From marcio.barbado at gmail.com Sat Oct 1 02:57:42 2011 From: marcio.barbado at gmail.com (Marcio B. Jr.) Date: Fri, 30 Sep 2011 21:57:42 -0300 Subject: kernel.org status: establishing a PGP web of trust Message-ID: http://lwn.net/Articles/461236/ Marcio Barbado, Jr. From rjh at sixdemonbag.org Sat Oct 1 04:11:17 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 30 Sep 2011 22:11:17 -0400 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: References: Message-ID: <4E8676C5.1050205@sixdemonbag.org> On 9/30/2011 8:57 PM, Marcio B. Jr. wrote: > http://lwn.net/Articles/461236/ Before people panic, there are no known weaknesses in DSA. The SHA-1 hash algorithm has some severe problems, but there's nothing in DSA that requires the use of SHA-1: you can replace it with any 160-bit hash. Let's not panic, and let's not migrate away from DSA without good reason. :) Migrate away from SHA-1, sure, but DSA is fine. From aaron.toponce at gmail.com Sat Oct 1 15:01:14 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 01 Oct 2011 07:01:14 -0600 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E870E2F.4060405@gmail.com> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> Message-ID: <4E870F1A.9000300@gmail.com> On 10/01/2011 06:57 AM, Aaron Toponce wrote: > http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ Here's another good link: https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Signature_Algorithm#Sensitivity Having a sufficient amount of paranoia, would keep you from using DSA, I would think. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Sat Oct 1 14:57:19 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 01 Oct 2011 06:57:19 -0600 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E8676C5.1050205@sixdemonbag.org> References: <4E8676C5.1050205@sixdemonbag.org> Message-ID: <4E870E2F.4060405@gmail.com> On 09/30/2011 08:11 PM, Robert J. Hansen wrote: > On 9/30/2011 8:57 PM, Marcio B. Jr. wrote: >> http://lwn.net/Articles/461236/ > > Before people panic, there are no known weaknesses in DSA. I agree, people should not panic. But, people should be aware of the "random k" in DSA signatures: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ Sony fell victim to this very problem with their PS3, because they failed to sufficiently randomize "k". If your RNG sucks (not something GNU/Linux users need to worry about if /dev/random is used), then DSA should not be considered. Thus, the recommendation to use RSA instead, as it doesn't suffer from this. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From sandals at crustytoothpaste.net Sat Oct 1 18:51:25 2011 From: sandals at crustytoothpaste.net (brian m. carlson) Date: Sat, 1 Oct 2011 16:51:25 +0000 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E870F1A.9000300@gmail.com> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> Message-ID: <20111001165124.GA31415@crustytoothpaste.ath.cx> On Sat, Oct 01, 2011 at 07:01:14AM -0600, Aaron Toponce wrote: > Having a sufficient amount of paranoia, would keep you from using DSA, I > would think. I have an RSA key with RSA subkeys, but now that larger DSA keys are generally available, I'd be okay with revolving DSA signing subkeys. As you've pointed out, DSA has the disadvantage that k must always be different, but it also has advantages, one of them being that p, q, and g can be shared among a group of people such that p and q can be *proven* to be prime and generated in a reproducible way. Another one is that DSA signatures are smaller: there are two MPIs stored for each signature, but those MPIs are at most 256 bits long each, while for an RSA signature that was only 512 bits long, the security would be woefully inadequate. Point being, both DSA and RSA have their good and bad points, and if you're fairly confident that you have a good PRNG, such as /dev/urandom, then there's not really much concern about k. After all, you also need a good PRNG for CFB IVs as well, although the consequences aren't as disastrous. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From peter at digitalbrains.com Sat Oct 1 20:45:14 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 01 Oct 2011 20:45:14 +0200 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <20111001165124.GA31415@crustytoothpaste.ath.cx> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> <20111001165124.GA31415@crustytoothpaste.ath.cx> Message-ID: <4E875FBA.1040107@digitalbrains.com> On 01/10/11 18:51, brian m. carlson wrote: > Point being, both DSA and RSA have their good and bad points, and if > you're fairly confident that you have a good PRNG, such as /dev/urandom, > then there's not really much concern about k. After all, you also need > a good PRNG for CFB IVs as well, although the consequences aren't as > disastrous. But you need a good PRNG for generating the session key, which is a lot more important than the CFB IV. But when it comes to signing stuff, not encryption, I suppose you can indeed use RSA without a good PRNG. The Debian OpenSSL debacle, however, rendered every DSA key *used* on such a system useless, whereas RSA was only compromised when the key was *generated* on such a box. Personally, I see it as an advantage of RSA that using it with a poor PRNG doesn't disclose your private key, but it wouldn't stop me from using ECDSA when it is mainstream. Your PRNG simply shouldn't be bad when you do crypto. Obviously software bugs can always happen, and in the specific Debian OpenSSL instance it was worse for DSA, but the next big bug might by chance hurt RSA and leave DSA in the clear. And we have DSA to thank for the fun of Sony's silly mistake! :) Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From rjh at sixdemonbag.org Sat Oct 1 22:46:55 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 01 Oct 2011 16:46:55 -0400 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E870F1A.9000300@gmail.com> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> Message-ID: <4E877C3F.5010208@sixdemonbag.org> On 10/1/2011 9:01 AM, Aaron Toponce wrote: > https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Signature_Algorithm#Sensitivity This is an argument against having a *bad* DSA implementation, in the exact same way you shouldn't use a bad RSA implementation, either. RSA has just as many warnings -- take a look at how many times PKCS has been updated to reflect new understandings of RSA's risks. > Having a sufficient amount of paranoia, would keep you from using DSA, I > would think. That's the same level of paranoia that led to Kurt Goedel starving to death because he was afraid of how everyone around him was trying to poison him. I don't think we should recommend that level of paranoia. From aaron.toponce at gmail.com Sun Oct 2 00:58:42 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 01 Oct 2011 16:58:42 -0600 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E877C3F.5010208@sixdemonbag.org> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> <4E877C3F.5010208@sixdemonbag.org> Message-ID: <4E879B22.9040608@gmail.com> On 10/01/2011 02:46 PM, Robert J. Hansen wrote: > That's the same level of paranoia that led to Kurt Goedel starving to > death because he was afraid of how everyone around him was trying to > poison him. I don't think we should recommend that level of paranoia. That's not a healthy dose of paranoia. A healthy dose of paranoia in that case would be washing your hands before you eat, or not eating something off the floor. Starving yourself, because you think people are tying to poison you is not healthy. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From jerome+person at jeromebaum.com Mon Oct 3 04:53:56 2011 From: jerome+person at jeromebaum.com (Jerome Baum) Date: Mon, 03 Oct 2011 04:53:56 +0200 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E879B22.9040608@gmail.com> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> <4E877C3F.5010208@sixdemonbag.org> <4E879B22.9040608@gmail.com> Message-ID: <4E8923C4.4090305@jeromebaum.com> On 2011-10-02 00:58, Aaron Toponce wrote: > On 10/01/2011 02:46 PM, Robert J. Hansen wrote: > That's not a healthy dose of paranoia. A healthy dose of paranoia in > that case would be washing your hands before you eat, or not eating > something off the floor. Starving yourself, because you think people are > tying to poison you is not healthy. "When his wife was hospitalized, G?del literally starved himself to death, unwilling to eat anything not prepared by her." (http://www.webcitation.org/629GhJ129) What I don't get is, why didn't he just make his own food? -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) From rjh at sixdemonbag.org Mon Oct 3 12:12:12 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 03 Oct 2011 06:12:12 -0400 Subject: kernel.org status: establishing a PGP web of trust In-Reply-To: <4E8923C4.4090305@jeromebaum.com> References: <4E8676C5.1050205@sixdemonbag.org> <4E870E2F.4060405@gmail.com> <4E870F1A.9000300@gmail.com> <4E877C3F.5010208@sixdemonbag.org> <4E879B22.9040608@gmail.com> <4E8923C4.4090305@jeromebaum.com> Message-ID: <4E898A7C.3000005@sixdemonbag.org> On 10/2/2011 10:53 PM, Jerome Baum wrote: > What I don't get is, why didn't he just make his own food? He did, until he ran out of food. Then he was literally too paranoid to leave the house to buy groceries. Clinical paranoia is a brutal mental illness. From pjemen at gmail.com Mon Oct 3 19:49:21 2011 From: pjemen at gmail.com (pet jemen) Date: Mon, 3 Oct 2011 19:49:21 +0200 Subject: Multiple signatures Message-ID: Hi, I want to sign binary data in OpenPGP Message Format. I want sign it by two or more keys. According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is possible. (A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data.) I'd like to use gpg from command-line to sign an input file by two keys. I tried to sign it by: gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < test1 at test1.org>" -o %1.signed --sign %1 gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < test2 at test2.org>" -o %1.signed2 --sign %1.signed But the second signature signed the first one also with the first signature. I need to sign it in way were I can verify signature of signed data by both keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be equal to zero). Any help how to achieve from pgp command line is welcome. Thanks. Pavol Misik -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Mon Oct 3 23:59:59 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 3 Oct 2011 17:59:59 -0400 Subject: Multiple signatures In-Reply-To: References: Message-ID: <47CFC3B6-AA3D-4EF9-9A5C-A26727A5608A@jabberwocky.com> On Oct 3, 2011, at 1:49 PM, pet jemen wrote: > Hi, > > I want to sign binary data in OpenPGP Message Format. > I want sign it by two or more keys. > According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is possible. > (A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data.) > > I'd like to use gpg from command-line to sign an input file by two keys. > I tried to sign it by: > gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) " -o %1.signed --sign %1 > gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) " -o %1.signed2 --sign %1.signed > > But the second signature signed the first one also with the first signature. > I need to sign it in way were I can verify signature of signed data by both keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be equal to zero). Just repeat -u as many times as you need: gpg -u the-first-key -u the-second-key -u the-third-key -u etc --sign thefile David From vedaal at nym.hush.com Tue Oct 4 00:01:10 2011 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 03 Oct 2011 18:01:10 -0400 Subject: rfc 4880 // armor headers and footers Message-ID: <20111003220110.2616EA6E34@smtp.hushmail.com> Rfc 4880 section 6.2 ( http://tools.ietf.org/html/rfc4880#section-6 ) lists the following header as one of the acceptable ones: BEGIN PGP MESSAGE, PART X/Y (It assumes ----- before BEGIN and after Y) GnuPG doesn't recognize this, and gives an error message of: $ gpg /cygdrive/c/hflt3dCH.txt.asc gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: no valid OpenPGP data found. gpg: processing message failed: eof It does this even when the message is a simple unsplit symmetric message, with only the header and footer changed. here is the file: -----BEGIN PGP MESSAGE, PART 1/2----- Version: GnuPG v1.4.11 (Cygwin) Comment: passphrase = sss jA0EAgMIUjoRauj6Ll9gyS0XpeAXFWQEVfkClC8b7e1YDMpyZsXpa+Hm+N8DZMOd 90PmxTwGso5sgWm+TNw= =kYAM -----END PGP MESSAGE, PART 1/2----- (It decrypts as expected when changing the header and footer back to the standard one). This PART X/Y header is used for pgp commandlines 2.x - 6.x (maybe even current pgp, I don't know, lost my copy of 8.x, and only have 2.x and 6.x) when wanting to break up a long armored message and send it out as parts. Have played around with this, and have managed to send out an armored symmetrically encrypted PGP message of a 500mb truecrypt container file using gmail. Disastry's pgp2.x symmetrically encrypted it and split it into 99 parts each of about 110 k lines, and gave a suffix to each part, (.a01 .a02, ... , .ao99), and after copying each into the same folder, successfully restored and decrypted it, with only a simple command: pgp -filename.a01 (After the correct passphrase for the symmetric encryption was given, it concatenated, decrypted, and restored the original truecrypt container.) Nowadays, with larger e-mail storage, and when people don't trust the 'cloud' for file storage, it might be useful to have gnupg sign, encrypt, armor, and split large files, send them through e- mail, and then decrypt, verify and restore them. just a thought for a 'feature request' of being able to split and reconstitute large files... Thanks, vedaal From aaron.toponce at gmail.com Mon Oct 3 23:39:02 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 3 Oct 2011 15:39:02 -0600 Subject: Multiple signatures In-Reply-To: References: Message-ID: <20111003213902.GD29513@poseidon.cocyt.us> On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote: > I want to sign binary data in OpenPGP Message Format. > I want sign it by two or more keys. > According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is > possible. > (A one-octet number holding a flag showing whether the signature is > nested. A zero value indicates that the next packet is another One-Pass > Signature packet that describes another signature to be applied to the same > message data.) > > I'd like to use gpg from command-line to sign an input file by two keys. > I tried to sign it by: > gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < > test1 at test1.org>" -o %1.signed --sign %1 > gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < > test2 at test2.org>" -o %1.signed2 --sign %1.signed > > But the second signature signed the first one also with the first signature. > I need to sign it in way were I can verify signature of signed data by both > keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be > equal to zero). You should use detached signatures: $ gpg -b -u $KEYID1 file.txt > sig1.gpg $ gpg -b -u $KEYID2 file.txt > sig2.gpg At this point, just concatenate the two detached sigs: $ cat sig1.gpg sig2.gpg > signatures.gpg It should be easily verified at this point. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From dougb at dougbarton.us Tue Oct 4 00:11:10 2011 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 03 Oct 2011 15:11:10 -0700 Subject: Multiple signatures In-Reply-To: <20111003213902.GD29513@poseidon.cocyt.us> References: <20111003213902.GD29513@poseidon.cocyt.us> Message-ID: <4E8A32FE.4080700@dougbarton.us> On 10/03/2011 14:39, Aaron Toponce wrote: > On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote: >> I want to sign binary data in OpenPGP Message Format. >> I want sign it by two or more keys. >> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is >> possible. >> (A one-octet number holding a flag showing whether the signature is >> nested. A zero value indicates that the next packet is another One-Pass >> Signature packet that describes another signature to be applied to the same >> message data.) >> >> I'd like to use gpg from command-line to sign an input file by two keys. >> I tried to sign it by: >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < >> test1 at test1.org>" -o %1.signed --sign %1 >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < >> test2 at test2.org>" -o %1.signed2 --sign %1.signed >> >> But the second signature signed the first one also with the first signature. >> I need to sign it in way were I can verify signature of signed data by both >> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be >> equal to zero). > > You should use detached signatures: > > $ gpg -b -u $KEYID1 file.txt > sig1.gpg > $ gpg -b -u $KEYID2 file.txt > sig2.gpg > > At this point, just concatenate the two detached sigs: > > $ cat sig1.gpg sig2.gpg > signatures.gpg Wouldn't it be easier to just use >> :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From aaron.toponce at gmail.com Tue Oct 4 03:36:50 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 3 Oct 2011 19:36:50 -0600 Subject: Multiple signatures In-Reply-To: <4E8A32FE.4080700@dougbarton.us> References: <20111003213902.GD29513@poseidon.cocyt.us> <4E8A32FE.4080700@dougbarton.us> Message-ID: <20111004013650.GE29513@poseidon.cocyt.us> On Mon, Oct 03, 2011 at 03:11:10PM -0700, Doug Barton wrote: > On 10/03/2011 14:39, Aaron Toponce wrote: > > You should use detached signatures: > > > > $ gpg -b -u $KEYID1 file.txt > sig1.gpg > > $ gpg -b -u $KEYID2 file.txt > sig2.gpg > > > > At this point, just concatenate the two detached sigs: > > > > $ cat sig1.gpg sig2.gpg > signatures.gpg > > Wouldn't it be easier to just use >> Ah, yes. Indeed it would be. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From Dave.Smith at st.com Tue Oct 4 11:11:35 2011 From: Dave.Smith at st.com (David Smith) Date: Tue, 4 Oct 2011 10:11:35 +0100 Subject: MS Exchange server corrupting PGP-MIME emails Message-ID: <4E8ACDC7.7090009@st.com> Possibly a bit off-topic, but... Does anyone have any experience of using an MS Exchange server, where it corrupts PGP-MIME emails by re-encoding the encrypted data in base64? If I'm going to complain to our local IT about it, I need some hard evidence about how it's breaking the PGP-MIME RFC. I've attached an example of a mail before and after it's been through exchange - I've put it in a .tgz to stop any modification by mailservers en route. TIA... -------------- next part -------------- A non-text attachment was scrubbed... Name: test.tgz Type: application/octet-stream Size: 4377 bytes Desc: not available URL: From wk at gnupg.org Tue Oct 4 11:29:26 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 04 Oct 2011 11:29:26 +0200 Subject: rfc 4880 // armor headers and footers In-Reply-To: <20111003220110.2616EA6E34@smtp.hushmail.com> (vedaal@nym.hush.com's message of "Mon, 03 Oct 2011 18:01:10 -0400") References: <20111003220110.2616EA6E34@smtp.hushmail.com> Message-ID: <874nzpgl55.fsf@vigenere.g10code.de> On Tue, 4 Oct 2011 00:01, vedaal at nym.hush.com said: > > BEGIN PGP MESSAGE, PART X/Y GnuPG does not support this PART stuff. Neither does it support the Charset armor header. The rationale for not supporting this misfeatures is that it tries to mimic a part of MIME which is more suitable for this task. Further it is not possible to support this because there is no defined order in which the parts will arrive and thus one-pass processing won't work. If you want it, write a tool to re-assemble the parts. I strongly suggest not to use it at all but resort to a proper MUA or a standalone MIME tool. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Tue Oct 4 16:02:19 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 04 Oct 2011 10:02:19 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4E8ACDC7.7090009@st.com> References: <4E8ACDC7.7090009@st.com> Message-ID: <4E8B11EB.8060404@fifthhorseman.net> On 10/04/2011 05:11 AM, David Smith wrote: > Possibly a bit off-topic, but... > > Does anyone have any experience of using an MS Exchange server, where it > corrupts PGP-MIME emails by re-encoding the encrypted data in base64? > > If I'm going to complain to our local IT about it, I need some hard > evidence about how it's breaking the PGP-MIME RFC. > > I've attached an example of a mail before and after it's been through > exchange - I've put it in a .tgz to stop any modification by mailservers > en route. https://tools.ietf.org/html/rfc1847#page-4 suggests that: The entire contents of the multipart/signed container must be treated as opaque while it is in transit from an originator to a recipient. Intermediate message transfer agents must not alter the content of a multipart/signed in any way, including, but not limited to, changing the content transfer encoding of the body part or any of its encapsulated body parts. But the example messages you gave are not multipart/signed -- they're encrypted messages, which are ascii-armored (base64-encoded) blobs in the first place, which are being re-wrapped in another layer of base64. Given that compliant MUAs should strip off the outer layer of base64 before handing the message, i don't think this should be a problem. I'd be more concerned with their switch from Content-Disposition: inline to Content-Disposition: attachment, which seems likely to make compliant MUAs not want to pass the message to an inline renderer at all. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Wed Oct 5 08:15:18 2011 From: faramir.cl at gmail.com (Faramir) Date: Wed, 05 Oct 2011 03:15:18 -0300 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E833541.4090605@digitalbrains.com> References: <4E80EA9A.5070909@cloer.de> <87oby5jfy0.fsf@vigenere.g10code.de> <4E82F259.2070703@cloer.com> <87k48skc75.fsf@vigenere.g10code.de> <4E833541.4090605@digitalbrains.com> Message-ID: <4E8BF5F6.5000204@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > On 28/09/11 15:50, Werner Koch wrote: >> There is no feature for it. You may use gpgsplit to manually >> construct a key from such a backup. You need to take the >> keybinding signature etc from the matching public key. I have >> not tried, it though. Would Paperkey be useful to do that? I guess no, since it encodes the private key somehow... but maybe tweaking it? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOi/X1AAoJEMV4f6PvczxAOvYH/31H1Dhf4JL8Ctahw9LFy4PX cgfzhdbUrEAlUvUg6r4CJrwfij5/QDsf0E8zsxpqGPIsmBRQp/kv7cMO+HuJyy5b 4ui2rEx1w60yU/Yy8By/7OoqG4KS3RKkYbVu5zAcsm5rwV1171Ipq3t+8qMl1nRC p01UFVgj3uBsKeWHvp3fMVVwbkHkc1vB5KibrJQNL19IB1t+sEqW5lQtO+boHZTf vRjSaKaJvcFYGCHlRppLi7kOoVgHykp7hpKkuIdSempsUadjbWJyJIUbZEd/HbP5 OW1a1KlS/24BQY/5WrNiKsoXngSNSN+SBLu1eEU3xTiayH4UacIpxs5RcLceDSo= =+6VQ -----END PGP SIGNATURE----- From peter at digitalbrains.com Wed Oct 5 11:21:14 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Oct 2011 11:21:14 +0200 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E8BF5F6.5000204@gmail.com> References: <4E80EA9A.5070909@cloer.de> <87oby5jfy0.fsf@vigenere.g10code.de> <4E82F259.2070703@cloer.com> <87k48skc75.fsf@vigenere.g10code.de> <4E833541.4090605@digitalbrains.com> <4E8BF5F6.5000204@gmail.com> Message-ID: <4E8C218A.6050500@digitalbrains.com> On 05/10/11 08:15, Faramir wrote: > Would Paperkey be useful to do that? I guess no, since it encodes > the private key somehow... but maybe tweaking it? IMHO, if you want to have a backup that also allows you to use the key without the card, the following procedure is by far the easiest: - Create a normal RSA key (gpg --gen-key) - Back it up in a safe place, run it through paperkey, all the usual steps - From gpg --edit-key, use the keytocard command. Now you have the key on the card, and the secret key material that was in your secret keyring is replaced by a stub that points to the smartcard. So the secret key material is no longer in the keyring. AFAIK, if you create a smartcard key with backup file, this is pretty much equivalent: the key is created off-card by GnuPG, and uploaded to the card. Only when you choose the option to create a smartcard key without backup file will it get generated on card. I concluded this from reading the OpenPGP Card spec: I don't see a possibility to generate an on-card key and have the secret key material for the backup file, so the only possibility I see is that the key is generated by GnuPG and then uploaded to the card. Peter. PS: I accidentally hit the wrong "reply" button and sent this mail only to Faramir. So this is a copy to the list. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From laurent.jumet at skynet.be Wed Oct 5 11:31:37 2011 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Wed, 05 Oct 2011 11:31:37 +0200 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E8C218A.6050500@digitalbrains.com> Message-ID: Hello Peter ! Peter Lebbing wrote: > AFAIK, if you create a smartcard key with backup file, this is pretty much > equivalent: the key is created off-card by GnuPG, and uploaded to the card. > Only when you choose the option to create a smartcard key without backup > file will it get generated on card. I concluded this from reading the > OpenPGP Card spec: I don't see a possibility to generate an on-card key and > have the secret key material for the backup file, so the only possibility I > see is that the key is generated by GnuPG and then uploaded to the card. In my opinion, a key-to-card key should *never* have an existent backup. Purpose of cards is "one man"/"one card", as the card is supposed to identify the man for all purposes. If a backup exists somewhere, that means that *another card* could be emitted, and *another man" than you is walking somewhere and acting exactly as he was you... This is a very high risk. -- Laurent Jumet KeyID: 0xCFAF704C From rjh at sixdemonbag.org Wed Oct 5 13:17:42 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 07:17:42 -0400 Subject: restoring SmartCard key with off-card copy In-Reply-To: References: Message-ID: <4E8C3CD6.3000803@sixdemonbag.org> On 10/5/2011 5:31 AM, Laurent Jumet wrote: > In my opinion, a key-to-card key should *never* have an existent > backup. "Never" is one of those words that's best used sparingly. > Purpose of cards is "one man"/"one card", as the card is > supposed to identify the man for all purposes. This is one particular purpose of cards. It is not the sole purpose. In my daily work I walk from one lab to another to another. Some of these labs have trusted hardware on trusted networks. Others have untrusted hardware connected to untrusted networks. On the trusted networks I want my certificate there on disk, because it's more convenient to do that than to keep reaching for my wallet every time I need to sign something. On the untrusted network I want my certificate on a card, because I don't want the secret part of my certificate to ever touch that hardware. There are many other use cases similar to this in which it makes good sense to have certificates on hard drives as well as certificates on cards. I'm sure that if you think about it for a while you'll come up with several other reasonable scenarios. From peter at digitalbrains.com Wed Oct 5 13:35:40 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Oct 2011 13:35:40 +0200 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E8C3CD6.3000803@sixdemonbag.org> References: <4E8C3CD6.3000803@sixdemonbag.org> Message-ID: <4E8C410C.30202@digitalbrains.com> On 05/10/11 13:17, Robert J. Hansen wrote: > On 10/5/2011 5:31 AM, Laurent Jumet wrote: >> In my opinion, a key-to-card key should *never* have an existent >> backup. > > There are many other use cases similar to this in which it makes good > sense to have certificates on hard drives as well as certificates on > cards. I'm sure that if you think about it for a while you'll come up > with several other reasonable scenarios. Apart from hard drives there's the backup in a safe. And what about encrypted data? If your card fails, you have then simply lost all data. The only options are backups, a second card, or multiple recipients of the encrypted data. All are variations of a theme (multiple somethings) that do not satisfy Laurent's "one man"/"one card". So if the loss of all your encrypted data is an acceptable risk, then you can do the "one card" thing. Otherwise, you'll have to compromise somewhere else. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From aaron.toponce at gmail.com Wed Oct 5 16:02:37 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 5 Oct 2011 08:02:37 -0600 Subject: GPG with SMP? Message-ID: <20111005140237.GL29513@poseidon.cocyt.us> Does GnuPG support symmetric multiprocessing? If so, my Google-fu is failing me, as is reading the available documentation. Reason I ask is because encrypting 1TB files is fairly CPU intensive, and it appears that it's only using 1 of my 4 cores. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Wed Oct 5 16:24:17 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 10:24:17 -0400 Subject: GPG with SMP? In-Reply-To: <20111005140237.GL29513@poseidon.cocyt.us> References: <20111005140237.GL29513@poseidon.cocyt.us> Message-ID: <4E8C6891.40005@sixdemonbag.org> On 10/5/11 10:02 AM, Aaron Toponce wrote: > Does GnuPG support symmetric multiprocessing? If so, my Google-fu is > failing me, as is reading the available documentation. Reason I ask is > because encrypting 1TB files is fairly CPU intensive, and it appears that > it's only using 1 of my 4 cores. Short version: wouldn't do you any good even if it did. Long version: CTAK encryption isn't parallelizable: encrypting block N successfully depends on successfully encrypting block N-1, which in turn depends on successfully encrypting block N-3, and so on. There's no way to partition it into independent subproblems. A clever hack lets you parallelize decryption, but even then it's probably not worth it -- the amount of time spent doing disk I/O will be multiple orders of magnitude larger than the amount of time decrypting. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Wed Oct 5 16:42:58 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 10:42:58 -0400 Subject: GPG with SMP? In-Reply-To: References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> Message-ID: <4E8C6CF2.8000709@sixdemonbag.org> On 10/5/11 10:38 AM, Thomas Harning Jr. wrote: > Certain modes of AES can be safely parallelizable in both > directions: CTR can be since it uses a counter value to make each > encryption different for the XOR operation used. I hate to say "read the fine message, please," but -- well, read the fine message, please. CTAK encryption is not parallelizable. Given that's the mode used in GnuPG, GnuPG's symmetric encryption is not parallelizable. There do exist some parallelizable modes, but GnuPG doesn't use them. From aaron.toponce at gmail.com Wed Oct 5 16:48:01 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 5 Oct 2011 08:48:01 -0600 Subject: GPG with SMP? In-Reply-To: <4E8C6CF2.8000709@sixdemonbag.org> References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> Message-ID: <20111005144801.GM29513@poseidon.cocyt.us> On Wed, Oct 05, 2011 at 10:42:58AM -0400, Robert J. Hansen wrote: > On 10/5/11 10:38 AM, Thomas Harning Jr. wrote: > > Certain modes of AES can be safely parallelizable in both > > directions: CTR can be since it uses a counter value to make each > > encryption different for the XOR operation used. I didn't see this message in the thread on the list. Was this sent privately to Mr. Hansen? > CTAK encryption is not parallelizable. Given that's the mode used in > GnuPG, GnuPG's symmetric encryption is not parallelizable. There do > exist some parallelizable modes, but GnuPG doesn't use them. That's what I wanted to know. Your response makes perfect sense. Thanks. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Wed Oct 5 17:05:13 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 11:05:13 -0400 Subject: GPG with SMP? In-Reply-To: <20111005144801.GM29513@poseidon.cocyt.us> References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> <20111005144801.GM29513@poseidon.cocyt.us> Message-ID: <4E8C7229.3040907@sixdemonbag.org> On 10/5/11 10:48 AM, Aaron Toponce wrote: > I didn't see this message in the thread on the list. Was this sent > privately to Mr. Hansen? He sent it to both the list and me. It arrived in my inbox before the list pushed it out to the rest of the world. It'll be arriving soon, I'm sure. > That's what I wanted to know. Your response makes perfect sense. > Thanks. Always happy to help. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From harningt at gmail.com Wed Oct 5 16:38:37 2011 From: harningt at gmail.com (Thomas Harning Jr.) Date: Wed, 5 Oct 2011 10:38:37 -0400 Subject: GPG with SMP? In-Reply-To: <4E8C6891.40005@sixdemonbag.org> References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> Message-ID: On Wednesday, October 5, 2011, Robert J. Hansen wrote: > On 10/5/11 10:02 AM, Aaron Toponce wrote: > > Does GnuPG support symmetric multiprocessing? If so, my Google-fu is > > failing me, as is reading the available documentation. Reason I ask is > > because encrypting 1TB files is fairly CPU intensive, and it appears that > > it's only using 1 of my 4 cores. > > Short version: wouldn't do you any good even if it did. > > Long version: CTAK encryption isn't parallelizable: encrypting block N > successfully depends on successfully encrypting block N-1, which in turn > depends on successfully encrypting block N-3, and so on. There's no way > to partition it into independent subproblems. A clever hack lets you > parallelize decryption, but even then it's probably not worth it -- the > amount of time spent doing disk I/O will be multiple orders of magnitude > larger than the amount of time decrypting. > Certain modes of AES can be safely parallelizable in both directions: CTR can be since it uses a counter value to make each encryption different for the XOR operation used. ESSIV or XTS are also useful in parallelization, but might need tweaking for single-file encryption. -- Thomas Harning Jr. -------------- next part -------------- An HTML attachment was scrubbed... URL: From harningt at gmail.com Wed Oct 5 17:01:02 2011 From: harningt at gmail.com (Thomas Harning Jr.) Date: Wed, 5 Oct 2011 11:01:02 -0400 Subject: GPG with SMP? In-Reply-To: <20111005144801.GM29513@poseidon.cocyt.us> References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> <20111005144801.GM29513@poseidon.cocyt.us> Message-ID: On Wednesday, October 5, 2011, Aaron Toponce wrote: > On Wed, Oct 05, 2011 at 10:42:58AM -0400, Robert J. Hansen wrote: > > On 10/5/11 10:38 AM, Thomas Harning Jr. wrote: > > > Certain modes of AES can be safely parallelizable in both > > > directions: CTR can be since it uses a counter value to make each > > > encryption different for the XOR operation used. > > I didn't see this message in the thread on the list. Was this sent > privately to Mr. Hansen? > > > CTAK encryption is not parallelizable. Given that's the mode used in > > GnuPG, GnuPG's symmetric encryption is not parallelizable. There do > > exist some parallelizable modes, but GnuPG doesn't use them. > > That's what I wanted to know. Your response makes perfect sense. Thanks. > I had done a reply-all... wonder if something's blocking it. Mr. Hansen, thanks for the correction on CTAK, made me re-look into the specific details of CTAK... whoops. Should have taken a look at the OpenPGP specification and noticed that CFB is what is used for all symmetric encryption. -- Thomas Harning Jr. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Oct 5 19:09:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 13:09:06 -0400 Subject: GPG with SMP? In-Reply-To: References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> <20111005144801.GM29513@poseidon.cocyt.us> Message-ID: <4E8C8F32.3000700@sixdemonbag.org> On 10/5/11 11:01 AM, Thomas Harning Jr. wrote: > Mr. Hansen, thanks for the correction on CTAK, made me re-look into the > specific details of CTAK... whoops. Should have taken a look at the > OpenPGP specification and noticed that CFB is what is used for all > symmetric encryption. Goofs happen, man. :) Also, a note for anyone who's confused (what's CTAK? does GnuPG use CTAK or CFB for symmetric encryption? etc.): CFB stands for "Cipher Feedback", which is a particular mode of operation for symmetric ciphers. CTAK is "Ciphertext Autokey", which is the exact same thing by another name. From david at systemoverlord.com Wed Oct 5 19:29:09 2011 From: david at systemoverlord.com (David Tomaschik) Date: Wed, 5 Oct 2011 13:29:09 -0400 Subject: GPG with SMP? In-Reply-To: <4E8C8F32.3000700@sixdemonbag.org> References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> <20111005144801.GM29513@poseidon.cocyt.us> <4E8C8F32.3000700@sixdemonbag.org> Message-ID: On Wed, Oct 5, 2011 at 1:09 PM, Robert J. Hansen wrote: > On 10/5/11 11:01 AM, Thomas Harning Jr. wrote: >> Mr. Hansen, thanks for the correction on CTAK, made me re-look into the >> specific details of CTAK... whoops. ?Should have taken a look at the >> OpenPGP specification and noticed that CFB is what is used for all >> symmetric encryption. > > Goofs happen, man. ?:) > > Also, a note for anyone who's confused (what's CTAK? does GnuPG use CTAK > or CFB for symmetric encryption? etc.): CFB stands for "Cipher > Feedback", which is a particular mode of operation for symmetric > ciphers. ?CTAK is "Ciphertext Autokey", which is the exact same thing by > another name. To be pedantic, CTAK is the general concept of incorporating the ciphertext into the keystream. CFB is a precise way of implementing CTAK. PCBC also incorporates the plaintext into the input for the encryption process, IIRC. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From rjh at sixdemonbag.org Wed Oct 5 19:41:57 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Oct 2011 13:41:57 -0400 Subject: GPG with SMP? In-Reply-To: References: <20111005140237.GL29513@poseidon.cocyt.us> <4E8C6891.40005@sixdemonbag.org> <4E8C6CF2.8000709@sixdemonbag.org> <20111005144801.GM29513@poseidon.cocyt.us> <4E8C8F32.3000700@sixdemonbag.org> Message-ID: <4E8C96E5.4010205@sixdemonbag.org> On 10/5/11 1:29 PM, David Tomaschik wrote: > To be pedantic... Bureaucrat Conrad, you are technically correct -- the best kind of correct! :) Thanks for the catch. From americabrazil1234 at hotmail.com Thu Oct 6 01:55:16 2011 From: americabrazil1234 at hotmail.com (Vortran66) Date: Wed, 5 Oct 2011 16:55:16 -0700 (PDT) Subject: How to use terminal to change mac-cache-ttl Message-ID: <32599099.post@talk.nabble.com> I am using GnuPG with Mac OSX I need to reset password caching to a lower setting than the default. I was told that caching in gpg-agent is responsible for this and that I need to configure its cache entry TTL values. I was told to look for cache settings in gpg-agent.conf (to be created in your GnuPG homedir. I have a very limited knowledge of using terminal in Mac. Can someone tell me what commands I would need to enter to do this. I believe I need to set --max-cache-ttl n (with n being seconds). The problem is I have no idea how to go about changing this in terminal. Sorry for being so ignorant on this. -- View this message in context: http://old.nabble.com/How-to-use-terminal-to-change-mac-cache-ttl-tp32599099p32599099.html Sent from the GnuPG - User mailing list archive at Nabble.com. From achim.cloer at cloer.com Thu Oct 6 16:24:07 2011 From: achim.cloer at cloer.com (Achim Cloer) Date: Thu, 06 Oct 2011 16:24:07 +0200 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E81EA45.3000006@digitalbrains.com> References: <4E80EA9A.5070909@cloer.de> <4E81EA45.3000006@digitalbrains.com> Message-ID: <4E8DBA07.8060604@cloer.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, dear Peter, > Restore the given file to a card. This command may be used to > restore a backup key (as generated during card initialization) to a > new card. In almost all cases this will be the encryption key. You > should use this command only with the corresponding public key and > make sure that the file given as argument is indeed the backup to > restore. You should then select 2 to restore as encryption key. You > will first be asked to enter the passphrase of the backup key and > then for the Admin PIN of the card. It seems that the backup file only contains one key: This was on my original Card the encryption key. But this is shown as encryption _and_ signature key and has a different Key-ID than the one I published. The Authentication Key is empty. I succeeded to write back this encryption key to the card. But PGP is writing the same key to two positions in the card. So now I have a Card with the same key in "encryption" and "signature". But I still can't use the Card: After Importing the backup key, my gpg is still asking for my old SmartCard. How can I tell GPG to use the new smart card? It seems to be necessary to modify the sec-key on the computer. But how. I can't find any documentation... Sorry, but I really don't understand what to dot. How can I restore a Card so that I can use it as my original card before. If there is now HowTo, I promise to write one, once I found out how it works... Danke! Gru?, Achim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAgAGBQJOjboFAAoJEGNcKEESQW1pt98L/0P5gme+JOEw43h4lt+DuCdS OEWy03D5/jOCn478sJBLGcnngg5/vD97dsgxTr8kcGZkv/ggYLDqO7RLU+sGaBu8 E5ANEFQ6Tzvhlye9GMS+X2XeLOBKcVP90hEavQKT1V2nFdg61rLGjy0M9eybP1Ej 00DgwpdbIr+8y6cn4PXHIrSLPJGeNrL6KUvBXHY6hHll7aaGl/fsHtr0aDIhxlbT df/6eCQ1WSXm+zxH+S3G0xNVlGANQZ/mHzzY1bGYra/7JHoViRw/2OCWgUhKfEmi Zq6eSzi8mHrvBLEI/CjjeI11EsBuqsJEnnEutfGJRk8cwy6i+Y6vE74t1O6JhWD1 7Ocr0Kt/k1LVCnLd+uiMTlw5T+zmq3D9RKQUokPDonoeqV0RTLCspn6LNkHluUGn H6GAC7e6R/T76Gyt+nD2BFPCEjAFWlhoZTcvnTX7nKs+3LJV4yf2+7t9xEqrWbzz j0bGdo4u8RXXX/G1ZiXu4T4jUkLF6ctvCgvrYcB4MQ== =CVXu -----END PGP SIGNATURE----- From spluque at gmail.com Thu Oct 6 16:18:58 2011 From: spluque at gmail.com (Seb) Date: Thu, 06 Oct 2011 09:18:58 -0500 Subject: card error message in .gpg-agent.log Message-ID: <87y5wynqy5.fsf@kolob.subpolar.dyndns.org> Hi, The following error messages are very common in my /tmp/.gpg-agent.log (Debian sid system): ---<--------------------cut here---------------start------------------->--- 2011-10-05 17:15:25 gpg-agent[2694] gpg-agent (GnuPG) 2.0.18 started 2011-10-05 17:21:36 gpg-agent[2694] error getting default authentication keyID of card: Card error 2011-10-05 17:22:10 gpg-agent[2694] error getting default authentication keyID of card: Not supported ---<--------------------cut here---------------end--------------------->--- What is causing these, and how to solve that? Thanks. Cheers, -- Seb From peter at digitalbrains.com Thu Oct 6 17:40:29 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 06 Oct 2011 17:40:29 +0200 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E8DBA07.8060604@cloer.com> References: <4E80EA9A.5070909@cloer.de> <4E81EA45.3000006@digitalbrains.com> <4E8DBA07.8060604@cloer.com> Message-ID: <4E8DCBED.5090700@digitalbrains.com> > I succeeded to write back this encryption key to the card. But PGP is > writing the same key to two positions in the card. So now I have a > Card with the same key in "encryption" and "signature". A bit odd. I hope it will not give problems. My suggestion: let the card generate a new signature key (you don't need to use it if you don't want to). Apart from that GnuPG might get confused by the key being used in two positions, there are security reasons why we use different signature and encryption keys, instead of one key for both. Might open you up to some subtle attack, if your attacker knows what he's doing. Probably unlikely, but better safe than sorry. Oh, by the way, it's GnuPG, not PGP. PGP is a commercial product supporting the OpenPGP standard. GnuPG is the libre software you're using with your OpenPGP smartcard. > But I still can't use the Card: After Importing the backup key, my gpg > is still asking for my old SmartCard. How can I tell GPG to use the > new smart card? It seems to be necessary to modify the sec-key on the > computer. But how. I can't find any documentation... This is the easy part. Your "secret key" as stored on your PC simply says: use *this specific* smartcard for that key. So GnuPG will ask for that specific smartcard, even though your new card has the key. Solution: delete the secret key. Watch out you don't throw out any real keys, though. And don't delete the public key. When GnuPG has the public key, and you insert the new smartcard with the secret key, GnuPG will automatically recreate the "secret key" part that then says: use *this specific* smartcard for that key. Best thing is to do gpg --card-status after you insert the smart card for the first time, this will then immediately cause GnuPG to "bind" to the smart card. Once again: watch out you don't accidentally throw out real secret keys! > Sorry, but I really don't understand what to dot. How can I restore a > Card so that I can use it as my original card before. No need to appologise. This list /is/ for asking questions. And it's a good question, at that. > If there is now HowTo, I promise to write one, once I found out how it > works... Wouldn't know if this is covered in manuals or howto's... I learned a lot from playing around, and following this list. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From rjh at sixdemonbag.org Thu Oct 6 20:20:32 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 06 Oct 2011 14:20:32 -0400 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <32599099.post@talk.nabble.com> References: <32599099.post@talk.nabble.com> Message-ID: <4E8DF170.4030403@sixdemonbag.org> On 10/5/11 7:55 PM, Vortran66 wrote: > I have a very limited knowledge of using terminal in Mac. Can someone tell > me what commands I would need to enter to do this. Although I think that using Terminal.app is fun, natural and sensible, it's possible that I'm psychotic. If you *want* to learn how to use Terminal.app, you might find it enjoyable. If you just want to make the darn thing work, the more you wrestle with Terminal.app the more frustrated you'll get. The good news is that I've put together a small Python script that will (hopefully) make things a little easier on you. Give me a day or two to do more bughunting, and once it's done it should be pretty easy on you to edit these values. Anyone who knows both Python and OS X: please feel free to check out -- http://keyservers.org/~rjh/agent-alter-1.0.tar.bz2 http://keyservers.org/~rjh/agent-alter-code.pdf http://keyservers.org/~rjh/agent-alter.pdf You'll need Norman Ramsey's Noweb package installed in order to rebuild from the Noweb source, but you can also just look inside src/ to get a pre-extracted version (named "agent-alter"). Alternately, just read the two PDFs. Any and all bug finds gratefully accepted. Let's see if we can't get something ready for this guy by the weekend. :) From faramir.cl at gmail.com Fri Oct 7 06:56:05 2011 From: faramir.cl at gmail.com (Faramir) Date: Fri, 07 Oct 2011 01:56:05 -0300 Subject: restoring SmartCard key with off-card copy In-Reply-To: <4E8C218A.6050500@digitalbrains.com> References: <4E80EA9A.5070909@cloer.de> <87oby5jfy0.fsf@vigenere.g10code.de> <4E82F259.2070703@cloer.com> <87k48skc75.fsf@vigenere.g10code.de> <4E833541.4090605@digitalbrains.com> <4E8BF5F6.5000204@gmail.com> <4E8C218A.6050500@digitalbrains.com> Message-ID: <4E8E8665.3020301@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 05-10-2011 6:21, Peter Lebbing escribi?: > On 05/10/11 08:15, Faramir wrote: >> Would Paperkey be useful to do that? I guess no, since it >> encodes the private key somehow... but maybe tweaking it? > > IMHO, if you want to have a backup that also allows you to use the > key without the card, the following procedure is by far the > easiest: > > - Create a normal RSA key (gpg --gen-key) - Back it up in a safe > place, run it through paperkey, all the usual steps - From gpg > --edit-key, use the keytocard command. Ok, but I was thinking about the already existing card backup is the secret key without information already available from public key. And Paperkey removes that redundant information when it creates the backup, and restore it when using the backup. So maybe it could be adapted to combine the card backup too. Just a thought. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOjoZkAAoJEMV4f6PvczxA/PAIAJKYq1aqGxp0YLUBmgqGRNB1 JW0aKVQ8XOsppWhjY7HI5Amc0OPZFLleVOFSC1xgJeRzee5WSpw8w/H/saBg9eUt qaKf2Go0pZpSiwuoUQ6uHBo40r012QQJeb5fVGolqq8CaZxlHWWy+96r1tQxgMsg ksAPUs+tykE3c/ts+sGQFiX1RU7zuiNj/+0slt01SZs8iwSKJyHdbYR0bM9P8IUo SLBdTTBSSSXqgIHVA8XMuKitnhhcmKBDpjU8RvNBVGhgG11TB6aOLC65XAR7Z/L5 e71eIrmfVIS5Oa+Owr6SYnCXZzCmfnJlWnZSo4u1lTBtU3gr4RM3/FUDdB2zQGs= =MOEy -----END PGP SIGNATURE----- From wk at gnupg.org Fri Oct 7 10:18:24 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Oct 2011 10:18:24 +0200 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <4E8DF170.4030403@sixdemonbag.org> (Robert J. Hansen's message of "Thu, 06 Oct 2011 14:20:32 -0400") References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> Message-ID: <87d3e9b4fj.fsf@vigenere.g10code.de> On Thu, 6 Oct 2011 20:20, rjh at sixdemonbag.org said: > The good news is that I've put together a small Python script that will > (hopefully) make things a little easier on you. Give me a day or two to I suggest that you use gpgconf to change configuration options. We designed this tool to allow easy changing of configuration options using a GUI or by scripts. As part of GnuPG it has intimate knowledge of the options and takes care not to break things. It is being used for years by Kleopatra and GPA for preference settings and to dynamically create configuration dialogs. http://gnupg.org/documentation/manuals/gnupg/gpgconf.html Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Oct 7 10:24:01 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Oct 2011 10:24:01 +0200 Subject: card error message in .gpg-agent.log In-Reply-To: <87y5wynqy5.fsf@kolob.subpolar.dyndns.org> (Seb's message of "Thu, 06 Oct 2011 09:18:58 -0500") References: <87y5wynqy5.fsf@kolob.subpolar.dyndns.org> Message-ID: <878voxb466.fsf@vigenere.g10code.de> On Thu, 6 Oct 2011 16:18, spluque at gmail.com said: > 2011-10-05 17:15:25 gpg-agent[2694] gpg-agent (GnuPG) 2.0.18 started > 2011-10-05 17:21:36 gpg-agent[2694] error getting default authentication keyID of card: Card error Gpg-agent checks whether a smartcard which features an authentication key to be used by ssh is available. Such a smartcard based authentication key is used by gpg-agent to authenticate an ssh session without the need to first import the ssh key. > What is causing these, and how to solve that? Thanks. Ignore this diagnostic if you don't have a suitable smartcard (e.g. an OpenPGP or Belgian eID card). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From melvincarvalho at gmail.com Fri Oct 7 10:26:59 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Fri, 7 Oct 2011 10:26:59 +0200 Subject: Is there a way to browse the GPG web of trust? Message-ID: Just wondering is there a way to browse the GPG web of trust? Is some of the signing data public and downloadable, or is it mainly private? From laurent.jumet at skynet.be Fri Oct 7 11:47:34 2011 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 07 Oct 2011 11:47:34 +0200 Subject: KeyServer... Message-ID: Hello ! Is this server active: hkp://blackhole.pca.dfn.de ? Seems I get an error when trying to refresh a key. -- Laurent Jumet KeyID: 0xCFAF704C From aaron.toponce at gmail.com Fri Oct 7 11:51:53 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 7 Oct 2011 03:51:53 -0600 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: References: Message-ID: <20111007095153.GG32237@poseidon.cocyt.us> On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote: > Just wondering is there a way to browse the GPG web of trust? > > Is some of the signing data public and downloadable, or is it mainly private? Yes, and no. The Web of Trust is just a web centered around a specific keyring. If you have a specific keyring, you can view that key's Web of Trust. All you're looking at are signatures. It becomes a bit troublesome after a while, because you look not only at that key's signatures, but the signatures of those who signed the key as well. If you want a graphical view of a Web of Trust, here is a quick shell script you can run that ends up with a GIF you can view an any image editor. You'll need GnuPG, of course, as well as signing-party (which provides sig2dot), graphviz (which provides neato) and imagemagik (which provides convert): gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.neato.ps convert ~/.gnupg/pubring.neato.ps ~/.gnupg/pubring.gif The more signatures and keys in that keyring, the more complex the Web of Trust could be, and the longer it may take to generate that GIF. On my Intel dualcore laptop, I rendered a keyring for a friend, and it took over 30 minutes. So, be patient. Here's mine (using the script above): http://aarontoponce.org/pubring.gif Further, there is also the "Strong Set", which is said to be the largest Web of Trust on the Internet. You can view that web here: http://pgp.cs.uu.nl/plot/ As an interesting sidenote, the top 25 keys, and all but 15 of the top 50 keys in that web belong to contributors of the Debian project (or so I've been told). -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Fri Oct 7 11:54:49 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 7 Oct 2011 03:54:49 -0600 Subject: KeyServer... In-Reply-To: References: Message-ID: <20111007095449.GH32237@poseidon.cocyt.us> On Fri, Oct 07, 2011 at 11:47:34AM +0200, Laurent Jumet wrote: > Is this server active: > hkp://blackhole.pca.dfn.de > > Seems I get an error when trying to refresh a key. According to dig(1): $ dig blackhole.pca.dfn.de ; <<>> DiG 9.7.3 <<>> blackhole.pca.dfn.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35310 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;blackhole.pca.dfn.de. IN A ;; AUTHORITY SECTION: pca.dfn.de. 1588 IN SOA robin.dfn-cert.de. hostmaster.pca.dfn.de. 2011090700 10800 1800 604800 86400 ;; Query time: 101 msec ;; SERVER: 192.168.1.3#53(192.168.1.3) ;; WHEN: Fri Oct 7 03:53:26 2011 ;; MSG SIZE rcvd: 100 Nope. NXDOMAIN shows that there is no IP address associated with that FQDN. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From melvincarvalho at gmail.com Fri Oct 7 12:46:32 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Fri, 7 Oct 2011 12:46:32 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <20111007095153.GG32237@poseidon.cocyt.us> References: <20111007095153.GG32237@poseidon.cocyt.us> Message-ID: On 7 October 2011 11:51, Aaron Toponce wrote: > On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote: >> Just wondering is there a way to browse the GPG web of trust? >> >> Is some of the signing data public and downloadable, or is it mainly private? > > Yes, and no. The Web of Trust is just a web centered around a specific > keyring. If you have a specific keyring, you can view that key's Web of > Trust. All you're looking at are signatures. It becomes a bit troublesome > after a while, because you look not only at that key's signatures, but the > signatures of those who signed the key as well. > > If you want a graphical view of a Web of Trust, here is a quick shell > script you can run that ends up with a GIF you can view an any image > editor. You'll need GnuPG, of course, as well as signing-party (which > provides sig2dot), graphviz (which provides neato) and imagemagik (which > provides convert): > > ? ?gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt > ? ?neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.neato.ps > ? ?convert ~/.gnupg/pubring.neato.ps ~/.gnupg/pubring.gif > > The more signatures and keys in that keyring, the more complex the Web of > Trust could be, and the longer it may take to generate that GIF. On my > Intel dualcore laptop, I rendered a keyring for a friend, and it took over > 30 minutes. So, be patient. Here's mine (using the script above): > > ? ?http://aarontoponce.org/pubring.gif > > Further, there is also the "Strong Set", which is said to be the largest > Web of Trust on the Internet. You can view that web here: > > ? ?http://pgp.cs.uu.nl/plot/ > > As an interesting sidenote, the top 25 keys, and all but 15 of the top 50 > keys in that web belong to contributors of the Debian project (or so I've > been told). This is awesome, thanks! Is it possible to get a dump of all the signatures in a particular key server? BTW: Just as a side note, I am studying "web of trust" as a general concept (hopefully to become part of a PhD). There is also the "FOAF" web of trust, which is bigger (say 100 million plus) but perhap not as high quality as GPG. Im also looking at the data in http://convergence.io/ ... it might be an idea to try and map all the different web of trusts on the internets and collate the data together ... > > -- > . o . ? o . o ? . . o ? o . . ? . o . > . . o ? . o o ? o . o ? . o o ? . . o > o o o ? . o . ? . o o ? o o . ? o o o > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From rjh at sixdemonbag.org Fri Oct 7 16:20:08 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 07 Oct 2011 10:20:08 -0400 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <87d3e9b4fj.fsf@vigenere.g10code.de> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> <87d3e9b4fj.fsf@vigenere.g10code.de> Message-ID: <4E8F0A98.6000008@sixdemonbag.org> On 10/7/11 4:18 AM, Werner Koch wrote: > I suggest that you use gpgconf to change configuration options. Cute: thanks for the heads-up. From aaron.toponce at gmail.com Fri Oct 7 17:54:46 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 7 Oct 2011 09:54:46 -0600 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: References: <20111007095153.GG32237@poseidon.cocyt.us> Message-ID: <20111007155446.GI32237@poseidon.cocyt.us> On Fri, Oct 07, 2011 at 12:46:32PM +0200, Melvin Carvalho wrote: > This is awesome, thanks! No problem. It's pretty crazy stuff. > Is it possible to get a dump of all the signatures in a particular key server? Possible? Yes. Probable? Maybe. I once setup my own public keyserver, just because, and found it to chew through 20GB or so, iirc. It's been about 5 years since setting it up, so I'm guessing it's grown since then. If you want all the keys from a keyserver, you'll probably have the best luck building your own keyserver, taking all the public keys, building a keyring, and examining the Web of Trust on that. With that said, I would be willing to bet that something of that magnitude would be rather CPU and RAM intensive. You would probably want to take advantage of some pretty serious hardware to make it practical. If someone has better advice, you'll likely get it here. :) > BTW: Just as a side note, I am studying "web of trust" as a general > concept (hopefully to become part of a PhD). There is also the "FOAF" > web of trust, which is bigger (say 100 million plus) but perhap not as > high quality as GPG. Im also looking at the data in > http://convergence.io/ ... it might be an idea to try and map all the > different web of trusts on the internets and collate the data together Will your discertation be available publicly? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From melvincarvalho at gmail.com Fri Oct 7 18:15:07 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Fri, 7 Oct 2011 18:15:07 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <20111007155446.GI32237@poseidon.cocyt.us> References: <20111007095153.GG32237@poseidon.cocyt.us> <20111007155446.GI32237@poseidon.cocyt.us> Message-ID: On 7 October 2011 17:54, Aaron Toponce wrote: > On Fri, Oct 07, 2011 at 12:46:32PM +0200, Melvin Carvalho wrote: >> This is awesome, thanks! > > No problem. It's pretty crazy stuff. > >> Is it possible to get a dump of all the signatures in a particular key server? > > Possible? Yes. Probable? Maybe. I once setup my own public keyserver, just > because, and found it to chew through 20GB or so, iirc. It's been about 5 > years since setting it up, so I'm guessing it's grown since then. > > If you want all the keys from a keyserver, you'll probably have the best > luck building your own keyserver, taking all the public keys, building a > keyring, and examining the Web of Trust on that. With that said, I would be > willing to bet that something of that magnitude would be rather CPU and RAM > intensive. You would probably want to take advantage of some pretty serious > hardware to make it practical. Thanks I may try and set up a key server in that case. Tho I did read a report that it can be more work than anticipated. > > If someone has better advice, you'll likely get it here. :) > >> BTW: Just as a side note, I am studying "web of trust" as a general >> concept (hopefully to become part of a PhD). ?There is also the "FOAF" >> web of trust, which is bigger (say 100 million plus) but perhap not as >> high quality as GPG. ?Im also looking at the data in >> http://convergence.io/ ... it might be an idea to try and map all the >> different web of trusts on the internets and collate the data together > > Will your discertation be available publicly? I'm still at a very early stage. But I see no point in writing a phd ("contribution to knowledge") unless it is publicly available. > > -- > . o . ? o . o ? . . o ? o . . ? . o . > . . o ? . o o ? o . o ? . o o ? . . o > o o o ? . o . ? . o o ? o o . ? o o o > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From wk at gnupg.org Fri Oct 7 18:56:36 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Oct 2011 18:56:36 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <20111007095153.GG32237@poseidon.cocyt.us> (Aaron Toponce's message of "Fri, 7 Oct 2011 03:51:53 -0600") References: <20111007095153.GG32237@poseidon.cocyt.us> Message-ID: <87zkhcagfv.fsf@vigenere.g10code.de> On Fri, 7 Oct 2011 11:51, aaron.toponce at gmail.com said: > gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt Why at all does this tool use the human readable format? I don't get it. We have a machine readable format which is guaranteed to be stable and much easier to parse. The --with-colons option was introduced with versions 0.2.12 before April 1998. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From aaron.toponce at gmail.com Fri Oct 7 20:55:48 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 7 Oct 2011 12:55:48 -0600 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <87zkhcagfv.fsf@vigenere.g10code.de> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> Message-ID: <20111007185548.GK32237@poseidon.cocyt.us> On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: > On Fri, 7 Oct 2011 11:51, aaron.toponce at gmail.com said: > > gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt > > Why at all does this tool use the human readable format? I don't get > it. Probably because the author of sig2dot(1) doesn't know better. > We have a machine readable format which is guaranteed to be stable > and much easier to parse. The --with-colons option was introduced with > versions 0.2.12 before April 1998. I'd be game for submitting a patch, if I had the patience to work with Perl. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From melvincarvalho at gmail.com Fri Oct 7 21:59:57 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Fri, 7 Oct 2011 21:59:57 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <20111007185548.GK32237@poseidon.cocyt.us> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> Message-ID: On 7 October 2011 20:55, Aaron Toponce wrote: > On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: >> On Fri, ?7 Oct 2011 11:51, aaron.toponce at gmail.com said: >> > ? ? gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt >> >> Why at all does this tool use the human readable format? ?I don't get >> it. > > Probably because the author of sig2dot(1) doesn't know better. > >> We have a machine readable format which is guaranteed to be stable >> and much easier to parse. ?The --with-colons option was introduced with >> versions 0.2.12 before April 1998. > > I'd be game for submitting a patch, if I had the patience to work with > Perl. I just ran across this too: the GPG web of trust for bitcoin: http://bitcoin-otc.com/viewgpg.php Seems a bit more browsable > > -- > . o . ? o . o ? . . o ? o . . ? . o . > . . o ? . o o ? o . o ? . o o ? . . o > o o o ? . o . ? . o o ? o o . ? o o o > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From jerome+person at jeromebaum.com Sat Oct 8 05:56:46 2011 From: jerome+person at jeromebaum.com (Jerome Baum) Date: Sat, 08 Oct 2011 05:56:46 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <20111007185548.GK32237@poseidon.cocyt.us> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> Message-ID: <4E8FC9FE.5080702@jeromebaum.com> On 2011-10-07 20:55, Aaron Toponce wrote: > On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: >> Why at all does this tool use the human readable format? I don't get >> it. > > Probably because the author of sig2dot(1) doesn't know better. Why fix what's not broken? (i.e. who cares if it doesn't use with-colons? It works, right? If it ever breaks, we can change it. But it works for the time being.) -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) From rjh at sixdemonbag.org Sat Oct 8 10:52:45 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 08 Oct 2011 04:52:45 -0400 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <4E8FC9FE.5080702@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> Message-ID: <4E900F5D.7080206@sixdemonbag.org> On 10/7/2011 11:56 PM, Jerome Baum wrote: > Why fix what's not broken? Nobody has said sig2dot needs to be fixed. Werner asked why the author of sig2dot didn't use the fixed format, which is much better suited for this sort of thing. Saying, "I have spotted something that will someday need to be fixed," is not the same as saying, "we must fix it right now." From peter at digitalbrains.com Sat Oct 8 17:26:22 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 08 Oct 2011 17:26:22 +0200 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <4E900F5D.7080206@sixdemonbag.org> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> Message-ID: <4E906B9E.1050606@digitalbrains.com> On 08/10/11 10:52, Robert J. Hansen wrote: > On 10/7/2011 11:56 PM, Jerome Baum wrote: >> Why fix what's not broken? > > Nobody has said sig2dot needs to be fixed. However, Aaron Toponce wrote: > I'd be game for submitting a patch, if I had the patience to work with > Perl. Sounds to me like like Aaron would have tried to fix it if he had said patience. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From rjh at sixdemonbag.org Sat Oct 8 22:30:30 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 08 Oct 2011 16:30:30 -0400 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <4E906B9E.1050606@digitalbrains.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> Message-ID: <4E90B2E6.9040203@sixdemonbag.org> On 10/8/2011 11:26 AM, Peter Lebbing wrote: > Sounds to me like like Aaron would have tried to fix it if he had > said patience. I missed that message: thank you. :) From aaron.toponce at gmail.com Sun Oct 9 13:47:23 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sun, 9 Oct 2011 05:47:23 -0600 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <4E8FC9FE.5080702@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> Message-ID: <20111009114723.GN32237@poseidon.cocyt.us> On Sat, Oct 08, 2011 at 05:56:46AM +0200, Jerome Baum wrote: > On 2011-10-07 20:55, Aaron Toponce wrote: > > On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: > >> Why at all does this tool use the human readable format? I don't get > >> it. > > > > Probably because the author of sig2dot(1) doesn't know better. > > Why fix what's not broken? > > (i.e. who cares if it doesn't use with-colons? It works, right? If it > ever breaks, we can change it. But it works for the time being.) Sure. DOS worked too. What's the point of upgrades? If it ain't broke, don't fix it! :) > -- > Q: What is your secret word? > A: That's right. [snip] I wonder if alt.fan.warlord is still active... :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Sun Oct 9 14:00:19 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 09 Oct 2011 08:00:19 -0400 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: References: <20111007095153.GG32237@poseidon.cocyt.us> <20111007155446.GI32237@poseidon.cocyt.us> Message-ID: <4E918CD3.9040104@fifthhorseman.net> On 10/07/2011 12:15 PM, Melvin Carvalho wrote: > Thanks I may try and set up a key server in that case. Tho I did read > a report that it can be more work than anticipated. Running a keyserver isn't terribly hard. But you'll need a chunk of disk space (10G at least), a decent amount of RAM (1G), and a reliable network connection (ideally with a static IP). The dominant free keyserver these days is sks, You should subscribe to the discussion list for that project if you plan to run an OpenPGP keyserver: SKS development list Regards, --dkg (co-maintainer of keys.mayfirst.org) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Sun Oct 9 14:09:46 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 09 Oct 2011 08:09:46 -0400 Subject: Is there a way to browse the GPG web of trust? In-Reply-To: <4E8FC9FE.5080702@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> Message-ID: <4E918F0A.4010007@fifthhorseman.net> On 10/07/2011 11:56 PM, Jerome Baum wrote: > On 2011-10-07 20:55, Aaron Toponce wrote: >> On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: >>> Why at all does this tool use the human readable format? I don't get >>> it. >> >> Probably because the author of sig2dot(1) doesn't know better. > > Why fix what's not broken? I can pretty much guarantee that it is in fact broken, given the range of possible User IDs and various --list-options that could be applied in gpg.conf to affect the human-readable format. I suppose it's possible that no one has actually hit a broken case, or (more likely) that no one has bothered to report such a breakage. Has anyone tried to use sig2dot with a User ID that contains an embedded newline? Or with show-notations or show-keyserver-urls or show-uid-validity set in --list-options? Anyone looking for a quick way to make a contribution to this corner of the OpenPGP toolset could just permute these kinds of changes until you can coax sig2dot into a bad state, and then file a bug report to the upstream author suggesting the use of the machine-readable format (or the perl module GnuPG::Interface, which uses the machine-readable format already, and should handle most of the parsing for you). Just because it currently works in the "normal" case doesn't mean it behaves properly in all cases. Hoping i'm wrong about sig2dot, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From takethebus at gmx.de Sun Oct 9 23:30:14 2011 From: takethebus at gmx.de (takethebus at gmx.de) Date: Sun, 09 Oct 2011 23:30:14 +0200 Subject: Why revoke a key? In-Reply-To: <4E90B2E6.9040203@sixdemonbag.org> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> Message-ID: <20111009213014.292330@gmx.net> Hi everybody, in which cases should I revoke a key in general? Let's say I have my private key on an USB stick and lose the stick somewhere in public. The key is protected by the mantra. I'm sure, nobody knows the mantra except me. Should I revoke the key or could I keep on working with a copy of it? I'm grateful for your answers. Thanks, Jan From johanw at vulcan.xs4all.nl Mon Oct 10 00:51:58 2011 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 10 Oct 2011 00:51:58 +0200 Subject: Why revoke a key? In-Reply-To: <20111009213014.292330@gmx.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> Message-ID: <4E92258E.2000601@vulcan.xs4all.nl> On 09-10-2011 23:30, takethebus at gmx.de wrote: > in which cases should I revoke a key in general? If you think it may be compromised. > Let's say I have my private key on an USB stick and lose the stick somewhere in public. The key is protected by the mantra. I'm sure, nobody knows the mantra except me. Should I revoke the key or could I keep on working with a copy of it? That depends on your thread model and the strength of the secret key password. It happened once to me (key on a backup CD-ROM in a bag that got stolen, but unlikely by someone particulary interested in my keys. However, I still revoked it yo be sure. -- Met vriendelijke groet / With kind regards, Johan Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Mon Oct 10 00:52:30 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 09 Oct 2011 18:52:30 -0400 Subject: Why revoke a key? In-Reply-To: <20111009213014.292330@gmx.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> Message-ID: <4E9225AE.5090808@sixdemonbag.org> On 10/9/11 5:30 PM, takethebus at gmx.de wrote: > in which cases should I revoke a key in general? Whenever you feel the private key has been compromised. Unfortunately, that just switches the question to "when should I consider a key compromised?" > Let's say I have my private key on an USB stick and lose the > stick somewhere in public. The key is protected by the mantra. I'm > sure, nobody knows the mantra except me. Should I revoke the key > or could I keep on working with a copy of it? Depends on how strong the passphrase is. I've often said that I'm willing to publish my private key in the _New York Times_, if someone is willing to pay for it. With a strong passphrase, someone getting access to your private key is not a big deal so long as you can guarantee they will never get access to your passphrase. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 613 bytes Desc: OpenPGP digital signature URL: From me at davidmanouchehri.com Mon Oct 10 00:58:53 2011 From: me at davidmanouchehri.com (David Manouchehri) Date: Sun, 9 Oct 2011 18:58:53 -0400 Subject: Why revoke a key? In-Reply-To: <20111009213014.292330@gmx.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> Message-ID: That's really up to you, how much you value security or not. It depends on many factors, like what the key was used for; ie, if this was the Ubuntu software PGP key, you should revoke it as others are depending on it to be secure. If you used it for just signing a few files here and there, it's probably fine. In general, once you've lost confidence in the security of the key, you should revoke it. I personally only take around subkeys that expire every six months, so even if I lose that key, soon enough it won't matter. David Manouchehri On Sun, Oct 9, 2011 at 5:30 PM, wrote: > Hi everybody, > > in which cases should I revoke a key in general? > > Let's ?say ?I ?have my private key on an USB stick and lose the stick somewhere in public. The key is protected by the mantra. I'm sure, nobody knows the mantra except ?me. Should I revoke the key or could I keep on working with a copy of it? > > I'm grateful for your answers. > Thanks, Jan > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From dougb at dougbarton.us Mon Oct 10 10:06:49 2011 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 10 Oct 2011 01:06:49 -0700 Subject: Why revoke a key? In-Reply-To: <20111009213014.292330@gmx.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> Message-ID: <4E92A799.7050505@dougbarton.us> When you start a new topic please create a new message, don't just reply to an old one and change the subject. Doing the latter causes your message to be "hidden" under the old ones for those of us who use threaded mail readers. On 10/09/2011 14:30, takethebus at gmx.de wrote: > Hi everybody, > > in which cases should I revoke a key in general? > > Let's say I have my private key on an USB stick and lose the stick > somewhere in public. The key is protected by the mantra. I'm sure, > nobody knows the mantra except me. Should I revoke the key or could > I keep on working with a copy of it? You already got good answers to this question, it depends on how much other people are depending on the security of your key. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From takethebus at gmx.de Mon Oct 10 23:29:57 2011 From: takethebus at gmx.de (Jan Janka) Date: Mon, 10 Oct 2011 23:29:57 +0200 Subject: Why revoke a key? In-Reply-To: <4E9225AE.5090808@sixdemonbag.org> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> Message-ID: <20111010212957.302090@gmx.net> -------- Original-Nachricht -------- > Datum: Sun, 09 Oct 2011 18:52:30 -0400 > Von: "Robert J. Hansen" > An: gnupg-users at gnupg.org > Betreff: Re: Why revoke a key? > > Let's say I have my private key on an USB stick and lose the > > stick somewhere in public. The key is protected by the mantra. I'm > > sure, nobody knows the mantra except me. Should I revoke the key > > or could I keep on working with a copy of it? > > Depends on how strong the passphrase is. I've often said that I'm > willing to publish my private key in the _New York Times_, if someone > is willing to pay for it. > With a strong passphrase, someone getting access to your private key > is not a big deal so long as you can guarantee they will never get > access to your passphrase. How long would it take to execute a successful brute force attack on a pasphrase consisting of 12 symbols (symbols available on common keyboards)? If the attacker only got the passphrase and not the private key, I can simply change the passphrase to be secure again. Right? So I'd say my key is compromised if I think an attacker got BOTH, the passphrase AND the key. From jw72253 at verizon.net Mon Oct 10 23:18:21 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Mon, 10 Oct 2011 16:18:21 -0500 Subject: key selection in batch decryptions Message-ID: <000b01cc8792$2350bad0$69f23070$@net> While I am using gpg 2.0.17 on a Windows OS, I often have instances where I need to decrypt a few random messages from a large batch of messages. Normally, I can pipe the passphrase, symmetric or public key, to the gpg command, and it will attempt to match the passphrase with the keys on my key ring for each message. if a message does not correspond to the key after trying each key, the process simply skips the file and moves to the next one to try again. If there are several keys on my key ring, but I am interested in trying only one of them, or if the passphrase is for symmetric encryption instead of for a key, it takes extra time for the process to try each of the keys in turn. Is there a way to tell gpg to use just one of the keys if any? I have tried specifying this as one of the options "-u userID", but it seems to ignore my specification and it always tries to use a different key from the one I intend. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Oct 11 09:35:30 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Oct 2011 09:35:30 +0200 Subject: key selection in batch decryptions In-Reply-To: <000b01cc8792$2350bad0$69f23070$@net> (John A. Wallace's message of "Mon, 10 Oct 2011 16:18:21 -0500") References: <000b01cc8792$2350bad0$69f23070$@net> Message-ID: <87sjn07zgd.fsf@vigenere.g10code.de> On Mon, 10 Oct 2011 23:18, jw72253 at verizon.net said: > keys in turn. Is there a way to tell gpg to use just one of the keys if > any? I have tried specifying this as one of the options "-u userID", but it No there is no way to do this. The best suggestion for all automated systems is not to use a passphrase. If you really want a passphrase and you require full control over it you have three choices: - Write your own pinentry and send CANCEL back until the desired passphrase is requested. Then send the right passphrase. - Write a simple pinentry to always send a CANCEL back (GnuPG 2.1 will have an option to emulate this). The use gpg-preset-passphrase to seed gpg-agent with the desired passphrase. - Use --status-fd/--command-fd. These options allow you to pass a passphrase to gpg entirely under script control. They work even with GnuPG 1.4. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From urs.hunkeler at epfl.ch Tue Oct 11 09:37:28 2011 From: urs.hunkeler at epfl.ch (Urs Hunkeler) Date: Tue, 11 Oct 2011 09:37:28 +0200 Subject: How to use a GnuPG card on multiple computers? Message-ID: <4E93F238.8080009@epfl.ch> Hi, How can I use a GnuPG card on multiple computers? My understanding is that when I let the card generate the keys, a stub for each key pair is automatically added to my keyring and instructs gpg to use the card to encrypt my messages. How can I add such stubs to my keyring on a different computer to point to existing keys on my card without having to regenerate the keys (which would render the card unusable for the first computer)? Thanks, Urs From wk at gnupg.org Tue Oct 11 11:03:15 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Oct 2011 11:03:15 +0200 Subject: How to use a GnuPG card on multiple computers? In-Reply-To: <4E93F238.8080009@epfl.ch> (Urs Hunkeler's message of "Tue, 11 Oct 2011 09:37:28 +0200") References: <4E93F238.8080009@epfl.ch> Message-ID: <87fwiz99yk.fsf@vigenere.g10code.de> On Tue, 11 Oct 2011 09:37, urs.hunkeler at epfl.ch said: > gpg to use the card to encrypt my messages. How can I add such stubs > to my keyring on a different computer to point to existing keys on my > card without having to regenerate the keys (which would render the You insert the card on that other box and enter $ gpg2 --card-edit this creates the stub. To retrieve the public key you may now enter: gpg/card> fetch this uses the URL field of the card to retrieve the key. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome+person at jeromebaum.com Mon Oct 10 23:44:10 2011 From: jerome+person at jeromebaum.com (Jerome Baum) Date: Mon, 10 Oct 2011 23:44:10 +0200 Subject: Why revoke a key? In-Reply-To: <20111010212957.302090@gmx.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> Message-ID: <4E93672A.7000103@jeromebaum.com> On 2011-10-10 23:29, Jan Janka wrote: > > How long would it take to execute a successful brute force attack on > a pasphrase consisting of 12 symbols (symbols available on common > keyboards)? Calculate how many combinations there are, assume some number of tries per second (you can experimentally find this out), and there you go. But remember Murphy's(?) law! -- (I mean the one about doubling computer power every 18 months -- are there two Murphy's laws? Confused now...) You can measure the strength of your password in bits of entropy, which is basically the log base 2 of the number of combinations. So if there are 64 possible combinations (a single alphanum case-sensitive password-ish) then you have 6 bits of entropy. In the diceware FAQ at www.diceware.com you can find info about how long a password with a given number of bits is supposed to be secure. Also some tips on how to pick a memorizable secure passphrase. > If the attacker only got the passphrase and not the private key, I > can simply change the passphrase to be secure again. Right? So I'd > say my key is compromised if I think an attacker got BOTH, the > passphrase AND the key. Yes but remember the attacker might get at an old version of your key that still used the old passphrase. -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) From urs.hunkeler at epfl.ch Tue Oct 11 11:50:27 2011 From: urs.hunkeler at epfl.ch (Urs Hunkeler) Date: Tue, 11 Oct 2011 11:50:27 +0200 Subject: How to use a GnuPG card on multiple computers? In-Reply-To: <87fwiz99yk.fsf@vigenere.g10code.de> References: <4E93F238.8080009@epfl.ch> <87fwiz99yk.fsf@vigenere.g10code.de> Message-ID: <4E941163.80901@epfl.ch> Hi Werner, Thanks a lot! Cheers, Urs On 10/11/11 11:03 AM, Werner Koch wrote: > On Tue, 11 Oct 2011 09:37, urs.hunkeler at epfl.ch said: > >> gpg to use the card to encrypt my messages. How can I add such stubs >> to my keyring on a different computer to point to existing keys on my >> card without having to regenerate the keys (which would render the > You insert the card on that other box and enter > > $ gpg2 --card-edit > > this creates the stub. To retrieve the public key you may now enter: > > gpg/card> fetch > > this uses the URL field of the card to retrieve the key. > > > Salam-Shalom, > > Werner > From Sethukumar.R at sungard.com Tue Oct 11 11:27:51 2011 From: Sethukumar.R at sungard.com (Sethukumar.R at sungard.com) Date: Tue, 11 Oct 2011 09:27:51 +0000 Subject: unsubscribe Message-ID: <273D8A30FB465240872EC945D7E27E1504896E24@emea-tc2-mb01.internal.sungard.corp> Sethukumar Ramachandran * Technical Lead * SunGard * Global Services * Divyasree Chambers, Langford Road, Bangalore 560025, India Tel : +91-80-2222 0501 * Mobile: +91-9980012150 * www.sungard.com/sts -------------- next part -------------- An HTML attachment was scrubbed... URL: From ivan at gray.siamics.net Tue Oct 11 13:25:43 2011 From: ivan at gray.siamics.net (Ivan Shmakov) Date: Tue, 11 Oct 2011 18:25:43 +0700 Subject: Why revoke a key? References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103__10681.1628713787$1318325068$gmane$org@jeromebaum.com> Message-ID: <86hb3f3h3c.fsf@gray.siamics.net> >>>>> Jerome Baum writes: >>>>> On 2011-10-10 23:29, Jan Janka wrote: >> How long would it take to execute a successful brute force attack on >> a pasphrase consisting of 12 symbols (symbols available on common >> keyboards)? > Calculate how many combinations there are, assume some number of > tries per second (you can experimentally find this out), and there > you go. > But remember Murphy's(?) law! -- (I mean the one about doubling > computer power every 18 months -- are there two Murphy's laws? > Confused now...) That's used to be Moore's [1]. On a second thought, I guess that /both/ of them are to be considered when it comes to information security. [1] http://en.wikipedia.org/wiki/Moore's_law [?] -- FSF associate member #7257 From pjemen at gmail.com Tue Oct 11 13:55:45 2011 From: pjemen at gmail.com (pjemen) Date: Tue, 11 Oct 2011 13:55:45 +0200 Subject: Multiple signatures In-Reply-To: <47CFC3B6-AA3D-4EF9-9A5C-A26727A5608A@jabberwocky.com> References: <47CFC3B6-AA3D-4EF9-9A5C-A26727A5608A@jabberwocky.com> Message-ID: <4E942EC1.70608@gmail.com> On 3. 10. 2011 23:59, David Shaw wrote: > On Oct 3, 2011, at 1:49 PM, pet jemen wrote: > >> Hi, >> >> I want to sign binary data in OpenPGP Message Format. >> I want sign it by two or more keys. >> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is possible. >> (A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data.) >> >> I'd like to use gpg from command-line to sign an input file by two keys. >> I tried to sign it by: >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1)" -o %1.signed --sign %1 >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2)" -o %1.signed2 --sign %1.signed >> >> But the second signature signed the first one also with the first signature. >> I need to sign it in way were I can verify signature of signed data by both keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be equal to zero). > Just repeat -u as many times as you need: > > gpg -u the-first-key -u the-second-key -u the-third-key -u etc --sign thefile > > David > Thank you for your advice. It is exactly what I was looking for. I've few more questions. Reason why I want sign files this way is to maintain compatibility and add additional signature for verifying. I'd like to sign file in batch mode this way. gpg2.exe --batch --quiet --yes --force-v3-sigs -z 0 --s2k-digest-algo SHA-1 --passphrase-file %passFile1% -u "t0001 " --s2k-digest-algo SHA512 --passphrase-file %passFile2% -u "t0002 " -o %1.signed --sign %1 It sees that pgp doesn't take password from files if I sign by multiple keys. If I sign files just by one key it works. Is there a way how to sign file with multiple signatures by two commands and to get the same OpenPgp binary format? Other problem I've noticed when I signed file in non-batch mode is that I?ve specified to use SHA512 for second signature. Problem is that the 3rd octed of One-Pass Signature Packetbodyin signed file is 0x08 which is sha256 according http://tools.ietf.org/html/rfc4880#section-9.4 Any ideas why there isn't 0x0a? Any help is welcome. Pavol Misik From rjh at sixdemonbag.org Tue Oct 11 14:27:47 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 11 Oct 2011 08:27:47 -0400 Subject: Why revoke a key? In-Reply-To: <4E93672A.7000103@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> Message-ID: <4E943643.9090103@sixdemonbag.org> On 10/10/2011 5:44 PM, Jerome Baum wrote: > But remember Murphy's(?) law! -- (I mean the one about doubling computer > power every 18 months -- are there two Murphy's laws? Confused now...) Moore's Law. For reference, a 40-bit key is breakable today by just about anyone, a 64-bit key is breakable today by people with access to significant computational resources (hundreds of machines), and it's plausible to believe fantastically wealthy adversaries can break 80-bit keys. In 1998, EFF's DEEP CRACK exhausted a 56-bit keyspace in roughly 24 hours at a cost of $250,000. Assuming Moore's Law holds true, that means it could be built today with equivalent performance for about $1,000. A 64-bit keyspace is only a factor of 250 harder: a DEEP CRACK/64 could theoretically be made at a cost of $250,000. An 80-bit keyspace is a factor of 50,000 harder, more or less, putting the price of that at $12 billion, somewhere in there. This is really rough back-of-the-envelope calculation, but it passes my sniff test. From david at systemoverlord.com Tue Oct 11 15:01:24 2011 From: david at systemoverlord.com (David Tomaschik) Date: Tue, 11 Oct 2011 09:01:24 -0400 Subject: Why revoke a key? In-Reply-To: <4E93672A.7000103@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> Message-ID: On Mon, Oct 10, 2011 at 5:44 PM, Jerome Baum wrote: > On 2011-10-10 23:29, Jan Janka wrote: >> >> How long would it take to execute a successful brute force attack on >> a pasphrase consisting of 12 symbols (symbols available on common >> keyboards)? > > Calculate how many combinations there are, assume some number of tries > per second (you can experimentally find this out), and there you go. > > But remember Murphy's(?) law! -- (I mean the one about doubling computer > power every 18 months -- are there two Murphy's laws? Confused now...) > > You can measure the strength of your password in bits of entropy, which > is basically the log base 2 of the number of combinations. So if there > are 64 possible combinations (a single alphanum case-sensitive > password-ish) then you have 6 bits of entropy. In the diceware FAQ at > www.diceware.com you can find info about how long a password with a > given number of bits is supposed to be secure. Also some tips on how to > pick a memorizable secure passphrase. A very important distinction must be made between randomly-generated passwords and human-generated passwords. Based on a NIST study on password entropy[1], a 12 character password has only about 24 bits of entropy. Of course, if you're careful about your passphrase generation schemes, you can probably achieve higher than that while still generating your own password. If you value your OpenPGP key, I would not trust it to 24 bits of entropy. My off-card backup of my key is protected by a 32-character passphrase that I believe to be highly resistant to dictionary attack (and contains sufficient special characters that I believe its entropy to be close to the optimal 6.5 bits per symbol). But perhaps I'm delusional. [1] http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From jeandavid8 at verizon.net Tue Oct 11 15:41:51 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Tue, 11 Oct 2011 09:41:51 -0400 Subject: Why revoke a key? In-Reply-To: References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> Message-ID: <4E94479F.6040105@verizon.net> David Tomaschik wrote (in part): > If you value your OpenPGP key, I would not trust it to 24 bits of > entropy. My off-card backup of my key is protected by a 32-character > passphrase that I believe to be highly resistant to dictionary > attack (and contains sufficient special characters that I believe its > entropy to be close to the optimal 6.5 bits per symbol). But perhaps > I'm delusional. > I do not know about delusional. But in a sense, was it not unwise to tell me your passphrase length? I will now set up my hypothetical exhaustive search cracker not to bother with passphrases less than 32 characters or longer than 32 characters. This reduces the size of the search space I must examine. Of coarse, the shorter ones can be tested faster than the longer ones. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 09:35:01 up 4 days, 18:08, 4 users, load average: 5.13, 5.25, 5.22 From rjh at sixdemonbag.org Tue Oct 11 16:54:40 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 11 Oct 2011 10:54:40 -0400 Subject: Why revoke a key? In-Reply-To: <4E94479F.6040105@verizon.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> <4E94479F.6040105@verizon.net> Message-ID: <4E9458B0.5090809@sixdemonbag.org> On 10/11/11 9:41 AM, Jean-David Beyer wrote: > But in a sense, was it not unwise to tell me your passphrase length? I > will now set up my hypothetical exhaustive search cracker not to bother > with passphrases less than 32 characters or longer than 32 characters. > This reduces the size of the search space I must examine. Of coarse, the > shorter ones can be tested faster than the longer ones. Not really. Imagine if you knew his passphrase was a number, but not how long it was. Now he tells you, "it's a seven-digit number." Okay, fine: you can exclude all six-digit numbers (900,000 of them), all five-digit numbers (90,000 of them), all four-digit numbers (9,000 of them), all three-digit numbers (900 of them), all two-digit numbers (90 of them) and all one-digit numbers (ten of them) [*]. You've excluded 900,000 + 90,000 + 9,000 + 900 + 90 + 10 = one million total numbers out of the possible ten million. You've reduced the keyspace by 10%. If his passphrase has zero margin of safety, he's done something foolish: his passphrase no longer meets his entropy requirements. On the other hand, if his passphrase is longer than necessary to meet his requirements, he can afford to throw out 10% of the potential keyspace without losing any sleep. What he's done here is pretty much exactly what I've described, just in a different numerical base. Tell you what: I'll put my money where my mouth is. The low-order bits of the primes that comprise my private key are both '1'. Doesn't help you out very much, does it? ;) From avi.wiki at gmail.com Tue Oct 11 17:00:55 2011 From: avi.wiki at gmail.com (Avi) Date: Tue, 11 Oct 2011 11:00:55 -0400 Subject: Why revoke a key? Message-ID: > ---------- Forwarded message ---------- > From:?"Robert J. Hansen" > To:?Jerome Baum , gnupg-users at gnupg.org > Date:?Tue, 11 Oct 2011 08:27:47 -0400 > Subject:?Re: Why revoke a key? > On 10/10/2011 5:44 PM, Jerome Baum wrote: >> But remember Murphy's(?) law! -- (I mean the one about doubling computer >> power every 18 months -- are there two Murphy's laws? Confused now...) > > Moore's Law. > > For reference, a 40-bit key is breakable today by just about anyone, a > 64-bit key is breakable today by people with access to significant > computational resources (hundreds of machines), and it's plausible to > believe fantastically wealthy adversaries can break 80-bit keys. > > In 1998, EFF's DEEP CRACK exhausted a 56-bit keyspace in roughly 24 > hours at a cost of $250,000. ?Assuming Moore's Law holds true, that > means it could be built today with equivalent performance for about $1,000. > > A 64-bit keyspace is only a factor of 250 harder: a DEEP CRACK/64 could > theoretically be made at a cost of $250,000. ?An 80-bit keyspace is a > factor of 50,000 harder, more or less, putting the price of that at $12 > billion, somewhere in there. > > This is really rough back-of-the-envelope calculation, but it passes my > sniff test. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Somewhat outdated, but here is a webpage that makes some comparisons. They don't give the bitsize of the keys, just the number of combinations, but it is still representative. Some other interesting, but likely outdated, discussions: <-- discusses PGP Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iJgEAREKAEAFAk6UWfc5GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/ b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din5gXcBAJhFPQdzW6Xm +yGodASC7eBNvkyE67/eHZZK+xLWe+faAP4ghpRCy6ryU8F0Yz65JmzEmmpyFGKw vuJ2Oxoq7UTO+g== =Fdds -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) ? Primary key fingerprint: 167C 063F 7981 A1F6 71EC ?ABAA 0D62 B019 F80E 29F9 From vedaal at nym.hush.com Tue Oct 11 17:33:01 2011 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Tue, 11 Oct 2011 11:33:01 -0400 Subject: key selection in batch decryptions Message-ID: <20111011153301.D7D17E672D@smtp.hushmail.com> John A. Wallace jw72253 at verizon.net wrote on Mon Oct 10 23:18:21 CEST 2011 : >Is there a way to tell gpg to use just one of the keys if any? I have tried specifying this as one of the options "-u userID", but it seems to ignore my specification and it always tries to use a different key from the one I intend. Not with a direct command, but with a simple workaround. Make another keyring with only the key(s) you want tried, and point gnupg to that keyring for that batch job. vedaal From wk at gnupg.org Tue Oct 11 17:56:54 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Oct 2011 17:56:54 +0200 Subject: Multiple signatures In-Reply-To: <4E942EC1.70608@gmail.com> (pjemen@gmail.com's message of "Tue, 11 Oct 2011 13:55:45 +0200") References: <47CFC3B6-AA3D-4EF9-9A5C-A26727A5608A@jabberwocky.com> <4E942EC1.70608@gmail.com> Message-ID: <87y5wr7c8p.fsf@vigenere.g10code.de> On Tue, 11 Oct 2011 13:55, pjemen at gmail.com said: > Other problem I've noticed when I signed file in non-batch mode is that > I?ve specified to use SHA512 for second signature. You didn't. What you did is to specify an S2K hash algorithm which is used to turn passphrases into keys. Further it is not possible to change the algorithms for each key. You may be better off not to tinker around with algorithm options if you don't have a close understanding of how they work. GnuPG has sensible defaults and a preference system to select algorithms. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From michael.b.banks at citi.com Tue Oct 11 17:35:44 2011 From: michael.b.banks at citi.com (Banks, Michael B ) Date: Tue, 11 Oct 2011 10:35:44 -0500 Subject: gpg version 2.0.17 with libgcrypt 1.4.6 Message-ID: <0899CFA1FA38A64CB46541F778FAC7FA0E5943DACC@exgtmb01.nam.nsroot.net> Hi, Another developer and I have downloaded and compiled and built the versions of gpg listed. I have generated the keys successfully and when I try running gpg as a test to encrypt a file I am getting bus errors. I have started the agent as you can see below as well. I also did a list-keys to show my keys I'm testing with as well. Does anyone have any ideas as to why I am getting a bus error? I've looked at a lot of documentation and browsed the internet but am not finding anything. Thanks, Mike gpg (GnuPG) 2.0.17 libgcrypt 1.4.6 ACTUAL RUN ---------- mb55918[crdap400] cat test.log | gpg -v -e -r mb55918 --output test.gpg Warning: using insecure memory! gpg: using PGP trust model gpg: using subkey 8A6C440C instead of primary key F8A311AD gpg: This key belongs to us gpg: reading from `[stdin]' File `test.gpg' exists. Overwrite? (y/N) y gpg: writing to `test.gpg' ksh: 14336 Bus Error LIST OF KEYS ------------ mb55918[crdap400] gpg --list-keys Warning: using insecure memory! /home/cchome01/mb55918/.gnupg/pubring.gpg ----------------------------------------- pub 1024D/F8A311AD 2011-09-29 uid mb55918 (mb55918) sub 1024g/8A6C440C 2011-09-29 AGENT ----- mb55918 27018 1 0 10:20:37 ? 0:00 gpg-agent --daemon --use-standard-socket --pinentry-program /opt/software/biadm From rjh at sixdemonbag.org Tue Oct 11 22:32:18 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 11 Oct 2011 16:32:18 -0400 Subject: Useful factoid Message-ID: <4E94A7D2.7060104@sixdemonbag.org> Accurate to 6%, there are 2**25 seconds in a year. Worth remembering: it makes certain kinds of computations much easier. (It follows there would be about 2**35 seconds in a thousand years, or 2**45 seconds in a million.) E.g., let's say you want to brute-force an 64-bit key on a CPU that can do a million (2**20) attempts per second. This requires, on average, 2**63 attempts. 2**63 / 2**20 = 2**43 seconds: 2**43 / 2**45 = 2**-2 = a quarter of a million years. I don't know why it took me so long to notice that: seems like the sort of thing I should've noticed a decade ago. It makes certain kinds of computations so much easier. Anyway, figured I'd throw it out on the off chance there were others who hadn't noticed it. From jeandavid8 at verizon.net Tue Oct 11 23:14:06 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Tue, 11 Oct 2011 17:14:06 -0400 Subject: Useful factoid In-Reply-To: <4E94A7D2.7060104@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> Message-ID: <4E94B19E.1040605@verizon.net> Robert J. Hansen wrote: > Accurate to 6%, there are 2**25 seconds in a year. Worth remembering: > it makes certain kinds of computations much easier. (It follows there > would be about 2**35 seconds in a thousand years, or 2**45 seconds in a > million.) > > E.g., let's say you want to brute-force an 64-bit key on a CPU that can > do a million (2**20) attempts per second. This requires, on average, > 2**63 attempts. 2**63 / 2**20 = 2**43 seconds: 2**43 / 2**45 = 2**-2 = > a quarter of a million years. Let us assume you are the bad guy and have computing power that can do an arbitrarily large number of key attempts per second. Unless you have my encrypted keys, you have to access my computer (unless you have already stolen it, in which case there are much easier ways to invade the machine), you will have to try logging in through the Internet (in the case of my machine), and the first thing you will hit is the login program. This can probably handle only a few attempts per second, and if I were serious about security, I would have it double the time to reply each time it got a failed login on that connection. In the days of dialup, I would have the machine hang up on the connection with too many failed login attempts. Of course, if you could get into my machine and login as the only user with access to my encrypted password file, you could copy that file to your high speed facility and crack it at your leisure. But if you could do that, you could already do anything you wanted with my machine -- install trojan horse keyloggers, defeat the security in the login program, etc. > > I don't know why it took me so long to notice that: seems like the sort > of thing I should've noticed a decade ago. It makes certain kinds of > computations so much easier. > > Anyway, figured I'd throw it out on the off chance there were others who > hadn't noticed it. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 17:05:02 up 5 days, 1:38, 4 users, load average: 4.73, 4.76, 4.82 From jerome at jeromebaum.com Tue Oct 11 23:32:38 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 11 Oct 2011 23:32:38 +0200 Subject: Why revoke a key? In-Reply-To: <4E9458B0.5090809@sixdemonbag.org> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> <4E94479F.6040105@verizon.net> <4E9458B0.5090809@sixdemonbag.org> Message-ID: <4E94B5F6.40300@jeromebaum.com> On 2011-10-11 16:54, Robert J. Hansen wrote: > Okay, fine: you can exclude all six-digit numbers (900,000 of them), all > five-digit numbers (90,000 of them), all four-digit numbers (9,000 of > them), all three-digit numbers (900 of them), all two-digit numbers (90 > of them) and all one-digit numbers (ten of them) [*]. You've excluded > 900,000 + 90,000 + 9,000 + 900 + 90 + 10 = one million total numbers out > of the possible ten million. You've reduced the keyspace by 10%. That "10%" really depends on what you are revealing. Consider a 256-bit key. Telling you that it's "proper" 256 bits (i.e. MSB is 1) I've just halved the search space. I'd guess that revealing that a single base-n digit is non-zero you loose 1/n of the keyspace (base-10: 10%, base-2: 50%). Let's see: given m base-n digits, the keyspace has n^m elements. Revealing one of those digits to be non-zero, the search space is reduced to (n-1)*n^(m-1), so you've lost n^m-(n-1)*n^(m-1) items from your keyspace. That's (n^m-(n-1)*n^(m-1))/n^m of your keyspace, i.e. 1-(n-1)/n = 1/n. So the bit case is the worst-case, and even though I'm paranoid enough for a 4096-bit pubkey, I can sleep well when a 256-bit symmetric key is really worth 255 bits. :-) P.S. where did the [*] go? > If his passphrase has zero margin of safety, he's done something > foolish: his passphrase no longer meets his entropy requirements. On > the other hand, if his passphrase is longer than necessary to meet his > requirements, he can afford to throw out 10% of the potential keyspace > without losing any sleep. > > What he's done here is pretty much exactly what I've described, just in > a different numerical base. > > Tell you what: I'll put my money where my mouth is. The low-order bits > of the primes that comprise my private key are both '1'. Doesn't help > you out very much, does it? ;) Oh, also, "this!" -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From expires2011 at ymail.com Wed Oct 12 02:54:02 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 12 Oct 2011 01:54:02 +0100 Subject: Useful factoid In-Reply-To: <4E94A7D2.7060104@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> Message-ID: <262152294.20111012015402@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 11 October 2011 at 9:32:18 PM, in , Robert J. Hansen wrote: > Accurate to 6%, there are 2**25 seconds in a year. [...] > I don't know why it took me so long to notice that: > seems like the sort of thing I should've noticed a > decade ago. I suppose you didn't need to notice it because you already remembered "pi seconds in a nano-century" - -- Best regards MFPA mailto:expires2011 at ymail.com A nod is as good as a wink to a blind bat! -----BEGIN PGP SIGNATURE----- iQCVAwUBTpTlNaipC46tDG5pAQo8NgP/f/etxoSVmn5rhWCc/mUxaoO4U4HD/9TB snAV8qD1mZU2dzvkzrlZXMlIgr3pYzEXTImSGfsmjBLH90Q/hGdvAvlC2smW8Ezw Net+bV/vw6r8TFKbwoF7ubIK4/27A3bSoq3up5t0PrEK2dOGIpTYnPgfEY5pIfe/ jz1JYCPJNhE= =/wzd -----END PGP SIGNATURE----- From aaron.toponce at gmail.com Wed Oct 12 04:51:18 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Tue, 11 Oct 2011 20:51:18 -0600 Subject: Useful factoid In-Reply-To: <4E94A7D2.7060104@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> Message-ID: <20111012025118.GC32237@poseidon.cocyt.us> On Tue, Oct 11, 2011 at 04:32:18PM -0400, Robert J. Hansen wrote: > Accurate to 6%, there are 2**25 seconds in a year. Worth remembering: > it makes certain kinds of computations much easier. (It follows there > would be about 2**35 seconds in a thousand years, or 2**45 seconds in a > million.) > > E.g., let's say you want to brute-force an 64-bit key on a CPU that can > do a million (2**20) attempts per second. This requires, on average, > 2**63 attempts. 2**63 / 2**20 = 2**43 seconds: 2**43 / 2**45 = 2**-2 = > a quarter of a million years. > > I don't know why it took me so long to notice that: seems like the sort > of thing I should've noticed a decade ago. It makes certain kinds of > computations so much easier. > > Anyway, figured I'd throw it out on the off chance there were others who > hadn't noticed it. This is actually pretty cool. Puts things in perspective. I usually show people http://stats.distributed.net/projects.php?project_id=8. The distributed computing project is working on brute forcing the key that will break the RSA 72-bit crypto challenge. Currently, they're moving at a pace of 324 billion keys per second (substantially faster than Robert's example), and even at that rate, it would take them ~450 years to exhaust the entire keyspace. Of course, I realize that the probability of them finding the key tomorrow is the same as finding the key in 450 years, but the point remains- breaking a 72-bit key is substantially more difficult, and requires a serious amount of computing power. For all intents and purposes, I am fine with 72-bits worth of entropy on my passwords, and building systems relying on 72-bit keys for my personal data. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From wk at gnupg.org Wed Oct 12 09:40:10 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Oct 2011 09:40:10 +0200 Subject: gpg version 2.0.17 with libgcrypt 1.4.6 In-Reply-To: <0899CFA1FA38A64CB46541F778FAC7FA0E5943DACC@exgtmb01.nam.nsroot.net> (Michael B. Banks's message of "Tue, 11 Oct 2011 10:35:44 -0500") References: <0899CFA1FA38A64CB46541F778FAC7FA0E5943DACC@exgtmb01.nam.nsroot.net> Message-ID: <87ty7e7j51.fsf@vigenere.g10code.de> On Tue, 11 Oct 2011 17:35, michael.b.banks at citi.com said: > Another developer and I have downloaded and compiled and built the > versions of gpg listed. I have generated the keys successfully and > when I try running gpg as a test to encrypt a file I am getting bus > errors. I have started the agent a Please let us known what OS and what CPU you are using. To track down such a bus error we need a stack backtrace. If you run gpg under a debugger the debugger should break at the bus error and allow you to generate a backtrace (when using gdb you would enter "bt full" and then "info registers"). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome+person at jeromebaum.com Tue Oct 11 23:08:12 2011 From: jerome+person at jeromebaum.com (Jerome Baum) Date: Tue, 11 Oct 2011 23:08:12 +0200 Subject: Why revoke a key? In-Reply-To: <86hb3f3h3c.fsf@gray.siamics.net> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103__10681.1628713787$1318325068$gmane$org@jeromebaum.com> <86hb3f3h3c.fsf@gray.siamics.net> Message-ID: <4E94B03C.2080800@jeromebaum.com> On 2011-10-11 13:25, Ivan Shmakov wrote: > That's used to be Moore's [1]. This is why I hated physics: Everything is named after someone. It's also why I picked computer science. Oh... -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) From takethebus at gmx.de Wed Oct 12 18:19:10 2011 From: takethebus at gmx.de (Jan Janka) Date: Wed, 12 Oct 2011 18:19:10 +0200 Subject: Why revoke a key? In-Reply-To: <4E94B5F6.40300@jeromebaum.com> References: <20111007095153.GG32237@poseidon.cocyt.us> <87zkhcagfv.fsf@vigenere.g10code.de> <20111007185548.GK32237@poseidon.cocyt.us> <4E8FC9FE.5080702@jeromebaum.com> <4E900F5D.7080206@sixdemonbag.org> <4E906B9E.1050606@digitalbrains.com> <4E90B2E6.9040203@sixdemonbag.org> <20111009213014.292330@gmx.net> <4E9225AE.5090808@sixdemonbag.org> <20111010212957.302090@gmx.net> <4E93672A.7000103@jeromebaum.com> <4E94479F.6040105@verizon.net> <4E9458B0.5090809@sixdemonbag.org> <4E94B5F6.40300@jeromebaum.com> Message-ID: <20111012161910.149870@gmx.net> Thanks for all the good advice, Jan From michael.b.banks at citi.com Wed Oct 12 17:05:25 2011 From: michael.b.banks at citi.com (Banks, Michael B ) Date: Wed, 12 Oct 2011 10:05:25 -0500 Subject: gpg version 2.0.17 with libgcrypt 1.4.6 In-Reply-To: <87ty7e7j51.fsf@vigenere.g10code.de> References: <0899CFA1FA38A64CB46541F778FAC7FA0E5943DACC@exgtmb01.nam.nsroot.net> <87ty7e7j51.fsf@vigenere.g10code.de> Message-ID: <0899CFA1FA38A64CB46541F778FAC7FA0E5943E619@exgtmb01.nam.nsroot.net> Werner, First off thanks for your reply back. Can you give me the exact commands on how to run the debugger? I am not fluent in gpg and could use a little help We are using Sun Solaris version SunOS crdap400 5.10 Generic_144488-11 sun4u sparc SUNW,Sun-Fire-15000 CPU's = ========================= CPUs ========================= CPU Run E$ CPU CPU Slot ID ID MHz MB Impl. Mask -------- ------- ---- ---- ------- ---- /SB00/P0 0, 4 1800 32.0 US-IV+ 2.2 /SB00/P1 1, 5 1800 32.0 US-IV+ 2.2 /SB00/P2 2, 6 1800 32.0 US-IV+ 2.2 /SB00/P3 3, 7 1800 32.0 US-IV+ 2.2 /SB01/P0 32, 36 1800 32.0 US-IV+ 2.2 /SB01/P1 33, 37 1800 32.0 US-IV+ 2.2 /SB01/P2 34, 38 1800 32.0 US-IV+ 2.2 /SB01/P3 35, 39 1800 32.0 US-IV+ 2.2 /SB02/P0 64, 68 1800 32.0 US-IV+ 2.2 /SB02/P1 65, 69 1800 32.0 US-IV+ 2.2 /SB02/P2 66, 70 1800 32.0 US-IV+ 2.2 /SB02/P3 67, 71 1800 32.0 US-IV+ 2.2 /SB03/P0 96,100 1800 32.0 US-IV+ 2.2 /SB03/P1 97,101 1800 32.0 US-IV+ 2.2 /SB03/P2 98,102 1800 32.0 US-IV+ 2.2 /SB03/P3 99,103 1800 32.0 US-IV+ 2.2 /SB04/P0 128,132 1800 32.0 US-IV+ 2.2 /SB04/P1 129,133 1800 32.0 US-IV+ 2.2 /SB04/P2 130,134 1800 32.0 US-IV+ 2.2 /SB04/P3 131,135 1800 32.0 US-IV+ 2.2 /SB05/P0 160,164 1800 32.0 US-IV+ 2.2 /SB05/P1 161,165 1800 32.0 US-IV+ 2.2 /SB05/P2 162,166 1800 32.0 US-IV+ 2.2 /SB05/P3 163,167 1800 32.0 US-IV+ 2.2 /SB06/P0 192,196 1800 32.0 US-IV+ 2.2 /SB06/P1 193,197 1800 32.0 US-IV+ 2.2 /SB06/P2 194,198 1800 32.0 US-IV+ 2.2 /SB06/P3 195,199 1800 32.0 US-IV+ 2.2 /SB07/P0 224,228 1800 32.0 US-IV+ 2.2 /SB07/P1 225,229 1800 32.0 US-IV+ 2.2 /SB07/P2 226,230 1800 32.0 US-IV+ 2.2 /SB07/P3 227,231 1800 32.0 US-IV+ 2.2 /SB08/P0 256,260 1800 32.0 US-IV+ 2.2 /SB08/P1 257,261 1800 32.0 US-IV+ 2.2 /SB08/P2 258,262 1800 32.0 US-IV+ 2.2 /SB08/P3 259,263 1800 32.0 US-IV+ 2.2 /SB11/P0 352,356 1800 32.0 US-IV+ 2.2 /SB11/P1 353,357 1800 32.0 US-IV+ 2.2 /SB11/P2 354,358 1800 32.0 US-IV+ 2.2 /SB11/P3 355,359 1800 32.0 US-IV+ 2.2 /SB12/P0 384,388 1800 32.0 US-IV+ 2.4 /SB12/P1 385,389 1800 32.0 US-IV+ 2.4 /SB12/P2 386,390 1800 32.0 US-IV+ 2.4 /SB12/P3 387,391 1800 32.0 US-IV+ 2.4 /SB13/P0 416,420 1800 32.0 US-IV+ 2.4 /SB13/P1 417,421 1800 32.0 US-IV+ 2.4 /SB13/P2 418,422 1800 32.0 US-IV+ 2.4 /SB13/P3 419,423 1800 32.0 US-IV+ 2.4 -----Original Message----- From: Werner Koch [mailto:wk at gnupg.org] Sent: Wednesday, October 12, 2011 2:40 AM To: Banks, Michael B [GCG-NAOT] Cc: gnupg-users at gnupg.org Subject: Re: gpg version 2.0.17 with libgcrypt 1.4.6 On Tue, 11 Oct 2011 17:35, michael.b.banks at citi.com said: > Another developer and I have downloaded and compiled and built the > versions of gpg listed. I have generated the keys successfully and > when I try running gpg as a test to encrypt a file I am getting bus > errors. I have started the agent a Please let us known what OS and what CPU you are using. To track down such a bus error we need a stack backtrace. If you run gpg under a debugger the debugger should break at the bus error and allow you to generate a backtrace (when using gdb you would enter "bt full" and then "info registers"). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From americabrazil1234 at hotmail.com Wed Oct 12 17:44:51 2011 From: americabrazil1234 at hotmail.com (Vortran66) Date: Wed, 12 Oct 2011 08:44:51 -0700 (PDT) Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <4E8DF170.4030403@sixdemonbag.org> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> Message-ID: <32639372.post@talk.nabble.com> Robert J. Hansen-3 wrote: > > On 10/5/11 7:55 PM, Vortran66 wrote: >> I have a very limited knowledge of using terminal in Mac. Can someone >> tell >> me what commands I would need to enter to do this. > > > The good news is that I've put together a small Python script that will > (hopefully) make things a little easier on you. Give me a day or two to > do more bughunting, and once it's done it should be pretty easy on you > to edit these values. > > http://keyservers.org/~rjh/agent-alter-1.0.tar.bz2 > http://keyservers.org/~rjh/agent-alter-code.pdf > http://keyservers.org/~rjh/agent-alter.pdf > > You'll need Norman Ramsey's Noweb package installed in order to rebuild > from the Noweb source, but you can also just look inside src/ to get a > pre-extracted version (named "agent-alter"). Alternately, just read the > two PDFs. Any and all bug finds gratefully accepted. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Mr Hansen: Thanks for all your effort. I realize now that changing the cache values involves a little more than changing a few values and that I am probably in way over my head. I am basically just a dumb user who has no real experience programming other than a little COBAL back in college 25 years ago (don't laugh). I read the agent-alter PDF and I get the gist of what it does. My problem is I really unfamiliar with using terminal. To use agent-alter do I just copy the code from the PDF and paste into terminal or is more involved? I understand how to change the cache values in agent-alter but beyond that I am pretty clueless. If there are a few monkey-see monkey-do steps that I need to do to implement alter-agent could you let me know what they are. If it is more involved than that or if it is something I could easily screw up my system not knowing what I am doing let me know and I will search for another encryption solution. Is there another front end to GnuPG besides GPG Tools that would allow me to limit the time a password is cached? I am using a mac running os x. I am using GPG Tools, Keychain Access Version 0.8.13 (0.8.13) Bill -- View this message in context: http://old.nabble.com/How-to-use-terminal-to-change-mac-cache-ttl-tp32599099p32639372.html Sent from the GnuPG - User mailing list archive at Nabble.com. From rjh at sixdemonbag.org Wed Oct 12 22:25:49 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 12 Oct 2011 16:25:49 -0400 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <32639372.post@talk.nabble.com> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> <32639372.post@talk.nabble.com> Message-ID: <4E95F7CD.40700@sixdemonbag.org> On 10/12/11 11:44 AM, Vortran66 wrote: > Thanks for all your effort. I realize now that changing the cache > values involves a little more than changing a few values and that I > am probably in way over my head. It involves editing a couple of configuration files by hand, and requires you to be a little comfortable with the command-line, yes. This much is true. :) > I am basically just a dumb user This much is totally bogus. :) > who has no real experience programming other than a little COBAL back > in college 25 years ago (don't laugh). Laughing at COBOL is sort of like laughing at the Great Pyramids of Egypt: it tells you a lot more about the person doing the laughing than it does about COBOL. Speaking just for myself, I don't laugh at apps that have been running for five decades without a crash. > I read the agent-alter PDF and I get the gist of what it does. My > problem is I really unfamiliar with using terminal. That's not for you, friend. :) My goal is to give you a tool you can easily use to solve your problem. That PDF was meant more for other people to review and tell me, "no, you're doing it wrong, you should...". (And that was very much worthwhile: Werner pointed me towards the gpgconf tool, which simplified things a lot.) Anyway. You might want to take a look at: http://keyservers.org/~rjh/AlterAgent.zip Download it, unzip it, and within there will be an OS X app called "AlterAgent." Double-click and you might just get the solution to your problem. It might also crash horribly. *I've only tested it on my own machine.* No warranties express or implied, etc., etc. If it breaks you get to keep both parts. If you have feedback ("it's great, you're so cool!", or "my Mac is now on fire and it's all your fault!"), please send it to me directly: don't spam the list with it, please. Thanks. :) From rjh at sixdemonbag.org Thu Oct 13 12:30:31 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Oct 2011 06:30:31 -0400 Subject: Useful factoid In-Reply-To: <4E94B19E.1040605@verizon.net> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> Message-ID: <4E96BDC7.9000708@sixdemonbag.org> On 10/11/2011 05:14 PM, Jean-David Beyer wrote: > Let us assume you are the bad guy Okay. > Unless you have my encrypted keys, you have to access my computer > (unless you have already stolen it, in which case there are much > easier ways to invade the machine), you will have to try logging in > through the Internet (in the case of my machine), and the first thing > you will hit is the login program. Hold on a second there. You seem to be making some extremely unwarranted assumptions. If I want your secret key material, I'm not going to steal your computer. I'm going to use an exploit to bypass your login, plant a Trojaned version of GnuPG, and laugh all the way to the bank. Modern-day operating systems are frightening -- terrifyingly -- insecure. A while ago Vint Cerf estimated that about one desktop PC in five was already pwn3d. That's a number that keeps me awake at night. From jerome at jeromebaum.com Thu Oct 13 13:51:50 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Thu, 13 Oct 2011 13:51:50 +0200 Subject: Useful factoid In-Reply-To: <4E96BDC7.9000708@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> Message-ID: <4E96D0D6.7060500@jeromebaum.com> > Hold on a second there. You seem to be making some extremely > unwarranted assumptions. Take a look: >> Unless you have my encrypted keys, you have to access my computer >> (unless you have already stolen it, in which case there are much >> easier ways to invade the machine), you will have to try logging in >> through the Internet (in the case of my machine), > If I want your secret key material, I'm not going to steal your > computer. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Thu Oct 13 14:14:49 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Oct 2011 08:14:49 -0400 Subject: Useful factoid In-Reply-To: <4E96D0D6.7060500@jeromebaum.com> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96D0D6.7060500@jeromebaum.com> Message-ID: <4E96D639.70005@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/13/11 7:51 AM, Jerome Baum wrote: > Take a look: I did. You said I have to access your computer, to try logging in through the Internet. I don't. I just have to find an exploit. Saying "my front door is locked" is great, but it's not so great when you consider a good thief knows how to pick locks. Against that kind of adversary a lock isn't much of a prevention device: at best it delays the thief by a minute. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iFYEAREIAAYFAk6W1jQACgkQI4Br5da5jhCe5ADfalUs2A9esxyUzm5PSR7jHtxA X070BaWnnBbdxwDffCSbpoq3miWq1SPMnqZ7TLaodIZTveFA6ez4dYkBHAQBAQgA BgUCTpbWNAAKCRAHLcdEK4m9RVdTB/9VHB187mWBkW1z9XLvLyp5/aN9mv4x8nsY XQyMwNCRfzpseplMaEMT7JFPsTH87xxzhhu853ebdMajN+QnPeva0ipaLwCeNXGu Y3DDJ0EgtD1Hw4CQyMeRCHI8OPuJRCgzfaVul9KFUvcUmgSDUp3DNCrPUzR+GCQZ WqDfvMlaBZjnqexwBxhWJtY3mfpm463qSgMRHuidpx7BBxe0K/jLc1AC8f2ytCCn DXmmEQt7AHIZq6jQbZ9sZAqhRR0ceu7qmXefvL6lTXealopyARgnlyU7PSHC0p0M yjwTynL85BnC89eUdlIWmVU7/FovpnLqg8lPj38jovAdsJ5Vtrn7 =/Uvi -----END PGP SIGNATURE----- From jerome at jeromebaum.com Thu Oct 13 14:29:58 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Thu, 13 Oct 2011 14:29:58 +0200 Subject: Useful factoid In-Reply-To: <4E96D639.70005@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96D0D6.7060500@jeromebaum.com> <4E96D639.70005@sixdemonbag.org> Message-ID: <4E96D9C6.2070308@jeromebaum.com> On 2011-10-13 14:14, Robert J. Hansen wrote: > On 10/13/11 7:51 AM, Jerome Baum wrote: >> Take a look: > > I did. You said I have to access your computer, to try logging in > through the Internet. I don't. I just have to find an exploit. I didn't say anything (modulo "Take a look"). > Saying "my front door is locked" is great, but it's not so great when > you consider a good thief knows how to pick locks. Against that kind > of adversary a lock isn't much of a prevention device: at best it > delays the thief by a minute. "You have to access my computer" would be "you have to enter my house". Nobody ever said "you have to enter my house via the front door". Also, a thief that picks my front door would be someone who brute-forces my login (assuming the front door is my login). You probably meant a thief who just smashes a window or climbs through one that is open. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Thu Oct 13 14:44:48 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Oct 2011 08:44:48 -0400 Subject: Useful factoid In-Reply-To: <4E96D9C6.2070308@jeromebaum.com> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96D0D6.7060500@jeromebaum.com> <4E96D639.70005@sixdemonbag.org> <4E96D9C6.2070308@jeromebaum.com> Message-ID: <4E96DD40.5010605@sixdemonbag.org> On 10/13/2011 8:29 AM, Jerome Baum wrote: > I didn't say anything (modulo "Take a look"). At this point it seems to me you're being deliberately obtuse. Have a nice day. From andyjpb at ashurst.eu.org Thu Oct 13 00:50:19 2011 From: andyjpb at ashurst.eu.org (Andy Bennett) Date: Wed, 12 Oct 2011 23:50:19 +0100 Subject: Key revocation UI confusion Message-ID: <4E9619AB.2050903@ashurst.eu.org> Hi, I've been happily using my key for many years. It started off in PGP on Windows and I imported it into GnuPG 1.4.9 on Debian Lenny a few years ag= o. At that time I revoked a few of the old UIDs and the encryption subkey. I then created a new encryption subkey which I've been using ever since. Today someone suggested that they thought I'd revoked my key so I looked into it. At first I thought that they were possibly correct: some UIs seem to suggest that my key has indeed been revoked. However, 'gpg --verify' and Enigmail are happy to verify signatures made by my key and both tools are happy to use the key as if it were valid. Here's what happens if I look at the key with 'gpg --edit-key': ----- $ gpg --edit-key 7EBA75FF gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 1024D/7EBA75FF created: 2000-10-30 expires: never usage: SCA= trust: ultimate validity: ultimate This key was revoked on 2008-05-28 by DSA key 7EBA75FF Andy Bennett sub 2048g/64FEFE87 created: 2000-10-30 revoked: 2008-05-28 usage: E sub 2048g/C65AF469 created: 2008-05-27 expires: never usage: E [ultimate] (1). Andy Bennett [ultimate] (2) Andy Bennett [ revoked] (3) Andy Bennett [ revoked] (4) Andy Bennett [ultimate] (5) Andy Bennett Command> quit ----- The "This key was revoked..." message was potentially alarming as it appeared immediately after the "pub" section. However, a short experiment later, I'm pretty sure it refers to the 2048g/64FEFE87 subkey: ----- Command> revkey Do you really want to revoke the entire key? (y/N) y Please select the reason for the revocation: 0 =3D No reason specified 1 =3D Key has been compromised 2 =3D Key is superseded 3 =3D Key is no longer used Q =3D Cancel Your decision? 0 Enter an optional description; end it with an empty line: > Reason for revocation: No reason specified (No description given) Is this okay? (y/N) y ----- =2E.. ----- Command> list This key was revoked on 2011-10-12 by DSA key 7EBA75FF Andy Bennett pub 1024D/7EBA75FF created: 2000-10-30 revoked: 2011-10-12 usage: SCA= trust: ultimate validity: revoked This key was revoked on 2008-05-28 by DSA key 7EBA75FF Andy Bennett sub 2048g/64FEFE87 created: 2000-10-30 revoked: 2008-05-28 usage: E This key was revoked on 2011-10-12 by DSA key 7EBA75FF Andy Bennett sub 2048g/C65AF469 created: 2008-05-27 revoked: 2011-10-12 usage: E [ revoked] (1). Andy Bennett [ revoked] (2) Andy Bennett [ revoked] (3) Andy Bennett [ revoked] (4) Andy Bennett [ revoked] (5) Andy Bennett Command> quit Save changes? (y/N) Quit without saving? (y/N) y ----- =2E.. so that's what the key would look like it if really had been entirely revoked: it would say revoked *before* the "pub" section and in the "pub" validity section. Now, when I inspect the key here: http://pgp.es.net/pks/lookup?op=3Dvindex&fingerprint=3Don&search=3D0x387A= 76957EBA75FF =2E..there are rather worrying red "revok" lines in my primary UID as wel= l as in my encryption subkey 2048g/C65AF469 whick I assumed was valid. What do these lines mean? It's clear that I've been receiving signatures on the primary UID since the revok line and it's also clear that I've not been receiving signatures on the UIDs that have actually been revoked. I've found some other keys which I know to be in use, and have been successfully verifying eMail from, that exhibit similar properties in both UIs. Is this a property of my type of key or is it a bug or lack of clarity in the visualization? Many thanks for your time. Regards, @ndy --=20 andyjpb at ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From melvincarvalho at gmail.com Thu Oct 13 15:55:39 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Thu, 13 Oct 2011 15:55:39 +0200 Subject: Useful factoid In-Reply-To: <4E94A7D2.7060104@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> Message-ID: On 11 October 2011 22:32, Robert J. Hansen wrote: > Accurate to 6%, there are 2**25 seconds in a year. ?Worth remembering: > it makes certain kinds of computations much easier. ?(It follows there > would be about 2**35 seconds in a thousand years, or 2**45 seconds in a > million.) > > E.g., let's say you want to brute-force an 64-bit key on a CPU that can > do a million (2**20) attempts per second. ?This requires, on average, > 2**63 attempts. ?2**63 / 2**20 = 2**43 seconds: 2**43 / 2**45 = 2**-2 = > a quarter of a million years. > > I don't know why it took me so long to notice that: seems like the sort > of thing I should've noticed a decade ago. ?It makes certain kinds of > computations so much easier. > > Anyway, figured I'd throw it out on the off chance there were others who > hadn't noticed it. I used to think of there being roughly 2^32 seconds in a lifetime :) > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From jeandavid8 at verizon.net Thu Oct 13 16:03:56 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Thu, 13 Oct 2011 10:03:56 -0400 Subject: Useful factoid In-Reply-To: <4E96BDC7.9000708@sixdemonbag.org> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> Message-ID: <4E96EFCC.7020003@verizon.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen wrote: > On 10/11/2011 05:14 PM, Jean-David Beyer wrote: >> Let us assume you are the bad guy > > Okay. > >> Unless you have my encrypted keys, you have to access my computer >> (unless you have already stolen it, in which case there are much >> easier ways to invade the machine), you will have to try logging in >> through the Internet (in the case of my machine), and the first >> thing you will hit is the login program. > > Hold on a second there. You seem to be making some extremely > unwarranted assumptions. Quite possibly. And unwarranted assumptions are especially pernicious because those are typically those I am unaware of making. I am not a security expert anymore. I really was never a security expert, though I was once put in charge of security for 10 VAX machines running UNIX, but this was around 30 years ago almost before the Internet. Some of us were using uucp on dialup, but that was about it. In those days it was almost impossible to get the users to use passwords on their accounts. > > If I want your secret key material, I'm not going to steal your > computer. I'm going to use an exploit to bypass your login, plant a > Trojaned version of GnuPG, and laugh all the way to the bank. I realize if you stole my computer that I would notice it. If you broke into my house skillfully enough that I did not notice it, you could install a key logger, or copy my hard drives, steal my backup tapes, ... . But you could also remove all protections by getting in as the root user (on UNIX-Linux). And I might not notice that. The trick is to do that from the Internet. I have some safeguards to protect me, and they may protect me from amateurs, but an expert might be able to defeat me. It seems to me that to do much damage to my machine, you need to get a shell with root access. And to do that, do you not pretty much need the root password? Or hijack a program that is currently running with the root privileges? I never run a web browser as root. But there are demons that run and some have root privileges. Such as the download mechanism to download updates from Red Hat. My nameserver does not run as root. I do not run telnet. ssh will talk only to specified IP addresses on my LAN. My firewall will not accept messages from outside unless in reply to something I sent out, so I believe it would take a man-in-the-middle attack to get past that unless the firewall is defective. I actually have two firewalls; a primitive one in the router that comes with Verizon's FiOS service, and another one using iptables. These, too, could have bugs, especially if I made a mistake in programming the iptables firewall. > > Modern-day operating systems are frightening -- terrifyingly -- > insecure. A while ago Vint Cerf estimated that about one desktop PC > in five was already pwn3d. That's a number that keeps me awake at > night. > At one extreme, the only way to be pretty safe is to have a machine that is not connected to the Internet, and have U.S.Marines to guard the hardware and access to it. I do not choose to defend myself against threats that would reasonably require that. I want my security to be weak enough that the black hats would not resort to torture to get the information they want. The friends of mine that even know what computer security might mean do not even encrypt their e-mails, though they worry about it's being intercepted. Friends complain if I digitally sign my e-mails. I assume if they could accept encrypted e-mails, that they would save them in clear form on their machines anyway. So maybe I am kidding myself. I do not think my machine has been taken over. For one thing, I can pretty much see the Internet traffic from it, and when I am not doing anything, not much goes down the Internet. A friend whose machine was hacked (Windows ME) had lots of Internet traffic and the machine got impossibly slow. The hard drives never stopped clicking. I do not have that, though the hard drives on this machine do not click, but the Xosview program shows that when nothing is going on, nothing except BOINC programs run. The demons do, but they do not use any processor time. If I ran this machine as a server, my problems would surely be worse. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 08:50:01 up 6 days, 17:23, 4 users, load average: 5.14, 4.93, 4.94 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFOlu/MPtu2XpovyZoRArvUAKC022RLKvUmsbM1XD5shR+xrB06kQCdEDE+ gx/6aDndO7obVhfgZVEMk6o= =yjMn -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Oct 13 16:22:16 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Oct 2011 10:22:16 -0400 Subject: Useful factoid In-Reply-To: <4E96EFCC.7020003@verizon.net> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96EFCC.7020003@verizon.net> Message-ID: <4E96F418.7070700@sixdemonbag.org> On 10/13/11 10:03 AM, Jean-David Beyer wrote: > It seems to me that to do much damage to my machine, you need to get a > shell with root access. And to do that, do you not pretty much need the > root password? Nope. Local exploits are enough. Take a look at the kernel.org exploit as an example. The current belief is that one of kernel.org's legitimate users was sshing in from a compromised box. That compromised box was running a keylogger. From that keylogger, the attacker discovered this user's login name and ssh credentials. The attacker then logged into kernel.org as this user and ran a local exploit to gain root access. The attacker dropped a rootkit, a Trojaned ssh/sshd that was harvesting passwords, and all other kinds of goodness. Then, since one of the users on my box sshed in from kernel.org, the attacker got a login credential on my box. The attacker logged in using this stolen credential, used a local exploit, and the next thing I know sixdemonbag.org was rooted. As you can guess, I'm not talking about some abstract theory here. This was a real attack that really compromised my web server. People tend to grossly underestimate the risks of malware and pwnage. We talk about it very little to almost none at all, and honestly, I think it's the eight hundred pound gorilla in the room that everybody is trying very hard not to notice in the hopes that if we just pretend not to see it that it will go away. From gnupg.user at seibercom.net Thu Oct 13 17:26:39 2011 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 13 Oct 2011 11:26:39 -0400 Subject: Useful factoid In-Reply-To: <4E96EFCC.7020003@verizon.net> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96EFCC.7020003@verizon.net> Message-ID: <20111013112639.3622f606@scorpio> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Oct 2011 10:03:56 -0400 Jean-David Beyer articulated: > At one extreme, the only way to be pretty safe is to have a machine > that is not connected to the Internet, and have U.S.Marines to guard > the hardware and access to it. "The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one" Dennis Huges, FBI - -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJOlwM8AAoJEHnO4vtcDeottqMH/2aThchG2CUVlYDpzDZYsnLs HSkXVh5y0Oz05piRFzV2CXoV+dRyiARg7YZNQk7fs8t9GeFCAfbri0jGfVeM4tiD IqNLGkNpQmqTJcWLIZu4mYP3H8Ye5Zab4+nC1fUWDCGQrbmqCfXD99Brp9DGGQnj BHGmAk5ZgIQ5SJlMv8bJrWcaNFkpoAjKo+l0QSQvWkhb2Bsmrwf5U7r5Q/ayq6+K gvBHCIK/Lh3eKFpgnMMwuYCTVACf7QEqenHrTPhR2TksyysTwliIRX6nKn65EWCd 1kU71owuFyLN0QHhFamTNLWXzQZgvzMJNhegYITukbnjPusZT8T5lMSsbG6fR+c= =PgSW -----END PGP SIGNATURE----- From lists at michel-messerschmidt.de Thu Oct 13 23:36:25 2011 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Thu, 13 Oct 2011 23:36:25 +0200 Subject: Useful factoid In-Reply-To: <4E96EFCC.7020003@verizon.net> References: <4E94A7D2.7060104@sixdemonbag.org> <4E94B19E.1040605@verizon.net> <4E96BDC7.9000708@sixdemonbag.org> <4E96EFCC.7020003@verizon.net> Message-ID: <20111013213624.GA4693@hiro.matrix> On Thu, Oct 13, 2011 at 10:03:56AM -0400, Jean-David Beyer wrote: > It seems to me that to do much damage to my machine, you need to get a > shell with root access. Depends on what you regard as damage. Do you need root privileges to use your private gpg keys ??? > I never run a web browser as root. If you run your web browser under the same account that you use for gpg, vulnerabilities in your browser *potentially* allow an attacker to access your private keys. Same is true for your mail program, PDF reader, messaging client, ... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From mailinglisten at hauke-laging.de Fri Oct 14 01:08:12 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 14 Oct 2011 01:08:12 +0200 Subject: adding text to detached signature files Message-ID: <201110140108.18571.mailinglisten@hauke-laging.de> Hello, I am building a system at work for automatic creation of PDF files and sending them by mail. I am thinking about adding a signature file (not by the key of the sendig person but by a key belonging to the mail system; similar to a gateway signing solution just not singing the whole mail (and not using S/MIME) but just adding a second attachment which is a detached signature. Probably most of you have experienced the "What strange attachment have you sent to me in your email? I can't open that..." effect. In order to minimize that I think of adding some text to the file so that ################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) [...] -----END PGP SIGNATURE----- ################################################ becomes ################################################ This is a signature file. It allows you to verify that... -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) [...] -----END PGP SIGNATURE----- ################################################ The additional text has no impact on the GnuPG verification. Is this going to work with most other OpenPGP software, too? If so wouldn't it be nice to have an option to put some explaining text (either a default text pointing at the GnuPG site or including a file) into each ASCII armored signature file? In a batch process that does not matter but for all manually created detached signatures. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From dougb at dougbarton.us Fri Oct 14 01:12:03 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 13 Oct 2011 16:12:03 -0700 Subject: adding text to detached signature files In-Reply-To: <201110140108.18571.mailinglisten@hauke-laging.de> References: <201110140108.18571.mailinglisten@hauke-laging.de> Message-ID: <4E977043.4020308@dougbarton.us> Wouldn't --comment be easier? -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From expires2011 at ymail.com Fri Oct 14 01:53:12 2011 From: expires2011 at ymail.com (MFPA) Date: Fri, 14 Oct 2011 00:53:12 +0100 Subject: adding text to detached signature files In-Reply-To: <201110140108.18571.mailinglisten@hauke-laging.de> References: <201110140108.18571.mailinglisten@hauke-laging.de> Message-ID: <1808516409.20111014005312@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 14 October 2011 at 12:08:12 AM, in , Hauke Laging wrote: > Probably most of you have experienced the "What strange > attachment have you sent to me in your email? I can't > open that..." effect. In order to minimize that I think > of adding some text to the file so that > ################################################ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 > (GNU/Linux) > [...] -----END PGP SIGNATURE----- > ################################################ > becomes > ################################################ This > is a signature file. It allows you to verify that... > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 > (GNU/Linux) > [...] -----END PGP SIGNATURE----- > ################################################ The non-OpenPGP-aware recipient still couldn't open it so would miss your explanatory text. - -- Best regards MFPA mailto:expires2011 at ymail.com No matter what a man's past may have been, his future is spotless. -----BEGIN PGP SIGNATURE----- iQCVAwUBTpd6AaipC46tDG5pAQq3kQQApZNSKZNgXm2RE7031hjU625WkSO9kFZG fipkZfIA2q2lBjiC6dPQYxzdSvzRbniUepwLgixJa2V3FUFJyYYtQs3VkVPERq6D AyboYy/9DIdpFfIEbOTKQmqKTmd4CDXjyPunc+qEJR9LN5hAz7MPMV6LE9bG3j6L ekG2nrK+SUo= =fbDw -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Fri Oct 14 10:13:47 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 14 Oct 2011 10:13:47 +0200 Subject: adding text to detached signature files In-Reply-To: <4E977043.4020308@dougbarton.us> References: <201110140108.18571.mailinglisten@hauke-laging.de> <4E977043.4020308@dougbarton.us> Message-ID: <201110141013.47770.mailinglisten@hauke-laging.de> Am Freitag, 14. Oktober 2011, 01:12:03 schrieb Doug Barton: > Wouldn't --comment be easier? Thanks, that's what I was looking for. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Fri Oct 14 10:15:48 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 14 Oct 2011 10:15:48 +0200 Subject: adding text to detached signature files In-Reply-To: <1808516409.20111014005312@my_localhost> References: <201110140108.18571.mailinglisten@hauke-laging.de> <1808516409.20111014005312@my_localhost> Message-ID: <201110141015.49420.mailinglisten@hauke-laging.de> Am Freitag, 14. Oktober 2011, 01:53:12 schrieb MFPA: > > Probably most of you have experienced the "What strange > > attachment have you sent to me in your email? I can't > > open that..." effect. > The non-OpenPGP-aware recipient still couldn't open it so would miss > your explanatory text. Right, thus I am thinking of naming it file.pdf.asc.txt :-) Hauke -- Nicht?ffentliche Seite ?ber meine Parteiaktivit?ten: http://gruene:aiW9mi5 at www.hauke-laging.de/gruene/ PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 http://www.hauke-laging.de/kryptoschulung/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From ben at adversary.org Sat Oct 15 09:08:29 2011 From: ben at adversary.org (Ben McGinnes) Date: Sat, 15 Oct 2011 18:08:29 +1100 Subject: Key revocation UI confusion In-Reply-To: <4E9619AB.2050903@ashurst.eu.org> References: <4E9619AB.2050903@ashurst.eu.org> Message-ID: <4E99316D.4050705@adversary.org> On 13/10/11 9:50 AM, Andy Bennett wrote: > > Today someone suggested that they thought I'd revoked my key so I > looked into it. At first I thought that they were possibly correct: > some UIs seem to suggest that my key has indeed been > revoked. However, 'gpg --verify' and Enigmail are happy to verify > signatures made by my key and both tools are happy to use the key as > if it were valid. It looks fine to me: bash-3.2$ gpg -k 7EBA75FF pub 1024D/7EBA75FF 2000-10-30 uid Andy Bennett uid Andy Bennett uid Andy Bennett sub 2048g/C65AF469 2008-05-27 bash-3.2$ This is all anyone (other than you) really needs to pay any attention to. The only time they need to edit the key is when signing it, although maybe to check the available or preferred alorithms. Even so that only shows that two old UIDs have been revoked, along with one old subkey which was clearly replaced by the other subkey. That said, I can see why people might panic at the sight of the key revocation message immediately after the pub line instead of reading it as immediately before the sub line to which it refers. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From expires2011 at ymail.com Sat Oct 15 17:15:30 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 15 Oct 2011 16:15:30 +0100 Subject: Key revocation UI confusion In-Reply-To: <4E99316D.4050705@adversary.org> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> Message-ID: <1217560482.20111015161530@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 15 October 2011 at 8:08:29 AM, in , Ben McGinnes wrote: > That said, I can see why people might panic at the > sight of the key revocation message immediately after > the pub line instead of reading it as immediately > before the sub line to which it refers. The key revocation message saying "this key was revoked" suggests it to be referring to the key that was just listed rather than the one that is about to be listed. Maybe something like "the following key was revoked" might be a better wording if the message appears before the revoked key. - -- Best regards MFPA mailto:expires2011 at ymail.com Don't ask me, I'm making this up as I go! -----BEGIN PGP SIGNATURE----- iQCVAwUBTpmjmaipC46tDG5pAQq/YgP6A0nWjTgagDMCIfWLPvjGz9RNXpBE7Gby 0ejeZNCE86S4Is3A6AU97Wwhygj0N+t99Wo1jhon49JLiTwz5SH583DPDCqdmChG 3xGqUiRuDnZyB9Gwu0Mx9pYivtDTDuHAqVnlSVM/zflPaKqNHHT/YcoK9/cPGyJf JSqD4UKYDd4= =4qli -----END PGP SIGNATURE----- From expires2011 at ymail.com Sat Oct 15 17:18:34 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 15 Oct 2011 16:18:34 +0100 Subject: adding text to detached signature files In-Reply-To: <201110141015.49420.mailinglisten@hauke-laging.de> References: <201110140108.18571.mailinglisten@hauke-laging.de> <1808516409.20111014005312@my_localhost> <201110141015.49420.mailinglisten@hauke-laging.de> Message-ID: <585521837.20111015161834@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 14 October 2011 at 9:15:48 AM, in , Hauke Laging wrote: > Right, thus I am thinking of naming it file.pdf.asc.txt > :-) If that didn't trigger warnings about files with multiple extensions, I don't know what would. (-: - -- Best regards MFPA mailto:expires2011 at ymail.com The problem is not that we're paranoid; it's that we're not paranoid enough. -----BEGIN PGP SIGNATURE----- iQCVAwUBTpmkUaipC46tDG5pAQpWJgP8Dx7dcNb3Lil00a+g3k9mQc22zpfoy4sK fy4hyRem1DdTcOibU9S9q4DLCxTS+MS3qn9INKBepj9+TtyT3U479IGzQ5We+oIO mdMnxp0Axk8iVfReswttB67pG+NXKW/lvbd8FMoyNToPqcGP9kvRoQSNpm81a/cp OxSojWAs8QM= =D+em -----END PGP SIGNATURE----- From ben at adversary.org Sat Oct 15 17:58:27 2011 From: ben at adversary.org (Ben McGinnes) Date: Sun, 16 Oct 2011 02:58:27 +1100 Subject: Key revocation UI confusion In-Reply-To: <1217560482.20111015161530@my_localhost> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> <1217560482.20111015161530@my_localhost> Message-ID: <4E99ADA3.7000707@adversary.org> On 16/10/11 2:15 AM, MFPA wrote: > > The key revocation message saying "this key was revoked" suggests it > to be referring to the key that was just listed rather than the one > that is about to be listed. Maybe something like "the following key > was revoked" might be a better wording if the message appears before > the revoked key. That's a pretty good suggestion for a change, it would help to reduce ambiguity. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From lists at michel-messerschmidt.de Sat Oct 15 21:00:07 2011 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Sat, 15 Oct 2011 21:00:07 +0200 Subject: Key revocation UI confusion In-Reply-To: <4E99ADA3.7000707@adversary.org> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> <1217560482.20111015161530@my_localhost> <4E99ADA3.7000707@adversary.org> Message-ID: <20111015190006.GA4722@hiro.matrix> On Sun, Oct 16, 2011 at 02:58:27AM +1100, Ben McGinnes wrote: > On 16/10/11 2:15 AM, MFPA wrote: > > > > The key revocation message saying "this key was revoked" suggests it > > to be referring to the key that was just listed rather than the one > > that is about to be listed. Maybe something like "the following key > > was revoked" might be a better wording if the message appears before > > the revoked key. > > That's a pretty good suggestion for a change, it would help to reduce > ambiguity. I would prefer "the following subkey was revoked" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From ben at adversary.org Sun Oct 16 06:10:39 2011 From: ben at adversary.org (Ben McGinnes) Date: Sun, 16 Oct 2011 15:10:39 +1100 Subject: Key revocation UI confusion In-Reply-To: <20111015190006.GA4722@hiro.matrix> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> <1217560482.20111015161530@my_localhost> <4E99ADA3.7000707@adversary.org> <20111015190006.GA4722@hiro.matrix> Message-ID: <4E9A593F.40306@adversary.org> On 16/10/11 6:00 AM, Michel Messerschmidt wrote: > On Sun, Oct 16, 2011 at 02:58:27AM +1100, Ben McGinnes wrote: >> On 16/10/11 2:15 AM, MFPA wrote: >>> >>> The key revocation message saying "this key was revoked" suggests it >>> to be referring to the key that was just listed rather than the one >>> that is about to be listed. Maybe something like "the following key >>> was revoked" might be a better wording if the message appears before >>> the revoked key. >> >> That's a pretty good suggestion for a change, it would help to reduce >> ambiguity. > > I would prefer "the following subkey was revoked" That would be nice, but you can see from the example Andy included at the start of this thread that the same line of text is used with primary keys when they are revoked. To change the line as MFPA suggests simply requires changing line 2,687 of g10/keyedit.c (in version 1.4.11, other versions might have the line in different places) from this: tty_printf(_("This key was revoked on %s by %s key %s\n"), To this: tty_printf(_("The following key was revoked on %s by %s key %s\n"), There are also language specific files in other directories which may need to be updated. To make the change you're suggesting would require additional code to differentiate between a revoked subkey and a revoked primary or master key. Such a change might not be trivial. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From mwinkler at compass-analytics.com Sun Oct 16 02:51:45 2011 From: mwinkler at compass-analytics.com (Megan Winkler) Date: Sat, 15 Oct 2011 19:51:45 -0500 Subject: GPGME and Windows Server 2003/2008 Message-ID: We are using GPGME in our C++ application to decrypt PGP files sent to us by a client. The files are approximately 60meg encrypted, 500meg decrypted. We have tested the application on two different boxes with the following configurations: * Windows Server 2003 R2 x64 16GB RAM 8 3GHz cores * Windows Server 2008 R2 x64 16GB RAM 8 3GHz cores * Latest Windows Hot fix * GPG 1.1.4 Our application is using a single thread for the decryption. We are dynamically linking to the libpgme-11.dll using LoadLibrary(). During testing we are only running the application that is doing the decryption and we have been testing only one data file. What is troubling is that the amount of time taken to decrypt the file varies tremendously - in the best case it takes less than 2 minutes and in the worse case 7+ hours. No matter how long it takes the decryption completes successfully. What could be causing the performance differences? Also, I have noticed that the GPG.exe process does not terminate and continues to use the CPU even after the application cleans up and shuts down. I have observed multiple GPG.exe processes in Task Manager. The decryption cleanup calls gpgme_data_release() to free the data buffers, gpgme_release to free the context, and FreeLibrary to unload the dll. What am I neglecting to do? Any help would be greatly appreciated! Megan -------------- next part -------------- An HTML attachment was scrubbed... URL: From meganbwinkler at yahoo.com Sun Oct 16 11:39:11 2011 From: meganbwinkler at yahoo.com (Megan Winkler) Date: Sun, 16 Oct 2011 02:39:11 -0700 (PDT) Subject: GPGME and Windows Server 2003/2008 Message-ID: <1318757951.88189.YahooMailNeo@web160103.mail.bf1.yahoo.com> ? We are using GPGME in our C++ application to decrypt PGP files ?sent to us by a client.? The files are approximately 60meg encrypted, ?500meg decrypted. ? We have tested the application on two different boxes with the following configurations: ????????? Windows Server 2003 R2 x64 16GB RAM 8 3GHz cores ????????? Windows Server 2008 R2 x64 16GB RAM 8 3GHz cores ????????? Latest Windows Hot fix ????????? GPG 1.1.4 ? Our application is using a single thread for the decryption.? We are dynamically linking to the libpgme-11.dll using LoadLibrary(). ? During testing we are only running the application that is doing the decryption and we have been testing only ?one data file.? ?What is troubling is that the amount of time taken to decrypt the file varies tremendously ? in the best case it takes less than 2 minutes and in the worse case 7+ hours.?? No matter how long it takes the decryption completes successfully. ? What could be causing the performance differences?? ? ? Also, I have noticed that the GPG.exe process ?does not terminate and continues to use the CPU even after the application cleans up and shuts down. ?I have observed multiple GPG.exe processes in Task Manager. ?The decryption cleanup calls gpgme_data_release() to free the data buffers, gpgme_release to free the context, and FreeLibrary to unload the dll.? What am I neglecting to do? ??? Megan -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin_yaki2 at yahoo.de Sun Oct 16 14:57:09 2011 From: martin_yaki2 at yahoo.de (Martin Jachs) Date: Sun, 16 Oct 2011 14:57:09 +0200 Subject: Why do I receive keys I wouldn't expect Message-ID: <95FC9724-D2F8-4FAE-A6A6-8A7118C76BF7@yahoo.de> I issued the following command to receive my own public key for my other mail address "m.jachs at gmx.net". gpg --keyserver sks-keyservers.net --recv-keys D870A352 and got the following output gpg: requesting key D870A352 from hkp server sks-keyservers.net gpg: key D870A352: "Martin Jachs (Regular email address) " not changed gpg: key E66B2314: public key "Forest Jordan " imported gpg: Total number processed: 2 gpg: imported: 1 gpg: unchanged: 1 My question now is: Why is the key for "me at inetz.com" imported? My key has only been signed by me and has no other user IDs than mine. The output from http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&fingerprint=on&search=0xB073838BD870A352 shows this. I encountered this while importing my own public key on another machine (with Kleopatra) and got surprised. Thanks for any explanation! Martin From andyjpb at ashurst.eu.org Sun Oct 16 16:24:01 2011 From: andyjpb at ashurst.eu.org (Andy Bennett) Date: Sun, 16 Oct 2011 15:24:01 +0100 Subject: Key revocation UI confusion In-Reply-To: <4E9A593F.40306@adversary.org> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> <1217560482.20111015161530@my_localhost> <4E99ADA3.7000707@adversary.org> <20111015190006.GA4722@hiro.matrix> <4E9A593F.40306@adversary.org> Message-ID: <4E9AE901.4090901@ashurst.eu.org> Hi, Thanks to everyone who replied. Does anyone have a view on what the keyservers' web interface has to say on the matter? http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x387A76957EBA75FF Specifically, the red "revok" lines on the primary ID and both subkeys. Given that I assume Ben downloaded my key from one of those keyservers, I imagine the key itself is valid... Many thanks for your thoughts. Regards, @ndy -- andyjpb at ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From andyjpb at ashurst.eu.org Sun Oct 16 16:30:50 2011 From: andyjpb at ashurst.eu.org (Andy Bennett) Date: Sun, 16 Oct 2011 15:30:50 +0100 Subject: Why do I receive keys I wouldn't expect In-Reply-To: <95FC9724-D2F8-4FAE-A6A6-8A7118C76BF7@yahoo.de> References: <95FC9724-D2F8-4FAE-A6A6-8A7118C76BF7@yahoo.de> Message-ID: <4E9AEA9A.6040806@ashurst.eu.org> Hi, > My question now is: Why is the key for "me at inetz.com" imported? My > key has only been signed by me and has no other user IDs than mine. > The output from > http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&fingerprint=on&search=0xB073838BD870A352 > shows this. It looks like the public key E66B2314 has a sub key, D870A352, with the same ID as yours. Naturally, the actual fingerprints are different which is why it's always important to verify the entire fingerprint when signing. It's entirely possible for two keys to end up with the same ID due to the stochastic nature of their generation. ----- $ gpg --keyserver sks-keyservers.net --recv-keys D870A352 gpg: requesting key D870A352 from hkp server sks-keyservers.net gpg: key D870A352: "Martin Jachs (Regular email address) " not changed gpg: key E66B2314: "Forest Jordan " not changed gpg: Total number processed: 2 gpg: unchanged: 2 $ gpg -k D870A352 pub 4096R/D870A352 2011-09-19 [expires: 2013-09-19] Key fingerprint = F389 AC69 1DE4 B9EA D3AD E63D B073 838B D870 A352 uid Martin Jachs (Regular email address) sub 4096R/610E7AE1 2011-09-19 pub 1024D/E66B2314 1997-10-09 Key fingerprint = 667B 363B AB7A FDC5 79FA 8AF4 7B99 4420 E66B 2314 uid Forest Jordan sub 2048g/D870A352 1997-10-09 ----- Regards, @ndy -- andyjpb at ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Sun Oct 16 16:42:32 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 16 Oct 2011 10:42:32 -0400 Subject: Why do I receive keys I wouldn't expect In-Reply-To: <95FC9724-D2F8-4FAE-A6A6-8A7118C76BF7@yahoo.de> References: <95FC9724-D2F8-4FAE-A6A6-8A7118C76BF7@yahoo.de> Message-ID: <0EE27B4B-0A68-47F2-B384-B59D4F52B920@jabberwocky.com> On Oct 16, 2011, at 8:57 AM, Martin Jachs wrote: > I issued the following command to receive my own public key for my other mail address "m.jachs at gmx.net". > > gpg --keyserver sks-keyservers.net --recv-keys D870A352 > > and got the following output > > gpg: requesting key D870A352 from hkp server sks-keyservers.net > gpg: key D870A352: "Martin Jachs (Regular email address) " not changed > gpg: key E66B2314: public key "Forest Jordan " imported > gpg: Total number processed: 2 > gpg: imported: 1 > gpg: unchanged: 1 > > My question now is: Why is the key for "me at inetz.com" imported? My key has only been signed by me and has no other user IDs than mine. The output from http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&fingerprint=on&search=0xB073838BD870A352 shows this. > > I encountered this while importing my own public key on another machine (with Kleopatra) and got surprised. You managed to hit a (presumably natural) keyid collision. It's rare, but not impossible. Your primary key has the keyid of D870A352. The other key happens to have a subkey with the keyid of the same D870A352. OpenPGP keyids are made by chopping down the full key fingerprint (40 characters) into a long keyid (16 characters) or a short keyid (8 characters). In this case, the full fingerprints and long keyid does not match - you just happened to collide in the lower 8 characters. This is why it's important to check the whole fingerprint when signing keys. David From expires2011 at ymail.com Sun Oct 16 22:00:23 2011 From: expires2011 at ymail.com (MFPA) Date: Sun, 16 Oct 2011 21:00:23 +0100 Subject: Key revocation UI confusion In-Reply-To: <4E9AE901.4090901@ashurst.eu.org> References: <4E9619AB.2050903@ashurst.eu.org> <4E99316D.4050705@adversary.org> <1217560482.20111015161530@my_localhost> <4E99ADA3.7000707@adversary.org> <20111015190006.GA4722@hiro.matrix> <4E9A593F.40306@adversary.org> <4E9AE901.4090901@ashurst.eu.org> Message-ID: <543105735.20111016210023@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 16 October 2011 at 3:24:01 PM, in , Andy Bennett wrote: > Does anyone have a view on what the keyservers' web > interface has to say on the matter? > http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x387A76957EBA75FF > Specifically, the red "revok" lines on the primary ID > and both subkeys. When I look at that, I see that two of the five User IDs have been revoked and that both subkeys have been revoked. > Given that I assume Ben downloaded my key from one of > those keyservers, I imagine the key itself is valid... Looks OK to me. The master key is not revoked, has no expiry date and the key has some User IDs that have not been revoked. - -- Best regards MFPA mailto:expires2011 at ymail.com Life is a holiday. In the same way that glass is a liquid. -----BEGIN PGP SIGNATURE----- iQCVAwUBTps39KipC46tDG5pAQpGswQAs7+wNlqpW4gtn7CxMlKawI+LXrCik1Lc IiAr8L0rle5NryKqUPPXBzshF/hMgvelY+QyaGJYsyLR8CUIyAa5RdiUWb39N/ER sQM6TetF192SX7b01DUdVr3fDpxWrrdhyT0cg+0ZfM5G9JjeHm/j2DG+73xDh+0a vtsrBpfJnlU= =1R9K -----END PGP SIGNATURE----- From sweepslate at gmail.com Sun Oct 16 23:37:17 2011 From: sweepslate at gmail.com (sweepslate) Date: Mon, 17 Oct 2011 00:37:17 +0300 Subject: use key, not passphrase, in symmetric encryption Message-ID: <4E9B4E8D.8000708@gmail.com> I want to encrypt a file symmetrically but use a key instead of a passphrase. Is this possible? From dougb at dougbarton.us Mon Oct 17 03:37:52 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 16 Oct 2011 18:37:52 -0700 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <4E9B4E8D.8000708@gmail.com> References: <4E9B4E8D.8000708@gmail.com> Message-ID: <4E9B86F0.9070503@dougbarton.us> On 10/16/2011 14:37, sweepslate wrote: > I want to encrypt a file symmetrically but use a key instead of a > passphrase. It's sort of hard to understand what you're trying to accomplish, can you give us more details? Doug From makrober at gmail.com Mon Oct 17 08:32:36 2011 From: makrober at gmail.com (M.R.) Date: Mon, 17 Oct 2011 06:32:36 +0000 Subject: no, you can't In-Reply-To: <4E9B86F0.9070503@dougbarton.us> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> Message-ID: <4E9BCC04.6030405@gmail.com> On 17/10/11 01:37, Doug Barton wrote: > On 10/16/2011 14:37, sweepslate wrote: > It's sort of hard to understand what you're trying to accomplish, > can you give us more details? To me, it is perfectly obvious what the OP is trying to accomplish: perform the encryption by supplying the cryptographic key itself, instead of character string material, from which the key will be derived by some in-program procedure. Why does he want to do that makes no difference to the answer, which is simply: no, unfortunately you can't. Mark R. From wk at gnupg.org Mon Oct 17 11:02:24 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 17 Oct 2011 11:02:24 +0200 Subject: GPGME and Windows Server 2003/2008 In-Reply-To: (Megan Winkler's message of "Sat, 15 Oct 2011 19:51:45 -0500") References: Message-ID: <87ipno56u7.fsf@vigenere.g10code.de> On Sun, 16 Oct 2011 02:51, mwinkler at compass-analytics.com said: > * GPG 1.1.4 Do you mean GnuPG 1.4.11 or GPGME 1.1.4? The latter is quite old and the NEWS file shows that 1.1.5 and 1.1.6 both had fixes for Windows. The current version is 1.3.0; a binary for Windows of that versions (or a slightly newer one) comes as part of gpg4win.org (it is sufficient to download gpg4win-light-2.1.0). > Our application is using a single thread for the decryption. We are dynamically linking to the libpgme-11.dll using LoadLibrary(). Please link directly against libgpgme. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From americabrazil1234 at hotmail.com Mon Oct 17 03:31:13 2011 From: americabrazil1234 at hotmail.com (Vortran66) Date: Sun, 16 Oct 2011 18:31:13 -0700 (PDT) Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <4E95F7CD.40700@sixdemonbag.org> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> <32639372.post@talk.nabble.com> <4E95F7CD.40700@sixdemonbag.org> Message-ID: <32664202.post@talk.nabble.com> Mr. Hansen: Thank you very much. Looks like alter agent will not work with Snow Leopard. As soon as I upgrade to Lion I will give it a try. Thanks for helping out a novice! Bill Robert J. Hansen-3 wrote: > > On 10/12/11 11:44 AM, Vortran66 wrote: >> Thanks for all your effort. I realize now that changing the cache >> values involves a little more than changing a few values and that I >> am probably in way over my head. > > It involves editing a couple of configuration files by hand, and > requires you to be a little comfortable with the command-line, yes. > This much is true. :) > >> I am basically just a dumb user > > This much is totally bogus. :) > >> who has no real experience programming other than a little COBAL back >> in college 25 years ago (don't laugh). > > Laughing at COBOL is sort of like laughing at the Great Pyramids of > Egypt: it tells you a lot more about the person doing the laughing than > it does about COBOL. Speaking just for myself, I don't laugh at apps > that have been running for five decades without a crash. > >> I read the agent-alter PDF and I get the gist of what it does. My >> problem is I really unfamiliar with using terminal. > > That's not for you, friend. :) My goal is to give you a tool you can > easily use to solve your problem. That PDF was meant more for other > people to review and tell me, "no, you're doing it wrong, you > should...". (And that was very much worthwhile: Werner pointed me > towards the gpgconf tool, which simplified things a lot.) > > Anyway. You might want to take a look at: > > http://keyservers.org/~rjh/AlterAgent.zip > > Download it, unzip it, and within there will be an OS X app called > "AlterAgent." Double-click and you might just get the solution to your > problem. It might also crash horribly. > > *I've only tested it on my own machine.* No warranties express or > implied, etc., etc. If it breaks you get to keep both parts. > > If you have feedback ("it's great, you're so cool!", or "my Mac is now > on fire and it's all your fault!"), please send it to me directly: don't > spam the list with it, please. Thanks. :) > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://old.nabble.com/How-to-use-terminal-to-change-mac-cache-ttl-tp32599099p32664202.html Sent from the GnuPG - User mailing list archive at Nabble.com. From rjh at sixdemonbag.org Mon Oct 17 14:29:01 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Oct 2011 08:29:01 -0400 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <32664202.post@talk.nabble.com> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> <32639372.post@talk.nabble.com> <4E95F7CD.40700@sixdemonbag.org> <32664202.post@talk.nabble.com> Message-ID: <4E9C1F8D.60809@sixdemonbag.org> On 10/16/2011 9:31 PM, Vortran66 wrote: > Thank you very much. Looks like alter agent will not work with Snow > Leopard. It will, actually: all I have to do is recompile it for Snow Leopard. There's nothing in there that's Lion-specific. I'll see about making a new build within the next couple of hours. From sweepslate at gmail.com Mon Oct 17 13:51:03 2011 From: sweepslate at gmail.com (sweepslate) Date: Mon, 17 Oct 2011 14:51:03 +0300 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <4E9B86F0.9070503@dougbarton.us> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> Message-ID: <4E9C16A7.1060406@gmail.com> The end goal is to encrypt a volume of around 100GB of personal files that I'll be carrying arround with me in a portable drive. It's around 14000 files, so I can't possibly encrypt them one-by-one interactively! Doing a tarball is going to be time-consuming, space consuming [1], and cumbersome. Also the process can't be stoped (and it's going to be a big process), and the only thing I'm gaining is hidding the original filenames, which I do not care in this scenario. So I'd like to avoid the tarball. If possible. So I concluced that I need a non-interactive, 'scriptable' if you'd like, way to perform the action. I wanted to use symmetric so as not to add unnecessary complexity to the solution. I'm only encrypting to myself. I wanted to use something larger than a passphrase so I wondered if I can use a key. But on a second thought, I could use a SHA512SUM as a passphrase, which is 128 bytes in length. That makes it 1024 bits; correct? It's like a small key. I could use 4 of them combined for the strength of a key of 4096 bits. If it's not possible to use a key or a 128-512 bytes passphrase, I could go for the classic way of public-private key. But I want to keep public key encryption as a last resort (I have reasons additional to complexity). The key point is doing the encryption of 14000 files in a non-interactive way. [1] While encrypting single files can be done progressively, in the same drive, without requiring exta space. On 10/17/2011 4:37 AM, Doug Barton wrote: > On 10/16/2011 14:37, sweepslate wrote: >> I want to encrypt a file symmetrically but use a key instead of a >> passphrase. > > It's sort of hard to understand what you're trying to accomplish, can > you give us more details? > > > Doug From rjh at sixdemonbag.org Mon Oct 17 14:59:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Oct 2011 08:59:33 -0400 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <4E9C16A7.1060406@gmail.com> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> <4E9C16A7.1060406@gmail.com> Message-ID: <4E9C26B5.1000508@sixdemonbag.org> On 10/17/2011 7:51 AM, sweepslate wrote: > I wanted to use something larger than a passphrase so I wondered if I > can use a key. But on a second thought, I could use a SHA512SUM as a > passphrase, which is 128 bytes in length. That makes it 1024 bits; > correct? It's like a small key. I could use 4 of them combined for the > strength of a key of 4096 bits. Other people will explain how to use various command-line options to do what you want: me, I'm going to offer a hopefully polite correction. Asymmetric key lengths cannot be directly compared to symmetric key lengths. A 128-bit *symmetric* cipher is roughly a trillion times stronger than a 1024-bit *asymmetric* cipher: in fact, the general understanding is that a 128-bit symmetric cipher is comparable to a 3072-bit asymmetric cipher. You can use symmetric cryptography, driven by a passphrase and hashed with a good algorithm, with confidence. From mailinglisten at hauke-laging.de Mon Oct 17 15:09:40 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 17 Oct 2011 15:09:40 +0200 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <4E9C16A7.1060406@gmail.com> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> <4E9C16A7.1060406@gmail.com> Message-ID: <201110171509.47269.mailinglisten@hauke-laging.de> Am Montag, 17. Oktober 2011, 13:51:03 schrieb sweepslate: > The end goal is to encrypt a volume of around 100GB of personal files > that I'll be carrying arround with me in a portable drive. > The key point is doing the encryption of 14000 files in a > non-interactive way. echo fubar | gpg --symmetric --passphrase-fd 0 --batch file.txt Or use --passphrase-file Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From david at systemoverlord.com Mon Oct 17 15:49:56 2011 From: david at systemoverlord.com (David Tomaschik) Date: Mon, 17 Oct 2011 09:49:56 -0400 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <4E9C16A7.1060406@gmail.com> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> <4E9C16A7.1060406@gmail.com> Message-ID: On Mon, Oct 17, 2011 at 7:51 AM, sweepslate wrote: > The end goal is to encrypt a volume of around 100GB of personal files that > I'll be carrying arround with me in a portable drive. I like GnuPG as much as the next guy around here, but is there a reason you want to use GPG instead of a tool designed for disk encryption? TrueCrypt is cross-platform and works well... if you're Windows-only, there's BitLocker, and for Linux there's LUKS/dm-crypt and eCryptFS. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From wk at gnupg.org Mon Oct 17 20:11:29 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 17 Oct 2011 20:11:29 +0200 Subject: STEED - Usable end-to-end encryption Message-ID: <87ty774hf2.fsf@vigenere.g10code.de> Hi! Over the last year Marcus and me discussed ideas on how to make encryption easier for non-crypto geeks. We explained our plans to several people and finally decided to start a project to develop such a system. Obviously it is based on GnuPG but this is only one component of the whole system. We prepared a short paper; if you are interested you may download it from http://g10code.com/docs/steed-usable-e2ee.pdf There is also a brief (for now) web page dedicated to this project: http://g10code.com/steed.html Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome at jeromebaum.com Mon Oct 17 20:25:04 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Mon, 17 Oct 2011 20:25:04 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: <4E9C7300.1050901@jeromebaum.com> > http://g10code.com/docs/steed-usable-e2ee.pdf Skimmed over this. You say that you need ISP support to get the system adopted (for the DNS-based distribution). Wouldn't that hinder adoption? hotmail and the like still don't support POP3 or IMAP in a standard account, and they are still popular options. So obviously email providers aren't the right place to look to get a technology deployed, especially one that hinders their access to email. How about an opportunistic approach? This email should include the following header: OpenPGP: id=C58C753A; url=https://jeromebaum.com/pgp The MUA could recognize a header like this one and remember that there's a certificate -- so the next email we send will be encrypted. The first email couldn't be, but is that worse than no encryption at all? Basically something like Strict-Transport-Security. What do you think? Like I said this is based on a quick skimming of the paper. Sorry about the long message. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From aaron.toponce at gmail.com Mon Oct 17 22:32:15 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 17 Oct 2011 14:32:15 -0600 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C7300.1050901@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> Message-ID: <20111017203215.GO32237@poseidon.cocyt.us> On Mon, Oct 17, 2011 at 08:25:04PM +0200, Jerome Baum wrote: > How about an opportunistic approach? This email should include the > following header: > > OpenPGP: id=C58C753A; > url=https://jeromebaum.com/pgp > > The MUA could recognize a header like this one and remember that there's > a certificate -- so the next email we send will be encrypted. The first > email couldn't be, but is that worse than no encryption at all? I like the idea, but how are you setting the header? I see you're using Thunderbird, and I don't believe that setting that header is part of Enigmail. Further, it appears your mail isn't signed. Just curious. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From ben at adversary.org Mon Oct 17 23:00:40 2011 From: ben at adversary.org (Ben McGinnes) Date: Tue, 18 Oct 2011 08:00:40 +1100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111017203215.GO32237@poseidon.cocyt.us> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017203215.GO32237@poseidon.cocyt.us> Message-ID: <4E9C9778.8060706@adversary.org> On 18/10/11 7:32 AM, Aaron Toponce wrote: > > I like the idea, but how are you setting the header? I see you're > using Thunderbird, and I don't believe that setting that header is > part of Enigmail. Further, it appears your mail isn't signed. Just > curious. No, but it is part of Thunderbird: http://kb.mozillazine.org/Custom_headers The process is even less straight forward than using Enigmail would be for end users. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From takethebus at gmx.de Mon Oct 17 23:18:02 2011 From: takethebus at gmx.de (takethebus at gmx.de) Date: Mon, 17 Oct 2011 23:18:02 +0200 Subject: private key protection In-Reply-To: <4E9C7300.1050901@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> Message-ID: <20111017211802.182810@gmx.net> Hi everybody, what is the best way to protect your private key from getting stolen? I think: 1. Using gnupg on a windows PC with internet connection is not good, because there are too many trojans out there. 2. Using gnupg on a linux PC with internet connection (like privatix, see http://www.mandalka.name/privatix/index.html.en ) is better since there are fewer(?) security holes and trojans out there. How big do you think is the thread? 3. The best way is to have one PC connected to the internet and another, without an internet connection (missing network drivers and a fully encrypted hard disk for instance), which you use to decrypt and encrypt messages. You use an USB stick to carry messages from the internet PC to the one not connected to the net. If you don't have two PCs, you can use another USB stick with privatix without network drivers on it. Which software can I use under point 3 to put my messages in order (date, sender, etc.) on a linux system? Most people use something like point 2, don't they? Point 3 is the only satisfying to me, since I find it hard to judge the the thread in point 2. Additionally point 3 makes it easier to see when your key might have been stolen: If you see traces that someone broke into your house and searched everything for the hidden privatix USB stick. Only experts might notice a trojan under point 2. Thanks for answers, Jan From jerome at jeromebaum.com Mon Oct 17 23:21:03 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Mon, 17 Oct 2011 23:21:03 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C9778.8060706@adversary.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017203215.GO32237@poseidon.cocyt.us> <4E9C9778.8060706@adversary.org> Message-ID: <4E9C9C3F.5000400@jeromebaum.com> On 2011-10-17 23:00, Ben McGinnes wrote: > On 18/10/11 7:32 AM, Aaron Toponce wrote: >> >> I like the idea, but how are you setting the header? I see you're >> using Thunderbird, and I don't believe that setting that header is >> part of Enigmail. Further, it appears your mail isn't signed. Just >> curious. I don't sign every email I send. I tend to plug in my reader whenever I sign something important, and then sign other mails while the reader is plugged in. The reader wasn't plugged in in this case. > No, but it is part of Thunderbird: > > http://kb.mozillazine.org/Custom_headers > > The process is even less straight forward than using Enigmail would be > for end users. So enabling _Enigmail_'s "Send 'OpenPGP' header" option is difficult now? Anyway, my point wasn't that we should use Enigmail. It wasn't that we should use the OpenPGP header. It was that we should have an optional header that unobtrusively says "by the way, I support encryption". However the OpenPGP header is a pretty good start as Enigmail supports it. Whatever solution we use, it should be default-on. Plus we should use key-servers as not everyone has a place to upload the key, and it'd be pretty involved for a "dumb" end-user. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From gnupg.user at seibercom.net Mon Oct 17 22:21:06 2011 From: gnupg.user at seibercom.net (Jerry) Date: Mon, 17 Oct 2011 16:21:06 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C7300.1050901@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> Message-ID: <20111017162106.27c31f03@scorpio> On Mon, 17 Oct 2011 20:25:04 +0200 Jerome Baum articulated: > Skimmed over this. You say that you need ISP support to get the system > adopted (for the DNS-based distribution). Wouldn't that hinder > adoption? hotmail and the like still don't support POP3 or IMAP in a > standard account, and they are still popular options. Are you sure about that? http://windowslivehelp.com/solution.aspx?solutionid=a485233f-206d-491e-941b-118e45a7cf1b -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From rjh at sixdemonbag.org Mon Oct 17 23:30:48 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Oct 2011 17:30:48 -0400 Subject: private key protection In-Reply-To: <20111017211802.182810@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> Message-ID: <4E9C9E88.6060704@sixdemonbag.org> On 10/17/11 5:18 PM, takethebus at gmx.de wrote: > what is the best way to protect your private key from getting > stolen? Smartcard and a good PIN. That's pretty much the gold standard. It's not the best way (there is no 'best way'), but it's generally an excellent place to start from. > 1. Using gnupg on a windows PC with internet connection is not good, > because there are too many trojans out there. Let's be cautious here: if using GnuPG on a Windows PC with an internet connection is not good, then using GnuPG on a Linux machine with an internet connection is not good, either. Turenne once wrote, "when a general makes no mistakes in war, it is because he has not been at it long." The same can be said of system administrators: when a sysadmin has never lost a box to an exploit, it is because he or she has not been at the job very long. > 2. Using gnupg on a linux PC with internet connection (like privatix, > see http://www.mandalka.name/privatix/index.html.en ) is better since > there are fewer(?) security holes and trojans out there. I emphatically disagree with this. > 3. The best way "The best way" is almost always a misnomer. Everyone has different needs and is targeted by different threats: what's "best" for you will likely be very bad for someone else. From jerome at jeromebaum.com Mon Oct 17 23:41:44 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Mon, 17 Oct 2011 23:41:44 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111017162106.27c31f03@scorpio> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017162106.27c31f03@scorpio> Message-ID: <4E9CA118.8040606@jeromebaum.com> > http://windowslivehelp.com/solution.aspx?solutionid=a485233f-206d-491e-941b-118e45a7cf1b Wow, since 2009 (I haven't checked back in a while -- stay clear of strange hosts like hotmail). I think the point still stands though. I don't think email providers are the right place to look for end-to-end encryption technology: Aren't we trying to _not_ involve the provider in the encryption ("end-point")? Is it in the interest of the provider that you encrypt your emails? etc. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Mon Oct 17 23:59:26 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Oct 2011 17:59:26 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C9C3F.5000400@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017203215.GO32237@poseidon.cocyt.us> <4E9C9778.8060706@adversary.org> <4E9C9C3F.5000400@jeromebaum.com> Message-ID: <4E9CA53E.100@sixdemonbag.org> On 10/17/11 5:21 PM, Jerome Baum wrote: > So enabling _Enigmail_'s "Send 'OpenPGP' header" option is difficult now? Unquestionably, indubitably, beyond doubt, *yes*. You are assuming a level of computer literacy that is beyond 95% of the computing public. Remember, under 10% of the computing public knows how to use Ctrl-F to search through a document. [*] Speaking personally about Enigmail, I routinely get complaints about Enigmail being broken from people who don't have GnuPG installed, complaints about Enigmail being too hard to uninstall from people who have never installed Enigmail (they thought that just by downloading the .XPI the file was installed automatically), and so forth. All of us on the Enigmail user-help team have these stories. I'll eat my own hat if the GnuPG devs don't have their own. Users aren't stupid, not by any stretch of the imagination. Some of the worst offenders have been obviously intelligent people who have been extremely irate about Enigmail, on the grounds that "I'm a freaking *physician* and I can't understand this, how do you expect regular users to?!" To them, all I can say is -- it's not about innate intelligence: it's about whether you possess the skill of computer literacy. We live in an immensely technological society, and very few people are computer literate. [*] http://www.theatlantic.com/technology/archive/2011/08/crazy-90-percent-of-people-dont-know-how-to-use-ctrl-f/243840/ From jerome at jeromebaum.com Tue Oct 18 00:07:58 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 00:07:58 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9CA53E.100@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017203215.GO32237@poseidon.cocyt.us> <4E9C9778.8060706@adversary.org> <4E9C9C3F.5000400@jeromebaum.com> <4E9CA53E.100@sixdemonbag.org> Message-ID: <4E9CA73E.2070305@jeromebaum.com> On 2011-10-17 23:59, Robert J. Hansen wrote: > On 10/17/11 5:21 PM, Jerome Baum wrote: >> So enabling _Enigmail_'s "Send 'OpenPGP' header" option is difficult now? > > [long rant about Enigmail] The emphasis was clearly on "Enigmail", not on whether it's difficult or not. If you hadn't misquoted me you might have included the bit where I said this should be default-on (obviously so the user doesn't have to configure it). -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From jerome at jeromebaum.com Mon Oct 17 23:44:07 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Mon, 17 Oct 2011 23:44:07 +0200 Subject: private key protection In-Reply-To: References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> Message-ID: <4E9CA1A7.9050305@jeromebaum.com> > Your private key being stolen isn't really that big of a deal. If you > have a very strong passphrase, possessing your private key gives an > attacker almost no leverage. With a strong passphrase, the average > attacker isn't going to be able to break your key on modern hardware > and anyone who could break it probably doesn't need your private key > to decrypt your messages anyway. I'm going to lean very far out the window and assume he meant the actual private key, not the private key-ring/-file/... -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From papillion at gmail.com Mon Oct 17 23:56:19 2011 From: papillion at gmail.com (Anthony Papillion) Date: Mon, 17 Oct 2011 16:56:19 -0500 Subject: private key protection In-Reply-To: <4E9CA1A7.9050305@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> Message-ID: On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. ?With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Correct assumption. :-) From papillion at gmail.com Mon Oct 17 23:57:13 2011 From: papillion at gmail.com (Anthony Papillion) Date: Mon, 17 Oct 2011 16:57:13 -0500 Subject: private key protection In-Reply-To: <4E9CA1A7.9050305@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> Message-ID: On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. ?With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Rereading the post, you're probably right. From papillion at gmail.com Mon Oct 17 23:38:24 2011 From: papillion at gmail.com (Anthony Papillion) Date: Mon, 17 Oct 2011 16:38:24 -0500 Subject: private key protection In-Reply-To: <20111017211802.182810@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> Message-ID: On Mon, Oct 17, 2011 at 4:18 PM, wrote: > > what is the best way to protect > your private key from getting stolen? Your private key being stolen isn't really that big of a deal. If you have a very strong passphrase, possessing your private key gives an attacker almost no leverage. With a strong passphrase, the average attacker isn't going to be able to break your key on modern hardware and anyone who could break it probably doesn't need your private key to decrypt your messages anyway. Anthony From benjamin at py-soft.co.uk Mon Oct 17 23:41:20 2011 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Mon, 17 Oct 2011 22:41:20 +0100 Subject: How to use terminal to change mac-cache-ttl In-Reply-To: <32639372.post@talk.nabble.com> References: <32599099.post@talk.nabble.com> <4E8DF170.4030403@sixdemonbag.org> <32639372.post@talk.nabble.com> Message-ID: On 12 October 2011 16:44, Vortran66 wrote: > I realize now that changing the cache values involves a little more than > changing a few values and that I am probably in > way over my head. Open a terminal and type "man gpg-agent". Make a note of any ttl values you want to set, eg: --default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 seconds. --default-cache-ttl-ssh n Set the time a cache entry used for SSH keys is valid to n sec- onds. The default is 1800 seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently. The default is 2 hours (7200 seconds). --max-cache-ttl-ssh n Set the maximum time a cache entry used for SSH keys is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently. The default is 2 hours (7200 seconds). Then type "nano ~/.gnupg/gpg-agent.conf" at the command prompt and enter the values you want without the preceding dashes, for example: default-cache-ttl 0 max-cache-ttl 0 Then kill any existing gpg-agent with "kill gpg-agent". As you are using gpg-tools, you may wish to direct your query to their email list - http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Benjamin Donnachie -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.toponce at gmail.com Tue Oct 18 01:50:42 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 17 Oct 2011 17:50:42 -0600 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C7300.1050901@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> Message-ID: <20111017235042.GB9698@poseidon.cocyt.us> On Mon, Oct 17, 2011 at 08:25:04PM +0200, Jerome Baum wrote: > How about an opportunistic approach? This email should include the > following header: > > OpenPGP: id=C58C753A; > url=https://jeromebaum.com/pgp > > The MUA could recognize a header like this one and remember that there's > a certificate -- so the next email we send will be encrypted. The first > email couldn't be, but is that worse than no encryption at all? > > Basically something like Strict-Transport-Security. > > What do you think? > > Like I said this is based on a quick skimming of the paper. Sorry about > the long message. For the uninitiated, http://josefsson.org/openpgp-header/ explains the 'OpenPGP' header, and it's syntax. This was something new to me. A bit of additional research on whether or not this was something Mutt was planning on adding led me to http://marc.info/?l=mutt-dev&m=110227240028896&w=2. I've added it with "my_hdr OpenPGP id=${pgp_sign_as}\;url=...". The only question remaining, for me, is whether or not it should be "X-OpenPGP" or "OpenPGP" as the header field name. I've heard various positions on this, but nothing definitive. At any rate, I would love to see more client-to-client encryption in email. I've always wondered if there could be an "OTR" approach to mail, somehow, so people don't need to generate and manage their own sets of keys, as that seems to be the largest hinderence to widespread adoption. The only thing the user should do, is compose the mail, hit send, and everything is handled with very minimal user interaction. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 519 bytes Desc: Digital signature URL: From aguilarojo at gmail.com Tue Oct 18 00:57:50 2011 From: aguilarojo at gmail.com (Derick Centeno) Date: Mon, 17 Oct 2011 18:57:50 -0400 Subject: private key protection In-Reply-To: <20111017211802.182810@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> Message-ID: <4E9CB2EE.80608@gmail.com> On 10/17/11 5:18 PM, takethebus at gmx.de wrote: > Hi everybody, > > what is the best way to protect > your private key from getting stolen? Page 29 (http://www.gnupg.org/gph/en/manual.html#AEN513) of the Gnu Privacy Handbook (http://www.gnupg.org/gph/en/manual.html)recommends a strong passphrase to protect the key. Another strategy is to create sub-keys derived from the private key and use those sub-keys for signing and encrypting anything. This would also mean that you export the public key of whichever sub-key you decide to use -- not your private key. As the use of the public sub-key cannot be used to derive the private key utilizing the sub-key strategy may be the most sensible strategy. > > I think: > > 1. Using gnupg on a windows PC with internet connection is not good, because there are too many trojans out there. In all fairness, the PC is as weak or strong as it's user. In other words, if you are not willing to do the "nitty-gritty and sometimes research as relentless in nature as Indiana Jones - regarding how you defend your operating system then believe it or not choosing Linux or the Mac won't save you from your laziness. Sorry, but that's the truth. You have to have your own drive to master whatever technology (mathematics, coding language, nuance and more) necessary to defend yourself, your family and your property. If you don't or won't make the effort -- understand that this is exactly what those who create malware rely upon. The other crowd who rely on your "lack of will" are the commercial entities who benefit from those who just want "someone else" to handle the details and who are willing to pay for whatever appears "on the shelf". > > 2. Using gnupg on a linux PC with internet connection (like privatix, see http://www.mandalka.name/privatix/index.html.en ) is better since there are fewer(?) security holes and trojans out there. How big do you think is the thread? > IF you decide you are serious regarding Linux then Debian or Red Hat remain the two you should rely upon. Everyone else, follows them. Of course, if you are really brave and really know what you are doing then Slackware is reliable. Again don't rely on anyone, especially in Linux, to provide you with a satisfactory and reliable defense if you have no clue as to how it works, or how you can repair it should something go wrong or how to improve it's reliability as hacking and threat environment's increase. > 3. The best way is to have one PC connected to the internet and another, without an internet connection (missing network drivers and a fully encrypted hard disk for instance), which you use to decrypt and encrypt messages. You use an USB stick to carry messages from the internet PC to the one not connected to the net. If you don't have two PCs, you can use another USB stick with privatix without network drivers on it. > > Which software can I use under point 3 to put my messages in order (date, sender, etc.) on a linux system? > > Most people use something like point 2, don't they? > > Point 3 is the only satisfying to me, since I find it hard to judge the the thread in point 2. Additionally point 3 makes it easier to see when your key might have been stolen: If you see traces that someone broke into your house and searched everything for the hidden privatix USB stick. Only experts might notice a trojan under point 2. > > Thanks for answers, > Jan > I think I recall seeing that question (3) on a Computer Science exam. The truth, unfortunately, is that there is no "best way". Unfortunately, there is another level of system attack which was used successfully against HBGary and should be a tale elevated to the level of Grimm's Fairy Tales until it seeps into the unconscious and conscious level of each persons awareness. Read this article and I'm sure you'll get my point: http://www.theregister.co.uk/2011/03/17/hbgary_anon_hacker_interview/ HBGary believed it's own hype regarding their sophistication and skills; simply stated as a corporation they failed the same way or close enough as the individual who believes s/he is a "legend - in their own mind". The trap very similar to that limited thought is to believe that your system is safe because it is isolated; in fact the weakness of your system (regardless what you buy) is really -- you. This side of the problem can be intuited by understanding how many people fall the Nigerian or Russian or other scam ploy every day. In other words, be aware of your own susceptibility to being tricked, taken, and mislead such as when we are distracted. It is one thing to be enjoyably tricked at a magic show, quite another emotion is experienced when your data is stolen and you have no clue how or why until you realize that it was your fault for trusting so and so. I have no intention of being overly discouraging as much as underlying the fundamentals regarding why computer security, encryption methods, etc. are constantly becoming more complex and involved. There really is only one reasonable approach: dive in and master the details yourself. You wouldn't trust a used car salesperson or insurance guy to tell you everything is fine, right? You've got to know quite a bit to know when you are being "taken", right? Well, technology is no different. In some ways, it's harder because a lot of people don't want to work that hard. If you remember however that both criminals and commercial markets are depending upon that natural laziness which we each have -- you may have a chance of developing your own incentive to learn and master what you must and maybe a little more to recognize when you are being "taken". All the best... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Tue Oct 18 02:08:50 2011 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 17 Oct 2011 17:08:50 -0700 Subject: private key protection In-Reply-To: <4E9CA1A7.9050305@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> Message-ID: <4E9CC392.3020002@dougbarton.us> On 10/17/2011 14:44, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... I'm not sure I understand the distinction you're making there. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Tue Oct 18 02:27:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 17 Oct 2011 20:27:06 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9CA73E.2070305@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017203215.GO32237@poseidon.cocyt.us> <4E9C9778.8060706@adversary.org> <4E9C9C3F.5000400@jeromebaum.com> <4E9CA53E.100@sixdemonbag.org> <4E9CA73E.2070305@jeromebaum.com> Message-ID: <4E9CC7DA.6050802@sixdemonbag.org> On 10/17/2011 6:07 PM, Jerome Baum wrote: >>> So enabling _Enigmail_'s "Send 'OpenPGP' header" option is difficult now? > > The emphasis was clearly on "Enigmail", not on whether it's difficult or > not. And the answer to your question is obviously, "Yes." > If you hadn't misquoted me you might have included the bit where I > said this should be default-on (obviously so the user doesn't have to > configure it). As soon as you can figure out a way to do this, I'll take it seriously. Until then, this is magic pixie dust. Everyone has an idea for how to do this: I've yet to see a single one that actually stands any chance at success. The more you make the process automated the more fragile and exploitable it becomes. The more you shift the burden to people, the better your chances of resistance to attack but the worse the learning curve and adoption rates become. From wk at gnupg.org Tue Oct 18 08:46:24 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 08:46:24 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9C7300.1050901@jeromebaum.com> (Jerome Baum's message of "Mon, 17 Oct 2011 20:25:04 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> Message-ID: <87ehya4x1b.fsf@vigenere.g10code.de> On Mon, 17 Oct 2011 20:25, jerome at jeromebaum.com said: > Skimmed over this. You say that you need ISP support to get the system > adopted (for the DNS-based distribution). Wouldn't that hinder adoption? Please look at how most people use mail: They get a mail address from their ISP, a preinstalled MUA and so on. Mail works for them instantly; if it does not work, they change the provider or don't use mail. Thus to allows allow for instant use of encryption it is important to have encryption on by default and so you can't do that without getting ISPs interested in it. > How about an opportunistic approach? This email should include the > following header: See above. Further the problem with such headers is that it is a local configuration highly dependent on the used MUA. More and more users are reading mail with at least two devices. Thus a certain degree of MUA independence is required. Access to the DNS is required anyway thus it is an obvious solution to use it for key distribution. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From simon at josefsson.org Tue Oct 18 10:24:50 2011 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 18 Oct 2011 10:24:50 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111017235042.GB9698__33485.1812957369$1318895520$gmane$org@poseidon.cocyt.us> (Aaron Toponce's message of "Mon, 17 Oct 2011 17:50:42 -0600") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698__33485.1812957369$1318895520$gmane$org@poseidon.cocyt.us> Message-ID: <87k482ogfh.fsf@latte.josefsson.org> Aaron Toponce writes: > I've added it with "my_hdr OpenPGP id=${pgp_sign_as}\;url=...". The only > question remaining, for me, is whether or not it should be "X-OpenPGP" or > "OpenPGP" as the header field name. I've heard various positions on this, > but nothing definitive. No X-OpenPGP please. It was a broken idea that prevented standardization of headers that gain popularity. The X- idea was removed from the latest revision of RFC 822. /Simon From melvincarvalho at gmail.com Tue Oct 18 11:50:31 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Tue, 18 Oct 2011 11:50:31 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: On 17 October 2011 20:11, Werner Koch wrote: > Hi! > > Over the last year Marcus and me discussed ideas on how to make > encryption easier for non-crypto geeks. ?We explained our plans to > several people and finally decided to start a project to develop such a > system. ?Obviously it is based on GnuPG but this is only one component > of the whole system. ?We prepared a short paper; if you are interested > you may download it from > > ?http://g10code.com/docs/steed-usable-e2ee.pdf > > There is also a brief (for now) web page dedicated to this project: > > ?http://g10code.com/steed.html Have you had a look at? http://retroshare.sourceforge.net/ It has a very good integration with GPG > > > > Salam-Shalom, > > ? Werner > > > -- > Die Gedanken sind frei. ?Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From jerome at jeromebaum.com Tue Oct 18 14:10:07 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 14:10:07 +0200 Subject: private key protection In-Reply-To: <4E9CC392.3020002@dougbarton.us> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> Message-ID: <4E9D6C9F.8000501@jeromebaum.com> >> I'm going to lean very far out the window and assume he meant the actual >> private key, not the private key-ring/-file/... > > I'm not sure I understand the distinction you're making there. One is protected with a passphrase (i.e. it's encrypted), the other is in the clear. If I manage to steal your private keyring, then yes the very strong passphrase should grind my attempts to steal your key to a halt. If I manage to steal your private _key_ OTOH, I don't need to get past your passphrase as that doesn't come into play. cf. "Your private key being stolen isn't really that big of a deal." -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Tue Oct 18 14:22:32 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 08:22:32 -0400 Subject: private key protection In-Reply-To: <4E9D6C9F.8000501@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> Message-ID: <4E9D6F88.1000909@sixdemonbag.org> On 10/18/2011 8:10 AM, Jerome Baum wrote: > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. If I > manage to steal your private _key_ OTOH, I don't need to get past your > passphrase as that doesn't come into play. Nonsense. Have you looked at how GnuPG stores a keyring? It's a sequential series of individual keys, one octet after another. There is no difference between an individual private key and a keyring containing one entry. (Note: this was true as of early in the GnuPG 1.4 days, which was the last time I seriously looked at the code. I'm going from a memory a few years old here.) What you seem to be saying is "if I steal your decrypted key, which is to say the raw key material...". Well, okay: but we already know that's a game-over state, which makes your statement trivial. From jerome at jeromebaum.com Tue Oct 18 14:36:29 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 14:36:29 +0200 Subject: private key protection In-Reply-To: <4E9D6F88.1000909@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> Message-ID: <4E9D72CD.70902@jeromebaum.com> On 2011-10-18 14:22, Robert J. Hansen wrote: > On 10/18/2011 8:10 AM, Jerome Baum wrote: >> If I manage to steal your private keyring, then yes the very strong >> passphrase should grind my attempts to steal your key to a halt. If I >> manage to steal your private _key_ OTOH, I don't need to get past your >> passphrase as that doesn't come into play. > > Nonsense. > > Have you looked at how GnuPG stores a keyring? It's a sequential series > of individual keys, one octet after another. There is no difference > between an individual private key and a keyring containing one entry. Have you looked at my original statement? I recall making the distinction between a key* and a key-ring/-file, not between a key-ring and a key-file. > (Note: this was true as of early in the GnuPG 1.4 days, which was the > last time I seriously looked at the code. I'm going from a memory a few > years old here.) IIRC "nowadays" is store a separate file per key? > What you seem to be saying is "if I steal your decrypted key, which is > to say the raw key material...". Well, okay: but we already know that's > a game-over state, which makes your statement trivial. If you look at the original context you'll see that my statement wasn't so trivial. The OP asked "how can I prevent people from stealing my key*?" and one person answered "it's not a problem if people steal your key*, because it's passphrase-protected." In this context it might be a good idea to mention that stealing your actual key* from memory _is_ a problem, while stealing your key-file/-ring/-whatever is truly not so big a problem if your passphrase holds up. * I'm going to take the word to mean what it says: "key", not what I can flexibly interpret it as: "encrypted key". -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Tue Oct 18 14:48:09 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 14:48:09 +0200 Subject: private key protection In-Reply-To: <4E9D72CD.70902@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> Message-ID: <4E9D7589.9000200@digitalbrains.com> On 18/10/11 14:36, Jerome Baum wrote: > * I'm going to take the word to mean what it says: "key", not what I can > flexibly interpret it as: "encrypted key". One of those metal things in my pocket? What good are they for encryption? Even if you manage to read it in, it still has way too little entropy... Or in other words: the word has multiple meanings. If you want to discuss stuff, you need to determine which of those meanings you're talking about, not attempt to constrict the definition of the ambiguous word. That'll only lead to bickering about which definition is the correct one. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From takethebus at gmx.de Tue Oct 18 14:53:39 2011 From: takethebus at gmx.de (takethebus at gmx.de) Date: Tue, 18 Oct 2011 14:53:39 +0200 Subject: private key protection In-Reply-To: <4E9D72CD.70902@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> Message-ID: <20111018125339.114530@gmx.net> Monday, October 17, 2011, 11:30:48 PM, Robert wrote: > Smartcard and a good PIN. That's pretty much the gold standard. It's > not the best way (there is no 'best way'), but it's generally an > excellent place to start from. I read a smartcard is simply a chip card. Why is it save, what's a PIN? Say I'm using it on a PC with a trojan in the background that logs my keystrokes (my password) and can send data (my key) via internet to an attacker. How is access restricted to the key by the smartcard? > 3. The best way is to have one PC connected to the internet and > another, without an internet connection (missing network drivers and > a fully encrypted hard disk for instance), which you use to decrypt > and encrypt messages. You use an USB stick to carry messages from > the internet PC to the one not connected to the net. If you don't > have two PCs, you can use another USB stick with privatix without network drivers on it. Since the PC is "isolated" from the net, I don't need to be afraid of software keyloggers, trojans etc. I'm only fulnerable to physical/hardware attacks which are easier to notice for a person who's no computer expert. From rjh at sixdemonbag.org Tue Oct 18 15:05:23 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 09:05:23 -0400 Subject: private key protection In-Reply-To: <4E9D72CD.70902@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> Message-ID: <4E9D7993.1090508@sixdemonbag.org> On 10/18/2011 8:36 AM, Jerome Baum wrote: > Have you looked at my original statement? Yes. > I recall making the distinction between a key* and a key-ring/-file, > not between a key-ring and a key-file. A distinction that has been lost on apparently everyone here. Please use accepted terminology. > IIRC "nowadays" is store a separate file per key? No, it's still a single file ("pubring.gpg", for instance, is the public keyring). I just can't promise that it's still a raw stream of RFC4880 octets. > If you look at the original context you'll see that my statement > wasn't so trivial. I have been: your statement is trivial. > The OP asked "how can I prevent people from stealing my key*?" and > one person answered "it's not a problem if people steal your key*, > because it's passphrase-protected." Assuming the passphrase is of high quality, that answer is *absolutely correct*. > In this context it might be a good idea to mention that stealing > your actual key* from memory _is_ a problem, while stealing your > key-file/-ring/-whatever is truly not so big a problem if your > passphrase holds up. If the attacker already has read-wherever access to memory, the attacker can do orders of magnitude worse than steal private key material. You're saying here, "if you assume the computer is already in a game-over condition, then it's game-over." Which is true, but it's also pretty close to the canonical example of trivial. From peter at digitalbrains.com Tue Oct 18 15:07:38 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 15:07:38 +0200 Subject: private key protection In-Reply-To: <20111018125339.114530@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> Message-ID: <4E9D7A1A.9050102@digitalbrains.com> On 18/10/11 14:53, takethebus at gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? Say I'm using it on a PC with a trojan in the background > that logs my keystrokes (my password) and can send data (my key) > via internet to an attacker. How is access restricted to the key by > the smartcard? It's simply a chip card. Which means the same as: It's simply a computer. Only small and not very powerful. The key never leaves the smartcard. It does the decryption and signing instead of your computer. Not of the whole file you decrypt or sign: in a hybrid cryptosystem like GnuPG, the private key (on the smartcard) is only used to decrypt or sign a very small piece of data. If you decrypt a file, the only thing decrypted by your private key is the "session key", which is a randomly generated key used to decrypt the actual file with symmetric encryption. If you sign a file, you sign a hash that is computed from the contents of the file. So the actual data transfer between PC and smartcard is small. If someone sniffs your PIN, and has trojaned or rooted your computer, he could use your smartcard while it is still plugged in to your computer, just like you are using your smartcard. But he wouldn't have your raw secret key material and use it without also having access to the smartcard. > Since the PC is "isolated" from the net, I don't need to be afraid of > software keyloggers, trojans etc. I'm only fulnerable to > physical/hardware attacks which are easier to notice for a person > who's no computer expert. A capable enough hacker might infect the USB pendrive while it is in your internet-connected PC and that way still gain access to the non-connected system. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Tue Oct 18 15:08:15 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 15:08:15 +0200 Subject: private key protection In-Reply-To: <4E9D7589.9000200@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7589.9000200@digitalbrains.com> Message-ID: <4E9D7A3F.8080503@jeromebaum.com> On 2011-10-18 14:48, Peter Lebbing wrote: > On 18/10/11 14:36, Jerome Baum wrote: >> * I'm going to take the word to mean what it says: "key", not what I can >> flexibly interpret it as: "encrypted key". > > One of those metal things in my pocket? What good are they for encryption? Even > if you manage to read it in, it still has way too little entropy... > > Or in other words: the word has multiple meanings. If you want to discuss stuff, > you need to determine which of those meanings you're talking about, not attempt > to constrict the definition of the ambiguous word. That'll only lead to > bickering about which definition is the correct one. > > Peter. > Makes sense if there's no context. But there's context here -- "cryptography". In that context, key means something specific. Say you're discussing search trees (the data structure) and someone comes up and starts talking about how binary trees are so efficient. Then I come along and say "hold on, binary trees aren't necessarily balanced, so the search time can even be linear". What's ambiguous here? Now someones comes along and says "that's just stupid, obviously a binary tree is a balanced binary tree, and if you meant a binary tree that could be balanced or unbalanced then your statement is trivial". In the context of the discussion (computer science), the "binary tree" isn't a piece of wood with leaves [that someone cut in half -- "binary" :)]. Even if we take "binary tree" at face value. Just like "key" in the context of cryptography doesn't mean a piece of metal, even at face value. (A physical key would usually be a "physical key" or something of the kind.) It's one thing to be picky when it adds to the discussion proper. That would be the case when we're distinguishing between the key as it is stored on disk (encrypted, inside a key-file/-ring/...) and the key as it is stored in memory (unencrypted). That distinction is important when considering your attack vectors. But the distinction between a physical key and a cryptographic key isn't adding value to the discussion proper. It's being picky for the sake of it. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Tue Oct 18 15:14:50 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 09:14:50 -0400 Subject: private key protection In-Reply-To: <20111018125339.114530@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> Message-ID: <4E9D7BCA.6050405@sixdemonbag.org> On 10/18/2011 8:53 AM, takethebus at gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? PIN: Personal Identification Number. The idea is the secret key material is stored on the card, not on the PC. The secret key material is located in write-only memory: from the PC side, there is no way to read off the secret key material. When you want to sign a document the PC computes a hash of the data, then sends the hash to the card. The card tells the PC, "ask the user for their PIN number to unlock my secret key." The PC gets the user's PIN and sends it to the card. If the PIN entered is correct, the card signs the hash and returns back a signature. Let's say your PC gets Trojaned. An attacker can replace the GnuPG binary with a Trojaned version that will capture the PIN, sure, but there is literally no way for the Trojaned GnuPG binary to capture the secret key material off the card. I'm not saying it's safe. Safety is, at best, a relative term. However, this is generally accepted to be as safe an option as any, and safer than most. > How is access restricted to the key by the smartcard? The card disallows any external read access to the secret key material. > Since the PC is "isolated" from the net, I don't need to be afraid > of software keyloggers, trojans etc. Check your assumptions, friend. ;) > 3. The best way is to have one PC connected to the internet and > another, without an internet connection (missing network drivers and > a fully encrypted hard disk for instance), which you use to decrypt > and encrypt messages. You use an USB stick to carry messages from the > internet PC to the one not connected to the net. USB sticks make great malware vectors. Just ask any Iranian nuclear scientist. :) From rjh at sixdemonbag.org Tue Oct 18 15:19:25 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 09:19:25 -0400 Subject: private key protection In-Reply-To: <4E9D7A3F.8080503@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7589.9000200@digitalbrains.com> <4E9D7A3F.8080503@jeromebaum.com> Message-ID: <4E9D7CDD.6020906@sixdemonbag.org> On 10/18/2011 9:08 AM, Jerome Baum wrote: > Makes sense if there's no context. But there's context here -- > "cryptography". In that context, key means something specific. This ain't EUROCRYPT or FINANCIAL CRYPTOGRAPHY. If you're reading professional journals that are talking about crypto in purely mathematical terms, then yes, 'key' means that. However, in the context of OpenPGP and its predecessors there's about 20 years of precedent for using 'key' to reference the collection of subkeys, user IDs, user attributes, signatures, and so on. This goes back all the way to the early 1990s. Arguably we should be using 'certificate' to describe keys, but honestly, that's a losing battle: the community's inertia on the subject of 'key' is immense. From jerome at jeromebaum.com Tue Oct 18 15:20:21 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 15:20:21 +0200 Subject: private key protection In-Reply-To: <4E9D7993.1090508@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> Message-ID: <4E9D7D15.1090806@jeromebaum.com> On 2011-10-18 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> I recall making the distinction between a key* and a key-ring/-file, >> not between a key-ring and a key-file. > > A distinction that has been lost on apparently everyone here. Please > use accepted terminology. If "everyone" is three people, then yes. >> The OP asked "how can I prevent people from stealing my key*?" and >> one person answered "it's not a problem if people steal your key*, >> because it's passphrase-protected." > > Assuming the passphrase is of high quality, that answer is *absolutely > correct*. Sure, if you take key to be the encrypted key. That's why I never said that the answer is wrong in any way. I just said we need to be careful to make this distinction. >> In this context it might be a good idea to mention that stealing >> your actual key* from memory _is_ a problem, while stealing your >> key-file/-ring/-whatever is truly not so big a problem if your >> passphrase holds up. > > If the attacker already has read-wherever access to memory, the attacker > can do orders of magnitude worse than steal private key material. > You're saying here, "if you assume the computer is already in a > game-over condition, then it's game-over." Which is true, but it's also > pretty close to the canonical example of trivial. The OP asked for advice about protecting his key. I made the point that the key in memory is unprotected while the key on disk is protected. Lots of implications there (watch out for insecure memory on Windows, watch out for how you physically protect your computer, consider using a smart-card). How is this trivial*? * http://www.merriam-webster.com/dictionary/trivial -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Tue Oct 18 15:22:48 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 15:22:48 +0200 Subject: private key protection In-Reply-To: <4E9D7993.1090508@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> Message-ID: <4E9D7DA8.4080004@digitalbrains.com> On 18/10/11 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> Have you looked at my original statement? > > Yes. Oddly, I don't recall Jerome ever making a statement remotely like "If I steal your decrypted key, ...". I only remember him stating that he thought, as did I, that the OP meant that he wanted ways to prevent people stealing his secret key material when he said: "what is the best way to protect your private key from getting stolen?". Anthony interpreted it as somebody stealing the keyring, and Jerome disagreed on that interpretation. As do I. >> I recall making the distinction between a key* and a key-ring/-file, >> not between a key-ring and a key-file. > > A distinction that has been lost on apparently everyone here. Please > use accepted terminology. When reading the thread, I wasn't for one moment confused about the intended meaning of the word "key" when Jerome used it. Funnily enough, Jerome was correcting Antony, and Antony replied: "Rereading the post, you're probably right." Which I think means the distinction was also not lost on Antony. >> If you look at the original context you'll see that my statement >> wasn't so trivial. > > I have been: your statement is trivial. Produce the exact trivial statement, please, in a quote. Otherwise we'll never be able to determine it's triviality. Because I only see Jerome asserting: - That the OP probably meant "raw secret key material" when he said key (my own phrasing) - That the distinction between a keyring/-file and a key as he meant it was that the one was protected by a passphrase and the other was not, as it was the raw secret key material. I don't see the triviality. What I do consider trivial is this silly bickering over who said what, when and what the other one meant when he wrote what he wrote. > If the attacker already has read-wherever access to memory, the attacker > can do orders of magnitude worse than steal private key material. Just as a sidebar, I disagree. The access to my private key would be the worst thing, the rest of my computer memory is much less interesting. > You're saying here, "if you assume the computer is already in a > game-over condition, then it's game-over." Which is true, but it's also > pretty close to the canonical example of trivial. No, he never said that. It would come closer to truth to state he said it's game over, but he did not say that when it's game over, that then it's game over. I'm not going to assert what he actually meant when he said the exact words he said, because that is something which is out of reach for all of us except Jerome or a really good brainscanner attached to Jeromes head while he writes mails. Seriously. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Tue Oct 18 15:23:22 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 15:23:22 +0200 Subject: private key protection In-Reply-To: <4E9D7A1A.9050102@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> Message-ID: <4E9D7DCA.9050503@jeromebaum.com> > If someone sniffs your PIN, and has trojaned or rooted your computer, he could > use your smartcard while it is still plugged in to your computer, just like you > are using your smartcard. If you're worried about this you should be able to find a smartcard reader with PIN entry that GnuPG supports. That way you never enter your PIN on the computer. It doesn't prevent a trojan from signing something other than what you intended (if it's your master key on card, even another key or a new sub-key) but whether this is a problem depends on your threat model. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Tue Oct 18 15:27:17 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 15:27:17 +0200 Subject: private key protection In-Reply-To: <4E9D7993.1090508@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> Message-ID: <4E9D7EB5.7010006@digitalbrains.com> On 18/10/11 15:05, Robert J. Hansen wrote: >> IIRC "nowadays" is store a separate file per key? > > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. ls ~/.gnupg/private-keys-v1.d/ Peter. PS: nowadays (adverb) 1. At the present time 2. In te current era 3. In GnuPG 2 ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Oct 18 15:29:29 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 15:29:29 +0200 Subject: private key protection In-Reply-To: <4E9D7A3F.8080503@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7589.9000200@digitalbrains.com> <4E9D7A3F.8080503@jeromebaum.com> Message-ID: <4E9D7F39.9000401@digitalbrains.com> On 18/10/11 15:08, Jerome Baum wrote: > It's one thing to be picky when it adds to the discussion proper. That > would be the case when we're distinguishing between the key as it is > stored on disk (encrypted, inside a key-file/-ring/...) and the key as > it is stored in memory (unencrypted). That distinction is important when > considering your attack vectors. > > But the distinction between a physical key and a cryptographic key isn't > adding value to the discussion proper. It's being picky for the sake of it. Yeah, that part was actually tongue-in-cheek. The part about not being picky at all wasn't. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Tue Oct 18 15:30:00 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 15:30:00 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ehya4x1b.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> Message-ID: <4E9D7F58.5020808@jeromebaum.com> >> Skimmed over this. You say that you need ISP support to get the >> system adopted (for the DNS-based distribution). Wouldn't that >> hinder adoption? > > Please look at how most people use mail: They get a mail address from > their ISP, a preinstalled MUA and so on. Mail works for them > instantly; if it does not work, they change the provider or don't > use mail. Thus to allows allow for instant use of encryption it is > important to have encryption on by default and so you can't do that > without getting ISPs interested in it. I know a number of "power users" that aren't savvy enough to configure gpg4win but are savvy enough for their share of MUAs. The MUA in this case isn't supplied by the ISP. In fact to my knowledge outside of webmail and inside "private email" (so drop companies, universities, schools) it's usual to configure your own MUA, with the help of instructions from your ISP. So yes the ISP is useful in helping with adoption (never said this isn't true, I fully agree) but this absolute "ISP or not at all" approach bugs me. >> How about an opportunistic approach? This email should include the >> following header: > > See above. Further the problem with such headers is that it is a > local configuration highly dependent on the used MUA. More and more > users are reading mail with at least two devices. Thus a certain > degree of MUA independence is required. Access to the DNS is > required anyway thus it is an obvious solution to use it for key > distribution. I was saying "if we have to extend the MUA anyway, we might as well add this header". We have to extend the MUA or otherwise it doesn't support end-point encryption. I don't see how DNS changes need to be made "anyway". So take an average email provider and assume I don't have any zones delegated to me. I can upload my key to the keyservers just fine. I can add this header just fine. I can attach the key to my emails just fine. I don't need the ISP to do anything in his DNS zone.* (Now before someone comes up with "yeah but the end-user doesn't know how to", *a computer can do all of this just fine*.) I'm not saying the ISP wouldn't be helpful when it comes to deploying this. Using Hushmail is obviously easier than installing and configuring gpg4win. I just don't like this absolute approach of "we need the ISP, there's no way to do this without them, so let's not even try." What speaks against a hybrid approach (use the ISP if they support it, do it on our own if they don't)? I'd think what speaks against should be "takes more work to develop" or "adds software complexity", not theoretical arguments about how this can't be user-friendly. The "header vs. DNS" question doesn't even relate to user-friendliness as it should happen behind the scenes. The only effect cooperation with ISPs would have is that some users get a message saying we don't support their ISP. I'm trying to suggest a solution that drop this message for those users. * To show that I think DNS is useful: ;; ANSWER SECTION: jerome._pka.jeromebaum.com. 3596 IN TXT "v=pka1\;fpr=A0E4B2D494E620EE85BAE45B63E42BD8C58C753A\;uri=http://jeromebaum.com/pgp" (Hmm I should update that to the https version. I'll do this "tomorrow".) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Tue Oct 18 15:37:38 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 15:37:38 +0200 Subject: private key protection In-Reply-To: <4E9D7DCA.9050503@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9D7DCA.9050503@jeromebaum.com> Message-ID: <4E9D8122.5060906@digitalbrains.com> On 18/10/11 15:23, Jerome Baum wrote: > It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. The signature problem can still be solved by manual labour: you made *one* signature. If you have a signature on your file that checks out, that's apparently the one signature you made. This is thanks to the "Signature PIN: forced" setting of OpenPGP smartcards. However, there's another scenario involving encrypted files. Once you've entered your PIN, your smartcard will decrypt files and stuff without asking for the PIN again. So if you enter the PIN on your secure smartcard reader, and someone has trojaned your PC, the trojan or attacker can then decrypt further files until the smartcard is "reset". Still, it is all restricted to the timeframe the smartcard is active "inside" the hacked computer. At no point is the key fully compromised: the attacker can't copy the key to his own system, and he can't sign or decrypt anything without the smartcard being in a hacked computer at the time he wants to decrypt or sign. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Tue Oct 18 15:39:39 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 15:39:39 +0200 Subject: private key protection In-Reply-To: <4E9D7DCA.9050503@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9D7DCA.9050503@jeromebaum.com> Message-ID: <4E9D819B.6050609@jeromebaum.com> > It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. I should mention that the current OpenPGP card spec doesn't let the card know whether it's signing a key or signing data. So there's no way to prevent this attack other than not keeping your master-key on card. I prefer keeping the master-key encrypted thrice and printed out in a vault, surrounded 25x8 by guards authorized to use lethal force. But seriously, I keep the master-key encrypted/printed and store it in my safe deposit box. The sub-key goes on the card. Trojan issue is a much smaller issue then, as the card includes a signature counter. I also keep a backup of the encryption key in case the card breaks. That's probably a good idea. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From wk at gnupg.org Tue Oct 18 15:42:22 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 15:42:22 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9D7F58.5020808@jeromebaum.com> (Jerome Baum's message of "Tue, 18 Oct 2011 15:30:00 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> Message-ID: <87pqhu1kn5.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 15:30, jerome at jeromebaum.com said: > In fact to my knowledge outside of webmail and inside "private email" > (so drop companies, universities, schools) it's usual to configure your > own MUA, with the help of instructions from your ISP. Well, so we need to convince them to change those instructions. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Tue Oct 18 15:49:59 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 09:49:59 -0400 Subject: private key protection In-Reply-To: <4E9D7DA8.4080004@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> <4E9D7DA8.4080004@digitalbrains.com> Message-ID: <4E9D8407.8010405@sixdemonbag.org> I'm going to keep this as short as possible, because we've already hit the point at which we're casting far more heat than light. > Oddly, I don't recall Jerome ever making a statement remotely like > "If I steal your decrypted key, ...". I only remember him stating > that he thought, as did I, that the OP meant that he wanted ways to > prevent people stealing his secret key material when he said: "what > is the best way to protect your private key from getting stolen?". > Anthony interpreted it as somebody stealing the keyring, and Jerome > disagreed on that interpretation. As do I. GnuPG depends on you having physical control of the hardware for the duration of your use of the system. If this fails, then there's nothing GnuPG -- or anything, for that matter! -- can do to keep your secret key material safe. If I put my secret key on a system that is later compromised, I can still be confident in the security of my secret key. If I log into that machine and use my secret key even once, though, that key needs to be considered compromised because I've failed to uphold the absolute prerequisite for GnuPG usage: control of the hardware during my interaction with it. Secret key material can only be compromised in two situations: either (a) someone you don't trust has root on your system while you're using GnuPG, in which case it's a game-over and the only defense is "well, don't do that, then!", or (b) someone compromises your PC while you're not using GnuPG and steals your private key. (a) is true, but it doesn't lead anywhere useful. That makes it trivial. Why are we even discussing a triviality? From mwood at IUPUI.Edu Tue Oct 18 16:00:29 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 18 Oct 2011 10:00:29 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9D7F58.5020808@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> Message-ID: <20111018140029.GD13421@IUPUI.Edu> I don't see why the ISP has to be the entity providing DNS lookup. The one I use won't even allocate me a static address, let alone accept RRs from me to serve out to others. I'm not sure I'd trust them to get it right and *keep* it right anyway. If the ISPs won't cooperate, maybe the antivirus vendors would. They're already in the data security business, already have an extensive network presence, and already get money from me to help me secure my information assets. Build enrollment into the AV product or provide a separate setup tool. It should be simple. Likewise there are freestanding DNS providers out there who already have the infrastructure and the experience, are already serving some of us, already get money from some of us. This could be a welcome source of a little more income for very little more cost, or a freebie to get you in the door like free DDNS does. (I should read the paper; maybe this has been addressed.) -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From takethebus at gmx.de Tue Oct 18 16:06:10 2011 From: takethebus at gmx.de (takethebus at gmx.de) Date: Tue, 18 Oct 2011 16:06:10 +0200 Subject: private key protection In-Reply-To: <4E9D819B.6050609@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9D7DCA.9050503@jeromebaum.com> <4E9D819B.6050609@jeromebaum.com> Message-ID: <20111018140610.192890@gmx.net> Thanks to everyone for the helpful answers. Maybe I'll buy a smartcard, it seems more convinient than rebooting for every email. From mwood at IUPUI.Edu Tue Oct 18 15:42:19 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 18 Oct 2011 09:42:19 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111017235042.GB9698@poseidon.cocyt.us> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> Message-ID: <20111018134219.GC13421@IUPUI.Edu> On Mon, Oct 17, 2011 at 05:50:42PM -0600, Aaron Toponce wrote: [snip] > At any rate, I would love to see more client-to-client encryption in email. > I've always wondered if there could be an "OTR" approach to mail, somehow, > so people don't need to generate and manage their own sets of keys, as that > seems to be the largest hinderence to widespread adoption. The only thing > the user should do, is compose the mail, hit send, and everything is > handled with very minimal user interaction. "Three can keep a secret, if two of them are dead." If your computer holds the ultimate secret, anyone who can control the computer can use that secret. The user *must* be actively involved. We can remove *needless* complexity, but security could be said to be the art of *introducing* specific complexity that's a lot worse for the attacker than it is for you. It can't be automagical. Anyway, key generation is already automated. All you have to do is (1) choose to employ crypto, and (2) supply a passphrase that you can remember. There are even methods and tools to help you do (2)! To be secure without being involved in the process is an unreasonable expectation which can never be met. We need to teach our kids to expect to protect themselves online the same way we teach them to look both ways before crossing the street. Probably at the same age. Otherwise they'll grow up to believe the hype that you can buy security the same as buying bread. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mwood at IUPUI.Edu Tue Oct 18 15:15:14 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 18 Oct 2011 09:15:14 -0400 Subject: private key protection In-Reply-To: <4E9D6C9F.8000501@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> Message-ID: <20111018131514.GB13421@IUPUI.Edu> On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > >> I'm going to lean very far out the window and assume he meant the actual > >> private key, not the private key-ring/-file/... > > > > I'm not sure I understand the distinction you're making there. > > One is protected with a passphrase (i.e. it's encrypted), the other is > in the clear. > > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. Well, not quite. Eventually you would get it. The task of security systems is to make "eventually" be longer than: o the payoff is worth; or o the time it takes to be discovered; or o the time it takes for the secured object to lose its value. Statistically, that is. You could get it right on the first try, but you very probably won't. You are guaranteed to get it right if you try every possible value. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From jerome at jeromebaum.com Tue Oct 18 16:20:05 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:20:05 +0200 Subject: private key protection In-Reply-To: <20111018140610.192890@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9D7DCA.9050503@jeromebaum.com> <4E9D819B.6050609@jeromebaum.com> <20111018140610.192890@gmx.net> Message-ID: <4E9D8B15.5090901@jeromebaum.com> On 2011-10-18 16:06, takethebus at gmx.de wrote: > Thanks to everyone for the helpful answers. Maybe I'll buy a > smartcard, it seems more convinient than rebooting for every email. What country are you in? For Germany, kernelconcepts sells the OpenPGP card v2 and cryptoshop sells a very basic USB card reader (no PIN entry) for a total below 50 ?. (IIRC cryptoshop is based in Austria, but they ship to Germany.) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Tue Oct 18 16:22:17 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 16:22:17 +0200 Subject: private key protection In-Reply-To: <4E9D8407.8010405@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> <4E9D7DA8.4080004@digitalbrains.com> <4E9D8407.8010405@sixdemonbag.org> Message-ID: <4E9D8B99.8080604@digitalbrains.com> > (a) is true, but it doesn't lead anywhere useful. That makes it > trivial. Seems like you keep asserting Jerome posed (a) as something insightful. I don't remember someone other than you posing (a) at all. I really see no point in keeping on telling people they said something different than what they meant to say. Isn't it way more productive to determine what they meant, rather than what /you/ (or anyone) read in it? Are we here to catch eachother on potentially saying something, for instance, trivial, and going "aha! Got ya!"? Or are we here to discuss crypto and stuff having to do with crypto? Meanwhile, you are right about the heat versus light ratio, so I will stop this side discussion as well, hopefully even if it annoys me some more :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From frase at frase.id.au Tue Oct 18 15:37:53 2011 From: frase at frase.id.au (Fraser Tweedale) Date: Tue, 18 Oct 2011 23:37:53 +1000 Subject: signing party: webserver software for key submission? Message-ID: <20111018133752.GD26069@bacardi.wooloowin.frase.id.au> Hullo, Just wondering if anyone knows of any scripts for collecting keys into a keyring prior to a key signing party (i.e., for people who intend to participate to submit their keys)? Regards, Fraser From jerome at jeromebaum.com Tue Oct 18 16:23:42 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:23:42 +0200 Subject: private key protection In-Reply-To: <20111018131514.GB13421@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <20111018131514.GB13421@IUPUI.Edu> Message-ID: <4E9D8BEE.5040809@jeromebaum.com> > Well, not quite. Eventually you would get it. The task of security > systems is to make "eventually" be longer than: > > o the payoff is worth; or > o the time it takes to be discovered; or > o the time it takes for the secured object to lose its value. > > Statistically, that is. You could get it right on the first try, but > you very probably won't. You are guaranteed to get it right if you > try every possible value. Right, that's a good point I think we all considered "trivial" when maybe we shouldn't have. In your threat model you should determine for how long your data should be safe (per attacker type) before you go ahead and make decisions about key protection. While we're discussing the STEED proposal in the other thread, do you think it's better to educate your users and risk loosing them or do you think it's better to provide "sensible" defaults for the "average" threat model and assume they'll learn everything else over time and start tweaking? I suppose the latter model fits the "power user" case well, where they start using the tool and eventually learn about other features and start tweaking. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From wk at gnupg.org Tue Oct 18 16:22:47 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 16:22:47 +0200 Subject: private key protection In-Reply-To: <4E9D7CDD.6020906@sixdemonbag.org> (Robert J. Hansen's message of "Tue, 18 Oct 2011 09:19:25 -0400") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7589.9000200@digitalbrains.com> <4E9D7A3F.8080503@jeromebaum.com> <4E9D7CDD.6020906@sixdemonbag.org> Message-ID: <87lisi1irs.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 15:19, rjh at sixdemonbag.org said: > Arguably we should be using 'certificate' to describe keys, but We tried that in the Gpg4win manuals. However it turned out that this term as other problems when used with OpenPGP keys (ah well, keyblocks). > honestly, that's a losing battle: the community's inertia on the subject > of 'key' is immense. Right. There is a public key and there is a private (aka secret) key. How they are made up is a technical detail. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome at jeromebaum.com Tue Oct 18 16:26:40 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:26:40 +0200 Subject: private key protection In-Reply-To: <4E9D8BEE.5040809@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <20111018131514.GB13421@IUPUI.Edu> <4E9D8BEE.5040809@jeromebaum.com> Message-ID: <4E9D8CA0.7000103@jeromebaum.com> > Right, that's a good point I think we all considered "trivial" when > maybe we shouldn't have. In your threat model you should determine for > how long your data should be safe (per attacker type) before you go > ahead and make decisions about key protection. To clarify, this is what we should tell the OT instead of telling him stuff like "smart cards are 'better'". Kumtraya! -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From jerome at jeromebaum.com Tue Oct 18 16:28:50 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:28:50 +0200 Subject: signing party: webserver software for key submission? In-Reply-To: <20111018133752.GD26069@bacardi.wooloowin.frase.id.au> References: <20111018133752.GD26069@bacardi.wooloowin.frase.id.au> Message-ID: <4E9D8D22.8010202@jeromebaum.com> > Just wondering if anyone knows of any scripts for collecting keys into > a keyring prior to a key signing party (i.e., for people who intend to > participate to submit their keys)? Can't give software names but look at what the open-source conferences use. Debian should have some tools to show as well. If you don't want to bother then just use biglumber and hope it doesn't break again. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From wk at gnupg.org Tue Oct 18 16:25:38 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 16:25:38 +0200 Subject: private key protection In-Reply-To: <4E9D7993.1090508@sixdemonbag.org> (Robert J. Hansen's message of "Tue, 18 Oct 2011 09:05:23 -0400") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <4E9D7993.1090508@sixdemonbag.org> Message-ID: <87hb361in1.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 15:05, rjh at sixdemonbag.org said: > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. It still is for the public keys. 2.1 changes the format of the secring (well, dropped it entirely and stores only the needed bits elesewhere). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Tue Oct 18 16:30:25 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 18 Oct 2011 16:30:25 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111018140029.GD13421@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <20111018140029.GD13421@IUPUI.Edu> Message-ID: <4E9D8D81.1040101@digitalbrains.com> On 18/10/11 16:00, Mark H. Wood wrote: > I don't see why the ISP has to be the entity providing DNS lookup. Because it is the e-mail address of the recipient you look up; that's all the data you have in this scenario. Thus, for me you would look up a key corresponding to user peter at the domain digitalbrains.com. The only logical place to look for that without further information is in the domain digitalbrains.com, which is under control of the e-mail provider. ISP here means e-mail provider, by the way, perhaps that is the confusion. Unless I'm the one confused ;). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Tue Oct 18 16:35:33 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:35:33 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87pqhu1kn5.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de> Message-ID: <4E9D8EB5.7080207@jeromebaum.com> >> In fact to my knowledge outside of webmail and inside "private email" >> (so drop companies, universities, schools) it's usual to configure your >> own MUA, with the help of instructions from your ISP. > > Well, so we need to convince them to change those instructions. Yes and this is what I said: It's useful to get the ISP involved. But it's not necessary -- Google doesn't provide instructions on how to enable send receipts in Outlook. I would guess that there are users out there using gmail that use read receipts. So yes, definitely get the ISPs involved. But let's not rely on them. A good, easy-to-use (easy-to-install) plugin for Outlook '03/'07/'10 should go a long way to getting people to use end-point encryption. The main value I would see in the STEED proposal is to make this whole process easier for the user. The UI for keyring management and crypto operations will be the most important part to making that work, and the ISPs don't have to help out there (modulo webmail which isn't even end-point). -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From jerome at jeromebaum.com Tue Oct 18 16:39:35 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:39:35 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111018134219.GC13421@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> <20111018134219.GC13421@IUPUI.Edu> Message-ID: <4E9D8FA7.1060105@jeromebaum.com> > ... We can remove *needless* complexity, but security could be said > to be the art of *introducing* specific complexity that's a lot worse > for the attacker than it is for you. It can't be automagical. > > Anyway, key generation is already automated. All you have to do is > (1) choose to employ crypto, and (2) supply a passphrase that you > can remember. There are even methods and tools to help you do (2)! > > To be secure without being involved in the process is an > unreasonable expectation which can never be met. We need to teach > our kids to expect to protect themselves online the same way we teach > them to look both ways before crossing the street. Probably at the > same age. Otherwise they'll grow up to believe the hype that you can > buy security the same as buying bread. So let's put up traffic lights to help them and employ some crossing guards to teach them the first steps until they are old enough to make their own decisions. Or put another way, we could make the process automagical until the user has enough experience with the tool to do this themselves. The question is whether we should -- false sense of security, "reasonable" threat model, etc. Either way, it's better to encrypt to key that you _think_ is the recipient's key than to none at all*, because now your passive attacker is helpless. * Under a specific set of threat models. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From jerome at jeromebaum.com Tue Oct 18 16:45:31 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 16:45:31 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111018140029.GD13421@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <20111018140029.GD13421@IUPUI.Edu> Message-ID: <4E9D910B.5010207@jeromebaum.com> > I don't see why the ISP has to be the entity providing DNS lookup. > The one I use won't even allocate me a static address, let alone > accept RRs from me to serve out to others. I'm not sure I'd trust > them to get it right and *keep* it right anyway. I should clarify. An email provider is also an ISP, and I was referring to the email-provider type of ISP. But yes I agree that we shouldn't trust the ISPs too much and that's why I keep saying we shouldn't rely solely on them. > If the ISPs won't cooperate, maybe the antivirus vendors would. > They're already in the data security business, already have an > extensive network presence, and already get money from me to help me > secure my information assets. Build enrollment into the AV product or > provide a separate setup tool. It should be simple. This I'm not too sure if we can trust an AV vendor more or less than an ISP. That's the problem with making these decisions for the user: We're pushing the trust onto them, just like the CA root certificates in most browsers. The trust decision should be with the user. In a user-friendly way. Also, I want world peace. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From mwood at IUPUI.Edu Tue Oct 18 16:59:10 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 18 Oct 2011 10:59:10 -0400 Subject: private key protection In-Reply-To: <4E9D8BEE.5040809@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <20111018131514.GB13421@IUPUI.Edu> <4E9D8BEE.5040809@jeromebaum.com> Message-ID: <20111018145910.GF13421@IUPUI.Edu> On Tue, Oct 18, 2011 at 04:23:42PM +0200, Jerome Baum wrote: [snip] > While we're discussing the STEED proposal in the other thread, do you > think it's better to educate your users and risk loosing them or do you > think it's better to provide "sensible" defaults for the "average" > threat model and assume they'll learn everything else over time and > start tweaking? I think we would be in error to think about "users" as a single class. I usually try to educate lightly -- to make all users aware that there is much more to learn, and to indicate how more learning might be to their advantage. Then provide sensible defaults, so that those who choose to go no deeper will get some benefit, and in-depth documentation for those who do choose to go deeper so that they can reap the full benefit (or, at least, as much as each is willing to work for). I was pleased to see room for different classes of users in the STEED paper. When I encounter software that tries to be helpful, my own first thought is: how do I turn that off? But I recognized long ago that I was never a "typical" user and my own inclinations are no guide to popularity. :-/ -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From jerome at jeromebaum.com Tue Oct 18 17:10:09 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 17:10:09 +0200 Subject: private key protection In-Reply-To: <20111018145910.GF13421@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <20111018131514.GB13421@IUPUI.Edu> <4E9D8BEE.5040809@jeromebaum.com> <20111018145910.GF13421@IUPUI.Edu> Message-ID: <4E9D96D1.1020503@jeromebaum.com> > I was pleased to see room for different classes of users in the STEED > paper. When I encounter software that tries to be helpful, my own > first thought is: how do I turn that off? But I recognized long ago > that I was never a "typical" user and my own inclinations are no guide > to popularity. :-/ That's a big UI bug with Thunderbird IMO: The automated account setup is really nice, until you run into a case where it doesn't work. There's no "expert" button to force a setup. The workaround is to go offline and then setup the account... So yes definitely expert buttons, I was talking about those users that aren't yet experienced with crypto. I like your idea of giving guidance on where-about they are still getting good returns on their learning efforts. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From wk at gnupg.org Tue Oct 18 17:41:50 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 17:41:50 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9D8D81.1040101@digitalbrains.com> (Peter Lebbing's message of "Tue, 18 Oct 2011 16:30:25 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <20111018140029.GD13421@IUPUI.Edu> <4E9D8D81.1040101@digitalbrains.com> Message-ID: <878voi1f41.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 16:30, peter at digitalbrains.com said: > Because it is the e-mail address of the recipient you look up; that's all the > data you have in this scenario. Thus, for me you would look up a key > corresponding to user peter at the domain digitalbrains.com. The only logical Right. That is the whole point. We want to make keys invisible. You can't explain easily why you need a separate public key if you already have an email address. Thus from the user's point of view the email address is the public key. > digitalbrains.com, which is under control of the e-mail provider. ISP here means > e-mail provider, by the way, perhaps that is the confusion. Unless I'm the one Sure, email provider. However for most users this is identical to the ISP: First of all they need a connection to the Internet. Unless you spend a lot of money for the connections you will get an email address along with your user identification for DSL access. The email provider sets up something like /etc/aliases for the mail address and some of them also enter records into their zone file with the mailbox name for anti-spam protocols. They need to enter yet another record into a zone file to allow a key lookup by the assigned mail address. Salam-Shalom, Werner From wk at gnupg.org Tue Oct 18 17:58:17 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 17:58:17 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111018134219.GC13421@IUPUI.Edu> (Mark H. Wood's message of "Tue, 18 Oct 2011 09:42:19 -0400") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> <20111018134219.GC13421@IUPUI.Edu> Message-ID: <874nz61ecm.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 15:42, mwood at IUPUI.Edu said: > To be secure without being involved in the process is an unreasonable > expectation which can never be met. We need to teach our kids to > expect to protect themselves online the same way we teach them to look We did this for about 15 years - without any success. If you look at some of the studies you will see that you can't teach that stuff to non-techies - sometimes not even to engineers. Let's compare it using an example from the not too far past: It has been claimed that most VCRs used to blink 12:00 but nevertheless they were sold and did what they should do: tape movies. This is similar to mail: Everyone is able to send and receive mail but most are not able to (set the VCR timer|encrypt the mails). Newer features in VCRs set the clock automatically and make the timer setting task much easier in the user interface (e.g. by selecting the title of the movie you want to tape from a electronic program magazine). This user experience is what we need to aim for. > both ways before crossing the street. Probably at the same age. That is easy because we have learned over thousands of years to use our senses to be safe. Our senses for those small electrons are not as matured as the the others. Why should they - we know about them only for maybe 300 years. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Oct 18 18:00:55 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Oct 2011 18:00:55 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9D8EB5.7080207@jeromebaum.com> (Jerome Baum's message of "Tue, 18 Oct 2011 16:35:33 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de> <4E9D8EB5.7080207@jeromebaum.com> Message-ID: <87zkgyz3uw.fsf@vigenere.g10code.de> On Tue, 18 Oct 2011 16:35, jerome at jeromebaum.com said: > operations will be the most important part to making that work, and the > ISPs don't have to help out there (modulo webmail which isn't even > end-point). Even webmail. It is easy to write a browser extension to do the crypto stuff. Installing browser extensions is even easier than installing most other software. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome at jeromebaum.com Tue Oct 18 18:16:08 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Tue, 18 Oct 2011 18:16:08 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87zkgyz3uw.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de> <4E9D8EB5.7080207@jeromebaum.com> <87zkgyz3uw.fsf@vigenere.g10code.de> Message-ID: <4E9DA648.6020805@jeromebaum.com> > Even webmail. It is easy to write a browser extension to do the crypto > stuff. Installing browser extensions is even easier than installing > most other software. I'd make it a point of discussion whether it's still webmail proper then. But you could also use Javascript, Java or Flash, so yes this is doable for webmail. I wouldn't trust my ISP to deliver the encryption module though. It kind of defeats the "end-point" part in "end-point encryption". As your average user I have no way to verify the module and nobody can vouch for it as it's dynamically updated by my ISP. So a fixed, open-source browser extension is really the only way to do this properly. How is this different from installing an MUA (given that a browser extension is often a full-blown piece of software with full rights to the system)? With the webmail argument and since webmail is probably majority access for private email, it's looking more important to work with the ISPs, but I stand by my point of not building this on a single pillar. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Tue Oct 18 18:18:57 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Oct 2011 12:18:57 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <874nz61ecm.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> <20111018134219.GC13421@IUPUI.Edu> <874nz61ecm.fsf@vigenere.g10code.de> Message-ID: <4E9DA6F1.1000606@sixdemonbag.org> On 10/18/2011 11:58 AM, Werner Koch wrote: > We did this for about 15 years - without any success. If you look > at some of the studies you will see that you can't teach that stuff > to non-techies - sometimes not even to engineers. As a data point from 2005: I was teaching computer literacy at the University of Iowa. The first day of class I asked the 35 students which of them brought a computer of any kind to class. Three people raised their hands: they all said they brought laptops. When I asked how many brought cell phones, all 35 raised their hands. The only people who thought cell phones were computers were the three who brought laptops. I then asked if a game console (XBox, Playstation, take your pick) was a computer. The class was almost evenly split: half said yes, on account of how you could surf the web with it. Half said no, because you can't write a Word document with it. Admittedly, this is not a representative sample of college students. That said, I think it's an informative anecdote. From dcenteno at ydl.net Tue Oct 18 18:23:43 2011 From: dcenteno at ydl.net (Derick Centeno) Date: Tue, 18 Oct 2011 12:23:43 -0400 Subject: private key protection In-Reply-To: <20111017211802.182810@gmx.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> Message-ID: <4E9DA80F.1040305@ydl.net> On 10/17/11 5:18 PM, takethebus at gmx.de wrote: > Hi everybody, > > what is the best way to protect > your private key from getting stolen? Page 29 (http://www.gnupg.org/gph/en/manual.html#AEN513) of the Gnu Privacy Handbook (http://www.gnupg.org/gph/en/manual.html)recommends a strong passphrase to protect the key. Another strategy is to create sub-keys derived from the private key and use those sub-keys for signing and encrypting anything. This would also mean that you export the public key of whichever sub-key you decide to use -- not your private key. As the use of the public sub-key cannot be used to derive the private key utilizing the sub-key strategy may be the most sensible strategy. > > I think: > > 1. Using gnupg on a windows PC with internet connection is not good, because there are too many trojans out there. In all fairness, the PC is as weak or strong as it's user. In other words, if you are not willing to do the "nitty-gritty and sometimes research as relentless in nature as Indiana Jones - regarding how you defend your operating system then believe it or not choosing Linux or the Mac won't save you from your laziness. Sorry, but that's the truth. You have to have your own drive to master whatever technology (mathematics, coding language, nuance and more) necessary to defend yourself, your family and your property. If you don't or won't make the effort -- understand that this is exactly what those who create malware rely upon. The other crowd who rely on your "lack of will" are the commercial entities who benefit from those who just want "someone else" to handle the details and who are willing to pay for whatever appears "on the shelf". > > 2. Using gnupg on a linux PC with internet connection (like privatix, see http://www.mandalka.name/privatix/index.html.en ) is better since there are fewer(?) security holes and trojans out there. How big do you think is the thread? > IF you decide you are serious regarding Linux then Debian or Red Hat remain the two you should rely upon. Everyone else, follows them. Of course, if you are really brave and really know what you are doing then Slackware is reliable. Again don't rely on anyone, especially in Linux, to provide you with a satisfactory and reliable defense if you have no clue as to how it works, or how you can repair it should something go wrong or how to improve it's reliability as hacking and threat environment's increase. > 3. The best way is to have one PC connected to the internet and another, without an internet connection (missing network drivers and a fully encrypted hard disk for instance), which you use to decrypt and encrypt messages. You use an USB stick to carry messages from the internet PC to the one not connected to the net. If you don't have two PCs, you can use another USB stick with privatix without network drivers on it. > > Which software can I use under point 3 to put my messages in order (date, sender, etc.) on a linux system? > > Most people use something like point 2, don't they? > > Point 3 is the only satisfying to me, since I find it hard to judge the the thread in point 2. Additionally point 3 makes it easier to see when your key might have been stolen: If you see traces that someone broke into your house and searched everything for the hidden privatix USB stick. Only experts might notice a trojan under point 2. > > Thanks for answers, > Jan > I think I recall seeing that question (3) on a Computer Science exam. The truth, unfortunately, is that there is no "best way". Unfortunately, there is another level of system attack which was used successfully against HBGary and should be a tale elevated to the level of Grimm's Fairy Tales until it seeps into the unconscious and conscious level of each persons awareness. Read this article and I'm sure you'll get my point: http://www.theregister.co.uk/2011/03/17/hbgary_anon_hacker_interview/ HBGary believed it's own hype regarding their sophistication and skills; simply stated as a corporation they failed the same way or close enough as the individual who believes s/he is a "legend - in their own mind". The trap very similar to that limited thought is to believe that your system is safe because it is isolated; in fact the weakness of your system (regardless what you buy) is really -- you! This side of the problem can be intuited by understanding how many people fall the Nigerian or Russian or other scam ploy every day. In other words, be aware of your own susceptibility to being tricked, taken, and mislead such as when we are distracted. It is one thing to be enjoyably tricked at a magic show, quite another emotion is experienced when your data is stolen and you have no clue how or why until you realize that it was your fault for trusting so and so. I have no intention of being overly discouraging as much as underlying the fundamentals regarding why computer security, encryption methods, etc. are constantly becoming more complex and involved. There really is only one reasonable approach: dive in and master the details yourself. You wouldn't trust a used car salesperson or insurance guy to tell you everything is fine, right? You've got to know quite a bit to know when you are being "taken", right? Well, technology is no different. In some ways, it's harder because a lot of people don't want to work that hard. If you remember however that both criminals and commercial markets are depending upon that natural laziness which we each have -- you may have a chance of developing your own incentive to learn and master what you must and maybe a little more. That is the best defense. All the best... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From sweepslate at gmail.com Tue Oct 18 21:22:25 2011 From: sweepslate at gmail.com (sweepslate) Date: Tue, 18 Oct 2011 22:22:25 +0300 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: <201110171509.47269.mailinglisten@hauke-laging.de> References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> <4E9C16A7.1060406@gmail.com> <201110171509.47269.mailinglisten@hauke-laging.de> Message-ID: <4E9DD1F1.9060005@gmail.com> This works, thank you :) On 10/17/2011 4:09 PM, Hauke Laging wrote: > Am Montag, 17. Oktober 2011, 13:51:03 schrieb sweepslate: >> The end goal is to encrypt a volume of around 100GB of personal files >> that I'll be carrying arround with me in a portable drive. > >> The key point is doing the encryption of 14000 files in a >> non-interactive way. > > echo fubar | gpg --symmetric --passphrase-fd 0 --batch file.txt > > Or use --passphrase-file > > > Hauke From sweepslate at gmail.com Tue Oct 18 21:27:06 2011 From: sweepslate at gmail.com (sweepslate) Date: Tue, 18 Oct 2011 22:27:06 +0300 Subject: use key, not passphrase, in symmetric encryption In-Reply-To: References: <4E9B4E8D.8000708@gmail.com> <4E9B86F0.9070503@dougbarton.us> <4E9C16A7.1060406@gmail.com> Message-ID: <4E9DD30A.6060705@gmail.com> On 10/17/2011 4:49 PM, David Tomaschik wrote: > I like GnuPG as much as the next guy around here, but is there a > reason you want to use GPG instead of a tool designed for disk > encryption? TrueCrypt is cross-platform and works well... if you're > Windows-only, there's BitLocker, and for Linux there's LUKS/dm-crypt > and eCryptFS. I don't want to do disk encryption, I want to do file encryption. GPG is more easily available than TrueCrypt and I care for a simple scenario where I will be able to decrypt one or more files with minimal setup. I can carry the Win32 GPG binaries inside the hard drive. TrueCrypt would provide a more transparent and automated solution but the cost would be simplicity. From holtzm at cox.net Tue Oct 18 20:50:35 2011 From: holtzm at cox.net (Robert Holtzman) Date: Tue, 18 Oct 2011 11:50:35 -0700 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111017235042.GB9698@poseidon.cocyt.us> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> Message-ID: <20111018185035.GB4590@cox.net> On Mon, Oct 17, 2011 at 05:50:42PM -0600, Aaron Toponce wrote: .........snip.......... > > At any rate, I would love to see more client-to-client encryption in email. > I've always wondered if there could be an "OTR" approach to mail, somehow, > so people don't need to generate and manage their own sets of keys, as that > seems to be the largest hinderence to widespread adoption. > the user should do, is compose the mail, hit send, and everything is Not true. The greatest hindrance to widespread adoption is the phrase I often hear..."I've got nothing to hide" It drives me up a wall. > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From gollo at fsfe.org Tue Oct 18 21:59:01 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Tue, 18 Oct 2011 21:59:01 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111018185035.GB4590@cox.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017235042.GB9698@poseidon.cocyt.us> <20111018185035.GB4590@cox.net> Message-ID: <20111018195901.GB28470@wingback.gollo.at> * Robert Holtzman [111018 21:43, mID <20111018185035.GB4590 at cox.net>]: > The greatest hindrance to widespread adoption is the phrase I often > hear..."I've got nothing to hide" It drives me up a wall. +1 Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4052 bytes Desc: not available URL: From cord-henning.fricke at f-i.de Wed Oct 19 10:08:57 2011 From: cord-henning.fricke at f-i.de (cord-henning.fricke at f-i.de) Date: Wed, 19 Oct 2011 10:08:57 +0200 Subject: Problems with clearsign option Message-ID: Hi Folks, I'm new to this site and I have a prob with the gpg --clearsign option. My mails to RIPE NCC are signed with my PGP-Key. This worked well for the last 6 years. Now I have the prob, that the signature is called bad from the RIPE mailer I' using: gpg (GnuPG) 1.4.11 on ubuuntu the email client is Lotus Notes 8.5 when I'm signing mails and veryfing them on the cmd: ~/.gnupg$ gpg --verify test.asc gpg: Signature made Wed 19 Oct 2011 08:50:20 AM CEST using DSA key ID 696F76DD gpg: Good signature from "ASXXXX Maintainer " everything works fine. The same Mail sent over my Notesclient: ***Error: The following PGP credentials were not correct: 696F76DD ***Error: PGP signature validation failed: gpg: Signature made Tue 18 Oct 2011 12:55:32 PM CEST using DSA key ID 696F76DD gpg: BAD signature from "ASXXXX Maintainer " The interessting thing is, that it sometimes works! Nothin done in another way all things are done the same way and it's ok. I tried it on several systems with gpg 1.4.6 up to 1.4.11. When I'm using the new environment the first mail is accepted the next mails are rejected - is there a caching mechanism enabled? I can't find a solution or a way for a solution for this prob. Any help would be appreciated Thanks Cord From yyy at yyy.id.lv Wed Oct 19 10:20:39 2011 From: yyy at yyy.id.lv (yyy) Date: Wed, 19 Oct 2011 11:20:39 +0300 Subject: STEED - Usable end-to-end encryption References: <87ty774hf2.fsf@vigenere.g10code.de><4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de><4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de><4E9D8EB5.7080207@jeromebaum.com> <87zkgyz3uw.fsf@vigenere.g10code.de> Message-ID: <5CDAEF939FFE483E89CD233FF2AB4BE6@ktf.rtu.lv> ----- Original Message ----- From: "Werner Koch" To: "Jerome Baum" Cc: Sent: Tuesday, October 18, 2011 7:00 PM Subject: Re: STEED - Usable end-to-end encryption > On Tue, 18 Oct 2011 16:35, jerome at jeromebaum.com said: > >> operations will be the most important part to making that work, and the >> ISPs don't have to help out there (modulo webmail which isn't even >> end-point). > > Even webmail. It is easy to write a browser extension to do the crypto > stuff. Installing browser extensions is even easier than installing > most other software. > There is firegpg plugin for firefox, and it does not works well with latest versions (installing it in firefox5 was not straightforward). I am not aware of any other public key encryption plugin for firefox or for any other browser. Some webmails have POP3/IMAP/SMTP, but some does not. (for example inbox.lv for qute long time had only POP3, but not SMTP) From tom at ritter.vg Wed Oct 19 15:11:45 2011 From: tom at ritter.vg (Tom Ritter) Date: Wed, 19 Oct 2011 09:11:45 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87zkgyz3uw.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de> <4E9D8EB5.7080207@jeromebaum.com> <87zkgyz3uw.fsf@vigenere.g10code.de> Message-ID: On 18 October 2011 12:00, Werner Koch wrote: > On Tue, 18 Oct 2011 16:35, jerome at jeromebaum.com said: > >> operations will be the most important part to making that work, and the >> ISPs don't have to help out there (modulo webmail which isn't even >> end-point). > > Even webmail. ?It is easy to write a browser extension to do the crypto > stuff. ?Installing browser extensions is even easier than installing > most other software. It's not easy. I'm aware of FireGPG, CR-GPG, and Penango and they range from non-functional to barely-functional, some of the time. Email encryption is a super-hard problem because even within a 'target audience', you have to deal with hard problems, and cross-target-audience they get even harder. The Young Crowd: Most people I know use gmail web interface and their phone. The Old Crowd: Most of these folks I know use yahoo, hotmail, or their ISP with Outlook Express. The Super-Old-Crowd: Anything, but it needs to be easy enough to set up that a member of the Old Crowd can do it *for* a member of this crowd. Corporate: It has to enterprise manageable, key escrow, compliant, etc Devs/Security Folks: Key Management! My private key can never leave my possession. Other Security Folks: Absolutely NO javascript cryptography. Zero, none. And there's the very practical problem of _sometimes_ I do need to read my mail from a machine that is not my own. As a security person I almost never do it. But 'the young crowd' do it all the time. You have to satisfy that requirement also. >From what I've seen - S/MIME within an organization satisfies most of Corporate, until you send an email outside the organization. Enigmail satisfies some developers/security folk (but you lose email on your phone and webmail - which is pretty nice.) Any solution you come up with for one group _should_ interoperate with the solution(s) for the others. And any solution that relies on an ISP or webmail provider making changes is just unlikely. The most innovation we've seen recently has come from the Chrome and Mozilla teams who are driving browser security with HSTS, Pinning, and Content Security Policy. Internet Explorer is driving browser security in another direction with reputational-based downloads and anti-phishing. So trying to drive a secure, browser-based cryptoapi seems to be a reasonable possibility. (See DOMCrypt). For browsers without the API, you could use a plugin to provide it, and eventually hopefully the browser makes it part of the browser proper and the extension is obsolete. That almost solves webmail. Except that the provider needs to support it - and you could opt to leave your key on the server vs not, that partially solves key management (because it's a choice). It could use OpenPGP and interoperate with Enigmail/Mutt. But you're still left trying to interoperate with corporate, phone-mail, convincing yahoo/hotmail/other obscure webmails to support it, intergrating it into the next Outlook Express ("Windows Mail" I think?), and having an understandable UI. I've been working with and on remailers recently, and this is a similar problem. It's bloody hard. I don't know if there will ever be a better solution than what we have now, and what we have now sucks. -tom From gnupg.user at seibercom.net Wed Oct 19 16:09:26 2011 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 19 Oct 2011 10:09:26 -0400 Subject: Expired keys Message-ID: <20111019100926.47790f79@scorpio> I have several keys listed as expired. The key is listed as having only a public part. All attempts at deleting these keys has failed. How do I go about removing them? -- Jerry ? GNUPG.user at seibercom.net From mailinglisten at hauke-laging.de Wed Oct 19 16:17:22 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 19 Oct 2011 16:17:22 +0200 Subject: Expired keys In-Reply-To: <20111019100926.47790f79@scorpio> References: <20111019100926.47790f79@scorpio> Message-ID: <201110191617.23075.mailinglisten@hauke-laging.de> Am Mittwoch, 19. Oktober 2011, 16:09:26 schrieb Jerry: > I have several keys listed as expired. The key is listed as having > only a public part. All attempts at deleting these keys has failed. How > do I go about removing them? It would be helpful to know what you have done and what happened. Have you tried that with gpg or a GUI? Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From alex at gpgtools.org Wed Oct 19 16:46:04 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Wed, 19 Oct 2011 16:46:04 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <87ehya4x1b.fsf@vigenere.g10code.de> <4E9D7F58.5020808@jeromebaum.com> <87pqhu1kn5.fsf@vigenere.g10code.de> <4E9D8EB5.7080207@jeromebaum.com> <87zkgyz3uw.fsf@vigenere.g10code.de> Message-ID: <6E4A8C43-CC67-4B52-976C-F820DD7ED2AD@gpgtools.org> Hi, On 19.10.2011, at 15:11, Tom Ritter wrote: > Other Security Folks: Absolutely NO javascript cryptography. Zero, none. well, JavaScript itself is just another programming language and combined with modern technologies like HTML5 Web Storage there is nowadays technically no need to implement browser plugins for different versions and platforms. See [1]. Best regards, Alex [1] http://www.gpgtools.org/mobile/index.html -- http://gpgtools.org From harakiri_23 at yahoo.com Wed Oct 19 20:07:45 2011 From: harakiri_23 at yahoo.com (Harakiri) Date: Wed, 19 Oct 2011 11:07:45 -0700 (PDT) Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> --- On Mon, 10/17/11, Werner Koch wrote: > From: Werner Koch > Subject: STEED - Usable end-to-end encryption > To: gnupg-devel at gnupg.org > Cc: "Marcus Brinkmann" , gnupg-users at gnupg.org > Date: Monday, October 17, 2011, 2:11 PM > Hi! > > ? http://g10code.com/docs/steed-usable-e2ee.pdf > > There is also a brief (for now) web page dedicated to this > project: > > ? http://g10code.com/steed.html Here is some input, you might not like it - but still: I dont see any ground breaking new approaches to the topic - key search via DNS has been in commercial products for over 10 years already - nothing new - heck isnt there even an RFC that describes this? Letting the keys automatically be generated by the client is not a new approach either commercial solutions do this too - however - did you think of the keys the user already has? His ID for example - you are sponsored by the german government - the first thing which should have come into your mind is that everybody can use his "Personalausweis" as a Smartcard because it already has a private/public keypair. Other european countries could follow... Also - inventing just ANOTHER protocol for email encryption that mail clients should implement? Heck, the only protocol available in all major mail clients right now for out of the box encryption is only smime - for PGP you need plugins - even after so many years there is no out of the box solution for the other major standard - lets not talk about all the compatibility issues with smime in all existing clients. And you just want add another NEW standard which will solve issues? I dont think so. Use existing tools most user have installed on his machine by default - work with these and get a suiteable end-to-end encryption going! From peter at digitalbrains.com Wed Oct 19 21:30:48 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 19 Oct 2011 21:30:48 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: <4E9F2568.6080709@digitalbrains.com> Werner, Marcus, Thank you for thinking about taking end-to-end e-mail encryption to the next level. I really like your ideas. However, I think you're not ambitious enough when you opt for using DNS for key distribution. Yes, the infrastructure and RR types[1] are already there. But it brings this nasty dependency on the provider. Because the part of the client updates to the DNS is a key missing part in the DNS infrastructure as today, and I don't see providers adding that soon. I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, or similar concepts in other peer-to-peer networks. I have no idea how it works :), but it does. You fire up your BitTorrent, all the data it needs is the hash of a torrent file, and suddenly it learns IP-addresses of other people who share that torrent file. If you could do something similar for mapping e-mail addresses to certificates, you don't need ISP's to implement extra stuff. Because I think that is a really major hurdle; probably a too steep one, IMHO. And if you design that infrastructure general enough to do X-to-certificate, we could use the same infra for opportunistic end-to-end encryption of TCP/IP, which would be great to have too, but a different paper altogether :). Peter. [1] "Entries" in the DNS, for people not up to DNSpeed ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Wed Oct 19 21:40:57 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 19 Oct 2011 21:40:57 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F2568.6080709@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> Message-ID: <4E9F27C9.8060501@digitalbrains.com> On 19/10/11 21:30, Peter Lebbing wrote: > that is a really major hurdle; probably a too steep one, IMHO. Given that all normal, literal hurdles are at right angles to the ground, they are all equally steep. Obviously I meant high :D. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From expires2011 at ymail.com Wed Oct 19 22:03:59 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 19 Oct 2011 21:03:59 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> Message-ID: <428604400.20111019210359@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 19 October 2011 at 7:07:45 PM, in , Harakiri wrote: > Also - inventing just ANOTHER protocol for email > encryption that mail clients should implement? Heck, > the only protocol available in all major mail clients > right now for out of the box encryption is only smime - > for PGP you need plugins - even after so many years > there is no out of the box solution for the other major > standard - lets not talk about all the compatibility > issues with smime in all existing clients. And you just > want add another NEW standard which will solve issues? > I dont think so. On the other hand, perhaps the message to take from the current low adoption levels of encrypted email is that the current protocols need replacing (or major tweaking). (-; > Use existing tools most user have installed on his > machine by default - work with these and get a > suiteable end-to-end encryption going! If tools are installed by default but not enabled by default, maybe the group that needs bringing on board is not ISPs/email providers but OEMs and those who produce operating systems, email clients and browsers? - -- Best regards MFPA mailto:expires2011 at ymail.com What's another word for synonym? -----BEGIN PGP SIGNATURE----- iQCVAwUBTp8tQ6ipC46tDG5pAQojwQQAyVC7lwcAqp82tR9lwxLQ2Y5bfdmw0Fym yYD/xnFlEB2Pxyzsvizdb0SyCgrGlpqIePhCw8YqGMW6ZWVl+l1Q3mU3SI67G+db s74vMtMLVr2zMW7FiGfKpHrDad6Gj1RQHoBSjN4kmalcTEGMediABmXgwFrfk9le /Ze5URFyJj4= =V8zt -----END PGP SIGNATURE----- From kloecker at kde.org Wed Oct 19 22:10:30 2011 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Wed, 19 Oct 2011 22:10:30 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> References: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> Message-ID: <201110192210.31556@thufir.ingo-kloecker.de> On Wednesday 19 October 2011, Harakiri wrote: > --- On Mon, 10/17/11, Werner Koch wrote: > > From: Werner Koch > > Subject: STEED - Usable end-to-end encryption > > To: gnupg-devel at gnupg.org > > Cc: "Marcus Brinkmann" , gnupg-users at gnupg.org > > Date: Monday, October 17, 2011, 2:11 PM > > Hi! > > > > > > http://g10code.com/docs/steed-usable-e2ee.pdf > > > > There is also a brief (for now) web page dedicated to this > > project: > > > > http://g10code.com/steed.html > > Here is some input, you might not like it - but still: > > I dont see any ground breaking new approaches to the topic - key > search via DNS has been in commercial products for over 10 years > already - nothing new - heck isnt there even an RFC that describes > this? > > Letting the keys automatically be generated by the client is not a > new approach either commercial solutions do this too - however - did > you think of the keys the user already has? His ID for example - you > are sponsored by the german government - the first thing which > should have come into your mind is that everybody can use his > "Personalausweis" as a Smartcard because it already has a > private/public keypair. No, it does not. At least, not by default. If you buy a qualified certificate then you can put this certificate on your "Personalausweis", but, given how expensive such a certificate is, I doubt that a lot of people will use this feature of the Personalausweis. There are probably more people with an OpenPGP-capable smartcard than there are people with a German Personalausweis with an expensive certificate. > Other european countries could follow... > > Also - inventing just ANOTHER protocol for email encryption that mail > clients should implement? Heck, the only protocol available in all > major mail clients right now for out of the box encryption is only > smime - for PGP you need plugins - even after so many years there is > no out of the box solution for the other major standard - lets not > talk about all the compatibility issues with smime in all existing > clients. And you just want add another NEW standard which will solve > issues? I dont think so. What NEW standard are you talking about? Werner wants to use OpenPGP. The only thing he wants to simplify is key exchange. > Use existing tools most user have installed on his machine by default > - work with these and get a suiteable end-to-end encryption going! I'm not sure what existing tools you mean. Are you talking about S/MIME? You said yourself that S/MIME is no viable solution because of compatibility issues. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From expires2011 at ymail.com Wed Oct 19 22:18:02 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 19 Oct 2011 21:18:02 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F2568.6080709@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> Message-ID: <1402055803.20111019211802@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 19 October 2011 at 8:30:48 PM, in , Peter Lebbing wrote: > If you could do something similar for > mapping e-mail addresses to certificates It would be awesome if this could be achieved without revealing other email addresses or UIDs that might happen to map to the same key/certificate. - -- Best regards MFPA mailto:expires2011 at ymail.com Did you hear? They took the word gullible out of the dictionary -----BEGIN PGP SIGNATURE----- iQCVAwUBTp8whKipC46tDG5pAQosxQP9GrQFRgLGah55Xn3wtD1yOs1LfSiodMxu t4pEi3ecFQPrVvhExXhaqqm2MnDk14CG6xonZorMbrOc++oPqaismQ1ZCOagHiU0 Klqy3k/S0sWR2XIK7ec9G4BRNUirKtsIA4Etj0BXyfbuuDZ0weWxFPelZ5VBD6Ow ZLQ+joDgtdk= =iWzE -----END PGP SIGNATURE----- From jerome at jeromebaum.com Wed Oct 19 22:22:39 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 19 Oct 2011 22:22:39 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <1402055803.20111019211802@my_localhost> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <1402055803.20111019211802@my_localhost> Message-ID: <4E9F318F.1090304@jeromebaum.com> >> If you could do something similar for >> mapping e-mail addresses to certificates > > It would be awesome if this could be achieved without revealing other > email addresses or UIDs that might happen to map to the same > key/certificate. Hash the UID many times. (Didn't someone propose that a while ago?) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From peter at digitalbrains.com Wed Oct 19 22:49:20 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 19 Oct 2011 22:49:20 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F318F.1090304@jeromebaum.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <1402055803.20111019211802@my_localhost> <4E9F318F.1090304@jeromebaum.com> Message-ID: <4E9F37D0.50601@digitalbrains.com> On 19/10/11 22:22, Jerome Baum wrote: >> It would be awesome if this could be achieved without revealing other >> email addresses or UIDs that might happen to map to the same >> key/certificate. > > Hash the UID many times. (Didn't someone propose that a while ago?) By default the STEED system as proposed creates a new certificate for every e-mail address. So unless manually overridden, there is a one-to-one relation between e-mail addresses and certificates and no way to "enumerate all e-mail addresses". Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From faramir.cl at gmail.com Wed Oct 19 22:43:44 2011 From: faramir.cl at gmail.com (Faramir) Date: Wed, 19 Oct 2011 17:43:44 -0300 Subject: private key protection In-Reply-To: <4E9D7A1A.9050102@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> Message-ID: <4E9F3680.1000700@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 18-10-2011 10:07, Peter Lebbing escribi?: ... > A capable enough hacker might infect the USB pendrive while it is > in your internet-connected PC and that way still gain access to the > non-connected system. Ok, but if the online computer uses Windows, and the offline one uses Linux, then it would be a multiplataform trojan horse... that is not likely to be a common case. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOnzaAAAoJEMV4f6PvczxAxxcH/RyWHL7x47kCWDFE8uYL1fY9 eS7beCvPQpWvsGKZaQkjFeTVn86o442AkbrZ7Awy03WtzJJvOezQ6km6NrcB2dHa R0bnLYj41kjvA8s2/AenDk/OvNm3iPgJrHtp6NA+O9sT4QITiQNb0yVQqGQoQwuY gfDT4Ne1ZpKC6yml3Fl/wfnK6Mm1YXK6o7LEIk7GbDeaeMl8LDAzR9SYmFYnxwps r6Qk0abh7RtC6DET6DbxamD2VDN9bglrrBqVUMqFUzeYfe0luxGyfSBL9ToDDKc+ YZ54vvrVC4ABgD2oJJTbQ1kB3cYOhaeFlbWXFfvvrrJnNNrH5T09kHahadGFMjc= =RV1p -----END PGP SIGNATURE----- From peter at digitalbrains.com Wed Oct 19 22:54:21 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 19 Oct 2011 22:54:21 +0200 Subject: private key protection In-Reply-To: <4E9F3680.1000700@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9F3680.1000700@gmail.com> Message-ID: <4E9F38FD.7010109@digitalbrains.com> On 19/10/11 22:43, Faramir wrote: > Ok, but if the online computer uses Windows, and the offline one > uses Linux, then it would be a multiplataform trojan horse... that is > not likely to be a common case. Define your threat model... are we talking random trojan infection or a focused attacker trying to gain your key? Because in the latter case, I hardly think commonality matters. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome at jeromebaum.com Wed Oct 19 22:54:31 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 19 Oct 2011 22:54:31 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F37D0.50601@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <1402055803.20111019211802@my_localhost> <4E9F318F.1090304@jeromebaum.com> <4E9F37D0.50601@digitalbrains.com> Message-ID: <4E9F3907.6040301@jeromebaum.com> On 2011-10-19 22:49, Peter Lebbing wrote: > On 19/10/11 22:22, Jerome Baum wrote: >>> It would be awesome if this could be achieved without revealing other >>> email addresses or UIDs that might happen to map to the same >>> key/certificate. >> >> Hash the UID many times. (Didn't someone propose that a while ago?) > > By default the STEED system as proposed creates a new certificate for every > e-mail address. So unless manually overridden, there is a one-to-one relation > between e-mail addresses and certificates and no way to "enumerate all e-mail > addresses". > > Peter. > Re-reading the original quote ("map to the same key/certificate") that's right. I had assumed he was talking about the DHT correlating keys (so just like you can tell in the BitTorrent DHT which other torrents some IP is involved in by doing enough work, you might be able to tell which other certificates that IP uploaded -- but all this is nonsense in the original context, which I misread). -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA From rjh at sixdemonbag.org Wed Oct 19 22:55:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 19 Oct 2011 16:55:06 -0400 Subject: private key protection In-Reply-To: <4E9F3680.1000700@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9F3680.1000700@gmail.com> Message-ID: <4E9F392A.1010601@sixdemonbag.org> On 10/19/2011 4:43 PM, Faramir wrote: > Ok, but if the online computer uses Windows, and the offline one > uses Linux, then it would be a multiplataform trojan horse... that is > not likely to be a common case. At this point we're throwing conjecture onto conjecture. If the offline one happened to be a PowerPC architecture running Yellow Dog Linux, then the first bit of malware would have to target Windows/x86, the second would have to target Linux/PPC, and that's even *more* unlikely to be a common case, and oh, don't forget if we're actually... etc., etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From expires2011 at ymail.com Wed Oct 19 23:36:30 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 19 Oct 2011 22:36:30 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F37D0.50601@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <1402055803.20111019211802@my_localhost> <4E9F318F.1090304@jeromebaum.com> <4E9F37D0.50601@digitalbrains.com> Message-ID: <626711853.20111019223630@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 19 October 2011 at 9:49:20 PM, in , Peter Lebbing wrote: > By default the STEED system as proposed creates a new > certificate for every e-mail address. So unless > manually overridden, there is a one-to-one relation > between e-mail addresses and certificates and no way to > "enumerate all e-mail addresses". Fair enough if you are using the default. The paper also mentions "One Key for all Accounts" and says "The system should allow for this use case, which needs to be supported by all clients by allowing previously created keys to be con?gured and deployed with an account." - -- Best regards MFPA mailto:expires2011 at ymail.com Wait. You think I'm right? -----BEGIN PGP SIGNATURE----- iQCVAwUBTp9C5qipC46tDG5pAQot2wP9Hon1hAbbLzbYo02qBgaW1UZHA/GBBFgH +t77FNBc3OaolffxGzAZol9FhT+wrzsKkn6yos6E+Ub+rvZHHFgyNGoPPt5WSsBI U0gfK/is3xBVcmsM8YdWBYcd3l2dQeMyP3tw3CxHCU3DaDUjsjC9+kC3mJ3+E/g5 qjasVBWBFuU= =m9sn -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Oct 19 23:09:50 2011 From: faramir.cl at gmail.com (Faramir) Date: Wed, 19 Oct 2011 18:09:50 -0300 Subject: private key protection In-Reply-To: <4E9F38FD.7010109@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9F3680.1000700@gmail.com> <4E9F38FD.7010109@digitalbrains.com> Message-ID: <4E9F3C9E.7060407@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 19-10-2011 17:54, Peter Lebbing escribi?: > On 19/10/11 22:43, Faramir wrote: >> Ok, but if the online computer uses Windows, and the offline one >> uses Linux, then it would be a multiplataform trojan horse... >> that is not likely to be a common case. > > Define your threat model... are we talking random trojan infection > or a focused attacker trying to gain your key? Because in the > latter case, I hardly think commonality matters. You are right, I was thinking about random trojan infection (maybe not 100% random, since a private key stealing trojan would be focused on OpenPGP users, rather on average users). But if somebody wants MY private key, then probably there would be an attack involving picking my lock, infecting my BIOS, or some other 007-like activity. But in that case, the victim might be involved in some organization that should develop policies to deal with that risk. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOnzyeAAoJEMV4f6PvczxA7eEH/j3wjkHNcwPNd2hSz1NXmIl0 KCMkE2H2BEqS19AhpDMmYdB4EVddDsDJg1rLa7W+he5o/4g6WPueLoeeh+Rqbj0T IZCNN6KlVWgZ2P9JLt9cc5H9TVU1f3O1HtJUThwQJfsFygDBrk/HqpTvsJcXqU51 yAd2aw2gudI8FtJAz5hawRMABzIKObH3wJGbpQfVR1ih91zsjisPCJXt+4grwg2b lxTS2tR8RnuZJPkmmBZTyAKNkapdGnJ2BiXPKYY8rqtPzM035hqDlsiVAHvea0ie UYtOkTVXGVgW0xQlXY/0j4HKBm/xuNltUiZPja8EIGV2KMvoV16iYmCVa5CpURc= =MJed -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Oct 20 00:04:29 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 19 Oct 2011 18:04:29 -0400 Subject: private key protection In-Reply-To: <4E9F38FD.7010109@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9C7300.1050901@jeromebaum.com> <20111017211802.182810@gmx.net> <4E9CA1A7.9050305@jeromebaum.com> <4E9CC392.3020002@dougbarton.us> <4E9D6C9F.8000501@jeromebaum.com> <4E9D6F88.1000909@sixdemonbag.org> <4E9D72CD.70902@jeromebaum.com> <20111018125339.114530@gmx.net> <4E9D7A1A.9050102@digitalbrains.com> <4E9F3680.1000700@gmail.com> <4E9F38FD.7010109@digitalbrains.com> Message-ID: <4E9F496D.8010700@sixdemonbag.org> On 10/19/2011 4:54 PM, Peter Lebbing wrote: > Because in the latter case, I hardly think commonality matters. As an example: Three years ago I was thrown into a week-long sink-or-swim course on malware analysis, taught by an instructor who was a principal scientist at a company that's a big name in that field. (Due to the subject matter of this story, I am not allowed to give names: they don't want to be publicly associated with this story. You'd recognize the company name if you heard it, though.) The first thing we did was crack our cases to verify that our machines had no network cards. While we were doing this, the instructor entertained us with a funny story about why we were doing this. A couple of years before that course, a new piece of malware was reported to the company. In turn it was sent to the malware analysis lab, where the instructor was the guy tasked with looking at it. He was running a Windows VM within a Linux environment on a computer that was physically disconnected from the internet and had the wifi card turned off. He fired up IDA Pro (a popular debugger) and began studying this boring, broken piece of malware. Within a couple of minutes the sysadmins noticed something wrong and killed all network access in the building. All signs pointed to the instructor's machine being the source of the problem. The malware was the work of an evil genius. As input to a PC, it was a bunch of nonsense that crashed hard before it could do anything. As input to IDA Pro, it was a carefully crafted input that hijacked IDA Pro. It then discovered it was running inside a virtual machine, used an exploit to get out into the Linux environment, brought up the wifi connection and associated with the first network it could. Wacky hijinks ensued. You can find some more on this subject in "The IDA Pro Book," by Chris Eagle. NIST also has a brief writeup on it: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0115 From hka at qbs.com.pl Wed Oct 19 23:06:44 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Wed, 19 Oct 2011 23:06:44 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <201110192210.31556@thufir.ingo-kloecker.de> References: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> <201110192210.31556@thufir.ingo-kloecker.de> Message-ID: <201110192306.44586.hka@qbs.com.pl> On Wednesday 19 of October 2011 22:10:30 Ingo Kl?cker wrote: > On Wednesday 19 October 2011, Harakiri wrote: > > > > Also - inventing just ANOTHER protocol for email encryption that mail > > clients should implement? Heck, the only protocol available in all > > major mail clients right now for out of the box encryption is only > > smime - for PGP you need plugins - even after so many years there is > > no out of the box solution for the other major standard - lets not > > talk about all the compatibility issues with smime in all existing > > clients. And you just want add another NEW standard which will solve > > issues? I dont think so. > > What NEW standard are you talking about? Werner wants to use OpenPGP. > The only thing he wants to simplify is key exchange. since when key servers are hard to use? the short PGP fingerprints can easily be told on the phone (so you have a voice verification of the key if you know the person) and the full can be verified just as easily. The problem is that people don't feel the need for authentication and privacy in e-mail. They feel that e-mail is secure (after all I use encryption to my e-mail server). Regards, -- Hubert Kario From marcus.brinkmann at ruhr-uni-bochum.de Thu Oct 20 04:16:01 2011 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 20 Oct 2011 04:16:01 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F2568.6080709@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> Message-ID: <4E9F8461.5030706@ruhr-uni-bochum.de> Hi Peter, thanks for your feedback. On 10/19/2011 09:30 PM, Peter Lebbing wrote: > However, I think you're not ambitious enough when you opt for using DNS for key > distribution. Yes, the infrastructure and RR types[1] are already there. But it > brings this nasty dependency on the provider. Because the part of the client > updates to the DNS is a key missing part in the DNS infrastructure as today, and > I don't see providers adding that soon. You are right that it is a challenge to get the support in the providers, but note that changes in the mail client are required anyway. Sure, changing the client and changing the DNS infrastructure are two different kind of beasts, but we probably can not do without the providers completely if we want ubiquitous support. > I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, or > similar concepts in other peer-to-peer networks. I have no idea how it works :), > but it does. You fire up your BitTorrent, all the data it needs is the hash of a > torrent file, and suddenly it learns IP-addresses of other people who share that > torrent file. If you could do something similar for mapping e-mail addresses to > certificates, you don't need ISP's to implement extra stuff. Because I think > that is a really major hurdle; probably a too steep one, IMHO. Yes, P2P networks are great, let's do more of those. But why stop at certificates? Just use a P2P network for all of DNS. See what happened? I just turned it around. :) The paper notes how we can utilize DNSSEC to strengthen our trust model. Similarly, we can utilize a P2P based DNS system. Now instead of one problem, we got two :) P2P systems are tricky to get right, and have their own tradeoffs. Also, while acceptance for our proposal among service providers will be tough to get, I'd expect that getting acceptance for a P2P based system would be even harder. A lot of things have to fall into place to make a P2P network a viable alternative, and not all of them are technical. Thanks, Marcus From makrober at gmail.com Thu Oct 20 07:39:28 2011 From: makrober at gmail.com (M.R.) Date: Thu, 20 Oct 2011 05:39:28 +0000 Subject: The problem is "motivational" In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: <4E9FB410.2090901@gmail.com> > Over the last year Marcus and me discussed ideas on how to make > encryption easier for non-crypto geeks. > We prepared a short paper... Interesting. However, the problem of widening email encryption practice is not technical, it is motivational. Broadly speaking, there are those that "have nothing to hide" (i.e., those that completely lack the motivation - see above, mid-way in the thread) and those that indeed do "have something to hide". Those that "have something to hide" would never, ever place an ISP or webmail operator on their trust chain. After all, they must assume that those that they must protect their communication from can probably secure the cooperation of either or both those parties. On the other hand, I keep wondering: why are we (and we obviously are, witness this paper and the initiative behind it) so motivated to spread the gospel of e-mail encryption among those that completely lack the motivation for it? (This *is not* a rhetorical question). Mark R. From wk at gnupg.org Thu Oct 20 11:04:15 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Oct 2011 11:04:15 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F95EA.9090205@lina.inka.de> (Bernd Eckenfels's message of "Thu, 20 Oct 2011 05:30:50 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> Message-ID: <87hb34xcds.fsf@vigenere.g10code.de> On Thu, 20 Oct 2011 05:30, lists-gnupgdev at lina.inka.de said: > the lowest efford are discovery via personal web pages like doing XDR or > maybe webfinger. Most users wont be able to have special RRs - not even Most users don't have personal web pages. So what now? Well many users have a facebook page - but this would make facebook mandatory and we woold need support from them (at least to guarantee that they don't break any assumptions). Not much different to work with ISPs. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Oct 20 11:26:34 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Oct 2011 11:26:34 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <201110192210.31556@thufir.ingo-kloecker.de> ("Ingo =?utf-8?Q?Kl=C3=B6cker=22's?= message of "Wed, 19 Oct 2011 22:10:30 +0200") References: <1319047665.75751.YahooMailClassic@web130223.mail.mud.yahoo.com> <201110192210.31556@thufir.ingo-kloecker.de> Message-ID: <878vogxbcl.fsf@vigenere.g10code.de> On Wed, 19 Oct 2011 22:10, kloecker at kde.org said: > What NEW standard are you talking about? Werner wants to use OpenPGP. and S/MIME! We actually don't care. For certain MUAs it is much simpler to implement something on top of S/MIME than to trying to get OpenPGP support. The actual protocol in use does not matter to the user (only to use experts). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Oct 20 11:42:45 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Oct 2011 11:42:45 +0200 Subject: The problem is "motivational" In-Reply-To: <4E9FB410.2090901@gmail.com> (M. R.'s message of "Thu, 20 Oct 2011 05:39:28 +0000") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> Message-ID: <871uu8xalm.fsf@vigenere.g10code.de> On Thu, 20 Oct 2011 07:39, makrober at gmail.com said: > Interesting. However, the problem of widening email encryption > practice is not technical, it is motivational. Right and that is why it encryption must be the default. > On the other hand, I keep wondering: why are we (and we obviously > are, witness this paper and the initiative behind it) so motivated > to spread the gospel of e-mail encryption among those that completely > lack the motivation for it? Because we, who care about privacy, are affected by those who don't care. Too much confidential stuff (e.g. medical records) is mailed around in the clear despite that there are strong regulations that this is verboten. Virtually everyone is ignoring these privacy policies because they have no chance to apply them. It is just too hard to get it done. People want fast information and many learned how to use mail. But they can't manage to do all this crypto voodoo - if they at all know how to do it and that there is such a thing. We need to make it easier - even for the facebook crowd. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From smujohnson at gmail.com Wed Oct 19 22:09:46 2011 From: smujohnson at gmail.com (smu johnson) Date: Wed, 19 Oct 2011 13:09:46 -0700 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87ty774hf2.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> Message-ID: Hi, I read this briefly, and I'd actually like to read it over later and maybe contribute some ideas. The lack of people caring about cryptography is quite apparent, and may be solved with some good ideas of making things less annoying / hard to use. I'd be happy to help. On Mon, Oct 17, 2011 at 11:11 AM, Werner Koch wrote: > Hi! > > Over the last year Marcus and me discussed ideas on how to make > encryption easier for non-crypto geeks. We explained our plans to > several people and finally decided to start a project to develop such a > system. Obviously it is based on GnuPG but this is only one component > of the whole system. We prepared a short paper; if you are interested > you may download it from > > http://g10code.com/docs/steed-usable-e2ee.pdf > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists-gnupgdev at lina.inka.de Thu Oct 20 05:30:50 2011 From: lists-gnupgdev at lina.inka.de (Bernd Eckenfels) Date: Thu, 20 Oct 2011 05:30:50 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F8461.5030706@ruhr-uni-bochum.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> Message-ID: <4E9F95EA.9090205@lina.inka.de> Am 20.10.2011 04:16, schrieb Marcus Brinkmann: > You are right that it is a challenge to get the support in the providers the lowest efford are discovery via personal web pages like doing XDR or maybe webfinger. Most users wont be able to have special RRs - not even for their own domains (which is also rather seldom). I would use like openID does. Gruss Bernd From rjh at sixdemonbag.org Thu Oct 20 14:30:35 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Oct 2011 08:30:35 -0400 Subject: The problem is "motivational" In-Reply-To: <4E9FB410.2090901@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> Message-ID: <4EA0146B.9070905@sixdemonbag.org> On 10/20/2011 1:39 AM, M.R. wrote: > Interesting. However, the problem of widening email encryption > practice is not technical, it is motivational. Absolutely agreed. Shirley Gaw, Ed Felten and Patricia Fernandez-Kelly had a wonderful paper a few years ago, "Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted Email" which covers this subject. It's eye-opening reading, which is why I bring it up as often as I can. :) http://www.cs.princeton.edu/~sgaw/publications/01Feb-Activists-sgaw-CHI2006.pdf From gnupg.user at seibercom.net Thu Oct 20 15:26:29 2011 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 20 Oct 2011 09:26:29 -0400 Subject: Expired keys In-Reply-To: <201110191617.23075.mailinglisten@hauke-laging.de> References: <20111019100926.47790f79@scorpio> <201110191617.23075.mailinglisten@hauke-laging.de> Message-ID: <20111020092629.4b431d26@scorpio> On Wed, 19 Oct 2011 16:17:22 +0200 Hauke Laging articulated: > Am Mittwoch, 19. Oktober 2011, 16:09:26 schrieb Jerry: > > I have several keys listed as expired. The key is listed as having > > only a public part. All attempts at deleting these keys has failed. > > How do I go about removing them? > > It would be helpful to know what you have done and what happened. > Have you tried that with gpg or a GUI? I have tried using the GUI. What would be the proper way to do it from the CLI? I am afraid of removing the wrong keys? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From mwood at IUPUI.Edu Thu Oct 20 15:56:38 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 20 Oct 2011 09:56:38 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F8461.5030706@ruhr-uni-bochum.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> Message-ID: <20111020135638.GC10034@IUPUI.Edu> What proportion of consumer-grade ISPs have bothered to implement DNSSEC for serving their customers? I don't think mine does, and they're a big outfit. If I asked, I expect they'd think I was speaking Aldebaranese or something. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mwood at IUPUI.Edu Thu Oct 20 16:17:59 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 20 Oct 2011 10:17:59 -0400 Subject: The problem is "motivational" In-Reply-To: <4E9FB410.2090901@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> Message-ID: <20111020141759.GD10034@IUPUI.Edu> On Thu, Oct 20, 2011 at 05:39:28AM +0000, M.R. wrote: > On the other hand, I keep wondering: why are we (and we obviously > are, witness this paper and the initiative behind it) so motivated > to spread the gospel of e-mail encryption among those that completely > lack the motivation for it? o Philosophical: I just think that communication channels should be encrypted unless someone demonstrates a good reason not to. Perhaps it comes under the heading of not tempting others to sin. :-) o Protective coloration: if email is normally encrypted, this further weakens the already-stupid argument that "if you want this much privacy then you must be up to no good." o Weariness of "duh moments": some people throw their secrets around like confetti and then get all bent out of shape when this comes back to bite them. Saying, "well, you could easily have protected yourself with X if you cared" is always unrewarding and always hard to eschew. I'd rather not be tempted. o Taking unenthusiasm personally: we obviously think this stuff is interesting and useful, and it can feel kind of insulting that others don't. o The telephone quandary: if *I* want to communicate securely with you, then I need for *you* to have a compatible secure means of communication. (If I'm the only person with a telephone, whom can I call?) o Cassandra complex: the vague feeling that Something Bad Will Happen And I Didn't Warn Them. That's all I can think of right now. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mwood at IUPUI.Edu Thu Oct 20 16:24:23 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 20 Oct 2011 10:24:23 -0400 Subject: The problem is "motivational" In-Reply-To: <4E9FB410.2090901@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> Message-ID: <20111020142423.GE10034@IUPUI.Edu> BTW I "have nothing to hide" but like my privacy anyway. Privacy is essential for maintaining personal boundaries, as well as security. (That said, the vast majority of my use of crypto in email is to establish identity, not to protect privacy. I *want* to be positively identifiable in most circumstances.) -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mwood at IUPUI.Edu Thu Oct 20 16:37:00 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 20 Oct 2011 10:37:00 -0400 Subject: The problem is "motivational" In-Reply-To: <871uu8xalm.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> <871uu8xalm.fsf@vigenere.g10code.de> Message-ID: <20111020143700.GF10034@IUPUI.Edu> I suspect that, for many, "too hard to do" is not as significant a factor as "too hard to believe in". Over here, doctors' offices have at last been dragged, kicking and screaming, into the mid 20th century and will at least use FAX to transmit prescriptions to the pharmacy, but mention e-mail and they back away making the sign against the evil eye, because they "know" it's not secure. The office staff would all die of apoplexy if I told them how I *want* it to work -- not because my notions are insecure, but because they don't understand why those notions *are* secure. (Assuming they are. :-) -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mailinglisten at hauke-laging.de Thu Oct 20 17:00:17 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 20 Oct 2011 17:00:17 +0200 Subject: Expired keys In-Reply-To: <20111020092629.4b431d26@scorpio> References: <20111019100926.47790f79@scorpio> <201110191617.23075.mailinglisten@hauke-laging.de> <20111020092629.4b431d26@scorpio> Message-ID: <201110201700.21933.mailinglisten@hauke-laging.de> Am Donnerstag, 20. Oktober 2011, 15:26:29 schrieb Jerry: > I have tried using the GUI. What would be the proper way to do it from > the CLI? I am afraid of removing the wrong keys? gpg --delete-key There is a confirmation in order to avoid removing the wrong ones. But you can give the fingerprint as identifier. This removes public keys only so you can hardly cause real damage. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From gnupg.user at seibercom.net Thu Oct 20 17:23:28 2011 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 20 Oct 2011 11:23:28 -0400 Subject: Expired keys In-Reply-To: <201110201700.21933.mailinglisten@hauke-laging.de> References: <20111019100926.47790f79@scorpio> <201110191617.23075.mailinglisten@hauke-laging.de> <20111020092629.4b431d26@scorpio> <201110201700.21933.mailinglisten@hauke-laging.de> Message-ID: <20111020112328.7ccbc357@scorpio> On Thu, 20 Oct 2011 17:00:17 +0200 Hauke Laging articulated: > Am Donnerstag, 20. Oktober 2011, 15:26:29 schrieb Jerry: > > > I have tried using the GUI. What would be the proper way to do it > > from the CLI? I am afraid of removing the wrong keys? > > gpg --delete-key > > There is a confirmation in order to avoid removing the wrong ones. > But you can give the fingerprint as identifier. > > This removes public keys only so you can hardly cause real damage. OK, that will work from the command line. Is there a way to delete all expired keys at once, or do I have to continually enter the key name one at a time. There are a lot of them and I would rather do it in one move if possible. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Kiss your keyboard goodbye! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From makrober at gmail.com Thu Oct 20 17:34:29 2011 From: makrober at gmail.com (M.R.) Date: Thu, 20 Oct 2011 15:34:29 +0000 Subject: The problem is "motivational" In-Reply-To: <4EA0146B.9070905@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> <4EA0146B.9070905@sixdemonbag.org> Message-ID: <4EA03F85.2000209@gmail.com> On 20/10/11 12:30, Robert J. Hansen wrote: > ...Shirley Gaw, Ed Felten and Patricia Fernandez-Kelly > had a wonderful paper a few years ago, "Secrecy, Flagging, and Paranoia: > Adoption Criteria in Encrypted Email"... Thanks for the link, interesting reading. The quote from the paper that follows demonstrates, I believe, that the authors follow the dogma of "all mail should be encrypted, even if it is of no benefit to the mail sender and reciever, because it is of benfit to others": ...but it was a huge cognitive leap to go from protecting secrets in an individual message to obfuscating secrets using everyone else?s messages... I also believe this dogma is behind Werner's first follow-up to my post: > Because we, who care about privacy, are affected by those who don't care. I propose this way of thinking is counterproductive. It will not succeed in any meaningful way, because "encryption by default" is a completely unrealistic goal in today's environment of multiple mail end-user platforms, plethora of client applications, uncooperative mail service operators and hostile universal surveillance culture, and, last but not least, by the legions of users who resent it because they "have nothing to hide". Any "solution" which marshals mail service operators and ISP's into the trust chain is however recklessly endangering those that might "have something to hide", by giving them false sense of security. I therefore propose that this dogma should be re-examined, and if and when abandoned, released energy be directed towards addressing the outstanding issues of those that know they need to protect their communication and are motivated to do so. Mark R. From rjh at sixdemonbag.org Thu Oct 20 17:52:08 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Oct 2011 11:52:08 -0400 Subject: The problem is "motivational" In-Reply-To: <4EA03F85.2000209@gmail.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> <4EA0146B.9070905@sixdemonbag.org> <4EA03F85.2000209@gmail.com> Message-ID: <4EA043A8.2060301@sixdemonbag.org> On 10/20/11 11:34 AM, M.R. wrote: > I propose this way of thinking is counterproductive. It will not > succeed in any meaningful way, because "encryption by default" > is a completely unrealistic goal... "Only he who attempts the absurd is capable of achieving the impossible." -- Miguel de Unamuno "He who says a thing cannot be done is expressly forbidden from interfering with one who is doing it." -- Anonymous I'm sympathetic to your position. I think it's an impossible goal and one that will never be realized. That said, I also think it's possible I may be mistaken, and for that reason I'm not going to attempt to persuade smart people to stop attempting the absurd. By all means, you should direct your energies to where you feel they can do the most good -- but we should also respect their decisions about where they feel their energies can do the most good. :) From jeandavid8 at verizon.net Thu Oct 20 18:09:37 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Thu, 20 Oct 2011 12:09:37 -0400 Subject: The problem is "motivational" In-Reply-To: <4EA043A8.2060301@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9FB410.2090901@gmail.com> <4EA0146B.9070905@sixdemonbag.org> <4EA03F85.2000209@gmail.com> <4EA043A8.2060301@sixdemonbag.org> Message-ID: <4EA047C1.8090906@verizon.net> Robert J. Hansen wrote: > On 10/20/11 11:34 AM, M.R. wrote: >> I propose this way of thinking is counterproductive. It will not >> succeed in any meaningful way, because "encryption by default" >> is a completely unrealistic goal... > > "Only he who attempts the absurd is capable of achieving the > impossible." -- Miguel de Unamuno > > "He who says a thing cannot be done is expressly forbidden from > interfering with one who is doing it." -- Anonymous "The Reasonable man adapts himself to the world. "The Unreasonable one persists in trying to adapt the world to himself. "Therefore all progress depends on the unreasonable man. George Bernard Shaw. > > > I'm sympathetic to your position. I think it's an impossible goal and > one that will never be realized. That said, I also think it's possible > I may be mistaken, and for that reason I'm not going to attempt to > persuade smart people to stop attempting the absurd. > > By all means, you should direct your energies to where you feel they can > do the most good -- but we should also respect their decisions about > where they feel their energies can do the most good. :) > -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 12:05:01 up 13 days, 20:38, 4 users, load average: 4.49, 4.55, 4.51 From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 21 01:46:02 2011 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 21 Oct 2011 01:46:02 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111020202558.GA2761@qp> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> Message-ID: <4EA0B2BA.30303@ruhr-uni-bochum.de> On 10/20/2011 10:25 PM, Matthias-Christian Ott wrote: > But who are the providers? Except for people who work in computer > science, physics or similar fields I don't know people who run their own > mail servers or are part of a cooperative. Most other people use a > handful of providers who often offer free service in exchange for the > loss of privacy or at least some form of semi-targeted advertisement. Do > you expect those providers to ruin their business models by implementing > this proposal? I wouldn't count on them. Maybe. But the only way to fail for certain is by not trying. There are other business models and market pressures beside those that you are highlighting. It's not easy to predict. > Perhaps the providers could also be forced by law not to implement > this, because (if I remember correctly) come countries require that > they store at least the header information (including subject, which > should also be encryted by the system) for traffic analysis. So in > the worst case the providers couldn't implement this without breaking > the law (I doubt that citizens could use the system without breaking the > law in this situation either, but individuals are often more venturous > than organisations). STEED is fully compatible with existing mail encryption, so we do not include the headers in the plaintext. I am not an expert, but as far as I know the regulation usually demands to store connection data that is available, it does not ask for data that is not available for whatever reason. I think your interpretation of the regulations in that area is overly pessimistic, but I could be wrong. Maybe you can verify this? > What about making everyone their own provider? The efforts in this > direction intiated by Eben Moglen that lead to the FreedomBox and other > projects seem to go in the right direction. It doesn't seem to me less > realistic than requiring cooperation from providers. I think everybody deserves private email communication, not only those who are willing to be their own provider. We don't expect people to carry out their own snail mail letters either, and the business model of the post office does not require spying on the letters. Now, it may be the case that the freedom box is (or will be) a more attractive way for people to do email, and everybody will use it and nobody will use proprietary email service providers. That would be excellent! The FreedomBox project is a very important project, and it deserves our strongest support possible. If it is a better alternative, we still need to convince the FreedomBox project to adopt the STEED proposal (not a single word in the paper would have to change). And I agree that this is an overall more appealing task than trying to convince the proprietary providers. But, we have to go where the users are, and we have to try our best to get the providers cooperation. There is no benefit in ignoring them and their users just for our convenience. If this is too daunting for you, please remember that we do not have to get their active cooperation. If they accept it grudgingly because not following along would be bad business (or illegal), then that's good enough. That requires that we raise the state of the art in the field. Maybe you are still not convinced. Then let me give you an illustrative analogy. (Disclaimer: I am not associated with SawStop or anybody involved, nor have I met anybody involved or used their product). An inventor created a table saw that can prevent injury by stopping the blade as soon as it is touched by human flesh ("SawStop"). According to the inventory, he could not get the technology to be marketed by the big table saw companies. His claim is that the companies think that by raising the safety measures in the table saw, they would be more liable for table saw accidents, which would make them subject to litigation. Eventually he created his own SawStop product line. Now, after several years, lawmakers and regulators have taken notice and might make sawstop like technology mandatory in table saws. Now, maybe SawStop is bad technology, maybe it's good. But at least something is true: As long as no candidate technology like it exists, the question doesn't even come up. That's the state we are at with email encryption. Everybody who tried has learned that email encryption is not worth the hassle. Everybody who hasn't tried just expects email to be secure and might not even be aware that it is not. It's time to change that equation, don't you think? The good news is that STEED will integrate extremely well in P2P systems. The dependency on a provider in STEED is not integral to the proposal, but just a consequence of people already relying on their providers infrastructure for everything else. If users use different infrastructure, STEED will also work over that infrastructure just as well. Thanks, Marcus From richard at r-selected.de Fri Oct 21 00:59:34 2011 From: richard at r-selected.de (Richard) Date: Fri, 21 Oct 2011 00:59:34 +0200 Subject: Expired keys In-Reply-To: <20111020112328.7ccbc357@scorpio> References: <20111019100926.47790f79@scorpio> <201110191617.23075.mailinglisten@hauke-laging.de> <20111020092629.4b431d26@scorpio> <201110201700.21933.mailinglisten@hauke-laging.de> <20111020112328.7ccbc357@scorpio> Message-ID: On Thu, Oct 20, 2011 at 17:23, Jerry wrote: > Is there a way to delete all > expired keys at once Have a look at gpgkeymgr (http://nudin.github.com/GnuPGP-Tools/), that's probably what you want. Best, Richard From MichaelQuigley at TheWay.Org Fri Oct 21 03:08:19 2011 From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org) Date: Thu, 20 Oct 2011 21:08:19 -0400 Subject: The problem is "motivational" In-Reply-To: Message-ID: > ----- Message from "M.R." on Thu, 20 Oct 2011 > 15:34:29 +0000 ----- > > To: > > gnupg-users at gnupg.org > > Subject: > > Re: The problem is "motivational" > > On 20/10/11 12:30, Robert J. Hansen wrote: . . . . . . . . . > > > Because we, who care about privacy, are affected by those who > don't care. > > I propose this way of thinking is counterproductive. And what of the other responses which stated other specific needs to make encryption universal? I especially can appreciate Mark Wood's comment on "The telephone quandary." My use of encrypted e-mail is severely limited because so many of those with whom I communicate wouldn't have a clue how to acquire, install, configure, or use encryption. > It will not > succeed in any meaningful way, because "encryption by default" > is a completely unrealistic goal in today's environment of > multiple mail end-user platforms, plethora of client applications, > uncooperative mail service operators and hostile universal surveillance > culture, and, last but not least, by the legions of users who resent > it because they "have nothing to hide". Any "solution" which marshals > mail service operators and ISP's into the trust chain is however > recklessly endangering those that might "have something to hide", > by giving them false sense of security. > The proposal doesn't preclude those that "might have something to hide" from seeking other sources of encryption keys. It merely allows far wider use of encryption in general. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Oct 21 10:14:40 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Oct 2011 10:14:40 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA0B2BA.30303@ruhr-uni-bochum.de> (Marcus Brinkmann's message of "21 Oct 2011 01:46:02 +0200") References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> <4EA0B2BA.30303@ruhr-uni-bochum.de> Message-ID: <87aa8uwykv.fsf@vigenere.g10code.de> On Fri, 21 Oct 2011 01:46, marcus.brinkmann at ruhr-uni-bochum.de said: > not ask for data that is not available for whatever reason. I think your > interpretation of the regulations in that area is overly pessimistic, but I > could be wrong. Maybe you can verify this? Actually the German Federal commissioner for data protection demands the use of strong encryption. According to him the message-escrow-able de-mail.de law and services are not suitable for private messages. [1] Salam-Shalom, Werner [1] In German: -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ott at mirix.org Thu Oct 20 22:25:58 2011 From: ott at mirix.org (Matthias-Christian Ott) Date: Thu, 20 Oct 2011 22:25:58 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4E9F8461.5030706@ruhr-uni-bochum.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> Message-ID: <20111020202558.GA2761@qp> On Thu, Oct 20, 2011 at 04:16:01AM +0200, Marcus Brinkmann wrote: > On 10/19/2011 09:30 PM, Peter Lebbing wrote: > > However, I think you're not ambitious enough when you opt for using DNS for key > > distribution. Yes, the infrastructure and RR types[1] are already there. But it > > brings this nasty dependency on the provider. Because the part of the client > > updates to the DNS is a key missing part in the DNS infrastructure as today, and > > I don't see providers adding that soon. > > You are right that it is a challenge to get the support in the providers, but > note that changes in the mail client are required anyway. Sure, changing the > client and changing the DNS infrastructure are two different kind of beasts, > but we probably can not do without the providers completely if we want > ubiquitous support. But who are the providers? Except for people who work in computer science, physics or similar fields I don't know people who run their own mail servers or are part of a cooperative. Most other people use a handful of providers who often offer free service in exchange for the loss of privacy or at least some form of semi-targeted advertisement. Do you expect those providers to ruin their business models by implementing this proposal? I wouldn't count on them. Perhaps the providers could also be forced by law not to implement this, because (if I remember correctly) come countries require that they store at least the header information (including subject, which should also be encryted by the system) for traffic analysis. So in the worst case the providers couldn't implement this without breaking the law (I doubt that citizens could use the system without breaking the law in this situation either, but individuals are often more venturous than organisations). What about making everyone their own provider? The efforts in this direction intiated by Eben Moglen that lead to the FreedomBox and other projects seem to go in the right direction. It doesn't seem to me less realistic than requiring cooperation from providers. Regards, Matthias-Christian From johanw at vulcan.xs4all.nl Fri Oct 21 14:21:24 2011 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 21 Oct 2011 14:21:24 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111020202558.GA2761@qp> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> Message-ID: <4EA163C4.6030604@vulcan.xs4all.nl> On 20-10-2011 22:25, Matthias-Christian Ott wrote: > What about making everyone their own provider? Is that technically equivalent to running your own mailserver? Because that also gives some problems: I run my own server at vulcan.xs4all.nl (bsmtp at a subdomain of my provider) but get some mails bounced because of ecessive anti-spam filters that complain about no reverse DNS. -- Met vriendelijke groet / With kind regards, Johan Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From jeandavid8 at verizon.net Fri Oct 21 16:12:24 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Fri, 21 Oct 2011 10:12:24 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111020202558.GA2761@qp> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> Message-ID: <4EA17DC8.5020206@verizon.net> Matthias-Christian Ott wrote: > > What about making everyone their own provider? The efforts in this > direction intiated by Eben Moglen that lead to the FreedomBox and other > projects seem to go in the right direction. It doesn't seem to me less > realistic than requiring cooperation from providers. > I was my own provider for many years, and that was easy enough. I got a static IP address from my ISP for $10/month and ran sendmail as my MTA. I used mutt am MUA. But when I switched to Verizon as ISP in order to get FiOS, they wanted $150/month for a static IP address and an additional fee (I forget what it was) to be allowed to run sendmail as a server. Verizon is a great ISP 8-( They discontinued Usenet, so I have to pay a fee to another provider to use Usenet. They did not reduce their fees when the reduced the level of service. Greed and Profit before Service: it is the American way. 8-( -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 10:05:01 up 19:11, 4 users, load average: 4.93, 4.98, 5.11 From christophe.brocas at cnamts.fr Fri Oct 21 16:22:25 2011 From: christophe.brocas at cnamts.fr (Christophe Brocas) Date: Fri, 21 Oct 2011 16:22:25 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA17DC8.5020206@verizon.net> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> <4EA17DC8.5020206@verizon.net> Message-ID: <4EA18021.1030302@cnamts.fr> Le 21/10/2011 16:12, Jean-David Beyer a ?crit : > Matthias-Christian Ott wrote: > >> What about making everyone their own provider? The efforts in this >> direction intiated by Eben Moglen that lead to the FreedomBox and other >> projects seem to go in the right direction. It doesn't seem to me less >> realistic than requiring cooperation from providers. >> > I was my own provider for many years, and that was easy enough. I got a > static IP address from my ISP for $10/month and ran sendmail as my MTA. > I used mutt am MUA. > > But when I switched to Verizon as ISP in order to get FiOS, they wanted > $150/month for a static IP address and an additional fee (I forget what > it was) to be allowed to run sendmail as a server. > > Verizon is a great ISP 8-( They discontinued Usenet, so I have to pay a > fee to another provider to use Usenet. They did not reduce their fees > when the reduced the level of service. Greed and Profit before Service: > it is the American way. 8-( > Whaou ... In France, the second ISP (http://www.free.fr/ ) gives a static IP by default with port filtering and no bandwith usage limit. BR Christophe ***************************************************** "Le contenu de ce courriel et ses ?ventuelles pi?ces jointes sont confidentiels. Ils s'adressent exclusivement ? la personne destinataire. Si cet envoi ne vous est pas destin?, ou si vous l'avez re?u par erreur, et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre ? d'autres personnes ni le reproduire. Merci de le renvoyer ? l'?metteur et de le d?truire. Attention : L'organisme de l'?metteur du message ne pourra ?tre tenu responsable de l'alt?ration du pr?sent courriel. Il appartient au destinataire de v?rifier que les messages et pi?ces jointes re?us ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses ?ventuelles pi?ces jointes sont celles de l'?metteur. Elles ne refl?tent pas la position de l'organisme sauf s'il en est dispos? autrement dans le pr?sent courriel." ****************************************************** From expires2011 at ymail.com Fri Oct 21 19:55:47 2011 From: expires2011 at ymail.com (MFPA) Date: Fri, 21 Oct 2011 18:55:47 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <87hb34xcds.fsf@vigenere.g10code.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> Message-ID: <11355546.20111021185547@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 20 October 2011 at 10:04:15 AM, in , Werner Koch wrote: > Most users don't have personal web pages. So what now? > Well many users have a facebook page - but this would > make facebook mandatory and we woold need support from > them (at least to guarantee that they don't break any > assumptions). Not much different to work with ISPs. If you are trying to get people to think about privacy, maybe suggesting Diaspora as an alternative to Facebook is a direction to consider... - -- Best regards MFPA mailto:expires2011 at ymail.com War is a matter of vital importance to the State. -----BEGIN PGP SIGNATURE----- iQCVAwUBTqGyM6ipC46tDG5pAQr6+AP/dG6q9Z58HD7RVZI5h1EYEA6yDZ2Rfx/p 9zLGMKGh2QY1gYpBqG70g78IZnk01aG62MIALmRReHs6plqR7fjnASZZikItZDQY IdG8J6B7yCVdA39phiABYoVbIDYeInyxJzMIWDVUDp1gyEYN55CVRmYUO1QslsuV 2VVad3uNL2c= =wf9G -----END PGP SIGNATURE----- From Siemons at CleanFuels.nl Fri Oct 21 11:21:59 2011 From: Siemons at CleanFuels.nl (Roland Siemons (P)) Date: Fri, 21 Oct 2011 11:21:59 +0200 Subject: Win7: Kleopatra does not open Message-ID: <4EA139B7.7090600@CleanFuels.nl> Dear Forum, I recently installed GnuPG (Gpg4Win). My purpose is to be able to create encrypted files for exchange via email. No integration with an email client such as Thunderbird. Therefore I need to be able to execute Kleopatra or GPA. Unfortunately Kleopatra does not work. I tried both from a desktop shortcut, and the command prompt (terminal). Just no reaction at all. I tried several re-installs. On 2 occasions it got working, but gave up a day later. Reinstall .... some success, and then failure again ... Any suggestions? Best regards, Roland Siemons From hka at qbs.com.pl Sat Oct 22 12:36:02 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Sat, 22 Oct 2011 12:36:02 +0200 Subject: Win7: Kleopatra does not open In-Reply-To: <4EA139B7.7090600@CleanFuels.nl> References: <4EA139B7.7090600@CleanFuels.nl> Message-ID: <201110221236.06907.hka@qbs.com.pl> On Friday 21 of October 2011 11:21:59 Roland Siemons (P) wrote: > Therefore I need to be able to execute Kleopatra or GPA. Unfortunately > Kleopatra does not work. Kleopatra is part of KDE, so you may have more luck with asking on the KDE mailinglist. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From richard at r-selected.de Sat Oct 22 13:23:20 2011 From: richard at r-selected.de (Richard) Date: Sat, 22 Oct 2011 13:23:20 +0200 Subject: Win7: Kleopatra does not open In-Reply-To: <4EA139B7.7090600@CleanFuels.nl> References: <4EA139B7.7090600@CleanFuels.nl> Message-ID: Hi Roland, On Fri, Oct 21, 2011 at 11:21, Roland Siemons (P) wrote: On 2 occasions it got working, but gave up a > day later. Reinstall .... some success, and then failure again ... > > Any suggestions? do you see the Kleopatra process running in the task manager? If it's shown as running, could you look into the task bar? Maybe Kleopatra is hiding as a small tray icon there. Richard From yyy at yyy.id.lv Sat Oct 22 13:34:36 2011 From: yyy at yyy.id.lv (yyy) Date: Sat, 22 Oct 2011 14:34:36 +0300 Subject: Win7: Kleopatra does not open In-Reply-To: <4EA139B7.7090600@CleanFuels.nl> References: <4EA139B7.7090600@CleanFuels.nl> Message-ID: <136118713.20111022143436@yyy.id.lv> Hello Roland, Friday, October 21, 2011, 12:21:59 PM, you wrote: > Therefore I need to be able to execute Kleopatra or GPA. Unfortunately > Kleopatra does not work. I tried both from a desktop shortcut, and the > command prompt (terminal). Just no reaction at all. > I tried several re-installs. On 2 occasions it got working, but gave up > a day later. Reinstall .... some success, and then failure again ... Kleopatra seems to be part of gpg4win, which has its own mailinglist (Gpg4win-users-en at wald.intevation.org). What are your language settings? I had a similar problem (it was reproducible in winxp and windows vista). See: http://lists.wald.intevation.org/pipermail/gpg4win-users-en/2011-April/000598.html and the rest of thread. (Kleopatra works only in english windows (maybe german too)). -- Best regards, yyy mailto:yyy at yyy.id.lv From me at davidmanouchehri.com Sun Oct 23 01:32:30 2011 From: me at davidmanouchehri.com (David Manouchehri) Date: Sat, 22 Oct 2011 19:32:30 -0400 Subject: Win7: Kleopatra does not open In-Reply-To: <4EA139B7.7090600@CleanFuels.nl> References: <4EA139B7.7090600@CleanFuels.nl> Message-ID: <4EA3528E.3090904@davidmanouchehri.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Roland, What version of Windows are you running? Could you start Kleopatra from cmd and then paste the output for us? Is Gpg4win running fine on its own? Thank you, David Manouchehri me at davidmanouchehri.com http://www.davidmanouchehri.com/ On 10/21/2011 05:21 AM, Roland Siemons (P) wrote: > Dear Forum, > > I recently installed GnuPG (Gpg4Win). My purpose is to be able to create encrypted files for exchange via email. No integration with an email client such as Thunderbird. > > Therefore I need to be able to execute Kleopatra or GPA. Unfortunately Kleopatra does not work. I tried both from a desktop shortcut, and the command prompt (terminal). Just no reaction at all. > I tried several re-installs. On 2 occasions it got working, but gave up a day later. Reinstall .... some success, and then failure again ... > > Any suggestions? > > Best regards, > > Roland Siemons > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOo1KNAAoJEBRGiElwwjoZgq0P/R2waRSXyIg59v9mBq4HeGRq F6tzhbqvhb4plty5KWqkmO4uuD/nSGNEtQJqqU7LTVOfNb/hakjnA0K3I88sLC/g Zr0rQsPZYGH8FzwxwkcCETdM3WOdGWq9F99QDjkBk4u+L/OSalzybNAfqjBlO6a0 134x5jtgMUqeGLvahn14Ph513YWtqv28fMEjNlYdID8Rn4s61uO2/YyT1VxGIAC4 vd0kkpI/BPDFnhqRUzLkWfdyYHh+ffDxSQnMkk+xyHshUqIVR32+8fKWk7adA6IL ywWB6fPqvLpfxb81lml3WMoDwt11wp56Wwpi6q9MNQx6hiSL6BAcFNsSeQkN0GZt IagXCtLRPvqQX4Sjm7O+HribSrQSoUnQB7h2v1FgQ6c83/zDOULOXARKYU1Kid91 iXJ5H1SqBnDGM+C86zIgl7FaXkbAXZ7PRMFlHgPXTsW0p6UbfHrrDIx75A4g90Be 7g58MA7O+GVR3e0fxs9seBQq8nN4DqbN1vHZzwkFXN+916dadpPqaI2uRsPZlKbN EIlbsTDHYt6cZbAlsY1BFhHfnrCKtMueNHdodr0Zfz6brwnFy182aza/bILf2ScU qRqIIY2nqh4HrA7zanw9Uwmz2F3jpakb7yZ7ezx86ltaDqPqYdy1b7Gb1AJo3fZW am8qTCprVkFJP+YfPPep =WvcN -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at ruhr-uni-bochum.de Sun Oct 23 22:56:57 2011 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 23 Oct 2011 22:56:57 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111023164459.GA3339@qp> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> <4EA0B2BA.30303@ruhr-uni-bochum.de> <20111023164459.GA3339@qp> Message-ID: <4EA47F99.8040106@ruhr-uni-bochum.de> Hi Matthias-Christian, thanks for your comments, I think they are entirely correct. With respect to convincing ISPs, STEED is not a complete proposal yet. The STEED paper covers the technical aspects of making email encryption usable for the user. It does not cover the policies of the parties involved and strategies to break down walls of tradition. I think there are good reasons for this. It is easier to present the technical aspects in the form of a paper, while the policy stuff is probably more a learning process that involves entering a dialogue of multiple parties. Also, success of STEED may depend on external policy changes to some extent. When those happen, we should already be in place, though. So, you summed it up best: "there is a lot to be done" Thanks, Marcus From ott at mirix.org Sun Oct 23 18:50:16 2011 From: ott at mirix.org (Matthias-Christian Ott) Date: Sun, 23 Oct 2011 18:50:16 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA0B2BA.30303@ruhr-uni-bochum.de> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <20111020202558.GA2761@qp> <4EA0B2BA.30303@ruhr-uni-bochum.de> Message-ID: <20111023164459.GA3339@qp> On Fri, Oct 21, 2011 at 01:46:02AM +0200, Marcus Brinkmann wrote: > On 10/20/2011 10:25 PM, Matthias-Christian Ott wrote: > > But who are the providers? Except for people who work in computer > > science, physics or similar fields I don't know people who run their own > > mail servers or are part of a cooperative. Most other people use a > > handful of providers who often offer free service in exchange for the > > loss of privacy or at least some form of semi-targeted advertisement. Do > > you expect those providers to ruin their business models by implementing > > this proposal? I wouldn't count on them. > > Maybe. But the only way to fail for certain is by not trying. There are > other business models and market pressures beside those that you are > highlighting. It's not easy to predict. I agree, there are other business models and perhaps there will be demand for this, but I just summarised the service providers almost all ?non-technical? people I communicate with use. > > Perhaps the providers could also be forced by law not to implement > > this, because (if I remember correctly) come countries require that > > they store at least the header information (including subject, which > > should also be encryted by the system) for traffic analysis. So in > > the worst case the providers couldn't implement this without breaking > > the law (I doubt that citizens could use the system without breaking the > > law in this situation either, but individuals are often more venturous > > than organisations). > > STEED is fully compatible with existing mail encryption, so we do not include > the headers in the plaintext. I am not an expert, but as far as I know the > regulation usually demands to store connection data that is available, it does > not ask for data that is not available for whatever reason. I think your > interpretation of the regulations in that area is overly pessimistic, but I > could be wrong. Maybe you can verify this? I'm not aware of any overview of e-mail data rentention, so I don't have complete picture, but a quick search on EU data retention laws showed that only SMTP envelope data is officially stored, so at least in these countries it's not a problem (though I think the subject should be encrypted as well). Moreover, I agree that as long as the body and thus the actual contents are not stored there is reason why a provider could break the law by providing STEED services to their costumers. Fortunately many countries have laws to garantuee (at leas in theory) privacy of correspondance and these laws of a long tradition, so it seems hard to abolish them. However, I see the possibility that providers could be forced to cooperate with government agencies, but this would have little impact and would require bigger efforts to ?break? STEED this way (e.g. MITM attacks by publishing false keys for new contacts). > > What about making everyone their own provider? The efforts in this > > direction intiated by Eben Moglen that lead to the FreedomBox and other > > projects seem to go in the right direction. It doesn't seem to me less > > realistic than requiring cooperation from providers. > > I think everybody deserves private email communication, not only those who are > willing to be their own provider. We don't expect people to carry out their > own snail mail letters either, and the business model of the post office does > not require spying on the letters. I agree, but I also talked to people who don't care about privacy (nothing to hide) and don't understand it. Therefore, it is important not to rely on the market to provide the means for private e-mail communication (do it yourself instead of relying on other people to do it). > But, we have to go where the users are, and we have to try our best to get the > providers cooperation. There is no benefit in ignoring them and their users > just for our convenience. Let's say you had the opportunity to convince a smaller independent hosting provider that e.g. sells web hosting, e-mail and resells internet connectivity, how would you do this? There had to be real demand and easily installable and maintainable software to convince them to implement STEED. Recently I did some search and inquiries on DNSSEC, for which there is argueably real demands from private and enterprise customers and there is working software, but only relatively few companies worldwide offer it and I don't expect it to be widely deployed within the next years. However, people running their own server have it running or at leas prepared (waiting for the registras to close the trust chain by submitting their public key to the registry) for some time now. > Maybe you are still not convinced. Then let me give you an illustrative > analogy. (Disclaimer: I am not associated with SawStop or anybody involved, > nor have I met anybody involved or used their product). An inventor created a > table saw that can prevent injury by stopping the blade as soon as it is > touched by human flesh ("SawStop"). According to the inventory, he could not > get the technology to be marketed by the big table saw companies. His claim > is that the companies think that by raising the safety measures in the table > saw, they would be more liable for table saw accidents, which would make them > subject to litigation. Eventually he created his own SawStop product line. > Now, after several years, lawmakers and regulators have taken notice and might > make sawstop like technology mandatory in table saws. > > Now, maybe SawStop is bad technology, maybe it's good. But at least something > is true: As long as no candidate technology like it exists, the question > doesn't even come up. That's the state we are at with email encryption. > Everybody who tried has learned that email encryption is not worth the hassle. > Everybody who hasn't tried just expects email to be secure and might not even > be aware that it is not. It's time to change that equation, don't you think? I agree, but there is a lot to be done. If the technical specification is done and there is working software, there really hard work just begins as I tried to demonstrate by taking DNSSEC as an example. Regards, Matthias-Christian From mwood at IUPUI.Edu Mon Oct 24 17:15:16 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 24 Oct 2011 11:15:16 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <11355546.20111021185547@my_localhost> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> Message-ID: <20111024151516.GA5109@IUPUI.Edu> On Fri, Oct 21, 2011 at 06:55:47PM +0100, MFPA wrote: > If you are trying to get people to think about privacy, maybe > suggesting Diaspora as an alternative to Facebook is a direction to > consider... I would suggest that, if you are trying to get people to think about privacy, about the only thing worth saying to them (initially) is to point out real-life examples of bad things happening to average people who didn't think about privacy. No one can desire salvation until he believes that he is in jeopardy. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From rjh at sixdemonbag.org Mon Oct 24 17:24:40 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Oct 2011 11:24:40 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111024151516.GA5109@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> Message-ID: <4EA58338.7080204@sixdemonbag.org> On 10/24/11 11:15 AM, Mark H. Wood wrote: > No one can desire salvation until he believes that he is in jeopardy. Although hellfire-and-damnation preachers are a popular cultural idea, they're really quite rare: most preachers go more for the John 10:10 angle [*]. They've found through centuries of proselytization experience that things work better if you pitch the benefit of the faith, rather than the hypothesized penalties if you live without it. The relevance here should be plain: we need to pitch the benefits of confidential and assured communications, not the hypothetical penalties if they fail to take our advice. [*] "I am come that they might have life, and that they might have it more abundantly." John 10:10, KJV -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From mwood at IUPUI.Edu Mon Oct 24 18:02:07 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 24 Oct 2011 12:02:07 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA58338.7080204@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> Message-ID: <20111024160207.GB5109@IUPUI.Edu> On Mon, Oct 24, 2011 at 11:24:40AM -0400, Robert J. Hansen wrote: > On 10/24/11 11:15 AM, Mark H. Wood wrote: > > No one can desire salvation until he believes that he is in jeopardy. > > Although hellfire-and-damnation preachers are a popular cultural idea, > they're really quite rare: most preachers go more for the John 10:10 > angle [*]. They've found through centuries of proselytization > experience that things work better if you pitch the benefit of the > faith, rather than the hypothesized penalties if you live without it. And I agree with this. The problem with applying the turn-or-burn sermon to proselytization is that it requires that the audience already believes in sin and hell, and that the problem is one of raising awareness. Unbelievers...don't believe. It is fortunate to such efforts that an argument couched in terms of benefit is available. > The relevance here should be plain: we need to pitch the benefits of > confidential and assured communications, not the hypothetical penalties > if they fail to take our advice. So, in the absence of any threat, what exactly *are* those benefits? The cited passage asserts that the hearer is missing out -- he could have more than he has now. How much more can I get out of email by using crypto? What do I get, if I don't believe that my privacy is threatened or I do not value privacy? -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From rjh at sixdemonbag.org Mon Oct 24 19:25:42 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Oct 2011 13:25:42 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111024160207.GB5109@IUPUI.Edu> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> Message-ID: <4EA59F96.5050101@sixdemonbag.org> (There are two anecdotes here: the first is purely for amusement, the latter is actually meant to be on-point.) On 10/24/11 12:02 PM, Mark H. Wood wrote: > The cited passage asserts that the hearer is missing out -- he could > have more than he has now. How much more can I get out of email by > using crypto? What do I get, if I don't believe that my privacy is > threatened or I do not value privacy? In an amusing aside, I just got back from lunch at a seafood restaurant. While I was sitting there I encountered a street preacher who was wandering through the tables asking people if they were saved. She (a rare case of a woman evangelical pastor) came to my table and asked me my opinion on homosexuality. I blinked a few times at her. "You're asking me?" She repeated her question. "I'm eating *shellfish* while *wearing a shirt made of two different kinds of fabric* and you're asking me what I think of something else that's a Levitican abomination?" Management intervened a couple of seconds later and removed the street preacher from the premises. I've learned my lesson: no more citing Scripture right before lunch. :) The strange people you meet in downtown Washington D.C... With respect to your question: what we offer is privacy, but most people do not understand privacy, do not care about privacy, and would not care about privacy even if they understood it. During graduate school the politically-active members of the Computer Science department were up in arms over government surveillance. Flyers, bulletin board notices, EFF fundraising campaigns, and the like. Yet, when the Department required all TAs sign up for Facebook, in the interests of "being accessible to the undergraduates," there wasn't any outcry. I was serving as the Area Steward for the graduate student labor union and tried to drum up some outrage that we were being *required* to sign up for a privacy-annihilating 'service.' Nobody was interested -- not even the people who had flyers on their doors condemning Total Information Awareness and EFF stickers on their laptops. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From dan at geer.org Tue Oct 25 05:02:32 2011 From: dan at geer.org (dan at geer.org) Date: Mon, 24 Oct 2011 23:02:32 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: Your message of "Mon, 24 Oct 2011 13:25:42 EDT." <4EA59F96.5050101@sixdemonbag.org> Message-ID: <20111025030232.9DB8A33C98@absinthe.tinho.net> > > With respect to your question: what we offer is privacy, but most people > do not understand privacy, do not care about privacy, and would not care > about privacy even if they understood it. > > During graduate school the politically-active members of the Computer > Science department were up in arms over government surveillance. > Flyers, bulletin board notices, EFF fundraising campaigns, and the like. > Yet, when the Department required all TAs sign up for Facebook, in the > interests of "being accessible to the undergraduates," there wasn't any > outcry. I was serving as the Area Steward for the graduate student > labor union and tried to drum up some outrage that we were being > *required* to sign up for a privacy-annihilating 'service.' Nobody was > interested -- not even the people who had flyers on their doors > condemning Total Information Awareness and EFF stickers on their laptops. > You got that right, Brother. To be more pointed, how many folks on this list carry a cell phone? --dan From peter at digitalbrains.com Tue Oct 25 11:26:57 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 25 Oct 2011 11:26:57 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA59F96.5050101@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> Message-ID: <4EA680E1.6070406@digitalbrains.com> On 24/10/11 19:25, Robert J. Hansen wrote: > With respect to your question: what we offer is privacy, but most people > do not understand privacy, do not care about privacy, and would not care > about privacy even if they understood it. So if we can't motivate users by showing the bad stuff that can happen if you have no privacy, then how to do it? I don't see any other way. Which for a pessimist might imply that it is simply doomed, and we'll never have e-mail crypto by default. Though pessimists are unfortunately more often right than optimists[1], I do think the number of TLS connections between MUAs and MTAs has increased because the clients have it on by default. And I base this on absolutely nothing. Peter. PS: Nice anecdote :) [1] Curse the researchers who actually did scientific research on this! Some things are better left unknown and only speculated about :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From gnupg.user at seibercom.net Tue Oct 25 14:48:52 2011 From: gnupg.user at seibercom.net (Jerry) Date: Tue, 25 Oct 2011 08:48:52 -0400 Subject: Question regarding unknown certificates Message-ID: <20111025084852.27c43286@scorpio> I have a group of certificates listed that I am unable to delete. I have tried using GPA and from the command line. Neither works. I did a screen capture of these keys. This is the URL: http://seibercom.net/logs/FP1.png These appear to be listed in the "/usr/local/share/gnupg/com-certs.pem" file on my system. http://seibercom.net/logs/com-certs.pem Since most of these certificates appear to be expired anyway, can I just delete that file? I am not sure why they are being listed anyway. What is there purpose? I am running on a FreeBSD-8.2 amd64 system if that makes any difference. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From rjh at sixdemonbag.org Tue Oct 25 14:54:55 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 25 Oct 2011 08:54:55 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA680E1.6070406@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> Message-ID: <4EA6B19F.2020000@sixdemonbag.org> On 10/25/11 5:26 AM, Peter Lebbing wrote: > So if we can't motivate users by showing the bad stuff that can > happen if you have no privacy, then how to do it? I don't see any > other way. Years ago W.D. Richter wrote a fictitious interview between the two fictitious characters Reno Nevada and Buckaroo Banzai. It sums up my position quite well. ===== Q: You lament the decline of the great causes -- civil rights, the antiwar movement, the war on poverty, the exploration of space -- and the all-consuming preoccupation with the self in today's culture. But what gave birth to these great causes to begin with? A: Twin utopias, unfortunately: the myth of revolution and the myth of progress. Q: These are myths? A: To the extent that people believe in them as utopias, yes, which is how they were oversold in many cases. By embracing any utopia, we sow the seeds of cynicism when things don't work out as advertised. Q: Not that they've ever been tried... A: Which is the fallacy -- that big change has to happen on an institutional or national level. When it doesn't, you have the epidemic of cynicism we have today, with bean counters running the whole shooting match under the rubric of being realists. Q: So what do we failed idealists do? A: First, stop being failures. It's absurd to judge ourselves against a scale larger than our own efforts. ===== I reject your premise, which seems to be that we *should* motivate users, or that it is *possible* for us to do it. I don't think either one is true. I don't think that I -- or any group of us -- has the capability to do this, so my response to this is to let myself off the hook for it. Every now and again I'll meet someone who's interested in learning about privacy and how to protect it. I do my best to help these people along. That's what I can do, that's what's within my power, that's the standard I judge myself by -- how well I do what good I can do. It's made a world of difference in my mental health. From jeandavid8 at verizon.net Tue Oct 25 15:12:53 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Tue, 25 Oct 2011 09:12:53 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111025030232.9DB8A33C98@absinthe.tinho.net> References: <20111025030232.9DB8A33C98@absinthe.tinho.net> Message-ID: <4EA6B5D5.8020501@verizon.net> dan at geer.org wrote: >> With respect to your question: what we offer is privacy, but most >> people do not understand privacy, do not care about privacy, and >> would not care about privacy even if they understood it. >> [snip] > > You got that right, Brother. > > To be more pointed, how many folks on this list carry a cell phone? > > --dan > I carry one about half the time, but it is usually powered off unless I am expecting a call, or when I need to make one. Also about once every other month to use the GPS navigation feature. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 09:10:01 up 4 days, 18:16, 3 users, load average: 4.84, 5.14, 5.11 From peter at digitalbrains.com Tue Oct 25 16:57:01 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 25 Oct 2011 16:57:01 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA6B19F.2020000@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> Message-ID: <4EA6CE3D.7000808@digitalbrains.com> On 25/10/11 14:54, Robert J. Hansen wrote: > Every now and again I'll meet someone who's interested in learning > about privacy and how to protect it. I do my best to help these > people along. That's what I can do, that's what's within my power, > that's the standard I judge myself by -- how well I do what good I can do. The problem with the current proposal in that respect is that it requires co-operation of e-mail providers. If there is no significant user base, the providers don't want to cater for that very small minority that asks them to implement the extra DNS functionality. And without the functionality being offered by the e-mail providers, there is no chance to build a significant user base. If there was no dependency on third parties implementing stuff for their customers, this catch-22 would not be there. It needs to be such that an individual can say "I will install this" and then communicate with people who did the same thing. If this individual then comes to the conclusion "My provider does not support this", he would need to be very motivated indeed to do something about it. So currently there is no way to only have a few people do this, and let that group grow slowly. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From rjh at sixdemonbag.org Tue Oct 25 17:09:43 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 25 Oct 2011 11:09:43 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA6CE3D.7000808@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> Message-ID: <4EA6D137.1070003@sixdemonbag.org> On 10/25/11 10:57 AM, Peter Lebbing wrote: > The problem with the current proposal in that respect is that it > requires co-operation of e-mail providers. I disagree. The problem with the current proposal is it offers email providers no payoff for their work. If it could credibly be said, "implement STEED and you'll get 25% less spam across your network," email providers would be lining up around the block to participate. As I mentioned before, most people do not understand privacy, do not see the benefit from privacy, and even if they understood it would not see a benefit from it. That's the dealbreaker. Hundreds of good ideas have foundered on those shoals: I suspect STEED will turn out to be another. But I hope I'm wrong. From gnupg.user at seibercom.net Tue Oct 25 17:22:35 2011 From: gnupg.user at seibercom.net (Jerry) Date: Tue, 25 Oct 2011 11:22:35 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111025030232.9DB8A33C98@absinthe.tinho.net> References: <4EA59F96.5050101@sixdemonbag.org> <20111025030232.9DB8A33C98@absinthe.tinho.net> Message-ID: <20111025112235.47eabdef@scorpio> On Mon, 24 Oct 2011 23:02:32 -0400 dan at geer.org articulated: > To be more pointed, how many folks on this list carry a cell phone? I carry one virtually all the time. It is sort of in my job description. I have to be available 24/7. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From wk at gnupg.org Tue Oct 25 20:27:06 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 25 Oct 2011 20:27:06 +0200 Subject: Question regarding unknown certificates In-Reply-To: <20111025084852.27c43286@scorpio> (Jerry's message of "Tue, 25 Oct 2011 08:48:52 -0400") References: <20111025084852.27c43286@scorpio> Message-ID: <87d3dlsza6.fsf@vigenere.g10code.de> On Tue, 25 Oct 2011 14:48, gnupg.user at seibercom.net said: > These appear to be listed in the "/usr/local/share/gnupg/com-certs.pem" These are defaults certificates automagically imported into a new keybox. > Since most of these certificates appear to be expired anyway, can I > just delete that file? I am not sure why they are being listed anyway. Yes. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Tue Oct 25 20:40:42 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 25 Oct 2011 20:40:42 +0200 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA6D137.1070003@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> Message-ID: <4EA702AA.8010203@digitalbrains.com> On 25/10/11 17:09, Robert J. Hansen wrote: > I disagree. The problem with the current proposal is it offers email > providers no payoff for their work. If it could credibly be said, > "implement STEED and you'll get 25% less spam across your network," > email providers would be lining up around the block to participate. Yes, and if it could credibly be said "implement STEED and you'll get 10% more clients", you'd need crowd control. Unfortunately, both "ifs" are not met. When you try to create the perfect standard that solves all e-mail problems, it quickly becomes a terrible mess. You need focus and compartmentalisation, draw some boundaries. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From mwood at IUPUI.Edu Tue Oct 25 22:11:40 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 25 Oct 2011 16:11:40 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA702AA.8010203@digitalbrains.com> References: <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> <4EA702AA.8010203@digitalbrains.com> Message-ID: <20111025201140.GA23055@IUPUI.Edu> So, to summarize what I think I've been hearing: the problem which remains to be solved (if it is a problem) is a nontechnical one, and no amount of technical wizardry will solve it. The most that can be done now is to be ready to help someone who fears for his privacy and asks, "what can I do?" Maybe someday there will be a panic and everybody will be asking. It's good to have an answer. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From rjh at sixdemonbag.org Tue Oct 25 23:17:23 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 25 Oct 2011 17:17:23 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111025201140.GA23055@IUPUI.Edu> References: <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> <4EA702AA.8010203@digitalbrains.com> <20111025201140.GA23055@IUPUI.Edu> Message-ID: <4EA72763.6080600@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/25/11 4:11 PM, Mark H. Wood wrote: > So, to summarize what I think I've been hearing: the problem which > remains to be solved (if it is a problem) is a nontechnical one, > and no amount of technical wizardry will solve it. This is what I think. But (a) technical wizardry will be very useful for when/if we finally figure out how to solve the social problem (b) I might be wrong about no amount of technical wizardry being able to solve the social problem That's where I stand. This is why regarding STEED, I'm pessimistic but hopeful. I doubt it will achieve the hoped-for ends: but I hope that I'm wrong. :) From rjh at sixdemonbag.org Tue Oct 25 23:19:23 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 25 Oct 2011 17:19:23 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA72763.6080600@sixdemonbag.org> References: <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> <4EA702AA.8010203@digitalbrains.com> <20111025201140.GA23055@IUPUI.Edu> <4EA72763.6080600@sixdemonbag.org> Message-ID: <4EA727DB.6050202@sixdemonbag.org> On 10/25/11 5:17 PM, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 [rest of message, which *lacked* a signature, elided] Wow, that's a wacky error. Time to file a bug report in Enigmail! From gnupg at lists.grepular.com Tue Oct 25 23:48:44 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Tue, 25 Oct 2011 22:48:44 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <20111025201140.GA23055@IUPUI.Edu> References: <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> <4EA702AA.8010203@digitalbrains.com> <20111025201140.GA23055@IUPUI.Edu> Message-ID: <4EA72EBC.4020801@lists.grepular.com> On 25/10/11 21:11, Mark H. Wood wrote: > So, to summarize what I think I've been hearing: the problem which > remains to be solved (if it is a problem) is a nontechnical one, and > no amount of technical wizardry will solve it. The most that can be > done now is to be ready to help someone who fears for his privacy and > asks, "what can I do?" > > Maybe someday there will be a panic and everybody will be asking. > It's good to have an answer. I think there are two major technical problems which would make things a lot easier if they were solved. 1.) A system of mapping email addresses to public keys 2.) A system of distributing private keys between all of a users email clients automatically. These can be tackled independently. For #2 I'd like to see an IMAP extension where the client can upload and download password protected private keys. The security of the keys would rely on a strong passphrase (different from the IMAP passphrase obviously) but it would solve the problem of copying the keys between clients/backing them up. It would also mean that the clients can handle the key generation/management without the user even knowing it is happening. For #1 I'd like to see two options. First of all, the DNS solution described in the STEED proposal. Secondly, as a backup, if the DNS record doesn't exist, and somebody emails me with a header containing a link (*) to their key and its fingerprint, or even just the key it's self, I'd like to automatically use that. Initially major email providers like GMail/Hotmail wouldn't implement the DNS solution, but that wouldn't stop people using GMail/Hotmail with supporting IMAP clients from automatically looking up keys and encrypting. I can imagine these two solutions being implemented natively in Dovecot, Courier IMAP, Evolution and Thunderbird if the right people can be convinced. Maybe a few other widely used open source IMAP servers and MUAs. At that point, getting noticed by Microsoft/Google/Yahoo should be easier. Web browsers would need to be upgraded to make functions available for webmail providers. I'd imagine this coming later once average users are using encrypted email without even realising. Each new implementation would simply lead to more and more encrypted email. We don't need an all or nothing approach. We might even end up with MSAs that accept mail from clients without encryption support, then look up the recipients public key, and encrypt it before passing it on. (*) there's a nasty privacy issue when you're able to trigger a receiving email client to do arbitrary http lookups. It means the sender is able to determine when the recipient downloaded the email, and what IP address they were using at the time. Perhaps MTAs could look up the public key on delivery and add it to the email headers. If somebody pulls this off, the spam fighting industry is going to have a lot of fun. It becomes a lot more difficult to identify spammy content if you can't read it. I guess all of that filtering tech (bayes/uribl lookups etc) would end up having to be pushed to the client. Those are problems to be solved by other people though. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From expires2011 at ymail.com Wed Oct 26 00:46:27 2011 From: expires2011 at ymail.com (MFPA) Date: Tue, 25 Oct 2011 23:46:27 +0100 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA680E1.6070406@digitalbrains.com> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> Message-ID: <308340169.20111025234627@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 25 October 2011 at 10:26:57 AM, in , Peter Lebbing wrote: > On 24/10/11 19:25, Robert J. Hansen wrote: >> With respect to your question: what we offer is privacy, but most people >> do not understand privacy, do not care about privacy, and would not care >> about privacy even if they understood it. > So if we can't motivate users by showing the bad stuff > that can happen if you have no privacy, then how to do > it? I don't see any other way. > Which for a pessimist might imply that it is simply > doomed, and we'll never have e-mail crypto by default. An oft-used analogy when promoting encrypted communication is to compare it to sending a letter in an envelope rather than sending a postcard. If people don't care about privavy, why did envelopes rather than postcards develop as the default for sending messages through the post? - -- Best regards MFPA mailto:expires2011 at ymail.com During an eruption - move away from the volcano - not towards it -----BEGIN PGP SIGNATURE----- iQCVAwUBTqc8UaipC46tDG5pAQps0gQAuGIMmK7uuyV1kxZYhk9Q3cV+BwZYIzt/ fOBOGWkFIsbAOnv815fV/adh43UOxioG0VDMxDHost2Wp+aOjVdGdNCYVYcBVUV8 +s9Or2yMIxEvjhXEbkfrEiAmB+miNjDOgpFJqdq2s6KNcYbyUQ8M/UCOcUAUaej0 LN7dErynosk= =kSKU -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Oct 26 01:07:03 2011 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 25 Oct 2011 16:07:03 -0700 Subject: STEED - Usable end-to-end encryption In-Reply-To: <308340169.20111025234627@my_localhost> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <308340169.20111025234627@my_localhost> Message-ID: <4EA74117.80809@dougbarton.us> On 10/25/2011 15:46, MFPA wrote: > An oft-used analogy when promoting encrypted communication is to compare > it to sending a letter in an envelope rather than sending a postcard. If > people don't care about privavy, why did envelopes rather than postcards > develop as the default for sending messages through the post? Privacy is certainly one reason. Others are the greater capacity of envelopes, ability to send more than one piece of paper at a time, ability to carry things other than paper .... I could go on. My point being that it's just as important to observe the lenses through which we do our observations as it is to make the observations themselves. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Wed Oct 26 04:02:29 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 25 Oct 2011 22:02:29 -0400 Subject: STEED - Usable end-to-end encryption In-Reply-To: <308340169.20111025234627@my_localhost> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <308340169.20111025234627@my_localhost> Message-ID: <4EA76A35.8000200@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/25/11 6:46 PM, MFPA wrote: > If people don't care about privavy, why did envelopes rather than > postcards develop as the default for sending messages through the > post? This one should be obvious: because a postcard doesn't allow you to write much more than a Twitter post, and many times people need to send more than a handful of characters. In the mid-to-late '90s, prior to the adoption of email, I was routinely sending my girlfriend ten-page letters. The envelope was pretty handy for keeping all those pages together. We keep on trotting out the envelope analogy, but perhaps we should do some more thinking before we do that. It doesn't appear to me to be as advantageous to our position as we think. The envelope gives the letter author immediate benefits beyond just enhanced privacy. From pascal.nitsche at fansubcode.org Wed Oct 26 11:18:35 2011 From: pascal.nitsche at fansubcode.org (Pascal Nitsche) Date: Wed, 26 Oct 2011 11:18:35 +0200 Subject: Sign a multipart/alternative mail Message-ID: <4EA7D06B.60601@fansubcode.org> Hello folks, I'm trying to sign a mail of the mime type "multipart/alternative" using pgp in PHP. The generation of the signature and the correct boundaries works just fine, but I can't bring it to generate a valid signature. I think I'm missing something important here. First of all I encode the text and html portions of the mail as quoted-printable and replace every new line character with as to be found in the RFCs (which seem not to state anything about multipart). Now I generate the signature of the complete mime part and put it into its own mime part. So now the mail looks like this (text, html and signature were replaced by placeholders for readablility and not all of the mail headers are shown since only the Content-Type should matter here): |Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e" MIME-Version: 1.0 This is a message in Mime Format. If you see this, your mail reader does not support this format. --=_1b5364229a82b654fad7cf2aa969f02e Content-Type: multipart/alternative; boundary="=_53ba9ef8c471e6c8d72f215feaad8033" Content-Transfer-Encoding: 7bit &--=_53ba9ef8c471e6c8d72f215feaad8033 &Content-Type: text/plain; charset=UTF-8 &Content-Transfer-Encoding: quoted-printable & &PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE & &--=_53ba9ef8c471e6c8d72f215feaad8033 &Content-Type: text/html; charset=UTF-8 &Content-Transfer-Encoding: quoted-printable & &HTML CONTENT ENCODED IN QUOTED PRINTABLE & &--=_53ba9ef8c471e6c8d72f215feaad8033-- --=_1b5364229a82b654fad7cf2aa969f02e Content-Type: application/pgp-signature; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) PGP SIGNATURE HERE -----END PGP SIGNATURE----- --=_1b5364229a82b654fad7cf2aa969f02e-- | The lines starting with the &-sign were used to generate the signature. As stated I think I missed something or did not understand something correctly so please light it up for me ;) Thanks for your help in advance. || || || -------------- next part -------------- An HTML attachment was scrubbed... URL: From kloecker at kde.org Wed Oct 26 22:03:12 2011 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Wed, 26 Oct 2011 22:03:12 +0200 Subject: Sign a multipart/alternative mail In-Reply-To: <4EA7D06B.60601@fansubcode.org> References: <4EA7D06B.60601@fansubcode.org> Message-ID: <201110262203.19353@thufir.ingo-kloecker.de> On Wednesday 26 October 2011, Pascal Nitsche wrote: > Hello folks, > > I'm trying to sign a mail of the mime type "multipart/alternative" > using pgp in PHP. > The generation of the signature and the correct boundaries works just > fine, but I can't bring it to generate a valid signature. > > I think I'm missing something important here. > > First of all I encode the text and html portions of the mail as > quoted-printable and replace every new line character with > as to be found in the RFCs (which seem not to state anything about > multipart). > > Now I generate the signature of the complete mime part and put it > into its own mime part. > > So now the mail looks like this (text, html and signature were > replaced by placeholders for readablility and not all of the mail > headers are > > shown since only the Content-Type should matter here): > |Content-Type: multipart/signed; micalg=pgp-sha1; > |protocol="application/pgp-signature"; > |boundary="=_1b5364229a82b654fad7cf2aa969f02e" > > MIME-Version: 1.0 > > This is a message in Mime Format. If you see this, your mail > reader does not support this format. > > --=_1b5364229a82b654fad7cf2aa969f02e > Content-Type: multipart/alternative; > boundary="=_53ba9ef8c471e6c8d72f215feaad8033" > Content-Transfer-Encoding: 7bit > > > &--=_53ba9ef8c471e6c8d72f215feaad8033 [snip] > &--=_53ba9ef8c471e6c8d72f215feaad8033-- > > --=_1b5364229a82b654fad7cf2aa969f02e > Content-Type: application/pgp-signature; name="signature.asc" [snip] > > The lines starting with the &-sign were used to generate the > signature. > > As stated I think I missed something or did not understand something > correctly so please light it up for me ;) > > Thanks for your help in advance. If I read your example correctly then you are missing point (5) on page 4 of RFC 3156: (5) As described in [2], the digital signature MUST be calculated over both the data to be signed and its set of content headers. As far as I can see you calculated the signature only over the data but not over the content headers of the multipart/alternative part. A correct example (compare to the example message on page 4 f. of the RFC) would look as follows: ===== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e" MIME-Version: 1.0 This is a message in Mime Format. If you see this, your mail reader does not support this format. --=_1b5364229a82b654fad7cf2aa969f02e &Content-Type: multipart/alternative; & boundary="=_53ba9ef8c471e6c8d72f215feaad8033" &Content-Transfer-Encoding: 7bit & & &--=_53ba9ef8c471e6c8d72f215feaad8033 &Content-Type: text/plain; charset=UTF-8 &Content-Transfer-Encoding: quoted-printable & &PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE & &--=_53ba9ef8c471e6c8d72f215feaad8033 &Content-Type: text/html; charset=UTF-8 &Content-Transfer-Encoding: quoted-printable & &HTML CONTENT ENCODED IN QUOTED PRINTABLE & &--=_53ba9ef8c471e6c8d72f215feaad8033-- --=_1b5364229a82b654fad7cf2aa969f02e Content-Type: application/pgp-signature; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) PGP SIGNATURE HERE -----END PGP SIGNATURE----- --=_1b5364229a82b654fad7cf2aa969f02e-- ===== You also do not mention whether you remove trailing whitespace. If you quoted-printable encode trailing spaces as =20 then you do not need to remove it. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From lists at meumonus.com Wed Oct 26 21:06:41 2011 From: lists at meumonus.com (Devin Fisher) Date: Wed, 26 Oct 2011 19:06:41 +0000 Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA76A35.8000200@sixdemonbag.org> References: <87ty774hf2.fsf@vigenere.g10code.de> <4E9F2568.6080709@digitalbrains.com> <4E9F8461.5030706@ruhr-uni-bochum.de> <4E9F95EA.9090205@lina.inka.de> <87hb34xcds.fsf@vigenere.g10code.de> <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <308340169.20111025234627@my_localhost> <4EA76A35.8000200@sixdemonbag.org> Message-ID: <2110984185-1319656008-cardhu_decombobulator_blackberry.rim.net-1007082381-@b16.c27.bise6.blackberry> It should probably be likened to sending a letter in an security-obscured and tamper evident envelope. How often is that done? That being said, I've appreciated the discussion on this topic. Being a neophyte to mail encryption (I haven't even set up any of my own yet) gives a good perspective of the challenge. Providing the tools, putting the security envelopes next to the regular ones, is a crucial first step and no matter how much user or carrier adoption hand-wringing occurs nothing will change until the tools are accessible. Note the distinction between "accessible" and "available". -Devin -----Original Message----- From: "Robert J. Hansen" Sender: gnupg-users-bounces at gnupg.org Date: Tue, 25 Oct 2011 22:02:29 To: Subject: Re: STEED - Usable end-to-end encryption -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/25/11 6:46 PM, MFPA wrote: > If people don't care about privavy, why did envelopes rather than > postcards develop as the default for sending messages through the > post? This one should be obvious: because a postcard doesn't allow you to write much more than a Twitter post, and many times people need to send more than a handful of characters. In the mid-to-late '90s, prior to the adoption of email, I was routinely sending my girlfriend ten-page letters. The envelope was pretty handy for keeping all those pages together. We keep on trotting out the envelope analogy, but perhaps we should do some more thinking before we do that. It doesn't appear to me to be as advantageous to our position as we think. The envelope gives the letter author immediate benefits beyond just enhanced privacy. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From hidekis at gmail.com Fri Oct 28 02:27:55 2011 From: hidekis at gmail.com (Hideki Saito) Date: Thu, 27 Oct 2011 17:27:55 -0700 Subject: Japanese localization issue for designated revoker message Message-ID: Hello, I have a Japanese localization issue to report. Currently, Japanese localization for designated revoker says the following ?????DSA?xxxxxxxx ????????????? Which reads This key has been revoked by DSA key xxxxxxxx While in English version it says: This key may be revoked by DSA key xxxxxxxx Therefore this line should read: ?????%s?%s??????????? I've fixed this error and bundle against master branch as follows: http://www.mediafire.com/file/fmf0mf6u7n6n66x/designator_ja_fix.bundle Thank you. Hideki Saito Google+:?http://goo.gl/dVU2q Facebook:?http://goo.gl/RV5C8?http://goo.gl/FDeAw From pjb at scm.tees.ac.uk Fri Oct 28 15:07:53 2011 From: pjb at scm.tees.ac.uk (Phil Brooke) Date: Fri, 28 Oct 2011 14:07:53 +0100 (BST) Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4E8ACDC7.7090009@st.com> References: <4E8ACDC7.7090009@st.com> Message-ID: <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> Hi, On Tue, 4 Oct 2011, David Smith wrote: > Does anyone have any experience of using an MS Exchange server, where it > corrupts PGP-MIME emails by re-encoding the encrypted data in base64? > [...] (I'm rather late to this thread, but anyway....) Nothing relating to encrypted data, but I've seen an MS Exchange system rewrite signed emails (both PGP/MIME and S/MIME) with the obvious effect of causing failed verifications. Cheers, Phil. From rjh at sixdemonbag.org Fri Oct 28 16:33:39 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 28 Oct 2011 10:33:39 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> Message-ID: <4EAABD43.9000909@sixdemonbag.org> On 10/28/11 9:07 AM, Phil Brooke wrote: > Nothing relating to encrypted data, but I've seen an MS Exchange system > rewrite signed emails (both PGP/MIME and S/MIME) with the obvious effect > of causing failed verifications. Likewise. Older versions of GNU Mailman have a similar bug with respect to PGP/MIME. I'd love to recommend PGP/MIME, I really would, but it seems there are just too many broken MTAs out there for me to be able to do that. The open-source MTAs are generally amenable to bugfix requests, but as long as MS Exchange is a dominant MTA I doubt they're going to be responsive to requests from a niche market. From gnupg.user at seibercom.net Fri Oct 28 16:36:55 2011 From: gnupg.user at seibercom.net (Jerry) Date: Fri, 28 Oct 2011 10:36:55 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> Message-ID: <20111028103655.3d9b3ca8@scorpio> On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated: > Hi, > > On Tue, 4 Oct 2011, David Smith wrote: > > Does anyone have any experience of using an MS Exchange server, > > where it corrupts PGP-MIME emails by re-encoding the encrypted data > > in base64? [...] > > (I'm rather late to this thread, but anyway....) > > Nothing relating to encrypted data, but I've seen an MS Exchange > system rewrite signed emails (both PGP/MIME and S/MIME) with the > obvious effect of causing failed verifications. Could you please supply proof of that statement. An example of the message before and after it was processed by the server would be advantageous. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Yes, we will be going to OSI, Mars and, Pluto, but not necessarily in that order. George Michaelson From alex at gpgtools.org Fri Oct 28 16:42:58 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Fri, 28 Oct 2011 16:42:58 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <20111028103655.3d9b3ca8@scorpio> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> Message-ID: You can find examples by searching for "exchange" at gpgtools.lighthouseapp.com. Some of our users reported it and afaik we (Lukas) found a workaround. BR, Alex -- sent from my mobile phone, please excuse my brevity On 28.10.2011, at 16:39, Jerry wrote: > On Fri, 28 Oct 2011 14:07:53 +0100 (BST) > Phil Brooke articulated: > >> Hi, >> >> On Tue, 4 Oct 2011, David Smith wrote: >>> Does anyone have any experience of using an MS Exchange server, >>> where it corrupts PGP-MIME emails by re-encoding the encrypted data >>> in base64? [...] >> >> (I'm rather late to this thread, but anyway....) >> >> Nothing relating to encrypted data, but I've seen an MS Exchange >> system rewrite signed emails (both PGP/MIME and S/MIME) with the >> obvious effect of causing failed verifications. > > > Could you please supply proof of that statement. An example of the > message before and after it was processed by the server would be > advantageous. > > -- > Jerry ? > GNUPG.user at seibercom.net > _____________________________________________________________________ > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the Reply-To header. > Yes, we will be going to OSI, Mars and, Pluto, but not necessarily in > that order. > > > George Michaelson > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Fri Oct 28 21:08:00 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 28 Oct 2011 21:08:00 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EAABD43.9000909@sixdemonbag.org> (Robert J. Hansen's message of "Fri, 28 Oct 2011 10:33:39 -0400") References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <4EAABD43.9000909@sixdemonbag.org> Message-ID: <87r51xq6i7.fsf@vigenere.g10code.de> On Fri, 28 Oct 2011 16:33, rjh at sixdemonbag.org said: > just too many broken MTAs out there for me to be able to do that. The > open-source MTAs are generally amenable to bugfix requests, but as long > as MS Exchange is a dominant MTA I doubt they're going to be responsive >From the tests and reports I have seen, the problem is not MS Exchange but Exchange extensions which mess around with the mails. I have also seen that with standard Unix MTAs. Python mail software for example has the problem of sometimes breaking signatures (not only Mailman). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mlisten at hammernoch.net Fri Oct 28 21:57:43 2011 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Fri, 28 Oct 2011 21:57:43 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <20111028103655.3d9b3ca8@scorpio> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> Message-ID: <4EAB0937.4060705@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Jerry wrote on 28.10.11 16:36: > On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated: >> Nothing relating to encrypted data, but I've seen an MS Exchange >> system rewrite signed emails (both PGP/MIME and S/MIME) with the >> obvious effect of causing failed verifications. > > Could you please supply proof of that statement. An example of the > message before and after it was processed by the server would be > advantageous. http://www.mozilla-enigmail.org/forum/viewtopic.php?f=4&t=425 This holds true in my daily life at my company. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJOqwk3AAoJEA52XAUJWdLjyG8IAJ007D5ln1K7ObfOgXSb1bPP nayfVrbW/rSyVE/RtLsD2tcTH7b1l7EKa43kNVtrcKQtr3DLKmIOkBzo/WSn5g+f v7xBNL73tA+ZBhOrHA7HPOW/yv1fuX+2SyLA+oyDZaYle62BQ7Vv0niFH/uvlwn8 s149u6bzIcLkYydaJJTolcY18tyGYbAh4Zg7SIT6MShTC3I/oSDNMyx0QRsRmv4+ oe3t1IKy8C7e32FycobMAWUfGoSvvJmSmsZIsXayqtKIxvNnDBF69DzObAw1pNg2 tT8Ic7r4Ixoy4yuORINji/u4pVGM59qUsw4rLYuIXTwT+LkWsnkSvcjZUFdGzmw= =rOUy -----END PGP SIGNATURE----- From gnupg.user at seibercom.net Fri Oct 28 23:15:09 2011 From: gnupg.user at seibercom.net (Jerry) Date: Fri, 28 Oct 2011 17:15:09 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EAB0937.4060705@hammernoch.net> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> Message-ID: <20111028171509.6cc88a70@scorpio> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 28 Oct 2011 21:57:43 +0200 Ludwig H?gelsch?fer articulated: > Jerry wrote on 28.10.11 16:36: > > On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated: > > >> Nothing relating to encrypted data, but I've seen an MS Exchange > >> system rewrite signed emails (both PGP/MIME and S/MIME) with the > >> obvious effect of causing failed verifications. > > > > Could you please supply proof of that statement. An example of the > > message before and after it was processed by the server would be > > advantageous. > > http://www.mozilla-enigmail.org/forum/viewtopic.php?f=4&t=425 > > This holds true in my daily life at my company. Does this hold true with the latest version of Exchange or is it limited to the <=2007 version? - -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJOqxt4AAoJEHnO4vtcDeotV6UH/ArgMH/MLhv/9OFOaJ2q3u7y IDpN58ZIaOj9+QKbUtFqLzYDba8XZDutkRxbg721KIUD8I1+ka8YGnfcrcX3EGnt appDKNr46bafWAooopjKNuWTfID2Cm4ZFiUA/cj4O7wfQ5Xjk2gT9z7WRK8GXnb2 jK9NMUgQ/xvqG2cLK8WRTsSzpevE+fa0NM9jygGo+acjrrvy6suWahLcrdiO8Vbd WEPHofl0T4w6VaK+47KX16fY9iZCc4Mpl0c0A8vQRUy5qaiFHXZn/6wBCarGPSAE bHVyHD7HAlpcIU/lPuTUBS8wOJEimGLFV1VnNIMK9FTmeCc7wCowa3641iKjkKg= =eZhN -----END PGP SIGNATURE----- From mlisten at hammernoch.net Sat Oct 29 12:06:22 2011 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Sat, 29 Oct 2011 12:06:22 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <20111028171509.6cc88a70@scorpio> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> Message-ID: <4EABD01E.3080300@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Jerry wrote on 28.10.11 23:15: > Does this hold true with the latest version of Exchange or is it > limited to the <=2007 version? Servers were updated some months ago, and it still happens. Don't know the exact version right now, I will look for it on monday, when I'm in the office again. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJOq9AeAAoJEA52XAUJWdLjYWoIALlrM68g9lwRFlvoz3WmyPUF lrWSeZHaxou/XFGhQvGkhynYuURT4U4grVP4bkCvA62FnH9/hGZGYteu8f9ywJfm tnOPQAf8Cap6Ohzh6ryyELx8VVBtljdDnGiFOfgCQvoIEiIP3sHbgDWy35DqaNRk ph2pzlGUfZ0bQaoFucECX7vGQWS8+o1cl51Vti4D3yPnrIN//zK5hTeaUZX3mxuu kAlouhUd0HzrkFycBBCU687z0eeLLutEZk1XXrrgZUb6w4mOS1pmMQyg8hQCudIi rc7JvM99nmui+wLaLpX5tSrCJwt14LtTKV8AIA8PQ6Giy7fa0kigJzAzTjiy19c= =ei5V -----END PGP SIGNATURE----- From gnupg.user at seibercom.net Sat Oct 29 13:31:24 2011 From: gnupg.user at seibercom.net (Jerry) Date: Sat, 29 Oct 2011 07:31:24 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EABD01E.3080300@hammernoch.net> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> Message-ID: <20111029073124.43ac4a5c@scorpio> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 29 Oct 2011 12:06:22 +0200 Ludwig H?gelsch?fer articulated: > Servers were updated some months ago, and it still happens. Don't know > the exact version right now, I will look for it on monday, when I'm in > the office again. Thank you. I sort of have a contact at Microsoft that might be able to lend me some assistance. However, I would need very specific information. 1) The exact version of the server and any other pertinent information 2) Exact copies of the messages being mishandled. You could probably just create simple test messages for that purpose. Let me know how you make out and I will try and get a hold of my contact. - -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. She has an alarm clock and a phone that don't ring - they applaud. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJOq+QeAAoJEHnO4vtcDeotE1gH/jgWvJbNRwO9PznZzMZeu8cB eXehOr0ftsdWXCsk5yTYHNMNZe/hmqNt6mn+N1C76/nZvDQyPma2H+aCtUjjxY6Q G3kGecnU/i5P5yZMK0OoeSJcGtR9stIN84cS5TCkj07MlFjaY8Y/ipVsh1fGPG8Y EB4/olgJ4+CtRdIyWyaiB1Za0WGQAUYY47TDuvRLA4dNR7TLeZ3ue+rwLJQiY3JN DUEzl+R4UDzwXuIWtnCCdpJ/bc8RTk5FaxAsMT9uMc9dVMiYhzJnUgBc3rBo0TrI Q1ZUTrZCu9wsMIeInTHLHakyWx4lc0Byv80EM2Q8BfaLeqXi3kw61l7YIwddv0A= =0nTU -----END PGP SIGNATURE----- From peter at digitalbrains.com Sat Oct 29 14:39:19 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 29 Oct 2011 14:39:19 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <20111029073124.43ac4a5c@scorpio> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> Message-ID: <4EABF3F7.7040803@digitalbrains.com> On 29/10/11 13:31, Jerry wrote: > Thank you. I sort of have a contact at Microsoft that might be able to > lend me some assistance. However, I would need very specific > information. Wouldn't the more generally applicable fix be to simply *not* mess with the layout of messages going through the server? Changing encoding is one thing, and I believe the MIME spec says stuff about this being accepted, but rewriting the whole structure and changing inline parts to attachment parts and stuff like that seems like a sure-fire way to screw up all sorts of different things, not just PGP/MIME and S/MIME. Be liberal in what you accept, but *be conservative in what you create*. Plus, it is not in the interest of the user to mangle their messages. If the recipient would like to see it formatted in a certain way, he needs a MUA to do that for him, it is explicitly not the task of the MTA. The SMTP spec has some stuff to say about this too. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Sat Oct 29 14:47:13 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 29 Oct 2011 14:47:13 +0200 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EABF3F7.7040803@digitalbrains.com> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> Message-ID: <4EABF5D1.9040502@digitalbrains.com> On 29/10/11 14:39, Peter Lebbing wrote: > On 29/10/11 13:31, Jerry wrote: >> Thank you. I sort of have a contact at Microsoft that might be able to >> lend me some assistance. However, I would need very specific >> information. > > Wouldn't the more generally applicable fix be to simply *not* mess with the > layout of messages going through the server? Oh, I'm sorry, I might have misinterpreted Jerry. Obviously if you go the right way about fixing the mangling you still need examples of the mangling to find out which extension of Exchange do the mangling. To feed to your debugger, so to speak. My interpretation of only fixing a very specific instance of mangling is not a proper interpretation of the request. So I guess I should rephrase my comment as a request: when this behaviour is fixed, please fix it for mangling in general and not just this specific PGP/MIME and S/MIME case :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From eric at ericabrahamsen.net Sun Oct 30 05:21:56 2011 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Sun, 30 Oct 2011 11:21:56 +0700 Subject: digitally signing contracts Message-ID: <87hb2rm7mj.fsf@ericabrahamsen.net> I own a small business that works with contractors all over the world, and I'm currently scratching my head over the issue of signing contracts. I know that gpg can/has been used to this purpose, but I wanted to ask the list's advice. There isn't a whole lot of information on the webs on the issue, this is the most thorough description I found: http://wiki.bitcoin-otc.com/wiki/GPG_Contract Is there a general sense that this is viable (at least as viable as scanning and emailing contracts that have been signed with a pen)? Does the process outlined in that webpage have any gotchas? To wit (apologies for hackneyed "Bob and Alice"): 1. Bob writes a contract; the names and fingerprints of both Bob's and Alice's PGP keys are included in the original body of the contract. 2. Bob clearsigns the contract, sends to Alice. 3. Alice verifies Bob's signature, then adds text *outside* of the part of the contract signed by Bob, to the effect that she agrees to this contract. She clearsigns the entire contract (including Bob's signature) and sends it back to Bob. 4. Bob verifies his own original signature, to prevent tampering. 5. Bob verifies Alice's signature. Are there any technical pitfalls here? The main one that I can think of is that this potentially reverses the incentive for verifying key ownership -- usually you're working to prove that you *do* own a key, whereas now you might have a reason to temporarily fake ownership of a key you don't own (allowing you to later legally repudiate a contract). I can't think of how that would actually play out, but it seems like the system as a whole was not designed in this direction? As for the legal validity of such a process, I can do my own research, but if anyone had anything to note, that would be appreciated! Thanks, Eric From chaujc at gmail.com Sun Oct 30 20:51:22 2011 From: chaujc at gmail.com (Jimmy C. Chau) Date: Sun, 30 Oct 2011 15:51:22 -0400 Subject: ignore-cache-for-signing has no effect on gpg-agent Message-ID: <4EADAABA.7080801@gmail.com> Despite setting ignore-cache-for-signing on gpg-agent, the key/passphrase appears to be cached when I use gpg to sign files. To reproduce: eval $(gpg-agent --daemon --ignore-cache-for-signing) touch a b gpg --sign a # it displays the following and asks for a password this time You need a passphrase to unlock the secret key for user: "Jimmy C. Chau " 4096-bit RSA key, ID 76B6863D, created 2011-07-12 gpg --sign b # it does not ask for a password this time, but still displays the following You need a passphrase to unlock the secret key for user: "Jimmy C. Chau " 4096-bit RSA key, ID 76B6863D, created 2011-07-12 I've searched for an explanation for this behavior but I couldn't find any (the closest I could find suggested setting default-cache-ttl and max-cache-ttl, but I don't know why I would need to set the cache-ttl if the cache should be bypassed). Here's "gpg-agent --version" in case it's version specific: gpg-agent (GnuPG) 2.0.17 libgcrypt 1.4.6 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. I'm new to gpg-agent so I'm not sure whether this is a bug or my mistake. I'll appreciate any help in figuring out what went wrong. (I've just subscribed to this mailing list, but didn't receive any sort of confirmation, so I'm not sure if I'm on the list yet; please CC me when replying.) Thanks! -Jimmy C. Chau -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Sun Oct 30 22:03:46 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 30 Oct 2011 17:03:46 -0400 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EABF5D1.9040502@digitalbrains.com> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> <4EABF5D1.9040502@digitalbrains.com> Message-ID: <4EADBBB2.3070809@fifthhorseman.net> On 10/29/2011 08:47 AM, Peter Lebbing wrote: > So I guess I should rephrase my comment as a request: when this behaviour is > fixed, please fix it for mangling in general and not just this specific PGP/MIME > and S/MIME case :). Assuming that standards-based arguments carry any weight at all, you'll have a stronger argument if you *do* limit your scope to the multipart/signed mime parts: https://tools.ietf.org/html/rfc1847#page-4 >> The entire contents of the multipart/signed container must be treated >> as opaque while it is in transit from an originator to a recipient. >> Intermediate message transfer agents must not alter the content of a >> multipart/signed in any way, including, but not limited to, changing >> the content transfer encoding of the body part or any of its >> encapsulated body parts. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Mon Oct 31 11:14:44 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 31 Oct 2011 11:14:44 +0100 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EADBBB2.3070809@fifthhorseman.net> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> <4EABF5D1.9040502@digitalbrains.com> <4EADBBB2.3070809@fifthhorseman.net> Message-ID: <4EAE7514.8010804@digitalbrains.com> On 30/10/11 22:03, Daniel Kahn Gillmor wrote: > Assuming that standards-based arguments carry any weight at all, you'll > have a stronger argument if you *do* limit your scope to the > multipart/signed mime parts: Would a lawyer perhaps say it as this? I would like to see no mangling at all. If there are legitimate uses for mangling, I would like to see no mangling of multipart/signed and multipart/encrypted. A lawyer would still need to define "mangling", but IANAL. But still, the part you quoted is only about /signed, and the OP reported problems with /encrypted. So it is perhaps not that strong an argument when you want to fix the OP's problem ;). And surely there must be a part of the MIME spec which says that the MTA changing inline to attachment is not a good default[1]. If it's not specified, I'd think that is because they thought it implied. Just like it is implied that it is not a good default if the MTA inserts obscenities and verbal abuse in a text/plain part. Peter. [1] At first I wrote "is not allowed". But in special circumstances, it might be okay, like when the user has explicitly configured his own MTA to do such a transformation. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From wk at gnupg.org Mon Oct 31 11:22:34 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 31 Oct 2011 11:22:34 +0100 Subject: ignore-cache-for-signing has no effect on gpg-agent In-Reply-To: <4EADAABA.7080801@gmail.com> (Jimmy C. Chau's message of "Sun, 30 Oct 2011 15:51:22 -0400") References: <4EADAABA.7080801@gmail.com> Message-ID: <87fwi9qx3p.fsf@vigenere.g10code.de> On Sun, 30 Oct 2011 20:51, chaujc at gmail.com said: > Despite setting ignore-cache-for-signing on gpg-agent, the > key/passphrase appears to be cached when I use gpg to sign files. Gpg does not use gpg-agent for private key operations; it only uses gpg-agent for passphrase caching. It would be possible to extend gpg to ignore a passphrase cache for signing keys but that is a very special request and thus won't be done for the stable versions ( i.e. < 2.1). GnuPG 2.1 (which is in beta) really uses gpg-agent and thus ignore-cache-for-signing is effective. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Oct 31 11:36:53 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 31 Oct 2011 11:36:53 +0100 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <4EABF5D1.9040502@digitalbrains.com> (Peter Lebbing's message of "Sat, 29 Oct 2011 14:47:13 +0200") References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> <4EABF5D1.9040502@digitalbrains.com> Message-ID: <87bosxqwfu.fsf@vigenere.g10code.de> On Sat, 29 Oct 2011 14:47, peter at digitalbrains.com said: > So I guess I should rephrase my comment as a request: when this behaviour is > fixed, please fix it for mangling in general and not just this specific PGP/MIME > and S/MIME case :). You need to know that Exchange is not an RFC822 application but an MAPI application (based on X.400). Exchange/Outlook uses MAPI for its data structures and to convey messages to recipients with an X.400 address (ie. other Exchange users in the the domain). Rfc822 addresses are merely properties of the MAPI message and used if the message needs to be send via SMTP; this is done by a transport provider which constructs a proper MIME message out of the MAPI message. Obviously there are some kludges in the system to allow sending of signed messages by taking great care not to modify the content. This is not documented but I did some experiments to see how it can be used to receive and send PGP/MIME. AFAIK, Microsoft tries to move away from MAPI - this will be a long process. It seems OL2010 supports new interfaces to allow applications to use these kludges - however I only briefly looked at it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From pjb at scm.tees.ac.uk Mon Oct 31 13:53:16 2011 From: pjb at scm.tees.ac.uk (Phil Brooke) Date: Mon, 31 Oct 2011 12:53:16 +0000 (GMT) Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <20111028103655.3d9b3ca8@scorpio> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> Message-ID: <1110311239360.11794.VHISSEPM%pjb@scm.tees.ac.uk> Hi, On Fri, 28 Oct 2011, Jerry wrote: > On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated: >> Nothing relating to encrypted data, but I've seen an MS Exchange >> system rewrite signed emails (both PGP/MIME and S/MIME) with the >> obvious effect of causing failed verifications. > > Could you please supply proof of that statement. An example of the > message before and after it was processed by the server would be > advantageous. I attach two messages: correct.email (fcc of an email) and broken.email (the version which went through our local Exchange server). (Not sure if attachments will get through. I'll try anyway.) I've removed nearly every header and snipped out some of the same content. The interesting bit is the diff of the body: 2,4c2,4 < Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=" < < This is an OpenPGP/MIME signed message (RFC2440, RFC3156). --- > Content-Type: multipart/signed; protocol="application/pgp-signature"; > micalg=pgp-sha1; > boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=" 7c7,8 < Content-Type: multipart/mixed; boundary="1771607802-1616753266-1320061802=:11794" --- > Content-Type: multipart/mixed; > boundary="1771607802-1616753266-1320061802=:11794" 10c11 < Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8 --- > Content-Type: text/plain; format=flowed; charset="UTF-8" 17c18 < Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt --- > Content-Type: text/plain; charset="UTF-8"; name="test1.txt" 20,21c21,22 < Content-Description: A plain text file. < Content-Disposition: attachment; filename=test1.txt --- > Content-Description: test1.txt > Content-Disposition: attachment; filename="test1.txt" 26c27 < Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf" --- > Content-Type: application/pdf; name="test1 as a PDF.pdf" 29c30 < Content-Description: The file as PDF. --- > Content-Description: test1 as a PDF.pdf All the changes, except the first (to the first Content-Type and prologue) are within the signed part of the message. So we've got - added quoting, - change of case in the Content-Type, - modification of Content-Description, and - changed folding. I'm not sure which Exchange server version(s) we're running here. In case these received headers are useful: Received: from zzzzzz.zzzz.zz.zz (zzz.zzz.zzz.zz) by zzzzzz.zzzzzzz.zzzz.zz.zz (zzz.zzz.zz.zz) with Microsoft SMTP Server (TLS) id 8.2.255.0; Mon, 31 Oct 2011 11:50:40 +0000 Received: from zzzzzz.zzz.zzzz.zz.zz (zzz.zzz.zz.zz) by zzzzzz.zzzz.zz.zz (zzz.zzz.zzz.zz) with Microsoft SMTP Server (TLS) id 14.1.339.1; Mon, 31 Oct 2011 11:51:04 +0000 Cheers, Phil. -------------- next part -------------- MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=" --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_= Content-Type: multipart/mixed; boundary="1771607802-1616753266-1320061802=:11794" --1771607802-1616753266-1320061802=:11794 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Transfer-Encoding: QUOTED-PRINTABLE We write an email=E2=80=A6 It has two attachments. --1771607802-1616753266-1320061802=:11794 Content-Type: text/plain; charset="UTF-8"; name="test1.txt" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: test1.txt Content-Disposition: attachment; filename="test1.txt" QSB0ZXN0IGZpbGUuDQo= --1771607802-1616753266-1320061802=:11794 Content-Type: application/pdf; name="test1 as a PDF.pdf" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: test1 as a PDF.pdf Content-Disposition: attachment; filename="test1 as a PDF.pdf" JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy [snip] RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0 YXJ0eHJlZgo0NjcxCiUlRU9GCg== --1771607802-1616753266-1320061802=:11794-- --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_= Content-Type: application/pgp-signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF pAYAnAwzrfPeLOycJScl+hvigL86VhLR =cFUB -----END PGP SIGNATURE----- --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=-- -------------- next part -------------- MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=" This is an OpenPGP/MIME signed message (RFC2440, RFC3156). --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_= Content-Type: multipart/mixed; boundary="1771607802-1616753266-1320061802=:11794" --1771607802-1616753266-1320061802=:11794 Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE We write an email=E2=80=A6 It has two attachments. --1771607802-1616753266-1320061802=:11794 Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: A plain text file. Content-Disposition: attachment; filename=test1.txt QSB0ZXN0IGZpbGUuDQo= --1771607802-1616753266-1320061802=:11794 Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: The file as PDF. Content-Disposition: attachment; filename="test1 as a PDF.pdf" JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy [snip] RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0 YXJ0eHJlZgo0NjcxCiUlRU9GCg== --1771607802-1616753266-1320061802=:11794-- --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_= Content-Type: application/pgp-signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF pAYAnAwzrfPeLOycJScl+hvigL86VhLR =cFUB -----END PGP SIGNATURE----- --=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=-- From pjb at scm.tees.ac.uk Mon Oct 31 14:34:38 2011 From: pjb at scm.tees.ac.uk (Phil Brooke) Date: Mon, 31 Oct 2011 13:34:38 +0000 (GMT) Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <87bosxqwfu.fsf@vigenere.g10code.de> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> <4EABF5D1.9040502@digitalbrains.com> <87bosxqwfu.fsf@vigenere.g10code.de> Message-ID: <1110311334300.23858.PFBNFYAZ%pjb@scm.tees.ac.uk> Hi, On Mon, 31 Oct 2011, Werner Koch wrote: > Obviously there are some kludges in the system to allow sending of > signed messages by taking great care not to modify the content. A remark on these kludges: an S/MIME email from a colleague elsewhere using Outlook and their Exchange server was still mangled by our Exchange server. Sending to their Exchange server (avoiding our Exchange server) didn't exhibit the same characteristics. I would have hoped that staying entirely within one vendor's tools really should work. The trigger in both this case (and the example emails I sent earlier) appears to be attachments. Overall, it makes signed emails just so unreliable. But I guess we already knew that. Cheers, Phil. From peter at digitalbrains.com Mon Oct 31 14:36:31 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 31 Oct 2011 14:36:31 +0100 Subject: MS Exchange server corrupting PGP-MIME emails In-Reply-To: <87bosxqwfu.fsf@vigenere.g10code.de> References: <4E8ACDC7.7090009@st.com> <1110271716220.50992.UTTXOECP%pjb@scm.tees.ac.uk> <20111028103655.3d9b3ca8@scorpio> <4EAB0937.4060705@hammernoch.net> <20111028171509.6cc88a70@scorpio> <4EABD01E.3080300@hammernoch.net> <20111029073124.43ac4a5c@scorpio> <4EABF3F7.7040803@digitalbrains.com> <4EABF5D1.9040502@digitalbrains.com> <87bosxqwfu.fsf@vigenere.g10code.de> Message-ID: <4EAEA45F.5020909@digitalbrains.com> On 31/10/11 11:36, Werner Koch wrote: > Rfc822 addresses are merely properties of the MAPI message and used if the > message needs to be send via SMTP; this is done by a transport provider which > constructs a proper MIME message out of the MAPI message. Now it all makes sense. Thanks for this insight. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From mwood at IUPUI.Edu Mon Oct 31 16:23:22 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 31 Oct 2011 11:23:22 -0400 Subject: digitally signing contracts In-Reply-To: <87hb2rm7mj.fsf@ericabrahamsen.net> References: <87hb2rm7mj.fsf@ericabrahamsen.net> Message-ID: <20111031152322.GB16968@IUPUI.Edu> I have no experience in this matter, but it's an interesting problem, so here are my thoughts, whatever they are worth: When contracting on paper, the signature is a personal characteristic of the signer, so samples can be compared by an expert witness. Unless there's some sort of biometric component to the creation of the certificates, personal characteristics don't enter into crypto signatures, so you need some other way to make it personal, such as a face-to-face meeting at which certificates or at least key fingerprints are exchanged by parties who can sense each other directly, match photo IDs to faces, and the like. You could consider it a keysigning party for two and use published recommendations to guide you in setting up the process. Once personal control is established, I suppose that no more meetings are required. So this would seem to work well for people who are able to meet once, and even better for parties who then make contracts again and again from time to time. If trusted third parties are willing to attest to signatures then the other parties only need to meet with the third parties, separately. I recall seeing notices by some notaries public that they also certify PGP keys. Another form of assurance might be the publication of key fingerprints on the key owner's website. (How much would you bet that your website wasn't cached by Google or sampled by the Wayback Machine before you changed the fingerprint? A number of companies have found, to their embarassment, that trying to "disappear" inconvenient pages is not reliable.) Still another form of assurance would be the publication of keys in the keyserver network, since it's impossible to remove keys unless you control all of the servers. And again, someone may have a copy of that certificate which is simply not remotely accessible but which could conceivably turn up in court. As with signatures on paper, you need to evaluate your risk and decide whether it's acceptable. Your insurance agent may be able to help. If you read some of the laws governing admissibility of digital signatures, you may find that your requirements are already laid out for you, to some level of abstraction. It's a possible starting point, at any rate. And your lawyer might be a good source of pointers to procedural and technical recommendations, since that would make his job easier. I'll note that there are a number of companies in the business of issuing durable digital identity tokens: X.509 certificates. You might want to insist on EV certificates, since EV has a documented meaning and some CAs are not very energetic in identifying non-EV customers. In any case you probably ought to read the CA's Certification Practice Statement and decide whether their procedures are acceptable to you. There may be sound ways to use X.509 material to initialize OpenPGP exchanges if that's important to you, or you could use PEM instead of PGP. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From melvincarvalho at gmail.com Mon Oct 31 16:40:33 2011 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Mon, 31 Oct 2011 16:40:33 +0100 Subject: digitally signing contracts In-Reply-To: <87hb2rm7mj.fsf@ericabrahamsen.net> References: <87hb2rm7mj.fsf@ericabrahamsen.net> Message-ID: On 30 October 2011 05:21, Eric Abrahamsen wrote: > I own a small business that works with contractors all over the world, > and I'm currently scratching my head over the issue of signing > contracts. I know that gpg can/has been used to this purpose, but I > wanted to ask the list's advice. There isn't a whole lot of information > on the webs on the issue, this is the most thorough description I found: > > http://wiki.bitcoin-otc.com/wiki/GPG_Contract > > Is there a general sense that this is viable (at least as viable as > scanning and emailing contracts that have been signed with a pen)? Does > the process outlined in that webpage have any gotchas? To wit (apologies > for hackneyed "Bob and Alice"): > > 1. Bob writes a contract; the names and fingerprints of both Bob's and > ? Alice's PGP keys are included in the original body of the contract. > 2. Bob clearsigns the contract, sends to Alice. > 3. Alice verifies Bob's signature, then adds text *outside* of the part > ? of the contract signed by Bob, to the effect that she agrees to this > ? contract. She clearsigns the entire contract (including Bob's > ? signature) and sends it back to Bob. > 4. Bob verifies his own original signature, to prevent tampering. > 5. Bob verifies Alice's signature. > > Are there any technical pitfalls here? The main one that I can think of > is that this potentially reverses the incentive for verifying key > ownership -- usually you're working to prove that you *do* own a key, > whereas now you might have a reason to temporarily fake ownership of a > key you don't own (allowing you to later legally repudiate a contract). > I can't think of how that would actually play out, but it seems like > the system as a whole was not designed in this direction? > > As for the legal validity of such a process, I can do my own research, > but if anyone had anything to note, that would be appreciated! Any help? http://www.w3.org/TR/xmldsig-core/ > > Thanks, > Eric > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From mailinglisten at hauke-laging.de Mon Oct 31 18:11:30 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 31 Oct 2011 18:11:30 +0100 Subject: digitally signing contracts In-Reply-To: <87hb2rm7mj.fsf@ericabrahamsen.net> References: <87hb2rm7mj.fsf@ericabrahamsen.net> Message-ID: <201110311811.30934.mailinglisten@hauke-laging.de> Am Sonntag, 30. Oktober 2011, 05:21:56 schrieb Eric Abrahamsen: > Is there a general sense that this is viable (at least as viable as > scanning and emailing contracts that have been signed with a pen)? I think there are two points: 1) What exactly does a digital signature mean? 2) Can you prove that the signing key belongs to the person you have to sue in case of doubt? to 1): it is not obvious that a signature for a document means that the signer feels bound be that document. The signature can mean "I sign all documents so that the recipient can be sure it is from me (and unmodified)." This would not be the same like a signature by hand below a treaty (just like a signature on the back of a treaty paper probably would not be accepted by courts). German signature law requires "to add the name to a document and sign it then by a (legally) valid key". I am not sure what that means. I think of a signature over two "files", the document and a file containing the name. But that has its risks, too. I guess that a signature over two files is just a signature over the combined files. So you would have to check that the document you sign (as usual) does not "happen" to contain your name at the end. Probably certain document formats (or rather applications) do not care about some data behind the recognized part and do not show that data. This just inspires me: The meaning should be obvious by the signature itself. That is a good example for standardized signature notations. As long as the law does not, you have to make clear what signature is required for formally accepting a treaty (represented by a document). You could require a signature: i_accept_this_treaty at mydomain.tld=yes. Or you require a signature by a certain key which is used for accepting treaties only (and thus cannot accidentally create signatures). To be safe you need a treaty which makes clear the usage of digital signatures. I just catch myself: I have made such treaties before but not covered the problem I just described. :-) to 2): It is a difference whether a) you can be sure that a key belongs to a person (which is easily done by checking the fingerprint) b) you can prove in court that the key belongs to the person. You either need a third party which is trusted by the courts (not your court but the one where you have to sue the other one...) or a treaty with a hand signature. This is easy: "I admit to be bound by signatures by the key identified by this fingerprint until further notice (key revocation): ..." Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From chaujc at gmail.com Mon Oct 31 17:17:27 2011 From: chaujc at gmail.com (Jimmy C. Chau) Date: Mon, 31 Oct 2011 12:17:27 -0400 Subject: ignore-cache-for-signing has no effect on gpg-agent In-Reply-To: <87fwi9qx3p.fsf@vigenere.g10code.de> References: <4EADAABA.7080801@gmail.com> <87fwi9qx3p.fsf@vigenere.g10code.de> Message-ID: Thanks for the explanation, Werner. -Jimmy On Mon, Oct 31, 2011 at 6:22 AM, Werner Koch wrote: > On Sun, 30 Oct 2011 20:51, chaujc at gmail.com said: > > Despite setting ignore-cache-for-signing on gpg-agent, the > > key/passphrase appears to be cached when I use gpg to sign files. > > Gpg does not use gpg-agent for private key operations; it only uses > gpg-agent for passphrase caching. It would be possible to extend gpg to > ignore a passphrase cache for signing keys but that is a very special > request and thus won't be done for the stable versions ( i.e. < 2.1). > GnuPG 2.1 (which is in beta) really uses gpg-agent and thus > ignore-cache-for-signing is effective. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Oct 31 18:47:58 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 31 Oct 2011 18:47:58 +0100 Subject: digitally signing contracts In-Reply-To: (Melvin Carvalho's message of "Mon, 31 Oct 2011 16:40:33 +0100") References: <87hb2rm7mj.fsf@ericabrahamsen.net> Message-ID: <87k47loxwx.fsf@vigenere.g10code.de> On Mon, 31 Oct 2011 16:40, melvincarvalho at gmail.com said: > http://www.w3.org/TR/xmldsig-core/ Let me quote Peter Gutmann's take on this: This writeup was motivated by the following exchange on a mailing list: >>I have some questions related to XML-Dsig: > >Argghh!! Run away! A near-universal reaction. So why is "Run away!" a near-universal reaction to XML-Dsig (and XML security in general)? Because it doesn't work, that's why. The problem with XML security can be traced back to two fundamental causes: 1. XML is an inherently unstable and therefore unsignable data format. XML-Dsig attempts to fix this via canonicalistion rules, but they don't really work. 2. The use of an "If it isn't XML, it's crap" design approach that lead to the rejection of conventional, proven designs in an attempt to prove that XML was more flexible than existing stuff. These problems are covered in more detail below, along with a simple solution to the problem that's already in use by some XML users. For the details, see . IIRC, Amazon recently ran into a problems due to their use of XML crypto. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From Vivarto at gmail.com Mon Oct 31 21:04:21 2011 From: Vivarto at gmail.com (vivarto) Date: Mon, 31 Oct 2011 13:04:21 -0700 (PDT) Subject: How can I know all the recipients of a GPG encrypted message Message-ID: <32754880.post@talk.nabble.com> Someone may encrypt the message to me and to 10 other recipients, I would like to know who they are. Is there a command line option for displaying all recipients to whom the message was encrypted. Thank you in advance for your help. Vivarto -- View this message in context: http://old.nabble.com/How-can-I-know-all-the-recipients-of-a-GPG-encrypted-message-tp32754880p32754880.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.aflakparast at ut.ac.ir Mon Oct 31 21:08:06 2011 From: m.aflakparast at ut.ac.ir (m.aflakparast at ut.ac.ir) Date: Mon, 31 Oct 2011 23:38:06 +0330 (IRST) Subject: GnuPG decryption problem Message-ID: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> I need to decrypt .gz.gpg files (e.g. 70195_C1_WTCCCT442627.CEL.gz.gpg). I have the encryption key(passphrase). I used Gnp4win and ran into this error: "bad session key" Then I downloaded gnupg-1.4.9 for windows from the following link: http://techgenie.com/latest/how-to-install-gnupg-1-4-9-on-windows-xp-vista-and-7/ I followed the instructions and installed. Now, when I use the full path to the gpg program (gpg.exe) in the command line, and enter the following command: gpg --decrypt "myfile.gpg" I am asked a passphrase, but the problem is that it is not possible to write any thing in fron of the statement" Enter Passphrase:", e.i. whatever you type, nothing appears on the screen! I will appreciate it if you CC me your solution. Best regards, Mehran Aflakparast Your prompt attention and kind reply will be highly appreciated. Best regards, Mehran Aflakparast