From kristian.fiskerstrand at sumptuouscapital.com Sat Feb 1 11:32:25 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sat, 01 Feb 2014 11:32:25 +0100 Subject: BoF at FOSDEM ? In-Reply-To: <20140201092559.4989072.18337.17888@sumptuouscapital.com> References: <87txcubr4j.fsf@vigenere.g10code.de> <52E19771.60608@cased.de> <87a9ela8ob.fsf@vigenere.g10code.de> <52E2C994.1050504@cased.de> <87lhy584j6.fsf@vigenere.g10code.de> <20140201092559.4989072.18337.17888@sumptuouscapital.com> Message-ID: <52ECCD39.3000607@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [Seems my email from my cellphone got stuck in the moderator queue. So please excuse a duplicate post once it gets through. ] On 02/01/2014 10:25 AM, Kristian Fiskerstrand wrote: > I have signed up for a slot at H3.227 today (saturday) at > 1300-1400 > > see you there > > Sent from my BlackBerry 10 smartphone. > *From: *Werner Koch *Sent: *Friday, January 24, 2014 10:27 PM ,,, > Okay, thus we have > > - Report on current keyserver work [Kristian] - Make GPG invisible > to the user [Arne] - ECC and GnuPG progress [Werner] > - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aut disce aut discede Either learn or leave -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS7M00AAoJEPw7F94F4TagAXsP/3u0L0GN4C6Dhnn9Hu1ujhAd YJ7Hqt3qsektvJHWYQoH+I2dXVN+Pse3TeEOnflHg183mD2OvtARCJy+GMaOQowB paEbeBL3RWkrZNG/j8AxhVdHXYBZqAqGc7Yk++M2s59Zmrqu2RDvlehLagL8is25 RMzScPoDz+xNt6ZV0f9xyg1hzS8Pq0FgJ12SHI6ut5w1BGkEplDXSg3/C9rsubvO WBf0AAMnn+npgvkjV3BHXNGglSPlZyR2xxrBUdc8T3MPt0uYdXxcoFAwqfLhiyDk nASlbQtLYiTqM9Bi6eUeUI1eOqSyZ6/Iw70BiNOm+A925tNT1/Cqkr5y3sxVMSxM VnFgfWrhgE03vnnxPEFwFwWK+Jhq9CNBVl6BEcLhjF96ynNbjV1LgQL/CSfCcRwU 1iu57MFEVPZ1610d2UuhCfeR/asvvtKb+Pog4638uCKUz8O1PVycUWT7IopH3G5Q L9Nz1en0qO1S9daJWDdULAqpG3R3iQBsWFu/AKHEEMbTg59lzpmuydIQT0+fKduF 8fLQVcgLGONzhpf7ecdqadz88AY5lDhhDG4GnIBEG2TOnSFK3IorapVsBYwqLovC rYWwRjh7NgyDVEF15Ggyso+Lpc1c4PnOIpwhn2yO+Dni0MhUrssABxwK3uI6Zt38 QzBB2wh/lxu8NTIHwmHL =lWZX -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sat Feb 1 10:25:59 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sat, 01 Feb 2014 10:25:59 +0100 Subject: BoF at FOSDEM ? In-Reply-To: <87lhy584j6.fsf@vigenere.g10code.de> References: <87txcubr4j.fsf@vigenere.g10code.de> <52E19771.60608@cased.de> <87a9ela8ob.fsf@vigenere.g10code.de> <52E2C994.1050504@cased.de> <87lhy584j6.fsf@vigenere.g10code.de> Message-ID: <20140201092559.4989072.18337.17888@sumptuouscapital.com> An HTML attachment was scrubbed... URL: From martin at martinpaljak.net Sat Feb 1 14:13:04 2014 From: martin at martinpaljak.net (Martin Paljak) Date: Sat, 1 Feb 2014 13:13:04 +0000 Subject: BoF at FOSDEM ? In-Reply-To: <52ECCD39.3000607@sumptuouscapital.com> References: <87txcubr4j.fsf@vigenere.g10code.de> <52E19771.60608@cased.de> <87a9ela8ob.fsf@vigenere.g10code.de> <52E2C994.1050504@cased.de> <87lhy584j6.fsf@vigenere.g10code.de> <20140201092559.4989072.18337.17888@sumptuouscapital.com> <52ECCD39.3000607@sumptuouscapital.com> Message-ID: Too bad I missed. Where did you get with the ECC discussion? m. -- Martin +372 515 6495 On Sat, Feb 1, 2014 at 10:32 AM, Kristian Fiskerstrand wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > [Seems my email from my cellphone got stuck in the moderator queue. So > please excuse a duplicate post once it gets through. ] > > On 02/01/2014 10:25 AM, Kristian Fiskerstrand wrote: >> I have signed up for a slot at H3.227 today (saturday) at >> 1300-1400 >> >> see you there >> >> Sent from my BlackBerry 10 smartphone. > > > >> *From: *Werner Koch *Sent: *Friday, January 24, 2014 10:27 PM > > ,,, > >> Okay, thus we have >> >> - Report on current keyserver work [Kristian] - Make GPG invisible >> to the user [Arne] - ECC and GnuPG progress [Werner] >> > > > - -- > - ---------------------------- > Kristian Fiskerstrand > Blog: http://blog.sumptuouscapital.com > Twitter: @krifisk > - ---------------------------- > Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > - ---------------------------- > Aut disce aut discede > Either learn or leave > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJS7M00AAoJEPw7F94F4TagAXsP/3u0L0GN4C6Dhnn9Hu1ujhAd > YJ7Hqt3qsektvJHWYQoH+I2dXVN+Pse3TeEOnflHg183mD2OvtARCJy+GMaOQowB > paEbeBL3RWkrZNG/j8AxhVdHXYBZqAqGc7Yk++M2s59Zmrqu2RDvlehLagL8is25 > RMzScPoDz+xNt6ZV0f9xyg1hzS8Pq0FgJ12SHI6ut5w1BGkEplDXSg3/C9rsubvO > WBf0AAMnn+npgvkjV3BHXNGglSPlZyR2xxrBUdc8T3MPt0uYdXxcoFAwqfLhiyDk > nASlbQtLYiTqM9Bi6eUeUI1eOqSyZ6/Iw70BiNOm+A925tNT1/Cqkr5y3sxVMSxM > VnFgfWrhgE03vnnxPEFwFwWK+Jhq9CNBVl6BEcLhjF96ynNbjV1LgQL/CSfCcRwU > 1iu57MFEVPZ1610d2UuhCfeR/asvvtKb+Pog4638uCKUz8O1PVycUWT7IopH3G5Q > L9Nz1en0qO1S9daJWDdULAqpG3R3iQBsWFu/AKHEEMbTg59lzpmuydIQT0+fKduF > 8fLQVcgLGONzhpf7ecdqadz88AY5lDhhDG4GnIBEG2TOnSFK3IorapVsBYwqLovC > rYWwRjh7NgyDVEF15Ggyso+Lpc1c4PnOIpwhn2yO+Dni0MhUrssABxwK3uI6Zt38 > QzBB2wh/lxu8NTIHwmHL > =lWZX > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From detlev at reymann.eu Sat Feb 1 17:58:23 2014 From: detlev at reymann.eu (Detlev Reymann) Date: Sat, 01 Feb 2014 17:58:23 +0100 Subject: Opengpg smartcard with lightdm an truecrypt Message-ID: <52ED27AF.6060401@reymann.eu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I recently bought a Opengpg smartcard, version 2.0 and managed to use it on two computers running Ubuntu 12.10 and Ubuntu 13.04. After reading nearly all informations I found in the internet it is possible to use it for ssh, for gpg (in combination with thunderbird and enigmail) and (partly) for log in. Two problems are left and it would be great to get some hints from the community. First problem is log-in with lightdm. I installed pam_poldi and changed the file /etc/pam.d/lightdm to look like this: - -----/etc/pam.d/lightdm--------------- #%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so readenv=1 auth required pam_env.so readenv=1 envfile=/etc/default/locale auth sufficient pam_succeed_if.so user ingroup nopasswdlogin auth sufficient pam_poldi.so try-pin 123456 auth required pam_unix.so nullok_secure @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start @include common-password - -------------------------------------- The changes compared with the original file are the lines: auth sufficient pam_poldi.so try-pin 123456 (not the real pin :-)) auth required pam_unix.so nullok_secure instead of: @include common-auth I expected that lightdm would first try to read the smartcard and possibly fall back to password login. What happens instead is, that after a long while it asks for the pin of the smartcard and then additionally for the password. I do not find any information on the internet how to change this. So this is only partially successful. Second problem is the use of the smartcard (with a keyfile) and truecrypt (version 7.0a) Using the library /usr/lib/opensc-pkcs11.so as PKCS#11 Library Path leads to an error message saying: "No security token found. Please make sure your security token is connected to your computer and the correct device driver for your token is installed." Using libOpenPGP11_64.so (or libOpenPGP11_32.so, which I found on http://smartcard-auth.de/download-de.html gives an other error message: "Security token error: DEVICE REMOVED" This happens always, even if I kill the pgp-agent before (this is necessary, when I switch to my HBCI-Smartcard (German online-banking-smartcard) or whatever else. Any hint would be great; thanks in advance Detlev - -- Detlev Reymann detlev at reymann.eu http://www.reymann.eu Diese Nachricht ist elektronisch mit GPG signiert. Wenn Sie nicht mit entsprechender Software arbeiten, ignorieren Sie bitte den entsprechenden Abschnitt dieser Mail einfach. This mail is signed electronically via gpg. If you do not use encryption software, simply ignore the additional part of this mail -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS7SeoAAoJEM6JTkpQd1J1X/YH/3FnvAGdZOg3SGlwao+zh4Ns hAj3oxC0U0cAgtGobW0/TV1PMxGuFRSaInLTwlJ6VzOnZ4fYb65lF74ZCz4AVLLh dZxEF1qoCCN45AR9XTZ8DVmoqxvUv9rGR9ePuAeEhB3zJFAQEkQ+J1YQoGtx9kR6 Y5uxtDSKUWlNNl84HMKrXewKfA96AFLcSDFDw2FijlSmTEOWvpdzma5fI4R2VSoh +WWSgFbvn/X6o4mIr0Lw9htfYN4trO7YngRcw3/fLqF1Up8j0qdm6wKTKdBjAN0k c6Ogx7fLE9cCddnV4YHmGpJeNiBjbosNyxHW3pjeI3YU8N4LnI4OP0F9rOHkIM0= =i4cq -----END PGP SIGNATURE----- From wk at gnupg.org Mon Feb 3 11:35:51 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Feb 2014 11:35:51 +0100 Subject: BoF at FOSDEM ? In-Reply-To: (Martin Paljak's message of "Sat, 1 Feb 2014 13:13:04 +0000") References: <87txcubr4j.fsf@vigenere.g10code.de> <52E19771.60608@cased.de> <87a9ela8ob.fsf@vigenere.g10code.de> <52E2C994.1050504@cased.de> <87lhy584j6.fsf@vigenere.g10code.de> <20140201092559.4989072.18337.17888@sumptuouscapital.com> <52ECCD39.3000607@sumptuouscapital.com> Message-ID: <87ioswwkjc.fsf@vigenere.g10code.de> On Sat, 1 Feb 2014 14:13, martin at martinpaljak.net said: > Too bad I missed. Where did you get with the ECC discussion? I merely reported about the status and that I think it is better to wait a few weeks until the I-D for the new curves is more complete. Then we can start to implement that. Kristian reported that the keyservers do not yet fully support ECC (required for keyid and fingerprints) but that should not be a showstopper. Deployment of new keyserver code is happening much faster than in the past. We have been about 12 people at the BoF and from their comments I read that non-NIST curves should be the default. But first of all I need to fix some things I broke in the last weeks. We also talked about a possible 1.5 release to make 1.4 maintenance easier by switching to Libgcrypt. This would save use from maintaining a completely detached branch of crypto code for 1.4 and allow to add ECC support to GnuPG-1. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From arne.renkema-padmos at cased.de Mon Feb 3 11:28:06 2014 From: arne.renkema-padmos at cased.de (arne renkema-padmos) Date: Mon, 03 Feb 2014 11:28:06 +0100 Subject: BoF at FOSDEM ? In-Reply-To: References: <87txcubr4j.fsf@vigenere.g10code.de> <52E19771.60608@cased.de> <87a9ela8ob.fsf@vigenere.g10code.de> <52E2C994.1050504@cased.de> <87lhy584j6.fsf@vigenere.g10code.de> <20140201092559.4989072.18337.17888@sumptuouscapital.com> <52ECCD39.3000607@sumptuouscapital.com> Message-ID: <52EF6F36.3090205@cased.de> On 01/02/14 14:13, Martin Paljak wrote: > Too bad I missed. Where did you get with the ECC discussion? Correct me if I'm wrong but I understand that 2.1 is planned for the end of summer, and that currently there is a wait for all the haggling and standardisation work around ECC (see https://irtf.org/cfrg mailing list), which is close to done, but there's still debate about point compression format. The time frame also coincides with the last (possibly relevant / possibly FUD) ECC patents expiring. Cheers, arne -- Arne Renkema-Padmos Doctoral researcher CASED, TU Darmstadt @hcisec, secuso.org From koukopoulos at gmail.com Mon Feb 3 14:33:17 2014 From: koukopoulos at gmail.com (Kostantinos Koukopoulos) Date: Mon, 3 Feb 2014 15:33:17 +0200 Subject: openpgp card and basiccard RNG Message-ID: Hello, Aparrently the OpenPGP card is based on BasicCard [1] and from the BasicCard FAQ [2] I read: "For Enhanced BasicCards, the card has no hardware generator. The Enhanced BasicCards contain a unique manufacturing number which cannot be read from outside the card. The Rnd function uses this number to generate random numbers which are different for each card. For Professional and MultiApplication BasicCards, the random number is generated by use of a hardware random number generator." Does anybody know which version of BasicCard is used for the OpenPGP cards distributed by KernelConcepts.de? If it is the Enhanced version, does the use of a pseudorandom generator pose a security risk? Cheers, Konstantinos 1. http://www.basiccard.com/index.html?news.htm 2. http://www.basiccard.com/engfaq.htm -- |/ |/ Konstantinos |\ |\ Koukopoulos VSRE messages are welcome*, Thanks! * for more information see: http://vsre.info -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Tue Feb 4 04:55:56 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 04 Feb 2014 04:55:56 +0100 Subject: making the X.509 infrastructure available for OpenPGP Message-ID: <2245496.z9UhZPtX1S@inno> Hello, I would like to say first that my X.509 understanding is orders of magnitude lower that that of OpenPGP. So I hope this makes sense to you... This idea came to my mind while I was wondering why several CAs offer free (but rather useless...) certificates for X.509 but not for OpenPGP. Whatever they do with X.509 can be done with OpenPGP, too (e.g. setting an expiration date for the signature). How much effort can it be to offer both? Then I realized that they could do that but that a CA signature for an OpenPGP certificate is rather useless in today's situation: Most of the value of an X.509 certification is the pre-installed root CA pool. A certification by a non-pre-installed CA is typically less useful than an OpenPGP certification. Now my point: Keys can be converted from one format to the other. The fingerprint changes but obviously the keygrip doesn't. I believe it would make a lot of sense to create a connection between gpg and gpgsm and point gpgsm to the OS's and / or browser's root certificate pool. Then a CA could offer its certificate in OpenPGP format (even conforming to some new "standard" which makes it easier to detect this special kind of certificate e.g. by using a comment or signature notation pointing to the related X.509 certificate), and GnuPG could easily realize that it is the same key. This would relieve the user from the hard decision whether a certificate is valid (the CAs OpenPGP certificate in this case). The user would just have to decide (like with any other OpenPGP certificate) whether he wants to trust this CA (and how much). By doing so the pre-installed CA pool would become valuable for OpenPGP, too, and it would make sense for the CAs to offer certifications for OpenPGP certificates, too. Maybe there are other reasons for some CAs, too. But I assume this would be rather little effort and could close much of the gap to S/MIME's convenience. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mwood at IUPUI.Edu Tue Feb 4 15:01:12 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue, 4 Feb 2014 09:01:12 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <2245496.z9UhZPtX1S@inno> References: <2245496.z9UhZPtX1S@inno> Message-ID: <20140204140111.GB11786@IUPUI.Edu> On Tue, Feb 04, 2014 at 04:55:56AM +0100, Hauke Laging wrote: [snip] > Now my point: Keys can be converted from one format to the other. The > fingerprint changes but obviously the keygrip doesn't. I believe it > would make a lot of sense to create a connection between gpg and gpgsm > and point gpgsm to the OS's and / or browser's root certificate pool. > Then a CA could offer its certificate in OpenPGP format (even conforming > to some new "standard" which makes it easier to detect this special kind > of certificate e.g. by using a comment or signature notation pointing to > the related X.509 certificate), and GnuPG could easily realize that it > is the same key. This would relieve the user from the hard decision > whether a certificate is valid (the CAs OpenPGP certificate in this > case). The user would just have to decide (like with any other OpenPGP > certificate) whether he wants to trust this CA (and how much). > > By doing so the pre-installed CA pool would become valuable for OpenPGP, > too, and it would make sense for the CAs to offer certifications for > OpenPGP certificates, too. Assuming you trust those CAs. All of them. Having said that, you might look at how OpenSSH has included X.509 certificates in its operation. There is precedent for something like what you suggest. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Tue Feb 4 15:47:55 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 04 Feb 2014 09:47:55 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <20140204140111.GB11786@IUPUI.Edu> References: <2245496.z9UhZPtX1S@inno> <20140204140111.GB11786@IUPUI.Edu> Message-ID: <52F0FD9B.9000608@fifthhorseman.net> On 02/04/2014 09:01 AM, Mark H. Wood wrote: > Having said that, you might look at how OpenSSH has included X.509 > certificates in its operation. There is precedent for something like > what you suggest. fwiw, the answer here is "they haven't". Roumen Petrov's X.509 patches remain outside of OpenSSH mainline, and there seems to be very little chance for upstream adoption. Some distributions may include those patches, but not all of them, and upstream has held the line against them, even implementing their own certificate format instead of adopting X.509. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Feb 4 17:09:42 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 04 Feb 2014 11:09:42 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <2245496.z9UhZPtX1S@inno> References: <2245496.z9UhZPtX1S@inno> Message-ID: <52F110C6.6010304@fifthhorseman.net> On 02/03/2014 10:55 PM, Hauke Laging wrote: > This idea came to my mind while I was wondering why several CAs offer > free (but rather useless...) certificates for X.509 but not for OpenPGP. > Whatever they do with X.509 can be done with OpenPGP, too (e.g. setting > an expiration date for the signature). How much effort can it be to > offer both? I'd also be interested in a CA that is willing to certify a public key with both the X.509 and OpenPGP certificate formats. > Now my point: Keys can be converted from one format to the other. The > fingerprint changes but obviously the keygrip doesn't. I believe it > would make a lot of sense to create a connection between gpg and gpgsm > and point gpgsm to the OS's and / or browser's root certificate pool. > Then a CA could offer its certificate in OpenPGP format (even conforming > to some new "standard" which makes it easier to detect this special kind > of certificate e.g. by using a comment or signature notation pointing to > the related X.509 certificate), We have such an indicator format going in the opposite direction (pointing from X.509 to the related OpenPGP cert). In particular, it's the X509v3 extension known as PGPExtension (OID: 1.3.6.1.4.1.3401.8.1.1), which is the creation date of the key (in seconds since the UNIX epoch). given the value from this extension and the public key information, you can reconstruct the key's OpenPGP fingerprint, and from the OpenPGP fingerprint, you can find it on the keyservers. I've been meaning to write a patch to make it easy to add this extension via GnuTLS's certtool, but i haven't gotten around to it for well over a year now :( I don't know of a formalized way to do the other mapping, but it seems like it would be pretty straightforward to embed the full X.509 certificate in a notation packet on a self-sig (presumably a self-sig over the OpenPGP User ID that matches the X.509 Subject or something). > and GnuPG could easily realize that it > is the same key. This would relieve the user from the hard decision > whether a certificate is valid (the CAs OpenPGP certificate in this > case). The user would just have to decide (like with any other OpenPGP > certificate) whether he wants to trust this CA (and how much). I have never heard a user wonder whether a given CA's certificate as shipped by their browser (for example) is valid. At best, i've heard people wonder whether a given CA should be relied on ("put in the root store", "trusted", etc). So i don't think the OpenPGP verification step gains you anything here. > By doing so the pre-installed CA pool would become valuable for OpenPGP, > too, and it would make sense for the CAs to offer certifications for > OpenPGP certificates, too. I think these two questions are distinct. If there is a public CA that is willing to offer OpenPGP certificates, i would like to know about it (whether they offer them with the same key they use for their X.509 activities or not). > Maybe there are other reasons for some CAs, too. But I assume this would > be rather little effort and could close much of the gap to S/MIME's > convenience. I'm not sure how the gap would be closed. From my perspective, the S/MIME convenience stems from near-ubiquitous integrated deployment as much as it does from the (problematic and untrustworthy) "i don't have to think about it" certificate validity model. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Tue Feb 4 18:36:52 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 04 Feb 2014 18:36:52 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F110C6.6010304@fifthhorseman.net> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> Message-ID: <4658742.4sCBMk1XBK@inno> Am Di 04.02.2014, 11:09:42 schrieb Daniel Kahn Gillmor: > We have such an indicator format going in the opposite direction > (pointing from X.509 to the related OpenPGP cert). In particular, > it's the X509v3 extension known as PGPExtension Interesting, I didn't know that. > I don't know of a formalized way to do the other mapping, but it seems > like it would be pretty straightforward to embed the full X.509 > certificate in a notation packet Why wouldn't the fingerprint and the DN not be enough? The whole approach is based on the assumption that the X.509 certificate is already available. > > and GnuPG could easily realize that it > > is the same key. This would relieve the user from the hard decision > > whether a certificate is valid (the CAs OpenPGP certificate in this > > case). The user would just have to decide (like with any other > > OpenPGP certificate) whether he wants to trust this CA (and how > > much). > I have never heard a user wonder whether a given CA's certificate as > shipped by their browser (for example) is valid. At best, i've heard > people wonder whether a given CA should be relied on ("put in the root > store", "trusted", etc). So i don't think the OpenPGP verification > step gains you anything here. You have misunderstood me: I said (or: tried to say...) quite the same. Because the CA key is in the root store the user need not care about it being valid or not. And this covers the OpenPGP variant of the key, too, of course. Thus the OpenPGP verification step could be skipped. The trust step could be skipped, too, but I would prefer to keep a question "This CA's key has already been verified. How much do you want to trust this CA?" That would reduce the risk of pre-installed certificates and remind users of it that they must decide whom to trust. With OpenPGP certifications it would also make perfect sense to set a CA to marginal trust. > If there is a public CA > that is willing to offer OpenPGP certificates, i would like to know > about it (whether they offer them with the same key they use for > their X.509 activities or not). Using a different key would not make sense. And without OpenPGP being capable of using the X.509 CA store it makes little sense for the CAs to make OpenPGP certifications. So why should they be willing to do something obviously useless? The OpenPGP community has to make a technical change first (or at least to offer making that change) before the question whether the CAs are willing is useful. > I'm not sure how the gap would be closed. From my perspective, the > S/MIME convenience stems from near-ubiquitous integrated deployment as > much as it does from the (problematic and untrustworthy) "i don't > have to think about it" certificate validity model. That's my opinion, too. And exactly that can be taken over to OpenPGP. Integrated deployment is already there, we just need the technical bridge from X.509 to OpenPGP. And afterwards the OpenPGP certifications by the CAs, of course. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From melvincarvalho at gmail.com Tue Feb 4 18:23:30 2014 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Tue, 4 Feb 2014 18:23:30 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F0FD9B.9000608@fifthhorseman.net> References: <2245496.z9UhZPtX1S@inno> <20140204140111.GB11786@IUPUI.Edu> <52F0FD9B.9000608@fifthhorseman.net> Message-ID: On 4 February 2014 15:47, Daniel Kahn Gillmor wrote: > On 02/04/2014 09:01 AM, Mark H. Wood wrote: > > Having said that, you might look at how OpenSSH has included X.509 > > certificates in its operation. There is precedent for something like > > what you suggest. > > fwiw, the answer here is "they haven't". Roumen Petrov's X.509 patches > remain outside of OpenSSH mainline, and there seems to be very little > chance for upstream adoption. Some distributions may include those > patches, but not all of them, and upstream has held the line against > them, even implementing their own certificate format instead of adopting > X.509. > Any reason why this might be? FWIW: I have converted my RSA GPG key into a self signed X.509 certificate, which I display on my homepage. Although there's no official web or trust, it has links in, and links out, to other people's identities (and keys) forming a mini WOT, in the same sense that a search engine might use links in and links out as a social signal. > > --dkg > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From melvincarvalho at gmail.com Tue Feb 4 18:21:58 2014 From: melvincarvalho at gmail.com (Melvin Carvalho) Date: Tue, 4 Feb 2014 18:21:58 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F0FD9B.9000608@fifthhorseman.net> References: <2245496.z9UhZPtX1S@inno> <20140204140111.GB11786@IUPUI.Edu> <52F0FD9B.9000608@fifthhorseman.net> Message-ID: On 4 February 2014 15:47, Daniel Kahn Gillmor wrote: > On 02/04/2014 09:01 AM, Mark H. Wood wrote: > > Having said that, you might look at how OpenSSH has included X.509 > > certificates in its operation. There is precedent for something like > > what you suggest. > > fwiw, the answer here is "they haven't". Roumen Petrov's X.509 patches > remain outside of OpenSSH mainline, and there seems to be very little > chance for upstream adoption. Some distributions may include those > patches, but not all of them, and upstream has held the line against > them, even implementing their own certificate format instead of adopting > X.509. > Any reason why this might be? FWIW: I have converted my RSA GPG key into a self signed X.509 certificate, which I display on my homepage. Although there's no official web or trust, it has links in, and links out, to other people's identities (and keys) forming a mini WOT, in the same sense that a search engine might use links in and links out as a social signal. > > --dkg > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Tue Feb 4 19:38:07 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 04 Feb 2014 19:38:07 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F110C6.6010304@fifthhorseman.net> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> Message-ID: <52F1338F.7030004@digitalbrains.com> On 04/02/14 17:09, Daniel Kahn Gillmor wrote: > If there is a public CA that is willing to offer OpenPGP certificates, i > would like to know about it (whether they offer them with the same key they > use for their X.509 activities or not). FWIW, CACert signs OpenPGP keys of verified people with key 0xD2BB0D0165D0FD58 if you want them to. Since it's 1024-bit DSA, it's a bit dated in some respects. And CACert still isn't in the default trusted root bundle on quite some systems, I believe. With regard to this discussion: I'd rather see the CA model replaced by something a little more trustworthy than extending the trust in that broken model to OpenPGP. Monkeysphere comes to mind. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Tue Feb 4 21:05:10 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 04 Feb 2014 21:05:10 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F110C6.6010304@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Tue, 04 Feb 2014 11:09:42 -0500") References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> Message-ID: <87bnymve2x.fsf@vigenere.g10code.de> On Tue, 4 Feb 2014 17:09, dkg at fifthhorseman.net said: > I don't know of a formalized way to do the other mapping, but it seems > like it would be pretty straightforward to embed the full X.509 > certificate in a notation packet on a self-sig (presumably a self-sig PGP does this. IIRC, Hal Finney once posted the specs for this to the OpenPGP WG. Unfortunately I can't find it in my archives. It was a pretty obvious thing, though. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From 2014-667rhzu3dc-lists-groups at riseup.net Tue Feb 4 21:32:38 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 4 Feb 2014 20:32:38 +0000 Subject: MUA "automatically signs keys"? In-Reply-To: <20140131092417.6515e1b0@steves-laptop> References: <20140123225023.3dcbe4dd@steves-laptop> <20140129172436.22bde6d2@steves-laptop> <20140129105226.Horde.mBoJDwHvBxCAWAwF8v8G5Q2@mail.sixdemonbag.org> <6757499.FAIGtOWeFj@mani> <827754268.20140130000417@my_localhost> <20140130005844.1f0f5b54@steves-laptop> <1479487283.20140130210945@my_localhost> <20140130224339.5fcb0d27@steves-laptop> <467167660.20140131011507@my_localhost> <20140131092417.6515e1b0@steves-laptop> Message-ID: <1384038862.20140204203238@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 31 January 2014 at 9:24:17 AM, in , Steve Jones wrote: > Well the conventions of use, for example the key > signing party protocol, requires photographic id. If I > publicly sign a key it has to be in line with how I > expect others to interpret it. Policies and notations > on signatures go some way to alleviate that but only if > the tools support it. Surely if others interpret it differently than how you publicly state you mean it, that's their own look-out. > To me, you are just an email address, for > all I know you're a dozen different people spoofing > emails to the list. If all your mails are signed with > the same key then I can at least assume all those > people are working in concert :-) I think all my emails to this list are signed with the same key. (-; > The issue is that the tools around OpenPGP use are > designed around the idea that it's for verifying some > fixed identity, whereas in this case it's continuity of > identity that's more important. You mean it doesn't matter *who* I am as long as I am the same person you corresponded with before? Apart from certain narrow legally-defined situations, that's fairly general in real life as well as online. > If your key had dozens > of signatures at the persona level going back a few > years then I'd have a reasonable belief that you're not > just a brand new identity created for mischievousness If you were that worried, you could check the list archives for signed postings from MFPA. > With notations you get a system of > distributed tagging, where identity becomes a matter of > a collection of attested to attributes. Obviously this > could create a lot of noise so you'd have a limited set > of folks (including ephemeral Internet folks) who's > tags you trust, probably the same people who's > signatures you trust - which is handy. :-) Would they "probably" be the same folks? Or would the people whose signatures you trust be akin to those you would have round for a meal, whereas those whose tags you trust would be more like people with whom you'd go out for a pint? > My mail client, and all the others I've used, is only > interested in whether I, or someone else, has certified > that MFPA is your real name. Any I have used is only interested in whether the key is valid. My local signature makes it valid but gives no clue about whether I know somebody's real name. > Certainly. This BTW is why I think anonymous > cryptocurrency is a daft idea Why do you need to know who the other person was in a Butcoin transaction? > True, "This person is a police officer and would like > to know where you were last night," might lead you to > wanting to see id. It might also lead to a point-blank refusal to enter any discussion. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Why is the universe here? Well, where else would it be? -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLxTndXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pOTkEAJCgeer2dfUk73oLg+x4Os9GYfcpkRDHIbAi yysyZcESOpZ9fMfRahVSb6YoZc87WEc2uHJAizsOaMelondTAYHTKV72KsGymd+q wh+ZEuxgIEjYA5VjpQ9jjp/38+eUb/ZkvP3uSoHe9x1s3lHl6sdulcSKkvj1Rctz FoGEaIJ4 =Nbk9 -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Wed Feb 5 04:11:36 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 05 Feb 2014 04:11:36 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F1338F.7030004@digitalbrains.com> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <52F1338F.7030004@digitalbrains.com> Message-ID: <2686030.ht6cBmGDXV@inno> Am Di 04.02.2014, 19:38:07 schrieb Peter Lebbing: > And CACert still isn't in the default > trusted root bundle on quite some systems, I believe. And will probably "never" be. > extending the trust in that broken model to OpenPGP That is not what I suggest. You can assign certification trust to any key. Why should this of all keys not be done with certain CA keys? In contrast to the X.509 approach I would not skip the user's trust decision. And an important difference is that you could limit the CA to marginal trust. There is an advantage even if you do not assign positive certification trust to the CA key: You see a valid CA signature on the certificate to be verified and can make it valid yourself. Of course, it would be nice if you did not have to make a completely independent signature on the UID but could sign this one CA signature, thus empowering the CA signature to make the key valid. The advantages would be that 1) the CA cannot make keys valid without your explicit approval 2) in contrast to a signature by your own key this signature would become invalid if the CA revoked it. The RfC defines signatures over signatures but I guess this currently is not used (except for revocations). Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Wed Feb 5 04:15:53 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 05 Feb 2014 04:15:53 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <87bnymve2x.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> Message-ID: <1598787.UK5snZ2ZU7@inno> Am Di 04.02.2014, 21:05:10 schrieb Werner Koch: > On Tue, 4 Feb 2014 17:09, dkg at fifthhorseman.net said: > > I don't know of a formalized way to do the other mapping, but it > > seems like it would be pretty straightforward to embed the full > > X.509 certificate in a notation packet on a self-sig (presumably a > > self-sig > PGP does this. IIRC, Hal Finney once posted the specs for this to the > OpenPGP WG. Wow. Does that mean that PGP can verify OpenPGP keys with X.509 certificates (in combination with a related OpenPGP certificate)? Or is this just a "theoretical" feature? Are there reasons (beside the obvious effort and work budget) for not having implemented this in GnuPG? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From dkg at fifthhorseman.net Wed Feb 5 06:03:23 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Feb 2014 00:03:23 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <4658742.4sCBMk1XBK@inno> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <4658742.4sCBMk1XBK@inno> Message-ID: <52F1C61B.6050600@fifthhorseman.net> On 02/04/2014 12:36 PM, Hauke Laging wrote: >> I don't know of a formalized way to do the other mapping, but it seems >> like it would be pretty straightforward to embed the full X.509 >> certificate in a notation packet > > Why wouldn't the fingerprint and the DN not be enough? The whole > approach is based on the assumption that the X.509 certificate is > already available. if the X.509 certificate is already available, nothing else needs to be done. you can compare the MPIs for the public key directly. > Using a different key would not make sense. why not? many of the main cartel CAs routinely set up special keys for sub-CAs whose job is to make certain kinds of certifications. Perhaps such a sub-CA could be made for issuing OpenPGP certifications? > That's my opinion, too. And exactly that can be taken over to OpenPGP. > Integrated deployment is already there, we just need the technical > bridge from X.509 to OpenPGP. And afterwards the OpenPGP certifications > by the CAs, of course. I'd love to see it the other way around, actually (though maybe i'm misunderstanding you again) -- It would be great to use S/MIME as the message transport and encapsulation, but use OpenPGP for the certificate model. This takes advantage of all the existing message parsing and packaging in any existing S/MIME client, and reduces OpenPGP support to a key management and certificate validation plugin. To do this, i'd likely want to add a pair of S/MIME-specific subkeys to my OpenPGP certificate (one for encryption, one for signing), so that i can avoid re-using key material across different cryptographic messaging schemes (i.e. not use the same signing key for both OpenPGP messages and S/MIME messages). Werner recently (in message ID 87zjmv127f.fsf at vigenere.g10code.de) indicated his acceptance of a notation named extended-usage at gnupg.org with a value that can be set to "bitcoin". Maybe the same notation could be used to indicate "s/mime-sign" or "s/mime-encrypt" for these sorts of keys? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From micha137 at gmx.de Wed Feb 5 09:01:19 2014 From: micha137 at gmx.de (Michael Anders) Date: Wed, 05 Feb 2014 09:01:19 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: References: Message-ID: <1391587279.3710.22.camel@micha137-myAMD-CM1740> > Hello, > Aparrently the OpenPGP card is based on BasicCard [1] and from the > BasicCard FAQ [2] I read: > "For Enhanced BasicCards, the card has no hardware generator. The Enhanced > BasicCards contain a unique manufacturing number which cannot be read from > outside the card. The Rnd function uses this number to generate random > numbers which are different for each card. > > For Professional and MultiApplication BasicCards, the random number is > generated by use of a hardware random number generator." > > Does anybody know which version of BasicCard is used for the OpenPGP cards > distributed by KernelConcepts.de? If it is the Enhanced version, does the > use of a pseudorandom generator pose a security risk? In my opinion a (good) PRNG seeded properly under user control is no problem. If -as the FAQ seems to tell- it is primed during production, beyond user control, this implies that normal users have to fully trust the manufacturer. A malicious manufacturer would be able to completely break privacy based on the "Enhanced BasicCard" without the user being able to detect this. An instance is created here, deliberately and unnecessarily, which the user has to trust. This pattern smells like a backdoor mechanism to me. I would outrighly reject to use such a card. Cheers Michael Anders From wk at gnupg.org Wed Feb 5 11:19:40 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Feb 2014 11:19:40 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F1C61B.6050600@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 05 Feb 2014 00:03:23 -0500") References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <4658742.4sCBMk1XBK@inno> <52F1C61B.6050600@fifthhorseman.net> Message-ID: <87y51puair.fsf@vigenere.g10code.de> On Wed, 5 Feb 2014 06:03, dkg at fifthhorseman.net said: > Werner recently (in message ID 87zjmv127f.fsf at vigenere.g10code.de) > indicated his acceptance of a notation named extended-usage at gnupg.org > with a value that can be set to "bitcoin". Maybe the same notation We can do that as soon as gniibe has finihsed hist work. > could be used to indicate "s/mime-sign" or "s/mime-encrypt" for these No problem. But name it cms-sign and cms-encrypt. CMS is used by S/MIME but can and is used standalone. Same as with OpenPGP and PGP/MIME. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Feb 5 11:23:24 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Feb 2014 11:23:24 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <1598787.UK5snZ2ZU7@inno> (Hauke Laging's message of "Wed, 05 Feb 2014 04:15:53 +0100") References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> Message-ID: <87txcduacj.fsf@vigenere.g10code.de> On Wed, 5 Feb 2014 04:15, mailinglisten at hauke-laging.de said: > Wow. Does that mean that PGP can verify OpenPGP keys with X.509 > certificates (in combination with a related OpenPGP certificate)? Or is > this just a "theoretical" feature? IIRC, the PGP desktop client also integrated an IPsec client and thus they needed key management for IKE. Merging this into the PGP key manager was easier for them. > Are there reasons (beside the obvious effort and work budget) for not > having implemented this in GnuPG? Checkout GPA, Claws, Kleopatra, GpgOL, or GpgEX - they integrate it. In general it does not make sense to use the same key - there is no advantage. For smartcards this is a different story, though. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From uhu at gmx.ch Wed Feb 5 13:58:37 2014 From: uhu at gmx.ch (Urs Hunkeler) Date: Wed, 05 Feb 2014 13:58:37 +0100 Subject: Scute and SmartCard insertion/removal in Firefox Message-ID: <52F2357D.3000601@gmx.ch> Hi, I use the GnuPG card and have installed all the software, including Scute. I configured a server for HTTPS asking for client certificates. When the card is inserted before requesting the page, I get a request for the user PIN for the card, and then the certificate is exchanged with the server as desired, and everything works fine. When the card is not inserted, my web application detects that no certificate has been sent and shows a login-failed message. If I then insert the card and reload the page, the card is not accessed and login still fails. I actually have to terminate and restart Firefox for it to use the card (shift-click on reload does not work either). Ideally, I would like to be logged out when I remove the card and logged in when I insert the card. Mozilla provides an unofficial JavaScript object to detect card insertion/removal (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript code detects successfully insertion and removal of the card. Using mozilla's example script, when I remove the card, the page is reloaded, but displays an error message. I can probably hide the error message by verifying the connection in the background (AJAX) or reloading the page with a delay. However, when I insert the card, the page is still reloaded but the client certificate is not used. Is there a way to reload a page and explicitly request that the SmartCard be accessed? Or do you have any suggestions for a work-around? Sincerely, Urs From martin at martinpaljak.net Wed Feb 5 16:15:01 2014 From: martin at martinpaljak.net (Martin Paljak) Date: Wed, 5 Feb 2014 15:15:01 +0000 Subject: Scute and SmartCard insertion/removal in Firefox In-Reply-To: <52F2357D.3000601@gmx.ch> References: <52F2357D.3000601@gmx.ch> Message-ID: If you have a web server *and* a client where you can control the session cache and initiate a re-negotiation, Firefox will try to look at your token again. At least this was the case a while ago. -- Martin +372 515 6495 On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler wrote: > Hi, > > I use the GnuPG card and have installed all the software, including Scute. I > configured a server for HTTPS asking for client certificates. When the card > is inserted before requesting the page, I get a request for the user PIN for > the card, and then the certificate is exchanged with the server as desired, > and everything works fine. > > When the card is not inserted, my web application detects that no > certificate has been sent and shows a login-failed message. If I then insert > the card and reload the page, the card is not accessed and login still > fails. I actually have to terminate and restart Firefox for it to use the > card (shift-click on reload does not work either). > > Ideally, I would like to be logged out when I remove the card and logged in > when I insert the card. Mozilla provides an unofficial JavaScript object to > detect card insertion/removal > (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript > code detects successfully insertion and removal of the card. Using mozilla's > example script, when I remove the card, the page is reloaded, but displays > an error message. I can probably hide the error message by verifying the > connection in the background (AJAX) or reloading the page with a delay. > However, when I insert the card, the page is still reloaded but the client > certificate is not used. > > Is there a way to reload a page and explicitly request that the SmartCard be > accessed? Or do you have any suggestions for a work-around? > > Sincerely, > Urs > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From uhu at gmx.ch Wed Feb 5 17:41:23 2014 From: uhu at gmx.ch (Urs Hunkeler) Date: Wed, 05 Feb 2014 17:41:23 +0100 Subject: Scute and SmartCard insertion/removal in Firefox In-Reply-To: References: <52F2357D.3000601@gmx.ch> Message-ID: <52F269B3.2010504@gmx.ch> Dear Martin, Thanks a lot for your help. It works now! After you pointed out re-negotiation, I first tried to find a way to dynamically request TLS renegotiation from the server (apache tomcat). All I could find is people thinking that this is a bad idea. I still think it makes sense in the given example, but I couldn't figure out how. However, while looking for information I came across a page where somebody had a very similar issue and uses the JavaScript logout function (window.crypto.logout(), not everywhere available but at least it exists in Firefox). This will request the client to forget about sessions and renegotiate the connection, which is exactly what I need. Cheers, Urs On 02/05/2014 04:15 PM, Martin Paljak wrote: > If you have a web server *and* a client where you can control the > session cache and initiate a re-negotiation, Firefox will try to look > at your token again. > > At least this was the case a while ago. > -- > Martin > +372 515 6495 > > > On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler wrote: >> Hi, >> >> I use the GnuPG card and have installed all the software, including Scute. I >> configured a server for HTTPS asking for client certificates. When the card >> is inserted before requesting the page, I get a request for the user PIN for >> the card, and then the certificate is exchanged with the server as desired, >> and everything works fine. >> >> When the card is not inserted, my web application detects that no >> certificate has been sent and shows a login-failed message. If I then insert >> the card and reload the page, the card is not accessed and login still >> fails. I actually have to terminate and restart Firefox for it to use the >> card (shift-click on reload does not work either). >> >> Ideally, I would like to be logged out when I remove the card and logged in >> when I insert the card. Mozilla provides an unofficial JavaScript object to >> detect card insertion/removal >> (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript >> code detects successfully insertion and removal of the card. Using mozilla's >> example script, when I remove the card, the page is reloaded, but displays >> an error message. I can probably hide the error message by verifying the >> connection in the background (AJAX) or reloading the page with a delay. >> However, when I insert the card, the page is still reloaded but the client >> certificate is not used. >> >> Is there a way to reload a page and explicitly request that the SmartCard be >> accessed? Or do you have any suggestions for a work-around? >> >> Sincerely, >> Urs >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > From peter at digitalbrains.com Wed Feb 5 18:47:48 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Feb 2014 18:47:48 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <2686030.ht6cBmGDXV@inno> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <52F1338F.7030004@digitalbrains.com> <2686030.ht6cBmGDXV@inno> Message-ID: <52F27944.1010206@digitalbrains.com> > That is not what I suggest. You can assign certification trust to any > key. Why should this of all keys not be done with certain CA keys? Ah, I had missed that nuance a bit, sorry. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Wed Feb 5 19:04:04 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Feb 2014 19:04:04 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <87txcduacj.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> Message-ID: <52F27D14.2030901@digitalbrains.com> On 05/02/14 11:23, Werner Koch wrote: > In general it does not make sense to use the same key - there is no > advantage. I could think of /a/ reason to do it. You could leverage existing X.509 certifications by CAs to verify key validity in the OpenPGP world. An X.509 certification obviously certifies that a certain X.509 certificate belongs to the person or role identified by the Distinguished Name. But seen a bit differently, it certifies that that Distinguished Name has control over the key that is in the certificate. If that same key is used as an OpenPGP key, it follows that that same Distinguished Name has control over that key. So you could create a hybrid model: I assign trust to a specific CA. That CA has issued a certificate with DN "XYZ". In my public OpenPGP keyring, there exists a key with a UID "XYZ", and that public key has the same raw key material as the certificate. A key manager that manages both types of keys can now in fact infer that UID "XYZ" is validated by that CA. This approach doesn't change anything about the format of certificates in either X.509 or OpenPGP, it simply matches raw key material and DN's to UID's, and infers a measure of validity from it. Since OpenPGP UID's are usually not in the same format as DN's, people need to explicitly create such a UID to support this kind of validity inference. For a better user experience, it might be useful if frontends could work with the DN format, so such a UID is considered when matching on an e-mail address. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dkg at fifthhorseman.net Wed Feb 5 19:22:16 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Feb 2014 13:22:16 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F27D14.2030901@digitalbrains.com> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> Message-ID: <52F28158.5060104@fifthhorseman.net> On 02/05/2014 01:04 PM, Peter Lebbing wrote: > So you could create a hybrid model: > > I assign trust to a specific CA. That CA has issued a certificate with DN "XYZ". > In my public OpenPGP keyring, there exists a key with a UID "XYZ", and that > public key has the same raw key material as the certificate. A key manager that > manages both types of keys can now in fact infer that UID "XYZ" is validated by > that CA. > > This approach doesn't change anything about the format of certificates in either > X.509 or OpenPGP, it simply matches raw key material and DN's to UID's, and > infers a measure of validity from it. Since OpenPGP UID's are usually not in the > same format as DN's, people need to explicitly create such a UID to support this > kind of validity inference. For a better user experience, it might be useful if > frontends could work with the DN format, so such a UID is considered when > matching on an e-mail address. If you're interested in this sort of hybrid approach, please take a look at the monkeysphere validation agent's msva-perl git repository, which contains a perl script "openpgp2x509" : git://git.monkeysphere.info/msva-perl I also have rather half-baked code called "2ca" that operates a minimalist "dual-stack" certificate authority which creates certificates in both OpenPGP and X.509 forms. In particular, it takes an OpenPGP certificate, certifies selected User IDs on it, and then produces an X.509 certificate derived from the relevant key (or subkey) based on the User ID and key usage flags: git://lair.fifthhorseman.net/~dkg/2ca I'd welcome patches or suggestions or fixes. Please don't try to deploy this in any sort of production environment without understanding it fully and thinking it through. If you want to follow up in detail about these projects, and if Werner feels it's off-topic for this list, followup on the Monkeysphere development list would be fine: Monkeysphere Developers Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Feb 5 21:06:25 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Feb 2014 21:06:25 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F27D14.2030901@digitalbrains.com> (Peter Lebbing's message of "Wed, 05 Feb 2014 19:04:04 +0100") References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> Message-ID: <878utptjcu.fsf@vigenere.g10code.de> On Wed, 5 Feb 2014 19:04, peter at digitalbrains.com said: > An X.509 certification obviously certifies that a certain X.509 certificate > belongs to the person or role identified by the Distinguished Name. But seen a Almost all X.509 certification in public use certify only one of two things: - Someone has pushed a few bucks over to the CA. - Someone has convinced the CA to directly or indirectly issue a certificate. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Wed Feb 5 21:32:37 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Feb 2014 15:32:37 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <878utptjcu.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> <878utptjcu.fsf@vigenere.g10code.de> Message-ID: <52F29FE5.6060003@fifthhorseman.net> On 02/05/2014 03:06 PM, Werner Koch wrote: > Almost all X.509 certification in public use certify only one of two > things: > > - Someone has pushed a few bucks over to the CA. > > - Someone has convinced the CA to directly or indirectly issue a > certificate. To further clarify: "Domain Validation" (how the overwhelming majority of cartel-issued X.509 certificates are "verified" today) nominally consists of proving that you can read e-mail sent to any of: * the e-mail addresses associated with the domain in question (as found in whois), or * any of a set of "administrator" e-mail addresses in the domain, including hostmaster at example.org, webmaster at example.org, admin at example.org, ssladmin at example.org, postmaster at example.org, etc. In practice, this means that any of the following can get a certificate issued: * anyone who can spoof whois to the CA * anyone who can spoof DNS to the CA (changing the MX record) * any mail system administrator who has access to any of the above e-mail addresses * any passive sniffer of outbound e-mail traffic from the CA's MTA if the CA doesn't enforce STARTTLS for outbound SMTP. * if the CA enforces STARTTLS for outbound SMTP, but doesn't check certificates: any active attacker in control of the CA's MTA's network connection (or anywhere between the CA and the receiving MTA) * anyone who knows the password to any of these e-mail accounts and so on... Remember also that (barring certificate pinning or TACK), someone who wants a cert does not have to attack a single CA -- they only have to attack the most sloppily-administered CA in all the public root stores. The bar for regular X.509 certification is much much lower than pretty much any common OpenPGP certification guideline. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Wed Feb 5 22:30:38 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Feb 2014 22:30:38 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <878utptjcu.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> <878utptjcu.fsf@vigenere.g10code.de> Message-ID: <52F2AD7E.5070107@digitalbrains.com> On 05/02/14 21:06, Werner Koch wrote: > Almost all X.509 certification in public use certify only one of two > things: I never intended my message to say I would trust any CA. Hauke was looking for a way to leverage trust in a CA; I was merely contributing something I thought he might find interesting. By the way, I still think the CA certifies that the certificate belongs to the person or role identified by the DN. The problem is that when someone vouches for the truth of something, that doesn't make it an actual fact. It sometimes means the certifier is simply sloppy or a liar. Certification is a statement, not truth. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Thu Feb 6 03:48:31 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 06 Feb 2014 03:48:31 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <87txcduacj.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> Message-ID: <1544219.jccljRtAK9@inno> Am Mi 05.02.2014, 11:23:24 schrieb Werner Koch: > In general it does not make sense to use the same key - there is no > advantage. I think that is not correct. It is today but not from the perspective of my proposal. a) If a CA uses the same key in both formats then we can get the advantage which I have explained first: Enabling an X.509 CA to make useful OpenPGP certifications. b) If normal users convert their X.509 certificate to OpenPGP then the respective CA could automatically create a signature for it as Peter has explained. I didn't think of that when starting this thread. Some detail questions arise: Which keys shall be the same? Doesn't make sense to demand that an X.509 key is the same like an OpenPGP offline mainkey. Doesn't make sense to demand avoiding offline mainkeys, too. So the best way would probably be to require just a subkey to be the same. I assume the current conversion tools are not capable of that yet but that would not be a problem for long. In most cases being reachable via both standards is an advantage. That is valid for both current OpenPGP-only users and S/MIME-only users. c) The other way round ? an OpenPGP certificate is converted to X.509 ? would probably affect less people but would have the analogous advantage like the one above: If somebody uses OpenPGP only and gets a certification by an X.509 CA for it (made possible by (a)) then he could open his communication to the S/MIME world easily if the CA offers to certify the same key in both formats. In the S/MIME world this would have an advantage (for the contacts of this user) over getting an independent certificate because (only) the OpenPGP version probably has more certifications than just the one by the CA so the authenticity becomes more probable. That is a less radical version of dkg's remark: Using OpenPGP's certification capabilities in the S/MIME world. Nobody would be forced to trust any CA. The CA problems would be avoided. But the one single important argument for using S/MIME would be destroyed. I believe that the OpenPGP community must be interested in getting this argument ? ease of use (with respect to key verification) ? out of the way. More or less the whole official German computer science community at the universities is preaching S/MIME for exactly this reason: a) The DFN offers X.509 service only. b) The Fakult?tentag Informatik has published a statement about a crypto culture at the universities after Snowden: http://www.ft-informatik.de/uploads/tx_sbdownloader/Resolution_SicheresNetz.pdf c) The GI (Gesellschaft f?r Informatik) is preparing a very similar statement. A CS professor at Berlin's biggest university (more or less the biggest one in Germany) has even told me that he doesn't want me to organize OpenPGP courses there! That is the situation. Does anyone here dare claim that we can get the majority of the people to use crypto (read: OpenPGP) without the help of the universities? That we can get the schools teach OpenPGP if the universities manage to make most crypto-using students use S/MIME? From the perspective of spreading OpenPGP it seems quite dangerous to me to ignore the CAs (for "political" reasons or whyever). Of course, using OpenPGP does not morally oblige someone to help spread it. But I think it would be fair not just to say something like "I don't care about CAs" but to add "I don't care whether OpenPGP or X.509 gets the new crypto users". Of course, someone could both not care about CAs and be interested in spreading OpenPGP but that attitude would rise some very interesting questions. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Thu Feb 6 03:56:26 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 06 Feb 2014 03:56:26 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F1C61B.6050600@fifthhorseman.net> References: <2245496.z9UhZPtX1S@inno> <4658742.4sCBMk1XBK@inno> <52F1C61B.6050600@fifthhorseman.net> Message-ID: <4803589.LZ7Ig7zxTj@inno> Am Mi 05.02.2014, 00:03:23 schrieb Daniel Kahn Gillmor: > > Why wouldn't the fingerprint and the DN not be enough? The whole > > approach is based on the assumption that the X.509 certificate is > > already available. > > if the X.509 certificate is already available, nothing else needs to > be done. That is correct but this argument doesn't make sense in the context of my proposal: You have to look for the X.509 certificate in the root CA store anyway because being part of the root CA pool is the core of my proposal. > > Using a different key would not make sense. > > why not? many of the main cartel CAs routinely set up special keys > for sub-CAs whose job is to make certain kinds of certifications. > Perhaps such a sub-CA could be made for issuing OpenPGP > certifications? Using a different key for an intermediate CA would not be a problem at all. Just the root certificate (which is pre-installed) must be the same. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Thu Feb 6 10:58:12 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 06 Feb 2014 10:58:12 +0100 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <1544219.jccljRtAK9@inno> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> Message-ID: <52F35CB4.4080508@digitalbrains.com> On 06/02/14 03:48, Hauke Laging wrote: > the respective CA could automatically create a signature for it as Peter has > explained Actually, I suggested leveraging an existing X.509 certification to induce validity in the OpenPGP model. The CA would not be actively involved. > So the best way would probably be to require just a subkey to be the same. I don't see how that would work[1] for the method I came up with. I suggested matching the UID's, but UID's are always bound to the primary key, so it needs to be the primary key which is certified. > b) The Fakult?tentag Informatik has published a statement about a crypto > culture at the universities after Snowden: > http://www.ft-informatik.de/uploads/tx_sbdownloader/Resolution_SicheresNetz.pdf Ha! If the Snowden revelations have made anything obvious, it is that the trust model of X.509 is horribly broken[2]. Unless they do some sort of certificate or CA pinning at the least, implementing this proposal would only induce a false sense of security and require the NSA to do, for example, active MITM instead of passive collecting. And since we're talking about e-mail traffic inside or between universities, I don't think passive collecting gets you very far in any case if they enable secure SMTP. But at least it might cultivate people who at least think about, or realise there is such a thing as security and attackers. Let's just hope we don't cultivate fundamentally flawed practices. I don't doubt security experts at the universities are much better at this than I am, but I'm a bit cynical about them getting what is needed to implement this properly. > A CS professor at Berlin's biggest university (more or less the biggest one > in Germany) has even told me that he doesn't want me to organize OpenPGP > courses there! That is the situation. If the reason for that is solely that he favours S/MIME, it sounds like a really strange decision. It sounds like the problem is with this person, not with OpenPGP. Have you tried to talk to his colleagues or staff? > From the perspective of spreading OpenPGP it seems quite dangerous to me to > ignore the CAs (for "political" reasons or whyever). Of course, using OpenPGP > does not morally oblige someone to help spread it. But I think it would be > fair not just to say something like "I don't care about CAs" but to add "I > don't care whether OpenPGP or X.509 gets the new crypto users". Of course, > someone could both not care about CAs and be interested in spreading OpenPGP > but that attitude would rise some very interesting questions. Actually, in this last piece, it is your attitude which rises questions. You are merely venting your own opinion, and do so in a way slightly offensive to people with a different opinion. I sincerely disagree as well. I don't see why OpenPGP needs to get involved with CA's, a model which is at the heart of the problem of S/MIME. I don't see why any alternative way of making it a more turnkey solution would be inferior to getting involved with X.509. I don't know a good alternative way, but I don't reject them either. And how is it '"political" or whyever' to state that CA's can't be trusted? It feels "policital" to me to say they /can/ be trusted. I'd expect a politician to say that, along with "you can trust me". Yeah right. I think some things that are already available get us part of the way, and perhaps bundling them with good docs would make a major difference. The checking of fingerprints is a bit annoying, but I've seen a program to make a QR code; that way (if you trust your phone), it gets a whole lot easier to certify people you know by taking a picture of that QR code with your phone. HTH, Peter. [1] Without significant alterations to the existing model, which I was trying to prevent [2] Okay, it was obvious already before that. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From 2014-667rhzu3dc-lists-groups at riseup.net Thu Feb 6 13:32:16 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 6 Feb 2014 12:32:16 +0000 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <1544219.jccljRtAK9@inno> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> Message-ID: <353204898.20140206123216@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 2:48:31 AM, in , Hauke Laging wrote: > Of course, someone could both not care about > CAs and be interested in spreading OpenPGP but that > attitude would rise some very interesting questions. Really not that interesting. It is possible for CAs to be used with OpenPGP, but OpenPGP doesn't _need_ CAs. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Don't ask me, I'm making this up as I go! -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLzgORXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p6SQD/ivMgYZl+QNWaqIHd7MODvwk2jX9+LLw2F9C gqB+aBJyw3Nuu6vrBCOKiOWD9wgJjT7w1RBqtWleqDMfcGLyiGotDji06BWuDTDt 0dLnRLB98BhpQFI8eLILVqcJH3C74icpR4pvRIxCcFdCsv6FS6KTcbwAwGVIEEx9 XBdu5JzN =Zmt7 -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Thu Feb 6 15:19:04 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 6 Feb 2014 14:19:04 +0000 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F1338F.7030004@digitalbrains.com> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <52F1338F.7030004@digitalbrains.com> Message-ID: <952649557.20140206141904@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 4 February 2014 at 6:38:07 PM, in , Peter Lebbing wrote: > FWIW, CACert signs OpenPGP keys of verified people with > key 0xD2BB0D0165D0FD58 if you want them to. Since it's > 1024-bit DSA, it's a bit dated in some respects. And > CACert still isn't in the default trusted root bundle > on quite some systems, I believe. And X.509 certificates can be imported into PGP [1], but are not accepted by GnuPG unless they are self-signed. That is, if I read correctly. [1] - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Adults are obsolete children. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLzmfJXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pH/ID/2HgiWbKHoT/5UHtTGePWO6qATeFN79yc4fw SfSUVlVL0d+R+zDzQ0QYkW7YDQFp6RwUykPXWsrgiIXwmHNcBsxulFlh2IAjUbCa 3j9orcIItKpM8lPEffQubfvlPfb6YSXLvu6QesbzTR9JVEYZT2hUeGWBqGqBpRn+ NIB6rt0l =TIZD -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Feb 6 15:26:33 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 06 Feb 2014 09:26:33 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <353204898.20140206123216@my_localhost> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> Message-ID: <52F39B99.6090906@sixdemonbag.org> On 2/6/2014 7:32 AM, MFPA wrote: > Really not that interesting. It is possible for CAs to be used with > OpenPGP, but OpenPGP doesn't _need_ CAs. Quite the contrary. If there are no CAs, then no certificate possesses any validity. Don't confuse "OpenPGP doesn't need *external* CAs" with "OpenPGP doesn't need CAs." You are your own certificate authority in OpenPGP; remove yourself as a certificate authority and no certificate will possess any validity. From 2014-667rhzu3dc-lists-groups at riseup.net Thu Feb 6 16:41:45 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 6 Feb 2014 15:41:45 +0000 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F39B99.6090906@sixdemonbag.org> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> <52F39B99.6090906@sixdemonbag.org> Message-ID: <466035884.20140206154145@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 2:26:33 PM, in , Robert J. Hansen wrote: > Don't confuse "OpenPGP doesn't need *external* CAs" > with "OpenPGP doesn't need CAs." You are your own > certificate authority in OpenPGP; remove yourself as a > certificate authority and no certificate will possess > any validity. I would say that where an individual makes up their own mind which certificates to mark as valid, they are not using a CA at all. If a second individual is asking the first individual which certificates to accept, the second individual is using the first as a CA. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net I hit the CTRL key but I'm still not in control! -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLzrUhXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5prroD/0O74IoFF1zWOBWXU7Qp7jSMt2BWs4wfyF2S OjpPcmALvYiNL5gdQ3k0kS/fgeNwDImxxER6oW74asfpwpnUqOxwFPcz7S49EEJG 1VbHsOeaueH6N03zHOpsDtaClKGxLEJOBFnjLBDjgX3HcoHztBwswTuqt6RUJHw7 kKcBM3r7 =W6nW -----END PGP SIGNATURE----- From mwood at IUPUI.Edu Thu Feb 6 16:42:23 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 6 Feb 2014 10:42:23 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <878utptjcu.fsf@vigenere.g10code.de> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> <878utptjcu.fsf@vigenere.g10code.de> Message-ID: <20140206154223.GD30608@IUPUI.Edu> On Wed, Feb 05, 2014 at 09:06:25PM +0100, Werner Koch wrote: > On Wed, 5 Feb 2014 19:04, peter at digitalbrains.com said: > > > An X.509 certification obviously certifies that a certain X.509 certificate > > belongs to the person or role identified by the Distinguished Name. But seen a > > Almost all X.509 certification in public use certify only one of two > things: > > - Someone has pushed a few bucks over to the CA. > > - Someone has convinced the CA to directly or indirectly issue a > certificate. It varies. I've dealt with CAs who wanted a DUNS number and would call the corporate security officer at a published number to find out whether I am authorized to request certificates. In other words, these CAs actually do some investigation of the claims in the CSR. That's likely one reason why their certificaties cost $200/yr. I'd trust these cert.s for everyday uses (only because my everyday risk is small). I'm aware that others require as little as responding to email at the proffered address, and clearance of a small payment. I repose very little trust in such cert.s. They're mainly useful for initializing a privacy mechanism, and don't say much that I'd believe about the identity of the other party. They're useful if that's all you want, and most small e-commerce sites don't need more, possibly because most people are unaware that there could be more and haven't thought deeply about why they might want more. So: what would one want from X.509 certificates used to initialize an OpenPGP session? What would it take to get that? -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From mwood at IUPUI.Edu Thu Feb 6 17:10:33 2014 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Thu, 6 Feb 2014 11:10:33 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <52F2AD7E.5070107@digitalbrains.com> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> <878utptjcu.fsf@vigenere.g10code.de> <52F2AD7E.5070107@digitalbrains.com> Message-ID: <20140206161033.GE30608@IUPUI.Edu> On Wed, Feb 05, 2014 at 10:30:38PM +0100, Peter Lebbing wrote: > By the way, I still think the CA certifies that the certificate belongs to the > person or role identified by the DN. The problem is that when someone vouches > for the truth of something, that doesn't make it an actual fact. It sometimes > means the certifier is simply sloppy or a liar. Certification is a statement, > not truth. I think that the CA certifies whatever its Certification Practice Statement says it certifies -- because that is a document you could present to a court as evidence. Commercial CAs typically are audited periodically to determine that their operations conform to their CPS. The problem is that a CPS can say *anything*. Without reading it, you have no way of knowing what you should expect that CA's certificates to mean. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Machines should not be friendly. Machines should be obedient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From 2014-667rhzu3dc-lists-groups at riseup.net Thu Feb 6 18:04:32 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 6 Feb 2014 17:04:32 +0000 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <20140206161033.GE30608@IUPUI.Edu> References: <2245496.z9UhZPtX1S@inno> <52F110C6.6010304@fifthhorseman.net> <87bnymve2x.fsf@vigenere.g10code.de> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <52F27D14.2030901@digitalbrains.com> <878utptjcu.fsf@vigenere.g10code.de> <52F2AD7E.5070107@digitalbrains.com> <20140206161033.GE30608@IUPUI.Edu> Message-ID: <1731274134.20140206170432@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 4:10:33 PM, in , Mark H. Wood wrote: > The problem is that a CPS can say *anything*. Without > reading it, you have no way of knowing what you should > expect that CA's certificates to mean. Another problem is a lot of the CA root certificates are built into the OS or the browser or the MUA, and the default setting is to trust them without ever showing the CPS (or anything else) to the user so that they can make their own decision. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLzwKtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p7C8EAJEaPdovze/c+gOQsea1gt/8J43XE7bV9Sjj PYHN26EqGbEWyHsWJLC1iHgFmNEU/WuHT8x4W6dxSMQI4bqZaOxfKFT2xZO9BNVu cjPa1UCJNwx5mATFZz4T/XjV1vf9ftEJLJdaXWhzFKejp7r26G5zk+SsUwirL2nA d85hGk0k =iZRP -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Feb 6 19:29:35 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 06 Feb 2014 10:29:35 -0800 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <466035884.20140206154145@my_localhost> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> <52F39B99.6090906@sixdemonbag.org> <466035884.20140206154145@my_localhost> Message-ID: <20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3@mail.sixdemonbag.org> > I would say that where an individual makes up their own mind which > certificates to mark as valid, they are not using a CA at all. If a > second individual is asking the first individual which certificates > to accept, the second individual is using the first as a CA. You are free to redefine black as white while you're at it. When you decide which certificates to accept, you are serving as your own CA. When you outsource this to someone else, that other person or agency is serving as your CA. But no matter how you slice it, there's still a CA in the picture. From 2014-667rhzu3dc-lists-groups at riseup.net Thu Feb 6 20:20:15 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Thu, 6 Feb 2014 19:20:15 +0000 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3@mail.sixdemonbag.org> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> <52F39B99.6090906@sixdemonbag.org> <466035884.20140206154145@my_localhost> <20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3@mail.sixdemonbag.org> Message-ID: <194777508.20140206192015@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 6:29:35 PM, in , Robert J. Hansen wrote: > You are free to redefine black as white while you're at > it. Thanks, I'm sure it will come in handy some day. > When you decide which certificates to accept, you are > serving as your own CA. No I am not. An example of a similarly false statement would be "When a trader does not employ an accountant he is serving as his own accountant." > When you outsource this to someone else, that other person or agency > is serving as your CA. So Mozilla serves as the CA for most Firefox users, because Mozilla makes the decision which root certificates to trust. > But no matter how you slice it, there's still a CA in the picture. Except where the individual makes the decisions themself without referring/deferring to an authority. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Wise men learn many things from their enemies. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLz4HpXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pyI0EAMd7+wRJuAYxK2Alb9DigN39ZfNqAcjhA8nX REQaUF581+bKVtKG7WYsE4N9e+1s4DipoIOfDTQ/Os8qtf2DXyAAcokWWRoAe3w7 qG9wXxS3dyWcj1jWyqZfgqSXfE1o85TXd7dsvpxwUsxxQCOQxfM18IG7966H+5NP uo4BQb85 =kiaJ -----END PGP SIGNATURE----- From mario.lopez at gazzang.com Thu Feb 6 20:18:42 2014 From: mario.lopez at gazzang.com (=?ISO-8859-1?Q?Mario_Adri=E1n_L=F3pez_Alem=E1n?=) Date: Thu, 06 Feb 2014 13:18:42 -0600 Subject: Problems with gpg decrypt. Locked process. Message-ID: <52F3E012.6060401@gazzang.com> Hi everyone. I'm investigating a problem with our application. The problem that we currently have is when we try to decrypt a message. Apparently when too many requests arrive at the same time, the system just hangs. This happens randomly, but I can reproduce it with no problem I'm currently using (GnuPG) 2.0.14 in RHEL 6 Here's an example of what I see with ps aux. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND app 8275 0.0 0.0 119220 1656 ? SL 22:53 0:00 gpg2 --homedir /var/lib/home/.secret --default-key EDCE7A7F8F688ADED9827AC56F8BA569180ED139 --batch --yes --no-tty --ignore-time-conflict --ignore-valid-from --with-colons --fixed-list-mode --with-fingerprint --status-fd 2 --attribute-file /dev/null --primary-keyring /dev/shm/ruhciPwebapp-request.gpg --logger-fd 17 --armor --sign --clearsign app 8276 0.0 0.0 119576 1908 ? SL 22:53 0:00 gpg2 --homedir /var/lib/home/.secret --default-key EDCE7A7F8F688ADED9827AC56F8BA569180ED139 --batch --yes --no-tty --ignore-time-conflict --ignore-valid-from --with-colons --fixed-list-mode --with-fingerprint --status-fd 2 --attribute-file /dev/null --primary-keyring /dev/shm/ruhciPwebapp-request.gpg --logger-fd 9 --trust-model always --recipient 05FBAC395F2C8E91B779329A34053B48028993C1 --armor --sign --encrypt - Any suggestions are welcome. Regards! -- Be aware that if you reply directly to this message, your reply may not be secure. Do not send us communications that contain unencrypted confidential information such as passwords, account numbers, or Social Security numbers. This message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please destroy all copies of this message and any attachments. In addition, please notify Gazzang immediately by email to info at gazzang.com. From avi.wiki at gmail.com Thu Feb 6 21:46:56 2014 From: avi.wiki at gmail.com (Avi) Date: Thu, 6 Feb 2014 15:46:56 -0500 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <194777508.20140206192015@my_localhost> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> <52F39B99.6090906@sixdemonbag.org> <466035884.20140206154145@my_localhost> <20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3@mail.sixdemonbag.org> <194777508.20140206192015@my_localhost> Message-ID: >On Thu, Feb 6, 2014 at 2:20 PM, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote: > >On Thursday 6 February 2014 at 6:29:35 PM, in >, >Robert J. Hansen wrote: >> When you decide which certificates to accept, you are >> serving as your own CA. > >No I am not. An example of a similarly false statement would be "When >a trader does not employ an accountant he is serving as his own >accountant." -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, in my layman's understanding, you both may be correct. Technically, a CA is a trusted third-party; you are a trusted first party (to abuse terminology). The buck always stops at you, but when using a CA, you make the (un)conscious decision that they are trustworthy and that the trust that THEY have is transitive (you will accept it without question). On the other hand, the analogy with accountants may or may not be correct. When using certificates, the desideratum is the same--to determine the trustworthiness of the second party. Whether the first party does this actively, or passively through acceptance of the third party's decision does not really matter. With the accountant, if the trader keeps the necessary records and files the necessary forms, then the trader is serving as his or her own accountant. Otherwise, there is no one acting as an accountant and the local securities or taxation authorities can swoop in and levy sanctions. Semantics aside, Robert is correct that in actuality there is only one issuer of trust that matters--you. If you are willing to give Mozilla blanket transitive trust, so be it, but it is still your decision--conscious or otherwise. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGshell v3.78 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iL4EAREIAGYFAlLz9GhfGGh0dHA6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbS9wa3Mv bG9va3VwP29wPWdldCZoYXNoPW9uJmZpbmdlcnByaW50PW9uJnNlYXJjaD0weDBE NjJCMDE5RjgwRTI5RjkACgkQDWKwGfgOKfmrXAD/WKzwn3AcyT973UkJIuCzUzm3 EefUv/Uk+V7ZSR0GGKgA/ik3n2afN/UInmZYV8p/L1jPYc2kDCX0L123YnoXYIxo =i+me -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From rjh at sixdemonbag.org Thu Feb 6 23:18:37 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 06 Feb 2014 14:18:37 -0800 Subject: making the X.509 infrastructure available for OpenPGP In-Reply-To: <194777508.20140206192015@my_localhost> References: <2245496.z9UhZPtX1S@inno> <1598787.UK5snZ2ZU7@inno> <87txcduacj.fsf@vigenere.g10code.de> <1544219.jccljRtAK9@inno> <353204898.20140206123216@my_localhost> <52F39B99.6090906@sixdemonbag.org> <466035884.20140206154145@my_localhost> <20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3@mail.sixdemonbag.org> <194777508.20140206192015@my_localhost> Message-ID: <20140206141837.Horde.3nKnCQ1dX2fiJozy_vQjDA1@mail.sixdemonbag.org> > No I am not. An example of a similarly false statement would be "When > a trader does not employ an accountant he is serving as his own > accountant." You don't have a false statement so much as a logical paradox: when a trader has no accountant, he is his own accountant -- structurally, it's similar to 'the village barber shaves only those men who do not shave themselves'; the statement nullifies its own truth. Add the word 'external' before the first instance of 'accountant' and you'll have a true statement. > So Mozilla serves as the CA for most Firefox users, because Mozilla > makes the decision which root certificates to trust. Arguably, sure. I'm not sure I'd go for that, but it has the virtue of being a creative interpretation of commonly-accepted terms rather than something completely heterodox. From payal at omniti.com Thu Feb 6 23:02:06 2014 From: payal at omniti.com (Payal Singh) Date: Thu, 6 Feb 2014 17:02:06 -0500 Subject: C function to encrypt/decrypt data with gpg keys Message-ID: <20140206220206.GA5803@payal-ThinkPad-T520> Hi, I want to have a C function to embed in my database, that will store the gpg keys and get data from the database, encrypt/decrypt it and send it back. For this I need to find a way to give the gpg command inside the function. Will 'sys()' call work for this, or will that be the wrong thing to do. What alternatives do I have for doing this? Thanks, Payal Singh From rjh at sixdemonbag.org Fri Feb 7 00:30:29 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 06 Feb 2014 18:30:29 -0500 Subject: C function to encrypt/decrypt data with gpg keys In-Reply-To: <20140206220206.GA5803@payal-ThinkPad-T520> References: <20140206220206.GA5803@payal-ThinkPad-T520> Message-ID: <52F41B15.908@sixdemonbag.org> > What alternatives do I have for doing this? I would urge you to use GPGME instead. From koukopoulos+gnupg-users at gmail.com Fri Feb 7 07:42:52 2014 From: koukopoulos+gnupg-users at gmail.com (Kostantinos Koukopoulos) Date: Fri, 7 Feb 2014 08:42:52 +0200 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <1391587279.3710.22.camel@micha137-myAMD-CM1740> References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> Message-ID: On Wed, Feb 5, 2014 at 10:01 AM, Michael Anders wrote: > > > In my opinion a (good) PRNG seeded properly under user control is no > problem. > If -as the FAQ seems to tell- it is primed during production, beyond > user control, this implies that normal users have to fully trust the > manufacturer. > A malicious manufacturer would be able to completely break privacy based > on the "Enhanced BasicCard" without the user being able to detect this. > An instance is created here, deliberately and unnecessarily, which the > user has to trust. This pattern smells like a backdoor mechanism to > me. > I would outrighly reject to use such a card. > > Makes sense, So does anyone know the version of BasicCard used for openpgp cards? Or who to contact with this question? I asked at the distributor ( kernelconcepts.de) and they said they couldn't answer such technical questions and suggested I try asking on this list. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jernst at invacarecontractor.com Thu Feb 6 21:37:53 2014 From: jernst at invacarecontractor.com (Jim Ernst) Date: Thu, 6 Feb 2014 20:37:53 +0000 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX Message-ID: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> Hello All - I am trying to add a second uid to a key via adduid. I have exported the key from my production UNIX box to and exported it to a test UNIX box. When I try to use adduid I get the following: Command> adduid Need the secret key to do this. Command> Has anyone experienced this and if so what is the solution? I am logged into the UNIX under the same ID that created the key. Any help is greatly appreciated. Thanks!! Jim Ernst NTT Data jernst at invacarecontractor.com CONFIDENTIALITY NOTICE: The information in this e-mail message and any attachments may contain privileged, confidential or proprietary information, including confidential health information, protected by applicable Federal or state laws. Such information is intended only for the recipient named above. If you are not the intended recipient, please notify the sender immediately, and take notice that any use, disclosure or distribution of such information is prohibited by law. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aranea at aixah.de Sat Feb 8 18:58:10 2014 From: aranea at aixah.de (Luis Ressel) Date: Sat, 8 Feb 2014 18:58:10 +0100 Subject: Using a Gemalto IDBridge K30 with the internal CCID driver Message-ID: <20140208185810.1acb8ac0@gentp.lnet> Hello, I'm having trouble setting up GnuPG to use my new smartcard. I'm using GnuPG 2.0.22 and a Gemalto IDBridge K30 (aka USB Shell Token v2). More specifically, I can't get it to work using scdaemon's in-built CCID driver. I've attached scdaemon's log; the error seems to be "ccid-driver: invalid response for S-block (Change-IFSD)". Does anyone have an idea about this? I'll use pcscd if I have to, but I'd rather prefer the internal driver if it's possible to fix this problem. Regards, Luis Ressel -- Luis Ressel GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From aranea at aixah.de Sat Feb 8 19:19:33 2014 From: aranea at aixah.de (Luis Ressel) Date: Sat, 8 Feb 2014 19:19:33 +0100 Subject: Using a Gemalto IDBridge K30 with the internal CCID driver Message-ID: <20140208191933.67784b66@gentp.lnet> Hello, I'm having trouble setting up GnuPG to use my new smartcard. I'm using GnuPG 2.0.22 and a Gemalto IDBridge K30 (aka USB Shell Token v2). More specifically, I can't get it to work using scdaemon's in-built CCID driver. I've attached scdaemon's log; the error seems to be "ccid-driver: invalid response for S-block (Change-IFSD)". Does anyone have an idea about this? I'll use pcscd if I have to, but I'd rather prefer the internal driver if it's possible to fix this problem. Regards, Luis Ressel -- Luis Ressel GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: scdaemon_log URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From telegraph at gmx.net Sun Feb 9 12:32:02 2014 From: telegraph at gmx.net (Gregor Zattler) Date: Sun, 9 Feb 2014 12:32:02 +0100 Subject: howto not list disabled keys? Message-ID: <20140209113202.GC31350@boo.workgroup> Dear gnupg users, developers, I'd like to list only the public keys which are not disabled. Is there a way to achieve this? If this is not possible: How to show the enabled/disabled status of a key in the key listing? Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From peter at digitalbrains.com Sun Feb 9 13:45:18 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 09 Feb 2014 13:45:18 +0100 Subject: howto not list disabled keys? In-Reply-To: <20140209113202.GC31350@boo.workgroup> References: <20140209113202.GC31350@boo.workgroup> Message-ID: <52F7785E.5020101@digitalbrains.com> On 09/02/14 12:32, Gregor Zattler wrote: > I'd like to list only the public keys which are not disabled. Is > there a way to achieve this? I don't know if there are more ways, but you can view the disabled status with: $ gpg2 --with-colons -k (note that it lists all keys because I don't restrict it with a search term) This is the machine readable output, and colon-delimited field number 12 contains an uppercase letter D when the key is disabled (got this from the doc file named DETAILS). Now you can construct a way to list in human-readable format those keys that are not disabled: $ gpg2 --with-colons -k|gawk -F: '$1 == "pub" && $12 !~ /D/ { print $5 }'|xargs gpg2 -k Note that you should never just enter some command on the command line because someone on the internet said so. You need to understand what you're doing or there might be some mean little thing screwing up your system. The explanation is as follows: gawk splits the lines by the field separator :, and if the first field is literally "pub" then the line indicates a public key. The regular expression D is matched to field 12; it is an inverted match, so the pattern only evaluates to true if field 12 does not match the regex D. In other words, the whole pattern guards that we are reading a line with pub as field 1, and no D in field 12. If this is the case, we print field 5, which is the long key identifier. This is then piped to xargs, which invokes gpg2 -k ${KEYID1} .. ${KEYIDn} with all the matched key ID's, causing gpg2 to list the keys. If the list is very long, multiple invocations will be done so as not to exceed the maximum line length. Note that a collision in the long key identifier still causes a disabled key to be listed, but this is rare. It is possible to write an AWK program that would check the fingerprint, but it would be more complex. As long as you don't /depend/ on there being no disabled keys in the listing, and can just ignore this as a bit of static, you're fine. Oh, by the way, I kinda assumed you're on a GNU system because you didn't say anything and I am on one, so this is what works for me. In general, it would be a good idea to indicate what OS you're using when asking something like this. Although you perhaps expected a reply like "you use --list-options exclude-disabled", and that would be cross-platform :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From telegraph at gmx.net Sun Feb 9 15:13:51 2014 From: telegraph at gmx.net (Gregor Zattler) Date: Sun, 9 Feb 2014 15:13:51 +0100 Subject: howto not list disabled keys? In-Reply-To: <52F7785E.5020101@digitalbrains.com> References: <20140209113202.GC31350@boo.workgroup> <52F7785E.5020101@digitalbrains.com> Message-ID: <20140209141351.GD31350@boo.workgroup> Hi Peter, * Peter Lebbing [09. Feb. 2014]: > On 09/02/14 12:32, Gregor Zattler wrote: >> I'd like to list only the public keys which are not disabled. Is >> there a way to achieve this? > > I don't know if there are more ways, but you can view the disabled status with: > > $ gpg2 --with-colons -k > > (note that it lists all keys because I don't restrict it with a search term) > > This is the machine readable output, and colon-delimited field number 12 > contains an uppercase letter D when the key is disabled (got this from the doc > file named DETAILS). Thanks. I did not read this. I only read the man page. > Now you can construct a way to list in human-readable format those keys that are > not disabled: > > $ gpg2 --with-colons -k|gawk -F: '$1 == "pub" && $12 !~ /D/ { print $5 }'|xargs gpg2 -k > > Note that you should never just enter some command on the command line because > someone on the internet said so. You need to understand what you're doing or > there might be some mean little thing screwing up your system. Thanks again. > The explanation is as follows: > > gawk splits the lines by the field separator :, and if the first field is > literally "pub" then the line indicates a public key. The regular expression D > is matched to field 12; it is an inverted match, so the pattern only evaluates > to true if field 12 does not match the regex D. In other words, the whole > pattern guards that we are reading a line with pub as field 1, and no D in field > 12. If this is the case, we print field 5, which is the long key identifier. > This is then piped to xargs, which invokes gpg2 -k ${KEYID1} .. ${KEYIDn} with > all the matched key ID's, causing gpg2 to list the keys. If the list is very > long, multiple invocations will be done so as not to exceed the maximum line length. > > Note that a collision in the long key identifier still causes a disabled key to > be listed, but this is rare. It is possible to write an AWK program that would > check the fingerprint, but it would be more complex. As long as you don't > /depend/ on there being no disabled keys in the listing, and can just ignore > this as a bit of static, you're fine. ... If I only wasn't so pedantic. I reimplemented your idea with grep and sed instead of gawk: gpg --with-colons --fingerprint --list-options no-show-photos,no-show-policy-urls,no-show-notations,no-show-keyserver-urls,show-uid-validity,no-show-keyring,no-show-unusable-uids,no-show-unusable-subkeys --list-public-keys 2>/dev/null|grep -A1 "^pub"|grep -v -- "^--$"|while read PUBLIC; read FINGERPRINT ; do echo $PUBLIC|cut -f 12 -d ":"|grep -q "D" || { echo $FINGERPRINT|grep "^fpr"|cut -f 10 -d ":" ; } ; done|sort -u |sed -e "s/^\(.\)/0x\1/"|xargs gpg2 --list-options no-show-photos,no-show-policy-urls,no-show-notations,no-show-keyserver-urls,show-uid-validity,no-show-keyring,no-show-unusable-uids,no-show-unusable-subkeys --list-public-keys 2>/dev/null This also discards error messages and prohibits showing photos. This works assuming every "pub" line is followed by a "fpr" line. Actually I use this to generate lists of fully and marginally valid user ids. > Oh, by the way, I kinda assumed you're on a GNU system because you didn't say > anything and I am on one, so this is what works for me. In general, it would be > a good idea to indicate what OS you're using when asking > something like this. You were right and you are right. > Although you perhaps expected a reply like "you use --list-options > exclude-disabled", and that would be cross-platform :). Whilst I RTFM I still boped for such kind of solution. Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From bortzmeyer at nic.fr Sun Feb 9 14:39:21 2014 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Sun, 9 Feb 2014 14:39:21 +0100 Subject: Difference between setpref and options in the configuration Message-ID: <20140209133921.GA7703@sources.org> When reading , which advises to use gpg --edit-key and setpref to choose "better" algorithms, I told myself "Why risking forgetting the right command-line when you can simply use the configuration file?" So, I put this in ~/.gnupg/gpg.conf : # SHA1 by default cert-digest-algo SHA256 # Crypto preferences personal-cipher-preferences AES256 AES192 AES128 personal-digest-preferences SHA512 SHA384 SHA256 SHA224 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed And generated a key, with two UID. But it seems the preferences in personal-*-preferences have been completely ignored: gpg> showpref [ultimate] (1). St?phane Bortzmeyer (Main ID) Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ultimate] (2) St?phane Bortzmeyer (Work) Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Why is it so? % gpg --version gpg (GnuPG) 2.0.22 libgcrypt 1.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECC, ? Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 From aranea at aixah.de Sun Feb 9 16:26:08 2014 From: aranea at aixah.de (Luis Ressel) Date: Sun, 9 Feb 2014 16:26:08 +0100 Subject: Difference between setpref and options in the configuration In-Reply-To: <20140209133921.GA7703@sources.org> References: <20140209133921.GA7703@sources.org> Message-ID: <20140209162608.77647154@gentp.lnet> You missed a detail here. As the man page says, the personal-* settings aren't used for creating keys, but for *overriding* preferences of other keys while encrypting. You want "default-preference-list". This is the section in my gpg.conf: cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES TWOFISH CAMELLIA256 CAMELLIA192 CAMELLIA128 CAST5 BZIP2 ZLIB ZIP Uncompressed personal-cipher-preferences AES256 AES192 AES TWOFISH CAMELLIA256 CAMELLIA192 CAST5 personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed personal-digest-preferences SHA512 SHA384 SHA256 SHA224 s2k-cipher-algo AES256 s2k-digest-algo SHA512 (I added Camellia and CAST5 because 3DES gets forcibly added at the end and I'd still prefer those two over 3DES...) Regards, Luis Ressel -- Luis Ressel GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From pete at heypete.com Sun Feb 9 16:30:46 2014 From: pete at heypete.com (Pete Stephenson) Date: Sun, 9 Feb 2014 16:30:46 +0100 Subject: Difference between setpref and options in the configuration In-Reply-To: <20140209133921.GA7703@sources.org> References: <20140209133921.GA7703@sources.org> Message-ID: On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer wrote: > When reading > , which > advises to use gpg --edit-key and setpref to choose "better" > algorithms, I told myself "Why risking forgetting the right > command-line when you can simply use the configuration file?" So, I > put this in ~/.gnupg/gpg.conf : > > # SHA1 by default > cert-digest-algo SHA256 > # Crypto preferences > personal-cipher-preferences AES256 AES192 AES128 > personal-digest-preferences SHA512 SHA384 SHA256 SHA224 > personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed > > And generated a key, with two UID. But it seems the preferences in > personal-*-preferences have been completely ignored: That's because the personal-*-preferences don't change the preferences in the key itself. They merely change the order of ciphers, hashes, and compression methods that you prefer when communicating with others (so long as you both support those algorithms). According to http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html you'll want to use "default-preference-list" followed by the list of preferences for your key. For example, putting "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then generating a new key (or running "edit-key KEYID", "setpref" with an empty string for the preferences, and "save" on an existing key) will set the key preferences to that string. Cheers! -Pete From bortzmeyer at nic.fr Sun Feb 9 17:37:10 2014 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Sun, 9 Feb 2014 17:37:10 +0100 Subject: Difference between setpref and options in the configuration In-Reply-To: <20140209162608.77647154@gentp.lnet> References: <20140209133921.GA7703@sources.org> <20140209162608.77647154@gentp.lnet> Message-ID: <20140209163710.GA22871@sources.org> On Sun, Feb 09, 2014 at 04:26:08PM +0100, Luis Ressel wrote a message of 72 lines which said: > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES TWOFISH CAMELLIA256 CAMELLIA192 CAMELLIA128 CAST5 BZIP2 ZLIB ZIP Uncompressed Thanks for the explanation. It works. From 2014-667rhzu3dc-lists-groups at riseup.net Mon Feb 10 13:23:39 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 10 Feb 2014 12:23:39 +0000 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> Message-ID: <2310704977.20140210122339@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 8:37:53 PM, in , Jim Ernst wrote: > Hello All - > I am trying to add a second uid to a key via adduid. I > have exported the key from my production UNIX box to > and exported it to a test UNIX box. When I try to use > adduid I get the following: Command>> adduid > Need the secret key to do this. Command>> > Has anyone experienced this and if so what is the > solution? I am logged into the UNIX under the same ID > that created the key. Any help is greatly appreciated. Did you export the secret key using "--export-secret-keys" or just the public key using "-export?" - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlL4xN9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pSK8EAKmST3IROg38HOIrDiAEUpXcpFq+xXeETvCz TJWixhU2X1oHj9POmSbGTMicy2iyA/0iiHNnGnR/MDE+umsqyoSQ/bGoSwuPFYFR sQIbR+hhwjWqwf+5YBZ8a77lKLsTXpU7rw+4iMIF2Ml3xc/nJlgIrENWwkO8f8fv bPGH4MuO =gtKT -----END PGP SIGNATURE----- From per.tunedal at operamail.com Mon Feb 10 16:48:04 2014 From: per.tunedal at operamail.com (Per Tunedal) Date: Mon, 10 Feb 2014 16:48:04 +0100 Subject: Hash of Win32 binary doesn't verify Message-ID: <1392047250.4518.6122BC89@webmail.messagingengine.com> Hi, the downloaded file gnupg-w32cli-1.4.16.exe doesn't verify against the hash published at the gnupg site: http://gnupg.org/download/integrity_check.html 0bf5e475f3eb6f33d5474d017fe5bf66070e43f4 gnupg-1.4.16.tar.bz2 ead70b47218ba76da51c16b652bee2a712faf2f6 gnupg-w32cli-1.4.16.exe I've tried different mirrors. I always get the hash: 8207 9C7C 1834 67B4 DD37 95CA 1979 83CD 2494 CEC4 Yours, Per Tunedal From peter at digitalbrains.com Mon Feb 10 18:27:49 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 10 Feb 2014 18:27:49 +0100 Subject: Hash of Win32 binary doesn't verify In-Reply-To: <1392047250.4518.6122BC89@webmail.messagingengine.com> References: <1392047250.4518.6122BC89@webmail.messagingengine.com> Message-ID: <52F90C15.3010508@digitalbrains.com> On 10/02/14 16:48, Per Tunedal wrote: > the downloaded file gnupg-w32cli-1.4.16.exe doesn't verify against the > hash published at the gnupg site: I agree. The OpenPGP signature is okay, but the hash is indeed what you say. So I think it's a mistake on that integrity check page. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From jernst at invacarecontractor.com Mon Feb 10 14:44:50 2014 From: jernst at invacarecontractor.com (Jim Ernst) Date: Mon, 10 Feb 2014 13:44:50 +0000 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: <2310704977.20140210122339@my_localhost> References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> <2310704977.20140210122339@my_localhost> Message-ID: Hi - I just used --export for it. After looking at it further, I did wonder whether or not it was a result of exporting the file off of one UNIX machine and importing it onto another (again, using just --export). Would you know if movement like that between machines should create an issue? I was figuring the key could be exported from one UNIX machine and imported to another, but I did not know if the machine ID was part of the key. Thanks!! Jim E. -----Original Message----- From: MFPA [mailto:2014-667rhzu3dc-lists-groups at riseup.net] Sent: Monday, February 10, 2014 7:24 AM To: Jim Ernst on GnuPG-Users Cc: Jim Ernst Subject: Re: Error "Need the secret key to do this" Encountered During adduid command in UNIX -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 6 February 2014 at 8:37:53 PM, in , Jim Ernst wrote: > Hello All - > I am trying to add a second uid to a key via adduid. I have exported > the key from my production UNIX box to and exported it to a test UNIX > box. When I try to use adduid I get the following: Command>> adduid > Need the secret key to do this. Command>> > Has anyone experienced this and if so what is the solution? I am > logged into the UNIX under the same ID that created the key. Any help > is greatly appreciated. Did you export the secret key using "--export-secret-keys" or just the public key using "-export?" - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlL4xN9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pSK8EAKmST3IROg38HOIrDiAEUpXcpFq+xXeETvCz TJWixhU2X1oHj9POmSbGTMicy2iyA/0iiHNnGnR/MDE+umsqyoSQ/bGoSwuPFYFR sQIbR+hhwjWqwf+5YBZ8a77lKLsTXpU7rw+4iMIF2Ml3xc/nJlgIrENWwkO8f8fv bPGH4MuO =gtKT -----END PGP SIGNATURE----- CONFIDENTIALITY NOTICE: The information in this e-mail message and any attachments may contain privileged, confidential or proprietary information, including confidential health information, protected by applicable Federal or state laws. Such information is intended only for the recipient named above. If you are not the intended recipient, please notify the sender immediately, and take notice that any use, disclosure or distribution of such information is prohibited by law. From scottstevson at gmail.com Mon Feb 10 15:07:17 2014 From: scottstevson at gmail.com (Scott Stevson) Date: Mon, 10 Feb 2014 14:07:17 +0000 Subject: FTP down? Message-ID: Hey all, I'm new to the site so please excuse me if I'm not using the appropriate list. I'm trying to install libgcrypt but my connection to the FTP server times out when I brew install or try to hit the download location from the GnuPG home page. Does anyone know if the server is down? thx, Scott Stevson Mobile: +44 (0)74159 12411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Mon Feb 10 20:05:02 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 10 Feb 2014 14:05:02 -0500 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> <2310704977.20140210122339@my_localhost> Message-ID: <52F922DE.6050302@fifthhorseman.net> On 02/10/2014 08:44 AM, Jim Ernst wrote: > After looking at it further, I did wonder whether or not it was a result of exporting the file off of one UNIX machine and importing it onto another (again, using just --export). Would you know if movement like that between machines should create an issue? I was figuring the key could be exported from one UNIX machine and imported to another, but I did not know if the machine ID was part of the key. --export only emits the public keys, not the secret keys. You'd want --export-secret-keys if you wanted to transfer the secret keys as well. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Feb 10 20:32:46 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Feb 2014 20:32:46 +0100 Subject: Hash of Win32 binary doesn't verify In-Reply-To: <1392047250.4518.6122BC89@webmail.messagingengine.com> (Per Tunedal's message of "Mon, 10 Feb 2014 16:48:04 +0100") References: <1392047250.4518.6122BC89@webmail.messagingengine.com> Message-ID: <87eh3aoja9.fsf@vigenere.g10code.de> On Mon, 10 Feb 2014 16:48, per.tunedal at operamail.com said: > the downloaded file gnupg-w32cli-1.4.16.exe doesn't verify against the > hash published at the gnupg site: Looking at the source file for the version information (gnupg-doc/web/swdb.mac in the gnupg-doc repo): #+macro: gnupg1_ver 1.4.16 #+macro: gnupg1_branch STABLE-BRANCH-1-4 #+macro: gnupg1_size 3571k #+macro: gnupg1_size_gz 4955k #+macro: gnupg1_sha1 0bf5e475f3eb6f33d5474d017fe5bf66070e43f4 #+macro: gnupg1_sha1_gz ea40324a5b2e3a16ffb63ea0ccc950a3faf5b11c # #+macro: gnupg1_patch_ver 1.4.15-1.4.16 #+macro: gnupg1_patch_size 26k #+macro: gnupg1_patch_sha1 82079c7c183467b4dd3795ca197983cd2494cec4 # #+macro: gnupg1_w32cli_ver 1.4.16 #+macro: gnupg1_w32cli_size 1573k #+macro: gnupg1_w32cli_sha1 ead70b47218ba76da51c16b652bee2a712faf2f6 this was last been changed 9fef86fa (Werner Koch 2013-12-18 18:04:54 +0100 when I did the release. I prepared the release a couple of days earlier which can be seen from the signature info: Fri Dec 13 09:59:57 2013 CET. The announcement however has these checksums: 0bf5e475f3eb6f33d5474d017fe5bf66070e43f4 gnupg-1.4.16.tar.bz2 ea40324a5b2e3a16ffb63ea0ccc950a3faf5b11c gnupg-1.4.16.tar.gz ead70b47218ba76da51c16b652bee2a712faf2f6 gnupg-1.4.15-1.4.16.diff.bz2 82079c7c183467b4dd3795ca197983cd2494cec4 gnupg-w32cli-1.4.16.exe Thus I obviously swapped the diff and the binary file's checksums. Will fix that now. Thanks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From 2014-667rhzu3dc-lists-groups at riseup.net Mon Feb 10 21:07:41 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 10 Feb 2014 20:07:41 +0000 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> <2310704977.20140210122339@my_localhost> Message-ID: <588768042.20140210200741@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 10 February 2014 at 1:44:50 PM, in , Jim Ernst wrote: > Would you know if movement like > that between machines should create an issue? I was > figuring the key could be exported from one UNIX > machine and imported to another, but I did not know if > the machine ID was part of the key. Machine ID is not part of the equation. At least, transferring a secret key between Windows machines (and between my Windows and Ubuntu installations on the same machine) works fine - both by copying keyring files and by importing the key previously-exported from .asc files. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Keep them dry and don't feed them after midnight -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlL5MZNXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pg2ED/R4pMgQ0OKCk5d3Oet+qQ2HkXzwPg7tvqEZQ itwVECCrJKdySZMVmPleu9Vi864+o7R98zkyFAgE9NocYi0riBmz1B+HavWArLdh mpo+wkEjXbA1DHsgq1G9b0VoWmaQJVNyt90qWR90qHINjzTTBuhHAwJMzfHcQHdM cokiRhGw =0MR2 -----END PGP SIGNATURE----- From pericle at lmib.org Mon Feb 10 21:36:15 2014 From: pericle at lmib.org (Pericle Unico) Date: Mon, 10 Feb 2014 20:36:15 +0000 (UTC) Subject: Could not extend expiration date Message-ID: I wasn't able to extend the validity of my gpg key, because instead of promting me with the passphase request I got this error: but I've a private key, and I'm able both to sign and decrypt. Anyone can help? Below details about the error ### Version Info: SO is Windows 7 ### set LANG=en C:\Users\me>gpg --help gpg (GnuPG) 2.0.22 (Gpg4win 2.2.1) libgcrypt 1.5.3 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:\Users\me\AppData\Roaming\gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ?, ? Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 ### Signing a document is ok ### C:\Users\me\Downloads>gpg -vvv -s volterra_saggi_scientifici.epub gpg: using character set `CP850' gpg: using PGP trust model gpg: key 3D2B665D: accepted as trusted key gpg: using subkey 658682A5 instead of primary key 3D2B665D You need a passphrase to unlock the secret key for user: "MyName " gpg: using subkey 658682A5 instead of primary key 3D2B665D 2048-bit DSA key, ID 658682A5, created 2012-02-26 (main key ID 3D2B665D) File `volterra_saggi_scientifici.epub.gpg' exists. Overwrite? (y/N) y gpg: writing to `volterra_saggi_scientifici.epub.gpg' gpg: DSA/SHA256 signature from: "658682A5 MyName " ### Editing to extend expiration date fails ### C:\Users\me\Downloads>gpg -vvv --edit-key repl at ced gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: using character set `CP850' gpg: using PGP trust model gpg: key 3D2B665D: accepted as trusted key Secret key is available. pub 2048D/3D2B665D created: 2012-02-16 expires: 2014-02-16 usage: SC trust: ultimate validity: ultimate sub 3072g/791B80B4 created: 2012-02-16 expires: 2014-02-16 usage: E sub 2048D/658682A5 created: 2012-02-26 expires: 2014-02-25 usage: S [ultimate] (1). MyName gpg> expire Changing expiration time for the primary key. Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 2y Key expires at 02/07/16 20:28:52 W. Europe Standard Time Is this correct? (y/N) y gpg: secret key parts are not available gpg: make_keysig_packet failed: Unusable secret key thanks From johannes at zarl.at Mon Feb 10 21:58:12 2014 From: johannes at zarl.at (Johannes Zarl) Date: Mon, 10 Feb 2014 21:58:12 +0100 Subject: Could not extend expiration date In-Reply-To: References: Message-ID: <1543173.1WeEAFqVeQ@mani> Hi, It looks like you use an offline master key and use subkeys for signing and decryption. You can check this by looking at your secret keyring: gpg2 -K sec# 4096R/DEADBEEF 2013-10-25 [expires: 2018-10-24] uid Some Body ssb> 2048R/08152323 2013-10-25 ssb> 2048R/42424242 2013-10-25 In this case, the '#' sign after the "sec" means that the private key is not available. On Monday 10 February 2014 20:36:15 Pericle Unico wrote: > C:\Users\me\Downloads>gpg -vvv -s volterra_saggi_scientifici.epub > gpg: using character set `CP850' > gpg: using PGP trust model > gpg: key 3D2B665D: accepted as trusted key > gpg: using subkey 658682A5 instead of primary key 3D2B665D If I read this correctly, your "master" key is 658682A5, but you usually use the subkey 3D2B665D. HTH, Johannes From per.tunedal at operamail.com Tue Feb 11 09:10:32 2014 From: per.tunedal at operamail.com (Per Tunedal) Date: Tue, 11 Feb 2014 09:10:32 +0100 Subject: Moving away from SHA-1 Message-ID: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> Hi, GnuPG, as OpenPGP compliant, relies heavily on the near broken hash algorithm SHA-1. Is there any work in progress to move to a more secure hash algorithm? When SHA-1 falls, GnuPG will otherwise be completely broken as internal key signatures, as well signatures of public keys from others and the fingerprint rely on SHA-1 hashes. Yours, Per Tunedal From jernst at invacarecontractor.com Mon Feb 10 20:03:21 2014 From: jernst at invacarecontractor.com (Jim Ernst) Date: Mon, 10 Feb 2014 19:03:21 +0000 Subject: Question Regarding Adding A New uid Message-ID: <79b1d6852a6b452480c04984a2738004@CO2PR07MB475.namprd07.prod.outlook.com> Hello All - I have a process built that will read the uid as -local-user in order to determine which key to utilize in an extract process. I am adding a second uid to the key as part of the changes. I have given the current key set (without the new uid) to the server that is the target. Since this new uid is only to be used on the source side to determine which key to use, is it necessary to publish the key a second time to the target server once I have added the new uid ? I am figuring the uid is more of a name by which I can reference the key and I would not need to send the key again to the target server. Jim Ernst NTT Data jernst at invacarecontractor.com CONFIDENTIALITY NOTICE: The information in this e-mail message and any attachments may contain privileged, confidential or proprietary information, including confidential health information, protected by applicable Federal or state laws. Such information is intended only for the recipient named above. If you are not the intended recipient, please notify the sender immediately, and take notice that any use, disclosure or distribution of such information is prohibited by law. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jernst at invacarecontractor.com Mon Feb 10 20:28:11 2014 From: jernst at invacarecontractor.com (Jim Ernst) Date: Mon, 10 Feb 2014 19:28:11 +0000 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: <52F922DE.6050302@fifthhorseman.net> References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> <2310704977.20140210122339@my_localhost> <52F922DE.6050302@fifthhorseman.net> Message-ID: Hi Daniel - thank you for the information... so using --export-secret-keys does the complete key, including both public and secret? The key I had imported and then tried to use adduid on was created using just --export. I could not use adduid on the new machine I had imported too; sounds like using this --export-secret-keys would have solved the issue. Is there any special syntax on the --import when importing a file that was exported using --export-secret-keys? Thanks!! Jim Ernst jernst at invacarecontractor.com -----Original Message----- From: Daniel Kahn Gillmor [mailto:dkg at fifthhorseman.net] Sent: Monday, February 10, 2014 2:05 PM To: Jim Ernst; GnuPG Users Subject: Re: Error "Need the secret key to do this" Encountered During adduid command in UNIX On 02/10/2014 08:44 AM, Jim Ernst wrote: > After looking at it further, I did wonder whether or not it was a result of exporting the file off of one UNIX machine and importing it onto another (again, using just --export). Would you know if movement like that between machines should create an issue? I was figuring the key could be exported from one UNIX machine and imported to another, but I did not know if the machine ID was part of the key. --export only emits the public keys, not the secret keys. You'd want --export-secret-keys if you wanted to transfer the secret keys as well. hth, --dkg CONFIDENTIALITY NOTICE: The information in this e-mail message and any attachments may contain privileged, confidential or proprietary information, including confidential health information, protected by applicable Federal or state laws. Such information is intended only for the recipient named above. If you are not the intended recipient, please notify the sender immediately, and take notice that any use, disclosure or distribution of such information is prohibited by law. From peter at digitalbrains.com Tue Feb 11 10:46:17 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Feb 2014 10:46:17 +0100 Subject: Moving away from SHA-1 In-Reply-To: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> References: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> Message-ID: <52F9F169.2030806@digitalbrains.com> On 11/02/14 09:10, Per Tunedal wrote: > Is there any work in progress to move to a more secure > hash algorithm? Have you searched the mailing list archives? There are several times this has been discussed already, including many different opinions, responses to those opinions and arguments for and against specific plans of action. I don't think there's anything substantial to add to those existing discussions. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From 2014-667rhzu3dc-lists-groups at riseup.net Tue Feb 11 13:58:01 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 11 Feb 2014 12:58:01 +0000 Subject: Question Regarding Adding A New uid In-Reply-To: <79b1d6852a6b452480c04984a2738004@CO2PR07MB475.namprd07.prod.outlook.com> References: <79b1d6852a6b452480c04984a2738004@CO2PR07MB475.namprd07.prod.outlook.com> Message-ID: <1406233017.20140211125801@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 10 February 2014 at 7:03:21 PM, in , Jim Ernst wrote: > I have a process built that will read the uid as > -local-user in order to determine which key to utilize > in an extract process. I am adding a second uid to the > key as part of the changes. I have given the current > key set (without the new uid) to the server that is the > target. Since this new uid is only to be used on the > source side to determine which key to use, is it > necessary to publish the key a second time to the > target server once I have added the new uid ? I am > figuring the uid is more of a name by which I can > reference the key and I would not need to send the key > again to the target server. If the information will not be used at the other end, sending it adds nothing. It also causes no harm. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net A closed mouth gathers no foot -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlL6Hn5XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pbagD/jg4/F1ZrJdQYtGZB/py6UDWCdcXkHgR8rPV 8gOZ45iOXzuXJBQjfbbC4Q9XqBHiLZev6f/L2nvd9BLYSSic/mJXEWS4eyqcnL+H TrWkvW5/5EIwz9cyqeUyyqCgWQgEzGDmNDLL2BjiAqRrrS24PFVr+0PvRSoho3NF uYcUoiTh =cOIX -----END PGP SIGNATURE----- From wk at gnupg.org Tue Feb 11 17:39:21 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Feb 2014 17:39:21 +0100 Subject: Error "Need the secret key to do this" Encountered During adduid command in UNIX In-Reply-To: (Jim Ernst's message of "Mon, 10 Feb 2014 19:28:11 +0000") References: <82c7c50932ef43c78e10e855391fca03@CO2PR07MB475.namprd07.prod.outlook.com> <2310704977.20140210122339@my_localhost> <52F922DE.6050302@fifthhorseman.net> Message-ID: <87bnydmwna.fsf@vigenere.g10code.de> On Mon, 10 Feb 2014 20:28, jernst at invacarecontractor.com said: > --export-secret-keys would have solved the issue. Is there any > special syntax on the --import when importing a file that was exported > using --export-secret-keys? No. --import imports all key. However, it does not assign ultimate trust to an imported secret key. You need to do this using "gpg --edit-key" and "trust". Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From per.tunedal at operamail.com Wed Feb 12 09:31:41 2014 From: per.tunedal at operamail.com (Per Tunedal) Date: Wed, 12 Feb 2014 09:31:41 +0100 Subject: Moving away from SHA-1 In-Reply-To: <52F9F169.2030806@digitalbrains.com> References: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> <52F9F169.2030806@digitalbrains.com> Message-ID: <1392193901.24333.82387001.4C964598@webmail.messagingengine.com> Hi Peter, Yes, I've searched the archives. Conclusion: There's not any immediate danger to GnuPG. But, all the same: I cannot find any information on what's the plans for the future. Sooner or later a transition to some other hash has to take place, hasn't it? Yours, Per Tunedal On Tue, Feb 11, 2014, at 10:46, Peter Lebbing wrote: > On 11/02/14 09:10, Per Tunedal wrote: > > Is there any work in progress to move to a more secure > > hash algorithm? > > Have you searched the mailing list archives? There are several times this > has > been discussed already, including many different opinions, responses to > those > opinions and arguments for and against specific plans of action. I don't > think > there's anything substantial to add to those existing discussions. > > HTH, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at From kristian.fiskerstrand at sumptuouscapital.com Wed Feb 12 09:39:46 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Wed, 12 Feb 2014 09:39:46 +0100 Subject: Moving away from SHA-1 In-Reply-To: <1392193901.24333.82387001.4C964598@webmail.messagingengine.com> References: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> <52F9F169.2030806@digitalbrains.com> <1392193901.24333.82387001.4C964598@webmail.messagingengine.com> Message-ID: <52FB3352.2060203@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Per, On 02/12/2014 09:31 AM, Per Tunedal wrote: > Hi Peter, Yes, I've searched the archives. Conclusion: There's not > any immediate danger to GnuPG. > > But, all the same: I cannot find any information on what's the > plans for the future. Sooner or later a transition to some other > hash has to take place, hasn't it? The appropriate place for such a change would be new defaults in the standards, i.e. that this likely would be part of a future V5 OpenPGP key format. The appropriate ML for that would be [0] References: [0] http://www.ietf.org/mail-archive/web/openpgp/current/maillist.html - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aut disce aut discede Either learn or leave -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS+zNOAAoJEPw7F94F4TagzXAP/Riqy9hbjuncUmGbDU+hOgMw nnjSFw41uP+UqVKypo5RTCfkv59euPRq8d0MYPtUEeSLvbMkX40Hhl/i0AilM4MD zq+LuytJ+SiQMdzlU+helyMWU5hLObOLkl4JmPzAmAaXM6MXDedn4UNpcpFxGhPt Zh4uQ2VFjzXQCH5gTKyRL6liq/+TPb/m5wpNjYqqiKxDkmeFnh9MtPTE7Qo/raYi eCbPN8zcL8e+Z4FofNGTY62hTFve0SrC6JVWq1S/EG4Usgf8Mp7Ab/ppuCHlnVee 78McbqdOgSkp5IINe0il2k+tpO6q+uauX/hPkv49cZc2d+FqAhRWCMCaNZ//v8uk jYDnFSoW0p3I9BFr4CjlmfN7E/PfKGjFHooU8isyHlBBSlgFTuJ96UU0283I5+iv AKVDwNxBAGqljvGbdPzObhGU5P7s7whZFzUzDiVkFLdRTT4c6BwFUmqkxNtUTV+F zmWH+HCR/FLpmvq8SXsBKuJbvxm8JbxLXEABJJEPTObK82ClE9DiK5mWIrBF/1H2 xk/TZo8+bZtWALzAkCDWV+VejazMgV2x9u+pFnNzXB4dRuCRW94tlcbbbRwMC6YV y1aH1ma4I7ggcOzmyV46XzNuRaclgbxpvCrUiFj0fzxF9R1mafEL5bWtfbi8Xl1e I/6BWRgyN+kqqiihWJSu =FBe2 -----END PGP SIGNATURE----- From bortzmeyer at nic.fr Wed Feb 12 09:38:02 2014 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Wed, 12 Feb 2014 09:38:02 +0100 Subject: Moving away from SHA-1 In-Reply-To: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> References: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> Message-ID: <20140212083802.GA15829@nic.fr> On Tue, Feb 11, 2014 at 09:10:32AM +0100, Per Tunedal wrote a message of 17 lines which said: > When SHA-1 falls, GnuPG will otherwise be completely broken as > internal key signatures, as well signatures of public keys from > others and the fingerprint rely on SHA-1 hashes. Isn't three different cases? For the fingerprint, it is in the RFC 4880 (section 12.2) and GnuPG cannot change it unilaterally or it would stop to be OpenPGP-compliant. For the signatures of public keys from others, you can already put: cert-digest-algo SHA256 in your gpg.conf. I don't know why it's not the default but there is certainly a good reason in the archives mentioned by Peter Lebbing. In the mean time, you can always migrate yourself. From faruguredo at gmail.com Wed Feb 12 04:02:51 2014 From: faruguredo at gmail.com (Faru Guredo) Date: Wed, 12 Feb 2014 07:02:51 +0400 Subject: Trying to understand the bond between master and subordinate key pairs Message-ID: I?ve read GNU Privacy Handbook, the FAQ and thought I understood the purpose of all four keys initially generated with --gen-keys. But then I found this https://wiki.debian.org/subkeys and lost it. tl;dr: There is suggested backup of ~/.gnupg, creation of a new pair of subkeys for signing, then all public keys and secret subkeys are exported, master key (for signing) is removed (but still available in backup) and finally public keys along with secret keys are imported back. This is suggested???as far as I understand???in order to keep the original master key for signing in a secret place, because master signing key = my genuine identity. But. Which public keys should be uploaded to the keyserver? Other people may verify your signature and encrypt files for you only if they have corresponding public keys (of yours). But what about gathering signatures of other people on your own public key? Should I upload public key of my master signing key along with the public key of the subordinate keypair I am planning to use daily? If not, what is the purpose of the public part of the master keypair? If I will not upload it, how other people will verify signatures I made on their keys or my own keys? Does it all mean I need at least three public keys to be known to other people???two for daily signing and encrypting and one to verify master key signatures? Do they even need to verify what I sign with my master key (I mean my keys and their keys)? I don?t get the bond between master keys and subordinate keys. Does it even exist? To me they look like totally different keys. Okay, when I usually sign files with key AAAAAAAA when I send them to Alice, and eventually I want to sign her key (?which of her keys, actually? The one she uses daily or the one she keeps like me? If she keeps it, how did it get to me? Which public keys supposed to collect signatures of other people ??of the master one or newly created subordinate one?), I need to use my master key BBBBBBBB. How does she know that BBBBBBBB is also my key if they have different IDs? (Let?s assume public key of the master pair is irrelevant, and signing pubkey exchange is done via subordinate pair which never expires.) Sorry for my English. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Wed Feb 12 11:19:13 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 12 Feb 2014 11:19:13 +0100 Subject: Trying to understand the bond between master and subordinate key pairs In-Reply-To: References: Message-ID: <1547803.2ni7ixzdzZ@inno> Am Mi 12.02.2014, 07:02:51 schrieb Faru Guredo: > This is suggested???as far as I understand???in order to keep > the original master key for signing in a secret place, because master > signing key = my genuine identity. But. Signing (data) is not the relevant aspect of a mainkey. Certification (i.e. signing key components) is. You can create mainkeys which are not capable (i.e: not allowed) of signing data at all. > Which public keys should be uploaded to the keyserver? All public keys must be available to the public. (You cannot even prevent that from happening.) The public mainkey is necessary for the verification that the subkeys belong to this mainkey. Furthermore it is needed for the fingerprint check. > But what about gathering > signatures of other people on your own public key? Should I upload > public key of my master signing key along with the public key of the > subordinate keypair I am planning to use daily? These two components are not related at all. These should be two distinct questions. > I don?t get the bond between master keys and subordinate keys. Does it > even exist? The mainkey binds the subkeys by signing them. Signature subkeys have to sign the mainkey, too, in order to become valid. OpenPGP considers signatures by a subkey as equivalent to those by a mainkey. But if everyone understand what this means (and how it can be checked) then you can use the protected mainkey for more secure signatures (if you do not have a more secure other key). You can use it for more secure encryption, too (again: If everyone involved understands how to do that). > To me they look like totally different keys. They are, technically. They could even be exchanged. But the OpenPGP key format marks one as the mainkey and the other ones as subkeys. > Okay, when I > usually sign files with key AAAAAAAA when I send them to Alice, and > eventually I want to sign her key (?which of her keys, actually? The > one she uses daily or the one she keeps like me? If she keeps it, how > did it get to me? Which public keys supposed to collect signatures of > other people ??of the master one or newly created subordinate one?), > I need to use my master key BBBBBBBB. How does she know that BBBBBBBB > is also my key if they have different IDs? That's not the way keys are used. You tell the application to use the key 0xAAAAAAAA. That always refers to a mainkey. The OpenPGP subsystem (GnuPG) then selects the appropriate key: either the mainkey of a subkey. Your contacts only verify 0xAAAAAAAA. Possible subkeys are verified automatically (you cannot prevent that). Signatures are shown to be made by the mainkey. More precise: GnuPG does show you the subkey which made the signature but I don't believe any GUI does (in a way useful to beginners). You can even force GnuPG to use a certain subkey (if technically possible) or the mainkey and thus override the automatic selection. But I have never seen a higer-level application offering that. > (Let?s assume public key of the master pair is irrelevant, That is not a useful assumption. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From pete at heypete.com Wed Feb 12 11:46:53 2014 From: pete at heypete.com (Pete Stephenson) Date: Wed, 12 Feb 2014 11:46:53 +0100 Subject: Trying to understand the bond between master and subordinate key pairs In-Reply-To: References: Message-ID: On Wed, Feb 12, 2014 at 4:02 AM, Faru Guredo wrote: > I?ve read GNU Privacy Handbook, the FAQ and thought I understood the purpose > of all four keys initially generated with --gen-keys. > But then I found this https://wiki.debian.org/subkeys and lost it. > > tl;dr: There is suggested backup of ~/.gnupg, creation of a new pair of > subkeys for signing, then all public keys and secret subkeys are exported, > master key (for signing) is removed (but still available in backup) and > finally public keys along with secret keys are imported back. This is > suggested???as far as I understand???in order to keep the original master > key for signing in a secret place, because master signing key = my genuine > identity. But. Right, this is a reasonable thing to do. It's not mandatory, of course, but it has various advantages. > Which public keys should be uploaded to the keyserver? Other people may > verify your signature and encrypt files for you only if they have > corresponding public keys (of yours). But what about gathering signatures of > other people on your own public key? Should I upload public key of my master > signing key along with the public key of the subordinate keypair I am > planning to use daily? If not, what is the purpose of the public part of the > master keypair? If I will not upload it, how other people will verify > signatures I made on their keys or my own keys? Does it all mean I need at > least three public keys to be known to other people???two for daily signing > and encrypting and one to verify master key signatures? Do they even need to > verify what I sign with my master key (I mean my keys and their keys)? You should upload the public key of your primary ("master") key to the key servers. If you do this in GnuPG, it will automatically upload the public keys for your primary key and all the subkeys. If you use the "--export" command to export your public key, it will export the public key of your primary key and subkeys in one file. Similarly, when people search for your public key on the key servers they should search for the KeyID of your primary key. When they download it, they will also get the public keys for the subkeys. > I don?t get the bond between master keys and subordinate keys. Does it even > exist? To me they look like totally different keys. Okay, when I usually > sign files with key AAAAAAAA when I send them to Alice, and eventually I > want to sign her key (?which of her keys, actually? The one she uses daily > or the one she keeps like me? If she keeps it, how did it get to me? Which > public keys supposed to collect signatures of other people ??of the master > one or newly created subordinate one?), I need to use my master key > BBBBBBBB. How does she know that BBBBBBBB is also my key if they have > different IDs? (Let?s assume public key of the master pair is irrelevant, > and signing pubkey exchange is done via subordinate pair which never > expires.) Subkeys are bound to their respective primary key by signatures made by the primary key. When you sign someone else's key, you sign the public key of that person's primary key. Similarly, when they sign your key, they sign your primary key. Since the subkeys are bound to their respective primary keys, the trust in the primary key is automatically applied to any subkeys without any additional signatures being required. For example, see my key 0x85EB9F44 (which can be found on the keyservers at ) -- my primary key ("pub") has collected signatures from several people on my user ID ("uid"). I also have signing and encryption subkeys ("sub") that are bound ("sig sbind") to the primary key and which I use for day-to-day signing and encrypting of files and messages. I only use my primary key for signing other people's public keys (subkeys cannot make "certifications" on other people's public keys) or when generating new subkeys. Otherwise, the subkeys are used for all the usual purposes. In general, people do not need to know the KeyIDs of the subkeys -- that is handled automatically by GnuPG. Similarly, you generally do not need to concern yourself with the KeyIDs of your subkeys, nor do you need to tell GnuPG to specifically use them (GnuPG will sign messages with the newest signing subkey by default). In short: your subkeys are linked to your primary key and GnuPG will handle subkeys automatically and transparently without your needing to worry about their KeyIDs. Cheers! -Pete From micha137 at gmx.de Wed Feb 12 12:40:16 2014 From: micha137 at gmx.de (Michael Anders) Date: Wed, 12 Feb 2014 12:40:16 +0100 Subject: Trying to understand the bond between master and subordinal key pairs In-Reply-To: References: Message-ID: <1392205216.26514.19.camel@micha137-myAMD-CM1740> On Wed, 2014-02-12 at 11:38 +0100, gnupg-users-request at gnupg.org wrote: > Am Mi 12.02.2014, 07:02:51 schrieb Faru Guredo: > > > This is suggested???as far as I understand???in order to keep > > the original master key for signing in a secret place, because > master > > signing key = my genuine identity. But. > > Signing (data) is not the relevant aspect of a mainkey. Certification > (i.e. signing key components) is. You can create mainkeys which are > not > capable (i.e: not allowed) of signing data at all. > > > > Which public keys should be uploaded to the keyserver? > > All public keys must be available to the public. (You cannot even > prevent that from happening.) The public mainkey is necessary for the > verification that the subkeys belong to this mainkey. Furthermore it > is > needed for the fingerprint check. > > > > But what about gathering > > signatures of other people on your own public key? Should I upload > > public key of my master signing key along with the public key of the > > subordinate keypair I am planning to use daily? > > These two components are not related at all. These should be two > distinct questions. > > > > I don?t get the bond between master keys and subordinate keys. Does > it > > even exist? > > The mainkey binds the subkeys by signing them. Signature subkeys have > to > sign the mainkey, too, in order to become valid. > > OpenPGP considers signatures by a subkey as equivalent to those by a > mainkey. But if everyone understand what this means (and how it can > be > checked) then you can use the protected mainkey for more secure > signatures (if you do not have a more secure other key). You can use > it > for more secure encryption, too (again: If everyone involved > understands > how to do that). > > > > To me they look like totally different keys. > > They are, technically. They could even be exchanged. But the OpenPGP > key > format marks one as the mainkey and the other ones as subkeys. > > > > Okay, when I > > usually sign files with key AAAAAAAA when I send them to Alice, and > > eventually I want to sign her key (?which of her keys, actually? The > > one she uses daily or the one she keeps like me? If she keeps it, > how > > did it get to me? Which public keys supposed to collect signatures > of > > other people ??of the master one or newly created subordinate one?), > > I need to use my master key BBBBBBBB. How does she know that > BBBBBBBB > > is also my key if they have different IDs? > > That's not the way keys are used. You tell the application to use the > key 0xAAAAAAAA. That always refers to a mainkey. The OpenPGP > subsystem > (GnuPG) then selects the appropriate key: either the mainkey of a > subkey. Your contacts only verify 0xAAAAAAAA. Possible subkeys are > verified automatically (you cannot prevent that). Signatures are > shown > to be made by the mainkey. > > More precise: GnuPG does show you the subkey which made the signature > but I don't believe any GUI does (in a way useful to beginners). You > can > even force GnuPG to use a certain subkey (if technically possible) or > the mainkey and thus override the automatic selection. But I have > never > seen a higer-level application offering that. > > > > (Let?s assume public key of the master pair is irrelevant, > > That is not a useful assumption. I kept wondering about this too. Thanks a lot for the explanation of how it works. I am still puzzled, however. Can anyone explain the logical reason as to why we need this jungle in OpenPGP, which thankworthily is usually more or less hidden from the user anyways? A good reason would help the complicated workings to stick with my memory :-) Why would we need more than one key and this hierarchy on top of it? (Proper padding according to the standard to my knowledge removes even the dangers of using the same RSA key for signatures as well as for ciphers.) Is the necessity(given that it is there) for the subkey hierarchy endemic to RSA or would such a structure also be needed for ECC or other cryptosystems? Cheers, Michael Anders From ludovic at mozilla.com Wed Feb 12 12:40:23 2014 From: ludovic at mozilla.com (Ludovic Hirlimann) Date: Wed, 12 Feb 2014 12:40:23 +0100 Subject: Organizing a GPG key signing party in London Message-ID: <52FB5DA7.7010005@mozilla.com> Hi, I'm organizing a pgp key signing party in London on March the 25th at 6:30 PM BST in the mozilla space of the mozilla office in London. I've been trying to reach out to Londoners and Uk users of pgp using twitter ( https://twitter.com/lhirlimann/status/432867811002564608 ), I've tried to contact the Linux Users group, but din't get much out of it. So I'm going to try to get some atention here. The space is limited in the london office so you'll need to register using event brite at https://www.eventbrite.fr/e/gpg-key-signing-party-london-uk-tickets-10551117677 . Ludo -- [:Usul] SRE Team at Mozilla QA Lead fof Thunderbird http://sietch-tabr.tumblr.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4222 bytes Desc: S/MIME Cryptographic Signature URL: From dkg at fifthhorseman.net Wed Feb 12 20:27:47 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 12 Feb 2014 14:27:47 -0500 Subject: Trying to understand the bond between master and subordinal key pairs In-Reply-To: <1392205216.26514.19.camel@micha137-myAMD-CM1740> References: <1392205216.26514.19.camel@micha137-myAMD-CM1740> Message-ID: <52FBCB33.2070903@fifthhorseman.net> On 02/12/2014 06:40 AM, Michael Anders wrote: > I am still puzzled, however. Can anyone explain the logical reason as to > why we need this jungle in OpenPGP, which thankworthily is usually more > or less hidden from the user anyways? > A good reason would help the complicated workings to stick with my > memory :-) > Why would we need more than one key and this hierarchy on top of it? > (Proper padding according to the standard to my knowledge removes even > the dangers of using the same RSA key for signatures as well as for > ciphers.) it's a bad idea to use the same key for multiple mechanisms. keeping the uses distinct is the most reliable way to avoid cross-protocol attacks. For a given key, it's very difficult to effectively mandate that everything uses "proper padding" or that different uses will use distinct padding from every other use. Being able to associate keys with your primary identity that might be used in other contexts (c.f. recent discussions about bitcoin and otr) is a useful feature. > Is the necessity (given that it is there) for the subkey hierarchy > endemic to RSA or would such a structure also be needed for ECC or other > cryptosystems? here are four reasons at least that are not specific to any particular public key cryptosystem. there are probably more: * offline primary keys * subkeys that are incapable of being abused to make fraudulent OpenPGP identity certifications * subkey-specific export: you can make a key, let an agent use it on your behalf in one context without allowing that agent access to any of your other keys. * frequent expiry/rollover of encryption or signing subkeys while the primary key (and thus the user's identity) stays constant. this can deal with a heavily-used signing public key, for example, to mitigate attacks that scale with volume of visible signatures. for encryption keys, this can also potentially be used as a (weak) form of forward secrecy, assuming the user actually destroys the secret key when it expires. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From pericle at lmib.org Wed Feb 12 21:19:18 2014 From: pericle at lmib.org (Pericle Unico) Date: Wed, 12 Feb 2014 20:19:18 +0000 (UTC) Subject: Could not extend expiration date References: <1543173.1WeEAFqVeQ@mani> Message-ID: Johannes Zarl zarl.at> writes: > It looks like you use an offline master key and use subkeys for signing and > decryption. Thanks Johannes, you are right I forget I put the master key offline, now I've resolved. From per.tunedal at operamail.com Wed Feb 12 22:31:13 2014 From: per.tunedal at operamail.com (Per Tunedal) Date: Wed, 12 Feb 2014 22:31:13 +0100 Subject: Moving away from SHA-1 In-Reply-To: <52FB3352.2060203@sumptuouscapital.com> References: <1392106232.25913.81904521.460C212F@webmail.messagingengine.com> <52F9F169.2030806@digitalbrains.com> <1392193901.24333.82387001.4C964598@webmail.messagingengine.com> <52FB3352.2060203@sumptuouscapital.com> Message-ID: <1392240673.27357.82695221.715A16DB@webmail.messagingengine.com> Hi Kristian, Thanks for the link. I've studied some interesting threads. Anyhow, I'm surprised that apparently there isn't any decision on how to move to the next OpenPGP standard, or what it would look like. Or has something been decided? I just want to be updated as I haven't followed the discussion for some years. It might be of interest for others as well. Yours, Per Tunedal On Wed, Feb 12, 2014, at 9:39, Kristian Fiskerstrand wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi Per, > > On 02/12/2014 09:31 AM, Per Tunedal wrote: > > Hi Peter, Yes, I've searched the archives. Conclusion: There's not > > any immediate danger to GnuPG. > > > > But, all the same: I cannot find any information on what's the > > plans for the future. Sooner or later a transition to some other > > hash has to take place, hasn't it? > > The appropriate place for such a change would be new defaults in the > standards, i.e. that this likely would be part of a future V5 OpenPGP > key format. The appropriate ML for that would be [0] > > References: > [0] http://www.ietf.org/mail-archive/web/openpgp/current/maillist.html > > > - -- > - ---------------------------- > Kristian Fiskerstrand > Blog: http://blog.sumptuouscapital.com > Twitter: @krifisk > - ---------------------------- > Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > - ---------------------------- > Aut disce aut discede > Either learn or leave > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJS+zNOAAoJEPw7F94F4TagzXAP/Riqy9hbjuncUmGbDU+hOgMw > nnjSFw41uP+UqVKypo5RTCfkv59euPRq8d0MYPtUEeSLvbMkX40Hhl/i0AilM4MD > zq+LuytJ+SiQMdzlU+helyMWU5hLObOLkl4JmPzAmAaXM6MXDedn4UNpcpFxGhPt > Zh4uQ2VFjzXQCH5gTKyRL6liq/+TPb/m5wpNjYqqiKxDkmeFnh9MtPTE7Qo/raYi > eCbPN8zcL8e+Z4FofNGTY62hTFve0SrC6JVWq1S/EG4Usgf8Mp7Ab/ppuCHlnVee > 78McbqdOgSkp5IINe0il2k+tpO6q+uauX/hPkv49cZc2d+FqAhRWCMCaNZ//v8uk > jYDnFSoW0p3I9BFr4CjlmfN7E/PfKGjFHooU8isyHlBBSlgFTuJ96UU0283I5+iv > AKVDwNxBAGqljvGbdPzObhGU5P7s7whZFzUzDiVkFLdRTT4c6BwFUmqkxNtUTV+F > zmWH+HCR/FLpmvq8SXsBKuJbvxm8JbxLXEABJJEPTObK82ClE9DiK5mWIrBF/1H2 > xk/TZo8+bZtWALzAkCDWV+VejazMgV2x9u+pFnNzXB4dRuCRW94tlcbbbRwMC6YV > y1aH1ma4I7ggcOzmyV46XzNuRaclgbxpvCrUiFj0fzxF9R1mafEL5bWtfbi8Xl1e > I/6BWRgyN+kqqiihWJSu > =FBe2 > -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Wed Feb 12 23:49:52 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Wed, 12 Feb 2014 22:49:52 +0000 Subject: Organizing a GPG key signing party in London In-Reply-To: <52FB5DA7.7010005@mozilla.com> References: <52FB5DA7.7010005@mozilla.com> Message-ID: <241100000.20140212224952@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 12 February 2014 at 11:40:23 AM, in , Ludovic Hirlimann wrote: > Hi, > I'm organizing a pgp key signing party in London on > March the 25th at 6:30 PM BST in the mozilla space of > the mozilla office in London. > I've been trying to reach out to Londoners and Uk users > of pgp using twitter ( > https://twitter.com/lhirlimann/status/432867811002564608 > ), I've tried to contact the Linux Users group, but > din't get much out of it. So I'm going to try to get > some atention here. > The space is limited in the london office so you'll > need to register using event brite at > https://www.eventbrite.fr/e/gpg-key-signing-party-london-uk-tickets-10551117677 > . It may also be worthwhile listing it on Biglumber.com. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net If it aint broke, fix it till it is broke! -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlL7+phXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pDTsD/Rdg84Q22vEXC1LR86nHK6F3IAeBXUdXWqkO Y2dt/sB1VEM50d4qyYAL7hIeBJOaqbhQ0TBXOk5ZmxZBMHjc0q9UakgfTPtmH28v 17D5bM7ApuZzzO8bl8RdbCfhN4miQ83jLKEgWOpc6I4SO122GgKdtoRwsYXMFHuz EvRWr0z3 =Gi/y -----END PGP SIGNATURE----- From ludovic at mozilla.com Thu Feb 13 06:49:42 2014 From: ludovic at mozilla.com (Ludovic Hirlimann) Date: Thu, 13 Feb 2014 06:49:42 +0100 Subject: Organizing a GPG key signing party in London In-Reply-To: <241100000.20140212224952@my_localhost> References: <52FB5DA7.7010005@mozilla.com> <241100000.20140212224952@my_localhost> Message-ID: <52FC5CF6.7050207@mozilla.com> On 12/02/2014 23:49, MFPA wrote: > Hi > > It may also be worthwhile listing it on Biglumber.com. > When I see the state of the entries on big lumber (I've contacted everyone whose in London , and 75% of the email addresses didn't work) - I'm pretty sure it won't help. Ludo -- [:Usul] SRE Team at Mozilla QA Lead fof Thunderbird http://sietch-tabr.tumblr.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4222 bytes Desc: S/MIME Cryptographic Signature URL: From koukopoulos+gnupg-users at gmail.com Thu Feb 13 12:13:58 2014 From: koukopoulos+gnupg-users at gmail.com (Kostantinos Koukopoulos) Date: Thu, 13 Feb 2014 13:13:58 +0200 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> Message-ID: On Fri, Feb 7, 2014 at 8:42 AM, Kostantinos Koukopoulos < koukopoulos+gnupg-users at gmail.com> wrote: > > Makes sense, So does anyone know the version of BasicCard used for openpgp > cards? Or who to contact with this question? I asked at the distributor ( > kernelconcepts.de) and they said they couldn't answer such technical > questions and suggested I try asking on this list. > > > For everyone's information, fter getting in touch with ZeitCorp, the makers of the hardware and software in the OpenPGP cards in question, I received a reply from Michael Petig stating that they use the Professional BasicCard ZC7.5 which includes a hardware RNG. Of course in the end it still comes down to the question of how much we trust ZeitCorp, but I have no positive reason not to. Using these cards has risk of course but much smaller than the potential for increased security. Cheers, Konstantinos -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Thu Feb 13 14:32:56 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 13 Feb 2014 14:32:56 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> Message-ID: <52FCC988.3000906@digitalbrains.com> On 13/02/14 12:13, Kostantinos Koukopoulos wrote: > Of course in the end it still comes down to the question of how much we > trust ZeitCorp, but I have no positive reason not to. Using these cards has > risk of course but much smaller than the potential for increased security. If you create keys on the card with the option of a local backup, or if you create normal keys which you then "keytocard", the included RNG is not used for key material. I don't think it's used elsewhere (apart from the obvious GET CHALLENGE command which is used to get verbatim random numbers from the RNG). Signature generation is deterministic, and the random bytes used for an encrypted message are generated by the sender, not the card. Werner Koch had this to say about an on-card RNG[1]: > Compared to actual hardware RNGs they are very limited and probaly prone to > errors. there is also no way to do extensive power up tests which all other > hardware RNGs require. > > I consider a good OS supported RNG more reliable. Considering that Werner was involved in the creation of the OpenPGP card, I think the on-card RNG isn't blindly trusted. That does beg the question: is it still used when using "addcardkey" and declining to use a backup? HTH, Peter. PS: I restricted your statement "trust ZeitCorp" to the RNG. Obviously, more possibilities exist for a manufacturer to be nasty. [1] http://lists.gnupg.org/pipermail/gnupg-users/2013-June/046901.html -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Thu Feb 13 15:45:59 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 13 Feb 2014 15:45:59 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <52FCC988.3000906@digitalbrains.com> References: <52FCC988.3000906@digitalbrains.com> Message-ID: <9228307.4N0ZjhncWR@dhcppc5> Am Do 13.02.2014, 14:32:56 schrieb Peter Lebbing: > If you create keys on the card [...], the included RNG is not used How do you want to create a key on the card without an RNG? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Thu Feb 13 19:08:51 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 13 Feb 2014 19:08:51 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <9228307.4N0ZjhncWR@dhcppc5> References: <52FCC988.3000906@digitalbrains.com> <9228307.4N0ZjhncWR@dhcppc5> Message-ID: <1d348152bb5770be3aca4a9ee9a08e9a@butters.digitalbrains.com> On 2014-02-13 15:45, Hauke Laging wrote: > How do you want to create a key on the card without an RNG? What in fact happens is that the key is generated on the PC, and it is both sent to the card using the same mechanism as 'keytocard' and backed up to a file on the PC. This is because it is impossible to get the private key out of the card, so if you generate the key on the card, you can't keep a backup of it. So the card doesn't generate the key at all, hence not needing an RNG. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Thu Feb 13 19:32:19 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Feb 2014 19:32:19 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <52FCC988.3000906@digitalbrains.com> (Peter Lebbing's message of "Thu, 13 Feb 2014 14:32:56 +0100") References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> Message-ID: <8761oidft8.fsf@vigenere.g10code.de> On Thu, 13 Feb 2014 14:32, peter at digitalbrains.com said: > Considering that Werner was involved in the creation of the OpenPGP card, I > think the on-card RNG isn't blindly trusted. ... of the specs. Not of the concrete implementation. I hesitated to sign an NDA and thus have no more insight into this than most others. > That does beg the question: is it still used when using "addcardkey" and > declining to use a backup? Sure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From aranea at aixah.de Thu Feb 13 21:13:22 2014 From: aranea at aixah.de (Luis Ressel) Date: Thu, 13 Feb 2014 21:13:22 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <8761oidft8.fsf@vigenere.g10code.de> References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> <8761oidft8.fsf@vigenere.g10code.de> Message-ID: <20140213211322.0006cf52@gentp.lnet> On Thu, 13 Feb 2014 19:32:19 +0100 Werner Koch wrote: > ... of the specs. Not of the concrete implementation. I hesitated to > sign an NDA and thus have no more insight into this than most others. You've got to sign an NDA to learn about the implementation of this security device which is supposed to be open? That sounds nasty and basically means there could even be backdoors in the implementation, not only in the underlying system... Regards, Luis Ressel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From peter at digitalbrains.com Thu Feb 13 21:29:09 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 13 Feb 2014 21:29:09 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <20140213211322.0006cf52@gentp.lnet> References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> <8761oidft8.fsf@vigenere.g10code.de> <20140213211322.0006cf52@gentp.lnet> Message-ID: <52FD2B15.8060800@digitalbrains.com> On 13/02/14 21:13, Luis Ressel wrote: > You've got to sign an NDA to learn about the implementation of this > security device which is supposed to be open? You need an NDA to get the SDK, and you can't disclose the source code for your application. You don't need the implementation details of a smartcard to write an application for it. Those NDA's are rather common in the smartcard world, where companies with a lot of money are worried you'll devise a way to watch pay-TV for free and such.[1] Although I think there's a trend towards more openness, and I learned a while ago that you can get crypto-capable JavaCards these days without requiring an NDA. HTH, Peter. PS: I might be off on the exact details, this is all from an interested observer's standpoint. [1] Yes, security through obscurity. And they need the obscurity, because the security often isn't all that well. Although they have to face the problem that DRM is defective by design, and what they're doing borders on DRM, so partly it's a fundamental problem. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From ndk.clanbo at gmail.com Thu Feb 13 21:36:24 2014 From: ndk.clanbo at gmail.com (NdK) Date: Thu, 13 Feb 2014 21:36:24 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <52FD2B15.8060800@digitalbrains.com> References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> <8761oidft8.fsf@vigenere.g10code.de> <20140213211322.0006cf52@gentp.lnet> <52FD2B15.8060800@digitalbrains.com> Message-ID: <52FD2CC8.9000001@gmail.com> Il 13/02/2014 21:29, Peter Lebbing ha scritto: > Although I think there's a trend towards more openness, and I learned a while > ago that you can get crypto-capable JavaCards these days without requiring an NDA. I've been able to work on JavaCards w/o having to sign anything (except the transactions to various online stores :) ). I'd have been interested in developing for Yubikey, too, but that required an NDA with NXP for their SDK, or I couldn't access the button (and access to the button was the only reason I was interested in Yubikey in the first place!). BYtE, Diego. From geek at blystone.net Thu Feb 13 21:23:21 2014 From: geek at blystone.net (Scott Blystone) Date: Thu, 13 Feb 2014 15:23:21 -0500 Subject: Organizing a GPG key signing party in London In-Reply-To: References: Message-ID: <7DC07434-2672-4088-94B3-5EF918917C84@blystone.net> On 12/02/2014 23:49, MFPA wrote: Hi It may also be worthwhile listing it on Biglumber.com. When I see the state of the entries on big lumber (I've contacted everyone whose in London , and 75% of the email addresses didn't work) - I'm pretty sure it won't help. Ludo All, Biglumber has been essentially abandoned by its developer and has been completely unmaintained for several years. It was a wonderful service when it was maintained. Now I think it would be better for it to be removed, but the developer stopped responding to inquiries long ago. -- Scott Blystone Rochester, New York Note: This address also works for instant messaging. If a dog jumps in your lap, it is because he is fond of you; but if a cat does the same thing, it is because your lap is warmer. - Alfred North Whitehead From wk at gnupg.org Thu Feb 13 23:20:07 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Feb 2014 23:20:07 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <52FD2CC8.9000001@gmail.com> (NdK's message of "Thu, 13 Feb 2014 21:36:24 +0100") References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> <8761oidft8.fsf@vigenere.g10code.de> <20140213211322.0006cf52@gentp.lnet> <52FD2B15.8060800@digitalbrains.com> <52FD2CC8.9000001@gmail.com> Message-ID: <87ob2abqp4.fsf@vigenere.g10code.de> On Thu, 13 Feb 2014 21:36, ndk.clanbo at gmail.com said: > I've been able to work on JavaCards w/o having to sign anything (except I am not interested in those small applications on the smartcard as long as I can't scrutinize the real code, i.e. the OS. Whether those applications are written for a p-code system (JavaCard, BasicCard) or for the native CPU doesn't change anything in the equation. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ndk.clanbo at gmail.com Fri Feb 14 06:42:03 2014 From: ndk.clanbo at gmail.com (NdK) Date: Fri, 14 Feb 2014 06:42:03 +0100 Subject: Subject: openpgp card and basiccard RNG In-Reply-To: <87ob2abqp4.fsf@vigenere.g10code.de> References: <1391587279.3710.22.camel@micha137-myAMD-CM1740> <52FCC988.3000906@digitalbrains.com> <8761oidft8.fsf@vigenere.g10code.de> <20140213211322.0006cf52@gentp.lnet> <52FD2B15.8060800@digitalbrains.com> <52FD2CC8.9000001@gmail.com> <87ob2abqp4.fsf@vigenere.g10code.de> Message-ID: <52FDACAB.8010209@gmail.com> Il 13/02/2014 23:20, Werner Koch ha scritto: [JavaCards] > I am not interested in those small applications on the smartcard as long > as I can't scrutinize the real code, i.e. the OS. Whether those > applications are written for a p-code system (JavaCard, BasicCard) or > for the native CPU doesn't change anything in the equation. Then where would you stop analyzing? If you look at the OS code, there could be a backdoor in the CPU microcode. Or in the chip firmware uploader (is there an HV programming mode available? was it disabled or physically removed from the die?). And these are just the most obvious. The best we can do is trust the manufacturer and read the fine print on the datasheets. It will be more secure than a sw only implementation that runs on a connected PC. ByTE, Diego From faruguredo at gmail.com Fri Feb 14 07:23:54 2014 From: faruguredo at gmail.com (Faru Guredo) Date: Fri, 14 Feb 2014 10:23:54 +0400 Subject: gpg-agent chooses wrong identity when picking SSH key Message-ID: Hello. I am migrating from ssh-agent to gpg-agent and have successfully loaded my SSH keys into the new agent, $ ssh-add -l 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7 /home/faru/.ssh/first-company (RSA) 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42 /home/faru/.ssh/second-company (RSA) 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06 /home/faru/.ssh/third-company (RSA) 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4 /home/faru/.ssh/fourth-company (RSA) And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company should be used when connecting to third-company.com Host third-company HostName third-company.com User git IdentityFile ~/.ssh/third-company Though, when I push commits there, git on the server says 'Access denied for first-company'. So I figured out that gpg-agent uses first available key instead of looking at the host and settings in ~/.ssh/config Host is defined in .git/config as [remote "origin"] url = ssh://git at third-company/reponame.git How could I fix that? -------------- next part -------------- An HTML attachment was scrubbed... URL: From faruguredo at gmail.com Sat Feb 15 15:19:21 2014 From: faruguredo at gmail.com (Faru Guredo) Date: Sat, 15 Feb 2014 18:19:21 +0400 Subject: gpg-agent chooses wrong identity when picking SSH key In-Reply-To: References: Message-ID: After I have done small investigation, I've found that it's only the second try when gpg-agent uses wrong identity. The first is done with correct identity, but ssh server failed to authenticate the key because of this error: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106) debug1: ssh_rsa_verify: signature incorrect Both keys are RSA with the same length (4096). debug1: Server accepts key: pkalg ssh-rsa blen 535. But ssh server refuses to validate the first and approves only the latter one (there is a gitolite installation) which causes the push to be done with the wrong key, and hence, the wrong username. 2014-02-14 10:23 GMT+04:00 Faru Guredo : > Hello. > > I am migrating from ssh-agent to gpg-agent and have successfully loaded my > SSH keys into the new agent, > > $ ssh-add -l > 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7 > /home/faru/.ssh/first-company (RSA) > 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42 > /home/faru/.ssh/second-company (RSA) > 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06 > /home/faru/.ssh/third-company (RSA) > 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4 > /home/faru/.ssh/fourth-company (RSA) > > And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company > should be used when connecting to third-company.com > > Host third-company > HostName third-company.com > User git > IdentityFile ~/.ssh/third-company > > Though, when I push commits there, git on the server says 'Access denied > for first-company'. So I figured out that gpg-agent uses first available > key instead of looking at the host and settings in ~/.ssh/config > Host is defined in .git/config as > > [remote "origin"] > url = ssh://git at third-company/reponame.git > > How could I fix that? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From faruguredo at gmail.com Sat Feb 15 15:20:38 2014 From: faruguredo at gmail.com (Faru Guredo) Date: Sat, 15 Feb 2014 18:20:38 +0400 Subject: gpg-agent chooses wrong identity when picking SSH key In-Reply-To: References: Message-ID: It worked with ssh-agent and still works without any agent -- settings in ~/.ssh/config just work as they should. But with gpg-agent there is such a mess. 2014-02-15 18:19 GMT+04:00 Faru Guredo : > After I have done small investigation, I've found that it's only the > second try when gpg-agent uses wrong identity. The first is done with > correct identity, but ssh server failed to authenticate the key because of > this error: > > error: RSA_public_decrypt failed: > error:0407006A:lib(4):func(112):reason(106) > debug1: ssh_rsa_verify: signature incorrect > > Both keys are RSA with the same length (4096). > > debug1: Server accepts key: pkalg ssh-rsa blen 535. > > But ssh server refuses to validate the first and approves only the latter > one (there is a gitolite installation) which causes the push to be done > with the wrong key, and hence, the wrong username. > > > 2014-02-14 10:23 GMT+04:00 Faru Guredo : > > Hello. >> >> I am migrating from ssh-agent to gpg-agent and have successfully loaded >> my SSH keys into the new agent, >> >> $ ssh-add -l >> 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7 >> /home/faru/.ssh/first-company (RSA) >> 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42 >> /home/faru/.ssh/second-company (RSA) >> 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06 >> /home/faru/.ssh/third-company (RSA) >> 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4 >> /home/faru/.ssh/fourth-company (RSA) >> >> And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company >> should be used when connecting to third-company.com >> >> Host third-company >> HostName third-company.com >> User git >> IdentityFile ~/.ssh/third-company >> >> Though, when I push commits there, git on the server says 'Access denied >> for first-company'. So I figured out that gpg-agent uses first available >> key instead of looking at the host and settings in ~/.ssh/config >> Host is defined in .git/config as >> >> [remote "origin"] >> url = ssh://git at third-company/reponame.git >> >> How could I fix that? >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aranea at aixah.de Sat Feb 15 22:17:39 2014 From: aranea at aixah.de (Luis Ressel) Date: Sat, 15 Feb 2014 22:17:39 +0100 Subject: gpg-agent chooses wrong identity when picking SSH key In-Reply-To: References: Message-ID: <20140215221739.271a1712@gentp.lnet> Adding "IdentitiesOnly no" to the top of your ~/.ssh/config should help. Regards, Luis Ressel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From 2014-667rhzu3dc-lists-groups at riseup.net Sun Feb 16 01:47:43 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 16 Feb 2014 00:47:43 +0000 Subject: Organizing a GPG key signing party in London In-Reply-To: <7DC07434-2672-4088-94B3-5EF918917C84@blystone.net> References: <7DC07434-2672-4088-94B3-5EF918917C84@blystone.net> Message-ID: <1719993244.20140216004743@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 13 February 2014 at 8:23:21 PM, in , Scott Blystone wrote: > Biglumber has been essentially abandoned by its > developer and has been completely unmaintained for > several years. It was a wonderful service when it was > maintained. Now I think it would be better for it to be > removed, but the developer stopped responding to > inquiries long ago. However, people are still adding listings. I subscribed to the mailing list in 2004 and still receive notification of new listings matching on location England or Wales. In the last year there have been 13, of which 5 show as London and another 5 are in towns within about 60 miles of London (Reading, Oxford, Basingstoke, Cambridge, Hitchin). - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Is it bad luck to be superstitious? -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlMACr5XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pD4oEAIML4XTC5VUOHCjgLadr73/cntjxFbFcHR/z DgreY1E6JgOpJ1l1f9hyJ1NTQbL+4kI0oXj8tcU5sKiPep+PMhlH/Lneu/36qZSj VwU/BqDqp6QoHgLopabI9beRkRe68z2JQtF32pXgS2WqJw6XSNHsHNpxD9BeKfML HzDcRwLz =Psxr -----END PGP SIGNATURE----- From shavital at mac.com Sun Feb 16 12:05:17 2014 From: shavital at mac.com (Charly Avital) Date: Sun, 16 Feb 2014 13:05:17 +0200 Subject: Decryption problem - Large .png file Message-ID: <53009B6D.4050505@mac.com> Hi, I have received from a friend a very large file in txt. that I have been so far unable to decrypt: [serial number].png.asc.txt. Size is 36.1 MB and it is supposed to be the encryption of a 600 DPI color file. Sender is running GnuPG v1.4.12 (GNU/Linux). Because of the size of the file, sender has used Dropbox, and I received it via my Dropbox. I have tried to decrypt it using Terminal/CLI, with -d and -a options. The output was gibberish, with bell sounds now and then. After typing in Terminal gpg [return], I get the prompt "go ahead and type your message". I copied/pasted the ASCII text, and at the end I got: "gpg: CRC error; E9433F - B65688", instead of the expected information about the keys the file had been encrypted to. Googling CRC error etc., didn't bring several examples from this list (and others) but nothing that I could use. Sender is positive about having used my public key to encrypt the file. Your help will be greatly appreciated. Charly 0x15E4F2EA Mac OS X 10.9.1 (13B42) MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 . (GnuPG/MacGPG2) 2.0.22 - gpg (GnuPG) 1.4.16 TB 24.2.0 Enigmail version 1.6 (20131006-1849) From peter at digitalbrains.com Sun Feb 16 13:02:12 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 16 Feb 2014 13:02:12 +0100 Subject: Decryption problem - Large .png file In-Reply-To: <53009B6D.4050505@mac.com> References: <53009B6D.4050505@mac.com> Message-ID: <5300A8C4.4080706@digitalbrains.com> On 16/02/14 12:05, Charly Avital wrote: > The output was gibberish, with bell sounds now and then. Sounds like the .png file is output to to your terminal instead of a file. This is the default for the -d option. The -a option is used for specifying armoured output; it is not used for decryption, AFAIK. The default action for gpg when given an encrypted file is to decrypt it and write the result to a file (as opposed to the terminal like with the -d option). But it constructs the filename for the decrypted file from the filename of the encrypted file, and the filename you've given is a bit odd. Normally, something.png.asc would lead to a filename something.png. But with the added .txt as a third extension, it seems gpg recognises that this is a strange situation and prompts you what to do. It suggests using the filename of the file that was encrypted, which is stored inside the encrypted file but not normally used because it can lead to nasty surprises (you decrypt a file named harmless.csv.asc and it creates a file named evil.exe). Supposing the original filename was simply serial.png and the encrypted file is, as you say, serial.png.asc.txt, this is what it looks like here: $ gpg serial.png.asc.txt gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12 "Peter Lebbing " gpg: serial.png.asc.txt: unknown suffix Enter new filename [serial.png]: $ I simply pressed Enter on the "Enter new filename" prompt because I thought the suggested filename was okay, and I now have a decrypted file serial.png next to the encrypted one. If you want to avoid the prompt, you can do either $ gpg -o serial.png serial.png.asc.txt or $ gpg -o serial.png -d serial.png.asc.txt This is because the default action for an encrypted file is to decrypt it, so you don't need to explicitly specify -d. Or you could use a GUI, but since the filename ends in .txt, it might be that the fact that it is an OpenPGP file is not recognised (by your file manager, for instance). You could drop the .txt and simply name the file serial.png.asc as usual. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From faruguredo at gmail.com Mon Feb 17 08:04:28 2014 From: faruguredo at gmail.com (Faru Guredo) Date: Mon, 17 Feb 2014 11:04:28 +0400 Subject: gpg asks for the same passphrase each time it uses new subkey Message-ID: I do backups and want to encrypt some of them. I also want to set this as a cron job. The problem is, if I haven't used my signing key before the cron daemon will attempt to encrypt backup files, gpg will throw that damn pinentry window to ask for the passphrase I have already entered at the startup. Why it needs to ask _the same_ passphrase _for each_ subordinate key and how to avoid this? At this time I can either do not sign backup files, or enter that passphrase every time cron does backup files. Or enter it twice at the startup when encrypting and signing something like `gpg se | gpg d` for no other purpose than get that passphrase into the agent. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aranea at aixah.de Mon Feb 17 13:21:06 2014 From: aranea at aixah.de (Luis Ressel) Date: Mon, 17 Feb 2014 13:21:06 +0100 Subject: gpg asks for the same passphrase each time it uses new subkey In-Reply-To: References: Message-ID: <20140217132106.71278ff3@gentp.lnet> Huh? It shouldn't be neccessary at all to enter your passphrase for encryption... -- Luis Ressel GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 966 bytes Desc: not available URL: From mercuryrising11 at gmail.com Mon Feb 17 22:39:06 2014 From: mercuryrising11 at gmail.com (mercuryrising) Date: Mon, 17 Feb 2014 13:39:06 -0800 Subject: Newbie: Search for iphone method Message-ID: Can iPhones use gnupg? Sent from my iPhone From nat at ferrus.net Tue Feb 18 01:17:41 2014 From: nat at ferrus.net (Nat Tuck) Date: Mon, 17 Feb 2014 19:17:41 -0500 Subject: Safe curves in gnupg? Message-ID: Apparently GNUPG has recently added elliptic curve support. This is really important, since the safe RSA key size (2048) is pretty big, and the verys afe RSA key size (2048) is a bit too big to be reasonable (you can't include it in a signature, for example). Unfortunately, it looks like the OpenPGP standard specifies the NSA-produced elliptic curves. Given the recent situation with Dual_EC_DRBG, NSA-produced standards are suspect, especially with suspicious constants like the standard elliptic curves have. DJB has analyzed the available elliptic curves and recommended some that he expects to be reasonably safe at http://safecurves.cr.yp.to . Does anyone know the status on the inclusion of secure ECC in gnupg? Thanks, -- Nat -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Tue Feb 18 06:42:39 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 18 Feb 2014 00:42:39 -0500 Subject: Safe curves in gnupg? In-Reply-To: References: Message-ID: <5302F2CF.6030806@fifthhorseman.net> On 02/17/2014 07:17 PM, Nat Tuck wrote: > Does anyone know the status on the inclusion of secure ECC in gnupg? It is perhaps open for discussion whether djb's criteria for "safecurves" can be defined as "secure ECC", but you can find recent discussion about the use of edwards curves (EdDSA) in OpenPGP on the IETF mailing list, starting here: https://www.ietf.org/mail-archive/web/openpgp/current/msg07201.html short version: it's under consideration and Werner has indicated active work on it. No released version of gnupg has support for it yet though. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From jurgenpolster at gmail.com Tue Feb 18 10:00:07 2014 From: jurgenpolster at gmail.com (=?ISO-8859-1?Q?J=FCrgen_Polster?=) Date: Tue, 18 Feb 2014 10:00:07 +0100 Subject: Newbie: Search for iphone method In-Reply-To: References: Message-ID: <47543242099148784@unknownmsgid> Hmm, One of the options for IOS user is oPenGp, which interacts nicely. But to answer correctly: no. *JP* -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4832 bytes Desc: not available URL: From hans at guardianproject.info Tue Feb 18 15:27:43 2014 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Tue, 18 Feb 2014 09:27:43 -0500 Subject: Newbie: Search for iphone method In-Reply-To: <47543242099148784@unknownmsgid> References: <47543242099148784@unknownmsgid> Message-ID: <53036DDF.5010305@guardianproject.info> Since GnuPG has run on Mac OS X and FreeBSD for a long time now, it should be a pretty easy port to get GnuPG running on iPhone. Someone would have to make a GUI tho. .hc On 02/18/2014 04:00 AM, J?rgen Polster wrote: > Hmm, > One of the options for IOS user is oPenGp, which interacts nicely. But to > answer correctly: no. > > *JP* > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 From wk at gnupg.org Tue Feb 18 20:13:46 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 18 Feb 2014 20:13:46 +0100 Subject: Safe curves in gnupg? In-Reply-To: <5302F2CF.6030806@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Tue, 18 Feb 2014 00:42:39 -0500") References: <5302F2CF.6030806@fifthhorseman.net> Message-ID: <87mwho5j4l.fsf@vigenere.g10code.de> On Tue, 18 Feb 2014 06:42, dkg at fifthhorseman.net said: > short version: it's under consideration and Werner has indicated active > work on it. No released version of gnupg has support for it yet though. I am waiting for an RFC to specify some details but actually the code form Ed25519 is already in the repo (although currently not anymore working). gpg will present a list of available ECC curves and I reserved the first position for Curve25519 et al. I am no sure whether it will already be available in 2.1.0, though. Those who do not want the NIST curves may in any case use the Brainpool curves which are also supported and which supported by ECC for OpenPGP (rfc-6637). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kristian.fiskerstrand at sumptuouscapital.com Tue Feb 18 20:33:19 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 18 Feb 2014 20:33:19 +0100 Subject: Safe curves in gnupg? In-Reply-To: <87mwho5j4l.fsf@vigenere.g10code.de> References: <5302F2CF.6030806@fifthhorseman.net> <87mwho5j4l.fsf@vigenere.g10code.de> Message-ID: <5303B57F.2090003@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/18/2014 08:13 PM, Werner Koch wrote: > On Tue, 18 Feb 2014 06:42, dkg at fifthhorseman.net said: > >> short version: it's under consideration and Werner has indicated >> active work on it. No released version of gnupg has support for >> it yet though. > ... > > Those who do not want the NIST curves may in any case use the > Brainpool curves which are also supported and which supported by > ECC for OpenPGP (rfc-6637). > The brainpool and secp256k1 curves will also be supported in SKS 1.1.5 and can be used in the hkp://subset.pool.sks-keyservers.net (that will get a min requirement of 1.1.5 (latest version as usual)). We should be able to have this out in time for GnuPG 2.1. The NIST curves are supported as of SKS 1.1.4. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "History doesn't repeat itself, but it does rhyme." (Mark Twain) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTA7V7AAoJEPw7F94F4Tag510P/ipuyPipEBShuKR419fRDWDJ d7HOoeBYEOvokZ8oBNo16/UdUOoFKsaNO8bZ1LM8tuEs7SuKLGa2Gsj5TNvyBgVq AD4XWN7zkpkvO+hf/FV7lxQ1eyrZrTMVrh5rO789szcO5aFlu9s9aBuoOTMOUjHD OJwyv26BXhHETsiOzCMEkKR4VqFZ2HPbeKdoOtzPgLBvV/y2ryhk4DDMxi0WtqXQ p7UxqfCaeLSKrph0h0NMlVTT0AyULezDSGAWMfB6qCRFS3Yf+6IjxRVtjI3noWUt fhFH8PNC1FykzSkB6cx79pFxrVglQDGGtelCb3P2NjOvXYh+utuh932YwQw7Jqij Fcc4XACX2Mq5gVVwI+dUo0GE2uq0yPVwqXWpCZAuCOcb8NP9l5tTOr1wxZ53gt+E ytH+bBiznLqIt0La4/oF/F5O2h2c99JvF5NRjeD6q1svraJNB0V3vt0ZEwFV4HWB RGxVw1YQHroNyP8bsk4YevSuArWeRGRLVWvz9rFh3sL6uTolaM4Bg+dcjEAJ8jNr HrXlg8ti4glX1lI3Q/VHMfdNny8mLQqfQQgTmimLor6Gt4De0duPya3HHzVi6tfP zCRGQgDYZ1BN1/RKwj48s/tYFibsBb+NxNhJbiJo7bJ8RIhdnFJqYjk78ZHZevaU KUhyvehKDCaFcbotDvPT =oueX -----END PGP SIGNATURE----- From mercuryrising11 at gmail.com Tue Feb 18 21:05:19 2014 From: mercuryrising11 at gmail.com (mercuryrising) Date: Tue, 18 Feb 2014 12:05:19 -0800 Subject: Newbie: Search for iphone method In-Reply-To: <53036DDF.5010305@guardianproject.info> References: <47543242099148784@unknownmsgid> <53036DDF.5010305@guardianproject.info> Message-ID: <61BD0B3D-152C-4FA1-8FCE-06CD16A3BBFC@gmail.com> And how would you make A GUI. What Programming would I have to learn. I used to program in basic Between 37 and 25 years ago. On a GRS 80 laptop. Are we talking a degree in software engineering? Sent from my iPhone > On Feb 18, 2014, at 6:27 AM, Hans-Christoph Steiner wrote: > > > Since GnuPG has run on Mac OS X and FreeBSD for a long time now, it should be > a pretty easy port to get GnuPG running on iPhone. Someone would have to make > a GUI tho. > > .hc > >> On 02/18/2014 04:00 AM, J?rgen Polster wrote: >> Hmm, >> One of the options for IOS user is oPenGp, which interacts nicely. But to >> answer correctly: no. >> >> *JP* >> >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- > PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From renato.martini at gmx.com Tue Feb 18 20:49:10 2014 From: renato.martini at gmx.com (Renato Martini - GMX) Date: Tue, 18 Feb 2014 16:49:10 -0300 Subject: Safe curves in gnupg? In-Reply-To: <87mwho5j4l.fsf@vigenere.g10code.de> References: <5302F2CF.6030806@fifthhorseman.net> <87mwho5j4l.fsf@vigenere.g10code.de> Message-ID: <5303B936.8010309@gmx.com> Em 18-02-2014 16:13, Werner Koch escreveu: > On Tue, 18 Feb 2014 06:42, dkg at fifthhorseman.net said: > >> short version: it's under consideration and Werner has indicated active >> work on it. No released version of gnupg has support for it yet though. > I am waiting for an RFC to specify some details but actually the code > form Ed25519 is already in the repo (although currently not anymore > working). gpg will present a list of available ECC curves and I > reserved the first position for Curve25519 et al. I am no sure whether > it will already be available in 2.1.0, though. > > Those who do not want the NIST curves may in any case use the Brainpool > curves which are also supported and which supported by ECC for OpenPGP > (rfc-6637). > > > Shalom-Salam, > > Werner > > In Brazil will use probably the Brainpool curves too, for example to a CA root the curve "brainpoolp512r1" OID sets to "1 3 36 3 3 2 8 1 1 13". By the way, the Brainpool it is *not* supported yet in the OpenSSL suite v.1.0.1x, but just in the new release 1.0.2 will be supported, we can found it on the openssl project FTP site... RMartini -- Renato Martini Brasilia (DF) - Brasil http://renatomartini.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg at turnstep.com Tue Feb 18 20:51:57 2014 From: greg at turnstep.com (Greg Sabino Mullane) Date: Tue, 18 Feb 2014 19:51:57 -0000 Subject: Organizing a GPG key signing party in London In-Reply-To: <7DC07434-2672-4088-94B3-5EF918917C84@blystone.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > Biglumber has been essentially abandoned by its developer and has > been completely unmaintained for several years. It was a wonderful > service when it was maintained. Now I think it would be better for > it to be removed, but the developer stopped responding to inquiries long ago. Sorry to hear you feel that way. I don't work on Biglumber as actively as I once did, but it is quite alive and still gets code updates. If there is an email I have not replied to, I apologize: I get quite a lot and things slip through the cracks, so feel free to resend. - -- Greg Sabino Mullane greg at turnstep.com PGP Key: 0x14964AC8 201402181451 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAlMDub8ACgkQvJuQZxSWSsj7IACfbQ950wxl7SvKEWUiCc1+vA6K KpkAnAoJhYnHZW3QpPzpjcbJ5G2urlRL =2yvL -----END PGP SIGNATURE----- From hans at guardianproject.info Tue Feb 18 22:50:19 2014 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Tue, 18 Feb 2014 16:50:19 -0500 Subject: Newbie: Search for iphone method In-Reply-To: <5303BE5E.9020802@ioioioio.eu> References: <47543242099148784@unknownmsgid> <53036DDF.5010305@guardianproject.info> <61BD0B3D-152C-4FA1-8FCE-06CD16A3BBFC@gmail.com> <5303BE5E.9020802@ioioioio.eu> Message-ID: <5303D59B.5060708@guardianproject.info> Good point. I forgot about the iTunes restrictions, they are not compatible with the GPL for sure, and probably not the LGPL, so a GnuPG port cannot be legally distributed in Apple iTunes. .hc On 02/18/2014 03:11 PM, system at ioioioio.eu wrote: > consider *cydia* for jailbreak/iphone, as it uses apt-get routines to deliver > software somehow. that could help understanding the mechanics behind the > itunes/wall. some sort of software is prohibited for/from apple, so check > usage of encryption software as well on us.import/export rules as well to safe > energy for this project. > > a browser based piece of software would be more in the focus, i mentioned some > weeks ago. > > anyhow, good luck with xcode ( dev. enviroment for iphone/ios ) > https://developer.apple.com/xcode/ > > regards > > Am 18.02.2014 21:05, schrieb mercuryrising: >> And how would you make >> A GUI. What >> Programming would I have to learn. I used to program in basic Between 37 and >> 25 years ago. On a GRS 80 laptop. Are we talking a degree in software >> engineering? >> Sent from my iPhone >> >>> On Feb 18, 2014, at 6:27 AM, Hans-Christoph Steiner >>> wrote: >>> >>> >>> Since GnuPG has run on Mac OS X and FreeBSD for a long time now, it should be >>> a pretty easy port to get GnuPG running on iPhone. Someone would have to make >>> a GUI tho. >>> >>> .hc >>> >>>> On 02/18/2014 04:00 AM, J?rgen Polster wrote: >>>> Hmm, >>>> One of the options for IOS user is oPenGp, which interacts nicely. But to >>>> answer correctly: no. >>>> >>>> *JP* >>>> >>>> >>>> >>>> _______________________________________________ >>>> Gnupg-users mailing list >>>> Gnupg-users at gnupg.org >>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> -- >>> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >>> >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 From ei8fdb at ei8fdb.org Tue Feb 18 23:20:53 2014 From: ei8fdb at ei8fdb.org (Bernard Tyers - ei8fdb) Date: Tue, 18 Feb 2014 22:20:53 +0000 Subject: Organizing a GPG key signing party in London In-Reply-To: <52FB5DA7.7010005@mozilla.com> References: <52FB5DA7.7010005@mozilla.com> Message-ID: Hello Ludovic! I?d like to go along and take part. One thing: what kind of person are you expecting to attend? I would like to suggest you open it to journalists, human rights defenders, activist communities? I was at the Fosdem KSP and eventhough I enjoyed it (can you actually ?enjoy? a key signing party?) I observed some ways in which it might have been improved, particularly for first time party-goers. I had intended on writing this up as some feedback for the great Fosdem people in case they were interested, but you?ve prompted me to do it here: NB: This feedback makes the following assumptions: 1. People who *are not* advanced/expert GPG are encouraged to attend. 2. A similar key signing protocol to the modified Zimmerman-Sassaman is used. 1. Explain whats needed *before* you attend the key signing party. Steps of: a. Submit your keys before date X. Give clear steps on how to submit the keys. b. Inform the user when the list of participants will be released. Explain the list of participants needs to be downloaded. c. Please, please, please outline the steps the user needs to take to verify the participant lists keysum *on the website not* in the list of participants. (I spoke with a lot of party goers at Fosdem who were unaware of the steps?which were in the list of keys. But if you didn?t know you had to download the list, and didn?t have access to a printer?.) 2. Explain the overall process involved *once you are at* the key signing party. Again, at Fosdem this seemed to be handled eventually by word of mouth and general ?whipping? people into order. Some people were unsure of the process. 3. Explain what is needed *after* the party finishes. This was handled well at the Fosdem party. A few other things I made a note of were: - If possible try and had tables provided for the people taking part so they can put their documentation/equipment down while they are checking keys etc. - Have some people helping out when people don?t know what?s involved. - Think about capping the maximum amount of people able to attend, or think about having two sessions. I thought it interesting even those who looked like ?seasoned? key signing party goers needed to stop and think about what they should do in certain circumstances. Only because of the kindness of one party goer I managed to get as far as I did. While the Fosdem party webpage technically had 99% of the information needed, it was not very user-friendly, particularly to a non-seasoned KSP person. I really hope they can redesign it to be easier to read. If you need some help, please let me know as I?d happily help out. All the best, Bernard On 12 Feb 2014, at 11:40, Ludovic Hirlimann wrote: > Hi, > > I'm organizing a pgp key signing party in London on March the 25th at > 6:30 PM BST in the mozilla space of the mozilla office in London. > > I've been trying to reach out to Londoners and Uk users of pgp using > twitter ( https://twitter.com/lhirlimann/status/432867811002564608 ), > I've tried to contact the Linux Users group, but din't get much out of > it. So I'm going to try to get some atention here. > > The space is limited in the london office so you'll need to register > using event brite at > https://www.eventbrite.fr/e/gpg-key-signing-party-london-uk-tickets-10551117677 > . > > Ludo -------------------------------------- Bernard / bluboxthief / ei8fdb If you?d like to get in touch, please do: http://me.ei8fdb.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 881 bytes Desc: Message signed with OpenPGP using GPGMail URL: From system at ioioioio.eu Tue Feb 18 21:11:10 2014 From: system at ioioioio.eu (system at ioioioio.eu) Date: Tue, 18 Feb 2014 21:11:10 +0100 Subject: Newbie: Search for iphone method In-Reply-To: <61BD0B3D-152C-4FA1-8FCE-06CD16A3BBFC@gmail.com> References: <47543242099148784@unknownmsgid> <53036DDF.5010305@guardianproject.info> <61BD0B3D-152C-4FA1-8FCE-06CD16A3BBFC@gmail.com> Message-ID: <5303BE5E.9020802@ioioioio.eu> consider *cydia* for jailbreak/iphone, as it uses apt-get routines to deliver software somehow. that could help understanding the mechanics behind the itunes/wall. some sort of software is prohibited for/from apple, so check usage of encryption software as well on us.import/export rules as well to safe energy for this project. a browser based piece of software would be more in the focus, i mentioned some weeks ago. anyhow, good luck with xcode ( dev. enviroment for iphone/ios ) https://developer.apple.com/xcode/ regards Am 18.02.2014 21:05, schrieb mercuryrising: > And how would you make > A GUI. What > Programming would I have to learn. I used to program in basic Between 37 and 25 years ago. On a GRS 80 laptop. Are we talking a degree in software engineering? > Sent from my iPhone > >> On Feb 18, 2014, at 6:27 AM, Hans-Christoph Steiner wrote: >> >> >> Since GnuPG has run on Mac OS X and FreeBSD for a long time now, it should be >> a pretty easy port to get GnuPG running on iPhone. Someone would have to make >> a GUI tho. >> >> .hc >> >>> On 02/18/2014 04:00 AM, J?rgen Polster wrote: >>> Hmm, >>> One of the options for IOS user is oPenGp, which interacts nicely. But to >>> answer correctly: no. >>> >>> *JP* >>> >>> >>> >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> -- >> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From benjamin at py-soft.co.uk Tue Feb 18 23:34:51 2014 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue, 18 Feb 2014 22:34:51 +0000 Subject: Organizing a GPG key signing party in London In-Reply-To: <52FB5DA7.7010005@mozilla.com> References: <52FB5DA7.7010005@mozilla.com> Message-ID: On 12 February 2014 11:40, Ludovic Hirlimann wrote: > I'm organizing a pgp key signing party in London on March the 25th at > 6:30 PM BST in the mozilla space of the mozilla office in London. > British Summer Time does not begin until Sunday 30th March this year(1). Do you mean Greenwich Mean Time? Regards, Ben (1) https://www.gov.uk/when-do-the-clocks-change -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhs at berklix.com Wed Feb 19 00:05:37 2014 From: jhs at berklix.com (Julian H. Stacey) Date: Wed, 19 Feb 2014 00:05:37 +0100 Subject: Organizing a GPG key signing party in London In-Reply-To: Your message "Tue, 18 Feb 2014 22:20:53 GMT." Message-ID: <201402182305.s1IN5b43043995@fire.js.berklix.net> Bernard Tyers - ei8fdb wrote: > > --===============0194389773== > Content-Type: multipart/signed; boundary="Apple-Mail=_42600D74-BACD-4F4B-9BD8-3B20FDE29090"; protocol="application/pgp-signature"; micalg=pgp-sha1 > > > --Apple-Mail=_42600D74-BACD-4F4B-9BD8-3B20FDE29090 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; > charset=windows-1252 > > Hello Ludovic! > > I=92d like to go along and take part. > > One thing: what kind of person are you expecting to attend? I would like = > to suggest you open it to journalists, human rights defenders, activist = > communities? > > I was at the Fosdem KSP and eventhough I enjoyed it (can you actually = > =93enjoy=94 a key signing party?) I observed some ways in which it might = > have been improved, particularly for first time party-goers. > > I had intended on writing this up as some feedback for the great Fosdem = > people in case they were interested, but you=92ve prompted me to do it = > here: > > NB: This feedback makes the following assumptions: > > 1. People who *are not* advanced/expert GPG are encouraged to attend. > 2. A similar key signing protocol to the modified Zimmerman-Sassaman is = > used. > > > 1. Explain whats needed *before* you attend the key signing party. > > Steps of: > a. Submit your keys before date X. Give clear steps on how to submit the = > keys. > b. Inform the user when the list of participants will be released. = > Explain the list of participants needs to be downloaded. > c. Please, please, please outline the steps the user needs to take to = > verify the participant lists keysum *on the website not* in the list of = > participants. > > (I spoke with a lot of party goers at Fosdem who were unaware of the = > steps=85which were in the list of keys. But if you didn=92t know you had = > to download the list, and didn=92t have access to a printer=85.) > > 2. Explain the overall process involved *once you are at* the key = > signing party. > > Again, at Fosdem this seemed to be handled eventually by word of mouth = > and general =93whipping=94 people into order. Some people were unsure of = > the process. > > 3. Explain what is needed *after* the party finishes. > > This was handled well at the Fosdem party. > > > A few other things I made a note of were: > > - If possible try and had tables provided for the people taking part so = > they can put their documentation/equipment down while they are checking = > keys etc.=20 > > - Have some people helping out when people don=92t know what=92s = > involved. > > - Think about capping the maximum amount of people able to attend, or = > think about having two sessions. > > I thought it interesting even those who looked like =93seasoned=94 key = > signing party goers needed to stop and think about what they should do = > in certain circumstances. > > Only because of the kindness of one party goer I managed to get as far = > as I did.=20 > > While the Fosdem party webpage technically had 99% of the information = > needed, it was not very user-friendly, particularly to a non-seasoned = > KSP person. I really hope they can redesign it to be easier to read. > > If you need some help, please let me know as I=92d happily help out. > > All the best, > Bernard > > > On 12 Feb 2014, at 11:40, Ludovic Hirlimann wrote: > > > Hi, > >=20 > > I'm organizing a pgp key signing party in London on March the 25th at > > 6:30 PM BST in the mozilla space of the mozilla office in London. > >=20 > > I've been trying to reach out to Londoners and Uk users of pgp using > > twitter ( https://twitter.com/lhirlimann/status/432867811002564608 ), > > I've tried to contact the Linux Users group, but din't get much out of > > it. So I'm going to try to get some atention here. > >=20 > > The space is limited in the london office so you'll need to register > > using event brite at > > = > https://www.eventbrite.fr/e/gpg-key-signing-party-london-uk-tickets-105511= > 17677 > > . > >=20 > > Ludo I suggest Ludovic Hirlimann should search London BSD Group & contact eg http://www.bsdgroups.org.uk/london/ http://mailman.uk.freebsd.org/mailman/listinfo/ukfreebsd Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with "> ". Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. From ludovic at mozilla.com Wed Feb 19 06:44:44 2014 From: ludovic at mozilla.com (Ludovic Hirlimann) Date: Wed, 19 Feb 2014 06:44:44 +0100 Subject: Organizing a GPG key signing party in London In-Reply-To: <201402182305.s1IN5b43043995@fire.js.berklix.net> References: <201402182305.s1IN5b43043995@fire.js.berklix.net> Message-ID: <530444CC.9080408@mozilla.com> On 19/02/2014 00:05, Julian H. Stacey wrote: > Bernard Tyers - ei8fdb wrote: >> --===============0194389773== >> Content-Type: multipart/signed; boundary="Apple-Mail=_42600D74-BACD-4F4B-9BD8-3B20FDE29090"; protocol="application/pgp-signature"; micalg=pgp-sha1 >> >> >> --Apple-Mail=_42600D74-BACD-4F4B-9BD8-3B20FDE29090 >> Content-Transfer-Encoding: quoted-printable >> Content-Type: text/plain; >> charset=windows-1252 >> >> Hello Ludovic! >> >> I=92d like to go along and take part. >> >> One thing: what kind of person are you expecting to attend? I would like = >> to suggest you open it to journalists, human rights defenders, activist = >> communities? >> >> I was at the Fosdem KSP and eventhough I enjoyed it (can you actually = >> =93enjoy=94 a key signing party?) I observed some ways in which it might = >> have been improved, particularly for first time party-goers. >> >> I had intended on writing this up as some feedback for the great Fosdem = >> people in case they were interested, but you=92ve prompted me to do it = >> here: >> >> NB: This feedback makes the following assumptions: >> >> 1. People who *are not* advanced/expert GPG are encouraged to attend. >> 2. A similar key signing protocol to the modified Zimmerman-Sassaman is = >> used. >> >> 1. Explain whats needed *before* you attend the key signing party. >> >> Steps of: >> a. Submit your keys before date X. Give clear steps on how to submit the = >> keys. >> b. Inform the user when the list of participants will be released. = >> Explain the list of participants needs to be downloaded. This was pretty clear on the fosdem keysgning key page >> c. Please, please, please outline the steps the user needs to take to = >> verify the participant lists keysum *on the website not* in the list of = >> participants. >> >> (I spoke with a lot of party goers at Fosdem who were unaware of the = >> steps=85which were in the list of keys. But if you didn=92t know you had = >> to download the list, and didn=92t have access to a printer=85.) >> >> 2. Explain the overall process involved *once you are at* the key = >> signing party. >> >> Again, at Fosdem this seemed to be handled eventually by word of mouth = >> and general =93whipping=94 people into order. Some people were unsure of = >> the process. That's because some people were late. I've submitte feedbakc to the organizer , adn he'll change a few things for netx year. >> 3. Explain what is needed *after* the party finishes. >> >> This was handled well at the Fosdem party. >> >> >> A few other things I made a note of were: >> >> - If possible try and had tables provided for the people taking part so = >> they can put their documentation/equipment down while they are checking = >> keys etc.=20 We had that once in 2007 - it didn't scale at all. Time for people to seat etc .... >> - Have some people helping out when people don=92t know what=92s = >> involved. that's a very good point. >> - Think about capping the maximum amount of people able to attend, or = >> think about having two sessions. I've said tell people in avacnce how long it might take. >> I thought it interesting even those who looked like =93seasoned=94 key = >> signing party goers needed to stop and think about what they should do = >> in certain circumstances. >> >> Only because of the kindness of one party goer I managed to get as far = >> as I did.=20 >> >> While the Fosdem party webpage technically had 99% of the information = >> needed, it was not very user-friendly, particularly to a non-seasoned = >> KSP person. I really hope they can redesign it to be easier to read. >> >> If you need some help, please let me know as I=92d happily help out. >> >> All the best, >> Bernard >> >> On 12 Feb 2014, at 11:40, Ludovic Hirlimann wrote: >> >>> Hi, >>> =20 >>> I'm organizing a pgp key signing party in London on March the 25th at >>> 6:30 PM BST in the mozilla space of the mozilla office in London. >>> =20 >>> I've been trying to reach out to Londoners and Uk users of pgp using >>> twitter ( https://twitter.com/lhirlimann/status/432867811002564608 ), >>> I've tried to contact the Linux Users group, but din't get much out of >>> it. So I'm going to try to get some atention here. >>> =20 >>> The space is limited in the london office so you'll need to register >>> using event brite at >>> = >> https://www.eventbrite.fr/e/gpg-key-signing-party-london-uk-tickets-105511= >> 17677 >>> . >>> =20 >>> Ludo > I suggest Ludovic Hirlimann should search > London BSD Group > & contact eg > http://www.bsdgroups.org.uk/london/ > http://mailman.uk.freebsd.org/mailman/listinfo/ukfreebsd > > Cheers, > Julian Thanks Julian -- [:Usul] MOC Team at Mozilla QA Lead fof Thunderbird http://sietch-tabr.tumblr.com/ - http://weusepgp.info/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4222 bytes Desc: S/MIME Cryptographic Signature URL: From wk at gnupg.org Wed Feb 19 09:30:52 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Feb 2014 09:30:52 +0100 Subject: Safe curves in gnupg? In-Reply-To: <5303B936.8010309@gmx.com> (Renato Martini's message of "Tue, 18 Feb 2014 16:49:10 -0300") References: <5302F2CF.6030806@fifthhorseman.net> <87mwho5j4l.fsf@vigenere.g10code.de> <5303B936.8010309@gmx.com> Message-ID: <87lhx74i83.fsf@vigenere.g10code.de> On Tue, 18 Feb 2014 20:49, renato.martini at gmx.com said: > In Brazil will use probably the Brainpool curves too, for example to a > CA root the curve "brainpoolp512r1" OID sets to "1 3 36 3 3 2 8 1 1 > 13". By the way, the Brainpool it is *not* supported yet in the We support them in Libgcrypt and are listed in the curve selection menu of gpg: #if GPG_USE_EDDSA { "Ed25519", 0, 0, "Curve 25519" }, #endif #if GPG_USE_ECDSA || GPG_USE_ECDH { "NIST P-256", 0, 1, }, { "NIST P-384", 0, 0, }, { "NIST P-521", 0, 1, }, { "brainpoolP256r1", 0, 1, "Brainpool P-256" }, { "brainpoolP384r1", 0, 1, "Brainpool P-384" }, { "brainpoolP512r1", 0, 1, "Brainpool P-512" }, { "secp256k1", 0, 1 }, #endif In no expert mode there will only be Curve25519 and NIST P-384. I wonder whether I should allow Brainpool P-512r1 also in non-expert mode. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jayeharris at epbfi.com Wed Feb 19 01:09:15 2014 From: jayeharris at epbfi.com (jayeharris) Date: Wed, 19 Feb 2014 00:09:15 +0000 Subject: Organizing a GPG key signing party in London Message-ID: <20140219000915.E06A023826F@vzwemconn29.vzw-prod.oz.com> An HTML attachment was scrubbed... URL: From devtadas at gmail.com Tue Feb 18 22:19:33 2014 From: devtadas at gmail.com (Tadas Slotkus) Date: Tue, 18 Feb 2014 23:19:33 +0200 Subject: How to verify revocation? Message-ID: <20140218231933.1e8697791ea130b85afa0fc6@gmail.com> Hello, I revoked my key and on the public key server it says: "*** KEY REVOKED *** [not verified]" Why does it say that revocation is not verified? For example here: http://keys.gnupg.net/pks/lookup?op=index&search=mrtadis Thanks, Tadas From dbhukta at gmail.com Wed Feb 19 08:13:36 2014 From: dbhukta at gmail.com (dbhukta .) Date: Wed, 19 Feb 2014 12:43:36 +0530 Subject: GPG tool for Windows Embeddd Compact 7 Message-ID: Dear Sir/Madam, Let me know any version which is compatible for Windows embedded Compact 7 to encrypt/decrypt a text file at least. Looking forward for your valuable answer. Thanking you -- Regards, Dinabandhu Bhukta 8600096629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Wed Feb 19 11:55:46 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 19 Feb 2014 11:55:46 +0100 Subject: How to verify revocation? In-Reply-To: <20140218231933.1e8697791ea130b85afa0fc6@gmail.com> References: <20140218231933.1e8697791ea130b85afa0fc6@gmail.com> Message-ID: <10024077.fq8LkXhDkx@inno> Am Di 18.02.2014, 23:19:33 schrieb Tadas Slotkus: > Hello, > > I revoked my key and on the public key server it says: > "*** KEY REVOKED *** [not verified]" > Why does it say that revocation is not verified? That probably refers to the point that the keyservers don't do crypto checks. It means: There is a packet which looks like a key revocation but it could be forged. If an OpenPGP application downloads the key from the server then it does a signature check. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From kristian.fiskerstrand at sumptuouscapital.com Wed Feb 19 12:08:27 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Wed, 19 Feb 2014 12:08:27 +0100 Subject: How to verify revocation? In-Reply-To: <10024077.fq8LkXhDkx@inno> References: <20140218231933.1e8697791ea130b85afa0fc6@gmail.com> <10024077.fq8LkXhDkx@inno> Message-ID: <530490AB.3020404@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/19/2014 11:55 AM, Hauke Laging wrote: > Am Di 18.02.2014, 23:19:33 schrieb Tadas Slotkus: >> Hello, >> >> I revoked my key and on the public key server it says: "*** KEY >> REVOKED *** [not verified]" Why does it say that revocation is >> not verified? > > That probably refers to the point that the keyservers don't do > crypto checks. It means: There is a packet which looks like a key > revocation but it could be forged. If an OpenPGP application > downloads the key from the server then it does a signature check. > That is a correct interpretation, indeed. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Expect the best. Prepare for the worst. Capitalize on what comes." (Zig Ziglar) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTBJCrAAoJEPw7F94F4TaglHsP/0Nnbq+PWpL+XD5EpCSZ02sl J7WCSwYdOqDHc+J50leknZU4/1nbTW9Jj2Ttf24MvIqodqTe5HAZXbPUFDE/Jl8v OgEwF3gy1QHApektYQZ+HPdgRkHjYJ2aVTIOaz48HdTNmK6mHGL80xo6/Yx8qFQk OTrBmvwM6APuRjxnewiVZeSV+WnCyki4ePrxpsCzn64wAHRxk4Q7f7A11MhLMlag nQ5ZhAlfXhcc1A6E10kLMvUPQ+0++vcL8mL9IPlNZuiERtaN7xriNcwYG7kNpJFQ vmxW3LLGSBrVd6qAFp0d6VErNoCZLhS2tYMmD5KcgZNHLkipBCVEUZgERffgDiOZ i1fRFYmJBgVt1Y3YOS61g73lA2rpfWbGvUxBrFTk9eCFa3EUwlWfaKto5Zvmj9eH ZKPyc4+V/naobzFy2N7Mu9gEUL7GTql+PhyOz4Hj5FA12UaglslFPup6oueDp4Co XIsnZBy03uP05hMajTc5iNfvPHMUP9jUJ+1EmJXfQkCUYebHdfogEy54qJcRubAX jd0e6ZjLz28NtzCMgrw6pargXYOUO2nt1PGKsmMwo20v/KimAjI6Y0o9fiDHqyPd EC151REDeqFGBGR+gdA+ZrRJlduf+Pr/qspzPZs/8prj+4Ku9OrGzL3iFk+5j8Bc MueSFVIsuZ1vdsc69RF6 =f8af -----END PGP SIGNATURE----- From renato.martini at gmx.com Wed Feb 19 13:10:02 2014 From: renato.martini at gmx.com (Renato Martini) Date: Wed, 19 Feb 2014 09:10:02 -0300 (BRT) Subject: Safe curves in gnupg? In-Reply-To: <87lhx74i83.fsf@vigenere.g10code.de> References: <87mwho5j4l.fsf@vigenere.g10code.de> <5303B936.8010309@gmx.com> <87lhx74i83.fsf@vigenere.g10code.de> Message-ID: <20140219.091002.175504012.renato.martini@gmx.com> From: Werner Koch Subject: Re: Safe curves in gnupg? Date: Wed, 19 Feb 2014 09:30:52 +0100 Good work. The openssl is delayed. > > In no expert mode there will only be Curve25519 and NIST P-384. I > wonder whether I should allow Brainpool P-512r1 also in non-expert mode. > > I guess so. IMHO after the "Suite B" facts should be done... fips_mode(), no thanks. regards -- Renato Martini - Brasil, Brasilia (DF) http://renatomartini.net From lhirlimann at mozilla.com Wed Feb 19 11:47:11 2014 From: lhirlimann at mozilla.com (Ludovic Hirlimann) Date: Wed, 19 Feb 2014 11:47:11 +0100 Subject: Gnupg-users Digest, Vol 125, Issue 19 In-Reply-To: References: Message-ID: <53048BAF.3040402@mozilla.com> On 19/02/2014 11:36, gnupg-users-request at gnupg.org wrote: >> I'm organizing a pgp key signing party in London on March the 25th at >> 6:30 PM BST in the mozilla space of the mozilla office in London. >> > British Summer Time does not begin until Sunday 30th March this year(1). > Do you mean Greenwich Mean Time? > > Regards, > yes -- [:Usul] MOC Team at Mozilla QA Lead fof Thunderbird http://sietch-tabr.tumblr.com/ - http://weusepgp.info/ From mschoch at gmail.com Wed Feb 19 13:40:07 2014 From: mschoch at gmail.com (Martin) Date: Wed, 19 Feb 2014 13:40:07 +0100 Subject: gpg 1.4.16 Windows - version info Message-ID: <119177236.20140219134007@gmail.com> Hi Just installed GnuPG 1.4.16 for Windows (on XP over here). gpg --version gpg (GnuPG) 1.4.16 Now I see in the signed messages that the version information about GnuPG is very short: Version: GnuPG v1 Bug or feature? -- Beste Gr?sse, Martin mailto:mschoch at gmail.com From kristian.fiskerstrand at sumptuouscapital.com Wed Feb 19 15:17:23 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Wed, 19 Feb 2014 15:17:23 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: <119177236.20140219134007@gmail.com> References: <119177236.20140219134007@gmail.com> Message-ID: <5304BCF3.3060206@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/19/2014 01:40 PM, Martin wrote: > Hi > > Just installed GnuPG 1.4.16 for Windows (on XP over here). > > gpg --version gpg (GnuPG) 1.4.16 > > Now I see in the signed messages that the version information > about GnuPG is very short: > > Version: GnuPG v1 > > Bug or feature? > Feature. See announcement of 1.4.16 at [0] that describe "Put only the major version number by default into armored output." [0] http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nulla regula sine exceptione No rule without exception -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTBLzvAAoJEPw7F94F4TagMZkP/1hj3suiBgzX4ajGYvXrAVSJ OuX8XruBtLXxgM0uvKJTw4DbFCi11OoJF/seU0OXWOKx5mKTCkEOV2NDzcHiThei 53awhuasJ6VIYLP66Kn1kulLrcig6mbrhFDVr9SHrRDDYHQy5Wq4x7MbcXT9QGCr amyS103eLX71poG3syHZUSct6ynm/0ZpSj4q3QBVP8dvT5wHZJSNrr/o361KQwv0 cj+AL5OejmIGDXhMWwdzW3+z0tcLel/aIVr34LPeoQDiJcpHB9uPR3lzN/J9di5e tQm2/F+wb/u4oeO8lrf3TzxS0P7ECu1MNWENGvEUn7+M6idARqi9YKtWj/tlbJqB U+AUfWEKXKlX4RE5/eys6c32cLoZT0c7PBOMfNEpGlW7zGGSfge3B8Wd4e+M+2Cx P2pPPwB4GYmmu01G2e6BgWpd1a91ZMZaGlC7YsPkQVSlme4I43vnxT3X/g9PxIIy dwnAhLHx6R6Ww1gXmqxHM5nhhFugFX6NmSX6AXq7ojdnRlyEc25dQWrI2n6B1YJ9 HlbA+feGvEx5NIjl4pFxWDwAtTD6TDsJMi0JemE7fKYVTE0whMXGYBuNwjnt/a4Y T1OLX+GtxQ69oj+V5EKw1FU7dO4+QVIliJU1v+Mpad5s5Liiofy/m+ZPL1J2d1GS EM58yNvMyOIW104Iq3Gt =MEwO -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Wed Feb 19 15:17:40 2014 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Wed, 19 Feb 2014 15:17:40 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: <119177236.20140219134007@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Martin ! Martin wrote: > Just installed GnuPG 1.4.16 for Windows (on XP over here). > gpg --version > gpg (GnuPG) 1.4.16 > Now I see in the signed messages that the version information about > GnuPG is very short: > Version: GnuPG v1 > Bug or feature? ...bug I suppose. I've the same problem. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iHEEAREDADEFAlMEvS0qGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMu34AmQGS5rxB9aXBQyA6gPIdI6pNQpAfAKCi 6QdyQaPav7NgifTD5afwUq/FPA== =VNme -----END PGP SIGNATURE----- From wk at gnupg.org Wed Feb 19 17:27:16 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Feb 2014 17:27:16 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: <119177236.20140219134007@gmail.com> (Martin's message of "Wed, 19 Feb 2014 13:40:07 +0100") References: <119177236.20140219134007@gmail.com> Message-ID: <87y5172hln.fsf@vigenere.g10code.de> On Wed, 19 Feb 2014 13:40, mschoch at gmail.com said: > Version: GnuPG v1 > > Bug or feature? Feature. Check this option: @item --emit-version @itemx --no-emit-version @opindex emit-version Force inclusion of the version string in ASCII armored output. If given once only the name of the program and the major number is emitted (default), given twice the minor is also emitted, given triple the micro is added, and given quad an operating system identification is also emitted. @option{--no-emit-version} disables the version line. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From laurent.jumet at skynet.be Thu Feb 20 06:53:16 2014 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 20 Feb 2014 06:53:16 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: <87y5172hln.fsf@vigenere.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Werner ! Werner Koch wrote: > Feature. Check this option: > @item --emit-version > @itemx --no-emit-version > @opindex emit-version > Force inclusion of the version string in ASCII armored output. If > given once only the name of the program and the major number is > emitted (default), given twice the minor is also emitted, given triple > the micro is added, and given quad an operating system identification > is also emitted. @option{--no-emit-version} disables the version > line. ...OK, stamping "emit-version" twice in GNUPG.CONF restores version like in my signature below. But what was the purpose of this feature? - --- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.16 iHEEAREDADEFAlMFmWQqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMyoUAnjObY2V+Yoape7snSgPI7sxuCCsYAJ9w ve8w8049l3uiJeI1c+EluXwlyw== =P4GN -----END PGP SIGNATURE----- From mercuryrising11 at gmail.com Thu Feb 20 08:07:55 2014 From: mercuryrising11 at gmail.com (Mercury Rising) Date: Wed, 19 Feb 2014 23:07:55 -0800 Subject: how do I use gnupg? Message-ID: How do I use gnupg on a Mac (OS X). Can I use the Mac to make and get a key to an Android phone for use there? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ei8fdb at ei8fdb.org Thu Feb 20 10:48:41 2014 From: ei8fdb at ei8fdb.org (Bernard Tyers - ei8fdb) Date: Thu, 20 Feb 2014 09:48:41 +0000 Subject: how do I use gnupg? In-Reply-To: References: Message-ID: <7FFB5937-D53F-4D51-BC33-675B2AFA7D9E@ei8fdb.org> On 20 Feb 2014, at 07:07, Mercury Rising wrote: > How do I use gnupg on a Mac (OS X). Can I use the Mac to make and get a key to an Android phone for use there? GPGSuite is (possibly) the most popular GPG implementation for Mac OS X. [1] It bundles GPGMail, GPG Keychain, GPG Services, MacGPG into one package, and works pretty well. I have used it to create keys to be used on Android devices as would be expected.. [1] https://gpgtools.org/ Bernard -------------------------------------- Bernard / bluboxthief / ei8fdb If you?d like to get in touch, please do: http://me.ei8fdb.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 881 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter at digitalbrains.com Thu Feb 20 11:06:27 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 20 Feb 2014 11:06:27 +0100 Subject: gpg asks for the same passphrase each time it uses new subkey In-Reply-To: <20140217132106.71278ff3@gentp.lnet> References: <20140217132106.71278ff3@gentp.lnet> Message-ID: <5305D3A3.10007@digitalbrains.com> On 17/02/14 13:21, Luis Ressel wrote: > Huh? It shouldn't be neccessary at all to enter your passphrase for > encryption... I think Faru meant that he/she had at some point already given the passphrase for decryption with his GnuPG key, but that he/she didn't expect to be prompted again when signing with the same GnuPG certificate. I'm using the term certificate here to refer to the whole of the primary key and all subkeys. The reason that you're prompted twice is that there is no technical reason why the passwords for different subkeys need to be the same. Since different passwords is such an exotic configuration, there is no "proper" command to achieve this, but it is technically possible[1]. This means that GnuPG actually really doesn't know the password for the signing subkey. It won't just try the password for the decryption key to see if that happens to fit; it will ask for the password. So you could arrange for the password to be asked on the start of your session by simply having this execute at the start of your session: $ echo dummy | gpg2 -s >/dev/null The command you mentioned (gpg se | gpg d) would ask for two passwords, one for signing, and one for decryption. Obviously, you would need to set the time to live for the passphrase large enough for it to still be valid when the cron job runs. An alternative is a passphraseless separate signing key that you only use to sign your backups. This has different security properties; you need to assess which is best for you. HTH, Peter. [1] If someone is interested, I can show how you can do this. But you could also try to search the mailing list for it, because it has been done before :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Thu Feb 20 13:52:34 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Feb 2014 13:52:34 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: (Laurent Jumet's message of "Thu, 20 Feb 2014 06:53:16 +0100") References: Message-ID: <87eh2y2bfx.fsf@vigenere.g10code.de> On Thu, 20 Feb 2014 06:53, laurent.jumet at skynet.be said: > ...OK, stamping "emit-version" twice in GNUPG.CONF restores version like in > my signature below. > But what was the purpose of this feature? It is an old contentious point. Some claim that the exact version is helpful to locate vulnerable implementations. Other do not agree with that and like to have the version number to have some insight into which versions are actually in use. In the light of recent events the first group got more traction and thus I changed the default. However, I kept the major version number because it is quite interesting to notice the usage of GnuPG-2 compared to -1. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kristian.fiskerstrand at sumptuouscapital.com Thu Feb 20 14:11:47 2014 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 20 Feb 2014 14:11:47 +0100 Subject: gpg 1.4.16 Windows - version info In-Reply-To: <87eh2y2bfx.fsf@vigenere.g10code.de> References: <87eh2y2bfx.fsf@vigenere.g10code.de> Message-ID: <5305FF13.1090103@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/20/2014 01:52 PM, Werner Koch wrote: > On Thu, 20 Feb 2014 06:53, laurent.jumet at skynet.be said: > >> ...OK, stamping "emit-version" twice in GNUPG.CONF restores >> version like in my signature below. But what was the purpose of >> this feature? > > It is an old contentious point. Some claim that the exact version > is helpful to locate vulnerable implementations. Other do not > agree with that and like to have the version number to have some > insight into which versions are actually in use. In the light of > recent events the first group got more traction and thus I changed > the default. However, I kept the major version number because it > is quite interesting to notice the usage of GnuPG-2 compared to > -1. Another factor to consider here is also that major distributions backport security fixes without bumping minor and patch versions. So the version information doesn't necessarily provide a good picture of the state of a system. I support just reporting the major version (as I agree this can be of interest) and maybe when 2.1 comes out separate between 2.0 and 2.1 in some way (i.e. include minor as well). Although this isn't strictly speaking from a usability perspective (as the capabilities of a given user's implementation would be presented in the key preferences), it might have some value in tracking upgrade adoption. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "A government that robs Peter to pay Paul can always depend on the support of Paul." (George Bernard Shaw) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTBf8PAAoJEPw7F94F4TagLEYP/1FeTe/PLm6L7bhjdIvIRYmD DIhYx94lNyJWN9IDUemR+7PLDNgvmBYHy8squF7coC/4e+7wQ/S6iPvZpCFyGHBZ eOZjXHOtESzBkPs8Js5QriRXJASEVAG/aGrOdZPCE4PUnNa5QtAll9mmb8AV1K7y v3bSIhRga3P93wNnXIxfJ5Qc/Gb+8LB61KWD8LeE959sk6YvJYdFKVUpuCPs2y+O W808gksN4o3sonLQv9ghgjTBO+zGDIKQLSBGv5GcIaxqBv+Wf5V9f9VO06dUodGu 1AbxvJL5LqgWGyM1WXJSbBLK1GZH6fehNZ/GS2PKtAwLzHLofoTRCNHc5V9+Fz9s NsfskHe1X5+PL3kTh8TaXQYr2OjeUhdGaEgfx3Y++TshljUsUzMEmT38zrJiAC5A PJRniei9VRZb1uTqPXbqrUNas2l+3zFQKNZZ3PdLMyGhQJNtKtsmb5Ijv8RXsncV wWWeAvoT4irnwp7WmqUXKVEeM6v9URbgD9uhkjE2/JcG7GFi6z9hI0x9VlqfIYBt DImN9jB9y1S8qubnozag9Ui+d0eR7TKKRNMOCEaA51Qwis3r1i+RGtApe9I98MzZ h/PNyf8/RACLkc1MgDvYSbbNcZYUpxbCbC0vrwde/1hESJ+IK8ub4Dlxdq4GXzJN JouwGHHzirUssDAMxb7w =PA4n -----END PGP SIGNATURE----- From aheinecke at intevation.de Thu Feb 20 18:01:31 2014 From: aheinecke at intevation.de (Andre Heinecke) Date: Thu, 20 Feb 2014 18:01:31 +0100 Subject: GPG tool for Windows Embeddd Compact 7 In-Reply-To: References: Message-ID: <201402201801.39298.aheinecke@intevation.de> Hi, On Wednesday 19 February 2014 08:13:36 dbhukta . wrote: > Let me know any version which is compatible for Windows embedded Compact 7 > to encrypt/decrypt a text file at least. GnuPG has been ported to Windows CE 5.0 so it should / could work on Windows embedded 7 (I guess its untested) as this work was done 2010 as part of a Project and there has been little interest in Windows CE since. We still have some binaries lying around: http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg_wince-dev-190111.zip Sources for that version: http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg-ce-dev-190111-src.zip And a signed sha1sums file in: http://files.kolab.org/local/windows-ce/gpg-snapshots/ Maybe it works, maybe not. Have fun -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From alan.meekins at gmail.com Thu Feb 20 20:59:09 2014 From: alan.meekins at gmail.com (Alan Meekins) Date: Thu, 20 Feb 2014 11:59:09 -0800 Subject: GPG tool for Windows Embeddd Compact 7 In-Reply-To: <201402201801.39298.aheinecke@intevation.de> References: <201402201801.39298.aheinecke@intevation.de> Message-ID: Not all Windows Embedded OSes are built on top of CE! Look here for a listing of the products. It sounds like you are likely using Windows Embedded Standard 7(aka WES7, yuck what a mouthful!) which is just a rebranded version of normal old Windows 7. If this is the case it means anything that can run on windows 7(big windows) will run on WES7 with no modification. The caveat about Windows Embedded is that you have the flexibility to strip out just about any componenet of Windows so the most likely issues you will hit are around what you have removed from the image causing breaks in 3rd party software such as GnuPG. So in short we need to know the exact version if Windows you are running to really give accurate advice. CE is a different world which may require you to recompile the programs you wish to run depending on your exact scenario. Cheers, -Alan On Thu, Feb 20, 2014 at 9:01 AM, Andre Heinecke wrote: > Hi, > > On Wednesday 19 February 2014 08:13:36 dbhukta . wrote: > > Let me know any version which is compatible for Windows embedded Compact > 7 > > to encrypt/decrypt a text file at least. > > GnuPG has been ported to Windows CE 5.0 so it should / could work on > Windows > embedded 7 (I guess its untested) as this work was done 2010 as part of a > Project and there has been little interest in Windows CE since. > > We still have some binaries lying around: > > http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg_wince-dev-190111.zip > > Sources for that version: > > http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg-ce-dev-190111-src.zip > > And a signed sha1sums file in: > http://files.kolab.org/local/windows-ce/gpg-snapshots/ > > Maybe it works, maybe not. > Have fun > > -- > Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aheinecke at intevation.de Fri Feb 21 10:25:32 2014 From: aheinecke at intevation.de (Andre Heinecke) Date: Fri, 21 Feb 2014 10:25:32 +0100 Subject: GPG tool for Windows Embeddd Compact 7 In-Reply-To: References: <201402201801.39298.aheinecke@intevation.de> Message-ID: <201402211025.33230.aheinecke@intevation.de> Hi, please keep the mailing list in CC so that others can also learn from this conversation. At Friday 21 February 2014 05:41:08 dbhukta . wrote: > Dear Sir, > > Greetings. > > Thanking you for your kind support > > The Binary is not compatible with Windows Embedded Compact 7, > > Please forward some clue, how can be ported to winec7 from wince5 for the > source code. We did use cegcc ( http://cegcc.sourceforge.net/ ) to build gnupg for wince. I'm not sure if this compiler actually works for your platform. So maybe you should start trying to get a Hello World program compiled with this before venturing into gnupg :) There is a convieniance option in the autogen.sh files of gnupg and it's libraries " --build-w32ce " that sets some build options and selects the toolchain. But generally it is not trivial to build for this platform and I'm pretty sure you will run into some problems. Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From wk at gnupg.org Fri Feb 21 17:03:51 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Feb 2014 17:03:51 +0100 Subject: GPG tool for Windows Embeddd Compact 7 In-Reply-To: <201402211025.33230.aheinecke@intevation.de> (Andre Heinecke's message of "Fri, 21 Feb 2014 10:25:32 +0100") References: <201402201801.39298.aheinecke@intevation.de> <201402211025.33230.aheinecke@intevation.de> Message-ID: <87bny0zc48.fsf@vigenere.g10code.de> On Fri, 21 Feb 2014 10:25, aheinecke at intevation.de said: > There is a convieniance option in the autogen.sh files of gnupg and it's > libraries " --build-w32ce " that sets some build options and selects the No, that won't work for Windows 7 or Windows Mobile 7. w32ce is plain old WindocsCE with the fragmented memory model and all such. GnuPG et al should still build there but some newer code might need to be tweaked again. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jrsong at cogeco.ca Sat Feb 22 01:06:17 2014 From: jrsong at cogeco.ca (john s.) Date: Fri, 21 Feb 2014 19:06:17 -0500 Subject: Newbie problem Message-ID: <20140221190617.f27de52c43bab0f920a04f5d@cogeco.ca> Having had no trouble generating a key pair, I am having some problems of understanding. I am going around in circles trying to understand something i am sure is quite straightforward. The command: gpg --edit-key UID takes me to a command prompt and suggests I check help. What do I do now? I wish to extend the the expiry date of my key which I initially set at one year John. From dshaw at jabberwocky.com Sat Feb 22 23:38:00 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 22 Feb 2014 17:38:00 -0500 Subject: Newbie problem In-Reply-To: <20140221190617.f27de52c43bab0f920a04f5d@cogeco.ca> References: <20140221190617.f27de52c43bab0f920a04f5d@cogeco.ca> Message-ID: <90DAD1AC-E3B0-496A-B1BF-05612FE0CDD8@jabberwocky.com> On Feb 21, 2014, at 7:06 PM, john s. wrote: > Having had no trouble generating a key pair, I am having some problems of > understanding. > > I am going around in circles trying to understand something i am sure is quite > straightforward. > > The command: > > gpg --edit-key UID takes me to a command prompt and suggests I check > help. What do I do now? I wish to extend the the expiry date of my key which I > initially set at one year Enter "expire" and follow the prompts. It will ask you for the new expiry date, and then ask for your passphrase to encode it onto the key. David From jambalaya.jrs at gmail.com Sun Feb 23 00:14:05 2014 From: jambalaya.jrs at gmail.com (john s.) Date: Sat, 22 Feb 2014 18:14:05 -0500 Subject: Newbie problem [solved] In-Reply-To: <90DAD1AC-E3B0-496A-B1BF-05612FE0CDD8@jabberwocky.com> References: <20140221190617.f27de52c43bab0f920a04f5d@cogeco.ca> <90DAD1AC-E3B0-496A-B1BF-05612FE0CDD8@jabberwocky.com> Message-ID: <20140222181405.028ca596b1638b7e02e25c8f@gmail.com> On Sat, 22 Feb 2014 17:38:00 -0500 David Shaw wrote: > On Feb 21, 2014, at 7:06 PM, john s. wrote: > > > Having had no trouble generating a key pair, I am having some problems of > > understanding. > > > > I am going around in circles trying to understand something i am sure is > > quite straightforward. > > > > The command: > > > > gpg --edit-key UID takes me to a command prompt and suggests I check > > help. What do I do now? I wish to extend the the expiry date of my key > > which I initially set at one year > > Enter "expire" and follow the prompts. It will ask you for the new expiry > date, and then ask for your passphrase to encode it onto the key. > > David > Thank you, I just couldn't see the wood for the tree. John > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From laurent.jumet at skynet.be Sun Feb 23 08:33:29 2014 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sun, 23 Feb 2014 08:33:29 +0100 Subject: Size of main key... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! With 1.4.16, I suppose there is no way to change the size of the main key (actual 1024), isn't it? I'm limited to RIPEMD160. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iHEEAREDADEFAlMJpK8qGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMOAMAoNaaBMKAIfZ6q698dAWRUxQ1XGXMAJ9F nL3qPImB23B5eAkvYKwubJCCzQ== =klX8 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Feb 23 15:18:29 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 23 Feb 2014 09:18:29 -0500 Subject: Size of main key... In-Reply-To: References: Message-ID: <01B341D8-1DF7-447C-993E-0B673F447DEB@jabberwocky.com> On Feb 23, 2014, at 2:33 AM, Laurent Jumet wrote: > With 1.4.16, I suppose there is no way to change the size of the main key > (actual 1024), isn't it? > I'm limited to RIPEMD160. If you're limited to using RIPEMD160 for some reason (or SHA-1, also a 160-bit hash), then you are limited to a 1024-bit DSA key. You are not limited to using DSA though: you can make a RSA main key of whatever size you desire, as RSA key sizes are not tied to the size of the hash. David From laurent.jumet at skynet.be Sun Feb 23 16:54:46 2014 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sun, 23 Feb 2014 16:54:46 +0100 Subject: Size of main key... In-Reply-To: <01B341D8-1DF7-447C-993E-0B673F447DEB@jabberwocky.com> Message-ID: Hello David ! David Shaw wrote: >> With 1.4.16, I suppose there is no way to change the size of the main >> key (actual 1024), isn't it? >> I'm limited to RIPEMD160. > If you're limited to using RIPEMD160 for some reason (or SHA-1, also a > 160-bit hash), then you are limited to a 1024-bit DSA key. You are not > limited to using DSA though: you can make a RSA main key of whatever size > you desire, as RSA key sizes are not tied to the size of the hash. ...yes but I mean: I've a DSA 1024 key KeyID: 0xCFAF704C Is there a way to upgrade to a 2048 key without changing main key KeyID: 0xCFAF704C ? -- Laurent Jumet KeyID: 0xCFAF704C From mailinglisten at hauke-laging.de Sun Feb 23 17:06:31 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 23 Feb 2014 17:06:31 +0100 Subject: Size of main key... In-Reply-To: References: Message-ID: <9955668.c94A66ozPz@inno> Am So 23.02.2014, 16:54:46 schrieb Laurent Jumet: > Is there a way to upgrade to a 2048 key without changing main key > KeyID: 0xCFAF704C ? There is no way of changing the key without a fingerprint change at all. If there was one then the whole system would be dead. And even then it would not work as expected by you. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From dshaw at jabberwocky.com Sun Feb 23 17:12:25 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 23 Feb 2014 11:12:25 -0500 Subject: Size of main key... In-Reply-To: References: Message-ID: <2EA36968-9233-4E61-9182-FFC101C2B92C@jabberwocky.com> On Feb 23, 2014, at 10:54 AM, Laurent Jumet wrote: > > Hello David ! > > David Shaw wrote: > >>> With 1.4.16, I suppose there is no way to change the size of the main >>> key (actual 1024), isn't it? >>> I'm limited to RIPEMD160. > >> If you're limited to using RIPEMD160 for some reason (or SHA-1, also a >> 160-bit hash), then you are limited to a 1024-bit DSA key. You are not >> limited to using DSA though: you can make a RSA main key of whatever size >> you desire, as RSA key sizes are not tied to the size of the hash. > > ...yes but I mean: I've a DSA 1024 key KeyID: 0xCFAF704C > Is there a way to upgrade to a 2048 key without changing main key KeyID: > 0xCFAF704C ? No. You can't add bits to a key, so the only way to do that is to make a new key, which would naturally give you a new key ID. It is possible to generate many keys over and over until you randomly hit the key ID you want, but that could take a while. It's not too bad to match the 32-bit (8-digit) key ID you see usually, but note that internally GnuPG uses 64 bits (16 digits) for most purposes, and no matter what you do, your fingerprint won't be the same in any case. David From jmuthuin at gmail.com Sun Feb 23 21:29:45 2014 From: jmuthuin at gmail.com (Jackson Muthui) Date: Sun, 23 Feb 2014 23:29:45 +0300 Subject: gpgsm Message-ID: I need help creating a x.509 key with gpgsm -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at chrisdown.name Mon Feb 24 08:56:28 2014 From: chris at chrisdown.name (Chris Down) Date: Mon, 24 Feb 2014 15:56:28 +0800 Subject: Using SCIM with GTK pinentry does not work In-Reply-To: <20140224072812.GC1545@chrisdown.name> References: <20140224072812.GC1545@chrisdown.name> Message-ID: <20140224075628.GA2095@chrisdown.name> On 2014-02-24 15:28:12 +0800, Chris Down wrote: > I use SCIM[0] to input Pinyin on Linux. This works with other programs, > but not the GTK pinentry dialog for gpg-agent. I just tried with pinentry-qt4, and it works, so I guess I'll use that for now. It would be nice if this was looked into, though. :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From chris at chrisdown.name Mon Feb 24 08:28:12 2014 From: chris at chrisdown.name (Chris Down) Date: Mon, 24 Feb 2014 15:28:12 +0800 Subject: Using SCIM with GTK pinentry does not work Message-ID: <20140224072812.GC1545@chrisdown.name> I use SCIM[0] to input Pinyin on Linux. This works with other programs, but not the GTK pinentry dialog for gpg-agent. In gpg-agent, no characters are recorded when I press keys. Disabling SCIM fixes this problem, but that's not an acceptable solution for me -- I need it. The changelog notes that this particular problem was fixed in 2009[1] in 2.0.13, but it still persists with 2.0.22 for me: From the changelog: > * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now > passed to the Pinentry to make SCIM work. I found some open bug entries[2] for this issue, which do not appear to have been resolved. The input method environment variables are in the pinentry program's environment, but this still does not work. Any ideas? Thanks. [0]: http://en.wikipedia.org/wiki/Smart_Common_Input_Method [1]: http://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000294.html [2]: https://bugzilla.redhat.com/show_bug.cgi?id=714041 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From arne.renkema-padmos at cased.de Sun Feb 23 23:09:54 2014 From: arne.renkema-padmos at cased.de (arne renkema-padmos) Date: Sun, 23 Feb 2014 23:09:54 +0100 Subject: Size of main key... In-Reply-To: <9955668.c94A66ozPz@inno> References: <9955668.c94A66ozPz@inno> Message-ID: <1393193395.15049.2.camel@dhcp100.hep.man.ac.uk> On Sun, 2014-02-23 at 17:06 +0100, Hauke Laging wrote: > Am So 23.02.2014, 16:54:46 schrieb Laurent Jumet: > > > Is there a way to upgrade to a 2048 key without changing main key > > KeyID: 0xCFAF704C ? > > There is no way of changing the key without a fingerprint change at all. > If there was one then the whole system would be dead. And even then it > would not work as expected by you. While what you say is true, what you can do is create a key that has an equal keyID to your previous one. See this page for some more details: http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html or just Google for something like "keyid collision gpg". Cheers, arne -- Arne Renkema-Padmos Doctoral researcher CASED, TU Darmstadt @hcisec, secuso.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From peter at digitalbrains.com Mon Feb 24 13:32:34 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 24 Feb 2014 13:32:34 +0100 Subject: Size of main key... In-Reply-To: <1393193395.15049.2.camel@dhcp100.hep.man.ac.uk> References: <9955668.c94A66ozPz@inno> <1393193395.15049.2.camel@dhcp100.hep.man.ac.uk> Message-ID: <530B3BE2.60907@digitalbrains.com> On 23/02/14 23:09, arne renkema-padmos wrote: > While what you say is true, what you can do is create a key that has an > equal keyID to your previous one. However, if I see two keys: 0xCFAF704C Laurent Jumet created 2000-03-24 0xCFAF704C Laurent Jumet created 2014-02-24 Where the short ID and the UID matches but obviously the fingerprint does not, I'm going to be mightily suspicious and think twice before signing either of those. It looks like an attempt to subvert people into signing an attacker's key (although the attacker seems to have forgotten to spoof the creation date :). So you might not do yourself a service by creating this "convenient" key that matches your old one. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Mon Feb 24 13:42:43 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 24 Feb 2014 13:42:43 +0100 Subject: Size of main key... In-Reply-To: <530B3BE2.60907@digitalbrains.com> References: <1393193395.15049.2.camel@dhcp100.hep.man.ac.uk> <530B3BE2.60907@digitalbrains.com> Message-ID: <4513328.bK0DtvyNEy@inno> Am Mo 24.02.2014, 13:32:34 schrieb Peter Lebbing: > (although the attacker seems to have forgotten to spoof the creation > date :) That's probably intentional. People always use the newest certificate, don't they...? :-o -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Mon Feb 24 21:21:50 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 24 Feb 2014 21:21:50 +0100 Subject: Size of main key... In-Reply-To: <4513328.bK0DtvyNEy@inno> References: <1393193395.15049.2.camel@dhcp100.hep.man.ac.uk> <530B3BE2.60907@digitalbrains.com> <4513328.bK0DtvyNEy@inno> Message-ID: <530BA9DE.7080808@digitalbrains.com> On 24/02/14 13:42, Hauke Laging wrote: > That's probably intentional. People always use the newest certificate, > don't they...? :-o Well into hypothetical territory now because there was no attacker, but... I suppose you have a good point. Those people that think you can verify authenticity by just checking the short key ID, they might as well think that both keys are genuinely those of Laurent, and pick the most recent one. If I would do the attack, I would make everything as genuine as I could, so I would alter my system clock. But perhaps that's missing the opportunity to be chosen /in preference of/ the real key :). Neato. I was banking on just getting the fake key to be the only one that the victims see. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Wed Feb 26 06:08:41 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 26 Feb 2014 06:08:41 +0100 Subject: key generation: paranoia mode - explicit random input Message-ID: <5203664.LZo7IKJdkj@inno> Hello, I just got asked: "How do I know that GnuPG in distro XY is not compromised?" The answer to this question is long and unpleasant. Thinking about that I had an idea ? once more I can just hope it's new. One of the worst problems is that key generation might be compromised. I think this is the worst case because THEY would not even have to steal your key any more. And clever modifications to random data are hard to detect. I suggest to add a new key generation mode. The only difference would be that the random input is not read from /dev/random any more (and that random_seed would not be used or newly initialized) but from an explicit source: --random-source /path/to/file. With that (I guess very small) change every GnuPG installation should generate the same key material (of course, the timestamps would have to be given, too). Then people who need a very high level of security could create a pool of random data (e.g. by reading from /dev/random) and use this data and the same timestamps with different Linux distros, even with Windows. ;-) If the generated keys are exactly the same on all systems then it is very improbable that the key generation has been compromised (or all is lost anyway). This would be much easier (and thus available to normal people) than attempts to audit a distro. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From dkg at fifthhorseman.net Wed Feb 26 06:19:17 2014 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Feb 2014 00:19:17 -0500 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <5203664.LZo7IKJdkj@inno> References: <5203664.LZo7IKJdkj@inno> Message-ID: <530D7955.20204@fifthhorseman.net> On 02/26/2014 12:08 AM, Hauke Laging wrote: > I suggest to add a new key generation mode. The only difference would be > that the random input is not read from /dev/random any more (and that > random_seed would not be used or newly initialized) but from an explicit > source: --random-source /path/to/file. With that (I guess very small) > change every GnuPG installation should generate the same key material > (of course, the timestamps would have to be given, too). > > Then people who need a very high level of security could create a pool > of random data (e.g. by reading from /dev/random) and use this data and > the same timestamps with different Linux distros, even with Windows. ;-) > > If the generated keys are exactly the same on all systems then it is > very improbable that the key generation has been compromised (or all is > lost anyway). > > This would be much easier (and thus available to normal people) than > attempts to audit a distro. If i was an attacker who was compromising your software and i knew the software had this verification mode, i would make my modified software generate keys "correctly" when in this verification mode (clearly the software can tell when the entropy source is not /dev/random), and when it was not in this verification mode i would do my devious known-key "generation". So i don't see how this proposed change would let anyone sleep easier at night, unfortunately. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Wed Feb 26 06:33:55 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 26 Feb 2014 06:33:55 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <530D7955.20204@fifthhorseman.net> References: <5203664.LZo7IKJdkj@inno> <530D7955.20204@fifthhorseman.net> Message-ID: <3046785.38M7boRugT@inno> Am Mi 26.02.2014, 00:19:17 schrieb Daniel Kahn Gillmor: > If i was an attacker who was compromising your software and i knew the > software had this verification mode, i would make my modified > software generate keys "correctly" when in this verification mode > (clearly the software can tell when the entropy source is not > /dev/random), and when it was not in this verification mode i would > do my devious known-key "generation". I thought about that when writing the mail but... > So i don't see how this proposed change would let anyone sleep easier > at night, unfortunately. ...I came to a conclusion quite different from yours: The aim is getting a non-compromised key. Whether the non-compromised key is generated by a compromised GnuPG is a different question and does not affect the security of the key itself! Of course, damage can be caused later: Clean asymmetric crypto doesn't protect against compromised session keys e.g. Thus such a feature should not be bound to key generation (would be even less work then). If this was a general "switch the entropy source" feature then checks could be applied to encryption and signing (not needed for RSA). Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Wed Feb 26 08:56:17 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 26 Feb 2014 08:56:17 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <5203664.LZo7IKJdkj@inno> (Hauke Laging's message of "Wed, 26 Feb 2014 06:08:41 +0100") References: <5203664.LZo7IKJdkj@inno> Message-ID: <87wqgiux26.fsf@vigenere.g10code.de> On Wed, 26 Feb 2014 06:08, mailinglisten at hauke-laging.de said: > I suggest to add a new key generation mode. The only difference would be > that the random input is not read from /dev/random any more (and that > random_seed would not be used or newly initialized) but from an explicit You may first want to read about Libgcrypt/GnuPG RNG. The Libgcrypt manual has a section on it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From burn.till.skid at gmail.com Wed Feb 26 14:43:01 2014 From: burn.till.skid at gmail.com (=?iso-8859-1?Q?=D3scar?= Pereira) Date: Wed, 26 Feb 2014 13:43:01 +0000 Subject: GPG key trust after a signing party Message-ID: <20140226134301.GA2689@vroengard> Hello all, I've just stumbled across this question, on Security StackExchange, but it has no satisfactory answers, so I'd thought to relay it here. Basically, it asks whether after a GPG signing party, you still have to assign trust values to all the key (or rather the keys' owners) in order to have a meaning full web of trust. Finding myself asking the same question, I quote the question: ? I might be totally misunderstanding the concept of web-of-trust, but imagine the following scenario: I generate my key, then go to a key signing party, and after, I import all the keys which fingerprint I have verified, and sign those. Now, this will make all those keys fully valid, but the default trust for each key will still be set to the default, i.e. "unknown". Which means that if I now import a new key, even if this new key has enough (*) signatures from those, it still won't be considered valid, because none of those keys is trusted. Which means that for key signing parties to have some usefulness, we must set those keys' trust to at least marginally trusted. Right? Or am I making some mistake somewhere in my reasoning? (*) - In GPG's default security model, i.e. one sig from a fully trusted key, or 3 from marginally trusted keys. ? http://security.stackexchange.com/questions/52102/gpg-key-trust-after-a-signing-party Thanks for your help! -- ?scar Pereira -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From dshaw at jabberwocky.com Wed Feb 26 18:01:21 2014 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 26 Feb 2014 12:01:21 -0500 Subject: GPG key trust after a signing party In-Reply-To: <20140226134301.GA2689@vroengard> References: <20140226134301.GA2689@vroengard> Message-ID: On Feb 26, 2014, at 8:43 AM, ?scar Pereira wrote: > Hello all, > > I've just stumbled across this question, on Security StackExchange, > but it has no satisfactory answers, so I'd thought to relay it here. > Basically, it asks whether after a GPG signing party, you still have > to assign trust values to all the key (or rather the keys' owners) > in order to have a meaning full web of trust. Finding myself asking > the same question, I quote the question: > > ? I might be totally misunderstanding the concept of web-of-trust, > but imagine the following scenario: I generate my key, then go to > a key signing party, and after, I import all the keys which > fingerprint I have verified, and sign those. Now, this will make > all those keys fully valid, but the default trust for each key > will still be set to the default, i.e. "unknown". Which means that > if I now import a new key, even if this new key has enough (*) > signatures from those, it still won't be considered valid, because > none of those keys is trusted. A (slightly) simplified way to think of it is: 1) You sign someone's key to say "I assert that this key belongs to the person identified". 2) You assign trust to someone's key to say "I believe this person is responsible enough to do number 1 well". #1 is a public statement from you (your key) to the world. #2 is a private note in your own GPG setup. The two don't necessarily go together. If you think someone makes terrible signatures (for example, doesn't check sufficiently before signing), then you may still sign their key (after all, you're not making a statement as to their reliability, just as to their identity), but you probably wouldn't want to assign trust to their key. In other words, you believe their key belongs to them, but you don't "trust" them to make good signatures on other people's keys. At a keysigning party, it's quite common to be able to sign someone's key (you check some ID, verify their email address works via a cookie, and so on), but yet have no idea if the person is worth trusting to sign someone else's key. After all, in many cases, you've never even met them before. David p.s. There are variations here like the trust signature that combines both identity and trust into a single statement, and the local signature which is like a regular signature but not a public statement, but in the context of a keysigning party, they're much less common. From 2014-667rhzu3dc-lists-groups at riseup.net Wed Feb 26 22:01:40 2014 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Wed, 26 Feb 2014 21:01:40 +0000 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <3046785.38M7boRugT@inno> References: <5203664.LZo7IKJdkj@inno> <530D7955.20204@fifthhorseman.net> <3046785.38M7boRugT@inno> Message-ID: <367021134.20140226210140@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 NotDashEscaped: You need GnuPG to verify this message Hi On Wednesday 26 February 2014 at 5:33:55 AM, in , Hauke Laging wrote: > Whether the > non-compromised key is generated by a compromised GnuPG > is a different question and does not affect the > security of the key itself! And if the compromised GnuPG then leaks the private key and the passphrase? -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Life is a holiday. In the same way that glass is a liquid. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlMOVj1XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p0ZgEAI5nqpKNYFFsRtBbbPWSYSJdhmKfBEeJd98G H05SivKZBpJ7S0G7Fx0iFPV/k4CBstFlmVLjcqDlIgA1HqDl5rPENuOUdQAg1n6Q ZoyXvoL2RhNEucdkyvO2X8LcFEeyATOAaSDOs+3Qh+AEnyo2vW8mUuDNHqyB8IYD pwp3DQDY =e3m3 -----END PGP SIGNATURE----- From mailinglisten at hauke-laging.de Wed Feb 26 22:07:06 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 26 Feb 2014 22:07:06 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <87wqgiux26.fsf@vigenere.g10code.de> References: <5203664.LZo7IKJdkj@inno> <87wqgiux26.fsf@vigenere.g10code.de> Message-ID: <3790988.znny2Zr9Jj@inno> Am Mi 26.02.2014, 08:56:17 schrieb Werner Koch: > You may first want to read about Libgcrypt/GnuPG RNG. The Libgcrypt > manual has a section on it. I had a look at that but I am not sure what you want me to read. Could you be more precise about that? One thing came to my mind reading that: It may not be enough to "redirect" /dev/random as more entropy sources are used. I don't know though when they are used. Probably not for the generation of asymmetric and symmetric keys. It seems to me that in the worst case three different inputs have to be supplied (for the different quality levels). Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Wed Feb 26 22:08:42 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 26 Feb 2014 22:08:42 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <367021134.20140226210140@my_localhost> References: <5203664.LZo7IKJdkj@inno> <3046785.38M7boRugT@inno> <367021134.20140226210140@my_localhost> Message-ID: <2780237.j2gcbKhvCL@inno> Am Mi 26.02.2014, 21:01:40 schrieb MFPA: > And if the compromised GnuPG then leaks the private key and the > passphrase? How is it going to do that if (a) it's running on an offline system and (b) its output is compared with that of other GnuPG "versions"? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Wed Feb 26 22:29:46 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 26 Feb 2014 22:29:46 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <2780237.j2gcbKhvCL@inno> References: <5203664.LZo7IKJdkj@inno> <3046785.38M7boRugT@inno> <367021134.20140226210140@my_localhost> <2780237.j2gcbKhvCL@inno> Message-ID: <530E5CCA.8020500@digitalbrains.com> On 26/02/14 22:08, Hauke Laging wrote: > How is it going to do that if (a) it's running on an offline system and > (b) its output is compared with that of other GnuPG "versions"? Ultrasound, in combination with a nearby compromised online system with a microphone, for example. Your smartphone would be a pretty good candidate. Or through not-so-random padding on subsequent messages when the key is used, relying on you to bridge the air gap. It sounds to me like the age-old "my system is compromised, but I still want to use GnuPG on it". I think you've heard the answer to that. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Wed Feb 26 23:04:03 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 26 Feb 2014 23:04:03 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <530E5CCA.8020500@digitalbrains.com> References: <5203664.LZo7IKJdkj@inno> <2780237.j2gcbKhvCL@inno> <530E5CCA.8020500@digitalbrains.com> Message-ID: <66359311.YQ5LQH4aDO@inno> Am Mi 26.02.2014, 22:29:46 schrieb Peter Lebbing: > Ultrasound, in combination with a nearby compromised online system > with a microphone, for example. Trivial to prevent in comparison to the task of verifying a distro. > It sounds to me like the age-old "my system is compromised, but I > still want to use GnuPG on it". I think you've heard the answer to > that. This attitute doesn't help though considering that we meanwhile face a situation in which it has become more or less impossible to build a system which is known non-compromised. Your point is valid towards people who are just too lazy (or uninformed) to do what can be reasonably done. In that case a wish towards GnuPG could be simply replaced by improving the environment in which it is going to be used. My perspective is that what can be reasonably done at the system level may not be enough any more (at the upper border of requirements). Furthermore while you cannot fix security problems in the outer system by the inner system (which I assume is the main part of the answer you mentioned) please mind that this is not what I suggest. I want to enable users to create another layer of control outside their system. Thus I consider an improvement which is both easy to implement and easy to apply by the users a clear advantage. It is not enough to make ciphers and digests "NSA-proof" if that's not the attack vector they are going to use anyway. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From micha137 at gmx.de Thu Feb 27 08:38:37 2014 From: micha137 at gmx.de (Michael Anders) Date: Thu, 27 Feb 2014 08:38:37 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: References: Message-ID: <1393486717.2139.14.camel@micha137-myAMD-CM1740> The discussion on what to do in a "partially compromized" system is IMHO irrelevant. If a private key has been accessed on a system some adversary might have had a chance to tamper with(e.g. with the PRNG or generally if it is an NSA friendly OS connected to the web ;-) , there could have been a keylogger in place and security of the key is gone. If you consider the NSA to be a benevolent organization, you might make a distinction between security against criminals and security against the NSA, but that is politics and not cryptography. Cheers, Michael Anders From wk at gnupg.org Thu Feb 27 18:31:23 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 27 Feb 2014 18:31:23 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <3790988.znny2Zr9Jj@inno> (Hauke Laging's message of "Wed, 26 Feb 2014 22:07:06 +0100") References: <5203664.LZo7IKJdkj@inno> <87wqgiux26.fsf@vigenere.g10code.de> <3790988.znny2Zr9Jj@inno> Message-ID: <87ppm8tqc4.fsf@vigenere.g10code.de> On Wed, 26 Feb 2014 22:07, mailinglisten at hauke-laging.de said: > I had a look at that but I am not sure what you want me to read. Could > you be more precise about that? Below and also Peter Gutmann's book (see footnote in the text below). Shalom-Salam, Werner 16.6 Random-Number Subsystem Architecture ========================================= Libgcrypt provides 3 levels or random quality: The level `GCRY_VERY_STRONG_RANDOM' usually used for key generation, the level `GCRY_STRONG_RANDOM' for all other strong random requirements and the function `gcry_create_nonce' which is used for weaker usages like nonces. There is also a level `GCRY_WEAK_RANDOM' which in general maps to `GCRY_STRONG_RANDOM' except when used with the function `gcry_mpi_randomize', where it randomizes an multi-precision-integer using the `gcry_create_nonce' function. There are two distinct random generators available: * The Continuously Seeded Pseudo Random Number Generator (CSPRNG), which is based on the classic GnuPG derived big pool implementation. Implemented in `random/random-csprng.c' and used by default. * A FIPS approved ANSI X9.31 PRNG using AES with a 128 bit key. Implemented in `random/random-fips.c' and used if Libgcrypt is in FIPS mode. Both generators make use of so-called entropy gathering modules: rndlinux Uses the operating system provided `/dev/random' and `/dev/urandom' devices. rndunix Runs several operating system commands to collect entropy from sources like virtual machine and process statistics. It is a kind of poor-man's `/dev/random' implementation. It is not available in FIPS mode. rndegd Uses the operating system provided Entropy Gathering Daemon (EGD). The EGD basically uses the same algorithms as rndunix does. However as a system daemon it keeps on running and thus can serve several processes requiring entropy input and does not waste collected entropy if the application does not need all the collected entropy. It is not available in FIPS mode. rndw32 Targeted for the Microsoft Windows OS. It uses certain properties of that system and is the only gathering module available for that OS. rndhw Extra module to collect additional entropy by utilizing a hardware random number generator. As of now the only supported hardware RNG is the Padlock engine of VIA (Centaur) CPUs. It is not available in FIPS mode. 16.6.1 Description of the CSPRNG -------------------------------- This random number generator is loosely modelled after the one described in Peter Gutmann's paper: "Software Generation of Practically Strong Random Numbers".(1) A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash transform function. Several extra features are used to make the robust against a wide variety of attacks and to protect against failures of subsystems. The state of the generator may be saved to a file and initially seed form a file. Depending on how Libgcrypt was build the generator is able to select the best working entropy gathering module. It makes use of the slow and fast collection methods and requires the pool to initially seeded form the slow gatherer or a seed file. An entropy estimation is used to mix in enough data from the gather modules before returning the actual random output. Process fork detection and protection is implemented. The implementation of the nonce generator (for `gcry_create_nonce') is a straightforward repeated hash design: A 28 byte buffer is initially seeded with the PID and the time in seconds in the first 20 bytes and with 8 bytes of random taken from the `GCRY_STRONG_RANDOM' generator. Random numbers are then created by hashing all the 28 bytes with SHA-1 and saving that again in the first 20 bytes. The hash is also returned as result. ---------- Footnotes ---------- (1) Also described in chapter 6 of his book "Cryptographic Security Architecture", New York, 2004, ISBN 0-387-95387-6. 16.6.2 Description of the FIPS X9.31 PRNG ----------------------------------------- The core of this deterministic random number generator is implemented according to the document "NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms", dated 2005-01-31. This implementation uses the AES variant. The generator is based on contexts to utilize the same core functions for all random levels as required by the high-level interface. All random generators return their data in 128 bit blocks. If the caller requests less bits, the extra bits are not used. The key for each generator is only set once at the first time a generator context is used. The seed value is set along with the key and again after 1000 output blocks. On Unix like systems the `GCRY_VERY_STRONG_RANDOM' and `GCRY_STRONG_RANDOM' generators are keyed and seeded using the rndlinux module with the `/dev/random' device. Thus these generators may block until the OS kernel has collected enough entropy. When used with Microsoft Windows the rndw32 module is used instead. The generator used for `gcry_create_nonce' is keyed and seeded from the `GCRY_STRONG_RANDOM' generator. Thus is may also block if the `GCRY_STRONG_RANDOM' generator has not yet been used before and thus gets initialized on the first use by `gcry_create_nonce'. This special treatment is justified by the weaker requirements for a nonce generator and to save precious kernel entropy for use by the "real" random generators. A self-test facility uses a separate context to check the functionality of the core X9.31 functions using a known answers test. During runtime each output block is compared to the previous one to detect a stuck generator. The DT value for the generator is made up of the current time down to microseconds (if available) and a free running 64 bit counter. When used with the test context the DT value is taken from the context and incremented on each use. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Thu Feb 27 19:28:10 2014 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 27 Feb 2014 10:28:10 -0800 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <5203664.LZo7IKJdkj@inno> References: <5203664.LZo7IKJdkj@inno> Message-ID: <530F83BA.7020803@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Someone else made this argument already, which I thought should have shut down the thread, but it didn't, so I'll try repeating it. :) If I am Mal, I am going to make sure that my implementation does the right thing when you add the --verify-my-binary-is-safe flag. But when you're not using that flag I'm still free to do whatever I want with your stuff. In other words, we're right back to the same thread we had about 6 weeks ago. You cannot "Trust" a binary, for sufficiently "Secure" definitions of "Trust." You can't even "Trust" the binary if you compiled it yourself because you're not smart enough to go over every line of code for your binary, all of the libs it links against, the compiler, etc. etc. (And that's not an ad hominem attack, no one person has the requisite combination of knowledge and experience to do this.) So if you're an average user at some point you have to put your little-t trust somewhere. If you're part of an organization where lives depend on getting the crypto right you're going to allocate additional resources for making things more "Secure" as appropriate of course. But that's not going to involve command line options. ... and BTW, if you think I'm being paranoid or exaggerating the problem on the OS side just look at the recent flap with Apple software (iOS and OS X 10.9 both) regarding their own personal SSL/TLS implementation. One single misplaced 'goto' caused everyone using those systems to be vulnerable to a certain type of MITM. Linux has had similar issues, and don't get me started on Windows .... So Hauke, creative idea, but a non-starter IMO. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBCAAGBQJTD4O6AAoJEFzGhvEaGryEks0H/27ng3Cx4dn6Hyig2KoVphPW gDI8z3JsSbglArCbuDghVLgJFCOrbHaN2jOdQXm38Q/3ykwQiG8GZqU9iYXmXcY7 MbjEQUdaqIdULPSyVepL8Sg57DQf2U0Vd2Wf+deUVjPXcQfQzew+I0R/Z5ou1qjA cwBPzXnIL/8zjFUdrHIhxiTPlfAPh5o+NhUTqLVuHRPKATl3QmTj8FQ3FWYUkhR6 hlmEvSpqiHCUYbAzVOOJS1OnxlNfKvCNdNm+DmLOH0ZLE9XujpmVOwd1UC8vsz+6 mUE3rrlT8kvSbcEz3Txxr2Nh+rCyfZNIkg0krack32/JXOdNu8kFZBouquEdsts= =Jhsk -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Feb 28 04:23:42 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 27 Feb 2014 22:23:42 -0500 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <5203664.LZo7IKJdkj@inno> References: <5203664.LZo7IKJdkj@inno> Message-ID: <5310013E.3020405@sixdemonbag.org> > I just got asked: "How do I know that GnuPG in distro XY is not > compromised?" You don't. At some point you have to choose to trust something. This is usually your operating system provider. If you can't trust your operating system provider, then you're completely screwed and there's nothing anyone can do to change this. The question is not, "has GnuPG in distro XY been compromised?" The question is, "should I trust distro XY?" From rjh at sixdemonbag.org Fri Feb 28 04:30:01 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 27 Feb 2014 22:30:01 -0500 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <66359311.YQ5LQH4aDO@inno> References: <5203664.LZo7IKJdkj@inno> <2780237.j2gcbKhvCL@inno> <530E5CCA.8020500@digitalbrains.com> <66359311.YQ5LQH4aDO@inno> Message-ID: <531002B9.6050601@sixdemonbag.org> > Trivial to prevent in comparison to the task of verifying a distro. There are literally thousands of vectors. Defending against *all* of them is a deeply nontrivial task. Sometime take a look at the requirements for a SCIF: they're eye-opening. http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility > This attitute doesn't help though considering that we meanwhile face a > situation in which it has become more or less impossible to build a > system which is known non-compromised. It was always impossible. If you really want a known non-compromised system, you have to set up your own chip fab plant churning out low-transistor-count, hand-verified IC designs made from six-nines silicon you personally smelted from sand you personally mined off a beach. It has always been this way. It will always be this way. From peter at digitalbrains.com Fri Feb 28 11:38:20 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 28 Feb 2014 11:38:20 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <5203664.LZo7IKJdkj@inno> References: <5203664.LZo7IKJdkj@inno> Message-ID: <5310671C.2@digitalbrains.com> Your system bears similarities to deterministic compilation, where you build a binary on different systems and compare the results. There is a defining difference though. With deterministic compilation, the built binary is the end goal. When one of the systems it builds on is trustworthy, and all copies are the same, the binary is the one that you want and will use. Your product is okay. You don't care about the machines it was built on. With your scheme, the public key or the signed message are not the end goal. The end goal is the secrecy of the private components. You do care about all the systems it was built on, because they still have your private key. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mailinglisten at hauke-laging.de Fri Feb 28 15:42:29 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 28 Feb 2014 15:42:29 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <1393486717.2139.14.camel@micha137-myAMD-CM1740> References: <1393486717.2139.14.camel@micha137-myAMD-CM1740> Message-ID: <2445070.tgfG6L4glv@inno> Am Do 27.02.2014, 08:38:37 schrieb Michael Anders: > If a private key has been accessed on a system some adversary might > have had a chance to tamper with(e.g. with the PRNG or generally if > it is an NSA friendly OS connected to the web ;-) , there could have > been a keylogger in place and security of the key is gone. I am talking about a szenario in which everything which can be reasonably done already has been done. I am not talking about "Here's my system at which I click on every link I see. How can I make GnuPG more secure?". I.e. we are talking about offline systems here (yeah, I remember the discussion about USB sticks being dangerous...) thus a keylogger would not be a problem. Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Fri Feb 28 15:58:12 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 28 Feb 2014 15:58:12 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <530F83BA.7020803@dougbarton.us> References: <5203664.LZo7IKJdkj@inno> <530F83BA.7020803@dougbarton.us> Message-ID: <1456109.8X6Fp28V1Q@inno> Am Do 27.02.2014, 10:28:10 schrieb Doug Barton: > Someone else made this argument already, which I thought should have > shut down the thread, but it didn't, so I'll try repeating it. :) Thanks for paying attention and thinking about this but I already explained why I consider the argument you (probably) refer to as valid in general but invalid in the special case I am talking about. I am not simply ignoring well-meant advice. > If I am Mal, I am going to make sure that my implementation does the > right thing when you add the --verify-my-binary-is-safe flag. But when > you're not using that flag I'm still free to do whatever I want with > your stuff. That is correct. But your argument does not cover two important cases: a) Maybe I was not clear enough about that but I do not suggest this as a "Set the flag once (and do the other stuff) and after that you are safe forever" feature. This feature would have to be used for every encryption, too. (I guess it would be easily possible with RSA signatures today i.e. without changes to GnuPG.) Thus your "when you're not using that flag" point is never reached. b) This is not a problem if you just receive encrypted data. In that case you just must be sure that your key is clean. (The sender obviously has the problem how to be "sure" that his system is non-compromised.) > In other words, we're right back to the same thread we had about 6 > weeks ago. You cannot "Trust" a binary, for sufficiently "Secure" > definitions of "Trust." Sure. Thus I don't claim absolute security for my case but "only" that an attacker has to compromise more systems. Or central components (Kernel, GnuPG itself). I don't even have the slightest idea how safe the key is which signs the GnuPG packages... If I were the NSA then I would consider the software which Werner(?) uses for calculating the digests a valuable target... ;-) > ... and BTW, if you think I'm being paranoid or exaggerating the > problem on the OS side Not at all. After all most people would even consider my proposal paranoid, wouldn't they? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Fri Feb 28 16:05:55 2014 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 28 Feb 2014 16:05:55 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <531002B9.6050601@sixdemonbag.org> References: <5203664.LZo7IKJdkj@inno> <66359311.YQ5LQH4aDO@inno> <531002B9.6050601@sixdemonbag.org> Message-ID: <1895352.QZlI7v1JgA@inno> Am Do 27.02.2014, 22:30:01 schrieb Robert J. Hansen: > > Trivial to prevent in comparison to the task of verifying a distro. > > There are literally thousands of vectors. Defending against *all* of > them is a deeply nontrivial task. As usual I can agree only. But what does that mean in practice? Does that mean we don't aim for improvements any more, not even those which are easy to implement? Why are we talking about something like SHA-3 at all if "all is lost to THEM" anyway? (Please note that I am not implying this was your attitude.) Besides the obvious development resource limit I guess the point should be: How much more security would one get from a certain action and how much effort would it be? Hauke -- Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From peter at digitalbrains.com Fri Feb 28 20:47:38 2014 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 28 Feb 2014 20:47:38 +0100 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <1895352.QZlI7v1JgA@inno> References: <5203664.LZo7IKJdkj@inno> <66359311.YQ5LQH4aDO@inno> <531002B9.6050601@sixdemonbag.org> <1895352.QZlI7v1JgA@inno> Message-ID: <5310E7DA.4030703@digitalbrains.com> On 28/02/14 16:05, Hauke Laging wrote: > But what does that mean in practice? Does that mean we don't aim for > improvements any more, not even those which are easy to implement? I'm Dutch, so I'll do a dyke analogy. A dyke has breached. Throwing in one sack of sand is easily implemented, and it prevents the water from flowing over a span of say half a meter. Too bad it's still flowing over the span of the rest of the sixty meters the breach is wide. Your solution seems analogous to throwing in the one sack of sand because it is easy to implement. So indeed: how much more security will one get? I think that's where the opinions differ. You just have to trust your most trusted computer, or you have a lot of water in your living room. By the way, if it's so easy to implement, you could write a patch, or pay someone to do it for you. I would warn you to think about the source and quality of your randomness. If a compromised computer supplied your file containing the randomness, you'd look pretty foolish if you used that. So I suppose you need to have each computer generate the amount of randomness that is (worst case) needed for a key generation, and then have a well defined method of combining all those different blocks of randomness in such a way that even if a part of the randomness is crafted precisely to counteract the randomness in the other parts, you still have enough randomness to generate a key. It seems to me assuring the quality of the randomness is much harder than simply redirecting libgcrypt's random functions. Oh, and obviously, each computer that supplied a part of the randomness needs to verify that that is still the same when it generates the key, or the last PC to generate a block of randomness could just as well replace the earlier parts without you noticing. Etcetera. I'm sure I've missed something interesting relating to the randomness generation and transportation. I have one final question: would you even use this yourself or do you just think it's cool? Peter. PS: Sorry for my wildly inaccurate description of a dyke breach and stopping it. I might be Dutch, but I'm not an expert on water. I gladly leave that to the king :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From rjh at sixdemonbag.org Fri Feb 28 22:09:21 2014 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 28 Feb 2014 16:09:21 -0500 Subject: key generation: paranoia mode - explicit random input In-Reply-To: <1895352.QZlI7v1JgA@inno> References: <5203664.LZo7IKJdkj@inno> <66359311.YQ5LQH4aDO@inno> <531002B9.6050601@sixdemonbag.org> <1895352.QZlI7v1JgA@inno> Message-ID: <5310FB01.6090308@sixdemonbag.org> > But what does that mean in practice? Does that mean we don't aim for > improvements any more, not even those which are easy to implement? It means that when people ask questions like, "But how do we know the GnuPG in distro XY has not been compromised?", we give them clear, matter-of-fact answers: you don't, but if you're serious about this question you clearly need to use a different distro because the distro has literally millions of ways to screw you over surreptitiously. Your proposal tries to answer that question with, "well, use this technique." I've read your proposal and it doesn't seem like it solves anything -- which I regret: I really wish it did. Introducing stronger hash algorithms is easy to justify. Introducing new technologies that don't mitigate the problems they exist to solve... not so much.