From olav at enigmail.net Fri Feb 1 00:49:59 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Fri, 01 Feb 2013 00:49:59 +0100 Subject: path defaults for gpg.conf In-Reply-To: <000001cdffd7$cdb20560$69161020$@net> References: <000001cdffd7$cdb20560$69161020$@net> Message-ID: <510B0327.9050205@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi John, some of your questions might be answered by reading README.W32 which you can find in the doc folder of GnuPG source tarballs: | GnuPG makes use of a per user home directory to store its keys as well as | configuration files. The default home directory is a directory named "gnupg" | below the application data directory of the user. This directory will be | created if it does not exist. Being only a default, it may be changed by | setting the name of the home directory into the Registry under the key | HKEY_CURRENT_USER\Software\GNU\GnuPG using the name "HomeDir". If an | environment variable "GNUPGHOME" exists, this even overrides the registry | setting. The command line option "--homedir" may be used to override all | other settings of the home directory. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRCwMkAAoJEKGX32tq4e9Wpr4L/Ah117jdgLKRwLVZUeCcs9lB XZzG50gXpnbAzRbjl+7wxKtZNy+jYHlUWylUZs46C6Mju8YdAE0XHFFSMQQkFDhN CM6a0vjYj0mfWHI5t4LRy1VQtT02vCjQEg7aHFC6AcLosTwRQbJMwjvqPWkhCmCQ XpchXV4F065/qSmVoM49NO0M2jyYU2jIUUJkRSyAaUZLdrARj88wjeudI7VfWoGA Jj/WAdlfhYlCY6LKfu1imUniGYDvayv9NvEp863K06RSvYmyjROj3hlO5w5v/mLC pYtfTwV+D5eqjY5mYgUFvST4Aj0jA7/yz0/hgj7dwGZ+YmP9JpQJBeNsKDe3I0mW EKxTZIEEjrzbq959K1fvLKQjdRNVS5a2ws+OnUkbZdZb6DP59xjoIH76fDkIkq9W Gt+AnoPWLAiKZxrZww0Cg2DwKaLfbwcJmLkv5Ot71Ecv1e33uri7SKBRQrTMu3/M eunKnfRLkqvCLWpLvT/gaqoF7k7MUdXgVKVd0MhUNA== =zQ6x -----END PGP SIGNATURE----- From jw72253 at verizon.net Fri Feb 1 06:39:57 2013 From: jw72253 at verizon.net (John) Date: Thu, 31 Jan 2013 23:39:57 -0600 Subject: path defaults for gpg.conf Message-ID: > Hi John, > > some of your questions might be answered by reading README.W32 which you > can > find in the doc folder of GnuPG source tarballs: > > | GnuPG makes use of a per user home directory to store its keys as well > as > | configuration files. The default home directory is a directory named > "gnupg" > | below the application data directory of the user. This directory will be > | created if it does not exist. Being only a default, it may be changed by > | setting the name of the home directory into the Registry under the key > | HKEY_CURRENT_USER\Software\GNU\GnuPG using the name "HomeDir". If an > | environment variable "GNUPGHOME" exists, this even overrides the > registry > | setting. The command line option "--homedir" may be used to override all > | other settings of the home directory. > > Olav Hello, Olav. Thanks for the information and for the pointer to the "readme.w32". It clarified my understanding. Based on these sources and what you said above, it would seem that there are four places where a "gpg.conf" file should be referenced and that there is an order in priority used by "gpg.exe" for referencing it. As I understand it, and please correct me if I am wrong, in order of increasing priority, the gpg user's homedir, where "gpg.conf" should be placed, would be as follows. First, if no option is stated for it, the program would look by default in "a directory named 'gnupg' below the application data directory of the user." In Windows 7, that is here: %APPDATA%\gnupg. Second, any arbitrarily chosen folder for the user home directory can be specified if its name is put in Windows Registry entry "under the key HKEY_CURRENT_USER\Software\GNU\GnuPG using the name 'HomeDir'." Third, one can use an environment variable named "GNUPGHOME" to specify an arbitrarily chose directory for it. Fourth, the on-the-fly option of "--homedir" at the actual time when the command is issued can used to identify the position of a gpg.conf in the user's home directory. Is that about right, then? I am not a programmer, but only a mere power-user (on a good day anyway!), so I will step outside my usual comfort zone for a moment to say that I am inclined to think that there is one more place where "gpg.conf" can be put and made use of effectively in a Windows directory, namely, the current directory of the executable "gpg.exe" at the time the command is issued. That is to say, if none of the previously noted methods point to the folder where "gpg.conf" were located, would it not be true that gpg.exe would finally look in its own current directory, which should suffice consequently for this purpose? John A. Wallace The pen is mightier than the sword, but only if you get in the first stroke. From olav at enigmail.net Fri Feb 1 07:43:40 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Fri, 01 Feb 2013 07:43:40 +0100 Subject: path defaults for gpg.conf In-Reply-To: References: Message-ID: <510B641C.9020609@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello, John. > Is that about right, then? Yes. > Would it not be true that gpg.exe would finally look in its own current > directory, which should suffice consequently for this purpose? That's an authors' decision. I'm fine with it. It gives you many means to control your environment - and for security products I prefer NOT to include the 'current dir' default. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRC2QRAAoJEKGX32tq4e9W4LoL/3Wc98duCWfubv6dKHB9NFWK ST97zRBmZuBE457S2YB/kPQ8CUH7aIOwgvkhRq9bw2bZKyyVwd15LRP7pnLpL4J1 bOq2CU8qYEFsT5e/GFuyA5Yp/Pt7Vvy/4ok9v5uXUJ2uzrPwZc7ZamcEku6nZDLc s+eUuu3Nlj93eYPnOnlmWKHKpSKQfQJnmMHHjTChLKjZxwflkd32no/qZ/RNbnm+ k4+W2j+g2P6v5pd0hmo51LPA7KuOAoXdVhJxg10jYUOV9p5zhLE7w9nDt0S2HG/y uyFQ6g/AZIPqqVj7ksbcTpFSoz72AiuiWAnMuB1Ga834fOLyaZZd9LSewdMqdc94 Dio7fVM5MUB/MtpvHq3IPG3LI2/cbTo5couer+CaVyBhB2eSKj8Ku322iC6P4foO X75Dso7STxrisezWu29hMw8pioqSOawx+yoROlD8DViMxFCU3s6cv5f1wtVQsAi/ BkFxx4wbOIJK2Qci+VeVEdP8X7FnfdWFl4RaBFVU/w== =nG/j -----END PGP SIGNATURE----- From dougb at dougbarton.us Fri Feb 1 08:10:28 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 31 Jan 2013 23:10:28 -0800 Subject: path defaults for gpg.conf In-Reply-To: <510B641C.9020609@enigmail.net> References: <510B641C.9020609@enigmail.net> Message-ID: <510B6A64.9040908@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/31/2013 10:43 PM, Olav Seyfarth wrote: | Hello, John. | |> Is that about right, then? | | Yes. | |> Would it not be true that gpg.exe would finally look in its own current |> directory, which should suffice consequently for this purpose? You can configure GNUPGHOME to be anything you wish. | That's an authors' decision. I'm fine with it. It gives you many means to | control your environment - and for security products I prefer NOT to include | the 'current dir' default. In what way does not including the directory where the exe is located increase security? Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRC2pkAAoJEFzGhvEaGryEyQAIAJHtSqt+MtKG4XVo8DZGrF1R zM8JDP1kB/k/vcL4dJtgAv3smCdn1eBtx37bfa1BZLJZhodpGYTG+zLsgNFUyYsk LBc0gYf3yg9VGk3BISU76XzRzNRCeV/x9VjFy7s/OqgvL0gEzhpRUqyQ7zWm8UAc 7Im0Sbk5eA93kR2xfuzh57oFyLP39eQ+0AnM+R5KCEyIv7NYiNOFduAL0MH44qWE UqTeOkntaWn6U+R9TYRnP/kkdqNypgCol4sBqknLYaph/csm2PQmyfu4swCihT93 DlsZRmB7MuuuElEyuUB4HZtelZY0H+UXnxGUarsHmKs2REXqz9HHM38LWsf/0go= =nqhd -----END PGP SIGNATURE----- From per.hopstadius at logica.com Fri Feb 1 09:25:12 2013 From: per.hopstadius at logica.com (perhop) Date: Fri, 1 Feb 2013 00:25:12 -0800 (PST) Subject: gpg: WARNING: message was not integrity protected - MDC In-Reply-To: References: <1359638990136-29533.post@n7.nabble.com> Message-ID: <1359707112423-29544.post@n7.nabble.com> Hi David Thanks for an excellent answer, that made it much clearer for me We will check if our key has the MDC flag and see if PGP 7.1 has support for MDC or not. If not, then we will to use the --no-mdc-warning Otherwise we have to enable the MDC flag on our key and replace the old one. Thanks -- View this message in context: http://gnupg.10057.n7.nabble.com/gpg-WARNING-message-was-not-integrity-protected-MDC-tp29533p29544.html Sent from the GnuPG - User mailing list archive at Nabble.com. From John at enigmail.net Fri Feb 1 14:32:44 2013 From: John at enigmail.net (John Clizbe) Date: Fri, 01 Feb 2013 07:32:44 -0600 Subject: 1.4.12 beta installer for Windows In-Reply-To: References: <87y5syd8ah.fsf@vigenere.g10code.de> Message-ID: <510BC3FC.70701@enigmail.net> Veet Vivarto wrote: > Hello Werner, > > My friend and I, are working on a easy to use front-end for GPG for Windows > and Mac. > On Windows we are using the 1.4.11 because it only requires two files (.exe, .dll) Just curious, which DLL? I just did a test with the 1.4.13 installer and didn't see any DLLs installed. > I have not been able to find a small Mac command line program that would > correspond to GnuPG 1.4. > I only found the huge package called GPGTools. > Thank you in advance for your help.1111 Looking in the usual places for ports to Mac OS X... Macports [https://www.macports.org/ ]: basket:~ jpclizbe$ port info gnupg gnupg @1.4.13 (mail, security) Variants: universal Description: GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. Homepage: http://www.gnupg.org Library Dependencies: libiconv, gettext, readline, zlib, bzip2, libusb-compat, openldap Platforms: darwin, freebsd, sunos License: GPL-3+ Maintainers: nomaintainer at macports.org Fink [http://www.finkproject.org/ ]: basket:~ jpclizbe$ fink info gnupg Information about 11677 packages read in 5 seconds. gnupg-1.4.13-1: Gnu privacy guard - A Free PGP replacement GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. GnuPG does not use use any patented algorithms so it cannot be compatible with PGP2 because it uses IDEA (which is patented worldwide) and RSA. RSA's patent expired on the 20th September 2000, and it is now included in GnuPG. . For IDEA support, see the "gnupg-idea" package. . Usage Notes: To create an initial key pair run 'gpg --gen-key' Consult the manual for a good intro: /sw/share/doc/gnupg/documentation/handbook/ . Web site: http://www.gnupg.org . Maintainer: Benjamin Reed basket:~ jpclizbe$ -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 863 bytes Desc: OpenPGP digital signature URL: From johanw at vulcan.xs4all.nl Fri Feb 1 15:23:45 2013 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 01 Feb 2013 15:23:45 +0100 Subject: 1.4.12 beta installer for Windows In-Reply-To: <510BC3FC.70701@enigmail.net> References: <87y5syd8ah.fsf@vigenere.g10code.de> <510BC3FC.70701@enigmail.net> Message-ID: <510BCFF1.7050606@vulcan.xs4all.nl> On 01-02-2013 14:32, John Clizbe wrote: > Just curious, which DLL? I just did a test with the 1.4.13 installer and > didn't see any DLLs installed. iconv.dll -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From jw72253 at verizon.net Fri Feb 1 17:08:58 2013 From: jw72253 at verizon.net (John) Date: Fri, 1 Feb 2013 10:08:58 -0600 Subject: path defaults for gpg.conf In-Reply-To: <510B641C.9020609__38264.0061238364$1359701121$gmane$org@enigmail.net> References: <510B641C.9020609__38264.0061238364$1359701121$gmane$org@enigmail.net> Message-ID: Hello, Olav. I sincerely appreciate your replies. Like the other poster asking about the current directory issue, I too am curious about why including it would result in a less secure situation. Perhaps an example of how so would be helpful in this regard, at least for me or someone else who is not a programmer to understand your point. As I recall from reading the instructions for the many programs I use, I have always read that a program's executable looks into its own directory as part of its routine in searching for files it needs; so your statement about using it ("the current directory would be a decision for the program's author") did come as a bit of a surprise because I was under the impression that this was normally unavoidable and just a result of how the code of an executable must function, at least in Windows OS. Apparently, that is not so? John "Olav Seyfarth" wrote in message news:510B641C.9020609__38264.0061238364$1359701121$gmane$org at enigmail.net... -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello, John. > Is that about right, then? Yes. > Would it not be true that gpg.exe would finally look in its own current > directory, which should suffice consequently for this purpose? That's an authors' decision. I'm fine with it. It gives you many means to control your environment - and for security products I prefer NOT to include the 'current dir' default. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRC2QRAAoJEKGX32tq4e9W4LoL/3Wc98duCWfubv6dKHB9NFWK ST97zRBmZuBE457S2YB/kPQ8CUH7aIOwgvkhRq9bw2bZKyyVwd15LRP7pnLpL4J1 bOq2CU8qYEFsT5e/GFuyA5Yp/Pt7Vvy/4ok9v5uXUJ2uzrPwZc7ZamcEku6nZDLc s+eUuu3Nlj93eYPnOnlmWKHKpSKQfQJnmMHHjTChLKjZxwflkd32no/qZ/RNbnm+ k4+W2j+g2P6v5pd0hmo51LPA7KuOAoXdVhJxg10jYUOV9p5zhLE7w9nDt0S2HG/y uyFQ6g/AZIPqqVj7ksbcTpFSoz72AiuiWAnMuB1Ga834fOLyaZZd9LSewdMqdc94 Dio7fVM5MUB/MtpvHq3IPG3LI2/cbTo5couer+CaVyBhB2eSKj8Ku322iC6P4foO X75Dso7STxrisezWu29hMw8pioqSOawx+yoROlD8DViMxFCU3s6cv5f1wtVQsAi/ BkFxx4wbOIJK2Qci+VeVEdP8X7FnfdWFl4RaBFVU/w== =nG/j -----END PGP SIGNATURE----- From wk at gnupg.org Fri Feb 1 17:38:25 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 01 Feb 2013 17:38:25 +0100 Subject: 1.4.12 beta installer for Windows In-Reply-To: <510BCFF1.7050606@vulcan.xs4all.nl> (Johan Wevers's message of "Fri, 01 Feb 2013 15:23:45 +0100") References: <87y5syd8ah.fsf@vigenere.g10code.de> <510BC3FC.70701@enigmail.net> <510BCFF1.7050606@vulcan.xs4all.nl> Message-ID: <87mwvoat1a.fsf@vigenere.g10code.de> On Fri, 1 Feb 2013 15:23, johanw at vulcan.xs4all.nl said: > iconv.dll gpg works without that DLL; it only makes sure that i18n works correctly. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From olav at enigmail.net Fri Feb 1 23:38:45 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Fri, 01 Feb 2013 23:38:45 +0100 Subject: path defaults for gpg.conf In-Reply-To: References: <510B641C.9020609__38264.0061238364$1359701121$gmane$org@enigmail.net> Message-ID: <510C43F5.4020504@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi John, > current directory issue, I am curious about why including it would result > in a less secure situation. I did not exactly say that it does. I said that I prefer it that way since it uses well-defined places that I may look after. Adding a fifth is not necessary for me. And it was an author's decision. Maybe one of them wants to comment on 'why' - or even take on the RFE and implement another check in the folder the executable was called from. > Perhaps an example of how so would be helpful in this regard, at least for > me or someone else who is not a programmer to understand your point. I was thinking of DLL preloading attacks (http://support.microsoft.com/kb/2389418) when I wrote this. But I agree that it doesn't match exactly. > As I recall from reading the instructions for the many programs I use, I > have always read that a program's executable looks into its own directory > as part of its routine in searching for files it needs Yes, I know. And in times where your Word files were saved next to WORD.COM and some .INI, this may have been a good thing. In multi user systems, it is not. User settings should not be looked for in the program directory but in folders meant to be used by the user (only). This does not tell that it may not be a good idea to be able to define system defaults. But looking in the /current/ (=any e.g. a system-writable thumb drive) program directory for system defaults first and preloading them and then overriding them by some user settings is not what *I* want since I will not define (and thus override) /all/ settings in my user config just to make sure that I really get what I want independent of what a malware may have dropped somewhere. E.g. im my gpg.conf there is no path to my keyring. You may say "we only use that config in /current/ dir if no other was found. But still even then I would not want it since I would want the keys in %appdata% to be used if I don't set it otherwise. We must dive into which process would be able to modify which env variables and which users may write to which places Originally I wrote some explanation, then rethought and changed it to what I wrote "for security products I prefer NOT to include the 'current dir' default." since I did /not/ want to open a discussion about security implications since I did noticed that the concerns I had would not hold or at least would need to employ rare special cases. > your statement did come as a bit of a surprise because I was under the > impression that this was just a result of how the code of an executable > must function, at least in Windows OS. Apparently, that is not so? I studied Computer Science but would no call myself a programmer. Usually you have some built-in defaults. If you want to honor any files that contain system or user settings, you must check all places that you want to look for such settings. This may include the folder the program binary resides in. But there is no automatism, it does not do it just because all programs always do. You have to program it to check. Or, as GnuPG does, check places which tell you where to look for settings files. I hope that clearified it a bit. Sorry for the noise. Olav P.S.: offline now - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRDEPuAAoJEKGX32tq4e9WnVIL/iMI/WqvJ/iO7In63fg+nMFp jagZ0G8rdA4eEtzdhJ6zYnlSxAV7umVL+DmDDMdLiGePdpHHtd04voeLmd6YMzz7 E/Tlkoje3ne0uuiwv50ZnQTO5lfeMmoaPbMkdsmsAOmjetmi5MetPCWsqu+3pj02 5c1m36XUVaATuZrWJ4NO2Thi5QrX6Dwbq7iIwLSDFaD7HfKiwOT8WG595HZvYPJn OcTD2JBjvufdJEI+/GB0AvAUznAMiQ5fsb2KdnoUpFBqTPvXSluy8Lg9FstrW0jR jJkP58qerFpQPJrmnoFg8rSuXGA/Cmr9RgGLeXQ0MB1tBFemwWCzBBsVddqY1egr jf9NHNehBm5z4aDbpDispyh6qdkQN29hBNYQujb33S1XHRxGxtGeBJK8OD0vGQJB OIUHdqYY0IqoZlKWyvNVL98J9Y/SdE/SsDF101+e8LC4PSwxihejh68tP5IQCl1R SHR9C+zO1bTeazf//gWmrC0rIniBvK18MsaZulfLVw== =ms+U -----END PGP SIGNATURE----- From gnupg-users at spodhuis.org Sat Feb 2 07:56:55 2013 From: gnupg-users at spodhuis.org (Phil Pennock) Date: Sat, 2 Feb 2013 01:56:55 -0500 Subject: 1.4.12 beta installer for Windows In-Reply-To: <510BC3FC.70701@enigmail.net> References: <87y5syd8ah.fsf@vigenere.g10code.de> <510BC3FC.70701@enigmail.net> Message-ID: <20130202065655.GA14050@redoubt.spodhuis.org> > Veet Vivarto wrote: > > My friend and I, are working on a easy to use front-end for GPG for Windows > > and Mac. Veet, Know your competition; "GPG Keychain Access" exists for MacOSX, can be found at http://gpgtools.org/keychain.html and is part of GPGTools, which also provides Mail.app integration, etc. It's distributed under the GPLv3. I'm not saying "don't do it", I'm just pointing out what already exists. Perhaps you can do better. My less-PGP-savvy colleagues swear by it, and I only don't use it much because I'm too used to the command-line. (I have it installed anyway, to support those colleagues.) On 2013-02-01 at 07:32 -0600, John Clizbe wrote: > Looking in the usual places for ports to Mac OS X... > Macports [https://www.macports.org/ ]: > Fink [http://www.finkproject.org/ ]: The hip cool kids, apparently, are using "brew" and I get sneered at for using MacPorts. That's what I get for going to San Francisco periodically. ;-) It uses Ruby, it uses GitHub, it must be cool, right? % brew search gnupg gnupg gnupg2 % brew info gnupg gnupg: stable 1.4.12 http://www.gnupg.org/ Not installed https://github.com/mxcl/homebrew/commits/master/Library/Formula/gnupg.rb ==> Options --idea Build with the patented IDEA cipher --8192 Build with support for private keys of up to 8192 bits % brew info gnupg2 gnupg2: stable 2.0.19 http://www.gnupg.org/ Depends on: libgpg-error, libgcrypt, libksba, libassuan, pinentry, pth, gpg-agent, dirmngr, libusb-compat Not installed https://github.com/mxcl/homebrew/commits/master/Library/Formula/gnupg2.rb "Not installed" because I didn't install with brew. Myself, I'm using MacPorts, and just behind that in $PATH is a version which came with the GPGTools installer. -Phil From klaus at vink-slott.dk Sat Feb 2 22:06:20 2013 From: klaus at vink-slott.dk (Klaus Slott) Date: Sat, 2 Feb 2013 22:06:20 +0100 Subject: passing information among several users In-Reply-To: <50FD9A67.7070305@verizon.net> References: <50FD9A67.7070305@verizon.net> Message-ID: <20130202220620.541254be@vario.vink-slott.dk> Hi On Mon, 21 Jan 2013 14:43:35 -0500 Jean-David Beyer wrote: > On 01/21/2013 11:56 AM, Rita wrote: > > Masteruser will be generating data and I would like userA and userC > > be able to decypt the data and others not to. However, in the > > future I would like to add userE to decrypt the data and remove > > userA (any old data she has is fine). I was wondering how I can > > achieve this using gpg > > > 1.) get gnupg software. http://gnupg.org/ > Install it, generate your keys and your revocation certificate (you > never know when you will need ont. > 2.) Upload your public key to a keyserver. > 3, Have A, and C do the same. > 3a.) If you want to anytime, have B and D do it too. > 4.) When you want to send data get the public keys for A and C. > 5.) Encrypt these data with the public the public keys of A and C. > > Am I missing something? I suspect that Rita was aiming at user E who at a later stage is added to the allowed readers. User E will still not be able to read earlier generated data. To my knowledge it is not possible to add another key to a already encrypted message. You would have to decode the original data and encode it again, this time using user E and user C public keys. -- Klaus From refreshing at tormail.org Mon Feb 4 08:26:28 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Mon, 4 Feb 2013 07:26:28 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? Message-ID: <1U2GRg-0005LY-SI@internal.tormail.org> Are there any external gpg signing devices to make gpg more resistant against remote control viruses? Smartcard or cryptostick will not help in my situation. When I write a mail on my linux machine I suppose it could get compromised one day. It obviously needs an an online connection, a web browser or mail client. A zero day or other tricky attack could still defeat it. I understand while the crypto device is not attached and no pin entered no one can forge my signature. But when I send a mail I wrote the the crypto device a virus could make my screen lie to me and sign and send a malicious message somewhere else. Against this case I want to defend. Some bank offer something similar to a smartcard or cryptostick. USB Shield ? best choice of Personal Internet Banking security or ICBC e-Password Device. http://www.icbc.com.cn/ICBC/E-banking/SecurityCorner/ The strong part about these devices is that you can check your transaction before authorizing it. Are there any devices or systems I could use to verify my mail on a trusted device with small attack surface before I sign it? From refreshing at tormail.org Mon Feb 4 08:26:48 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Mon, 4 Feb 2013 07:26:48 -0000 Subject: air gap private key? Message-ID: <1U2GS0-0005NY-3w@internal.tormail.org> I could air gap my private key. Put it on a machine with no network access. Then replying to mails becomes awful? This requires transferring incoming mail onto a usb device as text file and put it into the other machine. Write an answer, sign and put it back on usb an finally put it back on the machine with internet. More paranoids could say that the offline machine could get infected by the usb. To be more paranoid I could not put anything form the online machine to the offline machine. Answer without quoting and only store on usb. Never import to offline machine should be quite secure? From hka at qbs.com.pl Mon Feb 4 12:47:59 2013 From: hka at qbs.com.pl (Hubert Kario) Date: Mon, 04 Feb 2013 12:47:59 +0100 Subject: air gap private key? In-Reply-To: <1U2GS0-0005NY-3w@internal.tormail.org> References: <1U2GS0-0005NY-3w@internal.tormail.org> Message-ID: <2667830.oCdooR1OrB@k85hala03> On Monday 04 of February 2013 07:26:48 refreshing at tormail.org wrote: > I could air gap my private key. Put it on a machine with no network > access. Then replying to mails becomes awful? > > This requires transferring incoming mail onto a usb device as text file > and put it into the other machine. Write an answer, sign and put it back > on usb an > finally put it back on the machine with internet. > > More paranoids could say that the offline machine could get infected by > the usb. > > To be more paranoid I could not put anything form the online machine to > the offline machine. Answer without quoting and only store on usb. Never > import to offline machine should be quite secure? You need to airgap only your main key, the key used for signing can be stored on your Internet-connected machine. if it's compromised, you can just revoke it and issue another key for signing e-mails This way all the traffic from the offline machine can be one-way Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2237 bytes Desc: not available URL: From olav at enigmail.net Mon Feb 4 17:39:11 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Mon, 04 Feb 2013 17:39:11 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1U2GRg-0005LY-SI@internal.tormail.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> Message-ID: <510FE42F.4020608@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi anonymous writer, > Smartcard or cryptostick will not help in my situation. might a SmartCard with reader that has its own pinpad help? http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120 Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRD+QiAAoJEKGX32tq4e9WU+8L/0uG2oz4iPLziLZPVFz1+ZXJ QjInwtQsdfRWQdQcA6qcVqkv+QGEXhhKYKAqbiNQsXGsVNBnSFU368YlkLbRFzeI oz5tfqFbW/arV11p2OSsMSsvNIn+mCip4REcs1ItkKPRjJB3lpYt2/D+JDpVBD/R FLuUdN70b2sz9Aq0H8USL2AP7KtacBbwjITXb6x5xJwImEM2ZjM2e3UOkDJUbsim oON+TkbZgFgV0X0M4+YRunVkH5b6yWOnQ1fHdYwXpN/JVLdFF7awbn0kbDFHY1uC yBGi64GkiNWIOGeCGuNSqBVQ9dZ7Ja+PW1sL5rGpoQK8ukkpgebUDSnU2ILs8mop odPrX2B0PS0AFNN19WddNhdUtgmmge75f7NM/SnZiFojGETeGkBpMDJg93XUkTNH pbkah9Jt7NMlRdwynSQQWHz6pnCEPXjRjyMig8JUHdbzk0MQRjSyiGukpOzgGIIF zMglSlpdYd2JCx5DbMt2l7GNb5S2eYXNsd/S+/PTTw== =Eb5H -----END PGP SIGNATURE----- From refreshing at tormail.org Mon Feb 4 18:11:41 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Mon, 4 Feb 2013 17:11:41 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <510FE42F.4020608@enigmail.net> References: <1U2GRg-0005LY-SI@internal.tormail.org> <510FE42F.4020608@enigmail.net> Message-ID: <1U2Pa1-000MkS-IW@internal.tormail.org> > Hi anonymous writer, Hello! >> Smartcard or cryptostick will not help in my situation. > > might a SmartCard with reader that has its own pinpad help? > http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120 No. It does not give certainty what am I actually signing. The virus could replace the text send to the device. From refreshing at tormail.org Mon Feb 4 18:14:55 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Mon, 4 Feb 2013 17:14:55 -0000 Subject: air gap private key? In-Reply-To: <2667830.oCdooR1OrB@k85hala03> References: <1U2GS0-0005NY-3w@internal.tormail.org> <2667830.oCdooR1OrB@k85hala03> Message-ID: <1U2Pd9-000NMc-Ar@internal.tormail.org> > On Monday 04 of February 2013 07:26:48 refreshing at tormail.org wrote: >> I could air gap my private key. Put it on a machine with no network >> access. Then replying to mails becomes awful? >> >> This requires transferring incoming mail onto a usb device as text file >> and put it into the other machine. Write an answer, sign and put it back >> on usb an >> finally put it back on the machine with internet. >> >> More paranoids could say that the offline machine could get infected by >> the usb. >> >> To be more paranoid I could not put anything form the online machine to >> the offline machine. Answer without quoting and only store on usb. Never >> import to offline machine should be quite secure? > > You need to airgap only your main key, the key used for signing can be > stored > on your Internet-connected machine. > > if it's compromised, you can just revoke it and issue another key for > signing > e-mails > > This way all the traffic from the offline machine can be one-way Thanks. Will consider. I prefer to stop possibility to sign a single malicious mail. Is there any more secure way? From rjh at sixdemonbag.org Tue Feb 5 04:15:05 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 04 Feb 2013 22:15:05 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1U2GRg-0005LY-SI@internal.tormail.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> Message-ID: <51107939.1060106@sixdemonbag.org> On 02/04/2013 02:26 AM, refreshing at tormail.org wrote: > Are there any external gpg signing devices to make gpg more resistant > against remote control viruses? No. There are none, nor will there be. You absolutely must retain control of the processing hardware GnuPG runs upon. If you don't have that control, there is literally no device -- hardware or software -- that can help you. > But when I send a mail I wrote the the crypto device a virus could make my > screen lie to me and sign and send a malicious message somewhere else. > Against this case I want to defend. You can't. > Are there any devices or systems I could use to verify my mail on a > trusted device with small attack surface before I sign it? This doesn't make sense to me. You don't trust your PC running GnuPG, so you want to verify your mail on a PC running GnuPG, just one that happens to be 'trusted'? (Also, you seem to be using the word 'trusted' in a way opposite from its real meaning. A system is trusted if it has the ability to break your security policy. It doesn't mean the system is actually trustworthy. It's a statement that you're *forced* to trust it, not that you think it's *deserving* of trust. See, e.g.: http://www.cl.cam.ac.uk/~rja14/Papers/spw09.pdf ... bottom of page 2, if you want to see an academic reference to this definition of 'trusted'.) From kamalakannan.n at tcs.com Tue Feb 5 12:49:38 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Tue, 5 Feb 2013 17:19:38 +0530 Subject: GPG Decryption Issue Message-ID: Hi , We are working GPG Encryption and Decryption . While we decrypting we are facing an issue , 1) When we Decrypting the file through Command prompt its works fine 2) When we Decrypting the same file through Datastage application we are facing an issue gpg: encrypted with RSA key, ID E718XXXX gpg: decryption failed: No secret key Kindly help us to resolve this issue . Regards , Kamalakannan Nagarajan TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Tue Feb 5 15:52:26 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 05 Feb 2013 15:52:26 +0100 Subject: GPG Decryption Issue In-Reply-To: References: Message-ID: <1542010.VbIPHnadMh@inno> Am Di 05.02.2013, 17:19:38 schrieb Kamalakannan N: > 1) When we Decrypting the file through Command prompt its works fine > > 2) When we Decrypting the same file through Datastage application we are > facing an issue > > gpg: encrypted with RSA key, ID E718XXXX > gpg: decryption failed: No secret key Probably 1) either the application runs as a different user so that the secret key is not contained in the application's keyring 2) or there is a problem with gpg-agent (the key is protected by a passphrase and gpg-agent does not know the passphrase) Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Tue Feb 5 19:04:25 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 05 Feb 2013 19:04:25 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <51107939.1060106@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> Message-ID: <511149A9.1070107@digitalbrains.com> On 05/02/13 04:15, Robert J. Hansen wrote: > No. There are none, nor will there be. You absolutely must retain > control of the processing hardware GnuPG runs upon. If you don't have > that control, there is literally no device -- hardware or software -- > that can help you. While I agree with the broad sentiment, I'm not so sure a certain amount of damage control is impossible with what he/she proposes. If you have a device with small attack surface[1] that shows you the plaintext you're about to sign before signing it *with that device*, you can at least prevent making bogus signatures. That still means you're in trouble when your PC is under control of an attacker, but you can't be coerced to issue false signatures. That's certainly something. Obviously I'm assuming the private key is not on the compromised PC. I'm assuming a whole lot more that I'll leave implied. I'm just saying it doesn't sound over-and-shut end of the game to me when the PC is compromised. > This doesn't make sense to me. You don't trust your PC running GnuPG, > so you want to verify your mail on a PC running GnuPG, just one that > happens to be 'trusted'? First of all, I think he/she meant "verify that the text I'm about to sign is what I intended to sign", whereas you are probably thinking of "verifying a cryptographic signature". And a dedicated, limited, well-designed single-purpose device is more trustworthy than an Internet-connected general-purpose PC under the right circumstances. > (Also, you seem to be using the word 'trusted' in a way opposite from > its real meaning. >From the context it's perfectly obvious what he/she meant and makes sense in general English. Why argue semantics here? Just my 2 cents, Peter. [1] Read: not too much program code, well-defined limited communication interfaces. I'd prefer a serial port :). Certainly not a USB device, though it could contain a USB-to-serial chip, obviously. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From rjh at sixdemonbag.org Wed Feb 6 02:49:39 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 05 Feb 2013 20:49:39 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <511149A9.1070107@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> Message-ID: <5111B6B3.3090604@sixdemonbag.org> On 02/05/2013 01:04 PM, Peter Lebbing wrote: > While I agree with the broad sentiment, I'm not so sure a certain > amount of damage control is impossible with what he/she proposes. If > you have a device with small attack surface[1] that shows you the > plaintext you're about to sign before signing it *with that device*, > you can at least prevent making bogus signatures. That still means > you're in trouble when your PC is under control of an attacker, but > you can't be coerced to issue false signatures. That's certainly > something. If you don't trust the PC that GnuPG is running on, don't run GnuPG on that system. (Or anything else that requires trust, for that matter.) It makes no sense to me to believe that it's somehow possible to have a dongle that you can plug into a compromised PC to make it safe (or safer) to sign with. If you believe the PC is compromised, cut it out of your process completely. There is no other realistic option here that I can see. From peter at digitalbrains.com Wed Feb 6 10:28:13 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 06 Feb 2013 10:28:13 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5111B6B3.3090604@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> Message-ID: <5112222D.7020901@digitalbrains.com> On 06/02/13 02:49, Robert J. Hansen wrote: > It makes no sense to me to believe that it's somehow possible to have a > dongle that you can plug into a compromised PC to make it safe (or > safer) to sign with. Can you explain (broadly) how one would compromise the signature/the device that you sign with? I myself always say "if you don't control your own PC, it's over". I don't see however how that compromised PC in this instance can force me to do false signatures, which is the context I'm placing it in. You're still majorly screwed, obviously. An attacker will easily come up with some other nasty thing to do to you. Just not issuing false signatures. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Wed Feb 6 11:37:30 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 06 Feb 2013 11:37:30 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5112222D.7020901@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> Message-ID: <1466983.QQ103B6aB5@inno> Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing: > Can you explain (broadly) how one would compromise the signature/the device > that you sign with? That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) you have the problem that the PC which you need to create (and view) the data to be signed sends a blob to the secure device which is opaque to you. The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you going to do that with a PDF? The only possibility I see is that the secure device shows you the hash of the data to be signed. IIRC unfortunately OpenPGP does not sign the data hash but the hash of the combination of the data and signature metadata which really doesn't make this easier. So you would need a secure device which you can give both the data and the metadata so that it can show both (in case of the data: just the hash) to the user. Then you can (safely...) copy the data to several PCs and have them show you both the file hash and the document (in that order). Hoping that at least one of the PCs is not compromised. I really hope that the next version of OpenPGP will sign data and metadata separately (and allow for multiple hashes of different types in the same signature) to get rid of this annoyance. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Wed Feb 6 12:55:16 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 06 Feb 2013 12:55:16 +0100 Subject: GPG Decryption Issue In-Reply-To: References: <1542010.VbIPHnadMh@inno> Message-ID: <11443681.LaXrziCW7W@inno> Am Mi 06.02.2013, 13:10:32 schrieb Kamalakannan N: > Really thanks for the mail , but still am facing the same issue . > > when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . > > I have one query on Key IDs, > while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. > > Public Key ID : D36AB872 > Private Key ID : E718CCAF > > Even my error show that Private key is missing. Unfortunately I cannot see how you have cared about what I wrote you. You just repeat your statement. How shall that help? > > Probably > > > > 1) either the application runs as a different user so that the secret > > key is not contained in the application's keyring > > > > 2) or there is a problem with gpg-agent (the key is protected by a > > passphrase and gpg-agent does not know the passphrase) You have to ensure that both your command prompt call and the call by the application use the same file. 1) The application could run as a different user. 2) The application could run chrooted. 3) The application could be restricted in its access rights by some LSM (Apparmor, SELinux or similar). Thus do this: a) Compare the output of gpg --list-options show-keyring --list-secret-keys from both the command prompt and the application b) Is the secret key protected by a passphrase? Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Wed Feb 6 13:18:00 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 06 Feb 2013 13:18:00 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1466983.QQ103B6aB5@inno> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> Message-ID: <511249F8.6070301@digitalbrains.com> On 06/02/13 11:37, Hauke Laging wrote: > That seems easy to me: Except for small amounts (secure device's display > capacity) of very simple data (plain text) [...] Seems to me to be enough to do what OP requested: signing e-mails he/she wrote. It indeed seems easy to me that this won't work for binary data, I left that implied. A solution that works for signing e-mails sounds like a viable solution. Just like the USB device the OP linked to only works for signing an electronic bank transfer. Obviously you shouldn't use the same signing key for other duties because those other duties open up different methods to get an e-mail falsely signed. Still, not a deal breaker. I'm not suggesting anybody build this solution. I'm arguing on the technical merits, not the economical ones. Robert suggested it is impossible or close to that. I don't see it that way, but maybe I'm missing some interesting attack vector. And that would be interesting to hear. > How are you going to do that with a PDF? You're not going to achieve that. > The only possibility I see is that the secure device shows you the hash of > the data to be signed. I don't see how that would work. Or, put differently, how that would work any better than transferring the file to a secured system. Because I can't calculate the hash easily using pen and paper, I really need to be seeing something other than the hash before I can be sure it's the data I wanted to sign. Even if hashes could be calculated by pen and paper, it seems like it's an unworkable solution. You would also need to be able to interpret all the binary data you're calculating the hash over, or else you still don't know what you're signing. The PDF could contain a vector image that renders to text saying I owe you ? 1000. I would need to be able to create that vector image in my head before I can interpret the binary data that represents it. This just gets more insane the more you think about it. But it is really /way/ out of the scope of signing your e-mails. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Wed Feb 6 13:45:29 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 06 Feb 2013 13:45:29 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1466983.QQ103B6aB5@inno> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> Message-ID: <51125069.4030901@digitalbrains.com> On 06/02/13 11:37, Hauke Laging wrote: > Then you can (safely...) copy the data to several PCs and have them show you > both the file hash and the document (in that order). Hoping that at least one > of the PCs is not compromised. In my other mail I got kinda hung up on manual verification but forgot about this part of your mail :). I think what you propose is a completely different topic/solution. You seek security in numbers: hope one of the many PC's isn't compromised. The device proposed by OP/by me seeks security in being restricted and simple. And also takes a whole lot less of effort to use ;). I don't really believe in the security in numbers, by the way. Seems too stochastical. If the attacker can attack all but one of the many, why not the last one? Yes, you reduce the odds, but I prefer more determinism. But let's stick to the e-mail signing in this thread, or the discussion will get very unfocused and hard to follow. If you want to continue anyway, could you please change the Subject: line? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From vedaal at nym.hush.com Wed Feb 6 17:57:40 2013 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 06 Feb 2013 11:57:40 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1466983.QQ103B6aB5@inno> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> Message-ID: <20130206165740.56E0FE6726@smtp.hushmail.com> On Wednesday, February 06, 2013 at 5:42 AM, "Hauke Laging" wrote: >The problem is not to forge a signature but the difficulty to >force that only data with checked integrity gets signed. How are you going to do >that with a PDF? There is a bigger problem with a pdf, that if, once a hash algorithm becomes insecure enough that pre-image collisions are possible, it is possible to forge a signature. Ordinarily, even if a collision is possible, a forgery of a signature over text, would instantly be detectable, as the collision forgery would have gibberish in the text. i.e. M1 has signature hash S1 M2 = (m3 + string), where m3 is the forged text, and the string added, is a string additional characters that are varied until a collision is found for the same S1 hash. The string stands out as gibberish and would be questioned, even if the signature verified. But now, in pdf form, the string can easily be hidden in the pdf, by having the string embedded as white text instead of black, and not distinguishable from the white space background. Example, M1 is a pdf of a table, or spreadsheet, or has equations or different language special characters, where it is reasonable to be sent as a pdf. M2 = Pdf of (m3 + string), where is m3 is the forged data in the table, or other visible area of the pdf, and the string is the found addition that produced a successful collision for the final pdf, after having the string rendered in 1 pt. font in white color embedded in any convenient place in the pdf. M1 does not even have to be on a pdf, as long as it has a detached .sig S1. If pre-image collisions are possible for a hash, then a pdf can be constructed to have the same. sig S1. (This could still be detected by examining the details of the metadata of the pdf and seeing what 'extra' material was embedded, but only if a habit is made of checking the metadata very carefully.) vedaal From hka at qbs.com.pl Wed Feb 6 19:11:31 2013 From: hka at qbs.com.pl (Hubert Kario) Date: Wed, 06 Feb 2013 19:11:31 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <20130206165740.56E0FE6726@smtp.hushmail.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <1466983.QQ103B6aB5@inno> <20130206165740.56E0FE6726@smtp.hushmail.com> Message-ID: <1462188.GEGBdDBIB9@k85hala03> On Wednesday 06 of February 2013 11:57:40 vedaal at nym.hush.com wrote: > On Wednesday, February 06, 2013 at 5:42 AM, "Hauke Laging" wrote: > >The problem is not to forge a signature but the difficulty to > >force that only data with checked integrity gets signed. How are you going > >to do that with a PDF? > > There is a bigger problem with a pdf, that if, once a hash algorithm becomes > insecure enough that pre-image collisions are possible, it is possible to > forge a signature. Don't extended (-T, -X, -A form) PAdES signatures add new hash values?! I'm quite sure not only they do, but that it's mandatory. So, new hashes can be used when ones used in file are beginning to weaken (e.g. SHA1 now). > This could still be detected by examining the details of the metadata of the > pdf and seeing what 'extra' material was embedded, but only if a habit is > made of checking the metadata very carefully. I'd suggest to make a habit of not trusting PDF files with currently invalid timestamps... Or files without cryptographic timestamps with currently invalid signatures... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2237 bytes Desc: not available URL: From kamalakannan.n at tcs.com Wed Feb 6 08:40:32 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Wed, 6 Feb 2013 13:10:32 +0530 Subject: GPG Decryption Issue In-Reply-To: <1542010.VbIPHnadMh@inno> References: <1542010.VbIPHnadMh@inno> Message-ID: Hello Hauke Laging , Really thanks for the mail , but still am facing the same issue . when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . I have one query on Key IDs, while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. Public Key ID : D36AB872 Private Key ID : E718CCAF Even my error show that Private key is missing. My error log is > gpg: encrypted with RSA key, ID E718CCAF > gpg: decryption failed: No secret key Kindly comment on the same and let me know your suggestions CMD command what ever i tried as follow , Private Query Import : C:\>gpg --import NavtechKey_sec.asc gpg: key D36AB872: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 Public Query Import : C:\>gpg --import NavtechKey_pub.asc gpg: key D36AB872: "Navtech (Navtech Encryption) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 Edit Key : E:\>gpg --edit-key Navtech gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/D36AB872 created: 2012-08-01 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/E718CCAF created: 2012-08-01 expires: never usage: E [ultimate] (1). Navtech (Navtech Encryption) gpg> pub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/q gpg> fpr pub 2048R/D36AB872 2012-08-01 Navtech (Navtech Encryption) Primary key fingerprint: 6CD3 D53B 26A7 AD59 9117 3EA7 A614 AC8F D36A B872 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/05/2013 08:22 PM Subject: Re: GPG Decryption Issue Am Di 05.02.2013, 17:19:38 schrieb Kamalakannan N: > 1) When we Decrypting the file through Command prompt its works fine > > 2) When we Decrypting the same file through Datastage application we are > facing an issue > > gpg: encrypted with RSA key, ID E718XXXX > gpg: decryption failed: No secret key Probably 1) either the application runs as a different user so that the secret key is not contained in the application's keyring 2) or there is a problem with gpg-agent (the key is protected by a passphrase and gpg-agent does not know the passphrase) Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From kamalakannan.n at tcs.com Wed Feb 6 11:28:32 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Wed, 6 Feb 2013 15:58:32 +0530 Subject: Fw: GPG Decryption Issue Message-ID: Hi Hauke Laging , Kindly look into the below command and result . Help me out to resolve the NO SECRET KEY issue. E:\>gpg --list-keys C:/Documents and Settings/dstage/Application Data/gnupg/pubring.gpg ------------------------------------------------------------------- pub 2048R/D36AB872 2012-08-01 uid Navtech (Navtech Encryption) sub 2048R/E718CCAF 2012-08-01 E:\>gpg --list-secret-keys C:/Documents and Settings/dstage/Application Data/gnupg/secring.gpg ------------------------------------------------------------------- sec 2048R/D36AB872 2012-08-01 uid Navtech (Navtech Encryption) ssb 2048R/E718CCAF 2012-08-01 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ ----- Forwarded by Kamalakannan N/CHN/TCS on 02/06/2013 03:53 PM ----- From: Kamalakannan N/CHN/TCS To: Hauke Laging Cc: gnupg-users at gnupg.org Date: 02/06/2013 01:08 PM Subject: Re: GPG Decryption Issue Hello Hauke Laging , Really thanks for the mail , but still am facing the same issue . when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . I have one query on Key IDs, while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. Public Key ID : D36AB872 Private Key ID : E718CCAF Even my error show that Private key is missing. My error log is > gpg: encrypted with RSA key, ID E718CCAF > gpg: decryption failed: No secret key Kindly comment on the same and let me know your suggestions CMD command what ever i tried as follow , Private Query Import : C:\>gpg --import NavtechKey_sec.asc gpg: key D36AB872: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 Public Query Import : C:\>gpg --import NavtechKey_pub.asc gpg: key D36AB872: "Navtech (Navtech Encryption) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 Edit Key : E:\>gpg --edit-key Navtech gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/D36AB872 created: 2012-08-01 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/E718CCAF created: 2012-08-01 expires: never usage: E [ultimate] (1). Navtech (Navtech Encryption) gpg> pub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/q gpg> fpr pub 2048R/D36AB872 2012-08-01 Navtech (Navtech Encryption) Primary key fingerprint: 6CD3 D53B 26A7 AD59 9117 3EA7 A614 AC8F D36A B872 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/05/2013 08:22 PM Subject: Re: GPG Decryption Issue Am Di 05.02.2013, 17:19:38 schrieb Kamalakannan N: > 1) When we Decrypting the file through Command prompt its works fine > > 2) When we Decrypting the same file through Datastage application we are > facing an issue > > gpg: encrypted with RSA key, ID E718XXXX > gpg: decryption failed: No secret key Probably 1) either the application runs as a different user so that the secret key is not contained in the application's keyring 2) or there is a problem with gpg-agent (the key is protected by a passphrase and gpg-agent does not know the passphrase) Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Feb 6 23:51:00 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 06 Feb 2013 17:51:00 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5112222D.7020901@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> Message-ID: <5112DE54.5010100@sixdemonbag.org> On 2/6/13 4:28 AM, Peter Lebbing wrote: > Can you explain (broadly) how one would compromise the signature/the device that > you sign with? Happily! I have an OpenPGP smartcard and an SCM card reader. I installed it under Fedora 16 and it worked beautifully. Under Fedora 17 it's broken. After a few rounds of unfruitful debugging I gave Werner an account on an F17 box with this hardware plugged in, and even then we were unable to figure out what was wrong. So, since this device clearly doesn't work under F17 (or F18, now, for that matter), I've elected to stop using it in favor of using my desktop PC. Just makes sense. Damned thing doesn't work. -- And that is _exactly_ the attack I would use against any dongle you plug into a compromised PC in order to make signatures safely. If I've compromised the system, all I need to do is make the dongle not work properly. After a few rounds of frustrating debugging and discovering the thing just doesn't work, you'll revert back to using your compromised PC. You'll do it for the exact same reason that I stopped using my smartcard reader: "damned thing doesn't work." *Even if your dongle works exactly as intended*, I can -- by simulating a hardware failure -- drive you into a fallback where you use a compromised machine. Under the most generous assumption possible about your dongle ("it works perfectly and exactly as intended"), your dongle still doesn't work. And that, to me, is the definition of bogus. If under the most generous assumptions possible something still doesn't work, then that thing is bogus. Anyone who objects to this on the grounds of "well, that's a human exploit, not a technological one!" will get a cream pie thrown at them. *Of course* I'm going to exploit you-the-human. You're the crunchiest part of the system... From mailinglisten at hauke-laging.de Thu Feb 7 08:02:57 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 07 Feb 2013 08:02:57 +0100 Subject: GPG Decryption Issue In-Reply-To: References: Message-ID: <3199363.19ZmdCL7Yx@inno> Am Do 07.02.2013, 10:28:29 schrieb Kamalakannan N: > Application is run by the same user and secret key is protected by a > passphrase. Take the passphrase off the key and check whether the batch file works then. > Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . > > Batch file command is : > gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt -- output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E: \Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Put this into the batch file for testing: 1) gpg --list-options show-keyring \ --output E:\Data\qfbi\Navtech\Working\keyring.txt \ --list-secret-keys 2) copy E:\Data\qfbi\Navtech\Working\passphrase.txt \ E:\Data\qfbi\Navtech\Working\passphrase.cp Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From kamalakannan.n at tcs.com Thu Feb 7 05:58:29 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Thu, 7 Feb 2013 10:28:29 +0530 Subject: GPG Decryption Issue Message-ID: Hi Hauke , Application is run by the same user and secret key is protected by a passphrase. We are trying to decrypt the same file from both Command prompt and Datastage Application. Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . Batch file command is : gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg * Passphrase key available in the specified path 1)Is there any command is to check access for the application to decrypt. Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/06/2013 05:25 PM Subject: Re: GPG Decryption Issue Am Mi 06.02.2013, 13:10:32 schrieb Kamalakannan N: > Really thanks for the mail , but still am facing the same issue . > > when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . > > I have one query on Key IDs, > while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. > > Public Key ID : D36AB872 > Private Key ID : E718CCAF > > Even my error show that Private key is missing. Unfortunately I cannot see how you have cared about what I wrote you. You just repeat your statement. How shall that help? > > Probably > > > > 1) either the application runs as a different user so that the secret > > key is not contained in the application's keyring > > > > 2) or there is a problem with gpg-agent (the key is protected by a > > passphrase and gpg-agent does not know the passphrase) You have to ensure that both your command prompt call and the call by the application use the same file. 1) The application could run as a different user. 2) The application could run chrooted. 3) The application could be restricted in its access rights by some LSM (Apparmor, SELinux or similar). Thus do this: a) Compare the output of gpg --list-options show-keyring --list-secret-keys from both the command prompt and the application b) Is the secret key protected by a passphrase? Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From kamalakannan.n at tcs.com Thu Feb 7 08:06:21 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Thu, 7 Feb 2013 12:36:21 +0530 Subject: GPG Decryption Issue In-Reply-To: References: Message-ID: Hi Hauke , Kindly help me out by providing --multifile --decrypt batch file command , Currently we are using batch command as below to decrypt single files. gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Kindly let me know how to decrypt multifile by using single command Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Kamalakannan N/CHN/TCS To: Hauke Laging Cc: gnupg-users at gnupg.org Date: 02/07/2013 10:28 AM Subject: GPG Decryption Issue Hi Hauke , Application is run by the same user and secret key is protected by a passphrase. We are trying to decrypt the same file from both Command prompt and Datastage Application. Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . Batch file command is : gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg * Passphrase key available in the specified path 1)Is there any command is to check access for the application to decrypt. Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/06/2013 05:25 PM Subject: Re: GPG Decryption Issue Am Mi 06.02.2013, 13:10:32 schrieb Kamalakannan N: > Really thanks for the mail , but still am facing the same issue . > > when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . > > I have one query on Key IDs, > while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. > > Public Key ID : D36AB872 > Private Key ID : E718CCAF > > Even my error show that Private key is missing. Unfortunately I cannot see how you have cared about what I wrote you. You just repeat your statement. How shall that help? > > Probably > > > > 1) either the application runs as a different user so that the secret > > key is not contained in the application's keyring > > > > 2) or there is a problem with gpg-agent (the key is protected by a > > passphrase and gpg-agent does not know the passphrase) You have to ensure that both your command prompt call and the call by the application use the same file. 1) The application could run as a different user. 2) The application could run chrooted. 3) The application could be restricted in its access rights by some LSM (Apparmor, SELinux or similar). Thus do this: a) Compare the output of gpg --list-options show-keyring --list-secret-keys from both the command prompt and the application b) Is the secret key protected by a passphrase? Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From kamalakannan.n at tcs.com Thu Feb 7 08:08:40 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Thu, 7 Feb 2013 12:38:40 +0530 Subject: GPG Decryption Issue In-Reply-To: <3199363.19ZmdCL7Yx@inno> References: <3199363.19ZmdCL7Yx@inno> Message-ID: Hi Hauke , Kindly help me out by providing --multifile --decrypt batch file command , Currently we are using batch command as below to decrypt single files. gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Kindly let me know how to decrypt multifile by using single command Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/07/2013 12:33 PM Subject: Re: GPG Decryption Issue Am Do 07.02.2013, 10:28:29 schrieb Kamalakannan N: > Application is run by the same user and secret key is protected by a > passphrase. Take the passphrase off the key and check whether the batch file works then. > Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . > > Batch file command is : > gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt -- output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E: \Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Put this into the batch file for testing: 1) gpg --list-options show-keyring \ --output E:\Data\qfbi\Navtech\Working\keyring.txt \ --list-secret-keys 2) copy E:\Data\qfbi\Navtech\Working\passphrase.txt \ E:\Data\qfbi\Navtech\Working\passphrase.cp Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From niels at dest-unreach.be Thu Feb 7 11:12:36 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 07 Feb 2013 11:12:36 +0100 Subject: influence of signature type on trustdb Message-ID: <51137E14.7060307@dest-unreach.be> Hi, I'm trying to figure out what the influence is of the different signature types (0x10-0x13). As far as I can tell, they only _indicate_ the signers trust in his own sig, but isn't used in any way by GPG. Is this correct? I was hoping it would be used in the trust model, but apparently only the ownertrust (and optionally tsign's) are used there. Thanks in advance, Niels From peter at digitalbrains.com Thu Feb 7 13:46:56 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 07 Feb 2013 13:46:56 +0100 Subject: influence of signature type on trustdb In-Reply-To: <51137E14.7060307@dest-unreach.be> References: <51137E14.7060307@dest-unreach.be> Message-ID: <5113A240.3060000@digitalbrains.com> > I'm trying to figure out what the influence is of the different > signature types (0x10-0x13). >From the gpg2 man page: > --min-cert-level > When building the trust database, treat any signatures with a certification level > below this as invalid. Defaults to 2, which disregards level 1 signatures. Note > that level 0 "no particular claim" signatures are always accepted. So 0x10 is always accepted, 0x11 is by default rejected. You could, f.e., increase this to 3, meaning you only accept 0x13 (and 0x10). Or you could decrase it to 1, accepting 0x11 as well. That at least is what I get from the description. I've never fiddled with it. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Thu Feb 7 14:14:44 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 07 Feb 2013 14:14:44 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5112DE54.5010100@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> Message-ID: <5113A8C4.9080408@digitalbrains.com> > *Even if your dongle works exactly as intended*, I can -- by simulating a > hardware failure -- drive you into a fallback where you use a compromised > machine. It's a good attack. Thank you for sharing it. But to say it makes the device bogus is a way too easy dismissal. So if an attacker compromises the system and makes the user unable to use the device on that system, they will react by stopping using the device, but not by stopping using the PC? But at the same time you said earlier > If you believe the PC is compromised, cut it out of your process completely. I would agree with the latter. The strength of the device is that it won't issue false signatures in the period that your PC *is* compromised but you haven't discovered it yet! If my crypto device suddenly stopped working, I'd investigate why and possibly re-install the system if I can't find the culprit. Your case of not using the smartcard isn't really completely comparable to me. You feel the fault lies with Fedora. Re-installing from scratch doesn't fix anything. If you thought it not unlikely that an attacker was controlling your system and blocking the smartcard, I really doubt you'd respond by putting your private key in your keyring on that system, right? > Under the most generous assumption possible about your dongle ("it works > perfectly and exactly as intended"), your dongle still doesn't work. And > that, to me, is the definition of bogus. > If under the most generous assumptions possible something still doesn't work, > then that thing is bogus. [1] Nice rhetorics. In isolation, it sounds nice. In context, it is itself bogus. I'd really appreciate it if we discuss the technical merits, and not make a competition out of who can come up with the best rethorics. You will no doubt win. But this isn't about winning to me, it's about academical exploration of a topic. Your most generous assumptions are at first "about your dongle". In the next sentence, those same assumptions are suddenly generalised, making the statement nice and catching. But as soon as we look at the bigger picture, your assumptions aren't that generous. The most important reason is that you took it as a fact that if an attacker compromised the PC, the user would react by rewarding him with a copy of the private key, exactly the opposite of your advice to cut the PC out of the process. I really wouldn't call that the "most generous assumptions possible" at all. > Anyone who objects to this on the grounds of "well, that's a human exploit, > not a technological one!" will get a cream pie thrown at them. Unfortunately no cake for me, because human exploits are obviously very real and need to be accounted for. This is a viable attack. It might work. Because of user misjudgement. That does not make the device useless. A properly cautious user should no longer trust the PC that is not accepting the device when seemingly rather identical systems do accept it. Caution is always required when working with cryptography you rely on, there's nothing new there. This device doesn't magically make all worries go away. Peter. [1] I split the quote to emphasize the last sentence -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dshaw at jabberwocky.com Thu Feb 7 15:09:30 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 7 Feb 2013 09:09:30 -0500 Subject: influence of signature type on trustdb In-Reply-To: <51137E14.7060307@dest-unreach.be> References: <51137E14.7060307@dest-unreach.be> Message-ID: <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> On Feb 7, 2013, at 5:12 AM, Niels Laukens wrote: > Hi, > > I'm trying to figure out what the influence is of the different > signature types (0x10-0x13). As far as I can tell, they only _indicate_ > the signers trust in his own sig, but isn't used in any way by GPG. Is > this correct? Basically correct. All of the signature types are equal except for the influence of --min-cert-level. By default, that's set to 2, so the 0x11 "persona" signature is ignored when building the trustdb. A signature whose very definition indicates that the person didn't check before making it, is probably one you want to skip :) David From hka at qbs.com.pl Thu Feb 7 15:26:56 2013 From: hka at qbs.com.pl (Hubert Kario) Date: Thu, 07 Feb 2013 15:26:56 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5113A8C4.9080408@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> Message-ID: <5398993.kQInJeB1X2@k85hala03> On Thursday 07 of February 2013 14:14:44 Peter Lebbing wrote: > > *Even if your dongle works exactly as intended*, I can -- by simulating a > > hardware failure -- drive you into a fallback where you use a compromised > > machine. > > It's a good attack. Thank you for sharing it. But to say it makes the device > bogus is a way too easy dismissal. > > So if an attacker compromises the system and makes the user unable to use > the device on that system, they will react by stopping using the device, > but not by stopping using the PC? But at the same time you said earlier > > > If you believe the PC is compromised, cut it out of your process > > completely. > I would agree with the latter. The strength of the device is that it won't > issue false signatures in the period that your PC *is* compromised but you > haven't discovered it yet! > > If my crypto device suddenly stopped working, I'd investigate why and > possibly re-install the system if I can't find the culprit. > > Your case of not using the smartcard isn't really completely comparable to > me. You feel the fault lies with Fedora. Re-installing from scratch doesn't > fix anything. If you thought it not unlikely that an attacker was > controlling your system and blocking the smartcard, I really doubt you'd > respond by putting your private key in your keyring on that system, right? > > > Under the most generous assumption possible about your dongle ("it works > > perfectly and exactly as intended"), your dongle still doesn't work. And > > that, to me, is the definition of bogus. > > > > If under the most generous assumptions possible something still doesn't > > work, then that thing is bogus. > > [1] > > Nice rhetorics. In isolation, it sounds nice. In context, it is itself > bogus. I'd really appreciate it if we discuss the technical merits, and not > make a competition out of who can come up with the best rethorics. You will > no doubt win. But this isn't about winning to me, it's about academical > exploration of a topic. > > Your most generous assumptions are at first "about your dongle". In the next > sentence, those same assumptions are suddenly generalised, making the > statement nice and catching. But as soon as we look at the bigger picture, > your assumptions aren't that generous. > > The most important reason is that you took it as a fact that if an attacker > compromised the PC, the user would react by rewarding him with a copy of the > private key, exactly the opposite of your advice to cut the PC out of the > process. I really wouldn't call that the "most generous assumptions > possible" at all. > In a world where software and hardware usually *has* bugs it's more likely that the dongle stopped working because of bugs, not because I'm under attack. Especially if we're talking about the "usual use case", I doubt even bigger companies that use GPG review all the patches and test them individially, let alone individuals. The usual response in this kind of situation is "let me do my damn work already" not "hmm, interesting, let's diagnose the issue, other projects be damned". Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm a bit more knowledgable about crypto and security that regular users of GPG. I'm afraid that this kind of attack would be only unsuccessful against GPG developers or developers close to the GPG project (basically only the people that would have the means, knowledge and time to bisect the issue). Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl From rjh at sixdemonbag.org Thu Feb 7 15:49:32 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 07 Feb 2013 09:49:32 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5113A8C4.9080408@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> Message-ID: <5113BEFC.1020604@sixdemonbag.org> On 02/07/2013 08:14 AM, Peter Lebbing wrote: > So if an attacker compromises the system and makes the user unable to > use the device on that system, they will react by stopping using the > device, but not by stopping using the PC? But at the same time you > said earlier... Yes, I did. A good compromise is one that leaves the victim unaware the machine has been compromised. If you-the-user see evidence that makes you think you've lost control, the compromise author has failed. (Note that this isn't true for a lot of malware nowadays, where the hijacker literally doesn't care if you notice and instead trusts in your inability to do anything about it: but that's not the kind of malware we're talking about here, where we're assuming someone who has compromised your system explicitly for purposes of hijacking your GnuPG system.) > If my crypto device suddenly stopped working, I'd investigate why and > possibly re-install the system if I can't find the culprit. Then I re-compromise your box and start over. I also plant a couple of messages on message boards you frequent talking about how my dongle, of the same model number as yours, doesn't work with my Linux distro, of the same kind as yours, since a recent kernel upgrade. Since I have your machine compromised I know what sources you check for these things, and the dark side of crowdsourcing is how easy it is to give strategic misinformation to people. At some point you're going to believe the problem is the device doesn't work. I might also deliver to you a high-priority message, something that needs a signed response urgently, in order to give you another reason to disregard the device for "just this once." > If you thought it not unlikely that an attacker was controlling your > system and blocking the smartcard, I really doubt you'd respond by > putting your private key in your keyring on that system, right? No, quite the opposite. Vint Cerf estimated a few years ago that one in five desktop PCs was rooted and the owners didn't know it. One in five. That's a really scary number. Anyone on this list who thinks they couldn't possibly be part of that one in five is living in a fantasy world. Any of us could be. Now, I haven't seen evidence to suggest that my machine is compromised. But that doesn't mean I have limitless confidence in my hardware. My desktop PC is trusted hardware in the most classic definition of trusted: I trust it because I have to, not because I believe it's deserving of trust. > But this isn't about winning to me, it's about academical exploration > of a topic. And that's the entire methodology I'd use to exploit your perfect dongle. Those who view things only academically tend to fall down and go boom when confronted with real-world attacks on the human side of the system. Those who view things only as human interactions tend to fall down and go boom when the math works against them. This is the sort of thing that must be looked at from both directions simultaneously. > The most important reason is that you took it as a fact that if an > attacker compromised the PC, the user would react by rewarding him > with a copy of the private key, exactly the opposite of your advice > to cut the PC out of the process. I really wouldn't call that the > "most generous assumptions possible" at all. Sure. Because if I give you any clue that the machine is compromised, I've failed to write a good compromise. I'm assuming for sake of argument that I'm competent at skulduggery. > A properly cautious user should no longer trust the PC that is not > accepting the device when seemingly rather identical systems do > accept it. Which is why I would seed the forums you use with reports of these devices not working. From niels at dest-unreach.be Thu Feb 7 15:56:00 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 07 Feb 2013 15:56:00 +0100 Subject: influence of signature type on trustdb In-Reply-To: <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> Message-ID: <5113C080.1090209@dest-unreach.be> On 2013-02-07 15:09, David Shaw wrote: > On Feb 7, 2013, at 5:12 AM, Niels Laukens wrote: > >> Hi, >> >> I'm trying to figure out what the influence is of the different >> signature types (0x10-0x13). As far as I can tell, they only _indicate_ >> the signers trust in his own sig, but isn't used in any way by GPG. Is >> this correct? > > Basically correct. All of the signature types are equal except for > the influence of --min-cert-level. By default, that's set to 2, so > the 0x11 "persona" signature is ignored when building the trustdb. A > signature whose very definition indicates that the person didn't > check before making it, is probably one you want to skip :) OK, would it make sense to use this level in the trust calculation? Similar to the `marginal` ownertrust: three type 0x12 sigs equivalent to one type 0x13 sig? With the numbers configurable, preferably. I guess this would make the trustdb calculations a little more complicated, because both ownertrust and siglevel need to be taken into account, but to me it feels like a "better" way. Or am I missing some obvious reasons why this is a bad idea? Niels From rjh at sixdemonbag.org Thu Feb 7 16:02:41 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 07 Feb 2013 10:02:41 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5398993.kQInJeB1X2@k85hala03> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5398993.kQInJeB1X2@k85hala03> Message-ID: <5113C211.8040403@sixdemonbag.org> On 02/07/2013 09:26 AM, Hubert Kario wrote: > Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm > a bit more knowledgable about crypto and security that regular users of GPG. Yes -- I'm a fair bit more knowledgeable about these things than most, and as my story of the smartcard reader shows, I may have *already fallen victim* to this sort of thing. (Or the reader could just be buggy. Or maybe I'm trying to exploit someone using an SCM card reader on a Fedora 18 box and I'm planting seeds to make them think their system is buggy and their reader won't work, so go ahead and fall back to cardless usage. Who knows? It could be any of those. I suspect it's just buggy.) Admittedly, in the case of a buggy-or-compromised smartcard reader the attacker isn't looking to compromise the private key on the smartcard: the attacker is trying to get me to fall back to my alternate keys which are on my desktop. The principle still stands, though. Cards and pinpads are great at protecting private keys from being exported off the smartcard, but that's not the same as preventing exploits. From dshaw at jabberwocky.com Thu Feb 7 17:25:12 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 7 Feb 2013 11:25:12 -0500 Subject: influence of signature type on trustdb In-Reply-To: <5113C080.1090209@dest-unreach.be> References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> <5113C080.1090209@dest-unreach.be> Message-ID: <58356C0F-0348-4B00-9162-868ECC9453CA@jabberwocky.com> On Feb 7, 2013, at 9:56 AM, Niels Laukens wrote: > On 2013-02-07 15:09, David Shaw wrote: >> On Feb 7, 2013, at 5:12 AM, Niels Laukens wrote: >> >>> Hi, >>> >>> I'm trying to figure out what the influence is of the different >>> signature types (0x10-0x13). As far as I can tell, they only _indicate_ >>> the signers trust in his own sig, but isn't used in any way by GPG. Is >>> this correct? >> >> Basically correct. All of the signature types are equal except for >> the influence of --min-cert-level. By default, that's set to 2, so >> the 0x11 "persona" signature is ignored when building the trustdb. A >> signature whose very definition indicates that the person didn't >> check before making it, is probably one you want to skip :) > > OK, would it make sense to use this level in the trust calculation? > Similar to the `marginal` ownertrust: three type 0x12 sigs equivalent to > one type 0x13 sig? With the numbers configurable, preferably. > > I guess this would make the trustdb calculations a little more > complicated, because both ownertrust and siglevel need to be taken into > account, but to me it feels like a "better" way. > > Or am I missing some obvious reasons why this is a bad idea? Nope, this could be done. There are a few reasons it hasn't, including that it would make the trust model incompatible (in the sense that a path that exists using GnuPG might not exist in PGP and vice versa) with other implementations. There is no reason why someone couldn't write an *additional* trust model that takes that into account, though. It just takes someone who wants it badly enough. The OpenPGP standard doesn't have much to say about different trust models - it's mostly left up to the implementations to decide how to resolve whether a key is considered usable or not. David From dkg at fifthhorseman.net Thu Feb 7 17:54:46 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 07 Feb 2013 11:54:46 -0500 Subject: influence of signature type on trustdb In-Reply-To: <5113C080.1090209@dest-unreach.be> References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> <5113C080.1090209@dest-unreach.be> Message-ID: <5113DC56.4000100@fifthhorseman.net> On 02/07/2013 09:56 AM, Niels Laukens wrote: > OK, would it make sense to use this level in the trust calculation? > Similar to the `marginal` ownertrust: three type 0x12 sigs equivalent to > one type 0x13 sig? With the numbers configurable, preferably. > > I guess this would make the trustdb calculations a little more > complicated, because both ownertrust and siglevel need to be taken into > account, but to me it feels like a "better" way. > > Or am I missing some obvious reasons why this is a bad idea? one reason to be wary of any changes to the trust model are that most humans i've talked to about this (including ones who have spent a decent amount of time thinking about it) are often surprised even by the current standard trust model. Sometimes this is due to not thinking through the consequences of their choices, sometimes it's due to not really understanding how the standard trust model actually works. Making the trust model even more complicated without improving comprehensibility to the user seems like trouble. --dkg PS i actually think that the standard trust model is decent, though i've proposed a few changes to it myself. I think anyone interested in improving the trust model should probably try to think through how to make an improved user interface for people who are trying to inspect the trust model. This is a hard problem. But reinforcing good user intuitions about what's going on would probably be a bigger win than an algorithmic adjustment (and might make algorithmic adjustments easier in the future). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From niels at dest-unreach.be Thu Feb 7 18:25:56 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 07 Feb 2013 18:25:56 +0100 Subject: influence of signature type on trustdb In-Reply-To: <58356C0F-0348-4B00-9162-868ECC9453CA@jabberwocky.com> References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> <5113C080.1090209@dest-unreach.be> <58356C0F-0348-4B00-9162-868ECC9453CA@jabberwocky.com> Message-ID: <5113E3A4.9050407@dest-unreach.be> On 2013-02-07 17:25, David Shaw wrote: > Nope, this could be done. There are a few reasons it hasn't, > including that it would make the trust model incompatible (in the > sense that a path that exists using GnuPG might not exist in PGP and > vice versa) with other implementations. > > There is no reason why someone couldn't write an *additional* trust > model that takes that into account, though. It just takes someone > who wants it badly enough. The OpenPGP standard doesn't have much to > say about different trust models - it's mostly left up to the > implementations to decide how to resolve whether a key is considered > usable or not. Ok, I'll put "write another trust model" on my todo-list. But not under the "I need this badly" section. Rather under "If I have nothing more useful to do". Over the past few days' I've been thinking about it, and it seems to be a very complex problem. Mostly because the quantitiy involved (trust) is not very well defined (which I consider a feature in general, but a bug in this particular context). From niels at dest-unreach.be Thu Feb 7 18:30:06 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 07 Feb 2013 18:30:06 +0100 Subject: influence of signature type on trustdb In-Reply-To: <5113DC56.4000100@fifthhorseman.net> References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> <5113C080.1090209@dest-unreach.be> <5113DC56.4000100@fifthhorseman.net> Message-ID: <5113E49E.1070201@dest-unreach.be> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2013-02-07 17:54, Daniel Kahn Gillmor wrote: > I think anyone interested in improving the trust model should > probably try to think through how to make an improved user > interface for people who are trying to inspect the trust model. I use http://pgp.cs.uu.nl/ from time to time. It does render a picture of the different trust-paths it found, including the sig-type (although I don't find the sig-type particularly intuitive). To depict the trust model, the ownertrust should be added on top somehow... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlET5J4ACgkQZJWMADvTs4pqRQD/YTgtkOhthrCUSoBYz161TSJZ ZuVj+4/ASo0HA4Dz5poA/jdo+ugPZeB92f+6yIKtIAHhc8Wxxirw3cVsquiIXGhz =+lOq -----END PGP SIGNATURE----- From peter at digitalbrains.com Thu Feb 7 20:29:40 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 07 Feb 2013 20:29:40 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5398993.kQInJeB1X2@k85hala03> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5398993.kQInJeB1X2@k85hala03> Message-ID: <511400A4.9040207@digitalbrains.com> On 07/02/13 15:26, Hubert Kario wrote: > The usual response in this kind of situation is "let me do my damn work > already" not "hmm, interesting, let's diagnose the issue, other projects be > damned". Honestly, I'd probably fall victim to such an attack Every decision is a weighing of how important things are to you. For most people, it's a non-issue anyway. So yes, they will just get on with their work and do the signature in software. But then this device was probably also more of a gimmick to them. They bought it instead of a simple OpenPGP card, but can't be bothered to do some investigation when this not quite ordinary piece of cryptography equipment stops working? I really think their keys and signatures must not be worth a lot to them then. I'm not talking about myself. I would buy the device as a gimmick, actually. Or not at all. I feel perfectly fine with my OpenPGP cards. By the way, you talk about bisecting code changes and such. I would just grab one of my other PC's, or install a brand new one. In the end, yes, an attacker could thwart all my attempts. This isn't any different than for the products that are already here today, GnuPG itself, the OpenPGP smartcards. The device where you see your plaintext before you sign it is just an extension of the smartcard, not a panacea. The smartcard prevents leakage of the key, as long as you use the smartcard. The plaintext signature device prevents false signatures, as long as you use the device. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Thu Feb 7 20:31:09 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 07 Feb 2013 20:31:09 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5113BEFC.1020604@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> Message-ID: <511400FD.4040807@digitalbrains.com> This is silly. Yes, you can do social engineering. That's always possible. And yes, the attacker will win against me if he wants badly enough. I know that as well. These are all just generalities. You seem to be implying that unless something is perfect, something is bogus, and people should not bother. Well, the perfect is the enemy of the good, and apart from that, you seem to call not just the OpenPGP smartcard specifically but everything else as well bogus for being exploitable when enough effort is put into it. Why do you even have GnuPG if you feel that an attacker worth your time would have you in his pocket? Actually, you might want to rethink that whole Fedora thing, because I think someone has gone through quite some effort for your private key. He even pretended to be Werner Koch, and laughed himself silly when you gave him a bloody account to the machine he already owned more than you did. Better revoke now. I'm out. You're a smart guy. If you feel those generalities add anything to this discussion, I feel I'm completely done with it. I can't shake the feeling you're not in this discussion for the same reason as I. I just now read your other mail in this thread. In it you say: > Cards and pinpads are great at protecting private keys from being exported > off the smartcard, but that's not the same as preventing exploits. I'm slightly confused. Because everything you object to the device I have in mind is equally well deployed against the smartcard, yet the smartcard apparently is not bogus. The smartcard prevents leakage of key material, as long as you don't put your private key in your keyring as soon as an attacker disables access to your smart card reader. The plaintext signing device prevents false signatures, as long as you don't put your private key in your keyring as soon as an attacker disables access to the device. Yet only the latter is bogus, and you haven't made clear where the difference then lies. Whatever. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From refreshing at tormail.org Thu Feb 7 10:56:49 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 09:56:49 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <511249F8.6070301@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> <511249F8.6070301@digitalbrains.com> Message-ID: <1U3ODp-000DB9-Gj@internal.tormail.org> > On 06/02/13 11:37, Hauke Laging wrote: >> That seems easy to me: Except for small amounts (secure device's display >> capacity) of very simple data (plain text) [...] > > Seems to me to be enough to do what OP requested: signing e-mails he/she > wrote. Yes. > It indeed seems easy to me that this won't work for binary data, I left > that > implied. A solution that works for signing e-mails sounds like a viable > solution. Just like the USB device the OP linked to only works for signing > an > electronic bank transfer. Yes. > Obviously you shouldn't use the same signing key for other duties because > those > other duties open up different methods to get an e-mail falsely signed. > Still, > not a deal breaker. Yes. > I'm not suggesting anybody build this solution. I'm arguing on the > technical > merits, not the economical ones. Robert suggested it is impossible or > close to > that. I don't see it that way, but maybe I'm missing some interesting > attack > vector. And that would be interesting to hear. > >> How are you going to do that with a PDF? I didn't ask for. > You're not going to achieve that. > >> The only possibility I see is that the secure device shows you the hash >> of >> the data to be signed. > > I don't see how that would work. Or, put differently, how that would work > any > better than transferring the file to a secured system. Because I can't > calculate the hash easily using pen and paper, I really need to be seeing > something other than the hash before I can be sure it's the data I wanted > to > sign. Even if hashes could be calculated by pen and paper, it seems like > it's an > unworkable solution. You would also need to be able to interpret all the > binary > data you're calculating the hash over, or else you still don't know what > you're > signing. The PDF could contain a vector image that renders to text saying > I owe > you ??? 1000. I would need to be able to create that vector image in my > head > before I can interpret the binary data that represents it. This just gets > more > insane the more you think about it. > > But it is really /way/ out of the scope of signing your e-mails. > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at > From refreshing at tormail.org Thu Feb 7 10:58:14 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 09:58:14 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <51125069.4030901@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> <51125069.4030901@digitalbrains.com> Message-ID: <1U3OFC-000DQP-15@internal.tormail.org> > On 06/02/13 11:37, Hauke Laging wrote: > The > device proposed by OP/by me seeks security in being restricted and simple. > And > also takes a whole lot less of effort to use ;). Yes. > But let's stick to the e-mail signing in this thread, or the discussion > will get > very unfocused and hard to follow. If you want to continue anyway, could > you > please change the Subject: line? Yes. From refreshing at tormail.org Thu Feb 7 11:03:30 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 10:03:30 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5111B6B3.3090604@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> Message-ID: <1U3OKI-000EH0-Ly@internal.tormail.org> > On 02/05/2013 01:04 PM, Peter Lebbing wrote: >> While I agree with the broad sentiment, I'm not so sure a certain >> amount of damage control is impossible with what he/she proposes. If >> you have a device with small attack surface[1] that shows you the >> plaintext you're about to sign before signing it *with that device*, >> you can at least prevent making bogus signatures. That still means >> you're in trouble when your PC is under control of an attacker, but >> you can't be coerced to issue false signatures. That's certainly >> something. > > If you don't trust the PC that GnuPG is running on, don't run GnuPG on > that system. (Or anything else that requires trust, for that matter.) I have no reason to believe my system is compromised. Taking security very serious. Otherwise I wouldn't bother posting here. :) That sounds like a oxymoron. How can I be REALLY sure my system isn't compromised? Mail clients and browsers are major attack surface and a device exposed to internet can not be as secure as a small single purposed device. > It makes no sense to me to believe that it's somehow possible to have a > dongle that you can plug into a compromised PC to make it safe (or > safer) to sign with. I think if designed right it works. This implies the compromised machine can not attack the text reading and gpg signing device. > If you believe the PC is compromised, cut it out > of your process completely. There is no other realistic option here > that I can see. > From refreshing at tormail.org Thu Feb 7 11:14:30 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 10:14:30 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5112222D.7020901@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> Message-ID: <1U3OUw-000Fws-QU@internal.tormail.org> > On 06/02/13 02:49, Robert J. Hansen wrote: >> It makes no sense to me to believe that it's somehow possible to have a >> dongle that you can plug into a compromised PC to make it safe (or >> safer) to sign with. > > Can you explain (broadly) how one would compromise the signature/the > device that > you sign with? > > I myself always say "if you don't control your own PC, it's over". I don't > see > however how that compromised PC in this instance can force me to do false > signatures, which is the context I'm placing it in. > > You're still majorly screwed, obviously. An attacker will easily come up > with > some other nasty thing to do to you. Just not issuing false signatures. > > Peter. > Can't say better than that. From refreshing at tormail.org Thu Feb 7 11:16:06 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 10:16:06 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1466983.QQ103B6aB5@inno> References: <1U2GRg-0005LY-SI@internal.tormail.org> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <1466983.QQ103B6aB5@inno> Message-ID: <1U3OWU-000GAx-LB@internal.tormail.org> > Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing: > >> Can you explain (broadly) how one would compromise the signature/the >> device >> that you sign with? > > That seems easy to me: Except for small amounts (secure device's display > capacity) of very simple data (plain text) you have the problem that the > PC > which you need to create (and view) the data to be signed sends a blob to > the > secure device which is opaque to you. > > The problem is not to forge a signature but the difficulty to force that > only > data with checked integrity gets signed. How are you going to do that with > a > PDF? Text only is all I need. From refreshing at tormail.org Thu Feb 7 11:19:04 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Thu, 7 Feb 2013 10:19:04 -0000 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <511149A9.1070107@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> Message-ID: <1U3OZM-000GeH-RW@internal.tormail.org> > On 05/02/13 04:15, Robert J. Hansen wrote: >> No. There are none, nor will there be. You absolutely must retain >> control of the processing hardware GnuPG runs upon. If you don't have >> that control, there is literally no device -- hardware or software -- >> that can help you. > > While I agree with the broad sentiment, I'm not so sure a certain amount > of > damage control is impossible with what he/she proposes. If you have a > device > with small attack surface[1] that shows you the plaintext you're about to > sign > before signing it *with that device*, you can at least prevent making > bogus > signatures. That still means you're in trouble when your PC is under > control of > an attacker, but you can't be coerced to issue false signatures. That's > certainly something. > > Obviously I'm assuming the private key is not on the compromised PC. I'm > assuming a whole lot more that I'll leave implied. I'm just saying it > doesn't > sound over-and-shut end of the game to me when the PC is compromised. > >> This doesn't make sense to me. You don't trust your PC running GnuPG, >> so you want to verify your mail on a PC running GnuPG, just one that >> happens to be 'trusted'? > > First of all, I think he/she meant "verify that the text I'm about to sign > is > what I intended to sign", whereas you are probably thinking of "verifying > a > cryptographic signature". And a dedicated, limited, well-designed > single-purpose > device is more trustworthy than an Internet-connected general-purpose PC > under > the right circumstances. > >> (Also, you seem to be using the word 'trusted' in a way opposite from >> its real meaning. > >>From the context it's perfectly obvious what he/she meant and makes sense >> in > general English. Why argue semantics here? > > Just my 2 cents, > > Peter. > > [1] Read: not too much program code, well-defined limited communication > interfaces. I'd prefer a serial port :). Certainly not a USB device, > though it > could contain a USB-to-serial chip, obviously. > Exactly what I wanted to ask and what I think. Couldn't write better. Thanks! From lists at michel-messerschmidt.de Thu Feb 7 23:40:54 2013 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Thu, 7 Feb 2013 23:40:54 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <1U3OKI-000EH0-Ly@internal.tormail.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <1U3OKI-000EH0-Ly@internal.tormail.org> Message-ID: <20130207224054.GB14003@ryu.matrix> On Thu, Feb 07, 2013 at 10:03:30AM -0000, refreshing at tormail.org wrote: > I have no reason to believe my system is compromised. Taking security very > serious. Otherwise I wouldn't bother posting here. :) > > That sounds like a oxymoron. How can I be REALLY sure my system isn't > compromised? Mail clients and browsers are major attack surface and a > device exposed to internet can not be as secure as a small single purposed > device. > > > It makes no sense to me to believe that it's somehow possible to have a > > dongle that you can plug into a compromised PC to make it safe (or > > safer) to sign with. > > I think if designed right it works. This implies the compromised machine > can not attack the text reading and gpg signing device. If designed right, your machine won't be compromised. But this is obviously a very hard problem. If your signing device interprets mail, doesn't it become part of this "major attack surface"? And if it only interprets ASCII, how does it differentiate between signing ASCII and signing Unicode, possibly including RLO chars? I'm not sure that such a signing device can be designed simple enough to be immune to advanced attacks and still be useful. From rjh at sixdemonbag.org Fri Feb 8 01:17:05 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 07 Feb 2013 19:17:05 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <511400FD.4040807@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> Message-ID: <51144401.3070608@sixdemonbag.org> On 02/07/2013 02:31 PM, Peter Lebbing wrote: > You seem to be implying that unless something is perfect, something is bogus, > and people should not bother. No. I am arguing that if you do not/cannot trust the machine you're running GnuPG on, *there is no dongle you can add to your system to restore your trust in that machine*. You want a system in which, even if GnuPG is compromised, you can't be tricked into signing something other than what you intend to sign -- where, even if GnuPG is compromised, you can trust the signatures you make. Good luck. It can't be done. You need to be able to trust your hardware. If you don't, then no matter what dongle you use, the door is open for an enterprising malcontent to exploit you in any of hundreds of ways. > Why do you even have GnuPG if you feel that an attacker worth your > time would have you in his pocket? Because I trust my hardware. If you can trust your hardware, then there's a lot of stuff you can do. If you can't trust your hardware, then the only thing you should be doing is figuring out a way to restore that trust. > Actually, you might want to rethink that whole Fedora thing, because I think > someone has gone through quite some effort for your private key. He even > pretended to be Werner Koch, and laughed himself silly when you gave him a > bloody account to the machine he already owned more than you did. Sure. That's theoretically possible. I don't believe it to be true, though. My machine is trusted not because I'm certain that it's immune to being pwn3d, but because I acknowledge that it can break my local security policy and I'm willing to accept what I perceive as the risks. If you don't trust your hardware, then that means you're not willing to accept the risks you perceive. And that's a really big problem. If you're not willing to accept the risks you perceive as associated with your hardware, then why are you using your hardware? > I'm slightly confused. Because everything you object to the device I have in > mind is equally well deployed against the smartcard, yet the smartcard > apparently is not bogus. The smartcard solves a completely different problem than what you're talking about. This is why there's a differential answer. From josef at netpage.dk Fri Feb 8 03:12:47 2013 From: josef at netpage.dk (Josef Schneider) Date: Fri, 8 Feb 2013 03:12:47 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <51144401.3070608@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> <51144401.3070608@sixdemonbag.org> Message-ID: On Fri, Feb 8, 2013 at 1:17 AM, Robert J. Hansen wrote: > > Sure. That's theoretically possible. I don't believe it to be true, > though. My machine is trusted not because I'm certain that it's immune > to being pwn3d, but because I acknowledge that it can break my local > security policy and I'm willing to accept what I perceive as the risks. > > If you don't trust your hardware, then that means you're not willing to > accept the risks you perceive. And that's a really big problem. If > you're not willing to accept the risks you perceive as associated with > your hardware, then why are you using your hardware? Of course you can trust a hardware created for the sole purpose of signing clear text after displaying it more than a general purpose PC that has a lot of software that has absolutely nothing to do with security on it and regularly connects to a very insecure network (the Internet). You argue that there is only one level of trust for all hardware someone owns and either you trust all of it or none, and that is just not true! Why do you think do Banks use Smart Card readers with own display/keyboard and serial connection or TAN-generators using flicker codes? They do this because on the average PC there is a lot of software, a lot of it closed source which the bank can not control and neither can the owner. I can write some "virus" a user has to install himself (and we all know a lot will!) which sends signed mails to someone using GnuPG installed on the PC, even if using a smart card, in probably less than a day! Writing a modified firmware that shows wrong amounts/account ids for my Class 3 card reader and finding a way to install it (updates are cryptographically checked) is much much harder. I have no idea how long that would take or if I would ever succeed. I assume for TAN generators which get the transaction data using flicker codes it will be even harder! So even if I get someone to install my malware on his PC, his online banking will stay relatively safe. I have a smart card that has digital certificates on it which can be used to sign documents legally binding in my country. I use that card with a reader with own pin pad. Of course someone can highjack my PC and fake the data I want to sign. There are just a few problems: ? He can only sign something whenever I want to sign something, else I won't input my PIN ? I expect something to have a valid signature after that, so either he hopes I don't check this signature, or he fakes all the ways I can check that, which is very hard. With GnuPG on the other hand someone who has access to my PC can sign whatever he likes and sign as much as he likes, as long as my card reader is attached (which is, to be honest, quite long some times). If I wouldn't have a smart card he could even copy my key and then sign and decrypt whatever he likes, where- and whenever he likes! So given the fact that I maybe sign an average of three documents a day, in case one an attacker could sign up to three documents a day, but I would notice that very quickly because someone of the recipients would call me telling me the signature is invalid or I sent him some things he didn't expect (except if the attacker waits for exactly THE one document he wants to forge, has the right programming logic to detect and change it accordingly, etc..). With GnuPG in its current state he could sign millions of documents without me even noticing. I see a difference there! There is a risk to die when bungee jumping. There is a risk to die when jumping naked from a bridge without bungee rope. This doesn't mean I tell every bungee jumper to jump naked from bridges, because he could die with bungee rope too! I I don't do this because the odds to die are very different! From faramir.cl at gmail.com Fri Feb 8 00:42:59 2013 From: faramir.cl at gmail.com (Faramir) Date: Thu, 07 Feb 2013 20:42:59 -0300 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5112DE54.5010100@sixdemonbag.org> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> Message-ID: <51143C03.3050802@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 06-02-2013 19:51, Robert J. Hansen escribi?: > On 2/6/13 4:28 AM, Peter Lebbing wrote: >> Can you explain (broadly) how one would compromise the >> signature/the device that you sign with? > > Happily! > > I have an OpenPGP smartcard and an SCM card reader. I installed > it under Fedora 16 and it worked beautifully. Under Fedora 17 it's > broken. After a few rounds of unfruitful debugging I gave Werner an > account on an F17 box with this hardware plugged in, and even then > we were unable to figure out what was wrong. So, since this device > clearly doesn't work under F17 (or F18, now, for that matter), I've > elected to stop using it in favor of using my desktop PC. Just > makes sense. Damned thing doesn't work. > > -- And that is _exactly_ the attack I would use against any dongle > you plug into a compromised PC in order to make signatures safely. > If I've compromised the system, all I need to do is make the dongle > not work properly. After a few rounds of frustrating debugging and > discovering the thing just doesn't work, you'll revert back to > using your compromised PC. You'll do it for the exact same reason > that I stopped using my smartcard reader: "damned thing doesn't > work." Ah, but there are situations in which that would not work... if the secret key is ONLY present in the smartcard, and you are required by law to only use a secret key from a smartcard, that attack would make you unable to use digital signatures, but would not allow you to obtain documents signed by the victim. Now, why did I came with that case where law forces the use of smartcards? Easy, because that is what chilean law says about digital signatures. Of course, it focus on x.509 standard, and only if the certificate was issued by one of the CAs in the short list of government approved CAs. You can use other kind of digital signatures, but they won't be considered as legal as the smartcard ones, the judge would have to decide how much prove value to assign to those signatures... and that would be a bit scary ;) Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJRFDwCAAoJEMV4f6PvczxAFbwH/jEv4rKh0oX2yk+5c8F+cy4l bgV/Yj4GLVv3ICtZ1whvdACLxo9eGKOntRRaHfio4lUVSwYQH9dcYDb+L7VMf//A XGMLzO8YKuXYCtLYbPihkk6ElH4UmhOUjmTOEZ3thpNTLYpjQGu31NQSgW+cDX22 O+yEymizYpZTODJ+rNMMEg0658W7okcsRlJnvuYDaINlxJZn4YPusd+fmTpH03Mj lw8jT5to2cMyKYgJ888AvFibQVJRaEzAsnMB+Y3+xZUz+kWblPsTE2waDTGe4vVb bevO9UMOga0aNqYrDR1oYfOR4XxkIrBmNfIVwr7nIlrNRcn261SxmL4y+khrTZs= =bY0L -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Feb 8 04:14:17 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 07 Feb 2013 22:14:17 -0500 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <51143C03.3050802@gmail.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <51143C03.3050802@gmail.com> Message-ID: <51146D89.5000008@sixdemonbag.org> On 02/07/2013 06:42 PM, Faramir wrote: > Ah, but there are situations in which that would not work... Sure. There are always situations where a particular attack won't work. For instance, if there's an ironclad no-exceptions policy that you may never, ever, fall back to using GnuPG on the PC, then this attack wouldn't work. But that quickly reduces to a game of whack-a-mole -- a game you're not going to win. The attacker gets to tailor his attack to your defenses; you don't get to tailor your defense to the attacker. If you don't trust your hardware, get new hardware that you do trust. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Feb 8 04:16:23 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 07 Feb 2013 22:16:23 -0500 Subject: GnuPG in the media Message-ID: <51146E07.1030402@sixdemonbag.org> GnuPG was mentioned (somewhat inaccurately, but still mentioned) in the _Daily Mail_. It's not exactly 'respectable journalism', but it's still very high-visibility. http://www.dailymail.co.uk/sciencetech/article-2274388/MI5-install-black-box-spy-devices-monitor-UK-internet-traffic.html From avi.wiki at gmail.com Fri Feb 8 04:20:09 2013 From: avi.wiki at gmail.com (Avi) Date: Thu, 7 Feb 2013 22:20:09 -0500 Subject: GnuPG in the media In-Reply-To: <51146E07.1030402@sixdemonbag.org> References: <51146E07.1030402@sixdemonbag.org> Message-ID: Linux only? Fascinating how my Linux box has all these Msoft issues than :D ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 On Thu, Feb 7, 2013 at 10:16 PM, Robert J. Hansen wrote: > GnuPG was mentioned (somewhat inaccurately, but still mentioned) in the > _Daily Mail_. It's not exactly 'respectable journalism', but it's still > very high-visibility. > > http://www.dailymail.co.uk/sciencetech/article-2274388/MI5-install-black-box-spy-devices-monitor-UK-internet-traffic.html > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Fri Feb 8 09:42:51 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 08 Feb 2013 09:42:51 +0100 Subject: influence of signature type on trustdb In-Reply-To: <5113DC56.4000100@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 07 Feb 2013 11:54:46 -0500") References: <51137E14.7060307@dest-unreach.be> <0D7D5CE5-C722-4832-B48C-2E625C9D1599@jabberwocky.com> <5113C080.1090209@dest-unreach.be> <5113DC56.4000100@fifthhorseman.net> Message-ID: <87sj5719is.fsf@vigenere.g10code.de> On Thu, 7 Feb 2013 17:54, dkg at fifthhorseman.net said: > Making the trust model even more complicated without improving > comprehensibility to the user seems like trouble. I second this and let me also remind that we should not fall into the PKIX trap: Even that this hierarchical model is simpler than the Web of Trust, they turned it into a complete mess by adding more and more features to solve anticipated problems and forgot about the real world attacks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From niels at dest-unreach.be Fri Feb 8 10:10:56 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 08 Feb 2013 10:10:56 +0100 Subject: Smartcard & reader with pin-pad: working combo? Message-ID: <5114C120.1070502@dest-unreach.be> Hi, I've been reading up on smartcard usage lately. I currently store my master key offline, and only bring it online when I need it (signing other keys, or generating new subkeys). Moving the private key to a smartcard seems to only offer security increases, with little to no downside. Which brings me to my main question: I'm thinking of buying this smartcard: OpenPGP SmartCard V2 https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42 together with this reader: SCM SPR-332 https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=61 And would like to get this to work on my MacBook Pro with 10.6.8 (snow leopard). I'm not afraid to compile from applications from source, but would prefer not to mess with kernel modules. How likely is it that this is going to work? The card seems to be supported by GnuPG, even for 4096RSA keys (which I plan to use). But I'm not sure about the card reader. I wanted to get a cardreader with pinpad. That way even a compromised computer can't sign arbitrary data. (It can substitute my data with arbitrary data when I'm about to sign, but is still limited by 1 signature per manual pin entry) So to guard this topic: I'm also interested in the security-considerations of my intentions, but my main question is: what are the experiences with the mentioned card & cardreader? thx, Niels From branko at majic.rs Fri Feb 8 10:19:06 2013 From: branko at majic.rs (Branko Majic) Date: Fri, 8 Feb 2013 10:19:06 +0100 Subject: GnuPG in the media In-Reply-To: <51146E07.1030402@sixdemonbag.org> References: <51146E07.1030402@sixdemonbag.org> Message-ID: <20130208101906.2836e86d@zetkin.primekey.se> On Thu, 07 Feb 2013 22:16:23 -0500 "Robert J. Hansen" wrote: > GnuPG was mentioned (somewhat inaccurately, but still mentioned) in > the _Daily Mail_. It's not exactly 'respectable journalism', but > it's still very high-visibility. > > http://www.dailymail.co.uk/sciencetech/article-2274388/MI5-install-black-box-spy-devices-monitor-UK-internet-traffic.html Heheh... HushMail - JavaApplet + 1024 RSA key, lovely stuff :) -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From peter at digitalbrains.com Fri Feb 8 10:48:25 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 08 Feb 2013 10:48:25 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> <51144401.3070608@sixdemonbag.org> Message-ID: <5114C9E9.20504@digitalbrains.com> On 08/02/13 03:12, Josef Schneider wrote: > With GnuPG on the other hand someone who has access to my PC can sign > whatever he likes and sign as much as he likes, as long as my card > reader is attached Just so you know, the OpenPGP card has a "forcesig", force signature PIN, flag which you can set so you have to enter the PIN for every individual signature. Unfortunately (IMHO), there's no such flag for decryption and authentication, which can be done multiple times with one PIN entry. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From niels at dest-unreach.be Fri Feb 8 10:55:20 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 08 Feb 2013 10:55:20 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5114C9E9.20504@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> <51144401.3070608@sixdemonbag.org> <5114C9E9.20504@digitalbrains.com> Message-ID: <5114CB88.7090306@dest-unreach.be> On 2013-02-08 10:48, Peter Lebbing wrote: > On 08/02/13 03:12, Josef Schneider wrote: >> With GnuPG on the other hand someone who has access to my PC can sign >> whatever he likes and sign as much as he likes, as long as my card >> reader is attached > > Just so you know, the OpenPGP card has a "forcesig", force signature PIN, flag > which you can set so you have to enter the PIN for every individual signature. > Unfortunately (IMHO), there's no such flag for decryption and authentication, > which can be done multiple times with one PIN entry. I'm no expert, but isn't that only useful if you have a card-reader with pin-entry? If you use your compromised PC to enter your PIN, the malware can just replay that PIN to the card. Niels From peter at digitalbrains.com Fri Feb 8 11:09:40 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 08 Feb 2013 11:09:40 +0100 Subject: Feature request for future OpenPGP card: force PIN Message-ID: <5114CEE4.4090506@digitalbrains.com> Hello Werner and list, I'd like to do a feature request for a new version of the OpenPGP card, whenever such a new version would be designed. The current OpenPGP cards have a "force signature PIN" flag which can be set so only one signature is issued with one PIN entry. I'd like to request similar flags for the other two keys on the card, the encryption key and the authentication key. To me, it seems that the rationale for such a flag on the authentication key is the same as for the signature key; both are a form of signatures. However, I'm not familiar with the rationale for adding the force signature PIN flag. I think there's an obvious use case for not setting the "force PIN" flag on decryption: if you're searching your mail archive for a certain string, and you have lots of encrypted mails, not forcing the PIN will mean you only need to enter the PIN once for the search. But offering the option to force the PIN for each decryption just means people with this use case will not set the flag; it does not get in their way. I don't have a mail archive with encrypted mails. To me, decryption is just as much a "once only" action as signatures. So I would personally set the "force decryption PIN" flag for the same reasons I set the "force signature PIN" flag. It seems to me this is a simple and harmless addition, so I hope it can be accepted on the grounds that it is useful to some, not harmful to others and not that much work. I hope I see that right. I regret not doing this feature request between the card v1.1 and v2.0 :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From niels at dest-unreach.be Fri Feb 8 11:53:05 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 08 Feb 2013 11:53:05 +0100 Subject: Smartcard & reader with pin-pad: working combo? In-Reply-To: <20130208112352.66b60bda@zwergnase.local.hnjs.ch> References: <5114C120.1070502@dest-unreach.be> <20130208112352.66b60bda@zwergnase.local.hnjs.ch> Message-ID: <5114D911.7020905@dest-unreach.be> On 2013-02-08 11:23, Hendrik J?ger wrote: > Hello Niels > > On Fri, 08 Feb 2013 10:10:56 +0100 > Niels Laukens wrote: > >> How likely is it that this is going to work? The card seems to be >> supported by GnuPG, even for 4096RSA keys (which I plan to use). > > On the card?s page it says: > Schl?ssell?nge jetzt bis zu 3072 Bits > What makes you think it works with 4096-bit keys? These: http://www.corsac.net/?rub=blog&post=1548 https://chris.boyle.name/2011/02/gnupg-4096-bit-keys-openpgp http://wiki.debian.org/Smartcards/OpenPGP#Features http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042750.html http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042761.html >> together with this reader: SCM SPR-332 > I bought this reader as well after I could not get the pinpad of > "Gemalto PC Pinpad USB > Reader" (http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=122) > to work with GnuPG. > It works just fine and (almost) out of the box, at least on Debian > Linux. That's good to hear. thank you! Niels -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 292 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Fri Feb 8 12:06:23 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 08 Feb 2013 12:06:23 +0100 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5114CB88.7090306@dest-unreach.be> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> <51144401.3070608@sixdemonbag.org> <5114C9E9.20504@digitalbrains.com> <5114CB88.7090306@dest-unreach.be> Message-ID: <5114DC2F.1030807@digitalbrains.com> On 08/02/13 10:55, Niels Laukens wrote: > I'm no expert, but isn't that only useful if you have a card-reader with > pin-entry? If you use your compromised PC to enter your PIN, the malware > can just replay that PIN to the card. Yes, I agree. Not that I am an expert. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From gnupg-users at henk.geekmail.org Fri Feb 8 11:23:52 2013 From: gnupg-users at henk.geekmail.org (Hendrik =?UTF-8?B?SsOkZ2Vy?=) Date: Fri, 8 Feb 2013 11:23:52 +0100 Subject: Smartcard & reader with pin-pad: working combo? In-Reply-To: <5114C120.1070502@dest-unreach.be> References: <5114C120.1070502@dest-unreach.be> Message-ID: <20130208112352.66b60bda@zwergnase.local.hnjs.ch> Hello Niels On Fri, 08 Feb 2013 10:10:56 +0100 Niels Laukens wrote: > Which brings me to my main question: I'm thinking of buying this > smartcard: OpenPGP SmartCard V2 > https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42 > together with this reader: SCM SPR-332 > https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=61 > And would like to get this to work on my MacBook Pro with 10.6.8 (snow > leopard). I'm not afraid to compile from applications from source, but > would prefer not to mess with kernel modules. > > How likely is it that this is going to work? The card seems to be > supported by GnuPG, even for 4096RSA keys (which I plan to use). On the card?s page it says: Schl?ssell?nge jetzt bis zu 3072 Bits What makes you think it works with 4096-bit keys? > But I'm not sure about the card reader. > > So to guard this topic: I'm also interested in the > security-considerations of my intentions, but my main question is: > what are the experiences with the mentioned card & cardreader? I bought this reader as well after I could not get the pinpad of "Gemalto PC Pinpad USB Reader" (http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=122) to work with GnuPG. It works just fine and (almost) out of the box, at least on Debian Linux. Best regards Hendrik -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From wk at gnupg.org Fri Feb 8 13:51:10 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 08 Feb 2013 13:51:10 +0100 Subject: Feature request for future OpenPGP card: force PIN In-Reply-To: <5114CEE4.4090506@digitalbrains.com> (Peter Lebbing's message of "Fri, 08 Feb 2013 11:09:40 +0100") References: <5114CEE4.4090506@digitalbrains.com> Message-ID: <877gmj0y0x.fsf@vigenere.g10code.de> On Fri, 8 Feb 2013 11:09, peter at digitalbrains.com said: > the same as for the signature key; both are a form of signatures. However, I'm > not familiar with the rationale for adding the force signature PIN flag. That is simply a requirement due to the German law about qualified signatures. If someone wants to use the OpenPGP card specification to setup a qualified signature system, this feature is needed. This is not that I think this will ever be done, but back when we worked out the specs it seemed to be a good idea to have such a feature. In any case it is not a security measure because the host may simply cache the PIN and and silently do a verify command before each sign operation. To avoid that simple workaround, a pinpad reader which filters the VERIFY command would be needed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Fri Feb 8 15:18:30 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 08 Feb 2013 15:18:30 +0100 Subject: Feature request for future OpenPGP card: force PIN In-Reply-To: <877gmj0y0x.fsf@vigenere.g10code.de> References: <5114CEE4.4090506@digitalbrains.com> <877gmj0y0x.fsf@vigenere.g10code.de> Message-ID: <51150936.1000801@digitalbrains.com> On 08/02/13 13:51, Werner Koch wrote: > In any case it is not a security measure because the host may simply > cache the PIN and and silently do a verify command before each sign > operation. To avoid that simple workaround, a pinpad reader which > filters the VERIFY command would be needed. I have an SCM SPR 532 reader with pinpad; I thought the host could not get at the PIN when entered on the pinpad? The way I understood it, the host sends a VERIFY command "template" to the reader which the reader fills in with the PIN entered on the pinpad of the reader, and then forwards to the smartcard. I understand that if you enter the PIN on the keyboard of your PC, the force signature PIN flag is completely useless. Thanks for sharing the rationale for the force signature PIN flag. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From niels at dest-unreach.be Fri Feb 8 17:11:16 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 08 Feb 2013 17:11:16 +0100 Subject: LiveCD with GPG 2.0.18+ Message-ID: <511523A4.8010401@dest-unreach.be> Is there any LiveCD that has GPG 2.0.18 (or higher) on it? I plan to generate some secret keys to store on a smartcard, and to backup on a USB device. To minimize the risk of Key compromise, I'd like to do the key generation on an offline machine. I could do a regular install for this, and wipe the harddrive after I'm done, but it would save a lot of work if I could boot off a LiveCD. But since I'd like to move a 4096bit key to a smartcard, I need 2.0.18 (or higher). Are there LiveCDs that have this version on them? Thx, Niels From peter at digitalbrains.com Fri Feb 8 17:26:00 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 08 Feb 2013 17:26:00 +0100 Subject: LiveCD with GPG 2.0.18+ In-Reply-To: <511523A4.8010401@dest-unreach.be> References: <511523A4.8010401@dest-unreach.be> Message-ID: <51152718.40306@digitalbrains.com> > Is there any LiveCD that has GPG 2.0.18 (or higher) on it? A quick check shows that Knoppix claims to have gnupg2 2.0.19-1 on Knoppix DVD versions 7.0.4 and 7.0.5. The version number is probably a Debian version number. There are files called dpkg-l-dvd-704.txt and ..705.txt in the DVD mirrors of Knoppix that give a listing of all installed packages along with version numbers. Note that the CD version does not have GnuPG 2! Only 1.4.x. Good luck, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From faramir.cl at gmail.com Fri Feb 8 21:34:02 2013 From: faramir.cl at gmail.com (Faramir) Date: Fri, 08 Feb 2013 17:34:02 -0300 Subject: More secure than smartcard or cryptostick against remote attacks? In-Reply-To: <5114C9E9.20504@digitalbrains.com> References: <1U2GRg-0005LY-SI@internal.tormail.org> <51107939.1060106@sixdemonbag.org> <511149A9.1070107@digitalbrains.com> <5111B6B3.3090604@sixdemonbag.org> <5112222D.7020901@digitalbrains.com> <5112DE54.5010100@sixdemonbag.org> <5113A8C4.9080408@digitalbrains.com> <5113BEFC.1020604@sixdemonbag.org> <511400FD.4040807@digitalbrains.com> <51144401.3070608@sixdemonbag.org> <5114C9E9.20504@digitalbrains.com> Message-ID: <5115613A.6010604@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 08-02-2013 6:48, Peter Lebbing escribi?: > On 08/02/13 03:12, Josef Schneider wrote: >> With GnuPG on the other hand someone who has access to my PC can >> sign whatever he likes and sign as much as he likes, as long as >> my card reader is attached > > Just so you know, the OpenPGP card has a "forcesig", force > signature PIN, flag which you can set so you have to enter the PIN > for every individual signature. Unfortunately (IMHO), there's no > such flag for decryption and authentication, which can be done > multiple times with one PIN entry. Maybe it would be interesting to add a big "sign" button to the pad. Probably you would not like to enter a PIN for each signature, but maybe 1 button to press for each signature (after the PIN has been entered for the first one) would be interesting. Of course, probably that would require to modify readers and cards, and maybe very few people would want it. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJRFWE6AAoJEMV4f6PvczxAZtMH/2oRg2tBUupSXsOfg9h0o/PK f704aBb3gMGMezVYI//MH7QQJIjVxGPDJbaK2vWGJTyEtLl2wh5+c82EnQEnpq19 wDMzK8FcDL5AzKdLltznLn/iIu+EygOUOMa9/tzD+vQ/9X4R+sJGpDw6rJD6ytku 8THUwPGBcVX4pnYdDBjGQYOxr94R8qGa4FaqRxW6iOWp9Nf63QKgTM6miV/Pf37Q 7Bf8SAQ8KSu0Sf9M9wCVv3T+Qsa+Pmk0LPOEizZ9Pt7UGguakwcce0KQxo4A0qf8 Tdylc35BwctW+8tpM1dRUzlrqvgdLklhguhA1YnFx0RxQBYHurF5T3PYg4fzycI= =FuKE -----END PGP SIGNATURE----- From wk at gnupg.org Sat Feb 9 14:32:45 2013 From: wk at gnupg.org (Werner Koch) Date: Sat, 09 Feb 2013 14:32:45 +0100 Subject: Feature request for future OpenPGP card: force PIN In-Reply-To: <51150936.1000801@digitalbrains.com> (Peter Lebbing's message of "Fri, 08 Feb 2013 15:18:30 +0100") References: <5114CEE4.4090506@digitalbrains.com> <877gmj0y0x.fsf@vigenere.g10code.de> <51150936.1000801@digitalbrains.com> Message-ID: <87hallzk76.fsf@vigenere.g10code.de> On Fri, 8 Feb 2013 15:18, peter at digitalbrains.com said: > I have an SCM SPR 532 reader with pinpad; I thought the host could not get at > the PIN when entered on the pinpad? The way I understood it, the host sends a That is right. However, if for other reasons the PIN is known to the host (used without pinpad, spyware utilizing the microphone or another side channel, bugged reader firmware), the host will be able to use the smartcard without you noticing it. See the various attacks on point of sale terminals for such attacks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Sun Feb 10 00:12:35 2013 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 09 Feb 2013 18:12:35 -0500 Subject: Best way to catch INSECURE unverified sig status when shelling out to gpg? In-Reply-To: <5116D73D.7060204@grant-olson.net> References: <5116D73D.7060204@grant-olson.net> Message-ID: <5116D7E3.80400@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 02/09/2013 06:09 PM, Grant Olson wrote: > > What is the best way to check for this? I presume something like > stdout.include?("INSECURE") is not localization friendly. > Sorry INSECURE was actually from my test key. The actual text is of course WARNING. Just wanted to note that before I was corrected... - -- - -Grant "Look around! Can you construct some sort of rudimentary lathe?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtffAAoJEP5F5V2hilTWwZgIALXvTbhHeZMlbHVYN5kqzrad c5zphOpAcT35u69fk7WOFRvY9+J6gM9gBNxDaLeqal9F8T86kIZbqADep3+lqXRV Iqumvw3EDzgvH18ndGQu+NDE+9vSDuPrKC1TJVDN2eFBQKUJ8irnU1jKtVYeyPDx uxKlyKP7AZLxM7v1J1LRl3bKrvgvdnwnQOU+0pATHqGr08kfE9+4kryCftRTDCNt jWBrw+K+/ToUisbemHTjU5I5BNXuzihbz+yQ+Bse/eyMikXbzEMGh4FOJzgQWqvb 3OMO8a65rU2aQB7PSKTQxdKd0ig2/TvPqU+pyqvAYHivmJcBtkCldcdbuyzPnn0= =0Qxo -----END PGP SIGNATURE----- From kgo at grant-olson.net Sun Feb 10 00:09:49 2013 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 09 Feb 2013 18:09:49 -0500 Subject: Best way to catch INSECURE unverified sig status when shelling out to gpg? Message-ID: <5116D73D.7060204@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I'm currently writing a plugin that allows you to OpenPGP sign/verify ruby software packages: https://github.com/grant-olson/rubygems-openpgp Right now I'm just shelling out to gpg and checking the status code to determine success or failure. When I have an unverified but good signature I don't get an error code. What is the best way to check for this? I presume something like stdout.include?("INSECURE") is not localization friendly. Thanks, - -- - -Grant "Look around! Can you construct some sort of rudimentary lathe?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtc4AAoJEP5F5V2hilTWCcwIAJoMsbwQ1GikobJD5vnnPwG9 +UmU5ZNKW6gNLDru28/a3VZNKgzdViaCHSfL8XNbm+CzioycImppQvMzliRwminT filk7KYwnBmMJLEq8Nt1tY93L9Bl+6lWdmDvDRzOyEYpv3iWB8uBd37CacodXiV3 tM3lM0m04A4E/+QDsZ+2tHMzrcuz2gcFPKUC6nh2LzT+0tfsVA1SWQb3Z+3jdvEN Dn+mE+NyazxgcTcF+syJiRFXza1nFDkQhdkiS4e6wFzvxqLmxJQfoH2Nj18zt6OM SjZDEmzafnrDl7qxQtCaABH2+cP/CvOLki93YV9nOEQ9nwRAkVy3I73/Iajmw1g= =+EnS -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Feb 10 06:09:01 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 10 Feb 2013 00:09:01 -0500 Subject: Best way to catch INSECURE unverified sig status when shelling out to gpg? In-Reply-To: <5116D73D.7060204@grant-olson.net> References: <5116D73D.7060204@grant-olson.net> Message-ID: On Feb 9, 2013, at 6:09 PM, Grant Olson wrote: > I'm currently writing a plugin that allows you to OpenPGP sign/verify > ruby software packages: > > https://github.com/grant-olson/rubygems-openpgp > > Right now I'm just shelling out to gpg and checking the status code to > determine success or failure. When I have an unverified but good > signature I don't get an error code. > > What is the best way to check for this? I presume something like > stdout.include?("INSECURE") is not localization friendly. The option you're looking for is "--status-fd". Using that, you can get a stream of localization-safe string tags that can tell you the exact status of a signature. See the DETAILS file from the GnuPG distribution for the specific tags. David From kamalakannan.n at tcs.com Tue Feb 12 09:27:39 2013 From: kamalakannan.n at tcs.com (Kamalakannan N) Date: Tue, 12 Feb 2013 13:57:39 +0530 Subject: Fw: GPG Decryption Issue Message-ID: Hi Hauke , Kindly help me out by providing --multifile --decrypt batch file command , Currently we are using batch command as below to decrypt single files. gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Kindly let me know how to decrypt multifile by using single command Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ ----- Forwarded by Kamalakannan N/CHN/TCS on 02/12/2013 01:56 PM ----- From: Kamalakannan N/CHN/TCS To: Hauke Laging Cc: gnupg-users at gnupg.org Date: 02/07/2013 12:38 PM Subject: Re: GPG Decryption Issue Hi Hauke , Kindly help me out by providing --multifile --decrypt batch file command , Currently we are using batch command as below to decrypt single files. gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Kindly let me know how to decrypt multifile by using single command Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakannan.n at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Hauke Laging To: gnupg-users at gnupg.org Cc: Kamalakannan N Date: 02/07/2013 12:33 PM Subject: Re: GPG Decryption Issue Am Do 07.02.2013, 10:28:29 schrieb Kamalakannan N: > Application is run by the same user and secret key is protected by a > passphrase. Take the passphrase off the key and check whether the batch file works then. > Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . > > Batch file command is : > gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt -- output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E: \Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Put this into the batch file for testing: 1) gpg --list-options show-keyring \ --output E:\Data\qfbi\Navtech\Working\keyring.txt \ --list-secret-keys 2) copy E:\Data\qfbi\Navtech\Working\passphrase.txt \ E:\Data\qfbi\Navtech\Working\passphrase.cp Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment "signature.asc" deleted by Kamalakannan N/CHN/TCS] =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From refreshing at tormail.org Tue Feb 12 17:01:02 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Tue, 12 Feb 2013 16:01:02 -0000 Subject: migrate to offline gpg master key Message-ID: <1U5II2-000K0m-UY@internal.tormail.org> At the moment my gpg master key is still stored on the machine I use to go online. I decided to change that. The gpg master key should only be stored on a separate offline machine. What's the best path for migration? I thought gpg is complicated but offline key makes my head burn. Any good guide? From refreshing at tormail.org Tue Feb 12 17:20:16 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Tue, 12 Feb 2013 16:20:16 -0000 Subject: how to use invald e-mail? Message-ID: <1U5Iae-000Ng6-Ud@internal.tormail.org> When key is created gpg asks for e-mail address and it must be in proper format email at domain. I saw keys without valid email already. How to do it? From refreshing at tormail.org Tue Feb 12 17:49:27 2013 From: refreshing at tormail.org (refreshing at tormail.org) Date: Tue, 12 Feb 2013 16:49:27 -0000 Subject: How to turn off gpg: key : not protected - skipped Message-ID: <1U5J2t-0002zF-C3@internal.tormail.org> I have no pass phrase on my key because I encrypt my whole disk. But then I can't export my key. gpg --export-secret-subkeys --armor gpg: key : not protected - skipped gpg: WARNING: nothing exported Is there a option to turn this off? From dshaw at jabberwocky.com Tue Feb 12 21:20:30 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 12 Feb 2013 15:20:30 -0500 Subject: how to use invald e-mail? In-Reply-To: <1U5Iae-000Ng6-Ud@internal.tormail.org> References: <1U5Iae-000Ng6-Ud@internal.tormail.org> Message-ID: <456FAC8D-0D9B-44A4-BC3F-9A0CAE4BEBF1@jabberwocky.com> On Feb 12, 2013, at 11:20 AM, refreshing at tormail.org wrote: > When key is created gpg asks for e-mail address and it must be in proper > format email at domain. > > I saw keys without valid email already. > > How to do it? gpg --allow-freeform-uid --gen-key --allow-freeform-uid Disable all checks on the form of the user ID while generating a new one. This option should only be used in very special envi? ronments as it does not ensure the de-facto standard format of user IDs. David From niels at dest-unreach.be Tue Feb 12 21:27:55 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Tue, 12 Feb 2013 21:27:55 +0100 Subject: migrate to offline gpg master key In-Reply-To: <1U5II2-000K0m-UY@internal.tormail.org> References: <1U5II2-000K0m-UY@internal.tormail.org> Message-ID: <511AA5CB.8040709@dest-unreach.be> On 2013-02-12 17:01, refreshing at tormail.org wrote: > At the moment my gpg master key is still stored on the machine I use to go > online. I decided to change that. The gpg master key should only be stored > on a separate offline machine. > > What's the best path for migration? You can use --export-secret-subkeys, that will export the subkeys only, with a stub for the main key. Importing this file on your online machine should do what you want. Niels From mailinglisten at hauke-laging.de Tue Feb 12 21:30:12 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 12 Feb 2013 21:30:12 +0100 Subject: migrate to offline gpg master key In-Reply-To: <1U5II2-000K0m-UY@internal.tormail.org> References: <1U5II2-000K0m-UY@internal.tormail.org> Message-ID: <2066174.nWH8XahekE@inno> Am Di 12.02.2013, 16:01:02 schrieb refreshing at tormail.org: > The gpg master key should only be stored > on a separate offline machine. That statement is too wide. The main key should never be *used* (or: usable) on an insecure system. If it is protected by a secure passphrase ([a-zA- Z0-9]^18) which is never entered in an insecure system then there is no relevant risk. > What's the best path for migration? Get a safe system (or a safe boot medium for your normal system). There you import the key (or unlock it) and do what's necessary. Any specific questions? It boils down do export the public keys or the secret subkeys on the safe system afterwards and import them on the insecure system. > I thought gpg is complicated but offline key makes my head burn. Any good > guide? In case you understand German (it's not comprehensive yet, though): http://www.hauke-laging.de/sicherheit/openpgp.html#offline-mainkey In the context of smartcards this is mentioned on the FSFE site: http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Tue Feb 12 21:31:04 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 12 Feb 2013 21:31:04 +0100 Subject: how to use invald e-mail? In-Reply-To: <1U5Iae-000Ng6-Ud@internal.tormail.org> References: <1U5Iae-000Ng6-Ud@internal.tormail.org> Message-ID: <1360714899.EUl7fmBK1r@inno> Am Di 12.02.2013, 16:20:16 schrieb refreshing at tormail.org: > When key is created gpg asks for e-mail address and it must be in proper > format email at domain. > > I saw keys without valid email already. > > How to do it? --allow-freeform-uid Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From email at janignatius.fi Wed Feb 13 06:46:31 2013 From: email at janignatius.fi (Jan Ignatius) Date: Wed, 13 Feb 2013 07:46:31 +0200 Subject: Unable to access Crypto Stick with gpg2 Message-ID: <20130213074631.2f9ad2e2@Sibelius> Hello, so far I've been (successfully) using gpg2 with Windows but having recently installed Linux Mint 14 on a spare laptop, I've ran into problems when trying to access my keys stored on a GPF Cryto Stick: $ gpg2 --version gpg (GnuPG) 2.0.19 libgcrypt 1.5.0 $ gpg2 --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate the card contains normal 2048bit keys. If I sudo I get this: $ sudo gpg2 --card-status gpg: WARNING: unsafe ownership on configuration file `/home/jan/.gnupg/gpg.conf' scdaemon[2740]: PC/SC OPEN failed: reader unavailable gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error $ scdaemon[2740]: PC/SC OPEN failed: reader unavailable scdaemon[2740]: PC/SC OPEN failed: reader unavailable scdaemon[2740]: scdaemon (GnuPG) 2.0.19 stopped What should I try next to get gpg2 working? -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 From mailinglisten at hauke-laging.de Wed Feb 13 11:55:59 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 13 Feb 2013 11:55:59 +0100 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <20130213074631.2f9ad2e2@Sibelius> References: <20130213074631.2f9ad2e2@Sibelius> Message-ID: <1883001.NOL9zRZ9n2@inno> Am Mi 13.02.2013, 07:46:31 schrieb Jan Ignatius: > scdaemon[2740]: PC/SC OPEN failed: reader unavailable I think this is the relevant problem with thr rest being the result of that. What are the access rights for the reader? Can your user account access it? Perhaps you need a suitable udev rule. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From email at janignatius.fi Wed Feb 13 19:16:01 2013 From: email at janignatius.fi (Jan Ignatius) Date: Wed, 13 Feb 2013 20:16:01 +0200 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <1883001.NOL9zRZ9n2@inno> References: <20130213074631.2f9ad2e2@Sibelius> <1883001.NOL9zRZ9n2@inno> Message-ID: <20130213201601.551b191d@Sibelius> On Wed, 13 Feb 2013 11:55:59 +0100 Hauke Laging wrote: > Am Mi 13.02.2013, 07:46:31 schrieb Jan Ignatius: > > > scdaemon[2740]: PC/SC OPEN failed: reader unavailable > > I think this is the relevant problem with thr rest being the result > of that. What are the access rights for the reader? Can your user > account access it? Perhaps you need a suitable udev rule. > > > Hauke I may have missed something. I just restarted the machine (which I had not done when trying to get the stick to work), performed the same actions again and got a different result: $ gpg2 --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate $ sudo gpg2 --card-status [sudo] password for jan: gpg: WARNING: unsafe ownership on configuration file `/home/jan/.gnupg/gpg.conf' Application ID ...: D276000124010200000500000C1D0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 00000C1D Name of cardholder: Jan Ignatius Language prefs ...: en Sex ..............: male URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 18 Signature key ....: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 created ....: 2012-07-25 18:21:13 Encryption key....: F316 9042 B599 FE06 ABFC BB42 1D72 A9D5 F7EB DE4B created ....: 2012-07-25 18:21:13 Authentication key: B2EB 65F2 31F8 6B30 B917 06A7 1A8B 1F48 BEA5 709F created ....: 2012-07-25 18:21:13 General key info..: [none] scdaemon[3638]: updating slot 0 status: 0x0000->0x0007 (0->1) $ scdaemon[3638]: scdaemon (GnuPG) 2.0.19 stopped $ So at least gpg2 can access the card with sudo but the scdaemon dies after the first attempt. Coming back to your original proposal, could you give me some guidance on how i can check the user permissions for the Crypto Stick? I've only gotten as far as identifying the card by doing tail -f /var/log/syslog and then plugging in the device: Feb 13 19:59:59 Sibelius kernel: [ 145.733139] usb 1-1.2: >new full-speed USB device number 5 using ehci_hcd Feb 13 19:59:59 Sibelius kernel: [ 145.826321] usb 1-1.2: >New USB device found, idVendor=20a0, idProduct=4107 Feb 13 19:59:59 Sibelius kernel: [ 145.826330] usb 1-1.2: >New USB device strings: Mfr=1, Product=2, SerialNumber=0 Feb 13 19:59:59 Sibelius kernel: [ 145.826337] usb 1-1.2: >Product: Crypto Stick v1.2 Feb 13 19:59:59 Sibelius kernel: [ 145.826342] usb 1-1.2: >Manufacturer: German Privacy Foundation Feb 13 19:59:59 Sibelius mtp-probe: checking bus 1, device 5: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2" Feb 13 19:59:59 Sibelius mtp-probe: bus: 1, device: 5 was not an MTP device Feb 13 19:59:59 Sibelius kernel: [ 145.848956] WARNING! power/level is deprecated; use power/control instead Feb 13 19:59:59 Sibelius pcscd: ccid_usb.c:1054:ControlUSB() control failed (1/5): -9 Success But I am at loss on how to proceed from here. -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 From mailinglisten at hauke-laging.de Wed Feb 13 23:32:29 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 13 Feb 2013 23:32:29 +0100 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <20130213201601.551b191d@Sibelius> References: <20130213074631.2f9ad2e2@Sibelius> <1883001.NOL9zRZ9n2@inno> <20130213201601.551b191d@Sibelius> Message-ID: <2255671.77Oa04RI2G@inno> Am Mi 13.02.2013, 20:16:01 schrieb Jan Ignatius: > Coming back to your original proposal, could you give me some guidance > on how i can check the user permissions for the Crypto Stick? That's easy: lsusb shows you the bus and device number. ls -l /dev/bus/usb/002/ for all devices on bus 2 or ls -l /dev/bus/usb/002/006 for a single device, the 6th e.g. > usb 1-1.2: >new full-speed USB device number 5 I think that means that you have connected the device to bus 2 which is a USB 1.1 bus. The kernel has given the device the number 5. This is not always the same. If you disconnect and reconnect it will probably have the next number. No idea whether there is an overrun after 999 ;-) So you should see the access rights with ls -l /dev/bus/usb/002/005 You may configure udev so that a symlink is created (/dev/cryptostick-0 or the like) and that the device rights are set accordingly. But that is not GnuPG- specific. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From apadmaraju at prounlimited.com Thu Feb 14 00:00:03 2013 From: apadmaraju at prounlimited.com (Anilkumar Padmaraju) Date: Wed, 13 Feb 2013 15:00:03 -0800 Subject: Problem after going from gpg 1.2.6 to 1.4.5 Message-ID: We upgraded from gpg 1.2.6 to 1.4.5 on "Red Hat Enterprise Linux AS release 4 (Nahant Update 5)". After that we encrypted a file as "/usr/bin/gpg --armor --output $out_file --encrypt -q --yes -r '$gpg_userid' $file". However, with 1.4.5 we get an encrypted file everything in one line and gets cut at 80th char. With 1.2.6 we used to get an encrypted file in multiple lines with 80 chars per line and was able to see complete file. With 1.4.5, how to get it in 80 char format per line? Right now we cannot upgrade to beyond 1.4.5 because of consistency issues. Thank you, Anil. From wk at gnupg.org Thu Feb 14 09:44:59 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 14 Feb 2013 09:44:59 +0100 Subject: Problem after going from gpg 1.2.6 to 1.4.5 In-Reply-To: (Anilkumar Padmaraju's message of "Wed, 13 Feb 2013 15:00:03 -0800") References: Message-ID: <87sj4zs2r8.fsf@vigenere.g10code.de> On Thu, 14 Feb 2013 00:00, apadmaraju at prounlimited.com said: > However, with 1.4.5 we get an encrypted file everything in one line > and gets cut at 80th char. With 1.2.6 we used to get an encrypted > file in multiple lines with 80 chars per line and was able to see > complete file. That pretty much looks like a post processing problem in your script. GPG's armor format does not output more than 64 characters per line. IT is possible that old versions uses up to 72 characters but definitely never more than 76 as per specs. BTW, you should also use "--batch" when invoking gpg from a script and take care to properly quote argumens, so that filenames with spaces work. > With 1.4.5, how to get it in 80 char format per line? Right now we Why did you switch to a 6 year old version of GnuPG with 4 known CVE indetified bugs? > cannot upgrade to beyond 1.4.5 because of consistency issues. Please explain. There is no incompatibility between 1.4.5 and later versions. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Feb 14 10:02:49 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 14 Feb 2013 10:02:49 +0100 Subject: Fw: GPG Decryption Issue In-Reply-To: (Kamalakannan N.'s message of "Tue, 12 Feb 2013 13:57:39 +0530") References: Message-ID: <87obfns1xi.fsf@vigenere.g10code.de> On Tue, 12 Feb 2013 09:27, kamalakannan.n at tcs.com said: > Currently we are using batch command as below to decrypt single files. > gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt > --output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt > E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Example: gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt \ --yes --multifile --decrypt \ E:\Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg \ E:\Data\qfbi\Navtech\Input\NJS170203YBBNB.gpg \ E:\Data\qfbi\Navtech\Input\NJS170203YBBNC.gpg or gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt \ --yes --multifile --decrypt FreeBSD-8.3 STABLE gpg (GnuPG) 2.0.19 libgcrypt 1.5.0 gpa 0.9.3 When attempting to run 'gpa', I am greeted with an error message. The message can be viewed here: http://www.seibercom.net/logs/gpa_error.png It seems to indicate that there is a problem with the GPG library returning an unexpected value. I have tried rebuilding 'gnupg', 'gpgme' and 'gpa'. Is there something else I should be looking into? Thanks! -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From email at janignatius.fi Thu Feb 14 18:38:05 2013 From: email at janignatius.fi (Jan Ignatius) Date: Thu, 14 Feb 2013 19:38:05 +0200 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <2255671.77Oa04RI2G@inno> References: <20130213074631.2f9ad2e2@Sibelius> <1883001.NOL9zRZ9n2@inno> <20130213201601.551b191d@Sibelius> <2255671.77Oa04RI2G@inno> Message-ID: <20130214193805.13895fae@Sibelius> On Wed, 13 Feb 2013 23:32:29 +0100 Hauke Laging wrote: > Am Mi 13.02.2013, 20:16:01 schrieb Jan Ignatius: > > > Coming back to your original proposal, could you give me some > > guidance on how i can check the user permissions for the Crypto > > Stick? > > I think that means that you have connected the device to bus 2 which > is a USB 1.1 bus. The kernel has given the device the number 5. This > is not always the same. If you disconnect and reconnect it will > probably have the next number. No idea whether there is an overrun > after 999 ;-) > > So you should see the access rights with > ls -l /dev/bus/usb/002/005 > Turns out it was mounted on /dev/bus/usb/001/005: crw-rw-r-- 1 root pcscd 189, 4 Feb 14 19:13 005 The access rights seem ok to me - the smart card daemon pcscd has full rights to the device. Does anyone have other ideas I could test out? A more directly gnupg related matter also came to light - after the card reading fails (see my earlier examples) and the scdaemon goes belly up it seems not to die peacefully: When I remove the Crypto Stick my syslog starts filling up with thousands identical entries as follows: Feb 14 19:22:43 Sibelius kernel: [ 846.570762] usb 1-1.2: >USB disconnect, device number 5 Feb 14 19:22:43 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:43 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:44 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:44 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:45 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:45 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:45 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:46 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:47 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:47 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:48 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:48 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:48 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:49 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:49 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:49 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:50 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:51 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:51 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:52 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:52 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:52 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:53 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:54 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device Feb 14 19:22:54 Sibelius pcscd: ifdwrapper.c:348:IFDStatusICC() Card not transacted: 617 Feb 14 19:22:55 Sibelius pcscd: eventhandler.c:303:EHStatusHandlerThread() Error communicating to: German Privacy Foundation Crypto Stick v1.2 00 00 Feb 14 19:22:55 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device ...Ad infinitum So I have to restart the machine to avoid bloating up the syslog. The same does not happen if I only plug in the stick and then remove it, without running gpg2, the only entries (for the disconnect) are as follows: Feb 14 19:34:44 Sibelius kernel: [ 206.379447] usb 1-1.2: >USB disconnect, device number 5 Feb 14 19:34:44 Sibelius pcscd: ccid_usb.c:660:WriteUSB() write failed (1/5): -4 No such device -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 From mailinglisten at hauke-laging.de Thu Feb 14 18:51:13 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 14 Feb 2013 18:51:13 +0100 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <20130214193805.13895fae@Sibelius> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> Message-ID: <13487738.mMm6CsMXsx@inno> Am Do 14.02.2013, 19:38:05 schrieb Jan Ignatius: > Turns out it was mounted on /dev/bus/usb/001/005: > crw-rw-r-- 1 root pcscd 189, 4 Feb 14 19:13 005 > > The access rights seem ok to me - the smart card daemon pcscd has full > rights to the device. Does anyone have other ideas I could test out? The daemon group has... But is this group in the list of groups of the scdaemon process? That's not a SUID/SGID binary. So if you are not in this group then scdaemon started by you (or by gpg-agent started by you) won't be either. /bin/ps -e -o pid,supgrp,args Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From apadmaraju at prounlimited.com Thu Feb 14 18:06:14 2013 From: apadmaraju at prounlimited.com (Anilkumar Padmaraju) Date: Thu, 14 Feb 2013 09:06:14 -0800 Subject: Problem after going from gpg 1.2.6 to 1.4.5 In-Reply-To: <87sj4zs2r8.fsf@vigenere.g10code.de> References: <87sj4zs2r8.fsf@vigenere.g10code.de> Message-ID: Hi Werner, Thank you for the replay. We found the issue is not related to GPG, but with file conversion. It is no more a issue now. Please ignore this. Thank you, Anil On Thursday, February 14, 2013, Werner Koch wrote: > On Thu, 14 Feb 2013 00:00, apadmaraju at prounlimited.com said: > > > However, with 1.4.5 we get an encrypted file everything in one line > > and gets cut at 80th char. With 1.2.6 we used to get an encrypted > > file in multiple lines with 80 chars per line and was able to see > > complete file. > > That pretty much looks like a post processing problem in your script. > GPG's armor format does not output more than 64 characters per line. IT > is possible that old versions uses up to 72 characters but definitely > never more than 76 as per specs. > > BTW, you should also use "--batch" when invoking gpg from a script and > take care to properly quote argumens, so that filenames with spaces > work. > > > With 1.4.5, how to get it in 80 char format per line? Right now we > > Why did you switch to a 6 year old version of GnuPG with 4 known CVE > indetified bugs? > > > cannot upgrade to beyond 1.4.5 because of consistency issues. > > Please explain. There is no incompatibility between 1.4.5 and later > versions. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -- Anilkumar Padmaraju | Sr. Linux System Administrator *PRO Unlimited, Inc.* 1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010 (o) 650-373-2484 | (m) 408-835-7599 | (e) apadmaraju at prounlimited.com www.prounlimited.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Thu Feb 14 21:11:10 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 14 Feb 2013 21:11:10 +0100 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <13487738.mMm6CsMXsx@inno> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> <13487738.mMm6CsMXsx@inno> Message-ID: <511D44DE.4030506@digitalbrains.com> > The daemon group has... But is this group in the list of groups of the > scdaemon process? That's not a SUID/SGID binary. You're confusing pcscd and scdaemon. OP doesn't use direct access by scdaemon, but rather a PC/SC daemon which is run from init, and to which the scdaemon connects. If the card reader is supported directly by GnuPG, it might be better to remove pcscd from the equation. And in that case, the ownership might indeed become an issue again when it's like this. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From email at janignatius.fi Thu Feb 14 21:20:11 2013 From: email at janignatius.fi (Jan Ignatius) Date: Thu, 14 Feb 2013 22:20:11 +0200 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <13487738.mMm6CsMXsx@inno> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> <13487738.mMm6CsMXsx@inno> Message-ID: <20130214222011.30d9c735@Sibelius> On Thu, 14 Feb 2013 18:51:13 +0100 Hauke Laging wrote: > Am Do 14.02.2013, 19:38:05 schrieb Jan Ignatius: > > > Turns out it was mounted on /dev/bus/usb/001/005: > > crw-rw-r-- 1 root pcscd 189, 4 Feb 14 19:13 005 > > > > The access rights seem ok to me - the smart card daemon pcscd has > > full rights to the device. Does anyone have other ideas I could > > test out? > > The daemon group has... But is this group in the list of groups of > the scdaemon process? That's not a SUID/SGID binary. So if you are > not in this group then scdaemon started by you (or by gpg-agent > started by you) won't be either. > > /bin/ps -e -o pid,supgrp,args > > > Hauke This is what I could find from the output of that command that seemed relevant for gpg: 1878 - /usr/sbin/pcscd 2666 adm,cdrom,sudo,dip,plugdev,lpadmin,samba /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jan/.gnupg/gpg-agent-info-Sibelius /usr/bin/dbus-launch --exit-with-session x-session-manager 2683 adm,cdrom,sudo,dip,plugdev,lpadmin,samba mate-keyring-daemon --start --components=gpg 2781 adm,cdrom,sudo,dip,plugdev,lpadmin,samba /usr/bin/gnome-keyring-daemon --start --components=gpg As you can see, there are no entries for scdaemon. I've attached the full output for reference. If I run scdaemon manually (scdaemon --daemon), this is the entry from the ps-command: 7592 adm,cdrom,sudo,dip,plugdev,lpadmin,samba scdaemon --daemon Is the solution such that I need to get the scdaemon to be a part of the group "pcscd"? -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ps-output1.txt URL: From peter at digitalbrains.com Thu Feb 14 22:03:45 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 14 Feb 2013 22:03:45 +0100 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <20130214222011.30d9c735@Sibelius> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> <13487738.mMm6CsMXsx@inno> <20130214222011.30d9c735@Sibelius> Message-ID: <511D5131.6040708@digitalbrains.com> >> /bin/ps -e -o pid,supgrp,args > 1878 - /usr/sbin/pcscd pcscd will have GUID pcscd, so it's not a supplementary group. With $ ps -e -o pid,egroup,supgrp,args You'll most likely notice "pcscd" in the second column for that daemon. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From vedaal at nym.hush.com Thu Feb 14 23:09:44 2013 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Thu, 14 Feb 2013 17:09:44 -0500 Subject: gnupg for android phones Message-ID: <20130214220944.59ABE14DBDE@smtp.hushmail.com> Ubuntu is releasing an app for android phones, and some phones running ubuntu are said to become available in October 2013. http://www.ubuntu.com/devices/android http://www.examiner.com/article/first-ubuntu-for-android-handsets-to-release-october As ubuntu has gnupg as a standard application by default, then it would seem that the new phones might have gnupg capablility. (might be interesting for texting ;-) ). But, As android apps can have malware that can capture stored files on the phone, or even root the phone, it might not be a good idea to keep a secret keyring on the phone. Still, if there would be a way to get a smartcard reader to usb connect to the phone, it might make it much easier and safer to use gnupg with it. If anyone would like to help try this out, please let me know. (am currently using a motorola droid 2, but if, in Oct. there would be a motorola droid 5 or an ubuntu app that would run on a droid 4, I would consider upgrading - am from the generation of the previous millenium, and still prefer a hard keyboard to a touchscreen, and the droid 4 has a slider keyboard, 1g of ram, and a dual core processor, so it seems 'promising' to find a way to get ubnutu to recognize a usb gnupg smart card reader ;-) ) tia, vedaal From keastes at gmail.com Thu Feb 14 23:28:52 2013 From: keastes at gmail.com (Kendrick A. Eastes) Date: Thu, 14 Feb 2013 15:28:52 -0700 Subject: gnupg for android phones In-Reply-To: <1120d506-eb34-44e7-98f6-850ee4557926@email.android.com> References: <20130214220944.59ABE14DBDE@smtp.hushmail.com> <1120d506-eb34-44e7-98f6-850ee4557926@email.android.com> Message-ID: <2aee66ba-efbf-4aaa-ad9b-9e3ccb78dca3@email.android.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Why not use APG (HTTPS://play.google.com/store/apps/details?id=org.thialfihar.android.ago) and K-9 mail (HTTPS://play.google.com/store/apps/details?id=com.fsck.k9) it may be a case of "works for me" but so far I haven't had any major problems with it. Note: sent from my DROID RAZR with the above mentioned apps. > vedaal at nym.hush.com wrote: > >>Ubuntu is releasing an app for android phones, and some phones running >>ubuntu are said to become available in October 2013. >> >>http://www.ubuntu.com/devices/android >>http://www.examiner.com/article/first-ubuntu-for-android-handsets-to-release-october >> >>As ubuntu has gnupg as a standard application by default, then it would >>seem that the new phones might have gnupg capablility. >>(might be interesting for texting ;-) ). >> >>But, >> >>As android apps can have malware that can capture stored files on the >>phone, or even root the phone, it might not be a good idea to keep a >>secret keyring on the phone. >> >>Still, if there would be a way to get a smartcard reader to usb connect >>to the phone, it might make it much easier and safer to use gnupg with >>it. >> >>If anyone would like to help try this out, please let me know. >> >>(am currently using a motorola droid 2, but if, in Oct. there would be >>a motorola droid 5 or an ubuntu app that would run on a droid 4, I >>would consider upgrading - >>am from the generation of the previous millenium, and still prefer a >>hard keyboard to a touchscreen, and the droid 4 has a slider keyboard, >>1g of ram, and a dual core processor, so it seems 'promising' to find a >>way to get ubnutu to recognize a usb gnupg smart card reader ;-) ) >> >> >>tia, >>vedaal >> >> >>_______________________________________________ >>Gnupg-users mailing list >>Gnupg-users at gnupg.org >>http://lists.gnupg.org/mailman/listinfo/gnupg-users > -----BEGIN PGP SIGNATURE----- > Version: APG v1.0.8 > > iQFLBAEBCAA1BQJRHWPMLhxLZW5kcmljayBBcmlzdG90bGUgRWFzdGVzIDxLZWFz > dGVzQGdtYWlsLmNvbT4ACgkQV1qTbtWfpB7iBQf/RCHWze3p1eGU57vJ+T71iIjS > dt1ahAFZPZhgv/FYnL5GqWvOS4MVlgOFROL2bo3QQLO77LIlhMqQ0BT0Ob7/xZow > JTw4Y0hMecHDc805V36sjNwMnU7KmS7J4CpcaHk2Y7LNnPQxhnDQho5k23eZk63s > TeRC9Dz/RZ2ZfwGeQAlA8leY1p29kK5tnBl/3CsxjLMyheZzqf6Ro/MDR+MVrrwz > xL+bZJEjCdadwHAttarrEf1O1NtlC/A+v4Kp775FTbmLvgdDaAV4+MAReq4xLeab > h4WP54ttbA9d8igEfjJR+4KGRWfjMvwFhMVN7izBW8DBtsi2dd9iyX2lBgYc7g== > =KXty > -----END PGP SIGNATURE----- > -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQFLBAEBCAA1BQJRHWUkLhxLZW5kcmljayBBcmlzdG90bGUgRWFzdGVzIDxLZWFz dGVzQGdtYWlsLmNvbT4ACgkQV1qTbtWfpB4cOgf+PKFeHSDiN0RHCcEoYonq/bRI tRq77+NdslmGUEpNcFZfE1UXVB4GFtZqOFOedTdhGbCU8kprVAv+bJS3mTN88cGW tKJAd4daCPA8vrwXdM7+c0JUGVIJRZSCHO585RF9zY2OjSk4v9YBhwz9UGvF2i+P 9XfrbCo22dSyKktLldx07ofAHCaviNh+hW2gK1ZGYgGGv9yh2UhcgNQrau7qwMrX vqhveepNzJlCxrefBMqO57vk8mgzK+kFsxxS+laWtVy83CwSqrXvlTQWu5RlgWZK Ja4oCZkJ97vpOsUDbDtTm09dSwFN94XZ0qNYDJFG6/81FC5nyf0i8lcmbc86ag== =uFiW -----END PGP SIGNATURE----- From gnupg at lists.grepular.com Fri Feb 15 10:21:41 2013 From: gnupg at lists.grepular.com (Mike Cardwell) Date: Fri, 15 Feb 2013 09:21:41 +0000 Subject: gnupg for android phones In-Reply-To: <20130214220944.59ABE14DBDE@smtp.hushmail.com> References: <20130214220944.59ABE14DBDE@smtp.hushmail.com> Message-ID: <20130215092141.GA6787@127.0.0.1> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 * on the Thu, Feb 14, 2013 at 05:09:44PM -0500, vedaal at nym.hush.com wrote: > As ubuntu has gnupg as a standard application by default, then it > would seem that the new phones might have gnupg capablility. > (might be interesting for texting ;-) ). I use Android Privacy Guard with K-9 Mail on my Cyanogenmod/Android phone for email encryption. I use TextSecure for public key crypto with SMS delivery and storage. > As android apps can have malware that can capture stored files on the > phone, or even root the phone, it might not be a good idea to keep a > secret keyring on the phone. I made a few small local modifications to Android Privacy Guard so that I could make it work after only putting my subkeys on there and not my master key. The changes I made were pretty crude though so I never pushed them back to the main repo. Details here: https://grepular.com/Android_Privacy_Guard_and_Subkeys > Still, if there would be a way to get a smartcard reader to usb > connect to the phone, it might make it much easier and safer to use > gnupg with it. Personally, I'm not sure I have the pocket space to carry a smart card reader around with me, or the patience to pull it out and plug it in each time I want to read an email/sms. I agree that it would be cool though. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBCgBwBQJRHf4lMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBLkcB/wM/LqyXmVG PmOYlXvFRAQ4rsyHXVbdYcLQ8amc7D2swtecIkiYH0iwo0DfXMOrB1mDugfjsQR2 /ZhtcKs6I0Elqe5iSoXitHJ/RPsy2K7e6sjKYWGGZol6cryZD4PxvQPfK4bhMCKf QwD1hcONddm1Z+rW8YQUGvCAz39DZuNgsV2XnIkPgV4SsAfu69V8XgbqYJ+cNv9w SWxSqrabPRwTt1VIEEDQlQO/LXOAn45kANZ9RsSS3FmWQCL3SnZyPfoU0oMr5tXY Lg9+2mGaOpzAC/GwUCAObMkmg+3F7DVthJYN0tXD8WAEF54gKuUMXfTVgoTsqUjE 8RcrZnFhHvAl =ftXD -----END PGP SIGNATURE----- From niels at dest-unreach.be Fri Feb 15 19:34:24 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 15 Feb 2013 19:34:24 +0100 Subject: Migrating subkeys Message-ID: <511E7FB0.3070601@dest-unreach.be> Hi, I've found this guide: http://atom.smasher.org/gpg/gpg-migrate.txt but it doesn't seem to work anymore. I know that migrating subkeys is a bit of hocus-pocus, but is it still supposed to work? I get stuck at trying to generate new (correct) binding signatures for the subkeys. I don't get any errors, but nothing changes after I change the expire date for the key. Also, I see an empty Usage: field (where I expected to see "E" to indicate it's an encryption key). Version info: gpg (GnuPG) 1.4.12 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /Users/niels/temp/gpg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Niels PS: the reason why I'm trying this is: I'm migrating master key, but if I keep my current subkeys (signature mostly), I can start signing right away, and people with my old key (+subkeys) will still see it as a valid signature. But I'm not very sure that this won't break things when GPG sees two master keys with the same subkey. From email at janignatius.fi Sat Feb 16 10:42:42 2013 From: email at janignatius.fi (Jan Ignatius) Date: Sat, 16 Feb 2013 11:42:42 +0200 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <511D5131.6040708@digitalbrains.com> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> <13487738.mMm6CsMXsx@inno> <20130214222011.30d9c735@Sibelius> <511D5131.6040708@digitalbrains.com> Message-ID: <20130216114242.5368cde3@Sibelius> On Thu, 14 Feb 2013 22:03:45 +0100 Peter Lebbing wrote: > >> /bin/ps -e -o pid,supgrp,args > > 1878 - /usr/sbin/pcscd > > pcscd will have GUID pcscd, so it's not a supplementary group. With > $ ps -e -o pid,egroup,supgrp,args > > You'll most likely notice "pcscd" in the second column for that > daemon. If I run "scdaemon --daemon", then ps -e -o pid,egroup,supgrp,args, I get: 4415 jan adm,cdrom,sudo,dip,plugdev,lpadmin,samba scdaemon --daemon 1911 root - /usr/sbin/pcscd So no "pcscd" for the scdaemon. While searching for more information, I stumbled on this discussion thread from 2011: http://lists.gnupg.org/pipermail/gnupg-devel/2011-January/025911.html That seemed propose a patch that would make scdaemon behave better when a smart card is removed from the system (and not spam the syslog with endless errors and prevent further access to the card). Did this ever make it to a release of gnupg? Also, is there a known release of gpg2 that people use with OpenPGP cards that I could fall back to? Or a known Linux distribution+gnupg version combo I could try? (I would really like to sever my dependency to Microsoft Windows and move my correspondence to Linux but I need access to my signing keys before that can happen. :-/) -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 From email at janignatius.fi Sun Feb 17 15:46:13 2013 From: email at janignatius.fi (Jan Ignatius) Date: Sun, 17 Feb 2013 16:46:13 +0200 Subject: Unable to access Crypto Stick with gpg2 In-Reply-To: <20130216114242.5368cde3@Sibelius> References: <20130213074631.2f9ad2e2@Sibelius> <2255671.77Oa04RI2G@inno> <20130214193805.13895fae@Sibelius> <13487738.mMm6CsMXsx@inno> <20130214222011.30d9c735@Sibelius> <511D5131.6040708@digitalbrains.com> <20130216114242.5368cde3@Sibelius> Message-ID: <20130217164613.0a0ea05e@Sibelius> On Sat, 16 Feb 2013 11:42:42 +0200 Jan Ignatius wrote: > On Thu, 14 Feb 2013 22:03:45 +0100 > Peter Lebbing wrote: > > > >> /bin/ps -e -o pid,supgrp,args > > > 1878 - /usr/sbin/pcscd > > > > pcscd will have GUID pcscd, so it's not a supplementary group. With > > $ ps -e -o pid,egroup,supgrp,args > > > > You'll most likely notice "pcscd" in the second column for that > > daemon. > > If I run "scdaemon --daemon", then ps -e -o pid,egroup,supgrp,args, I > get: > > 4415 jan adm,cdrom,sudo,dip,plugdev,lpadmin,samba scdaemon > --daemon 1911 root > - /usr/sbin/pcscd > > So no "pcscd" for the scdaemon. > > While searching for more information, I stumbled on this discussion > thread from 2011: > http://lists.gnupg.org/pipermail/gnupg-devel/2011-January/025911.html > > That seemed propose a patch that would make scdaemon behave better > when a smart card is removed from the system (and not spam the syslog > with endless errors and prevent further access to the card). Did this > ever make it to a release of gnupg? > > Also, is there a known release of gpg2 that people use with OpenPGP > cards that I could fall back to? Or a known Linux > distribution+gnupg version combo I could try? > I'm happy to report that I finally got a working setup by doing the following: - removed gpg2, gpgme, gpa, kleopatra - added "no-use-agent" to gpg.conf - unchecked "Use GPG-agent to manage passwords" in Claws Mail (3.8.1) - copied the udev rules from privacyfoundation.de to /dev/udev/rules.d - removed /etc/xdg/autostart/gnome-keyring-gpg.desktop Now I have gpg version 1.4.11 that works with the cryptostick without sudo and provides encryption services to Claws Mail automatically. Thank you again for everyone that helped me with this. -- Jan PGP Key: https://janignatius.fi/pgp PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8 BEEC 8B71 471F 7F86 1262 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From jw72253 at verizon.net Wed Feb 20 03:27:07 2013 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 19 Feb 2013 20:27:07 -0600 Subject: default keyring file formats Message-ID: <000501ce0f11$c770c440$56524cc0$@net> A lot of the documentation I see online includes references to files with names like "foo.pub" or "foo.sec" as if these were public key rings and secret key rings. However, I am accustomed to seeing keyrings like "pubring.gpg" and "secring.gpg". Were the former of these used as keyring files in the past, but nowadays the latter format are used? John A. Wallace The pen is mightier than the sword, but only if you get in the first stroke. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Wed Feb 20 04:34:04 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 19 Feb 2013 22:34:04 -0500 Subject: default keyring file formats In-Reply-To: <000501ce0f11$c770c440$56524cc0$@net> References: <000501ce0f11$c770c440$56524cc0$@net> Message-ID: On Feb 19, 2013, at 9:27 PM, John A. Wallace wrote: > A lot of the documentation I see online includes references to files with names like ?foo.pub? or ?foo.sec? as if these were public key rings and secret key rings. However, I am accustomed to seeing keyrings like ?pubring.gpg? and ?secring.gpg?. Were the former of these used as keyring files in the past, but nowadays the latter format are used? Keyrings of that type are just files with multiple keys concatenated together. The format is effectively the same no matter what the filename is. I've often seen foo.pub / foo.sec as a single key (while the pubring.gpg, pubring.pgp, or pubring.pkr) is the keyring, but that's just convention. David From jw72253 at verizon.net Wed Feb 20 06:05:01 2013 From: jw72253 at verizon.net (John) Date: Tue, 19 Feb 2013 23:05:01 -0600 Subject: default keyring file formats In-Reply-To: References: <000501ce0f11$c770c440$56524cc0$@net> Message-ID: "David Shaw" wrote in message news:A85519AA-6166-48A8-91C8-312ADB5B7EEC__1406.68022581867$1361331370$gmane$org at jabberwocky.com... On Feb 19, 2013, at 9:27 PM, John A. Wallace wrote: > A lot of the documentation I see online includes references to files with > names like ?foo.pub? or ?foo.sec? as if these were public key rings and > secret key rings. However, I am accustomed to seeing keyrings like > ?pubring.gpg? and ?secring.gpg?. Were the former of these used as keyring > files in the past, but nowadays the latter format are used? Keyrings of that type are just files with multiple keys concatenated together. The format is effectively the same no matter what the filename is. I've often seen foo.pub / foo.sec as a single key (while the pubring.gpg, pubring.pgp, or pubring.pkr) is the keyring, but that's just convention. David Hi, David. I appreciated your prompt reply. So with a concatenated keyring in the format "foo.pub" would I first use a command like the following one if I want to get the keys out of it in order to move them and import them into a default (i.e., conventional) keyring of the format "pubring.gpg": gpg --export --no-default-keyring --keyring foo.pub --armor --output pubkey_file John From wk at gnupg.org Wed Feb 20 10:58:36 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 20 Feb 2013 10:58:36 +0100 Subject: default keyring file formats In-Reply-To: (John's message of "Tue, 19 Feb 2013 23:05:01 -0600") References: <000501ce0f11$c770c440$56524cc0$@net> Message-ID: <87txp7gvcj.fsf@vigenere.g10code.de> On Wed, 20 Feb 2013 06:05, jw72253 at verizon.net said: > Hi, David. I appreciated your prompt reply. So with a concatenated > keyring in the format "foo.pub" would I first use a command like the > following one if I want to get the keys out of it in order to move No, please don't do that! The API to access the keyrings are the --import and --export commands. It might work now but may change at any time. It is not a good idea to suggest this use. For example the file ~/.gnupg/pubring.gpg and ~/.gnupg/secring.gpg use private extensions to the OpenPGP format. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From john.lium at aunalytics.com Tue Feb 19 22:21:19 2013 From: john.lium at aunalytics.com (John Lium) Date: Tue, 19 Feb 2013 16:21:19 -0500 Subject: gpg-agent forwarding Message-ID: <5123ECCF.1060207@aunalytics.com> Hi all, Wondering if someone can help me out with gpg key forwarding in the same style that you can do with ssh. This is the best answer I've found so far: http://superuser.com/questions/161973/how-can-i-forward-a-gpg-key-via-ssh-agent Wondering if anyone could point me towards a cleaner soloution. -John -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From stefanmalte at gmail.com Wed Feb 20 22:29:08 2013 From: stefanmalte at gmail.com (Stefan Malte Schumacher) Date: Wed, 20 Feb 2013 22:29:08 +0100 Subject: Piping tar into gpg Message-ID: Hello I want to create encrypted backups with tar and gpg, which I then want to upload to my online storage. Strangely I can't get it working. "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric --output 1.tar.gz.gpg" aks for a password but aborts after creating a 4,0K large binary file. I have had other cases in which tar and gpg were obviously working (I monitored the program activity with htop) but instead of writing to the file specified with --output they were overwriting a random file in the path selected with find. I haven't been able to replicate this behaviour but it has occured multiple times and destroyed 3 files. How can I pipe tars into gpg and what may have happened when gpg started to overwrite files at random? Thanks in advance for any help Stefan Malte Schumacher -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Wed Feb 20 23:40:53 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 20 Feb 2013 17:40:53 -0500 Subject: Piping tar into gpg In-Reply-To: References: Message-ID: <512550F5.1060403@fifthhorseman.net> On 02/20/2013 04:29 PM, Stefan Malte Schumacher wrote: > I want to create encrypted backups with tar and gpg, which I then want to > upload to my online storage. Strangely I can't get it working. > "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric > --output 1.tar.gz.gpg" if you want to pipeline like this, i don't think you want the "f" flag for tar. I also don't think you're using find and tar together properly -- i think you want xargs in the mix. here's a functional example, along with a verification step (i'm using gpg-agent to prompt for the symmetric passphrases): 0 dkg at alice:/tmp/cdtemp.cD3zXc$ mkdir t 0 dkg at alice:/tmp/cdtemp.cD3zXc$ echo test > t/a 0 dkg at alice:/tmp/cdtemp.cD3zXc$ echo whatever > t/b 0 dkg at alice:/tmp/cdtemp.cD3zXc$ find t -type f -print0 | xargs -0 tar czv | gpg --symmetric > foo.tgz.gpg t/b t/a 0 dkg at alice:/tmp/cdtemp.cD3zXc$ gpg --decrypt < foo.tgz.gpg | tar tz gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: message was not integrity protected t/b t/a 0 dkg at alice:/tmp/cdtemp.cD3zXc$ --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From jtreinen at gmail.com Thu Feb 21 00:41:00 2013 From: jtreinen at gmail.com (Jim Treinen) Date: Wed, 20 Feb 2013 16:41:00 -0700 Subject: Documentation on symmetric key options for GPGME Message-ID: Hello, I am new to GPG, specifically GPGME. I am trying to familiarize myself with programming against the GPGME C library. I was wondering if it is possible to explicitly specify the use of AES 256 and choose a block mode when using the OpenPGP protocol ? I am sorry if I have overlooked something obvious. I have looked at the 'GPG Made Easy' Reference Manual, and do not see any mention of these types of options. Many thanks in advance, Jim Treinen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Feb 21 00:48:17 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 20 Feb 2013 18:48:17 -0500 Subject: Documentation on symmetric key options for GPGME In-Reply-To: References: Message-ID: <512560C1.4050608@sixdemonbag.org> On 02/20/2013 06:41 PM, Jim Treinen wrote: > I am new to GPG, specifically GPGME. I am trying to familiarize > myself with programming against the GPGME C library. I was wondering > if it is possible to explicitly specify the use of AES 256 and choose > a block mode when using the OpenPGP protocol ? It is possible to force the use of AES-256 whenever possible: add "--cipher-algo aes256" to the GnuPG command line. However, this is thoroughly not advised. It's possible to create traffic your recipient will not be able to decrypt, for instance (not every OpenPGP implementation supports AES). There are also other edge cases in which using cipher-algo can get you in trouble. OpenPGP specifies its own block mode, which is basically CFB64 with some special sauce added -- it's a hack which dates back many years. Every now and again there's some talk about replacing it with something more modern, like Galois counter mode or somesuch, but so far nothing's come of it. So the answer to this one is no, you really can't specify a block mode. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 21 02:23:52 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 20 Feb 2013 20:23:52 -0500 Subject: Patch add support for different algorithms in the agent private key storage In-Reply-To: References: <87ip5ngi0j.fsf@vigenere.g10code.de> <87vc9mg5a6.fsf@vigenere.g10code.de> <5125483D.8080500@sixdemonbag.org> Message-ID: <51257728.6010902@sixdemonbag.org> On 02/20/2013 07:11 PM, Laila Vrazda wrote: > Very well, theoretically AES-256 is less secure than AES-192. The current best attack on AES-256 maxes out at 11 rounds; the full AES-256 has 14 rounds. Nobody's ever demonstrated that full AES-256 is easier to break than AES-192; and even if they had, it would still be a nonissue. "Theoretically, a reduced-round AES-256 is less secure than a reduced-round AES-192" would be more accurate, and as the sentence gets more accurate it seems to become less relevant. Besides, cryptosystems very rarely fail as the result of cryptologic flaws. It's so rare I'm having a hard time thinking of any off the top of my head; WEP fell to an implementation defect in RC4, SSL had problems with side channels, there are a lot of systems that have fallen to timing attacks, and so on. But I'm scratching my head here trying to think of the last time a system fell to cryptanalysis. The DVD Content Scrambling System, maybe? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 21 02:39:18 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 20 Feb 2013 20:39:18 -0500 Subject: Patch add support for different algorithms in the agent private key storage In-Reply-To: <51257728.6010902@sixdemonbag.org> References: <87ip5ngi0j.fsf@vigenere.g10code.de> <87vc9mg5a6.fsf@vigenere.g10code.de> <5125483D.8080500@sixdemonbag.org> <51257728.6010902@sixdemonbag.org> Message-ID: <51257AC6.9020002@sixdemonbag.org> On 02/20/2013 08:23 PM, Robert J. Hansen wrote: > The current best attack on AES-256 maxes out at 11 rounds; the full > AES-256 has 14 rounds. Doing a little more research, I found a theoretical attack on the full -256 and -192; I was wrong to say the current best attack only worked on a reduced-round variant. The new hotness is a related-key attack, wherein the attacker chooses two keys and a relationship between them and uses that to attack the full cipher. It's definitely an exotic: that sort of condition is unlikely to occur in the real world, especially in GnuPG where AES is used for randomly-generated session keys -- there's no relationship between them to be exploited. Still, I was incorrect to say the best attack is on a reduced-round variant. Mea culpa. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From f_philipp at fastmail.net Thu Feb 21 08:50:29 2013 From: f_philipp at fastmail.net (Florian Philipp) Date: Thu, 21 Feb 2013 08:50:29 +0100 Subject: Piping tar into gpg In-Reply-To: <512550F5.1060403@fifthhorseman.net> References: <512550F5.1060403@fifthhorseman.net> Message-ID: <5125D1C5.5030200@fastmail.net> Am 20.02.2013 23:40, schrieb Daniel Kahn Gillmor: > On 02/20/2013 04:29 PM, Stefan Malte Schumacher wrote: >> I want to create encrypted backups with tar and gpg, which I then want to >> upload to my online storage. Strangely I can't get it working. >> "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric >> --output 1.tar.gz.gpg" > > if you want to pipeline like this, i don't think you want the "f" flag > for tar. > Correct. > I also don't think you're using find and tar together properly -- i > think you want xargs in the mix. > > 0 dkg at alice:/tmp/cdtemp.cD3zXc$ find t -type f -print0 | xargs -0 tar > czv | gpg --symmetric > foo.tgz.gpg > Better don't do that. If xargs receives too many arguments, it will call tar multiple times. I don't think you can append tar files like that, can you? Better approach (in bash, at least): tar --create --null --files-from=<(find ... -print0) | gpg ... This also has the advantage that it works correctly if no matches are found, i.e. it creates an empty archive instead of showing an error. Alternatively use cpio which was explicitly built around the concept of being used with find. I would also get rid of the z option as gpg compresses, too. Regards, Florian Philipp -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Feb 21 11:29:19 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Feb 2013 11:29:19 +0100 Subject: Piping tar into gpg In-Reply-To: <5125D1C5.5030200@fastmail.net> (Florian Philipp's message of "Thu, 21 Feb 2013 08:50:29 +0100") References: <512550F5.1060403@fifthhorseman.net> <5125D1C5.5030200@fastmail.net> Message-ID: <87d2vuez9c.fsf@vigenere.g10code.de> On Thu, 21 Feb 2013 08:50, f_philipp at fastmail.net said: > Better approach (in bash, at least): > tar --create --null --files-from=<(find ... -print0) | gpg ... As usual --files-from (or -T) takes input from stdin if you use "-" as file name. Thus there is no need for strange Bash options. -print0 is no standard but anyway highly useful, BSD tars seem not to have -T but you may use gpgtar which features -T and --null. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jw72253 at verizon.net Thu Feb 21 16:50:00 2013 From: jw72253 at verizon.net (John A. Wallace) Date: Thu, 21 Feb 2013 09:50:00 -0600 Subject: key ordering choices Message-ID: <000001ce104b$1bd9c010$538d4030$@net> When I use this command: Gpg -list-secret-keys The secret keys are listed from the keyring in my gpg homedir. When there are several secret keys, what is the ordering criteria used by gpg to display the keys within an individual keyring? Do I have any control over the ordering? Also, "if" I wanted to have more than one keyring, and I were to name them, for example, "secring1.gpg", "secring2.gpg", would my ordering be respected by gpg in the display from such a command? John A. Wallace The pen is mightier than the sword, but only if you get in the first stroke. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jw72253 at verizon.net Thu Feb 21 16:50:00 2013 From: jw72253 at verizon.net (John A. Wallace) Date: Thu, 21 Feb 2013 09:50:00 -0600 Subject: options files Message-ID: <000501ce104b$1c25e440$5471acc0$@net> Hi, Can I get a link discussing one or more of a typical situations when options files are used? Thanks John A. Wallace The pen is mightier than the sword, but only if you get in the first stroke. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Thu Feb 21 16:53:51 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 21 Feb 2013 16:53:51 +0100 Subject: Bug in documentation? --gpg-agent-info Message-ID: <2128544.C2MXPzaoMi@inno> Hello, my man page (for GnuPG 2.0.19) says both --gpg-agent-info This is dummy option. It has no effect when used with gpg2. and GPG_AGENT_INFO [...] The option --gpg-agent-info can be used to override it. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From jtreinen at gmail.com Thu Feb 21 17:19:16 2013 From: jtreinen at gmail.com (Jim Treinen) Date: Thu, 21 Feb 2013 09:19:16 -0700 Subject: Documentation on symmetric key options for GPGME In-Reply-To: <512560C1.4050608@sixdemonbag.org> References: <512560C1.4050608@sixdemonbag.org> Message-ID: Thank you for the information, that certainly makes sense. Regarding AES, I understand your point about being compatible with all clients, but for my own education, is it possible to force the use of AES (or any other cipher) using the GPGME library ? I don't see any parameters on the * gpgme_set_protocol* or *gpgme_op_encrypt* functions that would seem to allow for this. Thanks again, Jim. On Wed, Feb 20, 2013 at 4:48 PM, Robert J. Hansen wrote: > On 02/20/2013 06:41 PM, Jim Treinen wrote: > > I am new to GPG, specifically GPGME. I am trying to familiarize > > myself with programming against the GPGME C library. I was wondering > > if it is possible to explicitly specify the use of AES 256 and choose > > a block mode when using the OpenPGP protocol ? > > It is possible to force the use of AES-256 whenever possible: add > "--cipher-algo aes256" to the GnuPG command line. However, this is > thoroughly not advised. It's possible to create traffic your recipient > will not be able to decrypt, for instance (not every OpenPGP > implementation supports AES). There are also other edge cases in which > using cipher-algo can get you in trouble. > > OpenPGP specifies its own block mode, which is basically CFB64 with some > special sauce added -- it's a hack which dates back many years. Every > now and again there's some talk about replacing it with something more > modern, like Galois counter mode or somesuch, but so far nothing's come > of it. So the answer to this one is no, you really can't specify a > block mode. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Feb 21 19:34:15 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Feb 2013 19:34:15 +0100 Subject: Documentation on symmetric key options for GPGME In-Reply-To: (Jim Treinen's message of "Thu, 21 Feb 2013 09:19:16 -0700") References: <512560C1.4050608@sixdemonbag.org> Message-ID: <87ppztect4.fsf@vigenere.g10code.de> On Thu, 21 Feb 2013 17:19, jtreinen at gmail.com said: > own education, is it possible to force the use of AES (or any other cipher) > using the GPGME library ? I don't see any parameters on the * Not directly. The usual advise I give is to set a different home directory (gpgme_set_engine_info) and put an appropriate gpg.conf file into this directory. There is also an API in GPGME which allows to modify certain settings in the configuration files; but this is just an easy way to edit the conf files. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Feb 21 19:37:29 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Feb 2013 19:37:29 +0100 Subject: key ordering choices In-Reply-To: <000001ce104b$1bd9c010$538d4030$@net> (John A. Wallace's message of "Thu, 21 Feb 2013 09:50:00 -0600") References: <000001ce104b$1bd9c010$538d4030$@net> Message-ID: <87liahecnq.fsf@vigenere.g10code.de> On Thu, 21 Feb 2013 16:50, jw72253 at verizon.net said: > The secret keys are listed from the keyring in my gpg homedir. When there > are several secret keys, what is the ordering criteria used by gpg to No. Similar to files in a directory on Unix. gpg has no feature to sort them. If you want that, please use one of the GUI fronrends or write a script to do this (using the --with-colons format). > the ordering? Also, "if" I wanted to have more than one keyring, and I were > to name them, for example, "secring1.gpg", "secring2.gpg", would my ordering > be respected by gpg in the display from such a command? Don't rely on such a behavior. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Feb 21 19:39:05 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Feb 2013 19:39:05 +0100 Subject: options files In-Reply-To: <000501ce104b$1c25e440$5471acc0$@net> (John A. Wallace's message of "Thu, 21 Feb 2013 09:50:00 -0600") References: <000501ce104b$1c25e440$5471acc0$@net> Message-ID: <87hal5ecl2.fsf@vigenere.g10code.de> On Thu, 21 Feb 2013 16:50, jw72253 at verizon.net said: > Can I get a link discussing one or more of a typical situations when options > files are used? Thanks I have no link bu at least gpg.conf should always be used to set at least your own signing key and an --encrypt-to key. A keyserver entry is also useful. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From avi.wiki at gmail.com Thu Feb 21 19:55:17 2013 From: avi.wiki at gmail.com (Avi) Date: Thu, 21 Feb 2013 13:55:17 -0500 Subject: options files In-Reply-To: <87hal5ecl2.fsf@vigenere.g10code.de> References: <000501ce104b$1c25e440$5471acc0$@net> <87hal5ecl2.fsf@vigenere.g10code.de> Message-ID: On Thu, Feb 21, 2013 at 1:39 PM, Werner Koch wrote: > > On Thu, 21 Feb 2013 16:50, jw72253 at verizon.net said: > > > Can I get a link discussing one or more of a typical situations when > > options > > files are used? Thanks > > I have no link bu at least gpg.conf should always be used to set at > least your own signing key and an --encrypt-to key. A keyserver entry > is also useful. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users I use the 1.4 trunk (1.4.13) but here are the contents of my gp.conf file, if you find that helpful: comment Most recent key: Click show in box @ http://is.gd/4xJrs default-key 0x0D62B019F80E29F9 default-recipient-self encrypt-to 0x0D62B019F80E29F9 keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve include-disabled sig-keyserver-url http://keyserver.ubuntu.com/pks/lookup?op=get&hash=on&fingerprint=on&search=0x0D62B019F80E29F9 photo-viewer c:\program files\gpgshell\gpgview.exe %i /title 0x%k rfc4880 enable-dsa2 default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 AES TWOFISH CAMELLIA256 CAMELLIA192 CAMELLIA128 BLOWFISH CAST5 3DES AES192 AES256 BZIP2 ZLIB ZIP personal-cipher-preferences AES TWOFISH CAMELLIA256 CAMELLIA192 CAMELLIA128 BLOWFISH CAST5 3DES AES192 AES256 personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 personal-compress-preferences BZIP2 ZLIB ZIP ask-cert-level keyid-format 0xSHORT ask-cert-expire expert s2k-digest-algo SHA512 s2k-cipher-algo AES cert-digest-algo SHA512 verbose compress-level 9 bzip2-compress-level 9 ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From jtreinen at gmail.com Thu Feb 21 20:28:32 2013 From: jtreinen at gmail.com (Jim Treinen) Date: Thu, 21 Feb 2013 12:28:32 -0700 Subject: Documentation on symmetric key options for GPGME In-Reply-To: <87ppztect4.fsf@vigenere.g10code.de> References: <512560C1.4050608@sixdemonbag.org> <87ppztect4.fsf@vigenere.g10code.de> Message-ID: Thank you for the information. Jim. On Thu, Feb 21, 2013 at 11:34 AM, Werner Koch wrote: > On Thu, 21 Feb 2013 17:19, jtreinen at gmail.com said: > > > own education, is it possible to force the use of AES (or any other > cipher) > > using the GPGME library ? I don't see any parameters on the * > > Not directly. The usual advise I give is to set a different home > directory (gpgme_set_engine_info) and put an appropriate gpg.conf file > into this directory. There is also an API in GPGME which allows to > modify certain settings in the configuration files; but this is just an > easy way to edit the conf files. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From craig at 2ndquadrant.com Fri Feb 22 01:34:10 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Fri, 22 Feb 2013 08:34:10 +0800 Subject: Reliably determining that the agent is available and starting it if not In-Reply-To: <5126B9FF.5000504@2ndquadrant.com> References: <5126B9FF.5000504@2ndquadrant.com> Message-ID: <5126BD02.8050107@2ndquadrant.com> Oh, I should've mentioned that I also asked here: http://serverfault.com/questions/481103/gpg-agent-says-agent-exists-but-gpg-says-agent-doesnt-exist/481312#481312 -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -------------- next part -------------- An HTML attachment was scrubbed... URL: From dougb at dougbarton.us Fri Feb 22 02:18:03 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 21 Feb 2013 17:18:03 -0800 Subject: Reliably determining that the agent is available and starting it if not In-Reply-To: <5126BD02.8050107@2ndquadrant.com> References: <5126B9FF.5000504@2ndquadrant.com> <5126BD02.8050107@2ndquadrant.com> Message-ID: <5126C74B.3010209@dougbarton.us> I have the following script that does this for you in a Unix'y environment, assuming your DE doesn't already handle it: https://dougbarton.us/PGP/gpg-agent.html hth, Doug From craig at 2ndquadrant.com Fri Feb 22 01:21:19 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Fri, 22 Feb 2013 08:21:19 +0800 Subject: Reliably determining that the agent is available and starting it if not Message-ID: <5126B9FF.5000504@2ndquadrant.com> Hi all I'm scripting gpg to batch re-encrypt some files, and I've run into a surprising problem I was hoping for some advice on. I expected it to be simple to make sure that the a GPG agent (either the "gpg-agent" program or something like Gnome's built-in agent) were available and usable by gpg before proceeding, so the user doesn't get buried in repeated password prompts. It's turned out to be anything but, to the point where I feel I must be missing something. The root of the problem is that the `gpg-agent' command tests for the existence of an agent a different way to how `gpg' its self does - and gpg offers no command line test for agent availability, since --use-agent is simply ignored if the agent can't be used. gpg-agent looks for an existing agent socket at $HOME/.gnupg/S.gpg-agent . If one exists it connects to it to check that the agent is alive. It does this even if no GPG_AGENT_INFO env var is set. If gpg-agent finds a running agent it will not write the env file or print the definitions for GPG_AGENT_INFO to stdout, so you cannot invoke gpg-agent to discover the details of an already-running agent. gpg, however, looks only at GPG_AGENT_INFO. If it is not set but --use-agent is passed, gpg will print the local translation of the message "gpg-agent is not available in this session" and then continue. It offers no command line flag like --require-agent. --use-agent --batch has a similar effect, but cannot be used to add the user's key to the agent if it's not already cached. There doesn't seem to be an equivalent of "gpg-add" like ssh's "ssh-add". What all this means is that there doesn't seem to be a reliable way to determine how to connect to a running agent if there is one, or start one if there isn't. This seems like such a basic thing that I'm really hoping I'm missing something really obvious. The closest I've come so far is this horror: if ! test -v GPG_AGENT_INFO; then if gpg-agent 2>/dev/null; then if test -e /tmp/.gpg-agent-$USER/env; then . /tmp/.gpg-agent-$USER/env elif test -e ~/.gpg-agent-info; then . ~/.gpg-agent-info else echo 'A gpg agent is running, but we cannot find its socket info because' echo 'the GPG_AGENT_INFO env var is not set and gpg agent info has not been' echo 'written to any expected location. Cannot continue. Please report this' echo 'issue for investigation.' exit 5 fi else mkdir /tmp/.gpg-agent-$USER chmod 700 /tmp/.gpg-agent-$USER gpg-agent --daemon --write-env-file /tmp/.gpg-agent-$USER/env . /tmp/.gpg-agent-$USER/env fi # The env file doesn't include an export statement export GPG_AGENT_INFO else if ! gpg-agent 2>/dev/null; then echo 'GPG_AGENT_INFO is set, but cannot connect to the agent.' echo 'Unsure how to proceed, so aborting execution. Please report this' echo 'issue for investigation.' exit 5 fi fi This is neither reliable, clean, nor user-friendly. The only real solution would require that I patch gpg to fall back on the well known agent socket location if GPG_AGENT_INFO is unset but use-agent is enabled, or patch gpg-agent to query the existing agent and print GPG_AGENT_INFO value for it if it's run and an agent already exists. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -------------- next part -------------- An HTML attachment was scrubbed... URL: From craig at 2ndquadrant.com Fri Feb 22 03:32:38 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Fri, 22 Feb 2013 10:32:38 +0800 Subject: Reliably determining that the agent is available and starting it if not In-Reply-To: <5126C74B.3010209@dougbarton.us> References: <5126B9FF.5000504@2ndquadrant.com> <5126BD02.8050107@2ndquadrant.com> <5126C74B.3010209@dougbarton.us> Message-ID: <5126D8C6.4070102@2ndquadrant.com> On 02/22/2013 09:18 AM, Doug Barton wrote: > I have the following script that does this for you in a Unix'y > environment, assuming your DE doesn't already handle it: What I'm hoping for is something I can use in a utility script, so that the user doesn't have to mess with their (likely distro-specific) login session setup details. If they already have an agent, I want to use it, and if they don't I want to start one for the ues of the script. If I need to I can take the approach you have there, where you set the agent up globally across the user session, and just make people perform the setup steps if their DE doesn't already provide an agent. I was just hoping for something a bit more transparent. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services From dougb at dougbarton.us Fri Feb 22 07:49:48 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 21 Feb 2013 22:49:48 -0800 Subject: Reliably determining that the agent is available and starting it if not In-Reply-To: <5126D8C6.4070102@2ndquadrant.com> References: <5126B9FF.5000504@2ndquadrant.com> <5126BD02.8050107@2ndquadrant.com> <5126C74B.3010209@dougbarton.us> <5126D8C6.4070102@2ndquadrant.com> Message-ID: <5127150C.5050001@dougbarton.us> On 02/21/2013 06:32 PM, Craig Ringer wrote: > On 02/22/2013 09:18 AM, Doug Barton wrote: >> I have the following script that does this for you in a Unix'y >> environment, assuming your DE doesn't already handle it: > > What I'm hoping for is something I can use in a utility script, so that > the user doesn't have to mess with their (likely distro-specific) login > session setup details. That's a good thought, but the problem is that they are very different. Unless you have a limited number of relevant DEs, and/or you're willing to do a lot of research to cover all/most of them, you're in for a rough ride. > If they already have an agent, I want to use it, > and if they don't I want to start one for the ues of the script. The script I sent you the link to has the ability to determine if the agent is running. > If I need to I can take the approach you have there, where you set the > agent up globally across the user session, and just make people perform > the setup steps if their DE doesn't already provide an agent. I was just > hoping for something a bit more transparent. You could also use the "standard socket" approach instead. Check out the man page for gpg-agent. hth, Doug From wk at gnupg.org Fri Feb 22 09:15:23 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 22 Feb 2013 09:15:23 +0100 Subject: Reliably determining that the agent is available and starting it if not In-Reply-To: <5126B9FF.5000504@2ndquadrant.com> (Craig Ringer's message of "Fri, 22 Feb 2013 08:21:19 +0800") References: <5126B9FF.5000504@2ndquadrant.com> Message-ID: <87txp4dask.fsf@vigenere.g10code.de> On Fri, 22 Feb 2013 01:21, craig at 2ndquadrant.com said: > I expected it to be simple to make sure that the a GPG agent (either the > "gpg-agent" program or something like Gnome's built-in agent) were Oh please don't use the latter, that is the cuase for a many problems. You may use gpg-connect-agent for this. Howeverm depending how GnuPG has been build gpg2 and gpg-connect-agent both start the agent if they need them. This is a far better way then the mess with the envvars. We have been doing that for Windows for many years without problems. On Unix you only don't want to do that if ~/.gnupg is remotely mounted on a filesystem that does not support local sockets. Now, how do you know whether gpg-agent will be started on demand? gpg also needs to know this and thus gpg-agent is able to tell you: if gpg-agent --use-standard-socket-p ; then echo "gpg2 starts gpg-agent on demand" fi > This is neither reliable, clean, nor user-friendly. The only real > solution would require that I patch gpg to fall back on the well known > agent socket location if GPG_AGENT_INFO is unset but use-agent is Either set the default be using ./configure --enable-standard-socket && make or at runtim put it into gpg-agent.conf echo use-standard-socket >>~/.gnupg/gpg-agent.conf Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jtreinen at gmail.com Fri Feb 22 18:43:14 2013 From: jtreinen at gmail.com (Jim Treinen) Date: Fri, 22 Feb 2013 10:43:14 -0700 Subject: Is it possible to use keys that aren't on the keyring? Message-ID: Hello, I have a question about retrieving keys for use with GPGME. I understand that GPG is primarily built to function using keys on the user's keychain, however, I was wondering if it is possible to perform crypto operations using keys that are not on the keyring. For example, rather than encrypting a file for a recipient on the user's keyring, and retrieving it by fingerprint, is it possible to use a public key out of memory, for example from a web service call that retrieved the recipient's key from a publicly hosted key store? gpgme_get_key appears to only work with the crypto backend ( gpg and the corresponding keyring) . I was wondering if there are any alternatives to reading in keys than from the native key ring ? Thanks in advance, Jim. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Fri Feb 22 20:28:47 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 22 Feb 2013 20:28:47 +0100 Subject: Is it possible to use keys that aren't on the keyring? In-Reply-To: References: Message-ID: <5127C6EF.2070500@digitalbrains.com> I don't know if it is supported by GPGME, but here's an alternative I just thought of: Store the public keyring on a RAM filesystem. Sketch of operation (not fully tested, and please understand what you're doing, don't just copy-paste): mkdir ~/gnupg-ramfs sudo mount gnupg-ramfs ~/gnupg-ramfs -t tmpfs -o mode=700,uid=$(whoami) echo no-default-keyring >>~/.gnupg/gpg.conf echo 'keyring ~/gnupg-ramfs/pubring.gpg' >>~/.gnupg/gpg.conf Now you have an empty default keyring. --import your key, work with it, --delete-public-key, and it's empty again. This way, no disk activity is caused by the operations. Deleting the last key from the keyring is probably pretty efficient (it would make sense if it is programmed such that it will append the remaining 0 bytes at file pos 0). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mixmaster at remailer.privacy.at Fri Feb 22 19:24:44 2013 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Fri, 22 Feb 2013 19:24:44 +0100 (CET) Subject: US banks that can send PGP/MIME e-mail Message-ID: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> Have any consumer banks in the US figured out how to use PGP, so monthly statements can be trully *delivered*? (as opposed to getting a plaintext message troubling clients to login via some GUI and point-click-point-click-point-click) From wk at gnupg.org Fri Feb 22 20:34:47 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 22 Feb 2013 20:34:47 +0100 Subject: Is it possible to use keys that aren't on the keyring? In-Reply-To: (Jim Treinen's message of "Fri, 22 Feb 2013 10:43:14 -0700") References: Message-ID: <87mwuwb0rs.fsf@vigenere.g10code.de> On Fri, 22 Feb 2013 18:43, jtreinen at gmail.com said: > user's keychain, however, I was wondering if it is possible to perform > crypto operations using keys that are not on the keyring. For example, No. GPG needs to know the keys, for example to compute the web of trust. Eventually we will add an optional expiration date to keys in the keyring so that they can be removed automatically. GPGSM has a similar feature for many years (--with-ephemeral-keys) to help searching LDAP servers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From lists at michel-messerschmidt.de Fri Feb 22 20:59:16 2013 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Fri, 22 Feb 2013 20:59:16 +0100 Subject: Piping tar into gpg In-Reply-To: References: Message-ID: <20130222195916.GB4993@ryu.matrix> On Wed, Feb 20, 2013 at 10:29:08PM +0100, Stefan Malte Schumacher wrote: > "find /mnt/raid/Dokumente/ -type f -print0 |tar cfzv | gpg --symmetric > --output 1.tar.gz.gpg" aks for a password but aborts after creating a 4,0K > large binary file. I have had other cases in which tar and gpg were > obviously working (I monitored the program activity with htop) but instead > of writing to the file specified with --output they were overwriting a > random file in the path selected with find. Are you sure that gpg overwrote the files? Piping into "tar cfzv" would write *to* the first file found due to the "f" option. Another thing is that you don't need find if you just want to put everything below a directory in a tar file. You could use: cd /mnt/raid/Dokumente/ tar --create . | gpg --symmetric --output $DESTINATION/1.tar.gpg But if you really want to exclude other filetypes, you better stick to find. From wk at gnupg.org Fri Feb 22 20:20:53 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 22 Feb 2013 20:20:53 +0100 Subject: [Announce] Libassuan 2.1.0 released Message-ID: <87y5egb1ey.fsf@vigenere.g10code.de> Hello! I am pleased to announce version 2.1.0 of Libassuan. Libassuan is the IPC library used by GnuPG 2, GPGME, and a few other packages. This release adds support for the nPth thread library as used by the current development version of GnuPG. It also fixes some minor bugs and enables features on *BSD platforms. You may download the library and its OpenPGP signature from: ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.1.0.tar.bz2 (525k) ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.1.0.tar.bz2.sig As an alternative you may use a patch file to upgrade the previous version of the library: ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.3-2.1.0.diff.bz2 (62k) SHA-1 checksums are: af114073610ce0b30961986c2741d5e7230c9880 libassuan-2.1.0.tar.bz2 627e8b7560f0137d4e3ed2c409b6d9cc3ceb5150 libassuan-2.0.3-2.1.0.diff.bz2 Noteworthy changes in version 2.1.0 (2013-02-22) ------------------------------------------------ * Support for the nPth library. * Add assuan_check_version and two version macros. * Interface changes relative to the 2.0.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASSUAN_SYSTEM_NPTH_IMPL NEW macro. ASSUAN_SYSTEM_NPTH NEW macro. __assuan_read NEW (private). __assuan_write NEW (private). __assuan_recvmsg NEW (private). __assuan_sendmsg NEW (private). __assuan_waitpid NEW (private). ASSUAN_VERSION NEW macro. ASSUAN_VERSION_NUMBER NEW macro. assuan_check_version NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to Ben Kibbey, W. Trevor King, and Marcus Brinkmann for their contributions. A listing with commercial support offers for GnuPG and related software is available at: http://www.gnupg.org/service.html The driving force behind the development of the GnuPG system is my company g10 Code. Maintenance and improvement of GnuPG and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://g10code.com/gnupg-donation.html Happy hacking, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rjh at sixdemonbag.org Sat Feb 23 02:55:57 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 22 Feb 2013 20:55:57 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> Message-ID: <512821AD.8000300@sixdemonbag.org> On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: > Have any consumer banks in the US figured out how to use PGP, so > monthly statements can be truly *delivered*? OpenPGP, no, because there's no business case for them to do so. OpenPGP users represent a phenomenally small fraction of their userbase (probably <1%) and would account for a large fraction of their tech support questions. S/MIME, yes, some banks have discovered the benefit. However that's still mostly a business-to-bank thing as opposed to consumer-to-bank, since S/MIME is a technology that's not exactly ready for consumers. From mls at jama.is Sat Feb 23 10:40:08 2013 From: mls at jama.is (mls at jama.is) Date: Sat, 23 Feb 2013 10:40:08 +0100 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> Message-ID: <6987488.HPrJgLbkPU@e9a4bfs47> On Friday 22 February 2013 19:24:44 Anonymous Remailer wrote: > Have any consumer banks in the US figured out how to use PGP, so > monthly statements can be trully *delivered*? The only bank I know that is able to receive pgp encrypted emails is the German netbank. But they don't sent out pgp encrypted emails to their customers. From jerry at seibercom.net Sat Feb 23 14:01:05 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 23 Feb 2013 08:01:05 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512821AD.8000300@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300@sixdemonbag.org> Message-ID: <20130223080105.0dde039f@scorpio> On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: > On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: > > Have any consumer banks in the US figured out how to use PGP, so > > monthly statements can be truly *delivered*? > > OpenPGP, no, because there's no business case for them to do so. > OpenPGP users represent a phenomenally small fraction of their > userbase (probably <1%) and would account for a large fraction of > their tech support questions. > > S/MIME, yes, some banks have discovered the benefit. However that's > still mostly a business-to-bank thing as opposed to consumer-to-bank, > since S/MIME is a technology that's not exactly ready for consumers. I find your statement regarding S/MIME erroneous; however, we can just agree to disagree on that matter. Neither one of us will ever win the argument. My bank and credit card company, sends me a monthly link to a secure URL that affords me the opportunity to view my statements. I also have the option of downloading in PDF, CSV or MS Excel format my statement. I have never received a plain email statement detailing my banking records. Unless I am seriously misreading this thread, I am not sure what advantage either PGP or S/MIME would afford. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From mail at rainydayz.org Sat Feb 23 13:36:21 2013 From: mail at rainydayz.org (Andy Ruddock) Date: Sat, 23 Feb 2013 12:36:21 +0000 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <6987488.HPrJgLbkPU@e9a4bfs47> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <6987488.HPrJgLbkPU@e9a4bfs47> Message-ID: <5128B7C5.2030003@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mls at jama.is wrote: > On Friday 22 February 2013 19:24:44 Anonymous Remailer wrote: >> Have any consumer banks in the US figured out how to use PGP, so >> monthly statements can be trully *delivered*? > > The only bank I know that is able to receive pgp encrypted emails > is the German netbank. But they don't sent out pgp encrypted emails > to their customers. > There is a nordic bank that generates s/mime certificates for its customers. Because everybody has to have a registered address (at least in Norway) they send a password to that address. You have to present the certificate to login on the web. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xB0324245) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRKLfEAAoJECqtbbewMkJFy7MQAKF5ShSJmWu6rsuNWDBP9m+E qh+Xq5HFtkha8b7UK4+9mvNqNu2QGzXMufoxmRpiWDiWiKdPaZDVi22qh2BFcSam zLu+tlnDb8qdQeEeXDa58/0idxw/Et/VBINLLHubOERAezz9BIlrBM3XU6kRPRtF kQ0kqoFmzXYhq4gTL2RMf570M4GSS2CfTbWqup1+ArbiSeOdTb9GIbDebwMW6IrV nebwDWc8NiV3I2SkiWGhBROvMAtA2YcIuSEBcsdUNPZFftTzcvxC/wym6+SCQgRc AIibz5SLVaLZsnIbC/H62XGufz/bDINim03pnvTinEbgtqkUQLyxGs7RUZp/FVVC cs12/hmCkT350RSgk44yooFQ7Kx843d11KSofBIvMwLWSRue0qw+h0aGiOBV7WHa XaIEvJz83jVoH378WDcf8BffFdO+DtFoAob9VdJJoHarXPTw8kPHRqR2HL6Bcsfd MZ4VA7IoJz3xpW6XhrFL9z05Lnqno6bB9mDjcQtXMR1su0rDgGD1nCf4HSaVY9Lw u/RNcCzT7qHR1/dhKBzCUIaPyBquD7ml6SPLh791SJ1ZTs3yVf3AmTX/d6NEbAuo L/tpg/7EHdbUWz9Tu7IVQJ6XqdVi56Z9455C7MHQoIGpxMnUp7ftTFAII11vgyEh gu1OsmAvHsWkpGdHi1xQ =7KPs -----END PGP SIGNATURE----- From mail at rainydayz.org Sat Feb 23 15:31:26 2013 From: mail at rainydayz.org (Andy Ruddock) Date: Sat, 23 Feb 2013 14:31:26 +0000 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <20130223080105.0dde039f@scorpio> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300@sixdemonbag.org> <20130223080105.0dde039f@scorpio> Message-ID: <5128D2BE.4000308@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jerry wrote: > On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: > >> On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: >>> Have any consumer banks in the US figured out how to use PGP, >>> so monthly statements can be truly *delivered*? [snip] > My bank and credit card company, sends me a monthly link to a > secure URL that affords me the opportunity to view my statements. I > also have the option of downloading in PDF, CSV or MS Excel format > my statement. I have never received a plain email statement > detailing my banking records. > > Unless I am seriously misreading this thread, I am not sure what > advantage either PGP or S/MIME would afford. The point being that you get a link. If the banks used PGP or S/MIME then they could actually send you your statements. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xB0324245) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRKNK+AAoJECqtbbewMkJFFhgQAJg0hLk8qlULy1Q6PklWVLjh f/ZAdoYnt3ywDdbY3muX7KduSfhjVEUJJnm4oM0v6ivMqul7HT+6cB4/6ML/rtR1 Hf073dVMi8VhEWcMxxm6KS/9vORVpE2zUHhfR/FCkkJLy4cVIwTou0pljwPhsOud dVj5gaynQpjMSUSNF9WfxL3LEB2l29j5iLWWS5LChnJzpstkKAkW/tlnuEf/K5Ns aKmP4TsJJDeh/nCbbry68j3eY2gVT2V4JVLdfpwf0NnHa4uD6hikh+a6Hn09MTe8 lpBi/jXv0fs8ApXq9VAqmzs5tJ0bwNV9b5TBdUaEupx4fRAhhnIxjL5S4cw4payo FwyKDoepzMj5a+q+6szDKn5D/FP5Wi+lat7TwfNxxMw4HqOHn2Jau2y8846WFNlL e8xiPneRTkI5OlannjFVEV7BFlHTFw2XhrpjZMU0ceBpvoHyEx1nm3hHdOPjFkpd h/WY7cUZJudGAgTwuY68M6ACRKWYNZ0THk1S4hvB4IoRIW1mGtnGW9Zh3SLZ03OS TIfCvXLkD4XrQ9OfdFMVVWMj1mpQ9M/GFDKJ4Kg6OzX6tJVxu7liVD09lRD1nQRO MXXuME8eZr0sqFWxNpE79PyEoUfN3qujfGMtcEAXuAh6T6YF9AWR/hteVkfIHswX tqYz9lqObnl9GFdc5Kms =3Lqg -----END PGP SIGNATURE----- From jerry at seibercom.net Sat Feb 23 17:26:31 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 23 Feb 2013 11:26:31 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <5128D2BE.4000308@rainydayz.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300@sixdemonbag.org> <20130223080105.0dde039f@scorpio> <5128D2BE.4000308@rainydayz.org> Message-ID: <20130223112631.637ca22c@scorpio> On Sat, 23 Feb 2013 14:31:26 +0000 Andy Ruddock articulated: > Jerry wrote: > > On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: > > > >> On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: > >>> Have any consumer banks in the US figured out how to use PGP, > >>> so monthly statements can be truly *delivered*? > > [snip] > > > My bank and credit card company, sends me a monthly link to a > > secure URL that affords me the opportunity to view my statements. I > > also have the option of downloading in PDF, CSV or MS Excel format > > my statement. I have never received a plain email statement > > detailing my banking records. > > > > Unless I am seriously misreading this thread, I am not sure what > > advantage either PGP or S/MIME would afford. > > The point being that you get a link. If the banks used PGP or S/MIME > then they could actually send you your statements. Well, each to his/her own I suppose; however, I would not approve of the file being sent to my PC regardless. There is always the possibility of the email being intercepted and exploited or my PC being compromised. If I want confidential information delivered to my PC, that should be my business. If an institution wanted to offer that option, and thereby being issued a released of responsibility, I have no objections to it. I do not consider the clicking on of a secure link and downloading the document to be an inconvenience, but rather a security feature, especially when the documents(s) can be downloaded in several formats. I realize that not everyone will agree with me. Que Sera, Sera -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From mdcampo at bellsouth.net Sat Feb 23 22:50:51 2013 From: mdcampo at bellsouth.net (Mark Campo) Date: Sat, 23 Feb 2013 15:50:51 -0600 Subject: Question about the following.... Message-ID: <000001ce120f$d9b4fe90$8d1efbb0$@net> Assume I had the GnuPG/PGP software.yet tell me how you would use GnuPG/PGP to encrypt the file and what instructions or methods you would need me to use to get the encrypted file and decrypt it on the recipients machine WITHOUT the recipient having GnuPG/PGP software loaded to the recipient system ... STEP BY STEP Instructions -------------- next part -------------- An HTML attachment was scrubbed... URL: From anonymous at hoi-polloi.org Sun Feb 24 14:21:57 2013 From: anonymous at hoi-polloi.org (Anonymous) Date: Sun, 24 Feb 2013 13:21:57 GMT Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> Message-ID: >OpenPGP, no, because there's no business case for them to do so. >OpenPGP users represent a phenomenally small fraction of their userbase >(probably <1%) and would account for a large fraction of their tech >support questions. You seem to imply that Americans are less capable or less interested in PGP-protected mail. The German bank "1822 Direkt" sends PGP encrypted bank statements to their customers. Someone mentioned another German bank that does this. Why does the business case work in Germany? Interactivebrokers (which is essentially a worldwide bank) offers PGP encrypted statement as a delivery option. But sadly, IB is elitest, in the sense that only their high value high-roller VIP customers can tick the PGP box (perhaps this supports your point). There is also a bank in Japan, South Africa, and on in the US which supports a passworded PDF option. It's obviously less secure than PGP if they are using the RC4 algorithm, but certainly indicates that some people like true delivery.. just as one might prefer to have their pizza delivered. Anyway, I don't accept the idea that the business case is lacking. In an industry that is willing to pay upwards of $150 to entice new customers into opening an account, a bank could easily gain majority market share of all self-respecting nerds in the country at a fraction of that cost. I call it a missed opportunity. From rjh at sixdemonbag.org Sun Feb 24 20:35:00 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 24 Feb 2013 14:35:00 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> Message-ID: <512A6B64.2090100@sixdemonbag.org> On 02/24/2013 08:21 AM, Anonymous wrote: > You seem to imply that Americans are less capable or less interested > in PGP-protected mail. Oh, please. This is pure projection. > The German bank "1822 Direkt" sends PGP encrypted bank statements to > their customers. Someone mentioned another German bank that does > this. Why does the business case work in Germany? It doesn't. It works for one particular bank. It doesn't work for Germany as a whole. Different banks have different clienteles and different incentives for how they deal with their clientele. > Anyway, I don't accept the idea that the business case is lacking. In > an industry that is willing to pay upwards of $150 to entice new > customers into opening an account, a bank could easily gain majority > market share of all self-respecting nerds in the country at a fraction > of that cost. I call it a missed opportunity. And as soon as a customer is on the phone with tech support for two hours trying to get GnuPG to work on their system, that's about $100 the bank has now spent trying to retain this customer. That's a lot. The only way to make the user profitable in such a case is to raise service fees, in which case that bank will hemorrhage business to their competitors. If I were a banker and I had a choice between SSL-secured HTTPS that 99% of my internet banking customers would approve of, which requires no special training or experience on their part, which requires no additional special training on the part of my tech support staff, or adding OpenPGP-secured statement delivery that would appeal to 1% of my userbase and each one of those users would have tech support costs orders of magnitude greater than the users as a whole, the presence of that 1% would require expensive training and retraining on the part of my tech support staff... Honestly, if I was advising a consumer bank about this, I'd tell them to avoid OpenPGP. I don't see the business case for it. And until you can show me either (a) radical improvements in ease-of-use, (b) radical reductions in technical support costs, or (c) explosive demand from the users, you really can't show me the business case for it, either. From jays at panix.com Sun Feb 24 21:27:43 2013 From: jays at panix.com (Jay Sulzberger) Date: Sun, 24 Feb 2013 15:27:43 -0500 (EST) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512A6B64.2090100@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> Message-ID: On Sun, 24 Feb 2013, Robert J. Hansen wrote: > On 02/24/2013 08:21 AM, Anonymous wrote: >> You seem to imply that Americans are less capable or less interested >> in PGP-protected mail. > > Oh, please. This is pure projection. > >> The German bank "1822 Direkt" sends PGP encrypted bank statements to >> their customers. Someone mentioned another German bank that does >> this. Why does the business case work in Germany? > > It doesn't. It works for one particular bank. It doesn't work for > Germany as a whole. Different banks have different clienteles and > different incentives for how they deal with their clientele. > >> Anyway, I don't accept the idea that the business case is lacking. In >> an industry that is willing to pay upwards of $150 to entice new >> customers into opening an account, a bank could easily gain majority >> market share of all self-respecting nerds in the country at a fraction >> of that cost. I call it a missed opportunity. > > And as soon as a customer is on the phone with tech support for two > hours trying to get GnuPG to work on their system, that's about $100 the > bank has now spent trying to retain this customer. That's a lot. The > only way to make the user profitable in such a case is to raise service > fees, in which case that bank will hemorrhage business to their competitors. Ship a device. > > If I were a banker and I had a choice between SSL-secured HTTPS that 99% > of my internet banking customers would approve of, which requires no > special training or experience on their part, which requires no > additional special training on the part of my tech support staff, or > adding OpenPGP-secured statement delivery that would appeal to 1% of my > userbase and each one of those users would have tech support costs > orders of magnitude greater than the users as a whole, the presence of > that 1% would require expensive training and retraining on the part of > my tech support staff... > > Honestly, if I was advising a consumer bank about this, I'd tell them to > avoid OpenPGP. I don't see the business case for it. And until you can > show me either (a) radical improvements in ease-of-use, (b) radical > reductions in technical support costs, or (c) explosive demand from the > users, you really can't show me the business case for it, either. Your argument seems to show that, in order to get more people using encrypted email, we should use part of the system you think is superior, namely the browser with whatever crypto stack your banks use. If such a superior system for easy delivery of well encrypted stuff exists I would like to learn about it. ad a: Yes, of course, Gnupg is today for many people very difficult to set up. Why is the browser plus crypto system easier to use? oo--JS. From rjh at sixdemonbag.org Sun Feb 24 22:24:54 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 24 Feb 2013 16:24:54 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> Message-ID: <512A8526.2070903@sixdemonbag.org> On 02/24/2013 03:27 PM, Jay Sulzberger wrote: > Ship a device. Meaning what, exactly? At first blush you seem to be trading one problem for another: people don't know how to use GnuPG, so ship a device and now they don't know how to use the device. > Your argument seems to show that, in order to get more people > using encrypted email, we should use part of the system you think > is superior... Cheaper, not superior. To a first approximation, MBAs and bean-counters divide a business's operations into revenue and overhead. They'll go to great lengths to maximize revenue, and they'll go to great lengths to minimize expenses. Security doesn't directly generate revenue -- at best it indirectly facilitates it, but that's difficult to quantify and plug into a spreadsheet. That means security gets viewed as an overhead expense: something to be minimized at all costs. People keep on thinking in terms of "wouldn't it be nice if," but that's not how business thinks. Business thinks in terms of, "what will maximize revenue and minimize overhead?" OpenPGP users account for probably less than a thousandth of all computer users. 99.9% of all banking users have no real desire to see OpenPGP used for their statement delivery. If the 0.1% of customers who want OpenPGP produce so much revenue for a bank that they cannot be ignored, and are willing to leave their current bank for one that will provide OpenPGP, then we can expect to see banks deploying OpenPGP-based solutions. But until then, no. This is not a technological problem. It's a business problem. To think otherwise is to commit serious category error. From jays at panix.com Sun Feb 24 21:18:16 2013 From: jays at panix.com (Jay Sulzberger) Date: Sun, 24 Feb 2013 15:18:16 -0500 (EST) Subject: Question about the following.... In-Reply-To: <000001ce120f$d9b4fe90$8d1efbb0$@net> References: <000001ce120f$d9b4fe90$8d1efbb0$@net> Message-ID: On Sat, 23 Feb 2013, Mark Campo wrote: > Assume I had the GnuPG/PGP software.yet tell me how you would use GnuPG/PGP > to encrypt the file and what instructions or methods you would need me to > use to get the encrypted file and decrypt it on the recipients machine > WITHOUT the recipient having GnuPG/PGP software loaded to the recipient > system ... STEP BY STEP Instructions Here is one answer: 1. Ship a device to your recipient, which has aboard the software and your recipient's private key. Here I make the assumption that you have your recipient's public key and used it to send them an encrypted message. and here is another answer to a perhaps different question 2. Find out exactly what the formats are and what the computations are, and then do them by hand. Give your recipient the formal definitions, and let your recipient write the needed code. Both versions of your question are good, and thorough answers would be of use to the Cause. ad Bitcoin: I do not know of any complete enough definition of the stack of data and functions and protocols that is Bitcoin so that one might do a clean room implementation just from the definition. oo--JS. From dkg at fifthhorseman.net Mon Feb 25 00:58:49 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 24 Feb 2013 15:58:49 -0800 Subject: options files In-Reply-To: <000501ce104b$1c25e440$5471acc0$@net> References: <000501ce104b$1c25e440$5471acc0$@net> Message-ID: <512AA939.2050103@fifthhorseman.net> On 02/21/2013 07:50 AM, John A. Wallace wrote: > Can I get a link discussing one or more of a typical situations when options > files are used? Thanks Some of us are collecting "best practice" suggestions over here: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Feb 25 13:32:24 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Feb 2013 13:32:24 +0100 Subject: [Announce] Libgpg-error 1.11 released Message-ID: <87obf8a813.fsf@vigenere.g10code.de> Hi! I am pleased to announce version 1.11 of libgpg-error, a library for common error values and messages in GnuPG components. If you want to use this library for you own project, please chime in and gnupg-devel so that we can discuss whether it makes sense to add a new source identifier. This is a shared library so it can be updated independently of each individual component, while still allowing the use of new error values in inter-process communication. It may be found in the files ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.11.tar.bz2 (478k) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.11.tar.bz2.sig or gzip compressed ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.11.tar.gz (624k) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.11.tar.gz.sig or as a patch to upgrade from 1.10: ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.10-1.11.diff.bz2 (200k) It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should best be sent to: gnupg-devel at gnupg.org The sha1sum checksums for this distibution are be209b013652add5c7e2c473ea114f58203cc6cd libgpg-error-1.11.tar.bz2 db05ac4a29d3f92ae736da44f359b92b6af9f7ee libgpg-error-1.11.tar.gz 93b0cc74c21e6aa23863322ad7f32f1f4ae04e43 libgpg-error-1.10-1.11.diff.bz2 Noteworthy changes in version 1.11 (2013-02-25) ----------------------------------------------- * New error source GPG_ERR_SOURCE_ASSUAN for Libassuan related errors. * New macros GPG_ERROR_VERSION and GPG_ERROR_VERSION_NUMBER. New function gpg_error_check_version. * Interface changes relative to the 1.10 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_NO_KEYSERVER NEW. GPG_ERR_INV_CURVE NEW. GPG_ERR_UNKNOWN_CURVE NEW. GPG_ERR_DUP_KEY NEW. GPG_ERR_AMBIGUOUS NEW. GPG_ERR_SOURCE_ASSUAN NEW. gpg_error_check_version NEW. GPG_ERROR_VERSION NEW. GPG_ERROR_VERSION_NUMBER NEW. Thanks to all translators; this time in particular to Yuri Chornoivan and Felipe Castro for adding Ukranian and Esperanto translations. A listing with commercial support offers for GnuPG and related software is available at: http://www.gnupg.org/service.html The driving force behind the development of the GnuPG system is my company g10 Code. Maintenance and improvement of GnuPG and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://g10code.com/gnupg-donation.html Happy hacking, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mwood at IUPUI.Edu Mon Feb 25 17:18:10 2013 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 25 Feb 2013 11:18:10 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> Message-ID: <20130225161810.GA21003@IUPUI.Edu> Well, there is a way to find out whether it works. Those who care deeply about this should get together, raise some capital, and open NerdBank(tm) where they can do business their way, and see how it goes. There's plenty of room right now for people who want to reimagine the retail banking business, so long as they still keep depositors' money safe and deal it out as ordered. I'm actually more interested in the local bank as portal to certificate services. Actually going physically to the issuer and presenting, face-to-face, identifying documents that might actually be slightly difficult to steal or forge, is not something that most people can realistically do with the current crop of CAs. Long-distance relationships in the security realm make trust difficult, in both directions. None of this has a great deal to do with OpenPGP or GnuPG as such. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu There's an app for that: your browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mhannemann at meperia.com Mon Feb 25 16:48:44 2013 From: mhannemann at meperia.com (Michael Hannemann) Date: Mon, 25 Feb 2013 10:48:44 -0500 Subject: options files In-Reply-To: <512AA939.2050103@fifthhorseman.net> References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> Message-ID: <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> On Feb 24, 2013, at 6:58 PM, Daniel Kahn Gillmor wrote: > On 02/21/2013 07:50 AM, John A. Wallace wrote: >> Can I get a link discussing one or more of a typical situations when options >> files are used? Thanks > > Some of us are collecting "best practice" suggestions over here: > > https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults > > hth, > > --dkg Fantastic tips, thank you. As to the "always set an expiration date", I certainly wish I had the first time I created a GPG key for my personal account, since that was several inattentive years ago, and I no longer know the passphrase. (That's pretty much hopeless, right?) Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From avi.wiki at gmail.com Mon Feb 25 17:58:13 2013 From: avi.wiki at gmail.com (Avi) Date: Mon, 25 Feb 2013 11:58:13 -0500 Subject: options files In-Reply-To: <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> Message-ID: On Mon, Feb 25, 2013 at 10:48 AM, Michael Hannemann wrote: > On Feb 24, 2013, at 6:58 PM, Daniel Kahn Gillmor wrote: > >> On 02/21/2013 07:50 AM, John A. Wallace wrote: >>> Can I get a link discussing one or more of a typical situations when options >>> files are used? Thanks >> >> Some of us are collecting "best practice" suggestions over here: >> >> https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults >> >> hth, >> >> --dkg > > > Fantastic tips, thank you. > > As to the "always set an expiration date", I certainly wish I had the first time I created a GPG key for my personal account, since that was several inattentive years ago, and I no longer know the passphrase. (That's pretty much hopeless, right?) > > > Michael Well, a revocation certificate should be sufficient to kill the key even if you forget the passphrase. ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From mixmaster at remailer.privacy.at Mon Feb 25 21:20:37 2013 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 25 Feb 2013 21:20:37 +0100 (CET) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512A6B64.2090100__40744.9643397287$1361734578$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100__40744.9643397287$1361734578$gmane$org@sixdemonbag.org> Message-ID: >> Why does the business case work in Germany? >It doesn't. It works for one particular bank. It doesn't work for >Germany as a whole. Where does this idea that a business case must be recognized by all suppliers for an entire industry in a whole country before it "works"? A business case can be viable if there are *zero* implementations, substantiated purely by analysis. And having just one working case goes as far as testing and proving that it works. >Different banks have different clienteles and different incentives >for how they deal with their clientele. My point exactly. One bank may offer a free t-shirt to get customers, while another may offer more security and more convience in statement delivery. Just because one bank can survive on the t-shirt promo doesn't make the GPG feature unviable. >And as soon as a customer is on the phone with tech support for two >hours trying to get GnuPG to work on their system, that's about $100 >the bank has now spent trying to retain this customer. That's a lot. You're making several errors in that one statement. 1) First of all, you're assuming that the feature is officially supported. A bank need not support anything, officially. 2) You're assuming that official support implies unlimited resources must be allocated to every call. Nothing the bank does includes unlimited support. If they choose to give any support at all, they can pick and choose the extent to which they offer support. And indeed, this is what happens. Try just getting basic browser support if you're running Debian and Iceweasel, when it fails to handle all the javascript and flash that many banks (foolishly) use. You'll exhaust the tech support in no time, and will never be given the opportunity to talk to the engineers. And if you could, they aren't going to fix what's broken on their server to make the service work for you. 3) An hour of tech support costs the bank about $5-10 for the cheap labor they've outsourced it to India. Perhaps another $10 if the Indian call center has operators who have been trained to lose their accent and sound American. 4) A bank can (and does) limit the configuration for which they will support, officially. E.g. they might say they only support the latest MS Explorer. Or they might say they only officially support PGP statements to customers who have hushmail accounts (so the dummies can get fool-proof service that needs no technical support) - while unofficially giving the nerds a means to submit their public keys. >The only way to make the user profitable in such a case is to raise >service fees, in which case that bank will hemorrhage business to >their competitors. IB has figured out that this is not true. Their VIP customers pay through the nose for their "premium" service, but they're the only game in town, so nothing threatens their market share. >If I were a banker and I had a choice between SSL-secured HTTPS that >99% of my internet banking customers would approve of, which requires >no special training or experience on their part, which requires no >additional special training on the part of my tech support staff, or >adding OpenPGP-secured statement delivery that would appeal to 1% of >my userbase and each one of those users would have tech support costs >orders of magnitude greater than the users as a whole, the presence >of that 1% would require expensive training and retraining on the >part of my tech support staff... Then you would choose to be a dime-a-dozen bank, and compete with tens of thousands of banks for 1/10000th of 99% of the market, which is obviously not as profitable as taking the other 1% in whole. >Honestly, if I was advising a consumer bank about this, I'd tell them to >avoid OpenPGP. I don't see the business case for it. And until you can >show me either (a) radical improvements in ease-of-use, Partner with hushmail. >(b) radical reductions in technical support costs, Don't offer unlimited support. >(c) explosive demand from the users, The demand need not be "explosive" if you're the only one (or one of very few) supplying the demand. >you really can't show me the business case for it, either. You've failed to make a convincing case for why a business case already proven to work in Germany would fail in the US. From peter.loshin at gmail.com Mon Feb 25 23:54:34 2013 From: peter.loshin at gmail.com (Peter Loshin) Date: Mon, 25 Feb 2013 17:54:34 -0500 Subject: Questions about OpenPGP best practices Message-ID: Many thanks to Daniel Kahn Gillmor for pointing to the best practices page (https://we.riseup.net/riseuplabs+paow/openpgp-best-practices); this information is very helpful. Some questions about the information on this page: 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume that a pool is better than a particular server; is there one particular pool that is preferred? What about http://pool.sks-keyservers.net/? 2. On keeping an encrypted backup of my secret key material, what method is recommended for doing that? (Presumably something like "gpg --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?) 3. On using a keyserver with HKPS support: when I attempt to connect (via Chrome) to https://sks-keyservers.net/, I get an error headlined "The site's security certificate is not trusted!", stating " the server presented a certificate issued by an entity that is not trusted by your computer's operating system." 4. When I try to use hkps://sks-keyservers.net with GnuPG at the command line, I get these messages: gpgkeys: HTTP post error 1: unsupported protocol gpg: keyserver internal error gpg: keyserver send failed: Keyserver error And when I try the same with the domain name only (sks-keyservers.net) I get these messages: : can't connect to `sks-keyservers.net': No route to host gpgkeys: HTTP post error 7: couldn't connect: No route to host gpg: keyserver internal error gpg: keyserver send failed: Keyserver error My question would be, am I doing something wrong or is the service unavailable? Thank you! Peter -- ============== Peter Loshin 617/549-4514 ============== From craig at 2ndquadrant.com Tue Feb 26 01:25:42 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Tue, 26 Feb 2013 08:25:42 +0800 Subject: options files In-Reply-To: <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> Message-ID: <512C0106.80901@2ndquadrant.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/25/2013 11:48 PM, Michael Hannemann wrote: > > Fantastic tips, thank you. > > As to the "always set an expiration date", I certainly wish I had the first time I created a GPG key for my personal account, since that was several inattentive years ago, and I no longer know the passphrase. (That's pretty much hopeless, right?) > > I really wish a 1y or 2y expiry was the default and that gpg prompted you to generate a revcert as part of key generation. I spend a lot of time cajoling staff into setting expiries, verifying that they have proper revcerts and revcert storage, etc. - -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRLAEFAAoJELBXNkqjr+S2/IEH/1lbhPxThQhk6DN2eFc/cnL8 WEJZnANric4/HVRsl04MByB9w3m2iMoHPKpC1fUfabP1UkplpxYUto5MdQr14Brm ZlHgvCvG6wRco6IxuQJn0XsXgTmXQ6JUw6BYfdgmUNUK1F7n1vD72j+CLLZK0fEH d9hd/cDEGEiZic2F4ExQ/JXKsZYSLk9oY6iBaft0E0DB35ZvxRENMWymCQwzCZt2 mo6ctM4mXmBdnfmh5sSMV63073vN4sjGY35msjNzD6ZBZbuCxDxDMMefvhC6e0wo 0cGIw9YgLskyo8Yd7DsX7tZ6eQOWyKEupOSHeYzuOGByTADQPAB5CsblVn3em54= =PfQN -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Feb 26 01:26:56 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 25 Feb 2013 19:26:56 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100__40744.9643397287$1361734578$gmane$org@sixdemonbag.org> Message-ID: <512C0150.1000500@sixdemonbag.org> On 02/25/2013 03:20 PM, Anonymous Remailer (austria) wrote: > Where does this idea that a business case must be recognized by all > suppliers for an entire industry in a whole country before it "works"? No one, but your statement seemed to be a severe overgeneralization. Declaring that something works "in Germany" has a strong implication of it working throughout *the whole of* Germany. If your intent was instead to say, "Why does it work for these specific banks?", then I have no objection to that and I think it's a very reasonable question. > A business case can be viable if there are *zero* implementations, Like perpetual motion machines, business cases are judged by how well they work in the real world. > 1) First of all, you're assuming that the feature is > officially supported. A bank need not support anything, > officially. The discussion is about banks that *send statements via encrypted email*. If the bank is doing this then it's officially supporting it. > 2) You're assuming that official support implies unlimited resources > must be allocated to every call. No, I'm not. At some point any business will declare a customer to be too much trouble for the amount of profit made from that person and will seek to alter or terminate the business relationship. This does not change the fact that people will still seek technical support, and that technical support costs money. And if the bank is officially supporting sending customers bank statements via encrypted email, then yes, the bank does need to offer technical support or else the bank will soon be losing customers. > 3) An hour of tech support costs the bank about $5-10 for the cheap > labor they've outsourced it to India. Perhaps another $10 if the > Indian call center has operators who have been trained to lose > their accent and sound American. Having seen the balance sheets for tech support costs for a couple of Fortune 50 firms, I can tell you that you're off by an order of magnitude. Unfortunately, I'm bound by nondisclosure agreements and can't really say more than that. $100 for an hourlong session is in the right ballpark for the firms I have firsthand experience with. To give you an idea of how the accounting is done, though, labor costs are the least of the concern. Another major concern is, "What if the customer gets so frustrated with the problem that the customer stops doing business with us?" If 1% of tech support calls result in losing a customer, and the average lost customer would've resulted in $10,000 of profit over the course of that customer's relationship with the business, then the amortized cost of a tech support call just jumped to $100... right there... based on nothing more than the cost of the customer's frustration. You cannot measure the cost of a tech support call solely by the cost of the labor involved. The labor involved is insignificant: it's so minute it's practically considered accounting error. The real costs come elsewhere, and they accrue the instant the tech support call is placed. > Then you would choose to be a dime-a-dozen bank, and compete with tens > of thousands of banks for 1/10000th of 99% of the market, which is > obviously not as profitable as taking the other 1% in whole. This assumes the 0.1% that uses OpenPGP provides per-customer revenue comparable to that of the 99.9%. This is probably not true: you're talking about such a small selection of users that their profile will probably be quite idiosyncratic compared to the community at large. >> Honestly, if I was advising a consumer bank about this, I'd tell them to >> avoid OpenPGP. I don't see the business case for it. And until you can >> show me either (a) radical improvements in ease-of-use, > > Partner with hushmail. So your "solution" involves telling customers, "we will support your request to use OpenPGP for sending encrypted bank statements, but only if you agree to use Hushmail for a mail provider, even though they have a track record of turning cleartext copies of email over to legal authorities"? [1] [1] http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ >> (b) radical reductions in technical support costs, > > Don't offer unlimited support. You seem to think the problem is unlimited support. It's not. The problem is the instant *any* support is offered it's a minimum $100 charge (under the model I presented above, where each call has a 1% chance of terminating a business relationship that would've been worth $10,000 over its lifetime). You can reduce the price of offering technical support or reduce the rate at which technical support is needed. Capping support will do nothing to mitigate the problem, because labor costs -- the thing you're proposing to cap -- are not the problem. > The demand need not be "explosive" if you're the only one (or one of > very few) supplying the demand. Nobody ever made a fortune by catering to a small and stagnant market. OpenPGP adoption has, on the whole, badly stagnated. (Email itself is also stagnating, which is far worse.) In the quite-excellent film _Other People's Money_, an entrepreneur has this to say on the subject: "You know the surest way to go broke? Keep getting an increasing share of a shrinking market. Down the tubes. Slow but sure. You know, at one time there must've been dozens of companies making buggy whips. I'll bet the last company around was the one that made the best Goddamned buggy whip you ever saw. Now, how would you have liked to have been a stockholder in that company?" Email is already stagnating -- the next generation of customers (teenagers and college students) associate email as a decrepit technology that was cool back in their parents' day. The next generation of customers wants HTML5 and smartphone apps. The number of people who want balances emailed to them is not growing, it's *shrinking*. The number of people who want those statements encrypted with OpenPGP is, at best, stagnating. If you like, I encourage you to supply that demand. I think you'll quickly discover you're the buggy whip manufacturer in the entrepreneur's story. > You've failed to make a convincing case for why a business case > already proven to work in Germany would fail in the US. A business case which has already shown itself to work *for one bank*. Without knowing details of this bank's economic niche, its customer demographics, its technological infrastructure, the choices it made which led it to its current point, it is impossible to make any kind of pronouncements about whether that same plan would work in the United States. You can't say it would. You can't say it wouldn't. You simply don't have the data to make any argument one way or another. From kgo at grant-olson.net Tue Feb 26 01:06:00 2013 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 25 Feb 2013 19:06:00 -0500 Subject: Questions about OpenPGP best practices In-Reply-To: References: Message-ID: <512BFC68.2020005@grant-olson.net> On 2/25/13 5:54 PM, Peter Loshin wrote: > > 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume > that a pool is better than a particular server; is there one > particular pool that is preferred? What about > http://pool.sks-keyservers.net/? > Yep, that's the one you want. > 2. On keeping an encrypted backup of my secret key material, what > method is recommended for doing that? (Presumably something like "gpg > --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?) > If you are using a passphrase, your secret key will already be encrypted. I don't see any advantage to double-encrypting. -- Grant Confidential info? Please encrypt or send via: https://privacybox.de/grant.msg "I am gravely disappointed. Again you have made me unleash my dogs of war." From dougb at dougbarton.us Tue Feb 26 07:43:33 2013 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 25 Feb 2013 22:43:33 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: References: Message-ID: <512C5995.3040709@dougbarton.us> On 02/25/2013 02:54 PM, Peter Loshin wrote: > Many thanks to Daniel Kahn Gillmor for pointing to the best practices > page (https://we.riseup.net/riseuplabs+paow/openpgp-best-practices); > this information is very helpful. > > Some questions about the information on this page: > > 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume > that a pool is better than a particular server; is there one > particular pool that is preferred? What about > http://pool.sks-keyservers.net/? Yes, that's a good one, and generally preferred. > 2. On keeping an encrypted backup of my secret key material, what > method is recommended for doing that? (Presumably something like "gpg > --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?) If you're using a pass phrase, your key is already encrypted. Just save it somewhere safe. > 3. On using a keyserver with HKPS support: when I attempt to connect > (via Chrome) to https://sks-keyservers.net/, I get an error headlined > "The site's security certificate is not trusted!", stating " the > server presented a certificate issued by an entity that is not trusted > by your computer's operating system." Yeah, they are using a self-signed certificate. A very dodgy decision in an era where there are a non-zero number of widely accepted CAs that will give out free certificates. > 4. When I try to use hkps://sks-keyservers.net The Best Practices page you posted above actually suggests: keyserver hkps://hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem That worked for me, although I was a bit disappointed that placing the cert at /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the docs said it should. Does anyone know where/how to place the cert file on the system so that it can be called by demand, rather than having to specify it in the gpg.conf? > with GnuPG at the > command line, I get these messages: > > gpgkeys: HTTP post error 1: unsupported protocol > gpg: keyserver internal error > gpg: keyserver send failed: Keyserver error > > And when I try the same with the domain name only (sks-keyservers.net) > I get these messages: > > : can't connect to `sks-keyservers.net': No route to host > gpgkeys: HTTP post error 7: couldn't connect: No route to host > gpg: keyserver internal error > gpg: keyserver send failed: Keyserver error > > My question would be, am I doing something wrong or is the service unavailable? You're doing something wrong. :) Follow the doc more closely. Doug From dkg at fifthhorseman.net Tue Feb 26 07:51:36 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 25 Feb 2013 22:51:36 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: References: Message-ID: <512C5B78.5060907@fifthhorseman.net> On 02/25/2013 02:54 PM, Peter Loshin wrote: > 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume > that a pool is better than a particular server; is there one > particular pool that is preferred? What about > http://pool.sks-keyservers.net/? You should use hkp:// instead of http://. Using http:// implies a simple web request (e.g. , while hkp:// implies the structured key lookups keyservers are known to use. and you may want to use ha.pool.sks-keyservers.net (this is a high-availability pool -- only keyservers that operate behind HTTP reverse proxies are included. this mode of operation is considered a best-practice for sks keyserver operators). > 2. On keeping an encrypted backup of my secret key material, what > method is recommended for doing that? (Presumably something like "gpg > --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?) i agree with grant olson that there is no need to double-encrypt. you may also be interested in using paperkey to generate a minimized chunk of data for offline backup: http://www.jabberwocky.com/software/paperkey/ > 3. On using a keyserver with HKPS support: when I attempt to connect > (via Chrome) to https://sks-keyservers.net/, I get an error headlined > "The site's security certificate is not trusted!", stating " the > server presented a certificate issued by an entity that is not trusted > by your computer's operating system." yes, this host is certified by its operator (Kristian Fiskerstrand) via the OpenPGP web of trust. one way to verify it is with the monkeysphere validation agent (msva-perl, in debian) and the monkeysphere firefox plugin. > 4. When I try to use hkps://sks-keyservers.net with GnuPG at the > command line, I get these messages: sks-keyservers.net is not a keyserver itself -- it is the site that describes the various pools. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Feb 26 08:10:58 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 25 Feb 2013 23:10:58 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512C5995.3040709@dougbarton.us> References: <512C5995.3040709@dougbarton.us> Message-ID: <512C6002.3060008@fifthhorseman.net> On 02/25/2013 10:43 PM, Doug Barton wrote: > The Best Practices page you posted above actually suggests: > > keyserver hkps://hkps.pool.sks-keyservers.net > keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem > > That worked for me, although I was a bit disappointed that placing the > cert at /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work > like all the docs said it should. which docs suggested that should work? what operating system are you expecting it to work for? if you're using debian or a debian-derived system like mint or ubuntu, and you want to add a CA to the "system trusted root store", you actually want to add the file with a .crt extension (not .cert) to /usr/local/share/ca-certificates/ and then run "update-ca-certificates" as the superuser. Please read: /usr/share/doc/ca-certificates/README.Debian on your local system for more details. > Does anyone know where/how to place the cert file on the system so that > it can be called by demand, rather than having to specify it in the > gpg.conf? gpg's keyserver-option ca-cert-file's default for hkps is dependent on the TLS library libcurl linked to from libcurl in the handler in /usr/lib/gnupg/gpgkeys_hkp. on debian systems right now, this is libgnutls26, which currently has no default root CAs. newer versions of gnutls have a standard default root CA set that maps to the system provided above by ca-certificates. If and when gnupg-curl builds against libgnutls28-dev (the next major API change in gnutls), it should adopt those changes. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Tue Feb 26 08:28:17 2013 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 25 Feb 2013 23:28:17 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512C6002.3060008@fifthhorseman.net> References: <512C5995.3040709@dougbarton.us> <512C6002.3060008@fifthhorseman.net> Message-ID: <512C6411.10902@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/25/2013 11:10 PM, Daniel Kahn Gillmor wrote: | On 02/25/2013 10:43 PM, Doug Barton wrote: |> The Best Practices page you posted above actually suggests: |> |> keyserver hkps://hkps.pool.sks-keyservers.net |> keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem |> |> That worked for me, although I was a bit disappointed that placing the |> cert at /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work |> like all the docs said it should. | | which docs suggested that should work? lots, this one for example: https://help.ubuntu.com/community/GnuTLS | what operating system are you expecting it to work for? Ubuntu. | if you're using debian or a debian-derived system like mint or ubuntu, | and you want to add a CA to the "system trusted root store", you | actually want to add the file with a .crt extension (not .cert) to | /usr/local/share/ca-certificates/ and then run "update-ca-certificates" | as the superuser. | | Please read: | | /usr/share/doc/ca-certificates/README.Debian | | on your local system for more details. Thanks. :) |> Does anyone know where/how to place the cert file on the system so that |> it can be called by demand, rather than having to specify it in the |> gpg.conf? | | gpg's keyserver-option ca-cert-file's default for hkps is dependent on | the TLS library libcurl linked to from libcurl in the handler in | /usr/lib/gnupg/gpgkeys_hkp. on debian systems right now, this is | libgnutls26, which currently has no default root CAs. | | newer versions of gnutls have a standard default root CA set that maps | to the system provided above by ca-certificates. | | If and when gnupg-curl builds against libgnutls28-dev (the next major | API change in gnutls), it should adopt those changes. So it sounds like what you're saying is that there is no hope for a system-wide solution for hkps? I can live with the gpg.conf option, I was mostly sort of curious about adding certs to my system since I have other uses for that ability down the road. Thanks again, Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRLGQRAAoJEFzGhvEaGryETSMH/j5JXo0N6CyM2vkWj68Yjtut I37V1miuj8CgYocmxfVAmy9N0zhA2+Svt0fc/VwC/NvLpdEAyz93qJ9i7wuEMBTF sgXhX0Ou9x+rni602bjAzhfCnn7gpO+co7yRGy8N4wPcgSIDpGVdAFfxIY1j2+ml sTjQMVtNslOofAxBEuvalyEW3j4xY1rykXDhGAOJ5/JDm/1a9MXrTP/6cfhH0/IS xlbe6qH0YMChTqGS9+T/y7SSZ+0lr6glA1HaIwk2msbMJbFLluNXSwWUcuyuQT/5 CQPwVAMuaeXu+g8CGWa17jK6CrUoudz8BVI9gUyRLHbmcA1g1bG7Vw0j1o1rR2Q= =7l1x -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Feb 26 08:50:40 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 25 Feb 2013 23:50:40 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512C6411.10902@dougbarton.us> References: <512C5995.3040709@dougbarton.us> <512C6002.3060008@fifthhorseman.net> <512C6411.10902@dougbarton.us> Message-ID: <512C6950.6050200@fifthhorseman.net> On 02/25/2013 11:28 PM, Doug Barton wrote: > lots, this one for example: > > https://help.ubuntu.com/community/GnuTLS hmm, i don't use ubuntu myself, but i believe that documentation is wrong, particularly this section: https://help.ubuntu.com/community/GnuTLS#Deploying_the_Certificates That page also seems to loosely imply that secret keys and X.509 certificates generated by one implementation (GnuTLS's certtool) won't be interoperable with other implementations (e.g. OpenSSL). I don't think this is the case, and if it is, i would hope it would be reported as a bug. this is pretty off-topic for gnupg-users now, but it would be great if someone who uses ubuntu would fix that page. > So it sounds like what you're saying is that there is no hope for a > system-wide solution for hkps? No, there are multiple system-wide solutions. In the long term, for traditional X.509 certificate verification, curl-gnutls will hopefully be linked against libgnutls28, which will use its system root CAs by default. in the nearer term, you could also use msva-perl with hkpms (if you want to verify remote hosts via the OpenPGP web of trust). and you can also modify /usr/share/gnupg/options.skel to change the default options for new accounts (though i think this won't have an effect on any existing GnuPG homedirs). --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From niels at dest-unreach.be Tue Feb 26 08:52:10 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Tue, 26 Feb 2013 08:52:10 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512C5B78.5060907@fifthhorseman.net> References: <512C5B78.5060907@fifthhorseman.net> Message-ID: <512C69AA.2010407@dest-unreach.be> On 2013-02-26 07:51, Daniel Kahn Gillmor wrote: > On 02/25/2013 02:54 PM, Peter Loshin wrote: >> 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume >> that a pool is better than a particular server; is there one >> particular pool that is preferred? What about >> http://pool.sks-keyservers.net/? > > You should use hkp:// instead of http://. Using http:// implies a > simple web request (e.g. , while hkp:// implies the structured key > lookups keyservers are known to use. > > and you may want to use ha.pool.sks-keyservers.net (this is a > high-availability pool -- only keyservers that operate behind HTTP > reverse proxies are included. this mode of operation is considered a > best-practice for sks keyserver operators). I find *.sks-keyservers.net unusable (unfortunately). More often than not, I get this: gpgkeys: HTTP fetch error 7: couldn't connect: End of file tcpdump shows me that the server just closes the connection without an answer. It does work from time to time, so when doing a manual --recv-key, I usually get the key within a few tries. But when using e.g. caff (which does not retry), it's unusable. So I'm still looking for a good, working keyserver... And while pgp.mit.edu might not be the best keyserver, it works... (from my experience at least). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 906 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Feb 26 09:14:13 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 26 Feb 2013 00:14:13 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512C69AA.2010407@dest-unreach.be> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> Message-ID: <512C6ED5.5010407@fifthhorseman.net> On 02/25/2013 11:52 PM, Niels Laukens wrote: > I find *.sks-keyservers.net unusable (unfortunately). > > More often than not, I get this: > gpgkeys: HTTP fetch error 7: couldn't connect: End of file > > tcpdump shows me that the server just closes the connection without an > answer. > It does work from time to time, so when doing a manual --recv-key, I > usually get the key within a few tries. But when using e.g. caff (which > does not retry), it's unusable. please report this to the sks-devel list, where Kristian has been supporting these pools. I think he would appreciate hearing about the problems you're describing: SKS development list If you could set "keyserver-options debug" in ~/.gnupg/gpg.conf that might provide you with more detailed output as well. > And while pgp.mit.edu might not be the best keyserver, it works... (from > my experience at least). If your definition of "works" includes staying well-synced with the strong set, pgp.mit.edu does not have a great record of working. Keyservers need to stay up-to-date to be useful. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Feb 26 09:52:05 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 09:52:05 +0100 Subject: Revocation certificate creation (was: options files) In-Reply-To: <512C0106.80901@2ndquadrant.com> (Craig Ringer's message of "Tue, 26 Feb 2013 08:25:42 +0800") References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> <512C0106.80901@2ndquadrant.com> Message-ID: <87zjyr8nka.fsf_-_@vigenere.g10code.de> On Tue, 26 Feb 2013 01:25, craig at 2ndquadrant.com said: > I really wish a 1y or 2y expiry was the default and that gpg prompted > you to generate a revcert as part of key generation. I spend a lot of I wish I had done that right from the beginning. The reason why I did not was the fear that then the revocation certificate would be readily available on the disk and 3 things may happen: - The user accidentally imports that certificate and it would eventually end up on the keyservers. - Someone else gets access to the revocation certificate and sends it to the keyserver. - The disk crashed and the user has no backup. Reviewing this today I may say that the first could be mitigated by indenting the lines of the revocation certificate so that GPG would no be able to import it directly. The second is not a real issue. The third is probably the most likely threat; however, it would not be worse than not having a revocation certificate at all. Given that the default for smartcards is to store the backup on disk and ask the user to move it to a safer place, we might as well do something similar for revocation certificates. Comments? Regarding a default expiration date: It may be useful if GUIs would do this (as long as they also offer an option to prolong the expiration). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Feb 26 10:01:41 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 10:01:41 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512C69AA.2010407@dest-unreach.be> (Niels Laukens's message of "Tue, 26 Feb 2013 08:52:10 +0100") References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> Message-ID: <87vc9f8n4a.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 08:52, niels at dest-unreach.be said: > It does work from time to time, so when doing a manual --recv-key, I > usually get the key within a few tries. But when using e.g. caff (which The problem is that this is a pool of servers and you don't know which one you are currently using. Thus it is only as reliable as the least reliable server in the pool. GnuPG 2.1 uses the Dirmngr to access the keyservers and being a daemon it is statefull and tracks which servers are reliable. Well, that is the plan and most code is there. However, it is not yet complete or sufficiently debugged. > And while pgp.mit.edu might not be the best keyserver, it works... (from > my experience at least). gpg.mit.edu is running SKS for quite some time now; thus I don't think that there is any reason to not use it. Except that if everyone is using this server it will turn slow again. Thus the advise not to use it might in the end be a Good Suggestion. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From niels at dest-unreach.be Tue Feb 26 11:03:06 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Tue, 26 Feb 2013 11:03:06 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512C6ED5.5010407@fifthhorseman.net> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> Message-ID: <512C885A.9020300@dest-unreach.be> On 2013-02-26 09:14, Daniel Kahn Gillmor wrote: > On 02/25/2013 11:52 PM, Niels Laukens wrote: >> I find *.sks-keyservers.net unusable (unfortunately). >> >> More often than not, I get this: >> gpgkeys: HTTP fetch error 7: couldn't connect: End of file >> >> tcpdump shows me that the server just closes the connection without an >> answer. >> It does work from time to time, so when doing a manual --recv-key, I >> usually get the key within a few tries. But when using e.g. caff (which >> does not retry), it's unusable. > > please report this to the sks-devel list, where Kristian has been > supporting these pools. I think he would appreciate hearing about the > problems you're describing: > > SKS development list OK, I'll take the discussion there. >> And while pgp.mit.edu might not be the best keyserver, it works... (from >> my experience at least). > > If your definition of "works" includes staying well-synced with the > strong set, pgp.mit.edu does not have a great record of working. My definition of "works" usually is "I want to sign a key / verify a sig and I don't have the key in my keyring. I need to get it". Up until now, mit's server was "well enough"-synced to provide me with the data I needed. But I do agree with the points raised, and want to migrate to a "better" keyserver. However, I don't want to sacrifice reliability (by a huge factor) in order to do that. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 906 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Tue Feb 26 11:19:14 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 26 Feb 2013 11:19:14 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512C5995.3040709@dougbarton.us> References: <512C5995.3040709@dougbarton.us> Message-ID: <512C8C22.6050104@digitalbrains.com> On 26/02/13 07:43, Doug Barton wrote: > That worked for me, although I was a bit disappointed that placing the cert at > /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the > docs said it should. Please realise that if it would have worked, you would have installed that sks-keyservers certificate authority as a system-wide certificate authority, and your browser and other programs might[1] happily accept a certificate for your e-mail provider or your banking site created and signed by the sks-keyservers CA. In other words, trusting a certificate authority is currently an all-or-nothing thing where you now trust them to certify any SSL-protected service you connect to. While I appreciate the sks-keyservers folk, I would never install their CA as a system-wide CA. Actually, I already distrust "proper" CA's :). Peter. [1] I say "might" because those programs could have their own list of CA's and not use the system-wide one. Like Firefox and Thunderbird. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From kristian.fiskerstrand at sumptuouscapital.com Tue Feb 26 10:21:57 2013 From: kristian.fiskerstrand at sumptuouscapital.com (kristian.fiskerstrand at sumptuouscapital.com) Date: Tue, 26 Feb 2013 09:21:57 +0000 Subject: Questions about OpenPGP best practices In-Reply-To: <512C6ED5.5010407@fifthhorseman.net> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> Message-ID: <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> Hi, and sorry for top posting. I'm on the road again, so only blackberry access for now. I would indeed like to get more feedback on the pools. My first question is whether you notice the same behavior when using the geographical pools (eu,na,oc,sa) that are optimized based on the methods described in the PDF article linked in the overview of pools. This typically works better due to lower network roundtrip and also takes into account reverse proxies in assigning weights. Hth Sent from my BlackBerry? smartphone on Telenor -----Original Message----- From: Daniel Kahn Gillmor Sender: gnupg-users-bounces at gnupg.org Date: Tue, 26 Feb 2013 00:14:13 To: GnuPG Users Subject: Re: Questions about OpenPGP best practices _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Tue Feb 26 11:56:16 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 11:56:16 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512C8C22.6050104@digitalbrains.com> (Peter Lebbing's message of "Tue, 26 Feb 2013 11:19:14 +0100") References: <512C5995.3040709@dougbarton.us> <512C8C22.6050104@digitalbrains.com> Message-ID: <87fw0j8htb.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 11:19, peter at digitalbrains.com said: > In other words, trusting a certificate authority is currently an all-or-nothing > thing where you now trust them to certify any SSL-protected service > you connec Right, they are all implicitly cross-signed. In reality there is no security in the PKIX system at all. At least not if you want to use it on the public internet. The CA vendors don't sell security but act as information highwaymen. All the recently added browser features might be compared to laundries and milk bars as the tiny legal business arms of larger Chicago 1920ies entrepreneur groups ;-). > While I appreciate the sks-keyservers folk, I would never install their CA as a > system-wide CA. Actually, I already distrust "proper" CA's :). Thus, it won't harm you to add such a kind of Salvation Army CA. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Tue Feb 26 12:23:42 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 26 Feb 2013 12:23:42 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <87fw0j8htb.fsf@vigenere.g10code.de> References: <512C5995.3040709@dougbarton.us> <512C8C22.6050104@digitalbrains.com> <87fw0j8htb.fsf@vigenere.g10code.de> Message-ID: <512C9B3E.7020807@digitalbrains.com> On 26/02/13 11:56, Werner Koch wrote: > Thus, it won't harm you to add such a kind of Salvation Army CA. Okay, you made me laugh out loud, thanks :). It probably won't hurt to add the sks-keyservers CA, although I don't know how well they guard their private key. Probably fairly well, these are crypto guys. But there's the principle of the thing, you know? :) The CA is pretty powerful, and only useful for keyservers. There's no advantage to installing it system-wide versus putting it in your gpg.conf, I think. So why do it? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From olav at enigmail.net Tue Feb 26 12:45:14 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Tue, 26 Feb 2013 12:45:14 +0100 Subject: Revocation certificate creation In-Reply-To: <87zjyr8nka.fsf_-_@vigenere.g10code.de> References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> <512C0106.80901@2ndquadrant.com> <87zjyr8nka.fsf_-_@vigenere.g10code.de> Message-ID: <512CA04A.8020207@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Werner, > Given that the default for smartcards is to store the backup on disk and > ask the user to move it to a safer place, we might as well do something > similar for revocation certificates. Comments? my vote: yes. Non-intrusive information about what next steps should be. When creating a key using Enigmail, it asks the user to save a rev cert. CLI should do the same. > Regarding a default expiration date: It may be useful if GUIs would do this > (as long as they also offer an option to prolong the expiration). Personally, I used to use expiration dates but found it unconvenient. On newer keys, I rather make sure a have a rev cert in a safe place and set no expiry. But that's a personal preference. And yes, a user really should do one or the other at least. Concerning expiration I vote to set to 3 years at least, but there are different scenarios that have requirements: private messaging, company keys, ... Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRLKBEAAoJEKGX32tq4e9WIyQMAJ6tN9/xtYSsZMbn+5m/N6yD e/HGd4uBHwJRGwTCqMOowIDqAOoXJAyKQ5VqwMXZoaDblC3HLp9kSHfEgxGPjQPR aVorAzs9AmRDUv7hfyzdtktIKT5fLJANfM/tJzHO3yBQHkfvQdHf3Q5wCyM4Px3H i6MYyYFPNWeGGdDT4DvdFuQVfyWSrVq/UFK5l7WyBxqnfr6jpljTe7So04QdHExS rhaTdBIzfba66U7MYu8zsNtSRdjQT55HSmmwFuPKm9dYrG+6vTa5PWUajFyXo2dq NDnUUonNDZUJde8prUJVJvGzW89eSS9CpgAB2ZpFgsHLv4gmHYX64IOAcPkAtRls XAmbJDFKCn7CwGmFpwOcTq0df5wjHewLepGkdk3URShlikHJeYx/SiS78ToUUmfp 0bWonjDT2k0qpUDrFBtEwchrUh6z5jy4BgVHA+Z4m684+cgtBS61H8qCk0ZRwsz9 r42hIUTxUCwQPi01aLnBM7my0pCIWq+j/3vFaMJu3w== =5TNP -----END PGP SIGNATURE----- From wk at gnupg.org Tue Feb 26 13:28:19 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 13:28:19 +0100 Subject: Revocation certificate creation In-Reply-To: <512CA04A.8020207@enigmail.net> (Olav Seyfarth's message of "Tue, 26 Feb 2013 12:45:14 +0100") References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> <512C0106.80901@2ndquadrant.com> <87zjyr8nka.fsf_-_@vigenere.g10code.de> <512CA04A.8020207@enigmail.net> Message-ID: <87y5eb6yzg.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 12:45, olav at enigmail.net said: > my vote: yes. Non-intrusive information about what next steps should be. When > creating a key using Enigmail, it asks the user to save a rev cert. CLI should > do the same. You mean printing a hint to create a recovation certificate would be enough? Similar like the Note that this key cannot be used for encryption. You may want to use the command "--edit-key" to generate a subkey for this purpose. you see if you don't use the defaults? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From anonymous at foto.nl1.torservers.net Mon Feb 25 23:10:01 2013 From: anonymous at foto.nl1.torservers.net (Anonymous) Date: Mon, 25 Feb 2013 17:10:01 -0500 (EST) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> Message-ID: <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> >> Ship a device. >Meaning what, exactly? At first blush you seem to be trading one >problem for another: people don't know how to use GnuPG, so ship a >device and now they don't know how to use the device. Ing in Netherlands distributes software (windows, mac, and linux versions) - so apparently it's easy enough for enough average joe's to figure out how to install an app. In the states, the trend of banks offering proprietary apps for smartphones is snowballing. Banks what users to take their software so bad they're offering free miles and contests to get customers to take the bait. Such an app could embed an email client that does everything the advanced users would do, and hide everything possible. Such an app could even hide the email address, and hide the fact that email is used at all, if they wanted. >To a first approximation, MBAs and bean-counters divide a business's >operations into revenue and overhead. They'll go to great lengths to >maximize revenue, and they'll go to great lengths to minimize >expenses. They're not good at it. Moreover, the nerds among them are a very different variety of nerd than that which would understand or appreciate the needs of a comp sci/math/software nerds. This is very evident in their websites, which only offer a point-click GUI interface with no shortage of marketing gloss, round corners, and flashy shit that fails when using a proper and hardened linux or unix OS with hardened browser -- ultimately insulting the intelligence of self-respecting nerds that really just want to connect over SSH and skip the BS. > Security doesn't directly generate revenue -- at best it indirectly >facilitates it, but that's difficult to quantify and plug into a >spreadsheet. That means security gets viewed as an overhead expense: >something to be minimized at all costs. The cost of securing their webserver and all the flashy shit that they compulsively upgrade on a regular basis cannot be cheap. A bank forward-thinking enough to cater to nerds with ssh for transactions and openpgp for statements would spend the least amount on security, and simultaneously achieve a more secure infrastructure than the other banks who try to keep up with the latest web animation tricks, and all the holes that this emerging junkware continues to open. >People keep on thinking in terms of "wouldn't it be nice if," but >that's not how business thinks. Business thinks in terms of, "what >will maximize revenue and minimize overhead?" Different sectors of business think differently. Bankers fear risk where it's small with respect to the gains, and then they take on stupidly risky investments when it's inappropriate. You're giving the banksters too much credit here. When it comes to security, they just want to do what the next guy is doing, and not give it another thought. >OpenPGP users account for probably less than a thousandth of all >computer users. 99.9% of all banking users have no real desire to see >OpenPGP used for their statement delivery. The average American has ~14 bank/credit card accounts. I shit you not. So it's not just one account they must "go pickup" their statement from. You could not make a convincing claim that only 0.01% of Americans would appreciate their statements *delivered* automatically. Many customers cannot cope with the manual effort of downloading all their statements, so they simply don't. They see their balance and send a payment, and let the statements rot online, and ultimately get archived and cleaned off the server. Others resort to giving all their bank usernames and passwords to a 3rd party whome they must trust, which downloads the statements for them, and then offers yet another "pickup" service (yes, these users must still login to a website, but at least it's 1 site and not 14). From epk14octster at gmail.com Tue Feb 26 13:02:29 2013 From: epk14octster at gmail.com (pradeep kumar) Date: Tue, 26 Feb 2013 17:32:29 +0530 Subject: what is the option for "Use this key anyway? (y/N) y" Message-ID: Hi, I was trying to encrypt the file and it asking me this question to use this key anyway and after giving y then it is able to create to .aasdfsdf(ASIIC) file. *gpg -ea -r xxx -u xxx -o .aasdfsdf * But I want to pass this "y" key in the above command can you please help me which option is exactly used to pass this "y" value in single command rather it asking after running the above original command. Thanks Pradeep -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Feb 26 14:36:18 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 26 Feb 2013 08:36:18 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> Message-ID: <512CBA52.8040408@sixdemonbag.org> On 02/25/2013 05:10 PM, Anonymous wrote: > Ing in Netherlands distributes software (windows, mac, and linux > versions) - so apparently it's easy enough for enough average joe's to > figure out how to install an app. Figuring out how to install an app is not the problem. Figuring out how to *use OpenPGP* is the problem. The app is not the same as the amount of specialized knowledge required to use the app successfully. OpenPGP has a learning curve like the Matterhorn. This is a long-known and long-lamented fact. If you can fix that, then maybe things will change. As things stand, though, I doubt they will change. > take the bait. Such an app could embed an email client that does > everything the advanced users would do, and hide everything possible. > Such an app could even hide the email address, and hide the fact that > email is used at all, if they wanted. Then why bother at all with email and OpenPGP? > They're not good at it. On the contrary, many of them are phenomenally good at it. Operations Research is part of the business school in most universities, and the OR geeks tend to be astonishingly good at what they do -- which is maximize efficiencies and cut inefficiencies. (ObDisclosure: I'm a contributor to COIN-OR, the Computational Infrastructure for Operations Research, and have assisted with a couple of papers in the field. I have been deeply, thoroughly impressed by virtually everyone I've met in OR.) > Moreover, the nerds among them are a very different variety of nerd > than that which would understand or appreciate the needs of a comp > sci/math/software nerds. OR nerds -- who are the B-schoolers who focus most heavily on efficiencies -- are serious math and CS nerds. Look up George Danzig sometime. http://en.wikipedia.org/wiki/George_Dantzig I understand that many geeks like to look down our noses at people in the B-schools, but really, that's a shallow prejudice that we as a community need to get over. There are some alarmingly sharp people over there. > A bank forward-thinking enough to cater to nerds with ssh for > transactions and openpgp for statements would spend the least amount > on security I'm going to have to ask to see the business study you're using to back this up. This is your prejudice, nothing more. It's just as credible to claim that a bank probably wouldn't want to cater to seriously tech-savvy people because of the risk of bad apples. If 0.01% of your customers have the capability to defraud your bank, that's a much different situation from 1% having that same capability. It affects the business logic considerably. They might wind up spending the *most*. > The average American has ~14 bank/credit card accounts. I shit you > not. So it's not just one account they must "go pickup" their > statement from. You could not make a convincing claim that only 0.01% > of Americans would appreciate their statements *delivered* > automatically. Which is why I didn't make that claim. I said that probably <1% (and my suspicion is <0.1%) of all users would want OpenPGP to be used to secure delivery. For example, I'm in the ranks of people who don't care. I genuinely don't. I want some sensible technology to be used, but I have zero interest in specifying which technology should be used. From olav at enigmail.net Tue Feb 26 14:37:49 2013 From: olav at enigmail.net (Olav Seyfarth) Date: Tue, 26 Feb 2013 14:37:49 +0100 Subject: Revocation certificate creation In-Reply-To: <87y5eb6yzg.fsf@vigenere.g10code.de> References: <000501ce104b$1c25e440$5471acc0$@net> <512AA939.2050103@fifthhorseman.net> <5F461582-D287-4048-B130-08DAEA64746B@meperia.com> <512C0106.80901@2ndquadrant.com> <87zjyr8nka.fsf_-_@vigenere.g10code.de> <512CA04A.8020207@enigmail.net> <87y5eb6yzg.fsf@vigenere.g10code.de> Message-ID: <512CBAAD.2000002@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Werner, >> When creating a key using Enigmail, it asks the user to save a rev cert. >> CLI should do the same. > > You mean printing a hint to create a recovation certificate would be > enough? well, first it's just my opinion. Second, I'd vote for a hint _at least_. I'd prefer a question to the user whether he/she wants to create one. Same applies for the key backup itself! Even with question, there should be one sentence explaining why the user should care about it, like If your private key is lost or broken or gets compromised, you might want to mark your public key invalid if you (or someone) put it on a public key server. You can do so using a revocation certificate. Would you like to create a revocation certificate now? (if yes, ask for typical "causes", maybe even multiple, IMHO no expert freetext "cause" - those that do know this also know how to use args.) [Farewell message prior to exiting] Mind to store a copy of your private and public key and the revocation certificate(s) on a reliable offline media and save that in a place only you have access to. Well, that's a lot to read, maybe there's a shorter way to tell but it should be readable by the average user. Again: my personal preference. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJRLLqmAAoJEKGX32tq4e9W0mIL/2oe7xQr+i7APk66K/gu6bI/ KK5nty4M7rnuTJ3FFSgnlf/4bSNJ/5omZrN0s1iI3lczijtjEh7AYyMIzCE6BcvZ HcMtEqXkvoU7cPM+REXnGf9NaH2GOdhsHdI+1LPqSuSlEVXzj/kzcm1QwdhdpFnH OcZROGB//TCWPMUpK0684X1w5XXDZJBOQ6YpYK3R/3IwhFoI54CSBKpGEwrskvVq sJ1xIfggc9LYXnKUe2cMbdWNl2ovKcQmqixMviF4T+bvOeoBPX031VTIARVmMy1W TkxT1FavS1bZdEzGYx73DwdI1Je+7n/UqwCpu3/0FuCUhxMKdDPB8Xw4GG6JwgWt 5gds5d6lGiZLMdu+fposLm9FQQPvy1UT8lONe2XVml7/Jag2o5pV08sv7abdIyi3 o0VzMWaDqIwVrSvW/gWcJVcH8kbLr3KWYZDQ5GEn8/FXIEUR5sWxhbUqe+jk10Gz YEzqGMlwFlui6RGrFp7tByp148AnWeiZRNrgoJOFBQ== =PtDr -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Tue Feb 26 15:16:17 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 26 Feb 2013 15:16:17 +0100 Subject: Revocation certificate creation In-Reply-To: <512CBAAD.2000002@enigmail.net> References: <000501ce104b$1c25e440$5471acc0$@net> <87y5eb6yzg.fsf@vigenere.g10code.de> <512CBAAD.2000002@enigmail.net> Message-ID: <5800152.IWyUTii1vM@inno> Am Di 26.02.2013, 14:37:49 schrieb Olav Seyfarth: > well, first it's just my opinion. Second, I'd vote for a hint _at least_. I am a big fan of hints, too. If these get improved / extended an option like --no-hints=all --no-hints=noencryptionkey,norevocationcertificate,... may be offered for those who feel bothered as a very easy, trivial to maintain feature. Or --no-long-hints=... in case the short texts get longer. These hints should contain the URL of the respective gnupg.org doc page, too. IIRC this is already done for non-cross signed signing subkeys. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Tue Feb 26 15:18:53 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 15:18:53 +0100 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: (pradeep kumar's message of "Tue, 26 Feb 2013 17:32:29 +0530") References: Message-ID: <87fw0j6tv6.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 13:02, epk14octster at gmail.com said: > But I want to pass this "y" key in the above command can you please help me > which option is exactly used to pass this "y" value in single command On the comamnd line or in a script? The option --batch disables the interactive mode and --yes answers "yes". Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Tue Feb 26 14:30:47 2013 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 26 Feb 2013 08:30:47 -0500 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: References: Message-ID: <512CB907.4070504@grant-olson.net> On 02/26/2013 07:02 AM, pradeep kumar wrote: > Hi, > > I was trying to encrypt the file and it asking me this question to use > this key anyway and after giving y then it is able to create to > .aasdfsdf(ASIIC) file. > > *gpg -ea -r xxx -u xxx -o .aasdfsdf * > > But I want to pass this "y" key in the above command can you please help > me which option is exactly used to pass this "y" value in single command > rather it asking after running the above original command. > If this is a key you use regularly, and you trust its authenticity, you can sign the key locally: gpg --lsign 0xDEADBEEF Then you won't get the prompt. -- Grant http://rubygems-openpgp-ca.org - Sign your gems. From mwood at IUPUI.Edu Tue Feb 26 15:29:43 2013 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 26 Feb 2013 09:29:43 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.8000300__36388.5639737875$1361584670$gmane$org@sixdemonbag.org> <512A6B64.2090100@sixdemonbag.org> <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> Message-ID: <20130226142943.GA30430@IUPUI.Edu> On Mon, Feb 25, 2013 at 05:10:01PM -0500, Anonymous wrote: [snip] > In the states, the trend of banks offering proprietary apps for > smartphones is snowballing. Banks what users to take their software > so bad they're offering free miles and contests to get customers to > take the bait. Such an app could embed an email client that does > everything the advanced users would do, and hide everything possible. > Such an app could even hide the email address, and hide the fact that > email is used at all, if they wanted. Heh, exactly why I won't take those app.s. [snip] > > Security doesn't directly generate revenue -- at best it indirectly > >facilitates it, but that's difficult to quantify and plug into a > >spreadsheet. That means security gets viewed as an overhead expense: > >something to be minimized at all costs. > > The cost of securing their webserver and all the flashy shit that they > compulsively upgrade on a regular basis cannot be cheap. > > A bank forward-thinking enough to cater to nerds with ssh for > transactions and openpgp for statements would spend the least amount > on security, and simultaneously achieve a more secure infrastructure > than the other banks who try to keep up with the latest web animation > tricks, and all the holes that this emerging junkware continues to > open. I imagine that there is another class of security at work here which, at some point, is still cheaper: buy insurance and just pay off the affected customers when something occasionally goes wrong. I can't point to any evidence, but it would seem to be the way that businesspeople think about security. Remember, from their viewpoint, they are securing *their business*, not ours. [snip] > >OpenPGP users account for probably less than a thousandth of all > >computer users. 99.9% of all banking users have no real desire to see > >OpenPGP used for their statement delivery. > > The average American has ~14 bank/credit card accounts. I shit you > not. So it's not just one account they must "go pickup" their > statement from. You could not make a convincing claim that only 0.01% > of Americans would appreciate their statements *delivered* > automatically. Careful: "would like their statements delivered automatically" vs. "have a desire to see OpenPGP used for statement delivery". > Many customers cannot cope with the manual effort of downloading all > their statements, so they simply don't. They see their balance and > send a payment, and let the statements rot online, and ultimately get > archived and cleaned off the server. That sounds like human nature, but I would be interested to see measurements if there are any. > Others resort to giving all their bank usernames and passwords to a > 3rd party whome they must trust, which downloads the statements for > them, and then offers yet another "pickup" service (yes, these users > must still login to a website, but at least it's 1 site and not 14). As above. We also have to consider the question of what the banks' lawyers will let them do, once they pick their jaws up off the floor. This is probably the origin of the closed, private email system locked away inside each bank's site. That is, perhaps, where one should work on acceptance of suitable encryption and signing. ("Suitable" including what will actually be used more or less correctly by a sufficient percentage of customers.) -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu There's an app for that: your browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mwood at IUPUI.Edu Tue Feb 26 15:43:26 2013 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 26 Feb 2013 09:43:26 -0500 Subject: Questions about OpenPGP best practices In-Reply-To: References: Message-ID: <20130226144326.GB30430@IUPUI.Edu> On Mon, Feb 25, 2013 at 05:54:34PM -0500, Peter Loshin wrote: > 3. On using a keyserver with HKPS support: when I attempt to connect > (via Chrome) to https://sks-keyservers.net/, I get an error headlined > "The site's security certificate is not trusted!", stating " the > server presented a certificate issued by an entity that is not trusted > by your computer's operating system." That service presents a self-signed certificate (I checked), which means that if you do not already have a copy of that cert. installed in your browser and marked trusted, then it cannot be verified. You would need to satisfy yourself that the certificate is genuine and the service trustworthy, and then install the certificate in your browser, in order to make the message go away. (Well, at least one would have to install the cert., whether one does any investigation or not. :-/ ) > 4. When I try to use hkps://sks-keyservers.net with GnuPG at the > command line, I get these messages: > > gpgkeys: HTTP post error 1: unsupported protocol > gpg: keyserver internal error > gpg: keyserver send failed: Keyserver error I have no idea about this one and I'm too lazy to go read the protocol documents. > And when I try the same with the domain name only (sks-keyservers.net) > I get these messages: > > : can't connect to `sks-keyservers.net': No route to host > gpgkeys: HTTP post error 7: couldn't connect: No route to host > gpg: keyserver internal error > gpg: keyserver send failed: Keyserver error The site doesn't want unencrypted connections, and they way they enforce this is by returning "no route" to requests for connection to port 80. I would have used "administratively prohibited", to give real users a clue, but they may be trying to be less visible to 'bots. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu There's an app for that: your browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From dougb at dougbarton.us Tue Feb 26 16:15:10 2013 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 26 Feb 2013 07:15:10 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512C8C22.6050104@digitalbrains.com> References: <512C5995.3040709@dougbarton.us> <512C8C22.6050104@digitalbrains.com> Message-ID: <512CD17E.1090001@dougbarton.us> On 02/26/2013 02:19 AM, Peter Lebbing wrote: > On 26/02/13 07:43, Doug Barton wrote: >> That worked for me, although I was a bit disappointed that placing the cert at >> /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the >> docs said it should. > > Please realise that if it would have worked, you would have installed that > sks-keyservers certificate authority as a system-wide certificate authority, and > your browser and other programs might[1] happily accept a certificate for your > e-mail provider or your banking site created and signed by the sks-keyservers CA. Yes, I actually understand PKI rather well, but thanks for the warning. :) I think Werner summed up my own thoughts rather well, so I'll leave it at that. Doug From dougb at dougbarton.us Tue Feb 26 16:38:56 2013 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 26 Feb 2013 07:38:56 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> Message-ID: <512CD710.2050109@dougbarton.us> I got a new error today: gpg: sending key 1A1ABC84 to hkp server pool.sks-keyservers.net gpgkeys: HTTP post error 22: The requested URL returned error: 417 Expectation Failed Never seen that one before. :) Overall the performance of the sks-keyservers pool has been great for me though. Thanks for all your hard work on this. Doug On 02/26/2013 01:21 AM, kristian.fiskerstrand at sumptuouscapital.com wrote: > Hi, and sorry for top posting. I'm on the road again, so only blackberry access for now. > > I would indeed like to get more feedback on the pools. My first question is whether you notice the same behavior when using the geographical pools (eu,na,oc,sa) that are optimized based on the methods described in the PDF article linked in the overview of pools. This typically works better due to lower network roundtrip and also takes into account reverse proxies in assigning weights. > > Hth From dougb at dougbarton.us Tue Feb 26 16:43:52 2013 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 26 Feb 2013 07:43:52 -0800 Subject: Possible to use GNUPGHOME as a variable inside gpg.conf? Message-ID: <512CD838.8070502@dougbarton.us> In pursuing the hpks:// issue further, I'm wondering if it would be possible to specify GNUPGHOME as a variable in the gpg.conf file so that I could use: keyserver-options ca-cert-file=$GNUPGHOME/ca.hkps.pool.sks-keyservers.net.cert Since I have to specify a path anyway, I was hoping to keep the cert with my conf file. Doug From wk at gnupg.org Tue Feb 26 19:02:34 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 19:02:34 +0100 Subject: Revocation certificate creation In-Reply-To: <5800152.IWyUTii1vM@inno> (Hauke Laging's message of "Tue, 26 Feb 2013 15:16:17 +0100") References: <000501ce104b$1c25e440$5471acc0$@net> <87y5eb6yzg.fsf@vigenere.g10code.de> <512CBAAD.2000002@enigmail.net> <5800152.IWyUTii1vM@inno> Message-ID: <87zjyr54xx.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 15:16, mailinglisten at hauke-laging.de said: > I am a big fan of hints, too. If these get improved / extended an option like > --no-hints=all Well, we have the --expert option. If it is used we could assume that a hint is not required. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Feb 26 18:58:04 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Feb 2013 18:58:04 +0100 Subject: [Announce] GPGME 1.4.0 released Message-ID: <874ngz6jpv.fsf@vigenere.g10code.de> Hello! I am pleased to announce version 1.4.0 of GPGME. GnuPG Made Easy (GPGME) is a C language library that allows to add support for cryptography to a program. It is designed to make access to public key crypto engines as included in GnuPG easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management. Noteworthy changes in version 1.4.0 are: * New function gpgme_set_global_flag to help debugging on Android. * New function gpgme_io_writen as a convenience wrapper around gpgme_io_write. * New functions to support the pinentry mode feature of GnuPG 2.1. * New macro GPGME_VERSION_NUMBER to allow supporting different API versions without the need for a configure test. * Several improvements for gpgme-tool. * Better logging of the common "invalid engine" error code. * Support for FD passing is now enabled by default. The configure option --disable-fd-passing may be used to disable this. * Interface changes relative to the 1.3.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_VERSION_NUMBER NEW. gpgme_io_writen NEW. gpgme_set_global_flag NEW. gpgme_set_pinentry_mode NEW. gpgme_get_pinentry_mode NEW. gpgme_pinentry_mode_t NEW. GPGME_PINENTRY_MODE_DEFAULT NEW. GPGME_PINENTRY_MODE_ASK NEW. GPGME_PINENTRY_MODE_CANCEL NEW. GPGME_PINENTRY_MODE_ERROR NEW. GPGME_PINENTRY_MODE_LOOPBACK NEW. You may download this library and its OpenPGP signature from: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.0.tar.bz2 (935k) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.0.tar.bz2.sig GZIP compressed tarballs are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.0.tar.gz (1183k) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.0.tar.gz.sig As an alternative you may use a patch file to upgrade the previous version of the library: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.2-1.4.0.diff.bz2 (255k) SHA-1 checksums are: 897e36c1d3f6595d69fb37c820aaa162daa0e369 gpgme-1.4.0.tar.bz2 d91fde8377cc7da7e8897fd1a2ed767bba6bf71d gpgme-1.4.0.tar.gz 215961b0780916612a9c08ef88f92e113a3e0b51 gpgme-1.3.2-1.4.0.diff.bz2 Thanks to W. Trevor King for his contributions to gpgme-tool and to all others who reported and fixed bugs and portability issues. A big THANK YOU goes to my former colleague Marcus Brinkmann: He maintained GPGME for more than a decade and helped to turn it into the standard API for GnuPG. Please send questions regarding the use of GPGME to the gnupg-devel mailing list: http://lists.gnupg.org/mailman/listinfo/gnupg-devel If you need commercial support, you may want to consult this listing: http://www.gnupg.org/service.html The driving force behind the development of the GnuPG system is my company g10 Code. Maintenance and improvement of GnuPG and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://g10code.com/gnupg-donation.html Happy hacking, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dkg at fifthhorseman.net Tue Feb 26 19:36:38 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 26 Feb 2013 10:36:38 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <20130226144326.GB30430@IUPUI.Edu> References: <20130226144326.GB30430@IUPUI.Edu> Message-ID: <512D00B6.4040007@fifthhorseman.net> On 02/26/2013 06:43 AM, Mark H. Wood wrote: > That service presents a self-signed certificate (I checked), which > means that if you do not already have a copy of that cert. installed in > your browser and marked trusted, then it cannot be verified. This is not correct. As noted on the web site [0], the public key associated with the X.509 certificate can be verified through the OpenPGP web of trust. It is certified by Kristian's own personal key. If you know Kristian's personal key, you can verify the web site's certificate on a debian system by using the msva-perl and xul-ext-monkeysphere and iceweasel packages. hth, --dkg [0] http://sks-keyservers.net/verify_tls.php and https://sks-keyservers.net/verify_tls.php -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From mixmaster at remailer.privacy.at Tue Feb 26 19:04:32 2013 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Tue, 26 Feb 2013 19:04:32 +0100 (CET) Subject: key length for smart card key generation Message-ID: Hello, I am able to use the gpg2 --edit-card to generate a 2048 bit secret key on the card and the stub in the local key ring. Encrypt/Decrypt functionality seems to be working. I read two other old posts on this list that seem to indicate that this is all gnupg supports: * You cannot import existing secret keys to the card * You cannot choose different key lengths for the keys Is that correct? Do I need to use a different tool to put 4096 bit keys on my card? Can anyone recommend which (free/linux/unix) tool to use to manage keys on the smart card? (When I try to use the gpg2 --edit-key, and then keytocard, I get an error saying importing keys is not supported). Thanks From wk at gnupg.org Wed Feb 27 10:06:25 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 27 Feb 2013 10:06:25 +0100 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: (pradeep kumar's message of "Wed, 27 Feb 2013 12:29:04 +0530") References: <87fw0j6tv6.fsf@vigenere.g10code.de> Message-ID: <87621e5dny.fsf@vigenere.g10code.de> On Wed, 27 Feb 2013 07:59, epk14octster at gmail.com said: > I have tried using the --batch--yes and could not be to get the exact --batch and --yes are separate options not one. Please see the man page for details. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From epk14octster at gmail.com Wed Feb 27 07:59:04 2013 From: epk14octster at gmail.com (pradeep kumar) Date: Wed, 27 Feb 2013 12:29:04 +0530 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: <87fw0j6tv6.fsf@vigenere.g10code.de> References: <87fw0j6tv6.fsf@vigenere.g10code.de> Message-ID: Hi Werner, Thanks for reply and I want this option to be in the command line and I am using this command to run in different tool and when I am running it is waiting for yes option. Can you please give me the exact command which should not prompt me to enter the "y". *gpg -ea -r abacd -u abcd -o D:\TEST.enc D:\TEST.txt* I have tried using the --batch--yes and could not be to get the exact syntax and getting either errors or again asking for "y". Thanks Pradeep On Tue, Feb 26, 2013 at 7:48 PM, Werner Koch wrote: > On Tue, 26 Feb 2013 13:02, epk14octster at gmail.com said: > > > But I want to pass this "y" key in the above command can you please help > me > > which option is exactly used to pass this "y" value in single command > > On the comamnd line or in a script? > > The option --batch disables the interactive mode and --yes answers > "yes". > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From josef at netpage.dk Wed Feb 27 12:03:22 2013 From: josef at netpage.dk (Josef Schneider) Date: Wed, 27 Feb 2013 12:03:22 +0100 Subject: key length for smart card key generation In-Reply-To: References: Message-ID: Hello, with the current version of GPG 2 you can import 4096bit keys to a OpenPGP smartcard version 2.0. There is a bug in GPG2 that prevents it from decrypting data with a key longer than 3072bit on a OpenPGP smartcard. This should be fixed in the GIT repository. AFAIK a version 1 card doesn't support keys longer than 1024bit! "gpg --card-status" should tell you which version you have. Best regards, Josef Schneider On Tue, Feb 26, 2013 at 7:04 PM, Anonymous Remailer (austria) wrote: > > > > Hello, > > I am able to use the gpg2 --edit-card to generate a 2048 bit secret key > on the card and the stub in the local key ring. Encrypt/Decrypt > functionality seems to be working. > > I read two other old posts on this list that seem to indicate that this > is all gnupg supports: > * You cannot import existing secret keys to the card > * You cannot choose different key lengths for the keys > > Is that correct? Do I need to use a different tool to put 4096 bit > keys on my card? Can anyone recommend which (free/linux/unix) tool to use to > manage keys on the smart card? > > (When I try to use the gpg2 --edit-key, and then keytocard, I get an > error saying importing keys is not supported). > > Thanks > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From niels at dest-unreach.be Wed Feb 27 14:00:35 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Wed, 27 Feb 2013 14:00:35 +0100 Subject: OpenPGP card reset procedure Message-ID: <512E0373.1040503@dest-unreach.be> Hi, I'm not sure if this is the right list for this question, but since Werner is on this list and given his reputation, I'd give it a shot. I'm trying to understand how the card-reset procedure works on OpenPGP 2.0 cards. No particular need, just because I'm curious. >From what I understand, the procedure first locks the User PIN by sending 4 VERIFY-commands with the same (wrong) PINcode. It next locks the Admin PIN using a similar procedure. But then: > scd apdu 00 e6 00 00 D[0000] 90 00 .. OK > scd apdu 00 44 00 00 D[0000] 90 00 .. OK According to my understanding, this will ACTIVATE FILE, and next TERMINATE DF. While the spec seems to indicate the reverse should be done: TERMINATE DF: > The command puts the applica- > tion into the termination state. > After termination only SELECT > FILE and ACTIVATE FILE are > available Either way, the procedure (with first ACTIVATE and next TERMINATE) seems to work, I just don't understand how... Thx, Niels From wk at gnupg.org Wed Feb 27 15:14:23 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 27 Feb 2013 15:14:23 +0100 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: (pradeep kumar's message of "Wed, 27 Feb 2013 16:01:22 +0530") References: <87fw0j6tv6.fsf@vigenere.g10code.de> <87621e5dny.fsf@vigenere.g10code.de> Message-ID: <87mwup4zeo.fsf@vigenere.g10code.de> On Wed, 27 Feb 2013 11:31, epk14octster at gmail.com said: > [image: Inline image 1] Please don't send an image. Transscript the content. You may also copy and paste it from a Windows shell. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From epk14octster at gmail.com Wed Feb 27 11:31:22 2013 From: epk14octster at gmail.com (pradeep kumar) Date: Wed, 27 Feb 2013 16:01:22 +0530 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: <87621e5dny.fsf@vigenere.g10code.de> References: <87fw0j6tv6.fsf@vigenere.g10code.de> <87621e5dny.fsf@vigenere.g10code.de> Message-ID: Hi Werner, Yes I have used both the commands as separate but when I am trying to run command I am getting the below error can you please let me know how to eliminate this. [image: Inline image 1] But I can able to encrypt the files normally after asking "y" option. Thanks Pradeep On Wed, Feb 27, 2013 at 2:36 PM, Werner Koch wrote: > On Wed, 27 Feb 2013 07:59, epk14octster at gmail.com said: > > > I have tried using the --batch--yes and could not be to get the exact > > --batch and --yes are separate options not one. Please see the man page > for details. > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 36435 bytes Desc: not available URL: From John at enigmail.net Wed Feb 27 16:55:43 2013 From: John at enigmail.net (John Clizbe) Date: Wed, 27 Feb 2013 09:55:43 -0600 Subject: what is the option for "Use this key anyway? (y/N) y" In-Reply-To: References: <87fw0j6tv6.fsf@vigenere.g10code.de> <87621e5dny.fsf@vigenere.g10code.de> Message-ID: <512E2C7F.1090507@enigmail.net> pradeep kumar wrote: > Hi Werner, > > Yes I have used both the commands as separate but when I am trying to run > command I am getting the below error can you please let me know how to > eliminate this. > > Inline image 1 > > But I can able to encrypt the files normally after asking "y" option. Try rearranging the command line so that the options follow the actions gpg -ea -r 0xdecafbad -u 0xdeadbeef -- batch --yes -o file.enc file.txt not fond of doing it, but Windows understands piping so you could do echo Y | gpg... -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 498 bytes Desc: OpenPGP digital signature URL: From casey.marshall at gmail.com Wed Feb 27 17:01:39 2013 From: casey.marshall at gmail.com (Casey Marshall) Date: Wed, 27 Feb 2013 10:01:39 -0600 Subject: GnuPG future timestamp checks and security Message-ID: I'm considering ignoring the time checks (--ignore-time-conflict, --ignore-valid-from) due to clock drift being a common problem in my application. What was the motivation for adding the timestamp checks? Specifically, are there security implications to disabling them I should be concerned about? Thanks, Casey From jtreinen at gmail.com Wed Feb 27 20:57:38 2013 From: jtreinen at gmail.com (Jim Treinen) Date: Wed, 27 Feb 2013 12:57:38 -0700 Subject: Philosophical Question Regarding OpenPGP Message-ID: Hello everyone, I have a general philosophical question regarding OpenPGP implementations, and I'm hoping that this is an appropriate place to ask it. When it comes to the most actively maintained implementations, it seems that GPG, and GPGME as an API are the de-facto standards. Correspondingly, libgrcrypt seems to be one of the best choices for using a lower level library to provide quality crypto primitives. Observing the standard "thou shalt not roll thine own crypto" philosophy, I have an ongoing dialog with one of my colleagues regarding the risks around implementing a library that would take the output from something like libgcrypt and format it in compliance with the OpenPGP RFC. I have looked around and seen some efforts at doing this (e.g. http://www.cypherspace.org/openpgp/zerucha/ ). The question I pose is this: Given the inherent risks in rolling your own crypto primitives, is there equal risk in terms of say, attempting to secure private keys that are generated using libgcrypt and storing them in an OpenPGP message format. It seems to me that there is tremendous risk here in terms of implementation details, but I'm unable to put my finger on exactly what it is. If anybody has thoughts on this topic, I'd love to hear them. I apologize if this is not an appropriate forum for these types of questions. Jim. -------------- next part -------------- An HTML attachment was scrubbed... URL: From niels at dest-unreach.be Thu Feb 28 09:12:50 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 28 Feb 2013 09:12:50 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130227235027.GB16276@redoubt.spodhuis.org> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> Message-ID: <512F1182.7080700@dest-unreach.be> Thanks Phil for the very clear summary of the problem! On 2013-02-28 00:50, Phil Pennock wrote: > The best fix is to use gpg with a real cURL library. I'm currently using a downloaded binary from gpgtools.org. I don't see libcurl in the list of shared objects used by the binary (otool -L, Mac's equivalent to ldd), so I assume gpg was build without libcurl support and I need to build a gpg2 myself. Am I correct? > So: > (1) there's a corner-case interaction of TCP/HTTP and half-closes > (2) there's a build work-around for end-sites of the client software > (3) there's a code change for the client software that avoids the issue > (4) we're working on server configuration fixes to avoid the issue too > > (4) is the only thing that will help currently deployed software bases. > (3) is the only thing that will keep the issue reliably fixed going > forward. > (2) means people encountering it can work around it now. > (1) sucks, because I for one like the signalling done and the model used > in TCP and used by the GnuPG developers. It's very clear, "we're > not going to send anything else". Unfortunately, it's causing > real-world interoperability issues. :-( I agree with your sentiment on (1). TCP clearly states that this is the expected behavior (quote from RFC793 section 3.5): > CLOSE is an operation meaning "I have no more data to send." The > notion of closing a full-duplex connection is subject to ambiguous > interpretation, of course, since it may not be obvious how to treat > the receiving side of the connection. We have chosen to treat CLOSE > in a simplex fashion. The user who CLOSEs may continue to RECEIVE > until he is told that the other side has CLOSED also. Thus, a program > could initiate several SENDs followed by a CLOSE, and then continue to > RECEIVE until signaled that a RECEIVE failed because the other side > has CLOSED. (2) does require a recompile of the binary. I don't mind compiling from source, but I think a lot of users won't go further than downloading binaries. (3) will solve thing in the future. Is someone already working on a patch? Since my options are (a) live with the problem or (b) compile a fixed version, I can just as well patch and compile the curl-shim-part. (4) is obviously the best solution from a user perspective, and combined with my (and Phil's) view on (1), also the "right" solution. Niels -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 906 bytes Desc: OpenPGP digital signature URL: From niels at dest-unreach.be Thu Feb 28 10:06:27 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Thu, 28 Feb 2013 10:06:27 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130228083610.GA23455@redoubt.spodhuis.org> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> Message-ID: <512F1E13.3010004@dest-unreach.be> On 2013-02-28 09:36, Phil Pennock wrote: > On 2013-02-28 at 09:12 +0100, Niels Laukens wrote: >> On 2013-02-28 00:50, Phil Pennock wrote: >>> The best fix is to use gpg with a real cURL library. >> >> I'm currently using a downloaded binary from gpgtools.org. I don't see >> libcurl in the list of shared objects used by the binary (otool -L, >> Mac's equivalent to ldd), so I assume gpg was build without libcurl >> support and I need to build a gpg2 myself. Am I correct? > > Or use gpg 1. This is a workable workaround for me. >> I agree with your sentiment on (1). TCP clearly states that this is the >> expected behavior (quote from RFC793 section 3.5): > > Standards say one thing, real world experience says another. I agree. (Just for completeness: I don't mind changing behavior from "standard-compliant" to "real-world working" as long as the latter is still standard-compliant. Which is the case for this discussion) >> (3) will solve thing in the future. Is someone already working on a >> patch? Since my options are (a) live with the problem or (b) compile a >> fixed version, I can just as well patch and compile the curl-shim-part. > > The GnuPG folks have a patch in tree, they just need to port it across > from the 1.4 branch to the 2.0 branch. I'll keep an eye on the mentioned bug report for progress Thanks! Niels From sks-devel-phil at spodhuis.org Thu Feb 28 00:50:27 2013 From: sks-devel-phil at spodhuis.org (Phil Pennock) Date: Wed, 27 Feb 2013 18:50:27 -0500 Subject: [Sks-devel] pool.sks-keyservers.net issues (was: Questions about OpenPGP best practices) In-Reply-To: <512DD873.7000507@dest-unreach.be> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> Message-ID: <20130227235027.GB16276@redoubt.spodhuis.org> On 2013-02-27 at 10:57 +0100, Niels Laukens wrote: > Apologies for cross-posting to both mailing lists, but since I got > replies via both ways I feel this is the easiest way to sync them. Current status: Kristian and I have debugged and he found the core issue. If I load down my server, we can sometimes see my server with the same symptom, so it's timing-sensitive. It is the half-close you saw: GnuPG with curl-shim is the only thing doing this and it's the common factor. nginx as a proxy will drop the request if it sees the connection half-closed before it passes the request onto the backend. Half-closing an HTTP request connection is into a very grey area of the HTTP specification, with some strong opinions all around based on "it's classic TCP" to "it's not in HTTP", etc. The nginx authors think it's a problem to allow it. There's a proxy_ignore_client_abort option for nginx, which is broken at various times in the nginx source tree. The best fix is to use gpg with a real cURL library. Separately, for maximum compatibility, gnupg's curl-shim should stop half-closing the TCP connections used, and behave more like curl does. Separately from that, we're trying to find ways to configure nginx and establish a best-practice configuration which avoids exposing this issue. So: (1) there's a corner-case interaction of TCP/HTTP and half-closes (2) there's a build work-around for end-sites of the client software (3) there's a code change for the client software that avoids the issue (4) we're working on server configuration fixes to avoid the issue too (4) is the only thing that will help currently deployed software bases. (3) is the only thing that will keep the issue reliably fixed going forward. (2) means people encountering it can work around it now. (1) sucks, because I for one like the signalling done and the model used in TCP and used by the GnuPG developers. It's very clear, "we're not going to send anything else". Unfortunately, it's causing real-world interoperability issues. :-( -Phil -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 163 bytes Desc: not available URL: From nobody at remailer.paranoici.org Wed Feb 27 22:58:27 2013 From: nobody at remailer.paranoici.org (Anonymous) Date: Wed, 27 Feb 2013 21:58:27 +0000 (UTC) Subject: key length for smart card key generation In-Reply-To: References: Message-ID: On Wed, 27 Feb 2013 12:03:22 +0100 Josef Schneider wrote: > Hello, > with the current version of GPG 2 you can import 4096bit keys to a > OpenPGP smartcard version 2.0. > There is a bug in GPG2 that prevents it from decrypting data with a > key longer than 3072bit on a OpenPGP smartcard. This should be fixed > in the GIT repository. > AFAIK a version 1 card doesn't support keys longer than 1024bit! "gpg > --card-status" should tell you which version you have. > > Thanks for the information. So I should be able to import the key...but not use it unless it is 3072 bits or less? I run gpg2 --card-status, and I get a lot of information, but I don't see an entry "OpenPGP version." What I do see is a field "Version:" which says "11.11". From sks-devel-phil at spodhuis.org Thu Feb 28 09:36:11 2013 From: sks-devel-phil at spodhuis.org (Phil Pennock) Date: Thu, 28 Feb 2013 03:36:11 -0500 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512F1182.7080700@dest-unreach.be> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> Message-ID: <20130228083610.GA23455@redoubt.spodhuis.org> On 2013-02-28 at 09:12 +0100, Niels Laukens wrote: > On 2013-02-28 00:50, Phil Pennock wrote: > > The best fix is to use gpg with a real cURL library. > > I'm currently using a downloaded binary from gpgtools.org. I don't see > libcurl in the list of shared objects used by the binary (otool -L, > Mac's equivalent to ldd), so I assume gpg was build without libcurl > support and I need to build a gpg2 myself. Am I correct? Or use gpg 1. Discussion on gnupg-devel points out that my https://bugs.g10code.com/gnupg/issue1479 bug is a dup of https://bugs.g10code.com/gnupg/issue739 fixed in 2007. The same issue was fixed for GnuPG 1.4.x, but not fixed for GnuPG 2.x. > I agree with your sentiment on (1). TCP clearly states that this is the > expected behavior (quote from RFC793 section 3.5): Standards say one thing, real world experience says another. The nginx folks note that they couldn't tell apart "closed for sending" from "closed entirely", so they just treat the FIN as a sign of an aborted connection. > (2) does require a recompile of the binary. I don't mind compiling from > source, but I think a lot of users won't go further than downloading > binaries. Download a gpg 1.4.x binary. > (3) will solve thing in the future. Is someone already working on a > patch? Since my options are (a) live with the problem or (b) compile a > fixed version, I can just as well patch and compile the curl-shim-part. The GnuPG folks have a patch in tree, they just need to port it across from the 1.4 branch to the 2.0 branch. > (4) is obviously the best solution from a user perspective, and combined > with my (and Phil's) view on (1), also the "right" solution. Unfortunately, it looks as though nginx has broken the "proxy_ignore_client_abort on" directive: it doesn't work. If it did work, I wouldn't now be able to reliably trigger the bug. I built gpg2 with the curl-shim on a friend's box in the same colo network, so it's one unrouted ethernet hop away from my keyserver setup. With this, I can now trigger it pretty consistently. I've just bumped my nginx from 1.3.12 to 1.3.13 and the problem persists. -Phil From dougb at dougbarton.us Thu Feb 28 18:35:16 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 28 Feb 2013 09:35:16 -0800 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130228083610.GA23455@redoubt.spodhuis.org> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> Message-ID: <512F9554.60900@dougbarton.us> Phil, Could this curl issue be the cause of this error that I've been seeing the last few days: gpg: sending key 1A1ABC84 to hkp server pool.sks-keyservers.net gpgkeys: HTTP post error 22: The requested URL returned error: 417 Expectation Failed gpg: sending key D5B2F0FB to hkp server pool.sks-keyservers.net gpgkeys: HTTP post error 22: The requested URL returned error: 417 Expectation Failed gpg: keyserver internal error gpg: keyserver send failed: Keyserver error Based on your post I tried GnuPG 1 with that same keyserver and it worked fine. Doug From dougb at dougbarton.us Thu Feb 28 19:01:30 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 28 Feb 2013 10:01:30 -0800 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512F976C.3080101@sumptuouscapital.com> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> Message-ID: <512F9B7A.8050605@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/28/2013 09:44 AM, Kristian Fiskerstrand wrote: | Hi Doug, | | | On 02/28/2013 06:35 PM, Doug Barton wrote: |> Phil, | |> Could this curl issue be the cause of this error that I've been |> seeing the last few days: | |> gpg: sending key 1A1ABC84 to hkp server pool.sks-keyservers.net |> gpgkeys: HTTP post error 22: The requested URL returned error: |> 417 Expectation Failed | | | The 417 return code is typically used by a reverse proxy if the | backend (i.e. SKS) is non-responsive, so intuitively that is a | separate matter. Please add --keyserver-options verbose,debug to | see if you're talking to different servers. Yes, I'm talking to different servers (as would be expected). Just tried it a few times ... 2001:470:1f09:5e7::2 worked 2001:470:1f0a:5d7::2 failed In any case thanks for clarifying the cause of the error ... it's just hard to debug without putting those options in first obviously, and with those options the output is very noisy. GnuPG folks, would it be possible to add a keyserver-option to show the IP address of the server connected to? I could live with that full time, and it would make reporting errors a lot easier. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRL5t6AAoJEFzGhvEaGryEOhEIAM3M29gBHr2Y855kJxuw9b+F j+kPmf+zTEBERWo7H4if+qBQ54jdubQ06G96ejYd7f+4kMlP7+KycB0kOWWBdRH0 J/w8VyYzaVVKLIi6QudzpuZ8g3SYz4auVoOjwSBYWUX3d9RUHgajpYgVaZIIEs9n RqCUrf6PdBgR08bOYX/jXRiaBqTdTCgQkzRd06hgjY0i+jo3AfJJuqdwKnGerZyi CE8AF8FfY2eIBxS1tmnA6S6tPiN080Xj+oWGA0t3B91hSGBLCJGFYe0OdJDlkM/1 A129MHfYqHVnzH1CCPITkb+v6r00RcqwkHOtt18ZH+CrUHBMz+ehTTsfqq5Tvpk= =U6+f -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Thu Feb 28 19:23:01 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 28 Feb 2013 19:23:01 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512F9B7A.8050605@dougbarton.us> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> Message-ID: <512FA085.6050008@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/28/2013 07:01 PM, Doug Barton wrote: > On 02/28/2013 09:44 AM, Kristian Fiskerstrand wrote: | Hi Doug, | > ... > Yes, I'm talking to different servers (as would be expected). Just > tried it a few times ... > At least that explains it. For what it is worth both of those servers are working for me now. I'd typically expect this response while the server is running its statistics update. I notice that the last stats update on the server you had issues with was at 19:03 CET, so just about 20 minutes ago. Hopefully both are working for you as well now. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Veni vidi velcro I came, I saw, I got stuck -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta145 (GNU/Linux) iQIcBAEBCAAGBQJRL6CFAAoJEAt/i2Dj7frjfWYP/2z4ttKRH5eavUm4EKT91X8K ABA6cIrpwkMABjN4GOY/W5pfBIz1GcCEBCyB+XnpljZ8xYrHFMVSk/iauEMRdBn/ 98rRWVWpLS17EhR7pJzF+qBsn1SR5wY1CUqDnkhAN1L8gxLDgmZZOJTMw4QY0aSa SDGu3sNHUBUrz2vca2zKwtknlZTSPSfYsmvvPAfpvCODuoWMqT9nSUE4hENUYisR gvqf/0ALbzNpHmCJfbRWdcxmfoCASWBhXw9xhO2Fm9S3U2YyrJswUWmOZYmx/pph BggPZDeii4TYUw+2LU6m8497biPAqY0zBEOzffw9ZX0ZpoTi3138D8d+5+KecSQr QGf1xoBb565ywSfPK6wdVKlxXorR8Afaa8bSLHqnnyEkTU+Xe12YKQSrCP5zeMVo flhQtv3mI+qT2NeQMscfED+tSFh8I0I1mY+/2wNoWsrh6rCFuG18sFJSBvMOI3qD 7140QhksM3gX2Z8484SHTbRkNyJkpgpmy7pZIV7eYGGrs9GOJW1FZQYlNhTtXYh5 pTXAu/cpmjWofEMywZ8zXkijwZnjmLqk0ItYSPfS2NlTSmvBtTq5ALIRpGcmN9qZ i/rRJbM0fBU17Y0Qfzz/YYb68LF5wTlQQ1sAKu8ta8aeK2RoT5KU3Oj0ofzR1FJH hTVUoeOWbbgi60fyfOFJ =n8oh -----END PGP SIGNATURE----- From dougb at dougbarton.us Thu Feb 28 19:27:47 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 28 Feb 2013 10:27:47 -0800 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512FA085.6050008@sumptuouscapital.com> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> <512FA085.6050008@sumptuouscapital.com> Message-ID: <512FA1A3.9030701@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/28/2013 10:23 AM, Kristian Fiskerstrand wrote: | On 02/28/2013 07:01 PM, Doug Barton wrote: |> On 02/28/2013 09:44 AM, Kristian Fiskerstrand wrote: | Hi Doug, |> | | | | ... | |> Yes, I'm talking to different servers (as would be expected). |> Just tried it a few times ... | | | At least that explains it. For what it is worth both of those | servers are working for me now. I'd typically expect this response | while the server is running its statistics update. I notice that | the last stats update on the server you had issues with was at | 19:03 CET, so just about 20 minutes ago. Hopefully both are working | for you as well now. ~From your description I suspected that it was probably load related, so that's understandable. My concern is that I'm seeing that error way more often than not when sending keys over the last few days, and I don't remember ever seeing it before. OTOH, I recently attended a key signing party with over 40 participants, so I have been busy pulling down other people's keys, and uploading mine when new signatures come in, so I've been hitting the servers harder than usual. Sounds like I'm just getting unlucky? Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRL6GjAAoJEFzGhvEaGryE77wIAKFYkkYbqJ1RzTi0KrC9Luzs q8a2/gToWdR7+dDLWyd/rxeLT84YSCX71IPDYIaE4zUVh6sDQ2TqVf8dGdjL8mTS ys0Oz1tXRbxi6W0s+6tsBgmAm37DxN0mROw81OI65OC0sc747/8++5tyRx48m2SC WLy9PJ3/8Dt0qe3C2T/SiszllAS1cJFnKjqyNOs6ousObj12zSuqiFKkt1G6huzc XbwVs9u/aZIBmUwGwcP8YpOPiHe+q05CQGIWfXLkdyGn3mnKMx8rgQEBZzdaXLMG HMFMsBXF96q/PjvvYaDE59enMvOxbwlmycHTmHmnBDIRAYA3fNGntpeVBaOZtC4= =2F5Y -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Thu Feb 28 18:44:12 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 28 Feb 2013 18:44:12 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512F9554.60900@dougbarton.us> References: <512C5B78.5060907@fifthhorseman.net> <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> Message-ID: <512F976C.3080101@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Doug, On 02/28/2013 06:35 PM, Doug Barton wrote: > Phil, > > Could this curl issue be the cause of this error that I've been > seeing the last few days: > > gpg: sending key 1A1ABC84 to hkp server pool.sks-keyservers.net > gpgkeys: HTTP post error 22: The requested URL returned error: 417 > Expectation Failed The 417 return code is typically used by a reverse proxy if the backend (i.e. SKS) is non-responsive, so intuitively that is a separate matter. Please add --keyserver-options verbose,debug to see if you're talking to different servers. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta145 (GNU/Linux) iQIcBAEBCAAGBQJRL5dsAAoJEAt/i2Dj7frjcaQQAKeYkzTGh6h8X+iaIvTcCtz8 DK722PEgEH2l9nFpi0JAd8fp8FimmtJXQK0thW3NNW95Atf8LfV7Eeg67KFaqw0v PCCsOVIifDsNYheJ4eJ59G2HWljVXmCBTTm+3/F6uPTOyKNf/Puyya7TrJiIGVOs rtEiWJEoIP8y2N4Nh4Kgur64menvyErMaFQZOZrrR90IeOBQyAyJEB2tPspuM/qk iEbyNnxF4CsAJJWhpPlth3u81Qu6Qx6iX97nnZyilGf53KFM02JSP246rvuw8Px1 tWEK5CeEe/Z60Uxpcvg1YKnsjvihmSXR3arNgCoqkV+HsoZIToQz8F/DbTxwNbvw 3moZhqr08xklAcXdjmT3fwy5n7PXmLRl5kppWQMV9fcuNhxMS2Ppxk32OvxBAx6W eyc3ve4UvW6yFhBiELnOEqgVB1EiPA+lrW8Mv0P6hNO5eAxTRbmq0AGiMReRNkAd Hu/fLcJ70/e2sia/QvmpfejZK+NflzKfFE1sZjiEE8+JdsiNvvvh/8NkepuOSABo eolGwFsx4F67fOEO+tc090L3Xygy+Qd6Or7IemYEqttOWgp5vBVBVkKJD4oHePM1 S59N9V4IoN+OwZH8Q7jrIVQ8abRxXZEMr+n1wGUYpNqqpSoUUcaOCnV8CJBD5Tz3 bgFLLYOnzjKdgXuh13hh =BRke -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Thu Feb 28 18:33:11 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 28 Feb 2013 18:33:11 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <20130226144326.GB30430@IUPUI.Edu> References: <20130226144326.GB30430@IUPUI.Edu> Message-ID: <512F94D7.7000505@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Mark, A belated answer to this email, as I'm reading through the backlog of emails. On 02/26/2013 03:43 PM, Mark H. Wood wrote: > On Mon, Feb 25, 2013 at 05:54:34PM -0500, Peter Loshin wrote: >> 3. On using a keyserver with HKPS support: when I attempt to >> connect (via Chrome) to https://sks-keyservers.net/, I get an >> error headlined "The site's security certificate is not >> trusted!", stating " the server presented a certificate issued by >> an entity that is not trusted by your computer's operating >> system." ... this part is already answered by Daniel, for a service that specifically targets the OpenPGP community, I consider using the OpenPGP WoT more appropriate than any CA Corporation. >> 4. When I try to use hkps://sks-keyservers.net with GnuPG at the >> command line, I get these messages: Note that you're trying to connect to my webserver, all the pools are under the "pool" subdomain. HKPS defaults to port 443 and as such this request correspond to the HTTPS enabled website. >> And when I try the same with the domain name only >> (sks-keyservers.net) I get these messages: ... >> >> : can't connect to `sks-keyservers.net': No route to host >> gpgkeys: HTTP post error 7: couldn't connect: No route to host >> gpg: keyserver internal error gpg: keyserver send failed: >> Keyserver error > > The site doesn't want unencrypted connections, and they way they > enforce this is by returning "no route" to requests for connection > to port 80. I would have used "administratively prohibited", to > give real users a clue, but they may be trying to be less visible > to 'bots. > See above, you're trying to talk to my webserver rather than any SKS server, this time on port 11371. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta145 (GNU/Linux) iQIcBAEBCAAGBQJRL5TKAAoJEAt/i2Dj7frjBUAP/191bZD/sPPBAlZWkrtrynS4 9UCYBDnayKNTJ+rKVIW6l29BPpfl0MoJNA1F8DIil6HkYiDilmqT5g77Zd/VZgmn u0g7sdUUT1XNWzXfqhha/d3spoRRfORdIEX94c/pga35+f+emxNzD3mfYTJJaIHa gJUG/zIYUmZZUNYJCEmw908qo9H6DYckx1vi6S6nDAk9AuXL2NeAqyazsWycwTQX ebBRdfWOKs7KAs827MDmGNv1XmgRHmRaGf96l0x/4J/zdcd3dtWCafJ15yMcc3Mj q+wP4IUEIahGJ9Vq/UyuQa4g4XA/g5bCN/p+2Tn/hxoEAz+8FN2WFh8+33JZ5TpL AjGi1UqpwnF2clH6XqLnKv1QMpw2FeZTalaITxnB/gqHvSYLp4oc9L9YAsMsWrtm Z9X8b2oo6DTROUUlSQMUehQmBL6Gs1mBNYs/vKacjYxyrTL0E0m/SpWi6+IUej2N OxiXXbT5IWSRmAcJjgA81NUNOg4fPkYKZHzBw9okgm0GG9dT45cw36/ZGMK2uuaJ cQZOIt3UsmlmDQvbxxQIBz2EWuoMpSDpjiQjZX2LEq3pdkKwr8l6wuBIWuYBzAzI HNuv4pro6YEH61VpJ8rkjYz49ROmBb91gYI22r6Jl5jI0huO+w868dk7w1qoNqkO vWFqzN3JTvF62N21jYz4 =EopU -----END PGP SIGNATURE----- From peter at digitalbrains.com Thu Feb 28 22:34:45 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 28 Feb 2013 22:34:45 +0100 Subject: key length for smart card key generation In-Reply-To: References: Message-ID: <512FCD75.2070206@digitalbrains.com> On 27/02/13 22:58, Anonymous wrote: > So I should be able to import the key...but not use it unless it is > 3072 bits or less? If we're all talking about RSA here, I think so. > I run gpg2 --card-status, and I get a lot of information, but I don't > see an entry "OpenPGP version." What I do see is a field "Version:" > which says "11.11". Second line of the output for me: > Application ID ...: D2760001240102[snip] > Version ..........: 2.0 ^^^^^^^ > Manufacturer .....: ZeitControl > Serial number ....: [snip] > Name of cardholder: Peter Lebbing > Language prefs ...: en > Sex ..............: yes, please > URL of public key : [not set] > Login data .......: [not set] > Signature PIN ....: forced > Key attributes ...: 2048R 2048R 2048R > Max. PIN lengths .: 32 32 32 > PIN retry counter : 3 0 3 > Signature counter : [snip] > Signature key ....: 6500 8DC2 20AA E2A2 574D 6CD5 969E 018F DE6C DCA1 > created ....: [snip] > Encryption key....: 2E0F 8C51 BC77 58A3 3795 79D9 26F7 563E 73A3 3BEE > created ....: [snip] > Authentication key: [none] BTW, the Application ID includes the unique serial number. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at