printed copies of their fingerprint. Each copy has the person's name, the identity documents they'll be presenting, and their preferred email address. (I have my email address and fingerprint on my business cards: for me, I just write down "passport + DL" on the back and I'm done.) At the party, divide the attendees into two equal groups. Assemble them into two lines facing each other. Each pair of people verify each other's identity documents and pockets the other person's fingerprint slip. If for whatever reason you want to reject an identity document, you put a strikethrough on that part of the slip. After a couple of minutes, each pair of people will be finished. The line moves down one, and the person who just 'fell off the end' cycles back to the first position. Repeat this until the entire line has been completed. * Why paper slips? -- because the fingerprint is really all you need to circulate: with the fingerprint the recipient can find it on the keyservers. Also, if you share media you open the door for propagating malware, and that's a Bad Thing. * Why put the documents you're presenting on each slip? -- because if you're collecting papers and fingerprints from 25 other people, it's handy to have a way to remember, "ah, right, key 0xD6B98E10 -- I saw Rob's passport and his driver's license." This sort of information is useful: it may enter into some people's security models. * Why reject documents? -- because people are allowed to have their own security policies, and some people may say, "I don't know what a valid Connecticut driver's license looks like, so I'm going to reject this DL because I have no way of telling if it's real." From dkg at fifthhorseman.net Thu Jul 14 06:28:24 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 14 Jul 2011 00:28:24 -0400 Subject: keysigning parties In-Reply-To: <8FA3936F-45CB-4EDC-B7FF-5CFB4562A6E3@jabberwocky.com> References: <20110714020743.GB86502@epic.fisix.net> <8FA3936F-45CB-4EDC-B7FF-5CFB4562A6E3@jabberwocky.com> Message-ID: <4E1E7068.60109@fifthhorseman.net> On 07/14/2011 12:14 AM, David Shaw wrote: > On Jul 13, 2011, at 10:07 PM, Aaron Kaufman wrote: > >> This is my first post to this list so please excuse me if i violate any >> etiquette. I am having a really hard time finding any *current* info on >> key signing parties. I was wondering if someone could point me in the >> right direction. > > Are you looking to find a party to get your key signed? [...] > Are you looking for information about what happens at the parties[...] Are you looking for information about how a keysigning party is run today? DebConf11 (starting in a little more than a week from today in Bosnia) will have a KSP. Info on how it is being organized is here: http://people.debian.org/~anibal/ksp-dc11/ksp-dc11.html Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Jul 14 06:43:50 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 14 Jul 2011 00:43:50 -0400 Subject: keysigning parties In-Reply-To: <4E1E7068.60109@fifthhorseman.net> References: <20110714020743.GB86502@epic.fisix.net> <8FA3936F-45CB-4EDC-B7FF-5CFB4562A6E3@jabberwocky.com> <4E1E7068.60109@fifthhorseman.net> Message-ID: <6490D5AF-6EA0-4919-89AE-B9162B5FFE8B@sixdemonbag.org> > Are you looking for information about how a keysigning party is run > today? If by "a" you mean "one particular," I have no objection: if by "a" you mean "in general," I object. :) There are techniques that focus on "let's get this over with as soon as possible, even if it requires copious prep ahead-of-time and special equipment like projectors," and techniques that focus on "well, this is largely an ad-hoc thing, so let's depend on as little special equipment as possible, and a simple system that everyone understands." I think it's best to choose a method that fits your particular needs, and to err on the side of simplicity. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 227 bytes Desc: This is a digitally signed message part URL: From wk at gnupg.org Thu Jul 14 09:51:59 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 14 Jul 2011 09:51:59 +0200 Subject: BUG 1253 hace 8 horas *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop chatting diegoas In-Reply-To: <333F42CEF4600645A5546B1DA78297900B03A221@SE002593.cs.commerzbank.com> (Roland Lorenz's message of "Wed, 13 Jul 2011 14:49:26 +0200") References: <333F42CEF4600645A5546B1DA78297900B03A221@SE002593.cs.commerzbank.com> Message-ID: <8739i91eqo.fsf@vigenere.g10code.de> On Wed, 13 Jul 2011 14:49, Roland.Lorenz at commerzbank.com said: > make[1]: *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop. > > I could not resolve the problem by using a current gnu make instead of the Solaris make. > The problem is stated as "solved" in your tasklist, but unfortunately I cannot look into the solution. Right, there is a request on the mailing list but no follow-up. This is usually a dependency problem; to work around it you may try cd cipher make cd ../tools make cd .. (Please see also http://gnupg.org/service.html). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From lists at chrispoole.com Thu Jul 14 11:48:10 2011 From: lists at chrispoole.com (Chris Poole) Date: Thu, 14 Jul 2011 10:48:10 +0100 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References:

Message-ID: On Thu, Jul 14, 2011 at 4:58 AM, Jerome Baum wrote: > On the manifest file, if you're hashing the encrypted files then it's > really useless (the attacker can just re-hash and re-encrypt for the > manifest file). Yes, Duplicity uses these message digests only as a checksum, to make sure corruption didn't occur during network transfer (i.e., nothing cryptographic). Thanks for the help. I'm just going to get used to entering my passphrase a little more! Cheers Chris Poole [PGP BAD246F9] From faramir.cl at gmail.com Sat Jul 16 03:01:48 2011 From: faramir.cl at gmail.com (Faramir) Date: Fri, 15 Jul 2011 21:01:48 -0400 Subject: Why sign as well as encrypt files stored on untrusted drives? In-Reply-To: References: Message-ID: <4E20E2FC.80709@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 13-07-2011 7:28, Chris Poole escribi?: ... > Is there some feasible attack that could change the encrypted data > in such a way that I won't notice it when I decrypt the file, but > somehow the file will still decrypt? Anyone that has a copy of your public key -and by definition, it is public, and you included the KeyID on your message- can encrypt a file to you. So, somebody could encrypt a different file to your public key, and replace the encrypted file in the untrusted drive. You would be able to decrypt it, and depending on the content of the file, maybe you would not notice it is not the original file (imagine it is a list of email addresses, with dozens of addresses, you would not notice if one is missing, or if there is one extra address). A signature would let you know easily if the file has changed. But I'm not saying you should sign it, it is up to you. Princess Leia would sign the message she loaded into R2D2, to prevent things like "This is Red 5, I'm ready to fire my torpedoes, but... I don't see the target, are you sure you have the right blueprints of Death Star?". Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOIOL8AAoJEMV4f6PvczxAKZwH/jXUIZ/R9ul8g1jtmvplsCcu sn4yTMbL0tLS7ubrlrd8IifjzLS193ryVB7fJcKZtZDEIt5MxeoRDXvWxpS3kMbn i+ZLxR7rfb67yK+jMpSAGHORbPCOBY++ZlaYjJSw0gkP2IrStSvhbJphTOIfz9IN LHi9nZkXMGcV2Ub1q3QI3UiIe+IEJD9qg0jJ0aL17DyZDtA1ZSeZO/hgq/2lApuW 12nDfXQ0IQvFvut2mNZ6Bri0XDhuJJC+2O6irqY1/w8nyDlZ3BRQ5YOKkQPMsrMt dYdxDG2bFP5yr07ieaMpwHXfRr5lvNBaMt1chbQfbAfdjTuwltnya69Wcc3xY3c= =A1Ad -----END PGP SIGNATURE----- From brewhaha at freenet.edmonton.ab.ca Mon Jul 18 21:57:35 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Mon, 18 Jul 2011 13:57:35 -0600 Subject: Can version 1.4.11 be configured to use IDEA? Message-ID: <4E24902F.5030609@freenet.edmonton.ab.ca> -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.2 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp owGbwMvMwMQoZ50153pJwzfGtYyTk7jTC9JLi1OL9EoqSvxU+rL8ixRS8hU8FfJS U1MUSvIVgHIKZalFxZn5eQqGeiZ6lvZAyeLEcoVEhdzU4uLE9FSQqpKMVIXUtLTU 5BIgM7EEolKhPDMnB2xAZkpqol5KTo6eQnC+QlpikQ7QjIzEMoWk1NQ8hdK8xKQc sCnJ+XlpmemlRalg/YaGMPvB2hVCMjKLFYAoUSEtMy9VoTw1Jzk/NxXZFSB/FCvk pykEuAdA3JEINCs3M70osSQzLx2kJDUvMz03MTNHIS2/COzq4ozU1CKFgvxyIAnU CXRCGVBNal5yqkJiXopCWk5qRWZSZk5mSaWCRnJ+aUEOMFjKM0sywJrTEmEehpub kp9arJCXX6KQm5+SmVYJd15xfmlRcqqmFS9XtKdfmKOPp4uCs2eAh2uQgr+fQkCQ Z5hjiKuCt2ukXmwnw1RmVgZQXMAjimnxMuZ/VhNaJq84N6P4ys3oaUd19W1PzHYT aTYWif+9rTY/+O2B5+/2GH5oLWqaJtyx6MBB/onbDT7uNv+/3/rjkff35gdciMsI TZDm43J3EjHfZFujczfTLKJwy7fQTwkx396p1rP5VV/jZa/brnX6wqKN89l9xOLY Fj2a1p3v9ZvJLXRNbcyVa5+zAQ== =arjT -----END PGP MESSAGE----- From johanw at vulcan.xs4all.nl Mon Jul 18 23:04:20 2011 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 18 Jul 2011 23:04:20 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24902F.5030609@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> Message-ID: <4E249FD4.9070603@vulcan.xs4all.nl> On 18-07-2011 21:57, Jay Litwyn wrote: > Or do I need to use version 1.4.9? I have no problem using idea.dll with 1.4.11. I didn't need to change anything to the config file, just the line load-extension c:\program files\gnu\gnupg\idea.dll with the correct path to idea.dll of course, and including the .dll extension. -- Met vriendelijke groet, Johan Wevers From expires2011 at ymail.com Mon Jul 18 23:16:34 2011 From: expires2011 at ymail.com (MFPA) Date: Mon, 18 Jul 2011 22:16:34 +0100 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24902F.5030609@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> Message-ID: <131304231.20110718221634@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 18 July 2011 at 8:57:35 PM, in , Jay Litwyn wrote: > Or do I need to use version 1.4.9? I saw a message to the effect > that 1.4.9 will use idea.dll. So far, I hav been unable to configure > 1.4.11 to use idea. Including the following line in my gpg.conf file works here:- load-extension [PATH]\idea.dll Replace "[PATH]" with the actual path to your idea.dll file. I am using v1.4.11 under Windows XP. I don't normally use idea.dll but just tried and including that line still works (insofar as it causes IDEA to appear in the cipher list when I type gpg --version). - -- Best regards MFPA mailto:expires2011 at ymail.com A bird in the hand makes it awfully hard to blow your nose -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOJKK6nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pipMEAJzj 8ct8grtXtubXn8SDnJzVl0Os9GSJUJllKC7nGBGcoxbiiyCxymKkxk080+U8INE5 YLzGMt6mN/M8GUTgW+PXwVoV56hlbbzt+kRXw9BKyneM562F49BvCS5A3xIh4IDX c8y36YZLuiR0BTZRKhBMRkFpiTwN29pXIc9Ov4Fa =nCdA -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Tue Jul 19 00:13:30 2011 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue, 19 Jul 2011 00:13:30 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24A976.8030103@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> Message-ID: <4E24B00A.4010303@vulcan.xs4all.nl> On 18-07-2011 23:45, Jay Litwyn wrote: > I tried that. Because I sometimes use gpg from the command line, my configuration line reads: > load-extension c:\gnupg\idea.dll > It doesn't work, even if I move gpg.conf to my pub directory: I still get "invalid cipher" from trying to decrypt my own private key. And like, hey!, to the other guy who replied, no point is in a signature with more than 128 bits, either: SHA512 is incompatible with gpg 1.2.2: Computer's can't even count to 2^64 in less than 2^32 seconds. On Windows you have to put gpg.conf somewhere in your homedir, it depends on the Windows version where that exactly is. gpg --version shows you which gpg.conf it is using. -- Met vriendelijke groet, Johan Wevers From brewhaha at freenet.edmonton.ab.ca Tue Jul 19 02:40:22 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Mon, 18 Jul 2011 18:40:22 -0600 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24B00A.4010303@vulcan.xs4all.nl> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> Message-ID: <4E24D276.1040306@freenet.edmonton.ab.ca> -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.2 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp owGdVU2IHEUUTrLGnyUDOQlGlGcSSJb09Ez3TDabVhZndyaTibM7w86uy0oS6Omu 6S7T3dVUV2+nIWggsuIhIAkiUS/ecvEigoIgiAej3uLBnBQEDzEgXowGc/BV9f5E RaIOQ/9UvffVe9/73uvXS2Pbdmx/8ukX3/lGnL+9/b2HouEuL/bShPCaLs6K+f3X H+hFYFYNo1w9UjamoG4ZNejPaXCC+XYEy2SV8AQyzgSxSuPTgNbGlLSVPmDWrPph tLVz6FKR5dGWJf6noQOCU+KC8G2hwwxxbDwaVxMWEkFDkoB8x4hgxFmIZgQcFoZ2 5EJAI6IpkDDHxWhEvZTbgrJIbQEntptYyiBgtlsmZwWJErntWCe9KI29k9Qltu4G QRGKAJeRJDogIGP8jAaYWQR0hNGEbFUFoctjQDB5YpwOwaWcOILx3IKOwkgEDQLw iIC9NFq1A+qCQ2Of8L3r8fOcRp5EcInD81hIJJZFEHO6agsCZ0iuK6SGyvAM0cAn +VOadJHJM7xw8NIcMp9hinGA7GkQMYgZjQTQBGgENiTUi2yRcqLAMip8TIITyTPW x5yCIRUJpkglngWD443Dhll4I78x0jgMSOEnyTd0UzcLLmdxOxWEH0jAsSVZiiaH pXg6BmmenqzLEAKSJMVp5umaCQlB6txEL+ouRbJMI5dlCeQsBd9GftEZgbdolhLI MDoi4dCKg48rSLkGVEgQl8QEMQErKqnZAJR6lFUufKWwgJy1HRHkmJ+u0imX140k TOJvhJH51PG3AqCKzjTBihVxl8al88F2lPbbEwUnpfFZFuecer6Ag7MT2CjVGhzj hMCAjURmYwTHkBpX6VKDTuQg1KKPuDFnHrdDKWdUuWK6MTPodZcWW90VmO/BcmNh oTG/uLLhgP+RBE7WgTWQXSDjlqdkJJBIkkWOJCXYVkMsk6IKz0fROIQLm8pSRS6V 4SAZA0IUdyOK1Z7t9Vc6820YMY7com0g61UaP464FjZNRTVNaXyQxjHjArvWDjzG MfJQ9lk/HaJ6LVgYNDR5KbeK20CDVrct35pyB5+RNNUU2DXNFi7Vmi00mm0MFnFU zHR7y8c6g+MaNOQqXoyjprqbhyc1WFzuyV2Myk58C+aa6ILqNfCsTr811zQmq2oB jWVtwpijEDFZC5aUsuWr7JgXOn28dDszMsM/F9bUq7pxBF9jr54hYaZu6NWJ0nhA h17RtIZe1yf/Xnqcd/crfZc6OIQItPvd1dohC9rzS/J5U7Q1QPIDnAQcnvGFiK2K ZF1n3KsEhWtS8eJA90UYTP+DMKxNUahlVISDfegRpZe/iEOJS/VYcq/mNueNGpoC YsJDKmTJhzmGl92ji1mr0mROGqJZok4YECGwZZJKL4sIrzRinFFOMZebtrD/i4pQ K0o1W4L5H1KR5nOtbrfTwLmHHwxY/22uSp+NFyWb+0tL3WtTdW19chbrZv3fSQ4j x2dTcvjatjfGdm6TX9nNb/COxxfGfn/wlS/Xrnx14lK9fO6tXQ9f/e2Td1uPXj9x bc/unS99/OrdU5+fu7G2Z/fRRyaev8mCQT79/tjVt3/6ds+l+nPVO7dr+2/tm3/z 3Iqz9umSe/fXHe9dfOy7q7cufrj8/Y1Wf+fazxeub9+7m104//WhuSfq+65d/qU9 9XLjsx+1L+5cOfXsRfrR5Q9u/vAH =f5VZ -----END PGP MESSAGE----- From rjh at sixdemonbag.org Tue Jul 19 03:57:24 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 18 Jul 2011 21:57:24 -0400 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24D276.1040306@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> Message-ID: <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> Is there some particular reason why you send messages in an obfuscated format? That said: on Windows you can usually find it in %APPDIR%\Roaming\GnuPG, at least for Win 7. Otherwise, I'd suggest familiarizing yourself with Windows' facilities to search for a file by filename, and search through %APPDIR% looking for gpg.conf. Also, you really ought consider upgrading. 1.2.2 is really, really old. Many bugfixes have come and gone since then. From brewhaha at freenet.edmonton.ab.ca Tue Jul 19 09:45:43 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Tue, 19 Jul 2011 01:45:43 -0600 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E24B00A.4010303@vulcan.xs4all.nl> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> Message-ID: <4E253627.6010603@freenet.edmonton.ab.ca> Looks like the answer to my question iz: Not legally. I was thinking that IDEA was more than ten years old, which I thot meant that the patent on it was expired. Silly me, though, looks like patent law changed for about seven more years of length. So, while I'm waiting for six months or whatever, I might az well change the password (and encryption algo) on my private key with gpg 1.2.2., and then migrate to 1.4.11. Hopefully, I can use the same key with PDF. Kuz, if not, then I *do* know how to convert PDF keys (S/MIME) to PGP format, and I want only one key for everything. I revoked a subkey before I realized that people need it to encrypt messages to me. _______ http://ecn.ab.ca/~brewhaha/ From brewhaha at freenet.edmonton.ab.ca Tue Jul 19 10:55:11 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Tue, 19 Jul 2011 02:55:11 -0600 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E253627.6010603@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E253627.6010603@freenet.edmonton.ab.ca> Message-ID: <4E25466F.5000803@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- To make a long story short. I created a key with jenuine pgp 10. I exported it with IDEA. I made gpg 1.2.2 work with IDEA. Making gpg 1.4.11 work with IDEA failed. I changed my pass-phrase using --crypt-algo CAST5 with 1.2.2. Now, enigmail works, so I am one happy camper. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTiVGbB47apzXdID2AQHQJAP+Mqmqu/58FHIT5os2t+B29Lgz+KFI8ctz i2j/iB3GCwZT7GNEhj8QF1scc3nO/gPdkGChAReLpuX6Oe0OJiOSl5Yl0Q1jmP0R zfcHkQeiRRhR4ZigjEkWpVMOWVQ0fZc/jeDlG5sGshS56Hdjh19iaNmi8u/PVne6 BTehLUUEqlg= =mqIE -----END PGP SIGNATURE----- From j-001 at ottosson.nu Tue Jul 19 01:20:21 2011 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 19 Jul 2011 01:20:21 +0200 Subject: Where are those stubs.. Message-ID: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> An HTML attachment was scrubbed... URL: From Jared.Crain at alterian.com Tue Jul 19 21:09:33 2011 From: Jared.Crain at alterian.com (Crain, Jared) Date: Tue, 19 Jul 2011 19:09:33 +0000 Subject: GPG on Windows 2003 Message-ID: <2E01A3BDA83B26498434DBEE8358E6F612A3A896@CH-INF-EXCH01.Alterian.com> Hi, all. Please CC me on any replies, as I am not subscribed to the list. I have GPG installed on a Windows 2003 server (32-bit). Looking in the install folder, it appears that it is GPG version 1.2.2. I am having an issue when I try to decrypt a file whose decrypted size is greater than 2 GB. When encrypted, the file is smaller as it is encrypted and compressed. When I run the decryption, no error is output (output matches for files whose decrypted size is less than 2 GB; files that are decrypted successfully/completely). If the decrypted size is over 2 GB, the decryption takes place, and a file of exactly 2 GB is created. I have read elsewhere that GPG can decrypt files of effectively unlimited size. Here are my questions: 1) I wonder if this is related to the server being a 32-bit windows server (since each application can only address up to 2 GB of memory). However, it appears that GPG streams the decrypted results out, not holding the result in memory. Also, when watching the system performance while GPG is decrypting, I do not see a spike in memory usage. Is there something GPG is doing that might cause it to hit this limit? If it is GPG hitting some sort of 2 GB limit because of the OS, does anyone know of any work-arounds? 2) Do I need to upgrade to a more recent version of GPG? I see there is now something called "gpg4win 2.1.0". When I originally installed GPG on this server, I do not recall that being available. Is it actually GPG version 2.1.0, or is it GPG version 1.4.11 in gpg4 win version 2.1.0? And can I install this without wiping out my existing keychains, etc? Many thanks for any feedback you can provide. -Jared Crain jared.crain at alterian.com Jared Crain Software Developer +1 661 367 9966 +1 818 442 1752 Jared.Crain at alterian.com Alterian | www.alterian.com | LSE:ALN 25152 Springfield Court, Suite 360, Valencia, CA 91355, USA | t: +1 661 367 9970 | f: +1 661 367 9969 [eBook] The 'How To' of Inbound Marketing: Four easy to follow guidelines for creating a winning inbound marketing strategy. [Download] Creating Engaging Email - Segmentation and Targeting eBook by David Daniels, CEO of The Relevancy Group The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing Alterian client engagement contract. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended recipient please contact the sender and delete the message. Although Alterian has taken reasonable steps to ensure that this communication and any attachments are free from computer virus, you are advised to take your own steps to ensure that they are actually virus free. Alterian plc is a Company registered in England and Wales, number 04007930, Registered office: The Spectrum Building, Bond Street, Bristol, BS1 3LG -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jared.Crain at alterian.com Tue Jul 19 21:39:00 2011 From: Jared.Crain at alterian.com (Crain, Jared) Date: Tue, 19 Jul 2011 19:39:00 +0000 Subject: GPG on Windows 2003 Message-ID: <2E01A3BDA83B26498434DBEE8358E6F612A3A8F2@CH-INF-EXCH01.Alterian.com> Many apologies! When I posted my question, I was laboring under some misinformation provided by the file's originator. The file was apparently inadvertently truncated before being transferred, but we did not know. When the originator supplied an un-truncated file, it did successfully decrypt to the correct size. -Jared Jared Crain Software Developer +1 661 367 9966 +1 818 442 1752 Jared.Crain at alterian.com Alterian | www.alterian.com | LSE:ALN 25152 Springfield Court, Suite 360, Valencia, CA 91355, USA | t: +1 661 367 9970 | f: +1 661 367 9969 [eBook] The 'How To' of Inbound Marketing: Four easy to follow guidelines for creating a winning inbound marketing strategy. [Download] Creating Engaging Email - Segmentation and Targeting eBook by David Daniels, CEO of The Relevancy Group The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing Alterian client engagement contract. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended recipient please contact the sender and delete the message. Although Alterian has taken reasonable steps to ensure that this communication and any attachments are free from computer virus, you are advised to take your own steps to ensure that they are actually virus free. Alterian plc is a Company registered in England and Wales, number 04007930, Registered office: The Spectrum Building, Bond Street, Bristol, BS1 3LG -------------- next part -------------- An HTML attachment was scrubbed... URL: From len.cooley at gmail.com Tue Jul 19 22:16:17 2011 From: len.cooley at gmail.com (Len Cooley) Date: Tue, 19 Jul 2011 16:16:17 -0400 Subject: secring and dropbox Message-ID: Is it a bad idea to place your secring in dropbox? From rjh at sixdemonbag.org Wed Jul 20 00:04:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 19 Jul 2011 15:04:06 -0700 Subject: secring and dropbox In-Reply-To: References: Message-ID: <17eda62ac864207786588063b6f191eb@localhost> > Is it a bad idea to place your secring in dropbox? Depends entirely on the strength of your passphrase. With a strong enough passphrase you could publish your secret certificates in the newspaper of your choice and still be confident of their safety. From rjh at sixdemonbag.org Wed Jul 20 00:14:07 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 19 Jul 2011 15:14:07 -0700 Subject: GPG on Windows 2003 In-Reply-To: <2E01A3BDA83B26498434DBEE8358E6F612A3A896@CH-INF-EXCH01.Alterian.com> References: <2E01A3BDA83B26498434DBEE8358E6F612A3A896@CH-INF-EXCH01.Alterian.com> Message-ID: <54ff7afc0ec1f0d891ccace05657e920@localhost> > I have GPG installed on a Windows 2003 server (32-bit). Looking in the > install folder, it appears that it is GPG version 1.2.2. I would recommend upgrading. GnuPG currently comes in two 'flavors': the 1.4.x track, and the 2.0.x track. Speaking very broadly, 1.4.x is better for servers, while 2.0.x is more suited for desktop deployments. Which one you choose doesn't really matter so much, so long as you upgrade to either 1.4.11 or 2.0.17. :) Version 1.2.2 is *old* -- like eight years old. It doesn't track the latest changes to the OpenPGP standard, and many bugfixes have come and gone since then. > 2) Do I need to upgrade to a more recent version of GPG? I see there is > now something called "gpg4win 2.1.0". When I originally installed GPG on > this server, I do not recall that being available. Is it actually GPG > version 2.1.0, or is it GPG version 1.4.11 in gpg4 win version 2.1.0? And > can I install this without wiping out my existing keychains, etc? Gpg4win may be in version 2.1, but the version of GnuPG shipped with it is 2.0.17 (I believe). Existing key files and so forth may be migrated to a 2.x installation quite easily. From thajsta at gmail.com Tue Jul 19 23:24:05 2011 From: thajsta at gmail.com (Jonathan Ely) Date: Tue, 19 Jul 2011 17:24:05 -0400 Subject: It Is Gone Message-ID: <4E25F5F5.8030000@gmail.com> Six days ago I received my machine from repair. I am now running Windows 7 Ultimate and am ready to get back into the Enigmail scene after settling in with Firefox and Thunderbird. However, when I navigated to the download page on GnuPG.org the familiar table was not there. Where did the GnuPG package go? I do not like GPG4WIN because it installs all that other inaccessible and unnecessary software not to mention it installs GnuPG version 2 which requires that other thing that deals with pass phrases and version 1.4.11 [the last version I used] was more easy to work with. Can somebody please link to or refer me to the site that contains the latest version 1 of GnuPG? Thanks. From rjh at sixdemonbag.org Wed Jul 20 01:37:39 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 19 Jul 2011 19:37:39 -0400 Subject: It Is Gone In-Reply-To: <4E25F5F5.8030000@gmail.com> References: <4E25F5F5.8030000@gmail.com> Message-ID: <4E261543.6010905@sixdemonbag.org> On 7/19/11 5:24 PM, Jonathan Ely wrote: > Can somebody please link to or refer me to the site that > contains the latest version 1 of GnuPG? Thanks. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe Enjoy! From thajsta at gmail.com Wed Jul 20 01:50:35 2011 From: thajsta at gmail.com (Jonathan Ely) Date: Tue, 19 Jul 2011 19:50:35 -0400 Subject: It Is Gone In-Reply-To: <4E261543.6010905@sixdemonbag.org> References: <4E25F5F5.8030000@gmail.com> <4E261543.6010905@sixdemonbag.org> Message-ID: <4E26184B.5000606@gmail.com> Thanks. I should have known better to ask before I copied an FTP's link location from the page. They made it a bit more difficult for me since they no longer link it directly but as long as the FTP server is still in existence I should be able to find it. On 19/07/2011 07:37 PM, Robert J. Hansen wrote: > On 7/19/11 5:24 PM, Jonathan Ely wrote: >> Can somebody please link to or refer me to the site that >> contains the latest version 1 of GnuPG? Thanks. > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe > > Enjoy! > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xDA74EEF3.asc Type: application/pgp-keys Size: 3102 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 834 bytes Desc: OpenPGP digital signature URL: From karadenizi at gmail.com Wed Jul 20 02:18:16 2011 From: karadenizi at gmail.com (Kara) Date: Tue, 19 Jul 2011 20:18:16 -0400 Subject: secring and dropbox Message-ID: <4E261EC8.4060303@gmail.com> ==== Reference Robert J. Hansen's 19 Jul 2011, 1504 (-0700), "Re: secring and dropbox": >> Is it a bad idea to place your secring in dropbox? > Depends entirely on the strength of your passphrase. With a strong > enough passphrase you could publish your secret certificates in the > newspaper of your choice and still be confident of their safety. Using a decent password generator and specifying a mix of upper and lower case letters, digits, and special characters, how many total characters -- as a minimum -- would you recommend such a password be? Any particular password generator program you would recommend? ==== From rjh at sixdemonbag.org Wed Jul 20 03:25:36 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 19 Jul 2011 21:25:36 -0400 Subject: secring and dropbox In-Reply-To: <4E261EC8.4060303@gmail.com> References: <4E261EC8.4060303@gmail.com> Message-ID: > Using a decent password generator and specifying a mix of upper and > lower case letters, digits, and special characters, how many total > characters -- as a minimum -- would you recommend such a password be? Generate 16 random bytes, base-64 encode them, memorize the output. I use a Python script to generate high-value keys. Works pretty well wherever there's a /dev/random device that can be read. I'm sure there's a way to do it for Windows, but I almost always have a UNIX terminal handy so I haven't bothered. :) I'm presenting the script here in case someone else finds it useful, but really, it's embarrassingly simple. #!/usr/bin/env python #coding=UTF-8 # # genrandkey -- generates high-randomness 128-bit keys # # Contributed to the public domain. # # Be careful with this script: each time you run it you consume # sixteen bytes from the system's high-entropy source. Only # generate random keys when you need them! # # If you need to generate a lot of keys, you may want to use # /dev/urandom instead. The keys won't quite be of as high # quality, but should be plenty good enough for almost all # purposes. # # Usage example: # # proverbs:~ rjh$ ./genrandkey # EDTnI9Awc6Y19Rysg2+H+g== from base64 import b64encode if __name__=='__main__': with open('/dev/random') as fh: print b64encode(fh.read(16)) From aaron.toponce at gmail.com Wed Jul 20 03:28:00 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Tue, 19 Jul 2011 19:28:00 -0600 Subject: secring and dropbox In-Reply-To: References: Message-ID: <20110720012800.GW312@poseidon.cocyt.us> On Tue, Jul 19, 2011 at 04:16:17PM -0400, Len Cooley wrote: > Is it a bad idea to place your secring in dropbox? I guess it's all about security versus convenience. So long as your passphrase contains enough entropy, is strong, and secure, then I don't see the big deal. With that said, I don't see the need either. You have the tools and hardware available to you, at very cheap prices, to build your own cloud storage on your own private network. We've had this for years. So why trust some 3rd party to do it for you? Why risk, even a miniscule amount of privacy when you don't have to? Just my $0.02. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Wed Jul 20 03:32:30 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Tue, 19 Jul 2011 19:32:30 -0600 Subject: secring and dropbox In-Reply-To: <4E261EC8.4060303@gmail.com> References: <4E261EC8.4060303@gmail.com> Message-ID: <20110720013230.GX312@poseidon.cocyt.us> On Tue, Jul 19, 2011 at 08:18:16PM -0400, Kara wrote: > > Depends entirely on the strength of your passphrase. With a strong > > enough passphrase you could publish your secret certificates in the > > newspaper of your choice and still be confident of their safety. > > Using a decent password generator and specifying a mix of upper and > lower case letters, digits, and special characters, how many total > characters -- as a minimum -- would you recommend such a password be? I use https://passwordcard.org. It's 100% platform independent, and doesn't require any software or hardware, outside of your wallet, which is likely the mose secure possession on you. Find a starting location for your password, pick a length and direction, and go. Of course, you're not limited to straight lines, and you shouldn't do that anyway. Spirals, "bouncing off walls", wrapping around the card, all sorts of options for the direction. After typing in the password enough, you memorize it anyway. And if someone gets access to your card, they need to know: 1. Accounts 2. Usernames 3. Starting location, direction, and length of each password And, given the random hex string, you can reprint your card, should you lose it. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From brewhaha at freenet.edmonton.ab.ca Wed Jul 20 03:57:01 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Tue, 19 Jul 2011 19:57:01 -0600 Subject: secring and dropbox In-Reply-To: <4E261EC8.4060303@gmail.com> References: <4E261EC8.4060303@gmail.com> Message-ID: <4E2635ED.6000805@freenet.edmonton.ab.ca> On 2011-07-19 6:18 PM, Kara wrote: > ==== > > Reference Robert J. Hansen's 19 Jul 2011, 1504 (-0700), "Re: secring > and dropbox": > >>> Is it a bad idea to place your secring in dropbox? >> Depends entirely on the strength of your passphrase. With a strong >> enough passphrase you could publish your secret certificates in the >> newspaper of your choice and still be confident of their safety. > Using a decent password generator and specifying a mix of upper and > lower case letters, digits, and special characters, how many total > characters -- as a minimum -- would you recommend such a password be? > > Any particular password generator program you would recommend? > Your brain. You hav to remember it, so you are better off constructing it in the first place. Remember that you will hav no automated retrieval process, where a friendly program reminds you of your passphrase. It iz almost a shame that the most retrievable things are sentences with non-sensical images in them, like Harry Lorayne's pimple-moose for pomplemouse, the french word for grapefruit: He would hav you imajin a moose with giant grapefruit pimples to remember that french word. You can then insert punctuation and numbers that don't go on facebook, anywhere, cut some of words down to initials or consonants (or out, if it's long enough). Then, add a pattern in your casing. There could be a program like "crack" applied to input passwords, measuring strength. Of course, if you are confident that your private key ring will never go anywhere, and that you can revoke it if it does (JENERATE A REVOKATION CERTIFICATE. Store it on that USB key that is chained into your coat.) It would of course be a nuisance to hav someone publish your revokation certificate, and nothing like losing money at Mark Twain Bank. If your friends are good enough, then you can leave a revokation certificate with them. From holtzm at cox.net Wed Jul 20 03:25:51 2011 From: holtzm at cox.net (Robert Holtzman) Date: Tue, 19 Jul 2011 18:25:51 -0700 Subject: Where are those stubs.. In-Reply-To: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> Message-ID: <20110720012551.GA12759@cox.net> On Tue, Jul 19, 2011 at 01:20:21AM +0200, J. Ottosson wrote: > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > .........snip......... >

> > Still with the HTML? This excerpt is from the Fedora mail list but it applies to all lists: No HTML Mail, Please Set your mailer to send only plain text messages to the list (How? ). Why? HTML is designed for web pages, not emails, and uses a lot more bandwidth. Many list members actually block HTML because it is used for malicious code. Not only does HTML mail be used to run malicious scripts, but when using handheld devices the time taken for the page to appear is also much higher. ....and also http://www.georgedillon.com/web/html_email_is_evil.shtml -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Wed Jul 20 04:42:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 19 Jul 2011 22:42:33 -0400 Subject: Where are those stubs.. In-Reply-To: <20110720012551.GA12759@cox.net> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> Message-ID: <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> > Still with the HTML? This excerpt is from the Fedora mail list but it > applies to all lists: It applies to those lists which have a policy on HTML mail identical to that of the Fedora mailing list. This is not the same as "all lists." > Why? HTML is designed for web pages, not emails, and uses a lot more > bandwidth. This is a canard. Given most of the bandwidth is taken up by spam, the tiny fraction that you can save by shifting messages from HTML to raw text is utterly insignificant. It's a rounding error. > Many list members actually block HTML because it is used for > malicious code. By that logic I should block plain text emails, based on how many malicious emails I get in those formats. There are certainly reasons to avoid HTML email, but these reasons don't strike me as especially persuasive. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 227 bytes Desc: This is a digitally signed message part URL: From jiangzuoyan at gmail.com Wed Jul 20 03:42:19 2011 From: jiangzuoyan at gmail.com (jiangzuoyan at gmail.com) Date: Wed, 20 Jul 2011 09:42:19 +0800 Subject: secring and dropbox In-Reply-To: <20110720012800.GW312@poseidon.cocyt.us> References: <20110720012800.GW312@poseidon.cocyt.us> Message-ID: I thinks it's a bad idea. If exposure of private keys is acceptable, why not just using AES like methods? To backup private keys, I think printer is better, and more realiable than dropbox like cloud storages. The security of dropbox is far from claimed, don't trust them. see http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/ and http://blog.dropbox.com/?p=821, http://hardware.slashdot.org/story/11/05/15/2157202/Dropbox-Accused-of-Lying-About-Security Changsheng Jiang On Wed, Jul 20, 2011 at 09:28, Aaron Toponce wrote: > On Tue, Jul 19, 2011 at 04:16:17PM -0400, Len Cooley wrote: > > Is it a bad idea to place your secring in dropbox? > > I guess it's all about security versus convenience. So long as your > passphrase contains enough entropy, is strong, and secure, then I don't see > the big deal. > > With that said, I don't see the need either. You have the tools and > hardware available to you, at very cheap prices, to build your own cloud > storage on your own private network. We've had this for years. So why trust > some 3rd party to do it for you? Why risk, even a miniscule amount of > privacy when you don't have to? > > Just my $0.02. > > -- > . o . o . o . . o o . . . o . > . . o . o o o . o . o o . . o > o o o . o . . o o o o . o o o > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron at aaronkaufman.com Wed Jul 20 04:35:16 2011 From: aaron at aaronkaufman.com (Aaron Kaufman) Date: Tue, 19 Jul 2011 19:35:16 -0700 Subject: secring and dropbox In-Reply-To: References: Message-ID: <20110720023515.GB8423@epic.fisix.net> Hey all, I'd like to just point this out. On June 20th Dropbox has a security snafu[1]. Why trust a 3rd party when you could do it yourself? When it comes to security and privacy there isn't much transparency. Maybe postmortem but not upfront. [1] http://blog.dropbox.com/?p=821 [1] http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/ On 4:16:17PM, Len Cooley wrote: > Is it a bad idea to place your secring in dropbox? > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Aaron Kaufman 0BA9 4F79 6949 8CA5 36BD DF11 3A4A 17E9 9681 4D1C From remco at webconquest.com Wed Jul 20 07:19:17 2011 From: remco at webconquest.com (Remco Rijnders) Date: Wed, 20 Jul 2011 07:19:17 +0200 Subject: Where are those stubs.. In-Reply-To: <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> Message-ID: On Tue, Jul 19, 2011 at 10:42:33PM -0400, Robert J. Hansen wrote: >> Still with the HTML? This excerpt is from the Fedora mail list but it >> applies to all lists: > >It applies to those lists which have a policy on HTML mail identical to >that of the Fedora mailing list. This is not the same as "all lists." > >> Why? HTML is designed for web pages, not emails, and uses a lot more >> bandwidth. > >This is a canard. Given most of the bandwidth is taken up by spam, the >tiny fraction that you can save by shifting messages from HTML to raw >text is utterly insignificant. It's a rounding error. True to some extent. But when you are on dialup or pay by the byte wireless, it does make a difference when you are quickly checking your mail and your mailserver / ISP has good spam filtering in place. >> Many list members actually block HTML because it is used for >> malicious code. > >By that logic I should block plain text emails, based on how many >malicious emails I get in those formats. > >There are certainly reasons to avoid HTML email, but these reasons don't >strike me as especially persuasive. Still, the reason the original poster sent a mail to this list is to solicit help. The HTML mail shows up as hardly readible on some mail clients. While you might argue that that's a problem for the receiver and not the sender, it does reduce the chances of getting a helpful reply from someone who'd know the answer but can't be bothered to decypher the unreadable HTML junk that arrived in their mailbox. The sender in that case is the only person suffering from their HTML-only mail. My 4KB of wasted bandwidth worth... Remco -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From lists at meumonus.com Wed Jul 20 08:46:12 2011 From: lists at meumonus.com (Devin Fisher) Date: Wed, 20 Jul 2011 06:46:12 +0000 Subject: Where are those stubs.. In-Reply-To: <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu><20110720012551.GA12759@cox.net><021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> Message-ID: <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> I prefer a homogeneous environment because once a plaintext user replies to an HTML message the HTML tags inundate the message and it becomes mostly unreadable. So in my opinion, either all plaintext or all HTML. -Devin -----Original Message----- From: "Robert J. Hansen" Sender: gnupg-users-bounces at gnupg.org Date: Tue, 19 Jul 2011 22:42:33 To: Robert Holtzman Cc: GnuPG-Users Subject: Re: Where are those stubs.. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Wed Jul 20 11:23:12 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 20 Jul 2011 11:23:12 +0200 Subject: secring and dropbox In-Reply-To: (Robert J. Hansen's message of "Tue, 19 Jul 2011 21:25:36 -0400") References: <4E261EC8.4060303@gmail.com> Message-ID: <8739i1wbjz.fsf@vigenere.g10code.de> On Wed, 20 Jul 2011 03:25, rjh at sixdemonbag.org said: > I'm presenting the script here in case someone else finds it useful, but really, it's embarrassingly simple. gpg --gen-random --armor 1 16 Might even be a bit simpler ;-) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From david at gbenet.com Wed Jul 20 11:24:14 2011 From: david at gbenet.com (david at gbenet.com) Date: Wed, 20 Jul 2011 10:24:14 +0100 Subject: Where are those stubs.. In-Reply-To: <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu><20110720012551.GA12759@cox.net><021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> Message-ID: <4E269EBE.7070805@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Devin Fisher wrote: > I prefer a homogeneous environment because once a plaintext user replies to an HTML message the HTML tags inundate the message and it becomes mostly unreadable. So in my opinion, either all plaintext or all HTML. > > -Devin > -----Original Message----- > From: "Robert J. Hansen" > Sender: gnupg-users-bounces at gnupg.org > Date: Tue, 19 Jul 2011 22:42:33 > To: Robert Holtzman > Cc: GnuPG-Users > Subject: Re: Where are those stubs.. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > I much prefer to send and receive in plain txt. When I started out some 25 years ago it was the norm and the convention to do so. I ran a BBS (Bullet Board System) and later became an ISP (Internet Service Provider). Most people that use Microsoft O/S format emails as HTML - using fancy fonts and so on. A simple "Hello world" is 50Kb in Microsoft-speak yet a mere 5bytes in linux-speak. We - with long memories remember the criminal actions of Microsoft - which still act the same way as in the past. There's a lot of "politics" as to why people write plain txt - who use Linux and not the criminally-based Microsoft. A lot of people do not care if they send out junk emails - their friends can read it and so must the rest of the world. I think lists should say "Please send plain txt only." David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOJp69AAoJEOJpqm7flRExTG4IAKX86Ombo3H8XT+Odpfx4oRP RtnKYLf67sA+i2j/hPaKYDP/TIDEuhkZ3nxGdEKFypDgH94Pdr/cczm0Efd+kBRg kWr1VZX2/O3SDAb7zpgdNQFJWbWiL0Iea2TgTSLEzzjSsuvH98i3tu/i5ml4XxU7 p61NKJxzGDHVI5az9CM6j768DYPG1mlHYtONj9AR3Q4yaNIq1S3q1+AhqBOOsDE9 NZYw/8HeSiLvwOQ1Up+H5Yp0a+HGzAkTq6W7KYxbgQjEttmKl+u2BonxK9ck6U4s v8LSdCEFavf7O1pKjXpSZ7KXzcdG6/egL57aCgKQp8rwbl4hWMS3VtVAXB8fFCM= =S0dy -----END PGP SIGNATURE----- From richard at r-selected.de Wed Jul 20 12:31:05 2011 From: richard at r-selected.de (Richard) Date: Wed, 20 Jul 2011 12:31:05 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> Message-ID: Hello, On Tue, Jul 19, 2011 at 03:57, Robert J. Hansen wrote: > Is there some particular reason why you send messages in an obfuscated format? how is that working anyway? Apparently GPG automatically decrypted those messages for me. How were they generated? What is that? :) Thanks, Richard From jerome at jeromebaum.com Wed Jul 20 13:39:53 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 20 Jul 2011 13:39:53 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> Message-ID: > how is that working anyway? Apparently GPG automatically decrypted > those messages for me. How were they generated? What is that? :) :compressed packet: algo=1 :onepass_sig packet: keyid 1E3B6A9CD77480F6 version 3, sigclass 0x00, digest 2, pubkey 1, last=1 :literal data packet: mode b (62), created 1311035908, name="gpguser3.txt", raw data: 1884 bytes :signature packet: algo 1, keyid 1E3B6A9CD77480F6 version 3, created 1311035908, md5len 5, sigclass 0x00 digest algo 2, begin of digest 1b 52 data: [1019 bits] Looks like this is what you get from a simple armor command. -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From johanw at vulcan.xs4all.nl Wed Jul 20 14:05:24 2011 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 20 Jul 2011 14:05:24 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> Message-ID: <4E26C484.9090009@vulcan.xs4all.nl> On 20-07-2011 12:31, Richard wrote: > how is that working anyway? Apparently GPG automatically decrypted > those messages for me. How were they generated? What is that? :) They were only signed, but not in plaintext but Base 64 encoded. -- Met vriendelijke groet, Johan Wevers From hlein at korelogic.com Wed Jul 20 02:57:42 2011 From: hlein at korelogic.com (Hank Leininger) Date: Tue, 19 Jul 2011 20:57:42 -0400 Subject: [PATCH] enable show-session-key on a truncated encrypted file Message-ID: <20110720005742.GB7769@marklar.spinoli.org> [ Sent to gnupg-devel a couple of days ago but it never went through; perhaps -devel is subscriber-only. Apologies if you eventually see it twice. ] Here is a patch (quick and dirty) to show a session key for an encrypted file using --show-session-key even if the encrypted file is truncated. Consider the following scenario: - There's a big file encrypted to your key on a machine you don't trust enough to put your private key on / feed it your passphrase - You need to have the decrypted version of that file on that machine (you do trust it enough to have that) - You have a slow link to that machine; pulling down, decrypting, and pushing the plaintext version back would be painful Maybe someone knows a better way to do this, but what I did some years ago with gpg was basically: local$ ssh remote head -c1000000 bigfile.pgp > bigfile_fragment.pgp local$ gpg --show-session-key -o /dev/null --max-output 1 \ bigfile_fragment.pgp 2>&1 | egrep 'session key' remote$ gpg -d --override-session-key KEYSTRING bigfile.pgp This fails with current gnupg without the attached patch. The key here is the ability to do --override-session-key on a fragment of a .pgp'ed file. The current behavior of gnupg is to error out because of the broken file prior to checking if opt.show_session_key is set. This is not "wrong"--but it is not helpful in the above scenario. The below patch moves up the opt.show_session_key check and prints the session key if known, even if gnupg is erroring out. Is there any reason this is a terrible idea *in the case that* you have already decided to use --show-session-key / --override-session-key? Thanks, Hank Leininger BE5D FCCA 673B D18B 98A9 3175 896E 3D4A 1B4D C5AC #### diff -urP gnupg-2.0.17/g10/mainproc.c gnupg-2.0.17-showtrunc/g10/mainproc.c --- gnupg-2.0.17/g10/mainproc.c 2011-01-09 17:06:16.000000000 -0500 +++ gnupg-2.0.17-showtrunc/g10/mainproc.c 2011-07-17 18:29:30.000000000 -0400 @@ -561,6 +561,18 @@ if( !result ) result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); + /* If told to show the session key, try even on failed operations */ + if(opt.show_session_key && c->dek != NULL && c->dek->keylen > 0) + { + int i; + char *buf = xmalloc ( c->dek->keylen*2 + 20 ); + sprintf ( buf, "%d:", c->dek->algo ); + for(i=0; i < c->dek->keylen; i++ ) + sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); + log_info( "session key: `%s'\n", buf ); + write_status_text ( STATUS_SESSION_KEY, buf ); + } + if( result == -1 ) ; else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE @@ -572,16 +584,6 @@ write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); - if(opt.show_session_key) - { - int i; - char *buf = xmalloc ( c->dek->keylen*2 + 20 ); - sprintf ( buf, "%d:", c->dek->algo ); - for(i=0; i < c->dek->keylen; i++ ) - sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); - log_info( "session key: `%s'\n", buf ); - write_status_text ( STATUS_SESSION_KEY, buf ); - } } else if( result == G10ERR_BAD_SIGN ) { log_error(_("WARNING: encrypted message has been manipulated!\n")); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 447 bytes Desc: Digital signature URL: From gnupg.user at seibercom.net Wed Jul 20 14:37:34 2011 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 20 Jul 2011 08:37:34 -0400 Subject: Where are those stubs.. In-Reply-To: <4E269EBE.7070805@gbenet.com> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> Message-ID: <20110720083734.6f31882a@scorpio> On Wed, 20 Jul 2011 10:24:14 +0100 david at gbenet.com articulated: > I much prefer to send and receive in plain txt. When I started out > some 25 years ago it was the norm and the convention to do so. I ran > a BBS (Bullet Board System) and later became an ISP (Internet Service > Provider). Most people that use Microsoft O/S format emails as HTML - > using fancy fonts and so on. A simple "Hello world" is 50Kb in > Microsoft-speak yet a mere 5bytes in linux-speak. We - with long > memories remember the criminal actions of Microsoft - which still act > the same way as in the past. There's a lot of "politics" as to why > people write plain txt - who use Linux and not the criminally-based > Microsoft. A lot of people do not care if they send out junk emails - > their friends can read it and so must the rest of the world. > > I think lists should say "Please send plain txt only." I prefer plain ASCII text format myself in most instances. However, your argument loses traction as soon as you start with this obvious personal vendetta against Microsoft. Those of use with long memories remember that the mail objection from the *.nix/*BSD community was the fact that most native MUA's currently available at that time were not able to properly handle HTML or MIME encoded messages. They then preceded to throw up a smoke screen condemning what they could not handle properly. By the way, and just out of blatant morbid curiosity, if an acquaintance, business or personal were to request that you communicate in HTML format would you do it? In conclusion, if you receive an HTML message, just delete it. Better yet, set up filters, configure your MTA if you employ one, or whatever means needed to remove this problem from your environment. You obviously have a lot of hatred build up. Elimination of this pseudo problem before it reaches your viewing screen would be a major step forward for you. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From mwood at IUPUI.Edu Wed Jul 20 15:33:58 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Wed, 20 Jul 2011 09:33:58 -0400 Subject: Yet Another Mail Encoding Thread In-Reply-To: <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> Message-ID: <20110720133358.GA2547@IUPUI.Edu> [increasingly offtopic rant] Well, a *proper* MUA would send both text/html and text/plain bodyparts in a multipart/alternative container, so that a *proper* CUI MUA could render the important part of the message without all the markup. But the evidence suggests that many maintainers of HTML-possessed MUAs still do not read standards. :-P Some character-cell MUAs will, in desperation, delegate HTML rendering to a character-cell browser and then display the result. I'm willing to go the extra mile with messages that can be so treated, if the actual text is intelligible. Often I find that this yields something more readable than what the sender thought I would see. But some MUAs do not even mark their HTML output as HTML, foiling this. :-{ When I open a message and see nothing but a farrago of markup, I generally throw it away unread. Unless it's an anticipated message from a known sender, it's too much trouble even to type "v", "m" to force it through lynx. Sent from my big clunky desktop using Mutt. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From david at gbenet.com Wed Jul 20 16:43:06 2011 From: david at gbenet.com (david at gbenet.com) Date: Wed, 20 Jul 2011 15:43:06 +0100 Subject: Where are those stubs.. In-Reply-To: <20110720083734.6f31882a@scorpio> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> Message-ID: <4E26E97A.9040806@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jerry wrote: > On Wed, 20 Jul 2011 10:24:14 +0100 > david at gbenet.com articulated: > >> I much prefer to send and receive in plain txt. When I started out >> some 25 years ago it was the norm and the convention to do so. I ran >> a BBS (Bullet Board System) and later became an ISP (Internet Service >> Provider). Most people that use Microsoft O/S format emails as HTML - >> using fancy fonts and so on. A simple "Hello world" is 50Kb in >> Microsoft-speak yet a mere 5bytes in linux-speak. We - with long >> memories remember the criminal actions of Microsoft - which still act >> the same way as in the past. There's a lot of "politics" as to why >> people write plain txt - who use Linux and not the criminally-based >> Microsoft. A lot of people do not care if they send out junk emails - >> their friends can read it and so must the rest of the world. >> >> I think lists should say "Please send plain txt only." > > I prefer plain ASCII text format myself in most instances. However, > your argument loses traction as soon as you start with this obvious > personal vendetta against Microsoft. > > Those of use with long memories remember that the mail objection from > the *.nix/*BSD community was the fact that most native MUA's currently > available at that time were not able to properly handle HTML or MIME > encoded messages. They then preceded to throw up a smoke screen > condemning what they could not handle properly. > > By the way, and just out of blatant morbid curiosity, if an > acquaintance, business or personal were to request that you communicate > in HTML format would you do it? > > In conclusion, if you receive an HTML message, just delete it. Better > yet, set up filters, configure your MTA if you employ one, or whatever > means needed to remove this problem from your environment. You > obviously have a lot of hatred build up. Elimination of this pseudo > problem before it reaches your viewing screen would be a major step > forward for you. > Hi Jerry, I don't hate any one for using Microsoft - I even beta-tested Windows 3.11 and Windows 95/98 till I realised that though we filed bug reports Microsoft in Ireland took no notice. And as an ex-Chairman and ex-Vice President of a US Company we had an ethical trading policy to which the Microsoft Corporation failed to comply with. They still seem to be facing problems in the EU. If I were to suggest that you should support your local bank robber or mugger and give them every assistance and that all criminals be released - you would suggest that I was mad. Microsoft does engage in illegal business practices - and are supported by millions every day with their lock in licences and anti-competitive practices. I just have a better grasp of business ethics and better grasp in recognising software freedom - but I don't hate people for their ignorance of Microsoft's bad and illegal business practices. Most people have Microsoft on their desktop or laptop without any choice. They do not have the freedom of choice. Most people like my girlfriend just switch on their laptop or desktop and use it without any knowledge that there are alternatives. As some one said "Microsoft gives you Windows - Linux gives you the whole house" that whole house is for free. Microsoft lock you in - they lock companies in too. They engage in illegal business practices. I often find it odd that people when they get to know about Microsoft's illegal business practices that they continue to have a Microsoft Operating System on the desktop or laptop. Companies that sell desktops and laptops operate with very small margins - but the licence that goes to Microsoft is constant about 12 years ago it was a fact that IBM paid Microsoft a licence fee for every machine it sold - $400 USD. So when desktops or laptops are sold in a sale there is no reduction of licence fee which remains a constant. A computer buyer can not go into say PC World and say "I like that HP or Acer, but I will buy it with or without an operating system or with a Linux distro installed." They have no choice. Microsoft's business policy is "No choice but Microsoft for the general consumer and for the business user." I support freedom of choice - I support ethical business practices. Microsoft Corporation does not support any ethical principles. It is not a question of "I hate Microsoft." I don't support unethical or illegal business practices. I also think that the majority of computer users are in ignorance. But you can Google and see for yourself the basis of business practice by Microsoft Corporation. Oh and once IBM had a licence for Windows - IBMers are not told to talk about that. But once you do know - then you have a choice - continue to support anti-competitive unethical and illegal business practices of the Microsoft Corporation or if you support ethical good practice and no criminal activity. Your choice as everyone else's. As an oldy (63) I prefer plain txt. I don't admonish people for sending me HTML with all manner of fancy fonts - I just accept it. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOJulsAAoJEOJpqm7flRExjGcH/1P3h431bqDidmqBZRrLIOzz dxz1DCp3kUCmxjKTWhc8L6gS/xy41899D7FPvGIdNbKULjD5JbtWLnuwQSFIFyJy 3lfdHDQE0GIJ0VWGDJtHI/womTnazf9J1vWzFyOhjJK+HxWjqPHXLKbIRtY1jLi2 ZOrGGwu9bfkzXBFp86yDNGRoO48LOEwt/DlVf7b/yXNeariQLLdsbBSNhytsmh9r EBlAQTTD2Qv98LzkMX5so+O1vSzhzEmoxLg983e2ItF16At1aWqnNM93rlGbtwH/ ymvdSDB2KpAm7vlHxu6fMw+fYlLpCz9VqJYn5b/E3fhQgNNr+vBB4mjF/ggW4Jk= =mEGx -----END PGP SIGNATURE----- From lists at meumonus.com Wed Jul 20 17:18:37 2011 From: lists at meumonus.com (Devin Fisher) Date: Wed, 20 Jul 2011 15:18:37 +0000 Subject: Where are those stubs.. In-Reply-To: <4E26E97A.9040806@gbenet.com> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com><20110720083734.6f31882a@scorpio><4E26E97A.9040806@gbenet.com> Message-ID: <658423218-1311175119-cardhu_decombobulator_blackberry.rim.net-1462027417-@b1.c27.bise6.blackberry> Deleted. I may be a newb to this list, but I believe etiquette is to post an OT so that we can skip stuff like this. Thanks, -Devin -----Original Message----- From: "david at gbenet.com" Sender: gnupg-users-bounces at gnupg.org Date: Wed, 20 Jul 2011 15:43:06 To: Subject: Re: Where are those stubs.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jerry wrote: > On Wed, 20 Jul 2011 10:24:14 +0100 > david at gbenet.com articulated: > >> I much prefer to send and receive in plain txt. When I started out >> some 25 years ago it was the norm and the convention to do so. I ran >> a BBS (Bullet Board System) and later became an ISP (Internet Service >> Provider). Most people that use Microsoft O/S format emails as HTML - >> using fancy fonts and so on. A simple "Hello world" is 50Kb in >> Microsoft-speak yet a mere 5bytes in linux-speak. We - with long >> memories remember the criminal actions of Microsoft - which still act >> the same way as in the past. There's a lot of "politics" as to why >> people write plain txt - who use Linux and not the criminally-based >> Microsoft. A lot of people do not care if they send out junk emails - >> their friends can read it and so must the rest of the world. >> >> I think lists should say "Please send plain txt only." > > I prefer plain ASCII text format myself in most instances. However, > your argument loses traction as soon as you start with this obvious > personal vendetta against Microsoft. > > Those of use with long memories remember that the mail objection from > the *.nix/*BSD community was the fact that most native MUA's currently > available at that time were not able to properly handle HTML or MIME > encoded messages. They then preceded to throw up a smoke screen > condemning what they could not handle properly. > > By the way, and just out of blatant morbid curiosity, if an > acquaintance, business or personal were to request that you communicate > in HTML format would you do it? > > In conclusion, if you receive an HTML message, just delete it. Better > yet, set up filters, configure your MTA if you employ one, or whatever > means needed to remove this problem from your environment. You > obviously have a lot of hatred build up. Elimination of this pseudo > problem before it reaches your viewing screen would be a major step > forward for you. > Hi Jerry, I don't hate any one for using Microsoft - I even beta-tested Windows 3.11 and Windows 95/98 till I realised that though we filed bug reports Microsoft in Ireland took no notice. And as an ex-Chairman and ex-Vice President of a US Company we had an ethical trading policy to which the Microsoft Corporation failed to comply with. They still seem to be facing problems in the EU. If I were to suggest that you should support your local bank robber or mugger and give them every assistance and that all criminals be released - you would suggest that I was mad. Microsoft does engage in illegal business practices - and are supported by millions every day with their lock in licences and anti-competitive practices. I just have a better grasp of business ethics and better grasp in recognising software freedom - but I don't hate people for their ignorance of Microsoft's bad and illegal business practices. Most people have Microsoft on their desktop or laptop without any choice. They do not have the freedom of choice. Most people like my girlfriend just switch on their laptop or desktop and use it without any knowledge that there are alternatives. As some one said "Microsoft gives you Windows - Linux gives you the whole house" that whole house is for free. Microsoft lock you in - they lock companies in too. They engage in illegal business practices. I often find it odd that people when they get to know about Microsoft's illegal business practices that they continue to have a Microsoft Operating System on the desktop or laptop. Companies that sell desktops and laptops operate with very small margins - but the licence that goes to Microsoft is constant about 12 years ago it was a fact that IBM paid Microsoft a licence fee for every machine it sold - $400 USD. So when desktops or laptops are sold in a sale there is no reduction of licence fee which remains a constant. A computer buyer can not go into say PC World and say "I like that HP or Acer, but I will buy it with or without an operating system or with a Linux distro installed." They have no choice. Microsoft's business policy is "No choice but Microsoft for the general consumer and for the business user." I support freedom of choice - I support ethical business practices. Microsoft Corporation does not support any ethical principles. It is not a question of "I hate Microsoft." I don't support unethical or illegal business practices. I also think that the majority of computer users are in ignorance. But you can Google and see for yourself the basis of business practice by Microsoft Corporation. Oh and once IBM had a licence for Windows - IBMers are not told to talk about that. But once you do know - then you have a choice - continue to support anti-competitive unethical and illegal business practices of the Microsoft Corporation or if you support ethical good practice and no criminal activity. Your choice as everyone else's. As an oldy (63) I prefer plain txt. I don't admonish people for sending me HTML with all manner of fancy fonts - I just accept it. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOJulsAAoJEOJpqm7flRExjGcH/1P3h431bqDidmqBZRrLIOzz dxz1DCp3kUCmxjKTWhc8L6gS/xy41899D7FPvGIdNbKULjD5JbtWLnuwQSFIFyJy 3lfdHDQE0GIJ0VWGDJtHI/womTnazf9J1vWzFyOhjJK+HxWjqPHXLKbIRtY1jLi2 ZOrGGwu9bfkzXBFp86yDNGRoO48LOEwt/DlVf7b/yXNeariQLLdsbBSNhytsmh9r EBlAQTTD2Qv98LzkMX5so+O1vSzhzEmoxLg983e2ItF16At1aWqnNM93rlGbtwH/ ymvdSDB2KpAm7vlHxu6fMw+fYlLpCz9VqJYn5b/E3fhQgNNr+vBB4mjF/ggW4Jk= =mEGx -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From vedaal at nym.hush.com Wed Jul 20 16:38:55 2011 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 20 Jul 2011 10:38:55 -0400 Subject: secring and dropbox Message-ID: <20110720143855.DE01B6F446@smtp.hushmail.com> Kara karadenizi at gmail.com wrote on Wed Jul 20 02:18:16 CEST 2011 : >> Is it a bad idea to place your secring in dropbox? >Using a decent password generator and specifying a mix of upper and lower case letters, digits, and special characters, how many total characters -- as a minimum -- would you recommend such a password be? >Any particular password generator program you would recommend? ----- A simple alternative would be to create a truecrypt container, allowing truecrypt to generate its own keyfile. Store the keyfile in a secure, retrievable place (not in the cloud), and you can leave the password blank. To answer your question; assuming that at some point, the 'cloud' will have resources to brute force passphrases that might be considered safe 'now', but still not enough to brute force a 2^256 or even a 2^128 symmetrical cipher, then, symmetrically encrypt any file using either AES, Twofish, or Camellia, and then decrypt it with the gnupg option of '--show-session-key'. Gnupg will display a random 64 character string. Use the entire string as your passphrase, (or half of it, if you feel comfortable that the combined sources of the cloud will not be able to brute-force a 128 bit keyspace in your lifetime ;-) ) If you find such a string difficult to remember, then consider Diceware. http://world.std.com/~reinhold/diceware.html (afaik, there is no computerized dice generator that will produce acceptably random results, so you'll need 5 dice.) The Diceware keyspace is 7776 (6 possibilities for a die throw, 5 throws, 6^5 = 7776). [ 7776^10 ~= 8.08 x 10^38 ] > [ 2^128 ~= 3.40 x 10^38 ] [ 7776^20 ~= 6.53 x 10^77 ] > [ 2^256 ~= 1.58 x 10^77 ] A 10 word Diceware passphrase should be more than enough. From holtzm at cox.net Wed Jul 20 17:44:43 2011 From: holtzm at cox.net (Robert Holtzman) Date: Wed, 20 Jul 2011 08:44:43 -0700 Subject: Where are those stubs.. In-Reply-To: <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> Message-ID: <20110720154443.GA14161@cox.net> On Tue, Jul 19, 2011 at 10:42:33PM -0400, Robert J. Hansen wrote: > > Still with the HTML? This excerpt is from the Fedora mail list but it > > applies to all lists: > > It applies to those lists which have a policy on HTML mail identical to that of the Fedora mailing list. This is not the same as "all lists." Most lists I've seen discourage it > > > Why? HTML is designed for web pages, not emails, and uses a lot more > > bandwidth. > > This is a canard. Given most of the bandwidth is taken up by spam, the tiny fraction that you can save by shifting messages from HTML to raw text is utterly insignificant. It's a rounding error. > I'll give you that. > > Many list members actually block HTML because it is used for > > malicious code. > > By that logic I should block plain text emails, based on how many malicious emails I get in those formats. And if you're worried enough you wouldn't be online at all. Where do you want to draw the line? > > There are certainly reasons to avoid HTML email, but these reasons don't strike me as especially persuasive. > Evidently the originator did and I couldn't agree with him more. -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From gnupg.user at seibercom.net Wed Jul 20 17:56:54 2011 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 20 Jul 2011 11:56:54 -0400 Subject: Where are those stubs.. In-Reply-To: <4E26E97A.9040806@gbenet.com> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> <4E26E97A.9040806@gbenet.com> Message-ID: <20110720115654.2f82faa3@scorpio> On Wed, 20 Jul 2011 15:43:06 +0100 david at gbenet.com articulated: > Hi Jerry, > > I don't hate any one for using Microsoft - I even beta-tested Windows > 3.11 and Windows 95/98 till I realised that though we filed bug > reports Microsoft in Ireland took no notice. I don't want to get into a long drawn out discussion on this issue, so I will make this brief. Your analogy is faulty. It is comparative to someone saying that that are not prejudice against blacks because they have one as a friend. Interestingly enough, a few years ago while doing Beta testing on the Office Suite, I filed a report on a possible bug/problem. I received a telephone call two days later asking for more specific details. Perhaps your submissions were considered PEBKaC anomalies. > And as an ex-Chairman and ex-Vice President of a US Company we had an > ethical trading policy to which the Microsoft Corporation failed to > comply with. They still seem to be facing problems in the EU. The EU is a group of neo-fascists/socialists backed to a large extend by Opera. You would have a better chance of getting a fair hearing as a black man standing trail with a jury of the KKK than a capitalistic corporation has in front of the EC, or as it has been called, the USSREC. > If I were to suggest that you should support your local bank robber > or mugger and give them every assistance and that all criminals be > released - you would suggest that I was mad. Microsoft does engage in > illegal business practices - and are supported by millions every day > with their lock in licences and anti-competitive practices. Google is presently under investigation for anti-monopoly laws in the US. Personally, I have always felt that the anti-monopoly laws in the US were designed for the robber barons, AKA train & steel and oil corporation. However, if you are going to use it against on entity, then you have to apply it uniformly. In any case, your analogy is faulty since you are comparing business law with criminal law. > I just have a better grasp of business ethics and better grasp in > recognising software freedom - but I don't hate people for their > ignorance of Microsoft's bad and illegal business practices. Wow, at least, well according to you anyway, you are not an indiscriminate hater. How thoughtful of you. > Most people have Microsoft on their desktop or laptop without any > choice. They do not have the freedom of choice. Most people like my > girlfriend just switch on their laptop or desktop and use it without > any knowledge that there are alternatives. Absolutely, F**ken Bulls**t. You always have a choice. The truth of the matter is that your girlfriend, or any other individual for that matter, choose an OS that they can actually just turn on and have it work without spending days attempting to get simple things like wireless, printers, etcetera operational. Hell, I use FreeBSD as a hobbyist OS on two machines and it doesn't even support the wireless "N" protocol after over 5 years. The list goes on and on. People tend to use what works best for them. Even more so, they use what works best in their environment. > As some one said "Microsoft gives you Windows - Linux gives you the > whole house" that whole house is for free. Microsoft lock you in - > they lock companies in too. They engage in illegal business practices. > > I often find it odd that people when they get to know about > Microsoft's illegal business practices that they continue to have a > Microsoft Operating System on the desktop or laptop. Companies that > sell desktops and laptops operate with very small margins - but the > licence that goes to Microsoft is constant about 12 years ago it was > a fact that IBM paid Microsoft a licence fee for every machine it > sold - $400 USD. So when desktops or laptops are sold in a sale there > is no reduction of licence fee which remains a constant. I need a citation for that. I did a quick search and found nothing even beginning to approach this $400 mark. In any case, how long has it been since IBM ceased PC production? > A computer buyer can not go into say PC World and say "I like that HP > or Acer, but I will buy it with or without an operating system or > with a Linux distro installed." They have no choice. Microsoft's > business policy is "No choice but Microsoft for the general consumer > and for the business user." The manufacturer has all ready purchased a license to include the OS installed. If you don't want it, erase it. How much simpler can it get. 99% of PC buyers, and the percentage may even be higher, want a PC with a fully functional OS installed. How many PCs would any store sell if they came sans OS? I can probably count the number on one hand. As far a the "Linux" installed, you most certainly can. Do a web search, but don't use Google. They are under investigation (in more than one country too). > I support freedom of choice - I support ethical business practices. > Microsoft Corporation does not support any ethical principles. It is > not a question of "I hate Microsoft." I don't support unethical or > illegal business practices. I assume for starters that you don't use Google, purchase diamonds, you wouldn't want to support another monopoly (De Beers), etcetera. > I also think that the majority of computer users are in ignorance. > But you can Google and see for yourself the basis of business > practice by Microsoft Corporation. Oh and once IBM had a licence for > Windows - IBMers are not told to talk about that. Now you really need to supply a citation. > But once you do know - then you have a choice - continue to support > anti-competitive unethical and illegal business practices of the > Microsoft Corporation or if you support ethical good practice and no > criminal activity. Your choice as everyone else's. What you are really trying to enforce is the concept of socialism. You don't hate Microsoft, or any other corporation specifically. You are using this pseudo "business practice" scenario as a smoke screen to cover up the fact that you are really an anti-capitalist. You want software to be free. I have no problem with that as long as it does not deprive an individual of his due compensation. You usually get what you pay for. > As an oldy (63) I prefer plain txt. I don't admonish people for > sending me HTML with all manner of fancy fonts - I just accept it. If the worst thing anyone ever did was send me an HTML formatted message, I would be a happy man. For the record, Microsoft did not invent the HTML(1) format. That is attributed to physicist Tim Berners-Lee. Guess what, he didn't even work for Microsoft either. (1) http://en.wikipedia.org/wiki/HTML -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Famous last words of Davy Crockett: What are all those gardeners doing here? From aaron.toponce at gmail.com Wed Jul 20 17:39:16 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 20 Jul 2011 09:39:16 -0600 Subject: secring and dropbox In-Reply-To: <8739i1wbjz.fsf@vigenere.g10code.de> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> Message-ID: <20110720153916.GB7497@poseidon.cocyt.us> On Wed, Jul 20, 2011 at 11:23:12AM +0200, Werner Koch wrote: > On Wed, 20 Jul 2011 03:25, rjh at sixdemonbag.org said: > > I'm presenting the script here in case someone else finds it useful, but really, it's embarrassingly simple. > > gpg --gen-random --armor 1 16 > > Might even be a bit simpler ;-) Ah, cool. However, as the gpg(1) manual states, --gen-random removes precious entropy from your system. It might be worth adding to that note, that regenerating entropy isn't that big of a deal. Something along the lines of: $ du / > /dev/null Should be sufficient, by causing a lot of disk interrupts. Just a thought. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From jerome at jeromebaum.com Wed Jul 20 18:48:30 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 20 Jul 2011 18:48:30 +0200 Subject: secring and dropbox In-Reply-To: <20110720153916.GB7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> Message-ID: > Ah, cool. However, as the gpg(1) manual states, --gen-random removes > precious entropy from your system. But that's really the point. If you want strong random data, that data should have high entropy. But that entropy needs to come from somewhere -- i.e., your system. What I'd find more interesting is why you (Werner) chose quality level 1. What do these levels do? Is 2 full entropy, and 0 just urandom? -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From aaron.toponce at gmail.com Wed Jul 20 18:55:35 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 20 Jul 2011 10:55:35 -0600 Subject: secring and dropbox In-Reply-To: References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> Message-ID: <20110720165535.GD7497@poseidon.cocyt.us> On Wed, Jul 20, 2011 at 06:48:30PM +0200, Jerome Baum wrote: > > Ah, cool. However, as the gpg(1) manual states, --gen-random removes > > precious entropy from your system. > > But that's really the point. If you want strong random data, that data > should have high entropy. But that entropy needs to come from > somewhere -- i.e., your system. Yes, of course. I'm not arguing that it isn't, but rather the documentation could be more complete, such as restoring that entropy after exhaustion. > What I'd find more interesting is why you (Werner) chose quality level > 1. What do these levels do? Is 2 full entropy, and 0 just urandom? I'm curious about this as well, which shows that the documentation for this switch is lacking somewhat. It would be beneficial for everyone who uses gpg(1) to see some additional help here. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From hka at qbs.com.pl Wed Jul 20 18:57:09 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Wed, 20 Jul 2011 18:57:09 +0200 Subject: gpgsm and OCSP problems Message-ID: <201107201857.14041.hka@qbs.com.pl> Hi all! I'm not sure if I configure the gnupg package correctly, but when I enable OCSP I'm unable to validate certificates (gpgsm --with-validation -k) When I add "enable-ocsp" to gpgsm.conf and "allow-ocsp" to dirmngr.conf I get either "Unknown system error" or an "End of file error". Even when the only other configuration variable is "honor-http-proxy" in dirmngr.conf. I tried adding CA certificates to ".gnugp/trusted-certs/" and intermediate certificates together with OCSP responder server to ".gnupg/extra-certs/". I verified that certificates are loaded by dirmngr, contain OCSP server addresses and that the servers are queried. I'm using gpgsm (GnuPG) 2.0.17 libgcrypt 1.4.6 libksba 1.0.8 Log follows: gpgsm[23389]: chan_9 -> [ 44 20 30 82 06 34 30 82 04 1c a0 03 02 01 02 02 ... (982 byte(s) skipped) ] gpgsm[23389]: chan_9 -> [ 44 20 05 07 02 01 16 22 68 74 74 70 3a 2f 2f 77 ... (630 byte(s) skipped) ] gpgsm[23389]: chan_9 -> END dirmngr[23390]: chan_6 <- [ 44 20 30 82 06 34 30 82 04 1c a0 03 02 01 02 02 ...(982 byte(s) skipped) ] dirmngr[23390]: chan_6 <- [ 44 20 05 07 02 01 16 22 68 74 74 70 3a 2f 2f 77 ...(630 byte(s) skipped) ] dirmngr[23390]: chan_6 <- END dirmngr[23390.0]: using OCSP responder `http://ocsp.startssl.com/sub/class3/client/ca' dirmngr[23390.0]: OCSP responder at `http://ocsp.startssl.com/sub/class3/client/ca' status: success dirmngr[23390]: chan_6 -> S ONLY_VALID_IF_CERT_VALID D9DF4E2507CB1A4E76DF761CB5505625E5E23B67 dirmngr[23390.0]: certificate status is: good (this=20110720T120126 next=20110721T123920) gpgsm[23389]: chan_9 <- S ONLY_VALID_IF_CERT_VALID D9DF4E2507CB1A4E76DF761CB5505625E5E23B67 dirmngr[23390]: chan_6 -> OK gpgsm[23389]: chan_9 <- OK gpgsm[23389]: unable to find the certificate used by the dirmngr: Unknown system error -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From peter at digitalbrains.com Wed Jul 20 21:48:50 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 20 Jul 2011 21:48:50 +0200 Subject: Where are those stubs.. In-Reply-To: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> Message-ID: <4E273122.9050807@digitalbrains.com> On 19/07/11 01:20, J. Ottosson wrote: > Example: I have this newly installed GPG, through GPG4WIN. After having done > some checking and searching in manuals and on the list, I have come to > conclusion that entering the command "gpg --card-status" should make the secret > key stubs appear in the keyring. > > I cannot get this to work though. AFAIK, you need to get the public key imported in GnuPG before you do --card-status. So you first download your own public key from a keyserver or a website or a USB stick, you don't get it from the smartcard. Only when GnuPG already has the public key, will it create the secret key stubs when it sees your smartcard. Good luck, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From brewhaha at freenet.edmonton.ab.ca Wed Jul 20 23:44:03 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Wed, 20 Jul 2011 15:44:03 -0600 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> Message-ID: <4E274C23.6020004@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-20 4:31 AM, Richard wrote: > Hello, > > On Tue, Jul 19, 2011 at 03:57, Robert J. Hansen > wrote: >> Is there some particular reason why you send messages in an >> obfuscated format? > > how is that working anyway? Apparently GPG automatically decrypted > those messages for me. How were they generated? What is that? :) gpg --sign message.txt notepad message.txt.asc Clear message answer. Cut and paste message.txt.asc into answer of message. It is a compressed, ascii-armoured, and signed message. It handles long lines without pgp/mime (which currently doesn't work for me), and it survives whitespace corruption such as what you might get from cutting and pasting a message from an archive. "gpg -sa message.txt" does the same thing. Notice the omitted Teh that would make it a - --clearsign . > > Thanks, > > Richard > The soldier who survived mustard gas and pepper spray is now a seasoned veteran. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTidMIB47apzXdID2AQGXXgQApO37rCwoMqDBLaEKkItg1a+Jig4kBl3E 84/60lhu1d/txujQ+hm9uqbm1i1eTQ3UIktkgRojr6zB2J32Cdsef74UgK0758di YUho5JeC6Gq/PFV0KN84RWVyujgbOe9I2GgmISUcVqLrWiCAa0/K2qZ5mGG3feM/ ChdOsRfHSpU= =ibHH -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Jul 20 23:48:03 2011 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 20 Jul 2011 14:48:03 -0700 Subject: secring and dropbox In-Reply-To: <20110720165535.GD7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> Message-ID: <4E274D13.80700@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/20/2011 09:55, Aaron Toponce wrote: > Yes, of course. I'm not arguing that it isn't, but rather the documentation > could be more complete, such as restoring that entropy after exhaustion. Some of us run systems that don't have that issue. :) - -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iQEcBAEBCAAGBQJOJ00TAAoJEFzGhvEaGryEqkIIAIuxOZvcvfmULN2Svk1HzAU/ NvpW19TV6lAG8UA2opdYXK+2EGOiaqiL9o1I/xN/vsKXoXi9qDlr+X9fHH/3oPUw BCJ7xuzcnVuXzrBqxVhl7j9/SWJhjfat5jNt1fMTtnijzKR2oR/d9E/t/ABs/t0e v6FhQI6BAXFLEvZ3zStwMW4E03ciBOi0SKA1z8l41YbBeTRI8ChCLICg9crdeVH8 Xx4gUubW5z0n/GCgoucIleK0lHs9V08V1NUWhVBplvbTO2G+7SkGo2Y3uZOW83hU 4w/KpvsstF5fLHqYKqbTJpuVuJJKJ37kRNEn0GCqLH31Mne1mOJVenatCH5phLg= =AHMx -----END PGP SIGNATURE----- From jc.cavaille at laposte.net Sat Jul 16 23:26:11 2011 From: jc.cavaille at laposte.net (J2C) Date: Sat, 16 Jul 2011 21:26:11 +0000 (UTC) Subject: Fw: compile errors References: <20101102101232.394e3b1f@arakus> Message-ID: I confirme, similar problem on gnupg-2.0.17 From brewhaha at freenet.edmonton.ab.ca Thu Jul 21 00:21:29 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Wed, 20 Jul 2011 16:21:29 -0600 Subject: secring and dropbox In-Reply-To: <20110720153916.GB7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> Message-ID: <4E2754E9.600@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-20 9:39 AM, Aaron Toponce wrote: > On Wed, Jul 20, 2011 at 11:23:12AM +0200, Werner Koch wrote: >> On Wed, 20 Jul 2011 03:25, rjh at sixdemonbag.org said: >>> I'm presenting the script here in case someone else finds >>> it useful, but really, it's embarrassingly simple. Never let simple embarass you. For me, it is key. For someone else, it might be poetry. For someone simpler than you, it might be obfuscation. :) >> gpg --gen-random --armor 1 16 >> >> Might even be a bit simpler ;-) > > Ah, cool. However, as the gpg(1) manual states, > --gen-random removes precious entropy from your system. I took that for a joke. Someone should put a ;-) in the doc. > It might be worth adding to that note, > that regenerating entropy isn't that big of a deal. > Something along the > lines of: > > $ du / > /dev/null > > Should be sufficient, by causing a lot of disk interrupts. > Just a thought. > > -- > . o . o . o . . o o . . . o . > . . o . o o o . o . o o . . o > o o o . o . . o o o o . o o o Discarded Acronyms: Wake On Packet: WOP. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTidU5h47apzXdID2AQEDSQP+NnCN5QjVC67P3Z/H+BnWSO57bHkx9zCn YM8fTJ7walAQAZ0ESfw/fxpKL+9WFertddO6YXOyWMnODIRX8bRf1pvIyFBnJc6C /vGcVEP4WPZJF+Gf9C16zD4MgT1pp0o94UQgsLcSvISB0KFFv9vQZ/RgEDwzSftg 7aVa6y3Hsu8= =UwN+ -----END PGP SIGNATURE----- From brewhaha at freenet.edmonton.ab.ca Thu Jul 21 02:01:23 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Wed, 20 Jul 2011 18:01:23 -0600 Subject: secring and dropbox In-Reply-To: <20110720165535.GD7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> Message-ID: <4E276C53.8000906@freenet.edmonton.ab.ca> -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp owF9Vl1oHFUUThpb6eJSfa7oKYJJcH8msWmTWFISH9otplaptPVF7s7c3bnJzNzp vXey2bZo37QIolKhSBUR/KEovvRFxBeh9lUQf6AgaB8VXwTpW/3OnZ20VTAksDv3 3HO+853vfJM36xNj28YfeWrt8k/u/N/jn+/c0b2/n/dbbtMdnUzGn81oNpiZaQb7 m7MBzQSLc3O0vNqgZWF0Rsd1rrNQ0sBoJxfrtSVC/AkZNehIkeBiw18m4SjYt7h3 fvHJ4NgqPRHMBkGDg49Io1NJK6JI76RYWqLluEGh1kmLDuuB3JCmQcKSiyUB2dTM NKUiK0RSBlsnnLQNajb7MmsakUU6JSNTvSFtGZEbGSpdWJKZMzofUg9laagLQ3Zo nUxbHMd/tFI41BFu0iKFSJKhr5prlbkWdXp8iQYicz7YIlvWp1HJSDjR8Jf9xzIi 1kUSUSw2JMWqH1cIWluFqic+PJMyQp8azYMWj9Li0yCWRqI/Ui3ZanjgZfYt8Ezm KSZB93C3MFYC7WRKmXYkTL9QgOmrKfzabNJ5+rvAYAQaNL7LSIdFCjjCKYw29Mi7 klJtJEcDU55IJxtkizDmgRhpnTZbuSt2Rc9JBkhyMxaF5WwjjEt0ggM7kxH1VBb5 1ARqJWfiPMrSIB5yhz566oQ0mTTTFMbaSjqNmSs3pASS8MOnmVaZMdLcAUL8kcX3 g/68Y2mWekWSVOAgJNQNaA24qCgnd3BEIBMWFsYrRXS1HxAAodGBTJIGkCn0jZEO WFdlz//lradNec8OlEO88sGJCNe5wXKcgsXkaFBR3JWZ7KlQiYSve+og+qHOsFmx psJKWykf4rBS+jwkokhxTb8JFMskJ1YKyK7XjvI2UTokq/qZcAUYpi4kvU6AFXNz eT9vpyqVkEJXhhiUpONxkUXSdJWJeBSpjlRvyLCRx8lNV40WKuK0tnpestqhUEBa DPfu5FbjRKR4zJnQBjWtYIixc/liuy3DrCW6rVC0XwZAkBOLNqLaOU+nlWd9ju3Q GjiCWGVEM7R3b0BBEFB3iM2nqfkg2NyHr88fWpn27cFGfJ1mppvCQGX3mgN8DBk4 wVJZxIgBlxAJsEYq4i3hNIQBYFCe8ExjgSH3vhFpvQZeemCarU9lJJXfIRzlkAj2 gzvmPFi/ei3XkJqoTr0+RnlHIRCQp9SXdAPdoGoe3MSAnQ/682PAInrZdSpnkZno JpCgsuuUS4PksMYQYVhf3ivrZYuIAfYNwv1XOi9ibufe61TdhnlIPsBTCDyBS5UF I98G/JGgUwsJQlwSeo3g90HgBbiMQxcbUAdPAj8pQXSjGtSO5Ea7nEa95jVHq/hm xDpqKxMKzjOH+YK4hD0W7bJn5UZ3UX+4xdDWrYFQbgQLu5M5WyoPtIrQFd7JR8Ul r5xDd6R6INIIZWVUr51sVhRFxcjTmIfqbXEP4nptRWNWo5GyP4CmImOHxJ5ZBYYa YFdkitXrJ5az9qUDo2QTvAlgl5u5yJg77HS9xqKeoZm5hUrU1ZoyjC3lTXtqDxkx tKFI7joYYegl7PEZdQGvXhsR36LlO4F86gFVejSyl8jQwaX8C6ry2CJTTBZogzic UXhXgLiKgKxIuxh8OWh4Ab8ZKLeyiHS1ZGVItbbsaiPl+hc9VuB/DWBVR3yNXx2x Q8FYnAFzbIpcTSXC3GkJKF4a/TCaWDMxghUp2Y4hL25aABG3ApNKc8glSXDvmE4U 5M4qT7T2Do3XEcum9drl+8bGt43t2L6N/w0aq+18sPof6avDE7dPvv0L3fz6ypV3 j37b7l/9bWHHR53Tv168tkffHF794OlTV9yF+asPv3jrr9sT1y5ef+zjYwdWvnv/ 1YXXW3tunNt57o0vz17/7Kzb9fPC9gfOvPdQ8db57Tcmxi/c+t1+Ee66dmD3/P7u peHx+cf3b6698meSP/PpJx8+f+GdP3ZP3X7hm+8vPfpc54cf/wE= =f4bV -----END PGP MESSAGE----- From holtzm at cox.net Thu Jul 21 02:38:21 2011 From: holtzm at cox.net (Robert Holtzman) Date: Wed, 20 Jul 2011 17:38:21 -0700 Subject: Where are those stubs.. In-Reply-To: <20110720115654.2f82faa3@scorpio> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> <4E26E97A.9040806@gbenet.com> <20110720115654.2f82faa3@scorpio> Message-ID: <20110721003821.GA15884@cox.net> On Wed, Jul 20, 2011 at 11:56:54AM -0400, Jerry wrote: > On Wed, 20 Jul 2011 15:43:06 +0100 > david at gbenet.com articulated: ..........snip........ > > > Most people have Microsoft on their desktop or laptop without any > > choice. They do not have the freedom of choice. Most people like my > > girlfriend just switch on their laptop or desktop and use it without > > any knowledge that there are alternatives. > > Absolutely, F**ken Bulls**t. You always have a choice. The truth of the > matter is that your girlfriend, or any other individual for that > matter, choose an OS that they can actually just turn on and have it > work without spending days attempting to get simple things like > wireless, printers, etcetera operational. Hell, I use FreeBSD as a > hobbyist OS on two machines and it doesn't even support the wireless > "N" protocol after over 5 years. The list goes on and on. People tend > to use what works best for them. Even more so, they use what works best > in their environment. Never worked for a company that dictated what software everyone used, did you? ..........snip.......... > What you are really trying to enforce is the concept of socialism. What has preferring to do business with ethical companies got to do with socialism or any form of government? > You > don't hate Microsoft, or any other corporation specifically. You are > using this pseudo "business practice" scenario as a smoke screen to > cover up the fact that you are really an anti-capitalist. I'm surprised you didn't invoke the "Liberal Agenda". > You want > software to be free. I have no problem with that as long as it does not > deprive an individual of his due compensation. You usually get what you > pay for. You just alienated the entire FOSS community. -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Thu Jul 21 03:01:23 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 20 Jul 2011 21:01:23 -0400 Subject: Where are those stubs.. In-Reply-To: <20110721003821.GA15884@cox.net> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> <4E26E97A.9040806@gbenet.com> <20110720115654.2f82faa3@scorpio> <20110721003821.GA15884@cox.net> Message-ID: > You just alienated the entire FOSS community. Please don't claim to speak for the entire FOSS community. You don't. No one does: not even RMS, Linus or Jordan Hubbard. Further, a lot of people within the FOSS community are not opposed to proprietary software: for instance, the BSDs. The community has a great deal more diversity of opinion than you think. Please respect those who hold differing views. Wasting time in fratricidal sniping does no one any good. Finally, please take this entire thread elsewhere. This kind of flamefest is off-topic. From brewhaha at freenet.edmonton.ab.ca Thu Jul 21 03:30:16 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Wed, 20 Jul 2011 19:30:16 -0600 Subject: Where are those stubs.. In-Reply-To: <20110721003821.GA15884@cox.net> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> <4E26E97A.9040806@gbenet.com> <20110720115654.2f82faa3@scorpio> <20110721003821.GA15884@cox.net> Message-ID: <4E278128.1010806@freenet.edmonton.ab.ca> On 2011-07-20 6:38 PM, Robert Holtzman wrote: > On Wed, Jul 20, 2011 at 11:56:54AM -0400, Jerry wrote: >> On Wed, 20 Jul 2011 15:43:06 +0100 >> david at gbenet.com articulated: > ..........snip........ >>> Most people have Microsoft on their desktop or laptop without any >>> choice. They do not have the freedom of choice. Most people like my >>> girlfriend just switch on their laptop or desktop and use it without >>> any knowledge that there are alternatives. >> Absolutely, F**ken Bulls**t. You always have a choice. The truth of the >> matter is that your girlfriend, or any other individual for that >> matter, choose an OS that they can actually just turn on and have it >> work without spending days attempting to get simple things like >> wireless, printers, etcetera operational. Hell, I use FreeBSD as a >> hobbyist OS on two machines and it doesn't even support the wireless >> "N" protocol after over 5 years. The list goes on and on. People tend >> to use what works best for them. Even more so, they use what works best >> in their environment. > Never worked for a company that dictated what software everyone used, > did you? > > ..........snip.......... > >> What you are really trying to enforce is the concept of socialism. > What has preferring to do business with ethical companies got to do with > socialism or any form of government? > >> You >> don't hate Microsoft, or any other corporation specifically. You are >> using this pseudo "business practice" scenario as a smoke screen to >> cover up the fact that you are really an anti-capitalist. > I'm surprised you didn't invoke the "Liberal Agenda". > >> You want >> software to be free. I have no problem with that as long as it does not >> deprive an individual of his due compensation. You usually get what you >> pay for. > You just alienated the entire FOSS community. > > Time, trouble, or tickets; you'll get what's paid for. http://ecn.ab.ca/~brewhaha/Sound/Desserts.mp3 (It's not finished. Vocals in it are straight a-cappella.) > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From richard at r-selected.de Thu Jul 21 08:26:58 2011 From: richard at r-selected.de (Richard) Date: Thu, 21 Jul 2011 08:26:58 +0200 Subject: Can version 1.4.11 be configured to use IDEA? In-Reply-To: <4E274C23.6020004@freenet.edmonton.ab.ca> References: <4E24902F.5030609@freenet.edmonton.ab.ca> <4E249FD4.9070603@vulcan.xs4all.nl> <4E24A976.8030103@freenet.edmonton.ab.ca> <4E24B00A.4010303@vulcan.xs4all.nl> <4E24D276.1040306@freenet.edmonton.ab.ca> <83B1D3E9-88C1-4A0D-8F0A-1411C8A9388D@sixdemonbag.org> <4E274C23.6020004@freenet.edmonton.ab.ca> Message-ID: All right, thanks! :) From wk at gnupg.org Thu Jul 21 10:46:08 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Jul 2011 10:46:08 +0200 Subject: gpgsm and OCSP problems In-Reply-To: <201107201857.14041.hka@qbs.com.pl> (Hubert Kario's message of "Wed, 20 Jul 2011 18:57:09 +0200") References: <201107201857.14041.hka@qbs.com.pl> Message-ID: <87livsuilr.fsf@vigenere.g10code.de> Hi, can you please try the attached patch for GnuPG? I checked that it applies against a vanilla 2.0.17 but I have not done any tests. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: x Type: application/octet-stream Size: 8563 bytes Desc: not available URL: From wk at gnupg.org Thu Jul 21 14:58:19 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Jul 2011 14:58:19 +0200 Subject: Where are those stubs.. In-Reply-To: <4E273122.9050807@digitalbrains.com> (Peter Lebbing's message of "Wed, 20 Jul 2011 21:48:50 +0200") References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <4E273122.9050807@digitalbrains.com> Message-ID: <87vcuvu6xg.fsf@vigenere.g10code.de> On Wed, 20 Jul 2011 21:48, peter at digitalbrains.com said: > AFAIK, you need to get the public key imported in GnuPG before you do > --card-status. So you first download your own public key from a keyserver or a > website or a USB stick, you don't get it from the smartcard. Only when GnuPG > already has the public key, will it create the secret key stubs when it sees > your smartcard. Right. This is also the reason why we have the URL field on the card. For example on my card: URL of public key : finger:wk at g10code.com Now if I run "gpg --card-edit" I just need to enter "fetch" and gpg will fetch the key from that URL. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From lists at chrispoole.com Thu Jul 21 15:51:42 2011 From: lists at chrispoole.com (Chris Poole) Date: Thu, 21 Jul 2011 14:51:42 +0100 Subject: gpg-agent automatically use passphrase for signing subkey? Message-ID: Hi I have a program which encrypts and signs files; I supply the same key ID for both operations, the 'primary ID'. My key actually consists of the main key and two subkeys, for encryption and signing. I'm using gpg-agent to cache my passphrase. I get asked for my passphrase (pinentry screen) once for the encryption key, and then again, for the signing key. Can I instruct the agent to give the passphrase for any subkey? Given that they're both subkeys, the passphrases are the same. Thanks Chris Poole [PGP BAD246F9] From aaron.toponce at gmail.com Thu Jul 21 16:20:09 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 21 Jul 2011 08:20:09 -0600 Subject: secring and dropbox In-Reply-To: <4E276C53.8000906@freenet.edmonton.ab.ca> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> Message-ID: <20110721142009.GG7497@poseidon.cocyt.us> On Wed, Jul 20, 2011 at 06:01:23PM -0600, Jay Litwyn wrote: > -----BEGIN PGP MESSAGE----- > Version: GnuPG v2.0.17 (MingW32) > Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp > > owF9Vl1oHFUUThpb6eJSfa7oKYJJcH8msWmTWFISH9otplaptPVF7s7c3bnJzNzp > vXey2bZo37QIolKhSBUR/KEovvRFxBeh9lUQf6AgaB8VXwTpW/3OnZ20VTAksDv3 > 3HO+853vfJM36xNj28YfeWrt8k/u/N/jn+/c0b2/n/dbbtMdnUzGn81oNpiZaQb7 > m7MBzQSLc3O0vNqgZWF0Rsd1rrNQ0sBoJxfrtSVC/AkZNehIkeBiw18m4SjYt7h3 [snip] Am I the only one who can't decrypt this message? Is there something I'm missing? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From ben at adversary.org Thu Jul 21 16:34:39 2011 From: ben at adversary.org (Ben McGinnes) Date: Fri, 22 Jul 2011 00:34:39 +1000 Subject: secring and dropbox In-Reply-To: <20110721142009.GG7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> Message-ID: <4E2838FF.7070303@adversary.org> On 22/07/11 12:20 AM, Aaron Toponce wrote: > On Wed, Jul 20, 2011 at 06:01:23PM -0600, Jay Litwyn wrote: >> -----BEGIN PGP MESSAGE----- >> Version: GnuPG v2.0.17 (MingW32) >> Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp >> >> owF9Vl1oHFUUThpb6eJSfa7oKYJJcH8msWmTWFISH9otplaptPVF7s7c3bnJzNzp >> vXey2bZo37QIolKhSBUR/KEovvRFxBeh9lUQf6AgaB8VXwTpW/3OnZ20VTAksDv3 >> 3HO+853vfJM36xNj28YfeWrt8k/u/N/jn+/c0b2/n/dbbtMdnUzGn81oNpiZaQb7 >> m7MBzQSLc3O0vNqgZWF0Rsd1rrNQ0sBoJxfrtSVC/AkZNehIkeBiw18m4SjYt7h3 > [snip] > > Am I the only one who can't decrypt this message? Is there something > I'm missing? It wasn't encrypted, it was signed and base64 encoded (gpg -sa). That said, you're almost certainly not the only one who couldn't read it (for the record, I could). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From shavital at mac.com Thu Jul 21 16:42:23 2011 From: shavital at mac.com (Charly Avital) Date: Thu, 21 Jul 2011 10:42:23 -0400 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: References: Message-ID: <4E283ACF.1020600@mac.com> Chris Poole wrote on 7/21/11 2:51:42 PM: > Hi > > I have a program Which version of GnuPG are you running, and where did you download it from, please? Just for information. which encrypts and signs files; I supply the same key > ID for both operations, the 'primary ID'. > > My key actually consists of the main key and two subkeys, for > encryption and signing. This is the information pertaining to the key whose key ID is mentioned in your e-mail: pub 1024D/BAD246F9 created: 2006-03-31 expires: never usage: SC trust: unknown validity: unknown sub 2048D/7ED39759 created: 2010-12-11 expires: never usage: S sub 4096g/E71D7B3E created: 2006-03-31 expires: never usage: E [ unknown] (1). Chris Poole [ unknown] (2) Chris Poole > I'm using gpg-agent to cache my passphrase. > > I get asked for my passphrase (pinentry screen) once for the > encryption key, and then again, for the signing key. You are asked for your passphrase once for *decrypting* an e-mail that has been encrypted using your public key; and then once again to sign an e-mail. In other words, when you need to use your secret key. > Can I instruct the agent to give the passphrase for any subkey? Given > that they're both subkeys, the passphrases are the same. gpg-agent *caches* your passphrase (in encrypted form) for each of the two operations described above. The passphrase remains cached (you are not requested to type it again) for the value in seconds set in ~/.gnupg/gpg-agent.conf - You can edit that file (gpg-agent.conf) with a suitable text editor (like TextEdit that is a part of MacOSX, or with BBEdit light (freeware). Best regards, Charly OSX 10.7 (11A511) MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG2-2.0.17 Shredder 8.0a1 (2011-07-21) Enigmail 1.3a1pre (20110717-1422) From lists at chrispoole.com Thu Jul 21 17:40:17 2011 From: lists at chrispoole.com (Chris Poole) Date: Thu, 21 Jul 2011 16:40:17 +0100 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <4E283ACF.1020600@mac.com> References: <4E283ACF.1020600@mac.com> Message-ID: Perhaps I explained poorly. I'm using gpg 1.4.11, gpg-agent 2.0.17. Is it possible to enter a passphrase using gpg-agent, and have it cached such that it's used whenever I want to use any subkeys from the same main key? Scenario: I sign a file with my signing subkey, and give gpg-agent my passphrase. I then decrypt another file, which has been encrypted using my encryption key, which is a sister subkey to the signing key (i.e., they both have the same parent 'main key'). Is it possible to not be prompted for my passphrase again for this operation? I understand that they're separate keys, so I'm being prompted twice, but they are both belonging to the same primary key: can that passphrase apply to all subkeys when entered for any one? I hope that clarifies what I want to do... Cheers Chris Poole [PGP BAD246F9] From j-001 at ottosson.nu Thu Jul 21 17:55:48 2011 From: j-001 at ottosson.nu (J. Ottosson) Date: Thu, 21 Jul 2011 17:55:48 +0200 Subject: Where are those stubs.. In-Reply-To: <87vcuvu6xg.fsf@vigenere.g10code.de> References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu>, <4E273122.9050807@digitalbrains.com> (Peter Lebbing's message of "Wed, 20 Jul 2011 21:48:50 +0200"), <87vcuvu6xg.fsf@vigenere.g10code.de> Message-ID: <4E284C04.17097.62647E@j-001.ottosson.nu> On 21 Jul 2011 at 14:58, Werner Koch wrote: > On Wed, 20 Jul 2011 21:48, peter at digitalbrains.com said: > > > AFAIK, you need to get the public key imported in GnuPG before you do > > --card-status. So you first download your own public key from a > > keyserver or a website or a USB stick, you don't get it from the > > smartcard. Only when GnuPG already has the public key, will it create > > the secret key stubs when it sees your smartcard. > > Right. This is also the reason why we have the URL field on the card. For > example on my card: > > URL of public key : finger:wk at g10code.com > > Now if I run "gpg --card-edit" I just need to enter "fetch" and gpg will > fetch the key from that URL. Thank you both for that piece of info, it was the missing information I think. In a real world scenario this wouldn't be an issue (and hardly noticed) but in this case I was testing this specifically and only, and didn't see any notice of the pubkey having to be imported first; I'm unsure if those pieces of information have been put together earlier in the replies I've read. Thanks. /J > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > From shavital at mac.com Thu Jul 21 18:30:27 2011 From: shavital at mac.com (Charly Avital) Date: Thu, 21 Jul 2011 12:30:27 -0400 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: References: <4E283ACF.1020600@mac.com> Message-ID: <4E285423.60702@mac.com> Chris Poole wrote on 7/21/11 4:40:17 PM: > Perhaps I explained poorly. You explained very clearly. > I'm using gpg 1.4.11, gpg-agent 2.0.17. You can have, as I do, both 1.4.11 and 2.0.17 installed side by side in the same system. You can use either one, as set in the path of your e=mail application. You are using a @gmail.com based user ID, and the raw source of your e-mail does not display which MUA you are using. I am using Shredder, which is a trunk release of Thunderbird, where the path, as displayed in OpenPGP/Preferences, is /usr/local/MacGPG2/bin/gpg2. Thus I am using gpg2, in this case MacGPG2-2.0.17-9 If instead I had set /usr/local/MacGPG2/bin/gpg , I would be using gpg, that would be gpg 1.4.11 If you are using Apple's Mail application (under 10.6.8), it will chose gpg2 by default. Under Lion, the Mailbundle for Apple's Mail application does not work, it is being rewritten by a group of developers. > > Is it possible to enter a passphrase using gpg-agent, and have it cached such > that it's used whenever I want to use any subkeys from the same main key? > > Scenario: > > I sign a file with my signing subkey, and give gpg-agent my passphrase. > > I then decrypt another file, which has been encrypted using my encryption key, > which is a sister subkey to the signing key (i.e., they both have the same > parent 'main key'). Is it possible to not be prompted for my passphrase again > for this operation? > > I understand that they're separate keys, so I'm being prompted twice, but they > are both belonging to the same primary key: can that passphrase apply to all > subkeys when entered for any one? > > I hope that clarifies what I want to do... Maybe *I* wasn't clear enough. gpg-agent "goes" by *actions*: decrypt, or sign. gpg-agent is invoked whenever you use your secret key, either for decrypting or for signing. As far as gpg-agent is concerned, those are two different *actions*. When your passphrase has been cached for each of those *actions*, it will remain in gpg-agent's "memory" for the duration of the cache set in your home directory ~/.gnupg/gpg-agent.conf Charly From email at sven-radde.de Thu Jul 21 17:30:43 2011 From: email at sven-radde.de (Sven Radde) Date: Thu, 21 Jul 2011 17:30:43 +0200 Subject: secring and dropbox In-Reply-To: <20110721142009.GG7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> Message-ID: <4E284623.10500@sven-radde.de> Hi! Am 20:59, schrieb Aaron Toponce: > [snip] > > Am I the only one who can't decrypt this message? Is there something I'm > missing? I *could* decode it, but since I'm reading the list in "digest" and "MIME" mode (i.e., I get one combined email for every 10 postings and each posting is a separate MIME attachment), I would have to specifically open such a particular mail attachment and hit "decrypt/verify" in Enigmail. I don't do that. cu, Sven From holtzm at cox.net Thu Jul 21 20:28:58 2011 From: holtzm at cox.net (Robert Holtzman) Date: Thu, 21 Jul 2011 11:28:58 -0700 Subject: Where are those stubs.. In-Reply-To: References: <4E24BFB5.12687.D8DB985@j-001.ottosson.nu> <20110720012551.GA12759@cox.net> <021FAABD-8CEC-4B5F-AD5D-665E31EFACFF@sixdemonbag.org> <1751996707-1311144374-cardhu_decombobulator_blackberry.rim.net-2040572897-@b1.c27.bise6.blackberry> <4E269EBE.7070805@gbenet.com> <20110720083734.6f31882a@scorpio> <4E26E97A.9040806@gbenet.com> <20110720115654.2f82faa3@scorpio> <20110721003821.GA15884@cox.net> Message-ID: <20110721182858.GA17739@cox.net> On Wed, Jul 20, 2011 at 09:01:23PM -0400, Robert J. Hansen wrote: > > You just alienated the entire FOSS community. > > Please don't claim to speak for the entire FOSS community. You don't. No one does: not even RMS, Linus or Jordan Hubbard. I don't presume to. It was a deliberate exaggeration and I'm not going to get into a pissing match about methods of expression. -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Fri Jul 22 01:17:27 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 21 Jul 2011 17:17:27 -0600 Subject: secring and dropbox In-Reply-To: <20110721231525.GH7497@poseidon.cocyt.us> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> <4E2838FF.7070303@adversary.org> <20110721231525.GH7497@poseidon.cocyt.us> Message-ID: <20110721231727.GI7497@poseidon.cocyt.us> On Thu, Jul 21, 2011 at 05:15:25PM -0600, Aaron Toponce wrote: > So, it appears I'm missing some configuration in Mutt then, as it remains > as the PGP message without any attempt to get to the plain text. Also, how > do you get the plain text? I can verify the signature, but can't seem to > get the text out of the signature. Nevermind. I can do it manually, but I'm not sure what I'm missing with Mutt. Any Mutt users here that can help me out? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Fri Jul 22 01:15:25 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 21 Jul 2011 17:15:25 -0600 Subject: secring and dropbox In-Reply-To: <4E2838FF.7070303@adversary.org> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> <4E2838FF.7070303@adversary.org> Message-ID: <20110721231525.GH7497@poseidon.cocyt.us> On Fri, Jul 22, 2011 at 12:34:39AM +1000, Ben McGinnes wrote: > On 22/07/11 12:20 AM, Aaron Toponce wrote: > > On Wed, Jul 20, 2011 at 06:01:23PM -0600, Jay Litwyn wrote: > >> -----BEGIN PGP MESSAGE----- > >> Version: GnuPG v2.0.17 (MingW32) > >> Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp > >> > >> owF9Vl1oHFUUThpb6eJSfa7oKYJJcH8msWmTWFISH9otplaptPVF7s7c3bnJzNzp > >> vXey2bZo37QIolKhSBUR/KEovvRFxBeh9lUQf6AgaB8VXwTpW/3OnZ20VTAksDv3 > >> 3HO+853vfJM36xNj28YfeWrt8k/u/N/jn+/c0b2/n/dbbtMdnUzGn81oNpiZaQb7 > >> m7MBzQSLc3O0vNqgZWF0Rsd1rrNQ0sBoJxfrtSVC/AkZNehIkeBiw18m4SjYt7h3 > > [snip] > > > > Am I the only one who can't decrypt this message? Is there something > > I'm missing? > > It wasn't encrypted, it was signed and base64 encoded (gpg -sa). That > said, you're almost certainly not the only one who couldn't read it > (for the record, I could). So, it appears I'm missing some configuration in Mutt then, as it remains as the PGP message without any attempt to get to the plain text. Also, how do you get the plain text? I can verify the signature, but can't seem to get the text out of the signature. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From remco at webconquest.com Fri Jul 22 08:08:27 2011 From: remco at webconquest.com (Remco Rijnders) Date: Fri, 22 Jul 2011 08:08:27 +0200 Subject: secring and dropbox In-Reply-To: <20110721231727.GI7497@poseidon.cocyt.us> References: <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> <4E2838FF.7070303@adversary.org> <20110721231525.GH7497@poseidon.cocyt.us> <20110721231727.GI7497@poseidon.cocyt.us> Message-ID: On Thu, Jul 21, 2011 at 05:17:27PM -0600, Aaron Toponce wrote: >On Thu, Jul 21, 2011 at 05:15:25PM -0600, Aaron Toponce wrote: >> So, it appears I'm missing some configuration in Mutt then, as it remains >> as the PGP message without any attempt to get to the plain text. Also, how >> do you get the plain text? I can verify the signature, but can't seem to >> get the text out of the signature. > >Nevermind. I can do it manually, but I'm not sure what I'm missing with >Mutt. Any Mutt users here that can help me out? Hi Aaron, For me, the following does the trick: When viewing the message enter P It will prompt you for a password, just hit enter. These two steps made the message readable for me in mutt. Cheers, Remco -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Fri Jul 22 08:34:59 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 22 Jul 2011 00:34:59 -0600 Subject: secring and dropbox In-Reply-To: <4E276C53.8000906@freenet.edmonton.ab.ca> References: <4E261EC8.4060303@gmail.com> <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> Message-ID: <20110722063459.GA15201@poseidon.cocyt.us> On Wed, Jul 20, 2011 at 06:01:23PM -0600, Jay Litwyn wrote: > Note: my signatures break without pgp/mime, > because Thunderbird is modifying my text after > it signs my text, and I can't use pgp/mime, > so I am using gpg -sa I have used Thunderbird with GnuPG extensively on Windows, Mac OS X and GNU/Linux, without problem. I prefer PGP/MIME for my signatures, and have never had that problem. So, I'm guessing that you have something going on with your installation that is not standard. Also, it appears your wrapping your lines at 50 characters. Why so short? I can understand 72, so it gives room for nested replies four-deep up to 80 characters, but 50 seems really short. Just curious. > http://ecn.ab.ca/~brewhaha/gpg/prand.png > > I jenerated 1 440 000 bytes (800x600 RGB) with: > gpg --no-armor --gen-random 0 1440000 >prand.raw > I also did it with one. I see no histogram > difference in either graphic, so I did not > post a graphic for one. I did not do > it with two, because gpg was telling me > that I should enable disk performance > counters, while windows was telling me that > disk performance counters are permanently > enabled for all versions beyond 2000. > > All three of them outperform /dev/random > under Mandrake circa 2005 by a long shot, > probably because Mandrake waited for events, > so it actually performed better if I raised > X-windows during the copy from /dev/random > > Both graphics were uncompressible, meaning > that png gets a slight expansion to > 1 441 159 bytes (without the histogram). > > Grayscale histograms were flat in both > of them. A histogram in that graphic reflects > high quality uniformly distributed random > numbers. > > A simple pseudo-random number jenerator > that I wrote on > http://ecn.ab.ca/~brewhaha/Moderation.htm > haz a very similar histogram. Interesting. Additional comment from Werner, or others, on your findings would be welcomed on my end. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From lists at chrispoole.com Fri Jul 22 11:38:39 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 22 Jul 2011 10:38:39 +0100 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <4E285423.60702@mac.com> References: <4E283ACF.1020600@mac.com> <4E285423.60702@mac.com> Message-ID: On Thu, Jul 21, 2011 at 5:30 PM, Charly Avital wrote: > gpg-agent "goes" by *actions*: ?decrypt, or sign. > > gpg-agent is invoked whenever you use your secret key, either for > decrypting or for signing. > > As far as gpg-agent is concerned, those are two different *actions*. > > When your passphrase has been cached for each of those *actions*, it > will remain in gpg-agent's "memory" for the duration of the cache set in > your home directory ~/.gnupg/gpg-agent.conf That's a shame, but thanks. Cheers Chris Poole [PGP BAD246F9] From shavital at mac.com Fri Jul 22 12:57:31 2011 From: shavital at mac.com (Charly Avital) Date: Fri, 22 Jul 2011 06:57:31 -0400 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: References: <4E283ACF.1020600@mac.com> <4E285423.60702@mac.com> Message-ID: <4E29579B.2090401@mac.com> Chris Poole wrote on 7/22/11 10:38:39 AM: > On Thu, Jul 21, 2011 at 5:30 PM, Charly Avital wrote: >> When your passphrase has been cached for each of those *actions*, it >> will remain in gpg-agent's "memory" for the duration of the cache set in >> your home directory ~/.gnupg/gpg-agent.conf > > That's a shame, but thanks. Shame? I find it very convenient. Take care and have a fine week end. Charly From lists at michel-messerschmidt.de Fri Jul 22 21:37:09 2011 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Fri, 22 Jul 2011 21:37:09 +0200 Subject: secring and dropbox In-Reply-To: <20110721231727.GI7497@poseidon.cocyt.us> References: <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> <4E2838FF.7070303@adversary.org> <20110721231525.GH7497@poseidon.cocyt.us> <20110721231727.GI7497@poseidon.cocyt.us> Message-ID: <20110722193709.GA5656@hiro.matrix> On Thu, Jul 21, 2011 at 05:17:27PM -0600, Aaron Toponce wrote: > On Thu, Jul 21, 2011 at 05:15:25PM -0600, Aaron Toponce wrote: > > So, it appears I'm missing some configuration in Mutt then, as it remains > > as the PGP message without any attempt to get to the plain text. Also, how > > do you get the plain text? I can verify the signature, but can't seem to > > get the text out of the signature. > > Nevermind. I can do it manually, but I'm not sure what I'm missing with > Mutt. Any Mutt users here that can help me out? mutt handled the message without error here. In addition to the settings from gpg.rc my .muttrc contains: set pgp_use_gpg_agent = yes set pgp_auto_decode = yes (I use gpg version 2.0.14) From marcio.barbado at gmail.com Sat Jul 23 00:56:42 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Fri, 22 Jul 2011 19:56:42 -0300 Subject: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?] In-Reply-To: <4E14B2CE.4050104@fifthhorseman.net> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B2CE.4050104@fifthhorseman.net> Message-ID: Hello Daniel, sorry for such a delay; this has been a wild JULY. On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor wrote: > On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >> Diffie-Hellman key exchange method with block ciphers. > > Why does this seem unjustifiable to you? ?DH and block ciphers are > widely-reviewed parts of the standard crypto toolkit. ?Do you have > reason to believe they're generally bad? It seems unjustifiable because there exists an option in which secret keys need not to take risks. And if there's any security concern and one's to choose between zero risk and any other positive-value risk, it's reasonable to pick the former. >> As of what I got from your (Robert) explanation plus some preliminary >> conclusions of my studies, making use of asymmetric algos with OpenPGP >> would be more coherent and secure, mathematically. Is it correct? > > Not all of these decisions should be made on purely mathematical > grounds. ?Consider, for example, pidgin's old GPG plugin (i dont know > whether it is still in use or under development) > > It worked by signing and encrypting each message before it was sent, and > decrypting and verifying each response. > > However, IM messages tend to be heavily context-dependent, which makes > them vulnerable to replay attacks. No secret key can ever be intercepted or shared. > For example, how many times have you written on IRC (or whatever IM > network you use) the simple phrase "i agree"? > > If each message is individually signed and verified, it'd be relatively > easy for an attacker to replay your "i agree" in another conversation, > making it look like you agreed to something you hadn't actually agreed > to. ?OTR's stream-based approach ensures that messages are only > authenticated as part of a single, two-party conversation. ?There is no > room for a replay attack. I am obviously considering signing and encrypting. > OTR also is designed so that a third-party (one not involved in the > original communication can't conclusively prove that you wrote > something. ?this is the "off the record" part of OTR. ?It's debatable > how useful this so-called "repudiability" would be in, say, a court of > law; but individually-signed messages clearly do *not* have this kind of > repudiability; anyone in possession of one of these messages can > convince any third party that you did in fact write the message. There is secrecy sharing so maintenance of this repudiability's effectiveness is not entirely up to you. Regards, Marcio Barbado, Jr. From aaron.toponce at gmail.com Sat Jul 23 02:07:02 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 22 Jul 2011 18:07:02 -0600 Subject: secring and dropbox In-Reply-To: <20110722193709.GA5656@hiro.matrix> References: <8739i1wbjz.fsf@vigenere.g10code.de> <20110720153916.GB7497@poseidon.cocyt.us> <20110720165535.GD7497@poseidon.cocyt.us> <4E276C53.8000906@freenet.edmonton.ab.ca> <20110721142009.GG7497@poseidon.cocyt.us> <4E2838FF.7070303@adversary.org> <20110721231525.GH7497@poseidon.cocyt.us> <20110721231727.GI7497@poseidon.cocyt.us> <20110722193709.GA5656@hiro.matrix> Message-ID: <20110723000702.GA9838@poseidon.cocyt.us> On Fri, Jul 22, 2011 at 09:37:09PM +0200, Michel Messerschmidt wrote: > set pgp_auto_decode = yes Perfect! That was the variable I was looking for! Thanks! -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Sat Jul 23 02:17:10 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 22 Jul 2011 18:17:10 -0600 Subject: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?] In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B2CE.4050104@fifthhorseman.net> Message-ID: <20110723001710.GB9838@poseidon.cocyt.us> On Fri, Jul 22, 2011 at 07:56:42PM -0300, Marcio B. Jr. wrote: > Hello Daniel, > sorry for such a delay; this has been a wild JULY. > > > On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor wrote: > > On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: > >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the > >> Diffie-Hellman key exchange method with block ciphers. > > > > Why does this seem unjustifiable to you? ?DH and block ciphers are > > widely-reviewed parts of the standard crypto toolkit. ?Do you have > > reason to believe they're generally bad? > > It seems unjustifiable because there exists an option in which secret > keys need not to take risks. And if there's any security concern and > one's to choose between zero risk and any other positive-value risk, > it's reasonable to pick the former. Are you familiar with the DH key exchange? It doesn't seem that you are. There is no risk in sharing the private key between the two parties. It basically goes like this: Step 1: A generates the private key. Step 2: A encrypts the private key with a one-time session key. Step 3: A sends the encrypted private key to B. Step 4: B encrypts the encrypted private key with his 1-time key. Step 5: B sends the doubly-encrypted private key to A. Step 6: A decrypts what he can with his one-time session key. Step 7: A sends the resulting encrypted key to B. Step 8: B decrypts the private key with his 1-time key. B now has the private key. The one-time session keys are never shared, but stored locally on the machine. Once the DH key exchange finished, the session keys are destroyed. No where in the exchange is there any risk of the private key being compromised. A MITM can grab all the packets he likes. Unless he has one or both session keys, he's not getting the private key. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From kloecker at kde.org Sat Jul 23 16:30:18 2011 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat, 23 Jul 2011 16:30:18 +0200 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <4E29579B.2090401@mac.com> References: <4E29579B.2090401@mac.com> Message-ID: <201107231630.25752@thufir.ingo-kloecker.de> On Friday 22 July 2011, Charly Avital wrote: > Chris Poole > > > wrote on 7/22/11 10:38:39 AM: > > On Thu, Jul 21, 2011 at 5:30 PM, Charly Avital wrote: > >> When your passphrase has been cached for each of those *actions*, > >> it will remain in gpg-agent's "memory" for the duration of the > >> cache set in your home directory ~/.gnupg/gpg-agent.conf > > > > That's a shame, but thanks. > > Shame? > I find it very convenient. You think it's convenient that you have to enter the same passphrase twice, once when you want to sign something and then again when you want to decrypt something? There are surely use cases for this, but for someone like me who is using gpg on a computer (resp. account) nobody else has (physical) access to it's just an annoyance (albeit a minor one). There is already the option --ignore-cache-for-signing (curiously the corresponding option for decryption is missing, i.e. it's not possible to use the cache for signing but not for decryption), so why not add another option like --share-signing-and-decryption-cache? (I guess, if I really wanted this I should provide a patch. :-) ) Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From richard at r-selected.de Sat Jul 23 16:48:52 2011 From: richard at r-selected.de (Richard) Date: Sat, 23 Jul 2011 16:48:52 +0200 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <4E285423.60702@mac.com> References: <4E283ACF.1020600@mac.com> <4E285423.60702@mac.com> Message-ID: As far as I know every subkey holds its own passphrase (per default, they are all identical for a given primary key). This means that passphrase requests are actually not action-based, but key-based. Please correct me if I'm wrong. :) Richard From edmond at systemli.org Sat Jul 23 16:19:57 2011 From: edmond at systemli.org (Edmond) Date: Sat, 23 Jul 2011 16:19:57 +0200 Subject: Primary Key Security, Old DSA Key Message-ID: <4E2AD88D.8070409@systemli.org> Hello everyone, one of my keys (the one I'm signing this message with) was created a while back and uses a 1024 bit DSA primary key. For encryption I'm using a 4096 bit RSA subkey, and for singing a 2048 bit DSA subkey (due to the smaller signature). gpg2 --list-packets for my primary key and the encryption subkey spawns: iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: ... protect count: 96 and for my signing key: iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: ... protect count: 161 The 'protect count' of my signing key is higher as it was created using a relatively new version of GnuPG 2 on a newer CPU. An OpenPGP S2K count of 96 implies 65536 rounds. On my mobile computer, gpg-connect-agent 'getinfo s2k_count' /bye calculates 1102848 rounds; and on my desktop computer the number is almost four times as big. Hence I will soon increase the number of protection rounds to improve my secret key security, or even move those keys to a smartcard. But since AFAIK both 1024 bit DSA and SHA1 hashes are not recommended for use anymore (at least in new systems), I was wondering if I should issue a new primary key. What would you recommend? I have no signatures collected on my primary key (except my own). Since my encryption subkey is using a current algorithm/key length, my enrypted messages should be save regardless of the primary key's security, right? I.e., the worst thing that could happen is that someone issues new subkeys that claim to belong to my primary key when they actually don't. Is that correct? Thanks, Edmond -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 344 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sat Jul 23 18:24:14 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 23 Jul 2011 12:24:14 -0400 Subject: Primary Key Security, Old DSA Key In-Reply-To: <4E2AD88D.8070409@systemli.org> References: <4E2AD88D.8070409@systemli.org> Message-ID: <4E2AF5AE.8060907@sixdemonbag.org> On 7/23/11 10:19 AM, Edmond wrote: > But since AFAIK both 1024 bit DSA and SHA1 hashes are not recommended > for use anymore (at least in new systems), I was wondering if I should > issue a new primary key. This is impossible to answer, since we don't know exactly what threats you're facing. However, it's worth pointing out that you're correct: most of us no longer recommend DSA-1K or SHA-1 *for new systems*. Speaking personally, just for myself, I have not seen any instances where I thought someone who used DSA-1K needed to switch algorithms immediately. It's probably a good idea to migrate to a new certificate *sometime*. If right now is a convenient time for you to do it, then sure, go for it. But there's no rush. With respect to which algorithms to use... use GnuPG's defaults (RSA-2K right now, I believe). You don't need to tweak GnuPG in order to get a very high level of assurance from it. :) > I.e., the worst thing that could happen is that someone > issues new subkeys that claim to belong to my primary key when they > actually don't. Is that correct? Almost. The worst that could happen is someone could issue signatures and pretend they're from you. But if SHA-1 falls that far, well, we're all going to have a whole lot of problems above and beyond just that. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From lists at chrispoole.com Sat Jul 23 18:32:44 2011 From: lists at chrispoole.com (Chris Poole) Date: Sat, 23 Jul 2011 17:32:44 +0100 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <201107231630.25752@thufir.ingo-kloecker.de> References: <4E29579B.2090401@mac.com> <201107231630.25752@thufir.ingo-kloecker.de> Message-ID: 2011/7/23 Ingo Kl?cker : > There is already the option --ignore-cache-for-signing (curiously the > corresponding option for decryption is missing, i.e. it's not possible to use > the cache for signing but not for decryption), so why not add another option > like --share-signing-and-decryption-cache? (I guess, if I really wanted this I > should provide a patch. :-) ) That was precisely my point; if anything, entering the passphrase twice is more of a security risk than storing it for 2 subkeys at the same time (risk of being overlooked, etc.). Cheers Chris Poole [PGP BAD246F9] From marcio.barbado at gmail.com Sat Jul 23 19:04:49 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Sat, 23 Jul 2011 14:04:49 -0300 Subject: Is the OpenPGP model still useful? In-Reply-To: <9f90ae22ddbdf320de745e5899e91bbe@localhost> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> Message-ID: Hello Robert. On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen wrote: >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >> Diffie-Hellman key exchange method with block ciphers. > > Why is this a problem? You know, secrets are shared. 100% increase (at least) in "exposing" risks. Regards, Marcio Barbado, Jr. From rjh at sixdemonbag.org Sat Jul 23 19:16:08 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 23 Jul 2011 13:16:08 -0400 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> Message-ID: <4E2B01D8.10305@sixdemonbag.org> On 7/23/11 1:04 PM, Marcio B. Jr. wrote: > You know, secrets are shared. 100% increase (at least) in "exposing" > risks. I need to see a citation for this. What you're claiming is at odds with everything I've ever learned about how DHKEA operates. From marcio.barbado at gmail.com Sat Jul 23 19:19:53 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Sat, 23 Jul 2011 14:19:53 -0300 Subject: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?] In-Reply-To: <20110723001710.GB9838@poseidon.cocyt.us> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B2CE.4050104@fifthhorseman.net> <20110723001710.GB9838@poseidon.cocyt.us> Message-ID: Hi Aron, you are somewhat arrogant. Please read what I wrote till completion. Regards, On Fri, Jul 22, 2011 at 9:17 PM, Aaron Toponce wrote: > On Fri, Jul 22, 2011 at 07:56:42PM -0300, Marcio B. Jr. wrote: >> Hello Daniel, >> sorry for such a delay; this has been a wild JULY. >> >> >> On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor wrote: >> > On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: >> >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >> >> Diffie-Hellman key exchange method with block ciphers. >> > >> > Why does this seem unjustifiable to you? ?DH and block ciphers are >> > widely-reviewed parts of the standard crypto toolkit. ?Do you have >> > reason to believe they're generally bad? >> >> It seems unjustifiable because there exists an option in which secret >> keys need not to take risks. And if there's any security concern and >> one's to choose between zero risk and any other positive-value risk, >> it's reasonable to pick the former. > > Are you familiar with the DH key exchange? It doesn't seem that you are. > There is no risk in sharing the private key between the two parties. It > basically goes like this: > > Step 1: A generates the private key. > Step 2: A encrypts the private key with a one-time session key. > Step 3: A sends the encrypted private key to B. > Step 4: B encrypts the encrypted private key with his 1-time key. > Step 5: B sends the doubly-encrypted private key to A. > Step 6: A decrypts what he can with his one-time session key. > Step 7: A sends the resulting encrypted key to B. > Step 8: B decrypts the private key with his 1-time key. > > B now has the private key. > > The one-time session keys are never shared, but stored locally on the > machine. Once the DH key exchange finished, the session keys are destroyed. > No where in the exchange is there any risk of the private key being > compromised. A MITM can grab all the packets he likes. Unless he has one or > both session keys, he's not getting the private key. > > -- > . o . ? o . o ? . . o ? o . . ? . o . > . . o ? . o o ? o . o ? . o o ? . . o > o o o ? . o . ? . o o ? o o . ? o o o > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Marcio Barbado, Jr. From dkg at fifthhorseman.net Sat Jul 23 19:21:57 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 23 Jul 2011 19:21:57 +0200 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> Message-ID: <4E2B0335.3030009@fifthhorseman.net> On 07/23/2011 07:04 PM, Marcio B. Jr. wrote: > On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen wrote: >>> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >>> Diffie-Hellman key exchange method with block ciphers. >> >> Why is this a problem? > > You know, secrets are shared. 100% increase (at least) in "exposing" risks. I am struggling with how to respond to your messages since i find them confusing. Are you aware that the purpose of OTR is to allow two parties to communicate confidentially? In a confidential communication, a secret message is sent from party A to party B. The entire purpose is to share the secret between the two parties. They have to share the key to the cipher in order to share the secret. OpenPGP itself uses this sort of symmetric encryption to encrypt messages with a random session key, and only uses asymmetric encryption to encrypt the session key itself. If you research other popular encryption standards (e.g. TLS), you'll find this "hybrid" approach is quite common. If there's a serious downside or risk to it, could you outline the sort of attack you're concerned about? Thanks, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From marcio.barbado at gmail.com Sat Jul 23 20:36:47 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Sat, 23 Jul 2011 15:36:47 -0300 Subject: Is the OpenPGP model still useful? In-Reply-To: <4E2B01D8.10305@sixdemonbag.org> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <4E2B01D8.10305@sixdemonbag.org> Message-ID: Hi Robert. Secrecy sharing constitutes sort of a "symmetric fact" when more than one instance is involved and you ask me for a citation? I resumed this thread in order to clarify whether Kopete's OpenPGP plugin was really superior, compared to the OTR one, and all people say is OTR and its Diffie-Hellman algo are great, but no comparison is ever made because choice depends on threat model. Come on, this is not an academic seminar. It would be simpler to put some hypothetical situation in which you'd choose one of the options, and explain the reason behind that choice. What can I say? My situation is a regular one. Privacy and/or authenticity are needed in varying degrees. Regards, On Sat, Jul 23, 2011 at 2:16 PM, Robert J. Hansen wrote: > On 7/23/11 1:04 PM, Marcio B. Jr. wrote: >> You know, secrets are shared. 100% increase (at least) in "exposing" >> risks. > > I need to see a citation for this. ?What you're claiming is at odds with > everything I've ever learned about how DHKEA operates. > Marcio Barbado, Jr. From rjh at sixdemonbag.org Sat Jul 23 20:43:24 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 23 Jul 2011 14:43:24 -0400 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <4E2B01D8.10305@sixdemonbag.org> Message-ID: <4E2B164C.3010801@sixdemonbag.org> On 7/23/11 2:36 PM, Marcio B. Jr. wrote: > Secrecy sharing constitutes sort of a "symmetric fact" when more than > one instance is involved and you ask me for a citation? Yes. I am quite certain that if, say, Daniel Gillmor were to assert "the Earth is round" and I were to ask him for a citation, he would refer me to Eratosthenes's trigonometric analysis of the angles of sunlight incidence in Syene and Alexandria, and would not find my request to be in the slightest bit unusual. There is no fact, however obvious, which is guaranteed to be obvious to everyone. When people ask for citations for "obvious facts," the only thing it means is it is not obvious to them. The courteous and genteel thing to do is to provide a citation, so that the person in question might learn. What you're saying is at odds with everything I've come to learn about DHKEA. What you're saying is extremely nonobvious to me. Please present a citation for your assertion that DHKEA shares secrets more than another competing protocol. From aaron.toponce at gmail.com Sat Jul 23 20:47:07 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 23 Jul 2011 12:47:07 -0600 Subject: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?] In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <4E14B2CE.4050104@fifthhorseman.net> <20110723001710.GB9838@poseidon.cocyt.us> Message-ID: <20110723184707.GC9838@poseidon.cocyt.us> On Sat, Jul 23, 2011 at 02:19:53PM -0300, Marcio B. Jr. wrote: > Hi Aron, > you are somewhat arrogant. Excuse me? Why do you say that? You stated that during the DH key exchange, there is a risk of losing the private key. Did you not? Of not, please enlighten me. There's no need to be offended. There was no emotion in my reply, and I certainly didn't resort to name calling. > Please read what I wrote till completion. I did. I didn't see any need on replying to the rest of the mail. I only wanted to help you clear up exactly how the DH key exchange works. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From alphazo at gmail.com Sun Jul 24 18:14:26 2011 From: alphazo at gmail.com (Alphazo) Date: Sun, 24 Jul 2011 18:14:26 +0200 Subject: GnuPG2-git now available in ArchLinux Message-ID: Most dependencies required to compile the GIT version of GnuPG2 have now made it to mainstream (libgpg-error, libgcryp...). The only remaining one is libksba.I've already contacted the maintainer for fixing it. I've created an AUR package for both libksba and gnupg-git so people can try out the new exciting ECDSA support without hassle. I use Yaourt as AUR helper so getting and compiling the latest GIT version is easy as: # yaourt libksba-latest # yaourt gnupg2-git Alphazo Links to AUR pages: - gnupg2-git: https://aur.archlinux.org/packages.php?ID=50961 - libksba-latest: https://aur.archlinux.org/packages.php?ID=50960 From wk at gnupg.org Sun Jul 24 20:00:28 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 24 Jul 2011 20:00:28 +0200 Subject: gpg-agent automatically use passphrase for signing subkey? In-Reply-To: <201107231630.25752@thufir.ingo-kloecker.de> ("Ingo =?utf-8?Q?Kl=C3=B6cker=22's?= message of "Sat, 23 Jul 2011 16:30:18 +0200") References: <4E29579B.2090401@mac.com> <201107231630.25752@thufir.ingo-kloecker.de> Message-ID: <87r55fsgn7.fsf@vigenere.g10code.de> On Sat, 23 Jul 2011 16:30, kloecker at kde.org said: > to use the cache for signing but not for decryption), so why not add > another option like --share-signing-and-decryption-cache? (I guess, if I > really wanted this I should provide a patch. :-) ) Actually an option is not even required. When importing a secret key in 2.1 we try to use the same passphrase before assuming they are different. However this requires that we add a bit of extra code - I think it can be done easily but there are more important tasks right now. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gnupg at lists.grepular.com Sun Jul 24 22:14:31 2011 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Sun, 24 Jul 2011 21:14:31 +0100 Subject: How secure are smartcards? Message-ID: <4E2C7D27.6090305@lists.grepular.com> Hi, I just ordered an OpenPGP smartcard from Kernel Concepts as per http://www.g10code.com/p-card.html Does anyone else have one of these? At the moment, my secret key is stored on my hard drive and is encrypted by a long passphrase. When I transfer my subkeys to the smartcard, will they actually be encrypted whilst they're on there? I understand that you have to enter a PIN between 6 and 32 characters in length in order to perform crypto operations on the card via the smartcard interface, but I'm just wondering if somebody with sufficient skills could read the data off the smartcard chipset by looking directly at the circuitry? Are the keys on the smartcard perhaps encrypted with the access PIN? That still wouldn't be perfect, definitely easier to bruteforce than a long passphrase, but it would be better than nothing... -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From hka at qbs.com.pl Sun Jul 24 23:37:07 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Sun, 24 Jul 2011 23:37:07 +0200 Subject: How secure are smartcards? In-Reply-To: <4E2C7D27.6090305@lists.grepular.com> References: <4E2C7D27.6090305@lists.grepular.com> Message-ID: <201107242337.11807.hka@qbs.com.pl> On Sunday 24 of July 2011 22:14:31 Mike Cardwell wrote: > Hi, > > I just ordered an OpenPGP smartcard from Kernel Concepts as per > http://www.g10code.com/p-card.html > > Does anyone else have one of these? > > At the moment, my secret key is stored on my hard drive and is encrypted > by a long passphrase. When I transfer my subkeys to the smartcard, will > they actually be encrypted whilst they're on there? > > I understand that you have to enter a PIN between 6 and 32 characters in > length in order to perform crypto operations on the card via the > smartcard interface, but I'm just wondering if somebody with sufficient > skills could read the data off the smartcard chipset by looking directly > at the circuitry? > > Are the keys on the smartcard perhaps encrypted with the access PIN? > That still wouldn't be perfect, definitely easier to bruteforce than a > long passphrase, but it would be better than nothing... It probably depends on the card's chipset. On the other hand, to connect to chipset memory bus to read it you'd need diamond saws, very good microscopes, lots of cards for trying out the methodology and lots of time to do it. The hardware alone is in the realm of tens of thousand of dollars. Not to mention that you have only one try at it... It's at the point that any real attacker would perform rubber hose cryptanalysis. Even before trying to break the card. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From rjh at sixdemonbag.org Sun Jul 24 23:57:59 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 24 Jul 2011 17:57:59 -0400 Subject: Smartcards and readers Message-ID: <4E2C9567.3090804@sixdemonbag.org> I'm looking into picking up an OpenPGP smartcard and reader for an OS X system. The card itself can be picked up from KernelConcepts, but there seem to be an awful lot of different readers available. If anyone has any *direct experience* (not "I heard from my friend's bowling partner that...") with different readers for OS X systems, I'd love to hear about them. Which ones work well, and which are best avoided? From harningt at gmail.com Mon Jul 25 01:08:57 2011 From: harningt at gmail.com (Thomas Harning Jr.) Date: Sun, 24 Jul 2011 19:08:57 -0400 Subject: Smartcards and readers In-Reply-To: <4E2C9567.3090804@sixdemonbag.org> References: <4E2C9567.3090804@sixdemonbag.org> Message-ID: On Sun, Jul 24, 2011 at 5:57 PM, Robert J. Hansen wrote: > I'm looking into picking up an OpenPGP smartcard and reader for an OS X > system. ?The card itself can be picked up from KernelConcepts, but there > seem to be an awful lot of different readers available. > > If anyone has any *direct experience* (not "I heard from my friend's > bowling partner that...") with different readers for OS X systems, I'd > love to hear about them. ?Which ones work well, and which are best avoided? I've had quite a bit of experience w/ smart card readers (my day job deals with these 50% of the time, the other 50% mixed between software tokens and hardware tokens w/ reader builtin). A great resource for compatibility and warnings is at http://pcsclite.alioth.debian.org/ccid/supported.html I've had great experiences with the "PC Twin Reader" from Gemalto. If using purely OSX and have no access to Windows (for a firmware update), I'd recommend against the SCR331 series in case you happen upon one that does not have the firmware updated to be fully CCID compliant. Note that the SCR331 is sometimes rebranded and has 3rd party firmware which may or may not be fully CCID compliant. One of the easy ways to tell if you have it is the shape of reader (the 'supported' list pictures it) -- Thomas Harning Jr. From kgo at grant-olson.net Mon Jul 25 02:23:08 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 24 Jul 2011 20:23:08 -0400 Subject: Smartcards and readers In-Reply-To: <4E2C9567.3090804@sixdemonbag.org> References: <4E2C9567.3090804@sixdemonbag.org> Message-ID: <4E2CB76C.60600@grant-olson.net> On 7/24/2011 5:57 PM, Robert J. Hansen wrote: > I'm looking into picking up an OpenPGP smartcard and reader for an OS X > system. The card itself can be picked up from KernelConcepts, but there > seem to be an awful lot of different readers available. > > If anyone has any *direct experience* (not "I heard from my friend's > bowling partner that...") with different readers for OS X systems, I'd > love to hear about them. Which ones work well, and which are best avoided? > I've used both an SCR3310 and an SCR3500 without problems on OSX, as well as Windows and Linux. The SCR3500 has a nice form factor if you have a laptop, but I'm always afraid I'm going to accidentally smack it on something and break it. The SCR3310 is nice, but I wish there was a model with a six inch cord. -- Grant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Jul 25 09:14:37 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Jul 2011 09:14:37 +0200 Subject: Smartcards and readers In-Reply-To: <4E2C9567.3090804@sixdemonbag.org> (Robert J. Hansen's message of "Sun, 24 Jul 2011 17:57:59 -0400") References: <4E2C9567.3090804@sixdemonbag.org> Message-ID: <87mxg2sug2.fsf@vigenere.g10code.de> On Sun, 24 Jul 2011 23:57, rjh at sixdemonbag.org said: > If anyone has any *direct experience* (not "I heard from my friend's I use an SCR3310 which I glued to my monitor. In general I would recommend SCM readers because their chip uses TPDU mode and thus we have greater flexibility when it comes to Extended Length APDUs. Further SCM offered me samples and assigned me an application engineer. I have currently none with a pinpad in use, the SPR 532 used to work very well however it has rubber style pinpad which I don't like. Thus I once switched to a KAAN Advanced which is nice from a mechanical POV. The KAAN has problems with 2k keys and the vendor does not like to work with free software projects. Gemalto readers are said to work well and they seem to be a bit cheaper than others. I have a PCMCIA one here but only tested it once. Avoid all readers with an Omnikey chip - they only work under Windows with 2k key cards. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mlisten at hammernoch.net Mon Jul 25 07:54:59 2011 From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Mon, 25 Jul 2011 07:54:59 +0200 Subject: Smartcards and readers In-Reply-To: <4E2C9567.3090804@sixdemonbag.org> References: <4E2C9567.3090804@sixdemonbag.org> Message-ID: <4E2D0533.70409@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Robert, Robert J. Hansen wrote on 24.07.11 23:57: > I'm looking into picking up an OpenPGP smartcard and reader for an OS > X system. The card itself can be picked up from KernelConcepts, but > there seem to be an awful lot of different readers available. > > If anyone has any *direct experience* (not "I heard from my friend's > bowling partner that...") with different readers for OS X systems, > I'd love to hear about them. Which ones work well, and which are > best avoided? I did test a SCM SCR-335 connected to an iMac, there were no problems. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJOLQUrAAoJEA52XAUJWdLjElMH/2p8EvXq8L+MSaZKZgX+hl3v LXhuM/tFNw+eQdakuCkUxgvIigUyPjEBCjFB+8D4XHnO8gzzm/lHpZvNGAX4my8X 9dccNG0OAm7ukU8bsd28PQPeZ8B86i/XSpesVr2OjkjrQz8dZD3m8C+H9OPcxFQb EEFespLO7KbbfgemdCnc5/wGvSNn4ooXOxtCH54albY0ws1EdhOIfi9saifbZlw8 xPf2LeJWdbyHLOOjr/pn01GdalmLyiNerZViDlMJWVcTvJCAnCJRTjStNCjsPG1u zy8IRFLDRA+JNW2uproFC/fnv07+4pweDljfnhA9R6rZkUsepzqr4y+EgarLk/4= =e8KD -----END PGP SIGNATURE----- From gnupg at lists.grepular.com Mon Jul 25 12:21:31 2011 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Mon, 25 Jul 2011 11:21:31 +0100 Subject: How secure are smartcards? In-Reply-To: <4E2D3FCD.70801@enigmail.net> References: <4E2C7D27.6090305@lists.grepular.com> <4E2D3FCD.70801@enigmail.net> Message-ID: <4E2D43AB.2010304@lists.grepular.com> On 25/07/2011 11:05, Olav Seyfarth wrote: >> I just ordered an OpenPGP smartcard from Kernel Concepts as per >> http://www.g10code.com/p-card.html Does anyone else have one of these? > > yes, I use these cards for several years now. This Email is signed by one. > >> At the moment, my secret key is stored on my hard drive and is encrypted by a >> long passphrase. When I transfer my subkeys to the smartcard, will they >> actually be encrypted whilst they're on there? > > The overall security of a crypto system often isn't defined by the strength of > the crypto algo or the possibilities for a forensic analysis of the hardware. > In that sense, it is less important how secure the card itself is (taken that > as Hubert already stated the efforts that need to be taken to scratch info off > the circuit is high opposed to other attack vectors) but how it is used. So I > focus on another security aspect here: > > One key advantage of a card is that the private keys does not need to be > accessible to the computer itself at any time if it is generated on-card. That > way, you know for sure, that *only* you hold the private key as long as you > physically own the card. The knowledge of "that no copy of it has been made" > is important. Yes, I agree that smartcards have several advantages. The major one being that if your laptop is compromised by a trojan or something, even if it has a keylogger installed, your keys can't be stolen. However, it is important to note that if you have a rich/powerful adversary, and the key isn't encrypted on the smart card. Then they can just "read" it off, if they get hold of it. In that circumstance, you *might* actually be more secure leaving the key on your laptop encrypted with a strong pass phrase. It's a judgement call. When I say a rich/powerful adversary, this could include industrial espionage as well as governments. Ideally the key would be encrypted on the smartcard. I haven't found anything specifying that this is the case, so I have to assume it's not. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From olav at enigmail.net Mon Jul 25 12:05:01 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Mon, 25 Jul 2011 12:05:01 +0200 Subject: How secure are smartcards? In-Reply-To: <4E2C7D27.6090305@lists.grepular.com> References: <4E2C7D27.6090305@lists.grepular.com> Message-ID: <4E2D3FCD.70801@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Mike, > I just ordered an OpenPGP smartcard from Kernel Concepts as per > http://www.g10code.com/p-card.html Does anyone else have one of these? yes, I use these cards for several years now. This Email is signed by one. > At the moment, my secret key is stored on my hard drive and is encrypted by a > long passphrase. When I transfer my subkeys to the smartcard, will they > actually be encrypted whilst they're on there? The overall security of a crypto system often isn't defined by the strength of the crypto algo or the possibilities for a forensic analysis of the hardware. In that sense, it is less important how secure the card itself is (taken that as Hubert already stated the efforts that need to be taken to scratch info off the circuit is high opposed to other attack vectors) but how it is used. So I focus on another security aspect here: One key advantage of a card is that the private keys does not need to be accessible to the computer itself at any time if it is generated on-card. That way, you know for sure, that *only* you hold the private key as long as you physically own the card. The knowledge of "that no copy of it has been made" is important. I did so but unfortunately my (old) card broke. So I was busted. To avoid that in the future, I now generated my new key for usage in the card on an offline system (e.g. Live-CD in RAM disk) and copied it on an old small memony card (to allow to easily decrypt by importing the whole key to my keyring after revoking it) which I encrypted differently and physically locked securely. I imported the key to 2 SmartCards while also locking one away as easy backup and another one for daily use. After shutting down the offline system, only the one card is used with computers connected to the net. If this one is lost or stolen, I'd revoke the key (with a rev cert that I also generated separately). Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJOLT/KAAoJEKGX32tq4e9WV48L+gN6bLDexmqjL178/GVmHPH7 GYQ7Uh9/oDhEaVQLR5XNBG/KrunvvfksMYWu4uYhk7l6xJkknp/kk9kzrjLFrutS 36cexAUtvS/+wWrRAdEOqtliH2++G4msewfZHqeRK/yvH/Sy5oSP4HGxeeAtS/dZ cUjO7ah6ZVzQDw89qbju6dpz1yHmDGzxKjxD6QZ/EX+hz1plhVdxElTIIugQ3j9b 89rYeoNHB5nADZI+gfnGumELdHyFwHmXLW20dE/4RN2AjCTI0qOCq8hKCYM23sPD DiGI0s4bTCH6WcPI1sHGFf/Se4QFK2esiAYfCVEI+WeiTkYit0cgqkWRiSD0eDE6 6ptkgxxsxtOlUmizag/VdnzfC+Tw/P8FYAxJ5RzIK5CFJnpxerLURaHSfGee6CN4 DfUeTWl6KDl7/RVxm+MJhid2Z893WsZhXLHDsD++dJur7x/nSzOq8hslwdQ1/DNc QN+5y4oEMJ9yRipfEvaMioZsC0ebxF91BUIUIIe/ww== =H/Np -----END PGP SIGNATURE----- From olav at enigmail.net Mon Jul 25 15:42:50 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Mon, 25 Jul 2011 15:42:50 +0200 Subject: Smartcards and readers In-Reply-To: <4E2C9567.3090804@sixdemonbag.org> References: <4E2C9567.3090804@sixdemonbag.org> Message-ID: <4E2D72DA.5080406@enigmail.net> Hi Robert, I use SCM Microsystems SCR-335 and OMNIKEY CardMan 4040 PCMCIA Readers for years and never had any issues with them using Windows XP, Windows 7 and Ubuntu 10.04 with 1024 and 2048-Bit OpenPGP cards. I have no OS X. My FUJITSU E780 laptop has a built-in O2Micro SmartCardBus Reader which using W7Pro64 can access the card but GnuPG doesn't work well with the driver/hardware so that it sometimes does not do operations as expected. (process waits for something and stalls, can be worked around by pulling the card and re-inserting it). The answer of Fujitsu support/development: "The system Lifebook E780 and the smartcard reader is used by different international customers within global PKI environments (with different smartcards, middleware and applications). So we can exlude the driver and the internal reader itself. The reported issues, subjected to a specific smart card and a specific application seems not to be caused by the FTS hardware itself." I gave up, ordered another PCMCIA reader and disabled the internal one. Olav -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications From wk at gnupg.org Mon Jul 25 17:45:16 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Jul 2011 17:45:16 +0200 Subject: How secure are smartcards? In-Reply-To: <4E2D43AB.2010304@lists.grepular.com> (Mike Cardwell's message of "Mon, 25 Jul 2011 11:21:31 +0100") References: <4E2C7D27.6090305@lists.grepular.com> <4E2D3FCD.70801@enigmail.net> <4E2D43AB.2010304@lists.grepular.com> Message-ID: <87wrf6qs8j.fsf@vigenere.g10code.de> On Mon, 25 Jul 2011 12:21, gnupg at lists.grepular.com said: > adversary, and the key isn't encrypted on the smart card. Then they can > just "read" it off, if they get hold of it. In that circumstance, you That might be true with the v1 card which used a pretty old chip. The v2 card uses a modern chip and card OS and thus the effort to read off the key wouldn't be worth what you will gain from it. As it is not possible to secretly read out the key you will almost always have the opportunity to revoke the key before a damage is possible. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gnupg at lists.grepular.com Mon Jul 25 19:18:29 2011 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Mon, 25 Jul 2011 18:18:29 +0100 Subject: How secure are smartcards? In-Reply-To: <87wrf6qs8j.fsf@vigenere.g10code.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E2D3FCD.70801@enigmail.net> <4E2D43AB.2010304@lists.grepular.com> <87wrf6qs8j.fsf@vigenere.g10code.de> Message-ID: <4E2DA565.4000006@lists.grepular.com> On 25/07/2011 16:45, Werner Koch wrote: >> adversary, and the key isn't encrypted on the smart card. Then they can >> just "read" it off, if they get hold of it. In that circumstance, you > > That might be true with the v1 card which used a pretty old chip. The > v2 card uses a modern chip and card OS and thus the effort to read off > the key wouldn't be worth what you will gain from it. That is reassuring. Although, I'd be happier if I could find a technical description of the feasibility of such an attack. But if one doesn't exist, it doesn't exist. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Jul 25 20:12:42 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Jul 2011 20:12:42 +0200 Subject: How secure are smartcards? In-Reply-To: <4E2DA565.4000006@lists.grepular.com> (Mike Cardwell's message of "Mon, 25 Jul 2011 18:18:29 +0100") References: <4E2C7D27.6090305@lists.grepular.com> <4E2D3FCD.70801@enigmail.net> <4E2D43AB.2010304@lists.grepular.com> <87wrf6qs8j.fsf@vigenere.g10code.de> <4E2DA565.4000006@lists.grepular.com> Message-ID: <87bowiqlet.fsf@vigenere.g10code.de> On Mon, 25 Jul 2011 19:18, gnupg at lists.grepular.com said: > That is reassuring. Although, I'd be happier if I could find a technical > description of the feasibility of such an attack. But if one doesn't For the v1 card you may want to have a look at the flylogic.net blog; they have lots of entries about different chips. There is no specific entry about the v1 card iirc, but I once sent them a few cards and they told me it would be easy to read it out using their equipment. For a general overview on the grade of tamper resistance you may want to start at http://www.cl.cam.ac.uk/research/security/tamper/ . Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From andrewinfosec at gmail.com Tue Jul 26 06:26:01 2011 From: andrewinfosec at gmail.com (fleeb) Date: Mon, 25 Jul 2011 21:26:01 -0700 (PDT) Subject: Why doesn't gpg ask me for my password when decrypting (symmetric encryption)? Message-ID: <32137287.post@talk.nabble.com> When encrypting with --symmetric, I would expect to get asked for the password when decrypting but I am never prompted... why? me$ gpg --symmetric --cipher-algo AES256 -v foo.txt gpg: using cipher AES256 gpg: writing to `foo.txt.gpg' me$ gpg foo.txt.gpg gpg: AES256 encrypted data gpg: encrypted with 1 passphrase File `foo.txt' exists. Overwrite? (y/N) y me$ I'm on OS X 10.7 with gpg (GnuPG/MacGPG2) 2.0.17 -- View this message in context: http://old.nabble.com/Why-doesn%27t-gpg-ask-me-for-my-password-when-decrypting-%28symmetric-encryption%29--tp32137287p32137287.html Sent from the GnuPG - User mailing list archive at Nabble.com. From wk at gnupg.org Tue Jul 26 14:39:07 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Jul 2011 14:39:07 +0200 Subject: Why doesn't gpg ask me for my password when decrypting (symmetric encryption)? In-Reply-To: <32137287.post@talk.nabble.com> (fleeb's message of "Mon, 25 Jul 2011 21:26:01 -0700 (PDT)") References: <32137287.post@talk.nabble.com> Message-ID: <87fwltp66s.fsf@vigenere.g10code.de> On Tue, 26 Jul 2011 06:26, andrewinfosec at gmail.com said: > When encrypting with --symmetric, I would expect to get asked for the > password when decrypting but I am never prompted... why? Run gpgconf --reload gpg-agent before decryption to clear the passphrase cache. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From hka at qbs.com.pl Tue Jul 26 14:41:26 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Tue, 26 Jul 2011 14:41:26 +0200 Subject: How secure are smartcards? In-Reply-To: <87wrf6qs8j.fsf@vigenere.g10code.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E2D43AB.2010304@lists.grepular.com> <87wrf6qs8j.fsf@vigenere.g10code.de> Message-ID: <201107261441.27244.hka@qbs.com.pl> On Monday 25 of July 2011 17:45:16 Werner Koch wrote: > As it is not > possible to secretly read out the key you will almost always have the > opportunity to revoke the key before a damage is possible. The key is also useful for decrypting past communication... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From wk at gnupg.org Tue Jul 26 16:20:10 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Jul 2011 16:20:10 +0200 Subject: How secure are smartcards? In-Reply-To: <201107261441.27244.hka@qbs.com.pl> (Hubert Kario's message of "Tue, 26 Jul 2011 14:41:26 +0200") References: <4E2C7D27.6090305@lists.grepular.com> <4E2D43AB.2010304@lists.grepular.com> <87wrf6qs8j.fsf@vigenere.g10code.de> <201107261441.27244.hka@qbs.com.pl> Message-ID: <87bowhp1id.fsf@vigenere.g10code.de> On Tue, 26 Jul 2011 14:41, hka at qbs.com.pl said: > The key is also useful for decrypting past communication... Well, you should have a backup of the decryption key. It is cheaper to steal that backup than to crack the card. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome at jeromebaum.com Tue Jul 26 17:57:01 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 26 Jul 2011 17:57:01 +0200 Subject: How secure are smartcards? In-Reply-To: <87bowhp1id.fsf@vigenere.g10code.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E2D43AB.2010304@lists.grepular.com> <87wrf6qs8j.fsf@vigenere.g10code.de> <201107261441.27244.hka@qbs.com.pl> <87bowhp1id.fsf@vigenere.g10code.de> Message-ID: Depends where you keep the backup. (Excuse the top post -- Android) (Mobile/Handy) Am 26.07.2011 16:29 schrieb "Werner Koch" : On Tue, 26 Jul 2011 14:41, hka at qbs.com.pl said: > The key is also useful for decrypting past commun... Well, you should have a backup of the decryption key. It is cheaper to steal that backup than to crack the card. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _____________________... -------------- next part -------------- An HTML attachment was scrubbed... URL: From j-001 at ottosson.nu Tue Jul 26 18:07:40 2011 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 26 Jul 2011 18:07:40 +0200 Subject: How secure are smartcards? In-Reply-To: <87bowiqlet.fsf@vigenere.g10code.de> References: <4E2C7D27.6090305@lists.grepular.com>, <4E2DA565.4000006@lists.grepular.com> (Mike Cardwell's message of "Mon, 25 Jul 2011 18:18:29 +0100"), <87bowiqlet.fsf@vigenere.g10code.de> Message-ID: <4E2EE64C.26444.15180B25@j-001.ottosson.nu> On 25 Jul 2011 at 20:12, Werner Koch wrote: > For the v1 card you may want to have a look at the flylogic.net blog; they > have lots of entries about different chips. There is no specific entry > about the v1 card iirc, but I once sent them a few cards and they told me > it would be easy to read it out using their equipment. > > For a general overview on the grade of tamper resistance you may want to > start at http://www.cl.cam.ac.uk/research/security/tamper/ . This subject is interesting and important, there have been deliberate attempts for many years to not tell the whole truth to the public about the security of "smart cards", be they financial type of cards or other. The public is only being told they are "totally secure" and also other info about the (in)security of associated systems are being withheld from the public or actively lied about. Even worse though, as I recall from the time when I worked with IBM crypto processors like 4758 etc, a lot of the people inside the (somewhat introvert) banking community working with security, had no clue and actually believed that DESX was unbreakable and that the PIN system couldn't be tricked or broken and a lot of other things that were not necessarily true. I remember reading Ross Anderson's comments on sci.crypt during the Citibank trials in UK with great interest and remember to this day a quote from him saying something about banking security people digging holes on the subject about PIN security - I found it insanely accurate and dead on, having my own experiences to compare with. I also remember when I organized a live TEMPEST lab session with a swedish military hw supplier, the IT people attending didn't even know what the phenomenon was about.. In the late 1990' there were academic reports being classified as secret in Sweden, that proved a great number of smart cards to be insecure. A number of those were swedish military graded equipment and hence government organizations like FMV (Swedish Defence Materiel Administration) and MUST (Swedish Military Intelligence and Security Service) quickly withdraw the papers from the open market. Only a handful of people outside the military have read those papers I'm told. Today I guess that there's nothing in those papers that the Cambridge people haven't covered..(?) I think that as long as you're in possession of the card the content is safe from any reasonable types of threats imposed by logical access from malware etc, as long as there is no bugs in the on-board OS.. If however it gets stolen by skilled advisaries, one should regard the keys as compromised, generate revocation certificates and new keys. What constitutes skilled advisaries and the likelihood of being targeted by such an organization can always be discussed though. As I understand it after having spoken to some government/military security people in Sweden there is no chip design on the planet that cannot be broken today. And if this isn't enough then its back to random numbers and one time pads I guess. But then.. when is it random enough..? Needless to say though, we should still use smart cards, since it's better than the alternatives, I think. /J > > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From marcio.barbado at gmail.com Tue Jul 26 20:44:49 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Tue, 26 Jul 2011 15:44:49 -0300 Subject: Is the OpenPGP model still useful? In-Reply-To: <4E2B0335.3030009@fifthhorseman.net> References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <4E2B0335.3030009@fifthhorseman.net> Message-ID: Hi Daniel, On Sat, Jul 23, 2011 at 2:21 PM, Daniel Kahn Gillmor wrote: > On 07/23/2011 07:04 PM, Marcio B. Jr. wrote: >> On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen wrote: >>>> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >>>> Diffie-Hellman key exchange method with block ciphers. >>> >>> Why is this a problem? >> >> You know, secrets are shared. 100% increase (at least) in "exposing" risks. > > I am struggling with how to respond to your messages since i find them > confusing. Ok, I am grateful for that struggle. > Are you aware that the purpose of OTR is to allow two parties to > communicate confidentially? Right now, I'm trying to study OTR within some US Fifth Amendment contexts. So I'll answer that in a later time. > OpenPGP itself uses this sort of symmetric encryption to encrypt > messages with a random session key, and only uses asymmetric encryption > to encrypt the session key itself. So, say, my subkey's public part encrypts some session key, not the message itself? Regards, Marcio Barbado, Jr. From rjh at sixdemonbag.org Wed Jul 27 03:43:28 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 26 Jul 2011 21:43:28 -0400 Subject: Is the OpenPGP model still useful? In-Reply-To: References: <9B6DEDE3-309A-437E-A373-2166A3EE2951@sixdemonbag.org> <20110428150505.GB4219@rio.matrix> <4DBAB94B.9000600@sixdemonbag.org> <9f90ae22ddbdf320de745e5899e91bbe@localhost> <4E2B0335.3030009@fifthhorseman.net> Message-ID: <4E2F6D40.8070905@sixdemonbag.org> On 7/26/11 2:44 PM, Marcio B. Jr. wrote: >> Are you aware that the purpose of OTR is to allow two parties to >> communicate confidentially? > > Right now, I'm trying to study OTR within some US Fifth Amendment > contexts. So I'll answer that in a later time. It seems to be a straightforward yes or no question. DKG is just asking if you're aware of OTR's purpose. > So, say, my subkey's public part encrypts some session key, not the > message itself? Correct. In fact, even signatures can be viewed this way. Signature being just encryption with the private part of the key, the digest of the message (which is all that's encrypted) can be viewed as analogous to a session key. From wk at gnupg.org Wed Jul 27 10:36:05 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 27 Jul 2011 10:36:05 +0200 Subject: How secure are smartcards? In-Reply-To: <4E2EE64C.26444.15180B25@j-001.ottosson.nu> (J. Ottosson's message of "Tue, 26 Jul 2011 18:07:40 +0200") References: <4E2C7D27.6090305@lists.grepular.com> <4E2DA565.4000006@lists.grepular.com> <87bowiqlet.fsf@vigenere.g10code.de> <4E2EE64C.26444.15180B25@j-001.ottosson.nu> Message-ID: <87wrf4nmru.fsf@vigenere.g10code.de> On Tue, 26 Jul 2011 18:07, j-001 at ottosson.nu said: > Even worse though, as I recall from the time when I worked with IBM crypto > processors like 4758 etc, a lot of the people inside the (somewhat introvert) > banking community working with security, had no clue and actually believed that Part of the problem was that many developers over there had an RPG and COBOL background and were forced to write security software based on a lower system layer they didn't really understood. > as long as there is no bugs in the on-board OS.. If however it gets stolen by > skilled advisaries, one should regard the keys as compromised, generate > revocation certificates and new keys. [As usually it depends on your threat model.] If there is enough money to gain from breaking a card someone will do it. See the French 384 bit RSA cards or master key systems like (old) pay TV cards. With modern personalized cards you can't get enough in return for an individual card break and thus it is easier to use much simpler techniques like faked cameras and keyboards or pinhole cameras. That can be done in batch mode for many cards and it is easy to retrain non-geeky crooks to help setting up such a mafia business. Of course I am talking about mass-market smartcards and not about specialized security systems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From len.cooley at gmail.com Thu Jul 28 04:25:32 2011 From: len.cooley at gmail.com (Len Cooley) Date: Wed, 27 Jul 2011 22:25:32 -0400 Subject: Including public key Message-ID: Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to attach your public key as a sig at the end of an email, such as below? -- My GPG public key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0 mQGiBEZ7KUMRBAD1FiEDDKjhdIc/VL3DloRPC4x89KPm2HttDMhoUexNIa99rMLq1H3bKFUS WCd03ej14PsemcMwMszHZ7Dy5eS8vtP89kXPD7vsPeyIQz2+OaENGZYwh6VTTHR+61LmQAAE asfnbJ9Ny3yniJ8uUJ7m7hmjTANAvY8RS/Nr2o1dvwCg/5UXvPg09F+Qg84ukJfLYI7KCK8E APUE8b/ITc2fyK9euQbXEbfk9vl4Pz4aLqYJvRQim5LUPN/mHSKsQOVYl6Wsmp1G7bpaFnyd f1dSGC+eOK4MmonQEGh5HvTj/iC7OqGAVxR8MJoEQUIQgk0BB6RdkIf325UXpTtY2Aq0BIh4 c10VhsQahvUk0u1b+Ai5tB4+v6Z3BACI1OlF6TzeTvehJDtLp9Zz168kn3KTOfLJ0k5ffntZ PElQiAl+mACccOM6dHwPnclinPmPnhuAfkYYOoNlswMjxBp7Dj3AvTJy9DumO2nTr+RvAR9u zm6QkWX7A+jEI1QruEyO/nz+N8dNsPNNONQDtnfYN0LuiS6LOpMXKZJD8LQhTGVuIENvb2xl eSA8bGVuLmNvb2xleUBnbWFpbC5jb20+iFMEEBECABMFAkZ7KUMJCwkKCAIHAwEEAhkBAAoJ EBcuZqdoD95WA9kAoPvH0xzj2uFHRuFgbto+rPSsiX3mAJwIWJ5OhI3yWFkJa9FTw9ffdvdn oIhZBBARAgAZCQsJCggCBwMBBAIZAQUCTG7oogUJB9Ty3wAKCRAXLmanaA/eVjJwAJ44Sbe/ 3FBKYJV8eQyFD2gDusdE0ACdEafn7CGk8dm1NpJOuQ/XYVH1Duu5Ao0ERnspZhAKAPDz7Dsw idh44I1nAvx+9q45XGSExme9N1nixJHwZ4vmMQaAi3HmAvyqcdaFawqygzr0SOUq+T2Jg2FE tCIWOpflyRP9neOmQ/GLm9DGLHGm7lI/OnUpv5iVVQDLhit8sD9jJbV8oLPkwF+sMyEjYidR P8itjDfTB6TCSsKCDZ4enxQ+ItPkPSPKekZsrg2Gz2DY2WeHngT3pFhyVtGCS5VybUkhgDsh vwi/mzDDc4o/qPNZUhXPmMiqqAUxvxejrWO/W2W2s7n2BOl89DacWHgUm00TxGV+lwTiVmqw s0teO/qBcOlU/WcsCRc/YcAwl5TjbQzvlCCr297O1myyXnh9mEVQzJMSu2fek2i1B6BExKWs P4aYtI82122DQIhAuLJMVo/bmiRlWtNiDPK4oEbbVj6gt6u9mbJeC4a8AgQrAAICCgDEA/Pg XwNjUOuw6yqZdmSuHSG4o9E9q+bJI6YHwk9tlIil6CR2vwIwKkvWpZUvPCDeRepk7y6BlaK+ O0EpXc375E461DCfmE0Q8IF5cIQ5drAnOY7IXEGm8rTSN1/0FKiDTzF/v79ZdogUx1TsvQbm 55xAsnO08QG8eDRsrDCHpK6Q1tGoFjaBIySE/g4nNyNG+z76OXQflW48Tqq/qp7HqgQZSp/z Rx1awlYgxeU3P1IpTlqeMcigaH63ByIzFqlgcQhvKoEFjDvPDtdvOLDqOh4iEN1DTkBbGQs5 YZ2iQV2REz+Iq9pMWH5eCP32RxYdY5bd9qMvbMqwxx73eq+Y+xZW3h59SuS7Wb3EI95szwVq +AoyDRnXSnwBJjRVvwUBF7vZqrjJkruyJClCIB7KAKO1U8AjAc1xTaSp75jFhohGBBgRAgAG BQJGeylmAAoJEBcuZqdoD95WuwoAoO3WHF6VpokEgUYu44NAOv9Epdw0AKD9VNPo7lhwyldb xeJM0SX8GqEvOYhMBBgRAgAMBQJMbujMBQkH1PLmAAoJEBcuZqdoD95WcDUAoLilrOZhbhPK 8PCSboR0puyT40wzAKCOI/EJyk+1NBn0K6Kz5oX7WeEmPA== =249f -----END PGP PUBLIC KEY BLOCK----- From rjh at sixdemonbag.org Thu Jul 28 04:30:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 27 Jul 2011 22:30:06 -0400 Subject: Including public key In-Reply-To: References: Message-ID: <4E30C9AE.5030501@sixdemonbag.org> On 7/27/11 10:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as below? As with most things in life, "it depends." There are almost certainly environments in which doing so makes a lot of sense. Competing standards, such as S/MIME, do something similar to this as a matter of course, so it's not entirely whacked-out. That said, in the OpenPGP community usage like this seems pretty rare. Most people are happy to just use the certificate servers. :) From dshaw at jabberwocky.com Thu Jul 28 04:38:01 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 27 Jul 2011 22:38:01 -0400 Subject: Including public key In-Reply-To: References: Message-ID: <6A17FA6B-1E64-4703-ACAB-E04109801D2F@jabberwocky.com> On Jul 27, 2011, at 10:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as below? It depends on what you're trying to accomplish. In my experience, it's generally felt to be somewhat impolite (just as any 32+ line .sig file would be), especially when a simple link to the keyserver is so easy to include. David From rjh at sixdemonbag.org Thu Jul 28 05:56:08 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 27 Jul 2011 23:56:08 -0400 Subject: Smartcard durability? Message-ID: <4E30DDD8.2060305@sixdemonbag.org> Are there any particular problems the durability of a smartcard, particularly an OpenPGP card? Are there any damage concerns from wallet storage, for instance? From kgo at grant-olson.net Thu Jul 28 08:29:05 2011 From: kgo at grant-olson.net (Grant Olson) Date: Thu, 28 Jul 2011 02:29:05 -0400 Subject: Including public key In-Reply-To: References: Message-ID: <4E3101B1.9070103@grant-olson.net> On 7/27/2011 10:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as below? > Unless you're trying to keep your key 'off the grid' I'd just send the key to the keyservers. Then people who use OpenPGP will retrieve the key based on your email's signature. People who don't care will just ignore your sig, which will be smaller than your full public key. If you are trying to keep the key 'off the grid' then you don't want to include it as a generic signature either. In general, it's best to get the key from a different source than your signed email. If your signature and key are in the same email, an attacker could have forged both. They could in other circumstances as well, but it's less likely for someone to forge both a public key on the keyservers (or your personal website, or your business card, etc), and a signature on a forged email. They need to compromise two lines of defense. -- Grant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Jul 28 11:20:14 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Jul 2011 11:20:14 +0200 Subject: Including public key In-Reply-To: <4E3101B1.9070103@grant-olson.net> (Grant Olson's message of "Thu, 28 Jul 2011 02:29:05 -0400") References: <4E3101B1.9070103@grant-olson.net> Message-ID: <87boweoj75.fsf@vigenere.g10code.de> On Thu, 28 Jul 2011 08:29, kgo at grant-olson.net said: > attacker could have forged both. They could in other circumstances as > well, but it's less likely for someone to forge both a public key on the > keyservers (or your personal website, or your business card, etc), and a > signature on a forged email. They need to compromise two lines of defense. Why? Sending a key to a keyserver is cheap. The validity of the key needs to be established by different means; for example using the WoT. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Jul 28 11:30:45 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Jul 2011 11:30:45 +0200 Subject: Smartcard durability? In-Reply-To: <4E30DDD8.2060305@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 27 Jul 2011 23:56:08 -0400") References: <4E30DDD8.2060305@sixdemonbag.org> Message-ID: <877h72oipm.fsf@vigenere.g10code.de> On Thu, 28 Jul 2011 05:56, rjh at sixdemonbag.org said: > Are there any particular problems the durability of a smartcard, > particularly an OpenPGP card? Are there any damage concerns from wallet It is not different than with any other chip card. If you immerse the card into water only the contacts my corrode. Use an eraser to clean them. If you bend the card to strong the chip may get an microfissure and stop working. I have several chip cards in my purse for may years now without any problems. Granted most money cards still use the magstripe but at least my OpenPGP card and my RFID based season ticket are chip-only cards. As an alternative you may use an ID-000 (GSM card size) card along with an USB reader and put it on your key ring. I had one on mine for at least 4 years and it surived summer, winter, snow and sun without any problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From brewhaha at freenet.edmonton.ab.ca Thu Jul 28 13:00:58 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 05:00:58 -0600 Subject: How secure are smartcards? In-Reply-To: <87wrf4nmru.fsf@vigenere.g10code.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E2DA565.4000006@lists.grepular.com> <87bowiqlet.fsf@vigenere.g10code.de> <4E2EE64C.26444.15180B25@j-001.ottosson.nu> <87wrf4nmru.fsf@vigenere.g10code.de> Message-ID: <4E31416A.5060904@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- In my entry on a related thread, I was thinking that one of the simpler ways to foil attacks on bank cards would be to make a smart card play dumb and accept any old pin (symmetric encryption key for a private key). That would (almost) force attackers to communicate with a bank on every trial, except there *might* be a way for attackers to get the public key for a pair off a card. Since attackers can't read the private key (at least not without frying or bridging key bits), they can't tell that it iz no longer based upon probable primes. The bank would come up with "no such ID", or "BAD signature", and they might be watching for a lot of noise like that. Now, I am thinking that for a card to reveal its public key more than once might actually be a weakness, however interoperable. A bank card does only hav to communicate with one other entity, so I am not sure that this can't be done with symmetric keys throughout. The other way iz to introduce increasing delays for bad PINs. I like my first impulse better, though, forcing attackers to actually use a badly decrypted private key to communicate with a bank. _______ That boy so horny, even the Crack of Dawn ain't safe! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjFBYx47apzXdID2AQFP8wP/eT5sYDOjdgVRbuHOdbc8JkJ/1wG/d6nQ oW1SvdtXQjTnVDNEpcLop11ibTVqiCkddQTWXazso9B1CPwPAGIA+z6ipfFCYCBm DGp09oEZw9BO52Qhb09GwL+ykXxlgHUcx70rTNDlXM/GlusodQEPbkyFCQ+Dow3p +YffVJbfyyU= =Rs2c -----END PGP SIGNATURE----- From brewhaha at freenet.edmonton.ab.ca Thu Jul 28 13:53:41 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 05:53:41 -0600 Subject: Including public key In-Reply-To: References: Message-ID: <4E314DC5.4000507@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-27 8:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as > below? > It depends on the environment of your receiver. Would they be subject to seeing your signature replaced? Do any policies concern the use of cryptography at their workplace or domicile, say in jail or in a country where Blackberry crypto is an issue (India, if I remember correctly)? Do they live in a country that accepted U.S. export restrictions on cryptography (probably Russia)? Is your recipient a public figure (about whom there might be motivation to pull a Murdoch) or an ex convict (about whom there might still be search warrants)? In any of the rejions where cryptography is controlled, it is a better idea (than simply sending a public key with no signatures on it other than yours) to be creative with the hash on your public key; perhaps telephone verification, perhaps you can personally meet someone on the web of trust. While the Physics of public key cryptography are air tight, it depends on signatures on your public key to become robust in the real world. I suspect that you are more likely to get those if you release your key on servers, and sign a lot of stuff that people consider important. Attaching a photo to your public key might help. So might putting a phone number on your public key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjFNvx47apzXdID2AQEWCQQAkWqfrRfQYixNinxHY96rEawOrCcsRcHF aQDSq0knmwOXRggiQFLkb4iixFKV49hnbfbseDVHRv5cefdldJFuyetGhCruINQj yPesb3cNkyvnCBD8yN4YPkmPfGnDu+9EEaYyRqUSUu18S9q944Gm/m6t2q8LlLXh 9ogBDYNJfio= =FbUF -----END PGP SIGNATURE----- From david at systemoverlord.com Thu Jul 28 13:29:49 2011 From: david at systemoverlord.com (David Tomaschik) Date: Thu, 28 Jul 2011 07:29:49 -0400 Subject: Smartcard durability? In-Reply-To: <4E30DDD8.2060305@sixdemonbag.org> References: <4E30DDD8.2060305@sixdemonbag.org> Message-ID: It's a small sample to be sure, but I've been carrying my smartcard in my wallet for several months and it's held up just fine. It has a tiny bit of curvature to it now, but that's only noticeable if you lay it on something flat, and has no impact on its usage. (If it matters any, I carry my wallet in a front pocket -- I know some people sit on theirs which might be a bit worse for it.) David On Wed, Jul 27, 2011 at 11:56 PM, Robert J. Hansen wrote: > Are there any particular problems the durability of a smartcard, > particularly an OpenPGP card? ?Are there any damage concerns from wallet > storage, for instance? > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From expires2011 at ymail.com Thu Jul 28 16:01:28 2011 From: expires2011 at ymail.com (MFPA) Date: Thu, 28 Jul 2011 15:01:28 +0100 Subject: Including public key In-Reply-To: <4E314DC5.4000507@freenet.edmonton.ab.ca> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> Message-ID: <805932759.20110728150128@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 28 July 2011 at 12:53:41 PM, in , Jay Litwyn wrote: > Attaching a photo to your public key might > help. So might putting a phone number on your public > key. I'm not too convinced a photo would help much. I could create a key and include a photo obtained from the internet... A phone number would only help if the person ringing it knew you well enough to recognise your voice on the phone. Even then, somebody could record your voice and use it create an answerphone message... - -- Best regards MFPA mailto:expires2011 at ymail.com A nod is as good as a wink to a blind bat! -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOMWvKnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pxMoEAJC2 t7Ylu9/3rT4ouuvPwD6xG4BG/UoCIAHyBwVf343b946PKbNByD1NIjZjknnzZKkK ER9ajFAxbx7LrT/0Eea1HQ04i74YOFMKnxgbHQ2avBulLWus8pjgEVZcBmEs+sQA /1cavrpZtfnqprJ7kyOdUcNmBUJ8oE90DE9TO3So =Rnur -----END PGP SIGNATURE----- From brewhaha at freenet.edmonton.ab.ca Thu Jul 28 17:22:52 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 09:22:52 -0600 Subject: Including public key In-Reply-To: <805932759.20110728150128@my_localhost> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> Message-ID: <4E317ECC.1060107@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-28 8:01 AM, MFPA wrote: > Hi > > > On Thursday 28 July 2011 at 12:53:41 PM, in > , Jay Litwyn wrote: > >> Attaching a photo to your public key might help. So might putting >> a phone number on your public key. > > I'm not too convinced a photo would help much. I could create a key > and include a photo obtained from the internet... Do not sign my photo until you see me in person, although it would be tricky to fake photo-id production on skype. Photo-id doesn't make very good single frames, but change the angle on television and those chrome things flicker and move... > A phone number would only help if the person ringing it knew you well > enough to recognise your voice on the phone. Even then, somebody > could record your voice and use it create an answerphone message... That is what a signed mp3 in my comment is about, and just in case you do not follow links in message source [comments] very often... http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp (I will never call it a thumbprint or a fingerprint; key hash) Kleopatra won't handle that file...says no data, and gpg will handle it on a command line, making an mp3 out of it. Additionally, you can do a reverse lookup on my phone number and at least see if I am lying about my given and family names, according to a corporation that my library used to verify my identity. My bottom line is that photos and phone numbers do not hurt. _______ Quantum Mechanics do it on fields and in time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjF+yR47apzXdID2AQFtwAP+Lqb7pQJzmkX8rS+vE6zR0VzEZGAFfhre fIC8Y87nms0oZqm3R/524et8uofveIi87qvVZZ+zdY64oku/bgqqnM0kQQhKUHEj pjMwuNE6APiOsNRDiDeEEgx5OPZSk+/THVlKI0JPOAvjEuv/ThAT9aQMm/RBrlyG e2xgTNyjM18= =2bpK -----END PGP SIGNATURE----- From melvincarvalho at gmail.com Thu Jul 28 18:08:16 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Thu, 28 Jul 2011 18:08:16 +0200 Subject: Including public key In-Reply-To: <805932759.20110728150128@my_localhost> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> Message-ID: On 28 July 2011 16:01, MFPA wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Thursday 28 July 2011 at 12:53:41 PM, in > , Jay Litwyn wrote: > >> Attaching a photo to your public key might >> help. So might putting a phone number on your public >> key. > > I'm not too convinced a photo would help much. I could create > a key and include a photo obtained from the internet... > > A phone number would only help if the person ringing it knew you well > enough to recognise your voice on the phone. Even then, somebody could > record your voice and use it create an answerphone message... It's now possible to put a photo, phone number etc on your home page, and also put your public key there. That's what I do. For this I use my OpenPGP key together with some HTML5. It's quite a new system, but supported by the W3C and on it's way to becoming a standard. For more info see the video at: http://webid.info/ > > - -- > Best regards > > MFPA ? ? ? ? ? ? ? ? ? ?mailto:expires2011 at ymail.com > > A nod is as good as a wink to a blind bat! > -----BEGIN PGP SIGNATURE----- > > iQE7BAEBCgClBQJOMWvKnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf > a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC > OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB > MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pxMoEAJC2 > t7Ylu9/3rT4ouuvPwD6xG4BG/UoCIAHyBwVf343b946PKbNByD1NIjZjknnzZKkK > ER9ajFAxbx7LrT/0Eea1HQ04i74YOFMKnxgbHQ2avBulLWus8pjgEVZcBmEs+sQA > /1cavrpZtfnqprJ7kyOdUcNmBUJ8oE90DE9TO3So > =Rnur > -----END PGP SIGNATURE----- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From brewhaha at freenet.edmonton.ab.ca Thu Jul 28 20:15:16 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 12:15:16 -0600 Subject: Including public key In-Reply-To: References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> Message-ID: <4E31A734.2000603@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-28 10:08 AM, Melvin Carvalho wrote: > On 28 July 2011 16:01, MFPA wrote: Hi > > > On Thursday 28 July 2011 at 12:53:41 PM, in > , Jay Litwyn wrote: > >>>> Attaching a photo to your public key might help. So might >>>> putting a phone number on your public key. > > I'm not too convinced a photo would help much. I could create a key > and include a photo obtained from the internet... > > A phone number would only help if the person ringing it knew you > well enough to recognise your voice on the phone. Even then, somebody > could record your voice and use it create an answerphone message... > >> It's now possible to put a photo, phone number etc on your home >> page, and also put your public key there. > >> That's what I do. For this I use my OpenPGP key together with some >> HTML5. The only reason I am not using HTML5, yet, iz because it requires knowing CSS to set link, vlink, and alink colours. What you are talking about only requires HTML 3.2 (which haz been a standard for ten years, and even now there is a portion of internet traffic from I.E.6.), which supports colour in body tags, while HTML5 does not; yet another "standard" that is not backward compatible. Not recognizing a public key from "stamper" is being not backward compatible. A signed photo means a *bit more* than photos on facebook. A signed phone number means a *bit more* than a link to your phone company. That is especially true when three identifiers are linked to the same key, separately, so that you don't need to know all four (voice, name, face, and e-mail address), and so that you can let other people confirm only what they've experienced, az in perhaps they should not feel qualified to sign my given and family names, yet they're confident of my e-mail address. In my case, that iz likely, because I yuuz only screen names on USENET. The bit more is potential for privacy, and insulation against "identity theft". Someone could simply copy your web site and change a few things to steal your identity, at least until you found out and complained to their ISP. That's why "void" appears in my public key. Neither PGP 10, nor gpg were going to allow me to leave my given and family names blank; separate, and yet _linked_ elements of identification. > >> It's quite a new system, but supported by the W3C and on it's way >> to becoming a standard. For more info see the video at: >> http://webid.info/ Like I said, it is more authentic and therefore more useful when pieces of your identity are linked in dijital signatures. It would be a bit tricky to do that with HTML. You could do it with PDF, because there iz a standard for signatures (and probably compound signatures) on PDF. There isn't one for HTML, AFAIK, that doesn't require s/mime or some complicated and little-used piece of HTTPS or HTTPD. _______ Line for Darth Vader in Star Wars to sanitize: "(Exhale, Inhale) Luke, you are my bastard!" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjGnFR47apzXdID2AQEoCwP9EVxC4OeoqZ4wIQvKHwMRezh8ytLQYEo9 pTfbjuE3zwqzge+Aj9U2OjgKSfWq3GFYmQ59QBMNUtaGT2pVP1n3RIFsuYEr+1XY cem6oL0cyMT8X0e198J7sy9bC//TD8NaEkPOW5p1D8YzeFuKOSc2LeHuyCjnU4Ox I+9YK8TtA2s= =q4aO -----END PGP SIGNATURE----- From peter at digitalbrains.com Thu Jul 28 21:46:08 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 28 Jul 2011 21:46:08 +0200 Subject: Including public key In-Reply-To: <4E31A734.2000603@freenet.edmonton.ab.ca> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E31A734.2000603@freenet.edmonton.ab.ca> Message-ID: <4E31BC80.5050401@digitalbrains.com> On 28/07/11 20:15, Jay Litwyn wrote: > In my case, that iz likely, because I yuuz only screen names on USENET. yuuz? That's where I draw the line. This mailing list is for communication, not showing your "1337 skillz". So please communicate in a way where I don't have to read every other sentence twice to get what you are trying to tell us. Peter. PS: At first I wondered if you had an interesting variant of dyslexia :). Perhaps quite the opposite of your intention. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From brewhaha at freenet.edmonton.ab.ca Thu Jul 28 22:26:04 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 14:26:04 -0600 Subject: Including public key In-Reply-To: References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> Message-ID: <4E31C5DC.80900@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-28 10:08 AM, Melvin Carvalho wrote: (...) >> It's quite a new system, but supported by the W3C and on it's way >> to becoming a standard. For more info see the video at: >> http://webid.info/ (...) paypal and your bank are unlikely subscribers to this potential standard. You will notice that neither one allows your browzer to store a password for them. They also time out; expire logins. That's how concerned they are with authenticity; not even someone else from your home. I do not really see how an open login system can *increase* security. However much you use the math, if you are effectively logged into all of the servers you ever used at once, then the openness of your computer (say if it is on, and you head out for soda without logging out) is an authenticity threat. You do not want to explain someone else's actions to admins on wikipedia: You will be lucky if they believe you. _______ I found JESUS! He was in my trunk when I got back from Tijuana. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjHF1x47apzXdID2AQEUNwP/f7/Gwidil0/kuJ+lX4Bc2U9KJe010M+Z NOCWsanisa0D0lzkjZOslnN5t4+UQ+g075RXXpQEQBA/asPhk9gFRiXvn6uA9mRs vTAWWd0xTdHWrR0/hJSyQo7pWqBbREG+n6sDLONh/7qbgbTNXZqjNUvWdAAvuKP9 x+cViAeOWNI= =96R6 -----END PGP SIGNATURE----- From dpmcgee at gmail.com Thu Jul 28 22:49:42 2011 From: dpmcgee at gmail.com (Dan McGee) Date: Thu, 28 Jul 2011 15:49:42 -0500 Subject: Creating a quickly expiring signature Message-ID: I wanted to test behavior of an application with an expired signature, but using `--ask-sig-expire` don't seem to be granular enough. The minimum I can specify is either 1 day, or an absolute date (e.g. 2011-07-29), which is still 8+ hours away for me right now. Am I missing something? Decimal values are not accepted, nor seconds, minutes, or hours. -Dan From dshaw at jabberwocky.com Fri Jul 29 00:04:21 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 28 Jul 2011 18:04:21 -0400 Subject: Creating a quickly expiring signature In-Reply-To: References: Message-ID: On Jul 28, 2011, at 4:49 PM, Dan McGee wrote: > I wanted to test behavior of an application with an expired signature, > but using `--ask-sig-expire` don't seem to be granular enough. The > minimum I can specify is either 1 day, or an absolute date (e.g. > 2011-07-29), which is still 8+ hours away for me right now. Am I > missing something? Decimal values are not accepted, nor seconds, > minutes, or hours. When GPG asks you for the value, enter "seconds=X". You can go down to as low as a single second. David From rjh at sixdemonbag.org Fri Jul 29 00:05:52 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 28 Jul 2011 18:05:52 -0400 Subject: Creating a quickly expiring signature In-Reply-To: References: Message-ID: <4E31DD40.4090803@sixdemonbag.org> On 7/28/11 4:49 PM, Dan McGee wrote: > I wanted to test behavior of an application with an expired signature, > but using `--ask-sig-expire` don't seem to be granular enough. Set your system clock back a year, create a sig that expires in a year, reset your system to the normal time. The simplest solution is usually best. From dpmcgee at gmail.com Fri Jul 29 00:21:38 2011 From: dpmcgee at gmail.com (Dan McGee) Date: Thu, 28 Jul 2011 17:21:38 -0500 Subject: Creating a quickly expiring signature In-Reply-To: References:

Message-ID: On Thu, Jul 28, 2011 at 5:04 PM, David Shaw wrote: > On Jul 28, 2011, at 4:49 PM, Dan McGee wrote: > >> I wanted to test behavior of an application with an expired signature, >> but using `--ask-sig-expire` don't seem to be granular enough. The >> minimum I can specify is either 1 day, or an absolute date (e.g. >> 2011-07-29), which is still 8+ hours away for me right now. Am I >> missing something? Decimal values are not accepted, nor seconds, >> minutes, or hours. > > When GPG asks you for the value, enter "seconds=X". ?You can go down to as low as a single second. Thanks! This worked. Now why isn't this documented anywhere to be found? What other secret helpful options does gpg not advertise? @Robert: while I appreciate your suggestion, I do not find setting my system clock (controlled by NTP) to an invalid time to be even remarkably a valid solution to this problem, especially if I am writing an automated test suite that generates signatures and keys, for example... -Dan From rjh at sixdemonbag.org Fri Jul 29 01:45:52 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 28 Jul 2011 19:45:52 -0400 Subject: Including public key In-Reply-To: <4E31BC80.5050401@digitalbrains.com> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E31A734.2000603@freenet.edmonton.ab.ca> <4E31BC80.5050401@digitalbrains.com> Message-ID: <4E31F4B0.2040009@sixdemonbag.org> On 7/28/11 3:46 PM, Peter Lebbing wrote: > Please communicate in a way where I don't have to > read every other sentence twice to get what you are trying to tell us. I wunder if iu've red the "Plan for xe Impruvment of Ingliy Speling," popyularly atributed to Mark Twain? http://everything2.com/title/A+Plan+for+the+Improvement+of+English+Spelling (In all seriousness, I share in your general concern: but I'm of the opinion a small bit of good humor is always on-topic.) From cryptostick at privacyfoundation.de Fri Jul 29 02:05:21 2011 From: cryptostick at privacyfoundation.de (Crypto Stick) Date: Fri, 29 Jul 2011 08:05:21 +0800 Subject: How secure are smartcards? In-Reply-To: <4E2C7D27.6090305@lists.grepular.com> References: <4E2C7D27.6090305@lists.grepular.com> Message-ID: <4E31F941.9010701@privacyfoundation.de> > At the moment, my secret key is stored on my hard drive and is encrypted > by a long passphrase. When I transfer my subkeys to the smartcard, will > they actually be encrypted whilst they're on there? The very purpose of smartcards is to keep secret keys confidential and secure. This is achieved by physical protection, different layers, puzzling structure etc. This makes it very, very difficult to extract the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I guess the price tag would be around 100.000 Euros. The beauty is that this protection can be provided without the burden for the user to remember a long passphrase, since this is not required to encrypt the keys. From jerome at jeromebaum.com Fri Jul 29 03:45:17 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Fri, 29 Jul 2011 03:45:17 +0200 Subject: How secure are smartcards? In-Reply-To: <4E31F941.9010701@privacyfoundation.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> Message-ID: > The very purpose of smartcards is to keep secret keys confidential and > secure. This is achieved by physical protection, different layers, > puzzling structure etc. This makes it very, very difficult to extract > the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I > guess the price tag would be around 100.000 Euros. Any data on that? (and before you say it, I know you said "guess" and my question was more rhetorical) > The beauty is that this protection can be provided without the burden > for the user to remember a long passphrase, since this is not required > to encrypt the keys. Agree that it's nice, but I don't think that was the intention behind smart cards. The problem with not encrypting the keys is that a read-out is possible -- if the keys are encrypted, the read-out becomes a tad more difficult, depending on the length of the PIN. -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jerome at jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Q: Why is this email five sentences or less? A: http://five.sentenc.es From brewhaha at freenet.edmonton.ab.ca Fri Jul 29 07:03:17 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Thu, 28 Jul 2011 23:03:17 -0600 Subject: How secure are smartcards? In-Reply-To: <4E31F941.9010701@privacyfoundation.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> Message-ID: <4E323F15.7040902@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-28 6:05 PM, Crypto Stick wrote: >> At the moment, my secret key is stored on my hard drive and is >> encrypted by a long passphrase. When I transfer my subkeys to the >> smartcard, will they actually be encrypted whilst they're on >> there? > > The very purpose of smartcards is to keep secret keys confidential > and secure. This is achieved by physical protection, different > layers, puzzling structure etc. This makes it very, very difficult to > extract the keys. For a state-of-the-art smart card like the OpenPGP > Card 2, I guess the price tag would be around 100.000 Euros. > > The beauty is that this protection can be provided without the > burden for the user to remember a long passphrase, since this is not > required to encrypt the keys. You could use random symmetric encryption keys and encrypt them with a short passphrase: Decryption would be two steps. Or, you could disable the command for exporting a private key; import only. Iz GPG in ROM on this card, then? _______ Xerox and Wurlitzer will merj to market reproductive organs. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjI/Eh47apzXdID2AQGM4wP7BD/N5ki544ekkJGuu20qYpqjJhdKmNn2 tQqxY0JYH82SnevQOrRPNfOI+pqM2EuemppItfYbuAG0iI2KqE/aa2Ax/wUL++EA QLy3xuKU8VzxXrSyBm1hqr0FgbA29uxSp/CwHE+TNdgVDEn6aqmq5lZdn+OSqfpR FXIXoYC/0Dc= =icAi -----END PGP SIGNATURE----- From gnupg at lists.grepular.com Fri Jul 29 10:30:20 2011 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Fri, 29 Jul 2011 09:30:20 +0100 Subject: How secure are smartcards? In-Reply-To: References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> Message-ID: <4E326F9C.5050402@lists.grepular.com> On 29/07/2011 02:45, Jerome Baum wrote: >> The very purpose of smartcards is to keep secret keys confidential and >> secure. This is achieved by physical protection, different layers, >> puzzling structure etc. This makes it very, very difficult to extract >> the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I >> guess the price tag would be around 100.000 Euros. > > Any data on that? > > (and before you say it, I know you said "guess" and my question was > more rhetorical) This is where my confidence fades a little. If the key is on my laptop, as long as my laptop hasn't been compromised, the key is secured by math. If it's on a smartcard, I have to trust that when people tell me it's prohibitively expensive, that they are right and up to date, and then I also have to trust that my adversary doesn't have the money/inclination to do it. I'd *expect* lots of organisations to have worked on processes to quickly and "cheaply" pull PGP keys off various brands of smart card, just in case they need to. And I'd expect many of them to not publish their results. >> The beauty is that this protection can be provided without the burden >> for the user to remember a long passphrase, since this is not required >> to encrypt the keys. > > Agree that it's nice, but I don't think that was the intention behind > smart cards. The problem with not encrypting the keys is that a > read-out is possible -- if the keys are encrypted, the read-out > becomes a tad more difficult, depending on the length of the PIN. There is another attack vector here. If someone observes me entering my pin, they can obtain my smart card at a later date and use it to decrypt my files. I am thinking of hard coding *part* of my pin into gpg on my primary system, so I can only be observed typing in part of the pin. Every little helps. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From gnupg at lists.grepular.com Fri Jul 29 10:38:29 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Fri, 29 Jul 2011 09:38:29 +0100 Subject: How secure are smartcards? In-Reply-To: <4E323F15.7040902@freenet.edmonton.ab.ca> References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> <4E323F15.7040902@freenet.edmonton.ab.ca> Message-ID: <4E327185.2040907@lists.grepular.com> On 29/07/2011 06:03, Jay Litwyn wrote: >> The beauty is that this protection can be provided without the >> burden for the user to remember a long passphrase, since this is not >> required to encrypt the keys. > > You could use random symmetric encryption keys and encrypt them with a > short passphrase: Decryption would be two steps. Or, you could disable > the command for exporting a private key; import only. Iz GPG in ROM on > this card, then? The point of these smartcards is that once you write a key to them, it can't be read off. When you want to decrypt or sign some data, GPG sends the data to the smartcard, which does the cryptographic operations it's self, on the card, and then sends the result back. So even if your machine becomes infected by a trojan and has a keylogger installed, the attacker *still* can't get your key. The problem is, even though you can't read the key off using the smartcard interface, if you have the correct machinery, you can potentially physically read the key directly off the chipset. My suggestion is that it would be better if the key is encrypted whilst it sits on the card, using the pin that is needed to talk to it. Then even a physical attack would be impossible (assuming a long/secure pin). -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From richard at r-selected.de Fri Jul 29 11:58:17 2011 From: richard at r-selected.de (Richard) Date: Fri, 29 Jul 2011 11:58:17 +0200 Subject: How secure are smartcards? In-Reply-To: <4E31F941.9010701@privacyfoundation.de> References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> Message-ID: On Fri, Jul 29, 2011 at 02:05, Crypto Stick wrote: > For a state-of-the-art smart card like the OpenPGP Card 2, I > guess the price tag would be around 100.000 Euros 100.000 as a one-time investment for breaking into an unlimited number of OpenPGP smart cards? If I were a government, I would definitely buy such a machinery... While at the same time, German authorities fail to break GnuPG's encryption for private keys, given a dictionary attack doesn't work out. (See http://annalist.noblogs.org/post/2009/01/04/bka-ratespielchen-rund-um-gnupg/ -- but it's written in German). Hence, one has to assume it's safer to use encrypted harddrives for key storage than a smartcard if one wants to protect their data from German authorities, I guess. Richard From wk at gnupg.org Fri Jul 29 13:21:29 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 29 Jul 2011 13:21:29 +0200 Subject: How secure are smartcards? In-Reply-To: (richard@r-selected.de's message of "Fri, 29 Jul 2011 11:58:17 +0200") References: <4E2C7D27.6090305@lists.grepular.com> <4E31F941.9010701@privacyfoundation.de> Message-ID: <8739hpmix2.fsf@vigenere.g10code.de> On Fri, 29 Jul 2011 11:58, richard at r-selected.de said: > 100.000 as a one-time investment for breaking into an unlimited number > of OpenPGP smart cards? If I were a government, I would definitely buy Whatever the number is, it is for each break and you have only a certain probability so successfully read out the key. That is why I wrote "unless a master key scheme is used" - something which is stupid for almost all systems. And well, you need to get your hands on the card first. > Hence, one has to assume it's safer to use encrypted harddrives for > key storage than a smartcard if one wants to protect their data from Nope. It is is easy to write a trojan to send the passphrase key back to an attacker or store it somewhere on the box (e.g. RTC chip, battery charging logic) so you can use it once you get physical control over the box. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From expires2011 at ymail.com Sat Jul 30 02:03:04 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 30 Jul 2011 01:03:04 +0100 Subject: Including public key In-Reply-To: <4E317ECC.1060107@freenet.edmonton.ab.ca> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E317ECC.1060107@freenet.edmonton.ab.ca> Message-ID: <727003711.20110730010304@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 28 July 2011 at 4:22:52 PM, in , Jay Litwyn wrote: > Do not sign my photo until you see me in person, OK, fair enough. If the key has WoT signatures from people I trust to have such a policy. But in the case of the OP's key with only self-signatures, the inclusion of a photo would do nothing to reassure me. > although it would be tricky to fake photo-id production > on skype. Photo-id doesn't make very good single > frames, but change the angle on television and those > chrome things flicker and move... OK, use a TV projector and point your webcam at the screen. >> A phone number would only help if the person ringing >> it knew you well enough to recognise your voice on the >> phone. Even then, somebody could record your voice >> and use it create an answerphone message... > That is what a signed mp3 in my comment is about, Signed with the key, and somebody who knows you could recognise your voice if they play the file. Arguably, "Mallory" could make recordings of your voice and use them to create such a file and sign it with their fake key. > and > just in case you do not follow links in message source > [comments] very often... Like almost never. (-; > http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp > (I will never call it a thumbprint or a fingerprint; key hash) Why not? Using the standard term of "Fingerprint" rather than "Keyprint_Biometric" might lead more people to understand what the file was likely to be. > Additionally, you can do a reverse lookup on my phone > number I could possibly pay somebody with law enforcement connections to do that. > and at least see if I am lying about my given > and family names, according to a corporation that my > library used to verify my identity. Assuming the phone is billed to you personally, and that you gave your real name when setting up the service. I once had a library check on my phone number, by getting out the phone book and finding my surname and address and comparing the number listed to the one I gave them. (That was when I was in my teens and lived with my parents, so the initial would not have matched my first name.) > My bottom line is that photos and phone numbers do not > hurt. Depends on the user's privacy requirements and threat model. - -- Best regards MFPA mailto:expires2011 at ymail.com He's an environmentalist - his arguments are 100% recycled -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOM0o/nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pu50D/j7h o87GES62xpCEYIwqyIMQiiANBXTJg3CLJgwGE6isOxy4mTXMgKqU3l1iESjbe+nk ChsCse1Rs2QaNHOR2lJLzNotfhNRA88Cc5xgM8CK5eh8xSCwLv4012vRctjIHRGm 96EW2xxy/s09rcN+17nzNHbqshbDt05BZEvX5r8S =4Ad6 -----END PGP SIGNATURE----- From expires2011 at ymail.com Sat Jul 30 02:23:07 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 30 Jul 2011 01:23:07 +0100 Subject: Including public key In-Reply-To: <4E31A734.2000603@freenet.edmonton.ab.ca> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E31A734.2000603@freenet.edmonton.ab.ca> Message-ID: <1347087146.20110730012307@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 28 July 2011 at 7:15:16 PM, in , Jay Litwyn wrote: > That's why "void" appears in my public key. Neither PGP > 10, nor gpg were going to allow me to leave my given > and family names blank; separate, and yet _linked_ > elements of identification. GnuPG allows this; I think you need to use --expert and maybe - --allow-freeform-uid. - -- Best regards MFPA mailto:expires2011 at ymail.com It's better to feed one cat than many mice -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOM071nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pFSUD/iSV 2KLH7UVAt7mVX9hL+HyYO7FieYW5vLiDHReKA2SYX07J/3t2pT1h+8ODamd7zX5A QMJh/0nKpPxHeLPJ//V2YekAI9Ik8Qi/kC812BW+XJLZUYN5zBJ+pqsca2K+1ReM bGJiZeUkySNSdzZqjIyG5UALhJuiV/Bg6ZQsYUa+ =zfu2 -----END PGP SIGNATURE----- From brewhaha at freenet.edmonton.ab.ca Sat Jul 30 04:22:12 2011 From: brewhaha at freenet.edmonton.ab.ca (Jay Litwyn) Date: Fri, 29 Jul 2011 20:22:12 -0600 Subject: Including public key In-Reply-To: <727003711.20110730010304@my_localhost> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E317ECC.1060107@freenet.edmonton.ab.ca> <727003711.20110730010304@my_localhost> Message-ID: <4E336AD4.6020004@freenet.edmonton.ab.ca> -----BEGIN PGP SIGNED MESSAGE----- On 2011-07-29 6:03 PM, MFPA wrote: > Hi > > > On Thursday 28 July 2011 at 4:22:52 PM, in > , Jay Litwyn wrote: > > >> Do not sign my photo until you see me in person, > > OK, fair enough. If the key has WoT signatures from people I trust > to have such a policy. But in the case of the OP's key with only > self-signatures, the inclusion of a photo would do nothing to > reassure me. I was just looking at the pgp global directory signing key (the machine that signed my key). About twenty revokation certificates are on it, including prz at mit.edu >> although it would be tricky to fake photo-id production on skype. >> Photo-id doesn't make very good single frames, but change the angle >> on television and those chrome things flicker and move... > > OK, use a TV projector and point your webcam at the screen. I do not hav a webcam, and I do not know why you want me to create feedback. >>> A phone number would only help if the person ringing it knew you >>> well enough to recognise your voice on the phone. Even then, >>> somebody could record your voice and use it create an >>> answerphone message... > >> That is what a signed mp3 in my comment is about, > > Signed with the key, and somebody who knows you could recognise your > voice if they play the file. Arguably, "Mallory" could make > recordings of your voice and use them to create such a file and sign > it with their fake key. Not if she wants any coherence in the tune; not that there is a lot, mind you: It was straight a-cappella. All you can ever do is make a man in the middle attack harder. Live conversation makes it harder. > >> and just in case you do not follow links in message source >> [comments] very often... > > Like almost never. (-; > > >> http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp (I will >> never call it a thumbprint or a fingerprint; key hash) > > Why not? Using the standard term of "Fingerprint" rather than > "Keyprint_Biometric" might lead more people to understand what the > file was likely to be. The picture of a thumb in PGP bugs me. PGP also features a list of words, instead of hexadecimal. It calls *that* a biometric print; not unless you voice it somewhere, and it won't work with GPG, which would need the same dictionary. >> Additionally, you can do a reverse lookup on my phone number > > I could possibly pay somebody with law enforcement connections to do > that. A link is from my phone number on my web site: http://ecn.ab.ca/~brewhaha/ to my snail address if you want. In 1990, if I wanted to do a reverse lookup, I could go to the library. There they had about nine square metres dedicated to phone books in North America (I think that's where they drew the line, anyway). My library also had a reverse directory for Edmonton. By 1996, they were doing the same thing with a computer and disks; much less space, many more search options. Today, I do not hav to go anywhere, my white pages are useless for looking up businesses, and reverse lookup (for this country) iz at: http://www.canada411.ca/ (under other search options) >> and at least see if I am lying about my given and family names, >> according to a corporation that my library used to verify my >> identity. > > Assuming the phone is billed to you personally, and that you gave > your real name when setting up the service. They required my social security number. Nobody is perfect. I am nobody. Therefore, I am perfect. Why would anyone go to such lengths to impersonate me electronically? > I once had a library check on my phone number, by getting out the > phone book and finding my surname and address and comparing the > number listed to the one I gave them. (That was when I was in my > teens and lived with my parents, so the initial would not have > matched my first name.) > > > >> My bottom line is that photos and phone numbers do not hurt. > > Depends on the user's privacy requirements and threat model. "Enerjize", said Kirk, then a pink drummer bunny appeared. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjNqyx47apzXdID2AQGDHwP/Uw+KB6+65nB97iWBgKNAKKS7Fzk5JJ7T PRT5UMShSI+dVOjCSUdxBuiHKVicj6tG+z+vvxbYX01hhX+YZEAZrY15Km0iJ1/0 Qs4SQf1EdvmxASiJoeufy3+KnjlW9fhaXZWi81GQv62fgXZp+4XeQc5A229noWQe 7WT2QNg2Qbw= =Zmq1 -----END PGP SIGNATURE----- From expires2011 at ymail.com Sat Jul 30 19:52:01 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 30 Jul 2011 18:52:01 +0100 Subject: Including public key In-Reply-To: <4E336AD4.6020004@freenet.edmonton.ab.ca> References: <4E314DC5.4000507@freenet.edmonton.ab.ca> <805932759.20110728150128@my_localhost> <4E317ECC.1060107@freenet.edmonton.ab.ca> <727003711.20110730010304@my_localhost> <4E336AD4.6020004@freenet.edmonton.ab.ca> Message-ID: <527110516.20110730185201@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 30 July 2011 at 3:22:12 AM, in , Jay Litwyn wrote: >>> although it would be tricky to fake photo-id >>> production on skype. Photo-id doesn't make very good >>> single frames, but change the angle on television and >>> those chrome things flicker and move... > MFPA wrote: >> OK, use a TV projector and point your webcam at the >> screen. > I do not hav a webcam, and I do not know why you want > me to create feedback. I thought you mentioned using skype for photo-id production and commented about television pictures flickering and moving, depending on angle. My response was to suggest a way the television picture could be used that had no such limitation. Pointing the webcam at a projected TV image instead of at the person using the computer wouldn't create feedback, as far as I know. >> "Mallory" could make recordings of your voice and use >> them to create such a file and sign it with their fake >> key. > Not if she wants any coherence in the tune; not that > there is a lot, mind you: It was straight a-cappella. When I played the file, I was checking what you said rather than how you said it, unaware there would be a tune to listen for. I'm sure somebody with a little skill in audio editing, and a better ear for pitch than I have, could adjust the speed and pitch of each sound to produce a passable end result. > All you can ever do is make a man in the middle attack > harder. Fair enough. > Live conversation makes it harder. Do you mean just real-life face-to-face, or do you include telephones and/or videoconferencing? > The picture of a thumb in PGP bugs me. Yes, giving up finger/thumbprints is linked in my mind to interrogation and incarceration, not to privacy. > PGP also > features a list of words, instead of hexadecimal. It > calls *that* a biometric print; not unless you voice it > somewhere, and it won't work with GPG, which would need > the same dictionary. The word list is there as an additional option to use in PGP, which also uses hexadecimal (or did when I used PGP 8.x). I fail to see how the word "biometric" applies, except as an extension of the metaphor about key digests being fingerprints. The word list is an alternative way of expressing the same information, and the word "biometric" is (loosely) an alternative word for "fingerprint." The word-list might present issues for non-English-speakers, as discussed a decade ago in the thread at http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/017007.html > My > library also had a reverse directory for Edmonton. Reverse directory information is available here only for law enforcement purposes (which is interpreted far too loosely). > They required my social security number. Nobody is > perfect. I am nobody. Therefore, I am perfect. Why > would anyone go to such lengths to impersonate me > electronically? No idea, but anybody asking for my national insurance number would be told to take a hike, unless they needed it to process payroll deductions, pensions, or benefits. They have no other legitimate use for it. - -- Best regards MFPA mailto:expires2011 at ymail.com The truth is rarely pure and never simple -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJONETPnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pZhQD/0PI fVXGWHezqfMNbML6ympxZGb5s70gjxyVoHZcSeQxyYe+nZ3auQTQ7tnVtrKktVP+ mnj/rqPwQjWz7D3e1hPdlnRE38WfCXhuQP3B6Pj5J9euU17cPkFUZK2uQEvkNY4p YhdC3ie4lZCIyoajdrXDpi52N2MyJK656FxK9+Mc =48n6 -----END PGP SIGNATURE-----