From aef at raxys.net Sun Mar 1 03:29:44 2015 From: aef at raxys.net (Alexander E. Fischer) Date: Sun, 01 Mar 2015 03:29:44 +0100 Subject: A forgotten patch? In-Reply-To: <87fv9ql1uf.fsf__2157.08235414258$1425122871$gmane$org@vigenere.g10code.de> References: <1425088957.14003.87.camel@neoprokrast.monkey.poo> <87fv9ql1uf.fsf__2157.08235414258$1425122871$gmane$org@vigenere.g10code.de> Message-ID: <1425176984.14003.116.camel@neoprokrast.monkey.poo> Well thank you for the explanation. Sadly, I think my knowledge about C is not sufficient to fully judge the situation. Although I have to say, that the first example sounds a bit like a hack. I just hope you are right, a lot depends on it. > Right he lists Microsoft and a German "newspaper", to which many people > would never talk, as his clients. I think the majority of people work for people they don't necessarily like that much. I suppose it's related to the unfair distribution of wealth in our world. Being funded by Facebook isn't the most reputable thing either. > And why pusblishing a patch and no bug reports? Is there anything in the patch you would reconsider to accept, if there was a bug report for the patch? I would gladly write one if that would help to improve the quality of GnuPG. Kind regards Alexander E. Fischer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part URL: From marcozehe-ml at mailbox.org Sun Mar 1 06:30:02 2015 From: marcozehe-ml at mailbox.org (Marco Zehe) Date: Sun, 1 Mar 2015 06:30:02 +0100 Subject: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption In-Reply-To: <54F226DC.9010506@dougbarton.email> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf@vigenere.g10code.de> <54F226DC.9010506@dougbarton.email> Message-ID: <72D7CBEA-A262-4E50-9D97-CC6F6268F512@mailbox.org> Hi Doug, > Am 28.02.2015 um 21:36 schrieb Doug Barton : > > It's overwhelmingly likely that you are overthinking this. :) Yes, I have been known to have that tendency sometimes. :) Thanks! Will do as you suggest, then. Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From js-gnupg-users at webkeks.org Sun Mar 1 13:21:20 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Sun, 1 Mar 2015 13:21:20 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F1BEB8.5090603@digitalbrains.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> Message-ID: <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> Am 28.02.2015 um 14:12 schrieb Peter Lebbing : > On 28/02/15 14:06, Ralph Seichter wrote: >> but PGP does not work for mass e-mail protection > > Let me stress again that the proper course might be to replace SMTP (e-mail) and > then work from that. If you have a sieve and wish for something to hold liquids, > you could plug up all the holes or say "Blow this for a lark" and get a pan. You mean like BitMessage ? I think it's the only replacement for mail with cryptography from the start. It gets rid of the whole public / private key problem and also gets rid of spam by requiring a proof of work to send something. -- Jonathan From js-gnupg-users at webkeks.org Sun Mar 1 13:27:57 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Sun, 1 Mar 2015 13:27:57 +0100 Subject: trust paths In-Reply-To: <54F205AE.5010307@vulcan.xs4all.nl> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F0CFA9.7070601@cardcontact.de> <1425068740.5204.81.camel@scientia.net> <1756253.oFcBDuDOmV@inno> <1425072641.5204.95.camel@scientia.net> <54F1FD55.8080308@vulcan.xs4all.nl> <1425146173.4857.17.camel@scientia.net> <54F205AE.5010307@vulcan.xs4all.nl> Message-ID: <7E6223D2-9610-435C-B4D1-FC9FB7A1233A@webkeks.org> Am 28.02.2015 um 19:15 schrieb Johan Wevers > I'm not talking about mathematically proving something. After all, a > government agency could make a false key with Werner Koch's name on it > and send someone who looks like him with real ID documents to a > keysigning party. Government-issued ID's are no mathematical proof either. FWIF, you don't even need to be a government for that. And you don't need to look like Werner. Some document looking like a government issued ID showing a picture of you with Werner's name will most likely be enough to fool everyone who doesn't know Werner personally to sign this fake key. > If the key was only on the keyservers, sure, then even I could do that > myself easily. But I'm talking about keys on places where it is unlikely > anyone has write access to, like the gnupg website or as a signature in > mailinglist messages. Sure, it could be spoofed - but only a short time > before it get noticed. > > It would not be the first time I read about a spoofed gpg key on a Linux > distro server when the server was hacked. The attack works - but not for > long. You are assuming it will be spoofed for everyone. It could just be spoofed for you. Anybody who can MITM you and give you a fake SSL cert that you accept (i.e. every government on the planet, a lot of companies and even some individuals) can give you something spoofed and you would not notice. And there would be no outcry about spoofed keys, because it's just you being affected. -- Jonathan From bre at pagekite.net Sun Mar 1 13:39:36 2015 From: bre at pagekite.net (Bjarni Runar Einarsson) Date: Sun, 01 Mar 2015 12:39:36 -0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> References: <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> Message-ID: <20150301123936-2617-93847-mailpile@slinky> Jonathan Schleifer wrote: > > Let me stress again that the proper course might be to replace SMTP (e-mail) and > > then work from that. If you have a sieve and wish for something to hold liquids, > > you could plug up all the holes or say "Blow this for a lark" and get a pan. > > You mean like BitMessage ? > > I think it's the only replacement for mail with cryptography from the > start. It gets rid of the whole public / private key problem and also > gets rid of spam by requiring a proof of work to send something. Bitmessage is a toy. An interesting toy, but it's still just a toy. You can't propose to replace e-mail, a system used by *billions of people*, with this: "Just like Bitcoin transactions and blocks, all users would receive all messages. They would be responsible for attempting to decode each message with each of their private keys to see whether the message is bound for them." - The paper mentions a very hand-wavey, stream sharding concept to improve scalability, which has not been implemented and there is no math presented to support the idea that it actually will work. At scale, any promise of anonymity made by this protocol will be hampered by the fact that, on average, you have to connect to as many streams as you have contacts when sending mail, and your contact is connected to the stream and downloading the mail. Once there are enough shards to handle global traffic levels, then assuming the network hasn't already collapsed under its own weight (they talk about hierarchical shard discovery and signaling between shards), things will be so spread out that traffic analysis will give very strong clues about who is talking to whom. How severe this effect is, is for researchers to quantify - but the Bitmessage paper gives no indication that they're even aware of the problem. I'm all for experiments and Bitmessage may flesh these things out over time, but the paper was written in 2012 and (based on a quick grep of their github) their codebase still doesn't support more than one stream. To them, scalability is a "feature" they will implement "later". Until they do, this is not even remotely a candidate for replacing e-mail. It's cool tech! It's just not an e-mail replacement. Having studied the specs for both (various people want us to implement interesting protocols like this in Mailpile), I'd say DIME is a much more credible attempt at baking strong crypto into e-mail from the start, but it is still too new to say much about it. Cheers, - Bjarni -- Sent using Mailpile, Free Software from www.mailpile.is From peter at digitalbrains.com Sun Mar 1 14:33:16 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 01 Mar 2015 14:33:16 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> Message-ID: <54F3151C.7080806@digitalbrains.com> On 01/03/15 13:21, Jonathan Schleifer wrote: > You mean like BitMessage ? It was Werner who floated the idea of replacing SMTP here on gnupg-users. After thinking about it, it made a lot of sense to me. You could search gnupg-users for his messages about this. I had a real quick look and couldn't find it just now. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From patrick at enigmail.net Sun Mar 1 15:41:33 2015 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 01 Mar 2015 15:41:33 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> Message-ID: <54F3251D.20300@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 27.02.15 20:56, Werner Koch wrote: > On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said: > >> that anyone can upload _every_ key to a keyserver is an issue. If >> keyservers would do some sort of verification (e.g. confirmation >> of the email addresses) then this would lead to much more >> reliable data. > > We have such a system. It is called S/MIME. > > Ever tried to find an S/MIME (X.509) key (aka certificate) for an > arbitrary mail address? The only working solution to get such a > key is by sending a mail and asking for the key. You can do the > very same with PGP of course. Keyservers along with visting cards > are much nicer. > > So, why is there no public service to distribute X.509 keys? > Because nobody want to be legally responsible for such a key > unless you push a stack of money over the table for a qualified > signature certificate. I would not go that far as trying to guarantee the identity of key. But I think if a keyserver could do some basic verification of keys, it would make OpenPGP a lot easier to use for email. The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. This way, we have a simple verification of the access to the private the key, as well as access to the email addresses contained in the UID by quite a simple means. I would say this is about as reliable as sending an email to someone requesting their key. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU8yUaAAoJENsRh7ndX2k7Iz4P/j+rS8ZzqI62rQfc8RbNfPuT 1tinBE7Bf73PaZ+hpHCdEAcRUGhM64yRtNUAwovQt00sfdalF4WNKzdlItavMMLG YtsgaEgZNf8JQlhC2u++Pxo7x7YlHXIuU5Wdu7rbSJXTSfacII7QPSIK39iMUDB5 Je4xUiQSBUeFgm0HLIlnuZMn4KLEPIdthss8golOYBZisSJM8lsucneKSH/4z7sf d2zvfqRUVtyC9wtnzXDX0VmTP0m+LfVaug5fWyNB87yDKrWG6jqmttIm6vMFH534 RgHjjOCE5dzw0QIXfgv9d0xOFAGoMqt18UPAn/H7bxTJ2OAXHLvugBvfQxLrCO5N Lb4PjICyC/PB6L+thQS8uG6a7CKDV+nU7MIxRzkFtFVmG4L0Ew8JWViQP6tFwUd6 UUxc3DS+kAPprGmG9sOpzf29c3nDkS1Fe697dOtKAexJ3MTT2Ygc1ZbkDGRhtiM8 5ahjYSxtw/cCRKwXOi40DzDlNG3h1L71q87hJk5m+Ithcz4qkCgLdjzisJZBQd2U 2ObU1Nzjg18bJlXeyoNYve/CdjRp8EHlckdFJr/rBWy10u2vn9kL8Eq3HXDtOZGR V6va5bxt1jxOYiieAPpZ28Wr+TbxWR8Ih9dNkxCn19a5Hy0QtYYAVnJSrXEtv84y 4vjnCrxlE6QAkouU6XjB =m2JV -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 15:58:27 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 15:58:27 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3251D.20300@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> Message-ID: <54F32913.6010803@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: > On 27.02.15 20:56, Werner Koch wrote: >> On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said: > >>> that anyone can upload _every_ key to a keyserver is an issue. >>> If keyservers would do some sort of verification (e.g. >>> confirmation of the email addresses) then this would lead to >>> much more reliable data. > >> We have such a system. It is called S/MIME. > >> Ever tried to find an S/MIME (X.509) key (aka certificate) for an >> arbitrary mail address? The only working solution to get such a >> key is by sending a mail and asking for the key. You can do the >> very same with PGP of course. Keyservers along with visting >> cards are much nicer. > >> So, why is there no public service to distribute X.509 keys? >> Because nobody want to be legally responsible for such a key >> unless you push a stack of money over the table for a qualified >> signature certificate. > > I would not go that far as trying to guarantee the identity of > key. But I think if a keyserver could do some basic verification of > keys, it would make OpenPGP a lot easier to use for email. > > The idea I have in mind is roughly as follows: if you upload a key > to a keyserver, the keyserver would send an encrypted email to > every UID in the key. Each encrypted mail contains a unique link to > confirm the email address. Once all email addresses are confirmed, > the key is validated and the keyserver will allow access to it just > like with any regular keyserver. > You already have a variant of this at https://keyserver.pgp.com (although I don't recall if they send the requests encrypted, I haven't looked into the service in years) In general I believe this to be an insufficient form of identification that really doesn't provide much of anything useful, but at least the PGP keyserver does it reasonably sane in its methodology by creating a signature from their CA on the key. Whether you put any merit to having such a CA signature or not is left up to the user (excluding for now the "fun" related to the spammy number of signatures from it) - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Excellence is not a singular act but a habit. You are what you do repeatedly." (Shaquille O'Neal) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU8ykPAAoJEP7VAChXwav67LoIAJdaEldVcwdGAXE0u+Bk4pse N93PY/LUYiDeEZvnfaa75EBSKBllnYZdDW0Dk9TAPos/PE1XWa4BFN4VIpjpa665 Hy94vpiE2Fvx+MYGO52qz/AHmSMkAD8z3wxIVLX+5MSFLRP/gmJz1E6/2YL9afEt I2DSaE5XS2NNL9w6cX3SRgK52bEP1XZlRa3n+sSYAzGwZiGbthr67RV3jqadYbCw hU7MDKhgrARc6ZSpycDbs1kLacgrXBsx2PpvqDPHghU1SuoglkJ8ZFYz/Y725k9z LPmIvhx7jXHdqVo9JiTeDVubMylU2oqdnjBer9IrVywUCLEwKRGifhFMZOUV52U= =uiJ3 -----END PGP SIGNATURE----- From rpuls at kcore.de Sun Mar 1 15:32:25 2015 From: rpuls at kcore.de (=?UTF-8?B?UmVuw6k=?= Puls) Date: Sun, 1 Mar 2015 15:32:25 +0100 Subject: Decrypting PGP/MIME on the command line Message-ID: Hi, is there a command line utility that takes a PGP/MIME encrypted message (a plain RFC 2822 text file) and outputs an unencrypted copy? The secret key is available and GnuPG is configured correctly. It is okay if the process is somewhat lossy; signatures or attachments do not need to be preserved, although I would not mind that either. :-) Background: I would like to decrypt e-mails permanently for archiving and searching, and run this utility over hundreds of e-mails in a single batch. Alternatively, if there is a way to permanently decrypt an e-mail in Claws Mail, that would help me as well. It seems that Enigmail has such a feature[1] (or will have it soon), but I have not found anything similar for Claws Mail and would prefer a general-purpose utility which I can just run as a filter, independent of my e-mail client. Ren? [1] http://sourceforge.net/p/enigmail/bugs/1/ From patrick at enigmail.net Sun Mar 1 16:35:36 2015 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 01 Mar 2015 16:35:36 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F32913.6010803@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> Message-ID: <54F331C8.8060107@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01.03.15 15:58, Kristian Fiskerstrand wrote: > On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: >> On 27.02.15 20:56, Werner Koch wrote: >>> On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said: > >>>> that anyone can upload _every_ key to a keyserver is an >>>> issue. If keyservers would do some sort of verification >>>> (e.g. confirmation of the email addresses) then this would >>>> lead to much more reliable data. > >>> We have such a system. It is called S/MIME. > >>> Ever tried to find an S/MIME (X.509) key (aka certificate) for >>> an arbitrary mail address? The only working solution to get >>> such a key is by sending a mail and asking for the key. You >>> can do the very same with PGP of course. Keyservers along with >>> visting cards are much nicer. > >>> So, why is there no public service to distribute X.509 keys? >>> Because nobody want to be legally responsible for such a key >>> unless you push a stack of money over the table for a qualified >>> signature certificate. > >> I would not go that far as trying to guarantee the identity of >> key. But I think if a keyserver could do some basic verification >> of keys, it would make OpenPGP a lot easier to use for email. > >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email >> to every UID in the key. Each encrypted mail contains a unique >> link to confirm the email address. Once all email addresses are >> confirmed, the key is validated and the keyserver will allow >> access to it just like with any regular keyserver. > > > You already have a variant of this at https://keyserver.pgp.com > (although I don't recall if they send the requests encrypted, I > haven't looked into the service in years) > > In general I believe this to be an insufficient form of > identification that really doesn't provide much of anything useful, > but at least the PGP keyserver does it reasonably sane in its > methodology by creating a signature from their CA on the key. > Whether you put any merit to having such a CA signature or not is > left up to the user (excluding for now the "fun" related to the > spammy number of signatures from it) Yes, I know. The re-confirmation every few months together with re-signing the keys is among the things I dislike about keyserver.pgp.com. But in general, I think that keyservers need to go in that direction if we want to enable easy use of OpenPGP in email (which requires in some way or another to download missing keys automatically). - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU8zHGAAoJENsRh7ndX2k7dNMQAKpRyStQFPRszQ4V52VS9Cuk NTwUeRJ/ZIpM4OU0g1/3pXCMRI3xlSz0ts0Dh2ddMo2xcso5kS1X64DzrR6Sj6XT AF2hBr9rkU+vZN7KAjdlvOPbZruXZEqCQlLm0aAxVPDRY+AKC4YSTKHR4OvAnlyY mSFXDG7T/m6n8stwWrkY1M3PzD7UJCXH9Qsfb98oYOcP62MJlZW7H2byIgwVHvCK ijnCJ7YZNRYTpOwfn2WtN+hP5AksrF1uQwQn/ApbgOVuvPwIl2+MhdbY9wjzv3WB QFD4472Xho1vLsvT+qTHAskI4l5InnIhuxDVVRsr7OAGjbNPmSiph18+3A1vQOuy mkkBUYJblifM2hmhKTBTNhJyD/TYvhVrC35Tb3J+eq2RhaStivjlKFH9tH9FgBBR tz1R8OIdq4A3ZyHPYXBvvuYe+geZmUEOOAtTA7JDPvXrwrtLeGKvNJ31UaFd7kGd odk5PNRscWJIeQfSEwNCUyzzKexWjj14OFLCd4D9ylNVEHWhHOCEgMmgZaAVIduH oE5ChgCWLx44WQPA5O+bMEY4+WYJaJEk/tkwLHuY9CB98kGd3DmdK5BCh4WI6NLX O0Z3b7gDQfTxdi5fHJtHA16rtigA4zpkKz3Z4kgJUzVfnf2ikcU4+ppJX/Pd+4jZ Wt5Mq+MmViexsE/J/BFA =c5nb -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 16:38:20 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 16:38:20 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F331C8.8060107@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> Message-ID: <54F3326C.7010001@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 04:35 PM, Patrick Brunschwig wrote: > On 01.03.15 15:58, Kristian Fiskerstrand wrote: >> On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: >>> On 27.02.15 20:56, Werner Koch wrote: >>>> On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said: > .. > >> In general I believe this to be an insufficient form of >> identification that really doesn't provide much of anything >> useful, but at least the PGP keyserver does it reasonably sane in >> its methodology by creating a signature from their CA on the >> key. Whether you put any merit to having such a CA signature or >> not is left up to the user (excluding for now the "fun" related >> to the spammy number of signatures from it) > > Yes, I know. The re-confirmation every few months together with > re-signing the keys is among the things I dislike about > keyserver.pgp.com. But in general, I think that keyservers need to > go in that direction if we want to enable easy use of OpenPGP in > email (which requires in some way or another to download missing > keys automatically). You wouldn't need the keyservers to be involved in this at all. Anyone could set up such a mail verification CA outside of the keyserver network. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "The best way to predict the future is to invent it" (Alan Kay) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU8zJoAAoJEP7VAChXwav6vlgH/3ZBDMyOF4TfkDaBb+N5f45n crBiableZ/2I5Flq/dR5UierB1FtEPKKifdPNG/oa36gqLfFHeVpP8DGOTTGyl5S pkhR/1SNSKIpQyfCe0nOTeaxsCR0M6lmCudrtFsUf0kokTZ8SnWgwgonP5AQPde6 w+UCXUJmjwQechR6donoHOye19eo6SQI1byo0LpKO1NMl+5ErpCFOJrcnwDE93n1 nEWJA5hytTfM6cvXJkgUJ64WogRxS7xRUbQ4dTVG3wEPl9H+IaIOMCxKWGcq7SNC hSDa/evtdtWpjo7zSLo2lpVf03fM020ax1PHLBiItJnTAszhvWkA9bfZGrdB1mg= =EW11 -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 1 17:15:25 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 1 Mar 2015 16:15:25 +0000 Subject: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption] In-Reply-To: <54F200CD.6060108@vulcan.xs4all.nl> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1425060977.5204.10.camel@scientia.net> <54F1B456.2080900@vulcan.xs4all.nl> <87a8zycel8.fsf@alice.fifthhorseman.net> <54F200CD.6060108@vulcan.xs4all.nl> Message-ID: <94592084.20150301161525@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Saturday 28 February 2015 at 5:54:21 PM, in , Johan Wevers wrote: > For once, it > requires much contextual knowledge about what both > persons know of each other. Why? Most of my phone calls to regular business contacts consist entirely of discussing the matter at hand, not chit-chat. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Raining cats and dogs is better than hailing taxis. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU8zsfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwVYMIAJFtjZx4aHFfR5F7d1/kO2/t ulmARvmoBeH9NknjJuq8KL3nYCG+TsH3LEx1DrxdUMIGWzRddP5M+8RJABiNpyhM mfcYqhp+j9XgGrgRfYkE33h59ChkhuZ02WE03NKfbcez2xROQKMuwzjEGZ4e7Il9 5ZXBAncXRTzC/PyFIyUNYTl1I+tMip4fCH0hoaXq6pgJLn1uRNf2J9KKdJV/+7m7 zCDVKokSgP6kYoACh9Uc1NUEKmVO3YTFg9S4Ojg27rNMdpS5eJFB0JrnihOMpPo+ sZpieho+zNt/LhjNPFaC6zgC8G43CmaEnultpBUZvob/aVptJGunSV6GQXwTrvWI vgQBFgoAZgUCVPM7KF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CQwAQCVZOH3qNj/eLa83XDgOLXUsftL /msZGlMpOABWE3+dzgEAU3ju2z+ErhM38+chFMhS1M5td3yOSKqDA8q6yR4OhwA= =9nmV -----END PGP SIGNATURE----- From patrick at enigmail.net Sun Mar 1 17:21:22 2015 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 01 Mar 2015 17:21:22 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3326C.7010001__44944.2251855091$1425224369$gmane$org@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> <54F3326C.7010001__44944.2251855091$1425224369$gmane$org@sumptuouscapital.com> Message-ID: <54F33C82.3080606@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01.03.15 16:38, Kristian Fiskerstrand wrote: >>> In general I believe this to be an insufficient form of >>> identification that really doesn't provide much of anything >>> useful, but at least the PGP keyserver does it reasonably sane >>> in its methodology by creating a signature from their CA on >>> the key. Whether you put any merit to having such a CA >>> signature or not is left up to the user (excluding for now the >>> "fun" related to the spammy number of signatures from it) > >> Yes, I know. The re-confirmation every few months together with >> re-signing the keys is among the things I dislike about >> keyserver.pgp.com. But in general, I think that keyservers need >> to go in that direction if we want to enable easy use of OpenPGP >> in email (which requires in some way or another to download >> missing keys automatically). > > You wouldn't need the keyservers to be involved in this at all. > Anyone could set up such a mail verification CA outside of the > keyserver network. Perfectly correct, yes. This is exactly what I'm proposing. I believe that the current keyserver network cannot do this. I just don't have the time to (also) work on this... - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU8zyAAAoJENsRh7ndX2k7cNAQAJXErgNTCbTqEwhtUcW0l7KR hfchokWcOfgdMmNIKz9A2AD8mQ7Ckdxmn/ANGzNLSzZHjCT4+npjdEe/Q0XxcUf6 ajtntcQsdUBvpC/K4gPDg+V1g3EEZkUPHDeKvgCWvZIQ+57zjsg6T/0c4EEfdNWP jwZDceP17wsLcTy3OdHhVrMJkgF/HFR4GaGzWNUzBFxtfeoK7kNhkvxKDbhajmcY wiCgzz++cZmi7T4tf/hrdi65zB9zxzIOgvfeJvDpuuCUAGGYNtofJrIL4H3RNlSc LfEmbpIwEfJltgeaEpfHBRzTtbxzAr7STvYSQNBwcCb+ksa2EWLzpPjbTfBUWaMt 91oW/qrW2TcEPxPHxnR1dlrAVmm3gE253plO8rljllr5csrUgLiT7tGalAwxv5Es ITycw3lWUoxDRA1enqHnRgeig3MQNLGqZ5hbFYTs5sHYbKcpHG5Gl4TVnRKIWyCj KMuXqy1ibV5kIlbP70D/g5Ss2M3iUyYl/tHf1pA5WKMU2EguLL42A9LCIPkqMFO7 5a1+xRAo1ZzkHpNUgACI73F/IuNTPXA7bPSa298sLB55teNFjWK5N8oPPs03e4OQ W3oEoENnhgdUmDNd5soiM3yVgabGw8vBQC+/PD9Uz9Ee8AnxspxhQMdYacE467fJ 0ALTnk9tVO6Qt3vCjR3J =Mejp -----END PGP SIGNATURE----- From marcozehe-ml at mailbox.org Sun Mar 1 17:31:23 2015 From: marcozehe-ml at mailbox.org (Marco Zehe) Date: Sun, 1 Mar 2015 17:31:23 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3251D.20300@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> Message-ID: <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> Hi Patrick, > Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig : > > The idea I have in mind is roughly as follows: if you upload a key to > a keyserver, the keyserver would send an encrypted email to every UID > in the key. Each encrypted mail contains a unique link to confirm the > email address. Once all email addresses are confirmed, the key is > validated and the keyserver will allow access to it just like with any > regular keyserver. I like this idea very, very much! This is a confirmation that doesn?t hurt anybody, and it is something that insures on a basic level, that the key isn?t completely bogus. I have seen part of this in a different context in Mozilla?s Bugzilla, when one uploads one?s public key into the Bugzilla account to be able to receive security-sensitive messages. After submitting the form, Bugzilla sends an encrypted message to the account?s e-mail address, assuming the public key just uploaded belongs to that address. It doesn?t go as far as requiring verification via a link, but it definitely confirms if the key is working for the user. Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 1 17:35:20 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 1 Mar 2015 16:35:20 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F061B6.3070205@seichter.de> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> Message-ID: <1464424911.20150301163520@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Friday 27 February 2015 at 12:23:18 PM, in , Ralph Seichter wrote: > The thought of letting PGP die as an e-mail encryption > mechanism for the "masses" (the non-tech-savvy average > users) and to have it replaced with something my mother > could use is valid. Has OpenPGP ever been an e-mail encryption mechanism for the "masses"? It is certainly not used by most. > Alice can't just send an e-mail to Bob, she needs to acquire and > verify Bob's public key first. Depends on the threat model. If Alice knows Bobs email address and there is a matching key on the keyservers, isn't it likely to be better to opportunistically encrypt to that key rather than to send the message unencrypted? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Was time invented by an Irishman named O'Clock? -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU8z/JXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw48wIAI4UHlmaw8rYWbnoS+gzhyaP oVyu8msA0kZjOZo6o1TIP6Ffc21v3wU46ClZq07gtHVXaiRvisdIKMf/v/b5GnN/ Cer+HbiTMz2ivThcb69JndM3aQB/5+DI8l2UJQ2NOpVnIS5OgIvLw8rJd5SujMdx yyf7l32b6xlnbS2Z1z+COsz4Uo+h35v8MhRxeG0bFZuWTlOP99jbVaELJ+halAPS HiDffoMDd3khRUYCFkkA2vAxMthmSMwNWEllr7uQtCcd4kD5AA9gC2MFkyywESIN WM2UOmVA79c6OccdpxP+Ggs/Caz+DcjLYRUL5vgAOtZb/jyOyWPfNro0y1WdlJiI vgQBFgoAZgUCVPM/zl8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45GnrAQBRV/lNKdoutB6x2/URS8DlClT/ EoEsN4gz/qkzeKPNZwEAEhpOFVDf3bC9n1FZUXxYgMwU95UBVI58AKjIkTV0egE= =pfFQ -----END PGP SIGNATURE----- From marcozehe-ml at mailbox.org Sun Mar 1 17:36:20 2015 From: marcozehe-ml at mailbox.org (Marco Zehe) Date: Sun, 1 Mar 2015 17:36:20 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3326C.7010001@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> <54F3326C.7010001@sumptuouscapital.com> Message-ID: Hi Kristian, > Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand : > > You wouldn't need the keyservers to be involved in this at all. Anyone > could set up such a mail verification CA outside of the keyserver network. In theory, yes. And keybase.io goes in that direction, although they don?t do the verification of e-mail addresses themselves, only the e-mail address one signs up with for the account. But why should key servers not do that? Why add this extra level of complexity? Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 17:36:57 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 17:36:57 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> Message-ID: <54F34029.2020703@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 05:31 PM, Marco Zehe wrote: > Hi Patrick, > >> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig >> : >> >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email >> to every UID in the key. Each encrypted mail contains a unique >> link to confirm the email address. Once all email addresses are >> confirmed, the key is validated and the keyserver will allow >> access to it just like with any regular keyserver. > > I like this idea very, very much! This is a confirmation that > doesn?t hurt anybody, and it is something that insures on a basic > level, that the key isn?t completely bogus. > > I have seen part of this in a different context in Mozilla?s > Bugzilla, when one uploads one?s public key into the Bugzilla > account to be able to receive security-sensitive messages. After > submitting the form, Bugzilla sends an encrypted message to the > account?s e-mail address, assuming the public key just uploaded > belongs to that address. It doesn?t go as far as requiring > verification via a link, but it definitely confirms if the key is > working for the user. Seriously? Please look at https://bugzilla.mozilla.org/show_bug.cgi?id=790487 regarding that implementation, which opens up another can of worms (encrypts to {S,C} key, not encryption key, dual usage of same key material for different purposes... BAD) - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "I have always wished that my computer would be as easy to use as my telephone. My wish has come true -- I no longer know how to use my telephone" (Bjarne Stroustrup, April 1999) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU80AlAAoJEP7VAChXwav6EtYH/2s7omGB617SiAYBuBD11izv +7XErPLC0LMLAYTkxleHwZ2f+CDfL4Tf2g429i3XFYEeX2ysqJxq6vq4DVmbASe6 tEj8JpBRksUQB3FiIlnDrSBD2L8l4NgATeCVimUy8CJ19NoCixR6bVoZarFTKVus 93XS9GmD0wOBc2fWFqu3vnAqmHTaxi8UULtjqHGogEgaq9q2lLd13mbXP9MwX9zw oqpmiwi86tEZ1KpUc6AHBeEqmbTk1iZJHS4oNOks0OqYmro56fMXkVX1S9zx1lan fJdhS25d97MLl6yHSdQQGALGGdj+DNihcl77XvY5k8eUmURy13fXuqQf67mY/Us= =gvNe -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 17:40:48 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 17:40:48 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> <54F3326C.7010001@sumptuouscapital.com> Message-ID: <54F34110.20207@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 05:36 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand >> : >> >> You wouldn't need the keyservers to be involved in this at all. >> Anyone could set up such a mail verification CA outside of the >> keyserver network. > > In theory, yes. And keybase.io goes in that direction, although > they don?t do the verification of e-mail addresses themselves, only > the e-mail address one signs up with for the account. > > But why should key servers not do that? Why add this extra level > of complexity? > It isn't more complex, it is LESS complex to do it as a standalone CA. We currently have about 150 different key servers in the main gossipping network, you would have to establish severe trust mechanisms between them as to convey the verification data, change the gossiping protocol to accomodate this, implement crypto in the keyservers, possibly have keyservers shut down for legal reasons as possible verctors of legal attack for some additional data; data that, in its concept is the job of a CA in the first place. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "I have always wished that my computer would be as easy to use as my telephone. My wish has come true -- I no longer know how to use my telephone" (Bjarne Stroustrup, April 1999) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU80EMAAoJEP7VAChXwav6MEcIAKh5s2A01wUQZgF1Wh9chtRo tQ6pk05FnEYhyYi/9GBcehf2mqlnkbvBjvw74L1JJWsJdR3i5Z2VGhmVVMFOo4iW 99fX1rD1imM4PiRtAQ3gwvmJNm6u/65mfRFN8M3hyVLjWndkot3i3jCTGzT9oF6t QWcyUFPKAVck+B7VTmn6kt6td8rmYzeIp/0g7a6Q+BCeGNLMKzwdfofMRH0ueMys 0sTkA+73BKKYQITgFh2t+CvCNtoYd5IT8JFrk4lqdeCcb1HVuys0u1J8oLy1ppSr 869cwZ2nhwV4AOczDLAbMlwitDpWTLWpZ+epkkP4hOYii48neSXsc5XQwJr9RBU= =63S3 -----END PGP SIGNATURE----- From mlisten at hammernoch.net Sun Mar 1 17:42:53 2015 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Sun, 01 Mar 2015 17:42:53 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> Message-ID: <54F3418D.6090206@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01.03.15 17:31, Marco Zehe wrote: > Hi Patrick, > >> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig >> : >> >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email >> to every UID in the key. Each encrypted mail contains a unique >> link to confirm the email address. Once all email addresses are >> confirmed, the key is validated and the keyserver will allow >> access to it just like with any regular keyserver. > > I like this idea very, very much! This is a confirmation that > doesn?t hurt anybody, and it is something that insures on a basic > level, that the key isn?t completely bogus. Yes. And it would automate a process which would have to be done manually during a sensible key verification. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJU80GMAAoJEDrb+m0Aoeb+WXcP/RC3p4fYhyftVJPgvVHABrGj fgLd3PcJKLfIfUWqcqVu5xLUMbI2wwjR36rnfUpUmJQdmJXkOD4HWFuzGnGMTpiV CsrgYKbFXRzrKQeaUJtu0UVEXshORN+xHWHpjQi4HaqAahXWSzP7LSlbr/VhseO9 TClaGlI1jceZUyQGzLRv3IsTaU0uU3/juCtO/AGLjPiYCFJnohVRYFqh8vSG+zqX UHa9HrmTHv70BJmea/R9glwmKEq24VHWKe1rZpp/jkWWdIH7kQ9KLcp7qmTevPPZ tc3PAqe9B/TXLWM1KQiASxotHGIYnA+7putNwvN+WEfpPHg2oiWAa2zahNj9+yH1 W1ED+8XNlQGlIW2qBbiFfZcx+zuD9NMrK2ML0av8uJdt0/+lfUdVtzpYCEdq/LIz MepRxCyKJ8ZMoP6yw2zFFkmIHBCnrFpEAlUtlozMBEk5Wzc5J/F8RwxZVBO2UNM8 +8FHW14QDSU5gahFJulKg//mU/RmJiOtsvzomRlxy88/05FtW4I5amZ2mhDK/uVj EwZXb32gVqEB7+RM8SDWjRf2Aq8DiV5h+c6eI5bTora/8seo1Z/7KsaEUj9CcL/G 75P5VFrIvFvOg1FV9EPdT76wviexPSI4S47L5r87MLyr6pno0IkxPlznNmJ+gRzC uZkvUIEyQBhCFggtSlqb =1JPX -----END PGP SIGNATURE----- From marcozehe-ml at mailbox.org Sun Mar 1 17:45:40 2015 From: marcozehe-ml at mailbox.org (Marco Zehe) Date: Sun, 1 Mar 2015 17:45:40 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F34029.2020703@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> <54F34029.2020703@sumptuouscapital.com> Message-ID: <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> Hi Kristian, > Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand : > > Seriously? Please look at > https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that > implementation, which opens up another can of worms (encrypts to {S,C} > key, not encryption key, dual usage of same key material for different > purposes... BAD) Do you have any insight to share in that bug that might help my colleagues move fixing it forward? I?m sure it would be highly appreciated! :) Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 1 17:45:45 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 1 Mar 2015 16:45:45 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> Message-ID: <10210020677.20150301164545@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sunday 1 March 2015 at 12:21:20 PM, in , Jonathan Schleifer wrote: > and also gets rid of spam > by requiring a proof of work to send something. Surely, "proof of work" is evidence of performing some otherwise unnecessary CPU cycles. This wastes energy. In a system used by billions of people, lots of energy. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU80I6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwka8H/0B0bA1C5HZWGT++Gjko0tZr hRxSuLZrzCunPTjTfI5nZ03+hsFcj8HEj5o3IzqHgGUdiYxCsQUKNb8jIfD56kTt l5GBY5kOKubfgFlEDjc/VENma7oD14/Otm7S/+dSlGUlYsqTm0EQVTuPIcGmtmo0 CyLvZ/wb2nPUCbEjuov8qKAZR2u64kzkKDCHsW7EKQBDT703FtQ6S0BqA6RlKlrv X265xldChqx593KNJbzH18kOWMHtxpWIkVsUY6xd1IUiaWxppNWsKNOqEa3rPREa 0Aqv2zXCj5vwF5qji/oN7FgRi1iAB/YBUek23YmmdhTE4I/RGe+8R9zZF5LEWFqI vgQBFgoAZgUCVPNCQF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45DXmAQB9I5RGUnJFajLwKxJAriH5OeaX OVz5Rv32d18W6DUfMQEAnu04Vb2EwEQucTG7mUkaX/kBqqXUjr2XXPRSY/scBgo= =tNNO -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 17:54:14 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 17:54:14 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> <54F34029.2020703@sumptuouscapital.com> <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> Message-ID: <54F34436.1020600@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 05:45 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand >> : >> >> Seriously? Please look at >> https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that >> implementation, which opens up another can of worms (encrypts >> to {S,C} key, not encryption key, dual usage of same key material >> for different purposes... BAD) > > Do you have any insight to share in that bug that might help my > colleagues move fixing it forward? I?m sure it would be highly > appreciated! :) > Since the author's first reaction was closing it WONTFIX I didn't bother, with that kind of behavior they can't possibly take security seriously. The proper solution seems to be a re-implementation of the system to use gpgme for encryption. I'm also worried about the system's key management in the case of (i) revocations; as I'm not aware of any key refreshes being made, meaning a revocation certificate uploaded to public keyserver network would not be honored and still constitute information leak. (ii) Ditto for the issue of replacing the subkeys, as key rotation would not be automatically taken into consideration and would have to be uploaded manually to each bugzilla implementation using that flawed piece of software (the securemail extension, not bugzilla itself). - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Timendi causa est nescire The cause of fear is ignorance -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU80QyAAoJEP7VAChXwav6NLcH/2mkfs2MRRHhSc1ZcEVWstJ5 0ZDSGVHUDsAFqUGxXyxbOj+nc1yrZBlQCxFhd3dogtIMYUDkCckEDEIahT029jsL dJ3GvXjf3ZdKKCsIl+MTypr1ToyMJ0r0DpTv90XxdX97svdc7VUi5wIMdNiL3mbV dLbUXt8e1qTt1Y9ie08vhGVmSP3IesSztLlWkxyIPL7NFDNqMwTUCk/RAZx4qwpT Ore/QxzBYlBrauYJpyUrNhKX6atF1GmCT8w0AKI1E55TUJSDmadOzt8T4rGYRkD0 Hz3OWjdGsUETjDy0JFbwnky1a+RBKXqrEtmHmFw+5dE6IiqEXKe+hBrTRlMqQUQ= =g23o -----END PGP SIGNATURE----- From marcozehe-ml at mailbox.org Sun Mar 1 18:01:05 2015 From: marcozehe-ml at mailbox.org (Marco Zehe) Date: Sun, 1 Mar 2015 18:01:05 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F34436.1020600@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> <54F34029.2020703@sumptuouscapital.com> <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> <54F34436.1020600@sumptuouscapital.com> Message-ID: Hi Kristian, > Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand : > > Since the author's first reaction was closing it WONTFIX I didn't > bother, with that kind of behavior they can't possibly take security > seriously. Error in judgement that has since been corrected. These things sometimes happen, but this should definitely not be generalized. > > > The proper solution seems to be a re-implementation of the system to > use gpgme for encryption. I'm also worried about the system's key > management in the case of > (i) revocations; as I'm not aware of any key refreshes being made, > meaning a revocation certificate uploaded to public keyserver network > would not be honored and still constitute information leak. Yes, the public key doesn?t come from a key server in the first place, but needs to be copy and pasted into a standard HTML textarea while filling in the form for that Securemail extension. So it is the key owner?s responsibility to keep it up to date. As far as I know, there is no interaction with any outside source in this matter. > > (ii) Ditto for the issue of replacing the subkeys, as key rotation > would not be automatically taken into consideration and would have to > be uploaded manually to each bugzilla implementation using that flawed > piece of software (the securemail extension, not bugzilla itself). Yes, these instances are all acting independently, there is no exchange between totally unrelated Bugzilla instances. Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 1 18:04:09 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 1 Mar 2015 17:04:09 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F051D8.8080104@digitalbrains.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F051D8.8080104@digitalbrains.com> Message-ID: <96663679.20150301170409@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Friday 27 February 2015 at 11:15:36 AM, in , Peter Lebbing wrote: > So what did this key attract, being on the keyserver > for four years now? > 22 Nigerian 419 scams. That's it. Twenty-two! They came > in batches; I haven't seen anything since March last > year. I have such a key up for nearly five years. The only email the address has received is a test message from myself to check the address still works. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net A bird in the hand makes it awfully hard to blow your nose -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU80aJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwfZgH/Amp+td7dYlkig4Fdkjw0flA rNs3tVFgNcjMk8UFEt5EZgCX0KgREq+JUPPIZIZx6SxqiwddgwlG+FgCaAy5Mgys FZAq+DUUdAwr60dRiPfGYIwMoOOR53TsnlIUnDKyYTImGXbgfIjyDWy40Uh9dTqn 97tUuxfpcol82jFoFPsc9pHrbQT2xgRX8cQX13imcKP++DKNNK46yegqE3EJ7Ni2 VvkSGz/fjN00dddBRS+aLjYYdTbd0qkwD0ain2fSJDFUiN/KPCKFErw+sFLGMEa3 z+rKo7m2kENqz6gRrLJHseaN8R1fuCSYS//iOIJPOheB4PcnE3IHY1SNh0/fAFaI vgQBFgoAZgUCVPNGkF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PU4AQAUMrB63G2IGu2QdXATx/WVE4fl 6O95l2NU7GTh7s34RwEAFMza6mM5Uh3gmw8rARsm71AD39PleCJE3DTAqCE0Ugw= =jib3 -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 18:08:57 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 18:08:57 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> <54F34029.2020703@sumptuouscapital.com> <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> <54F34436.1020600@sumptuouscapital.com> Message-ID: <54F347A9.5000904@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 06:01 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand >> : >> >> Since the author's first reaction was closing it WONTFIX I didn't >> bother, with that kind of behavior they can't possibly take >> security seriously. > > Error in judgement that has since been corrected. These things > sometimes happen, but this should definitely not be generalized. > fair enough, but it does tell something about culture that it happens, even if corrected. >> (ii) Ditto for the issue of replacing the subkeys, as key >> rotation would not be automatically taken into consideration and >> would have to be uploaded manually to each bugzilla >> implementation using that flawed piece of software (the >> securemail extension, not bugzilla itself). > > Yes, these instances are all acting independently, there is no > exchange between totally unrelated Bugzilla instances. And there shouldn't be interaction between the various bugzilla instances, but there should be lookups to keyserver networks (preferably to a locally controlled keyserver to avoid certain information leakages, but that is another matter). In my own case I'm on some 10-15 bugzillas, with at least an annual rotation of the encryption subkey of my main key, meaning I have to manually update the key in these instances (that currently involve manual key splitting and pasting non-conforming OpenPGP data) on the bugzillas that have enabled it. Another issue with the current implementation, btw, is that there is no way to define group based keys (see gpg's - --group) , so aliases can't be used e.g. for an alias such as security at participant.invalid, this should be integrated into the already existing group restriction possibility in bugzilla), which ironically will send unencrypted email messages fondly even though something is restricted... - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Veni vidi velcro I came, I saw, I got stuck -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU80ekAAoJEP7VAChXwav6hVkH/j4kbWapWqGC7ij1nYB6zG6d dDFHwN7A7IsrIuXH4o/CZmdeidNB3lUk2KZ2woksa0XO+QRLwz34pZjTAdHUrJVe C/vxELcBqoF6kBDBrOzKU7suT5at8rrTMVtUXviT1nZuu+SCW2TOxpWNAfuLyS9j IDryaAot9CUPrarzclQfIn7VLMnH6aCPKDk5mli8mmdf0mD52YK7hHUWhYrQtXHF egxOPnaaiYEy7P2mm3vaYboJWlezv+EIZ8Ly0czSSpVJ1ryrL/ps5tm8Z/9U2njC QTnumYKa6cHeZtRLPYLQ56TeazifgYN+3ls9IAlcCn0ydOnlu7T2hK2Vsh8AEG4= =B5DB -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 1 18:11:41 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 1 Mar 2015 17:11:41 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3251D.20300@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> Message-ID: <674922894.20150301171141@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sunday 1 March 2015 at 2:41:33 PM, in , Patrick Brunschwig wrote: > The idea I have in mind is roughly as follows: if you > upload a key to a keyserver, the keyserver would send > an encrypted email to every UID in the key. Each > encrypted mail contains a unique link to confirm the > email address. Once all email addresses are confirmed, > the key is validated and the keyserver will allow > access to it just like with any regular keyserver. What about keys with UIDs containing no email address? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU80hOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwx5AH/27hmssNnCxcyea1CKlY2nUP TjVql/+1LPEDiEjeWmr8vJnynlmU0HxqhgIITBKzLeVcBPp2fhTGo6s6rE7ruycC ITUPEWdcgmL6ng/hRGf+d6ynds6zwPxiurqMVwVVHMi6rCpfnclDH8BfUuQXoE44 piePDNPk0j4cAkCllB11uoQEqs+mpboHFGRVW2ZfERzFoTHoW2UtCE+me+o5LM+g tm1nhSIZay53Eos08CKHYXFRjIXpZ64Qx1h7uVaQ7RCwQJ8U+fqEkTZPnrQ9Et9+ xb8qjQZ6dPYlUc7EY7BLTf+zZZciML044G6O5lJxuOzYnfbokfan6wwBbOx5YoWI vgQBFgoAZgUCVPNITl8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45BgUAQCUlFnxkSaygnmwoxwhd4KDsMT2 TMBxM3MeGCAw40SdVwEAAd/zbuKIyix8XljvsDp+3onA2XoGfYLDtM/0CUJ/CgY= =gDmu -----END PGP SIGNATURE----- From patrick at enigmail.net Sun Mar 1 18:14:40 2015 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 01 Mar 2015 18:14:40 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <674922894.20150301171141@my_localhost> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <674922894.20150301171141@my_localhost> Message-ID: <54F34900.7060706@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01.03.15 18:11, MFPA wrote: > > > On Sunday 1 March 2015 at 2:41:33 PM, in > , Patrick Brunschwig wrote: > > > >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email >> to every UID in the key. Each encrypted mail contains a unique >> link to confirm the email address. Once all email addresses are >> confirmed, the key is validated and the keyserver will allow >> access to it just like with any regular keyserver. > > What about keys with UIDs containing no email address? The purpose of such a keyserver would be primarily targeted to email. Thus I think such keys should be refused. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU80j+AAoJENsRh7ndX2k7fN4P/jxwiXiQuQ/fcor8yKkC1SqA TYnpQ2Z6ko1vY93repX5E1h9UrMvUOuMYHq7NECDftY2LSU/UFn0V7WpiAtdn+IO eweI6cCMZmkdv8VVt9+dy7eZbjQ2jBGWpKzJmYAw4pxO0QJBHrEL9TLhxWBz4wDi yAEOVQDrM3hl0O5NY8fX7Q249HwUWf/db0TC5lAA+he0mC9rjjNaAaq7yLGwTy/O +vb/BxNRkvppYLKU8/naSSVGEwVfj2tw6y0fQbyfRiNSfh351Q9sVcwC3vTkHnUz ldb6up4w5tRP6VY6yQ7m+mpAh1V1NX9J+h8Fi/kMGFfd3sfjYLduwPudJ17HmQr1 CAtOx/DnOXvIHMup1ZwENI1shaewNpxQoMHr/xCIEUaM2It8dwcVxdZ3f2KGGZ5F LdEBEvjRyHPhCT8G8XB3WHoEWWXWrHEC1loy5Fpv6QeCobrkzQetPW6rNCvX8Cyp nlST6TZoG0wBPonoKPQo+zPYBReBN+eUVuTb4Pe2WyhR4EY/7bsIdEa921lMekh5 fcnaI68McYpK2um6Mq686zArTu/KsJPRp868dVPNIEzW7gIZOjoKIdg0PGPpMQh/ NcpTi1vHeLZg4bYasXxpKG29dsAMfKGw/ImNkTyHhNZAw+1ykIeC4G4F/LFqlMaQ v+FzDXhpGilTKyqMxmzH =pm11 -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Sun Mar 1 18:34:04 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sun, 01 Mar 2015 18:34:04 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F347A9.5000904@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <217F8C53-ED46-4C92-8EA6-3015E44A1903@mailbox.org> <54F34029.2020703@sumptuouscapital.com> <5808CEF4-6372-4E0A-B6AB-47110670DF0A@mailbox.org> <54F34436.1020600@sumptuouscapital.com> <54F347A9.5000904@sumptuouscapital.com> Message-ID: <54F34D8C.9010706@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 06:08 PM, Kristian Fiskerstrand wrote: > On 03/01/2015 06:01 PM, Marco Zehe wrote: >> Hi Kristian, > >>> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand >>> : >>> ... > that have enabled it. Another issue with the current > implementation, btw, is that there is no way to define group based > keys (see gpg's --group) , so aliases can't be used e.g. for an > alias such as security at participant.invalid, this should be > integrated into the already existing group restriction possibility > in bugzilla), which ironically will send unencrypted email messages > fondly even though something is restricted... > To elaborate on this, in the absence of this I would also accept that bugs that have been restricted simply send a generic update message. "An update has occured on bug #XXXXXX, please log in to see the update" - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- There are two tragedies in life. One is to lose your heart's desire. The other is to gain it. - George Bernard Shaw -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU802IAAoJEP7VAChXwav68egH/2saK0x2MLOnzRZJbrIP41dF yKp9K+u/cq3Fk6hAvuZoJ0nGYBKuhh59mifvkMZrV4JEvBQ5NXjXWPD8wpJScaeL /K9dDKLifwxDpNWiFVK3ISO8jcJRbUYkOwMYd1SmcsKXz1fmB5qPyYGflJxJkME+ 2JI76K0FmeDnpNI/lyB2jFyi2uhfHxSDWIX80rqO+Hc0zMduKJsnAWfsVZmDbiGt JRjOe0aW2Qgkwvjx0tjEYw0Vbxp5ENfK6tpSCVbcoIQnuCwZz0E3MGrKAbJp3cUW w8XG9+rv9HqjGLp/txS4kjgqjmTkoiHFPvXW75OfK8xPGieA5epjjyVyowEW30Y= =RWnn -----END PGP SIGNATURE----- From js-gnupg-users at webkeks.org Sun Mar 1 19:58:19 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Sun, 1 Mar 2015 19:58:19 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <10210020677.20150301164545@my_localhost> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> <10210020677.20150301164545@my_localhost> Message-ID: Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists-groups at riseup.net>: >> and also gets rid of spam >> by requiring a proof of work to send something. > > Surely, "proof of work" is evidence of performing some otherwise > unnecessary CPU cycles. This wastes energy. In a system used by > billions of people, lots of energy. That "wasted energy" is a lot less than the energy we currently waste on spam, especially if you take into consideration the amount of human time wasted. The majority of the e-mail traffic is used up by spam. -- Jonathan From wk at gnupg.org Sun Mar 1 20:01:05 2015 From: wk at gnupg.org (Werner Koch) Date: Sun, 01 Mar 2015 20:01:05 +0100 Subject: Decrypting PGP/MIME on the command line In-Reply-To: (=?utf-8?Q?=22Ren=C3=A9?= Puls"'s message of "Sun, 1 Mar 2015 15:32:25 +0100") References: Message-ID: <874mq4k0em.fsf@vigenere.g10code.de> On Sun, 1 Mar 2015 15:32, rpuls at kcore.de said: > is there a command line utility that takes a PGP/MIME encrypted message > (a plain RFC 2822 text file) and outputs an unencrypted copy? The Not really. MIME is a structured format and as such it may result in a bunch of encrypted, non-nencrypted, signed, unsigned, message/alternative sub-documents. Thus it is not easy to write a general purpose command line tool. You may start with gpgparsemail which is not installed bald build as part of gnupg in the tools directory. It returns an annotated format which might be easier for further processing steps than plain MIME. If you only want to decrypt a standard MIME encrypted mail, it is easy. Simply pipe the entire mail through gpg and you will get the decrypted MIME container. Then use mimencode or similar tools. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sun Mar 1 20:11:10 2015 From: wk at gnupg.org (Werner Koch) Date: Sun, 01 Mar 2015 20:11:10 +0100 Subject: A forgotten patch? In-Reply-To: <1425176984.14003.116.camel@neoprokrast.monkey.poo> (Alexander E. Fischer's message of "Sun, 01 Mar 2015 03:29:44 +0100") References: <1425088957.14003.87.camel@neoprokrast.monkey.poo> <87fv9ql1uf.fsf__2157.08235414258$1425122871$gmane$org@vigenere.g10code.de> <1425176984.14003.116.camel@neoprokrast.monkey.poo> Message-ID: <87zj7wildd.fsf@vigenere.g10code.de> On Sun, 1 Mar 2015 03:29, aef at raxys.net said: > I think the majority of people work for people they don't necessarily > like that much. I suppose it's related to the unfair distribution of > wealth in our world. Being funded by Facebook isn't the most reputable > thing either. Yeah right, or Google or Microsoft, or Apple, you name it. [For some people raised in the 70ies and earlier "Bild" is a paper they won't even touch if they are in urgent need for paper. ] > Is there anything in the patch you would reconsider to accept, if > there I have not seen anything - I might have not seen the tree for all the assert(), though. > was a bug report for the patch? I would gladly write one if that would Well written bug reports are always appreciated. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From m.mansfeld at mansfeld-elektronik.de Sun Mar 1 21:25:06 2015 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Sun, 01 Mar 2015 21:25:06 +0100 Subject: New "validating keyserver" architecture (was: Re: German ct magazine postulates death of pgp encryption) In-Reply-To: <54F33C82.3080606@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de>, <54F3326C.7010001__44944.2251855091$1425224369$gmane$org@sumptuouscapital.com>, <54F33C82.3080606@enigmail.net> Message-ID: <54F375A2.23880.12EDB28@m.mansfeld.mansfeld-elektronik.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 1 Mar 2015 at 17:21, Patrick Brunschwig wrote: > On 01.03.15 16:38, Kristian Fiskerstrand wrote: > >>> In general I believe this to be an insufficient form of > >>> identification that really doesn't provide much of anything > >>> useful, but at least the PGP keyserver does it reasonably sane in > >>> its methodology by creating a signature from their CA on the key. > >>> Whether you put any merit to having such a CA signature or not is > >>> left up to the user (excluding for now the "fun" related to the > >>> spammy number of signatures from it) > > > >> Yes, I know. The re-confirmation every few months together with > >> re-signing the keys is among the things I dislike about > >> keyserver.pgp.com. But in general, I think that keyservers need to > >> go in that direction if we want to enable easy use of OpenPGP in > >> email (which requires in some way or another to download missing > >> keys automatically). > > > > You wouldn't need the keyservers to be involved in this at all. > > Anyone could set up such a mail verification CA outside of the > > keyserver network. > > Perfectly correct, yes. This is exactly what I'm proposing. I believe > that the current keyserver network cannot do this. I just don't have > the time to (also) work on this... > > - -Patrick I like this idea very much. (I must admit, I did not take notice of this feature at keyserver.pgp.com, However, I just tried it, but it refused my whole pubkey because it contains an expired subkey, but that's not a problem of the concept...). Uploadingonly with validation by e-mail to all (or at least a selected one) user-ids like keyserver.pgp.com does would be a really huge improvement and would address the initial problem about fake keys which lead the guy at c't to his PGP bashing. Key distribution between the keyservers same as now, and deleting a key on all servers (manually or after "Timeout" without confirmation) should be possible from any of these servers, not just this one the key was initially uploaded. And the objective should be to replace or retrofit the current system of keyservers. Two concurrent systems would not make OpenPGP more user friendly. What about crowdfunding such a development? Matthias - -- Matthias Mansfeld Elektronik * Printed Circuit Board Design and Assembly Neithardtstr. 3, D-85540 Haar, GERMANY Phone: +49-89-4620 0937, Fax: +49-89-4620 0938 Internet: http://www.mansfeld-elektronik.de OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGrelay v0.962 iQEcBAEBCAAGBQJU83WjAAoJEEBWH1SLWUDvqu0IAK8N/mUf5/T2hPCX4qMrpZyG c0SbxyECIk44/VCp9hOnp+fYd01Ocgv29P/w1KUSJsp5JrtxG3hkK+2SbYV6x+po dbSSPlyY8MOMQinYKyIP0VVSfVz5mScnxyjXZIMpmwbe6TYNacj/8DscVVXlBH8m afSTHIJDcMdvVn4fWOsvLufEUpCvmzbRuxEpSISJBRDgNlNE8DVAckfOoC+vIrbp 4Dr5BU4jJH3oFtG6p3yRt6bNW9wkPfYSp0mohVIO0KjSDMnrNq7t456xikehHxBn Q/e11FNv2bNvuPCZ3iET0ZfxUjvYlbS28Du7CgDRooA6jt7RLsULU3SmJuW4k/o= =2TV/ -----END PGP SIGNATURE----- From peter at digitalbrains.com Sun Mar 1 21:54:18 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 01 Mar 2015 21:54:18 +0100 Subject: Whishlist for next-gen card In-Reply-To: <54F341B8.8040606@gmail.com> References: <54E6F12D.40504@gmail.com> <54E87133.2040202@digitalbrains.com> <54E8D46E.1080408@gmail.com> <54F0BAC0.7060503@digitalbrains.com> <54F0DAA3.9020208@gmail.com> <54F0E668.7020906@digitalbrains.com> <54F341B8.8040606@gmail.com> Message-ID: <54F37C7A.3070800@digitalbrains.com> On 01/03/15 17:43, NdK wrote: > while I was talking of remote user auth (so using openpgp card instead of > ~/.ssh/id_* keys -- something that's already doable). No, I'm talking about that as well. And I don't think the fingerprint of the host is part of the signed data or the signature. Why do you think the fingerprint of the host is part of that? By /host/ authentication I mean that you verify that the host your are connecting to is in fact the host you wanted to connect to; and /that/ is through the public key of the host, of which you can verify the fingerprint. Let's call this keypair A. After you've verified the fingerprint, a copy of the hosts' public key, A, is stored in ~/.ssh/known_hosts on your client machine. But when the host is authenticating that you are in fact the user you are claiming to be, you sign a challenge that only you could sign because you have the private key, let's call it B. That is /user/ authentication. The host checks that your public key B is in ~/.ssh/authorized_keys on the server machine; if so, you're authenticated. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From flapflap at riseup.net Sun Mar 1 22:01:20 2015 From: flapflap at riseup.net (flapflap) Date: Sun, 01 Mar 2015 21:01:20 +0000 Subject: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption] In-Reply-To: <54F200CD.6060108@vulcan.xs4all.nl> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1425060977.5204.10.camel@scientia.net> <54F1B456.2080900@vulcan.xs4all.nl> <87a8zycel8.fsf@alice.fifthhorseman.net> <54F200CD.6060108@vulcan.xs4all.nl> Message-ID: <54F37E20.3020101@riseup.net> Johan Wevers: > On 28-02-2015 15:09, Daniel Kahn Gillmor wrote: > >> We had this discussion recently over on messaging at moderncrypto.org. > > What is described there is a much more confined problem. > >> It's far from "trivial", but breaking voice-based authentication >> (particularly in the already-noisy realm of mobile phone calls) with >> high probability doesn't seem to be beyond serious researchers. > > Fooling a computer that a certain voice belongs to someone else, sure, > I'm sure that is or will be possible. Fooling me that a short, fixed > string is spoken by someone I know when in fact it is not, sure, that too. > > But fooling me that the person on the other end of the line is someone I > know well by only technically impersonating his voice while having an > actual conversation... I don't believe it very likely to happen in the > near future. Perhaps it could work on someone I barely know, but pick > only once the wrong person and I might become very suspicious. It > requires not only changing the voice but also solving a problem much > harder than the classic Turing test. For once, it requires much > contextual knowledge about what both persons know of each other. > Apparently, it is very easy to fool people by voice on the telephone. Just think about the "grandchild trick" ([0], unfortunately not in English) which is a method where the criminals phone (often elder) people and tell them that they are a grandchild, nephew, or other remote relative and need some money for some reason (need a new car and the like). According to the article, they often start the conversation with a question like "Guess who's calling?" and then the victims think some time and seem to remember someone of their family and answer "Hi $Name" so the callers know a name of a relative they now can impersonate. You'd think that people are very careful with regard to money, but the trick is a huge "success" and the criminals got more than CHF 50k _per case_ in 2013 in Switzerland. This is because the telephone channel does not prove authenticity of the caller and thus cannot be secure. ~flapflap [0] https://de.wikipedia.org/wiki/Enkeltrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From kloecker at kde.org Sun Mar 1 23:25:20 2015 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sun, 1 Mar 2015 23:25:20 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <10210020677.20150301164545@my_localhost> Message-ID: <2032941.xNPWa1j001@collossus.ingo-kloecker.de> On Sunday 01 March 2015 19:58:19 Jonathan Schleifer wrote: > Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists- groups at riseup.net>: > >> and also gets rid of spam > >> by requiring a proof of work to send something. > > > > Surely, "proof of work" is evidence of performing some otherwise > > unnecessary CPU cycles. This wastes energy. In a system used by > > billions of people, lots of energy. > > That "wasted energy" is a lot less than the energy we currently waste on > spam, especially if you take into consideration the amount of human time > wasted. The majority of the e-mail traffic is used up by spam. And most spam is sent by bots. The spammers don't really care how much energy the bots burn. Yes, the amount of spam might decrease because the bots cannot hammer out that many bitmessages as SMTP messages per second, but your hypothesis that BitMessage would get rid of spam is unrealistic. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From js-gnupg-users at webkeks.org Sun Mar 1 23:43:25 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Sun, 1 Mar 2015 23:43:25 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <2032941.xNPWa1j001@collossus.ingo-kloecker.de> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <10210020677.20150301164545@my_localhost> <2032941.xNPWa1j001@collossus.ingo-kloecker.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 01.03.2015 um 23:25 schrieb Ingo Kl?cker : > And most spam is sent by bots. The spammers don't really care how much > energy the bots burn. Yes, the amount of spam might decrease because > the bots cannot hammer out that many bitmessages as SMTP messages per > second, but your hypothesis that BitMessage would get rid of spam is > unrealistic. I don't really agree with that. The goal is that the proof of work for a single message takes 4 minutes. At that rate, sending spam really is not profitable. In 4 minutes, spammers can currently send hundreds of thousands of mails. At that rate, they can afford to send it to every address they can find. With only one mail per machine every 4 minutes, they really need to be careful where to send it. Let's assume they have 10000 machines (which is unrealistic - most machines are behind a dialup connection from which no provider will accept mail). That's only 2500 mails a minute. If global spam were just 2500 spam messages a minute, spam would hardly be a problem. - -- Jonathan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EARYKAAYFAlTzle0ACgkQM+YcY+tK57UH+wEA2vgeaGeMeZ8daVMhQnJHsibz CP2bH4N9Jur5NMcu0G4BAACkAVlj0D5KKr6MfMcVb5dYoCRvn5mqOv/eoZPmLKEI =xAfS -----END PGP SIGNATURE----- From kloecker at kde.org Mon Mar 2 00:13:07 2015 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Mon, 2 Mar 2015 00:13:07 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <2032941.xNPWa1j001@collossus.ingo-kloecker.de> Message-ID: <1487310.Mu3zK8d9cY@collossus.ingo-kloecker.de> On Sunday 01 March 2015 23:43:25 Jonathan Schleifer wrote: > Am 01.03.2015 um 23:25 schrieb Ingo Kl?cker : > > And most spam is sent by bots. The spammers don't really care how much > > energy the bots burn. Yes, the amount of spam might decrease because > > the bots cannot hammer out that many bitmessages as SMTP messages per > > second, but your hypothesis that BitMessage would get rid of spam is > > unrealistic. > > I don't really agree with that. The goal is that the proof of work for a > single message takes 4 minutes. On what kind of hardware? A high-end gamer PC? Or a low end mobile phone? > At that rate, sending spam really is not > profitable. In 4 minutes, spammers can currently send hundreds of > thousands of mails. At that rate, they can afford to send it to every > address they can find. With only one mail per machine every 4 minutes, > they really need to be careful where to send it. Let's assume they have > 10000 machines (which is unrealistic - most machines are behind a dialup > connection from which no provider will accept mail). There are much larger bot nets, e.g the ramnit bot net apparently controlled 3.2 million (!) machines (see http://heise.de/-2559388, in German). And with regard to providers not accepting those mails you seem to be missing that the bots simply (ab)use the mail accounts of the bot owners. > That's only 2500 > mails a minute. If global spam were just 2500 spam messages a minute, > spam would hardly be a problem. Of course, 800,000 spam messages per minute is still many magnitudes less than now. I don't see BitMessage killing spam. But it will surely kill mailing lists. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From js-gnupg-users at webkeks.org Mon Mar 2 00:23:24 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Mon, 2 Mar 2015 00:23:24 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <1487310.Mu3zK8d9cY@collossus.ingo-kloecker.de> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <2032941.xNPWa1j001@collossus.ingo-kloecker.de> <1487310.Mu3zK8d9cY@collossus.ingo-kloecker.de> Message-ID: <20150302002324.4e684759c7745a459bdd0407@webkeks.org> On Mon, 2 Mar 2015 00:13:07 +0100, Ingo Kl?cker wrote: > On what kind of hardware? A high-end gamer PC? Or a low end mobile phone? According to the paper, the goal is to take 4 minutes on an average PC and that it shall be adjusted according to hardware improvements. > There are much larger bot nets, e.g the ramnit bot net apparently controlled > 3.2 million (!) machines (see http://heise.de/-2559388, in German). And with > regard to providers not accepting those mails you seem to be missing that the > bots simply (ab)use the mail accounts of the bot owners. Abusing mail accounts only works if they are mail accounts with crappy hosts. Sane providers will block your account if you start sending 100 mails in 1 minute ;). > Of course, 800,000 spam messages per minute is still many magnitudes less than > now. The question is if that would still be profitable for spammers. Currently, they just send their spam to millions of addresses hoping that one of them is stupid enough to fall for it. They can do that because it's cheap. But if sending isn't cheap, sending to millions to just get one idiot who falls for it isn't an option anymore. > I don't see BitMessage killing spam. But it will surely kill mailing lists. It would just need to be extended to groups. The protocol is not set in stone. In any case, I'm not suggesting we all switch to BitMessage. I'm just saying this is going in the right direction. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available URL: From dkg at fifthhorseman.net Mon Mar 2 00:34:55 2015 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 02 Mar 2015 00:34:55 +0100 Subject: Decrypting PGP/MIME on the command line In-Reply-To: <874mq4k0em.fsf@vigenere.g10code.de> References: <874mq4k0em.fsf@vigenere.g10code.de> Message-ID: <87sido9tr4.fsf@alice.fifthhorseman.net> On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote: > On Sun, 1 Mar 2015 15:32, rpuls at kcore.de said: > >> is there a command line utility that takes a PGP/MIME encrypted message >> (a plain RFC 2822 text file) and outputs an unencrypted copy? The > > Not really. MIME is a structured format and as such it may result in a > bunch of encrypted, non-nencrypted, signed, unsigned, > message/alternative sub-documents. Thus it is not easy to write a > general purpose command line tool. python's email module is quite good for programmatically handling mime parts if you want to manipulate an e-mail (though it may not be so good for reconstructing it in some sort of bytewise exact fashion). > You may start with gpgparsemail which is not installed bald build as > part of gnupg in the tools directory. It returns an annotated format > which might be easier for further processing steps than plain MIME. > > If you only want to decrypt a standard MIME encrypted mail, it is easy. > Simply pipe the entire mail through gpg and you will get the decrypted > MIME container. You should also note that any decryption like this is likely to remove any OpenPGP signature as well, for those MUAs that do the encryption+signing step all in one OpenPGP piece (i believe that the gpgtools mail.app plugin places the OpenPGP signature inside a multipart/signed MIME message, which is then itself encrypted, rather than placing encryption and signatures all in the OpenPGP part directly). A tool that transforms an OpenPGP encrypted+signed MIME message into an OpenPGP-signed MIME message while retaining the original signature would be a really nice tool to have. --dkg From dougb at dougbarton.email Mon Mar 2 00:52:42 2015 From: dougb at dougbarton.email (Doug Barton) Date: Sun, 01 Mar 2015 15:52:42 -0800 Subject: Decrypting PGP/MIME on the command line In-Reply-To: <87sido9tr4.fsf@alice.fifthhorseman.net> References: <874mq4k0em.fsf@vigenere.g10code.de> <87sido9tr4.fsf@alice.fifthhorseman.net> Message-ID: <54F3A64A.2000009@dougbarton.email> On 3/1/15 3:34 PM, Daniel Kahn Gillmor wrote: > On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote: >> On Sun, 1 Mar 2015 15:32, rpuls at kcore.de said: >> >>> is there a command line utility that takes a PGP/MIME encrypted message >>> (a plain RFC 2822 text file) and outputs an unencrypted copy? The >> >> Not really. MIME is a structured format and as such it may result in a >> bunch of encrypted, non-nencrypted, signed, unsigned, >> message/alternative sub-documents. Thus it is not easy to write a >> general purpose command line tool. > > python's email module is quite good for programmatically handling mime > parts if you want to manipulate an e-mail (though it may not be so good > for reconstructing it in some sort of bytewise exact fashion). > >> You may start with gpgparsemail which is not installed bald build as >> part of gnupg in the tools directory. It returns an annotated format >> which might be easier for further processing steps than plain MIME. >> >> If you only want to decrypt a standard MIME encrypted mail, it is easy. >> Simply pipe the entire mail through gpg and you will get the decrypted >> MIME container. > > You should also note that any decryption like this is likely to remove > any OpenPGP signature as well, for those MUAs that do the > encryption+signing step all in one OpenPGP piece (i believe that the > gpgtools mail.app plugin places the OpenPGP signature inside a > multipart/signed MIME message, which is then itself encrypted, rather > than placing encryption and signatures all in the OpenPGP part > directly). > > A tool that transforms an OpenPGP encrypted+signed MIME message into an > OpenPGP-signed MIME message while retaining the original signature would > be a really nice tool to have. The signature is an attachment on a PGP/MIME message of course, so you'd have to preserve the two files separately. My (Al)pine PGP filters are shell scripts that (amongst other things) will verify and decrypt PGP/MIME messages. You could easily adapt that code to output the canonical version of the message to a file, along with the corresponding signature. hope this helps, Doug https://dougbarton.us/PGP/ppf/index.html From ml.throttle at xoxy.net Mon Mar 2 02:45:09 2015 From: ml.throttle at xoxy.net (Helmut Waitzmann) Date: Mon, 02 Mar 2015 02:45:09 +0100 Subject: How to send a key to a keyserver? In-Reply-To: <54F05FE1.5030101@sumptuouscapital.com> (Kristian Fiskerstrand's message of "Fri, 27 Feb 2015 13:15:29 +0100") References: <87egpcwq41.fsf@helmutwaitzmann.news.arcor.de> <54F05BB2.9030405@nordnet.fr> <54F05FE1.5030101@sumptuouscapital.com> Message-ID: <87pp8scgu9.fsf@helmutwaitzmann.news.arcor.de> Kristian Fiskerstrand writes: >On 02/27/2015 12:57 PM, Philip Jackson wrote: >> On 26/02/15 18:15, Helmut Waitzmann wrote: >>> I tried >>> >>> gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net >>> --send-keys -- 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 >>> >>> and got the message >>> >>> gpg: sending key FDEE765D017077F1 to hkp server >>> pool.sks-keyservers.net gpgkeys: HTTP post error 22: The >>> requested URL returned error: 417 gpg: keyserver internal error >>> gpg: keyserver send failed: Keyserver error >417 really shouldn't happen for any of the servers in the pool, as it >is explicitly checked that this return code should not be used. >For 1.4/2.0, please use --keyserver-options debug,verbose to get more >information about the interaction from the curl helpers, this will be >useful for debugging. + gpg2 --version gpg (GnuPG) 2.0.14 libgcrypt 1.4.5 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/helmut/helmut/private/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 + gpg2 --verbose --keyserver-options debug,verbose --keyserver hkp://pool.sks-keyservers.net --send-keys -- 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 gpg: sending key FDEE765D017077F1 to hkp server pool.sks-keyservers.net gpgkeys: curl version = libcurl/7.21.0 GnuTLS/2.8.6 zlib/1.2.3.4 libidn/1.15 * About to connect() to proxy proxy.zuhause.test port 3128 (#0) * Trying 192.168.0.1... * connected * Connected to proxy.zuhause.test (192.168.0.1) port 3128 (#0) > POST http://pool.sks-keyservers.net:11371/pks/add HTTP/1.1 Host: pool.sks-keyservers.net:11371 Accept: */* Proxy-Connection: Keep-Alive Pragma: no-cache Cache-Control: no-cache Content-Length: 3239 Content-Type: application/x-www-form-urlencoded Expect: 100-continue * The requested URL returned error: 417 * Closing connection #0 gpgkeys: HTTP post error 22: The requested URL returned error: 417 gpg: keyserver internal error gpg: keyserver send failed: Keyserver error + printf 'exit code: %s\n' 2 exit code: 2 Ah! gpg is using my http proxy. proxy.zuhause.test is only known to my own DNS service, resolving (after following an alias) to IP address 192.168.0.1. Issuing same gpg2-command again, after unsetting the environment variable http_proxy: + gpg2 --verbose --keyserver-options debug,verbose --keyserver hkp://pool.sks-keyservers.net --send-keys -- 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 gpg: sending key FDEE765D017077F1 to hkp server pool.sks-keyservers.net gpgkeys: curl version = libcurl/7.21.0 GnuTLS/2.8.6 zlib/1.2.3.4 libidn/1.15 * About to connect() to pool.sks-keyservers.net port 11371 (#0) * Trying 23.226.129.243... * connected * Connected to pool.sks-keyservers.net (23.226.129.243) port 11371 (#0) > POST /pks/add HTTP/1.1 Host: pool.sks-keyservers.net:11371 Accept: */* Pragma: no-cache Cache-Control: no-cache Content-Length: 3239 Content-Type: application/x-www-form-urlencoded Expect: 100-continue < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < Date: Mon, 02 Mar 2015 01:31:08 GMT < Content-Type: text/html; charset=UTF-8 < Content-Length: 129 < Connection: keep-alive < Server: sks_www/1.1.5 < Cache-Control: no-cache < Pragma: no-cache < Expires: 0 < X-HKP-Results-Count: 1 < Access-Control-Allow-Origin: * < Via: 1.1 keys.jhcloos.com:11371 (nginx) < * Connection #0 to host pool.sks-keyservers.net left intact * Closing connection #0 + printf 'exit code: %s\n' 0 exit code: 0 So it's a problem with my http proxy? From cp at axs.org Mon Mar 2 04:50:52 2015 From: cp at axs.org (Chuck Peters) Date: Mon, 2 Mar 2015 03:50:52 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F34110.20207@sumptuouscapital.com> References: <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> <54F3326C.7010001@sumptuouscapital.com> <54F34110.20207@sumptuouscapital.com> Message-ID: <20150302035052.GA20402@xen.axs.org> Kristian Fiskerstrand said: > >> > >> You wouldn't need the keyservers to be involved in this at all. > >> Anyone could set up such a mail verification CA outside of the > >> keyserver network. How about storing keys in a more distributed manner, DNS, in addition to some other method of authentication, DNSSEC and DANE? Paul Wouters and others are working on it: Using DANE to Associate OpenPGP public keys with email addresses https://tools.ietf.org/html/draft-wouters-dane-openpgp-02 Paul recently gave a presentation about it at an ICANN meeting: Slides http://singapore52.icann.org/en/schedule/mon-tech/presentation-new-dnssec-technologies-09feb15-en.pdf Video, via Adobe Connect starts about 4:49:00 and goes to about 5:08:00: https://icann.adobeconnect.com/p2j5gtoni79/?launcher=false&fcsContent=true&pbMode=normal Audio: http://audio.icann.org/meetings/singapore2015/tech-09feb15-en.mp3 Slide 1 of the presentation shows, not including the title slide, how you can obtain Paul's key with dig and slide 2 shows the easier method using hash-slinger: openpgpkey --fetch email_address Slide 5 shows how to create the DNS record: openpgpkey --create email_address --output rfc Slide 9 Paul talks about openpgpkey-milter which is a postfix and sendmail plugin to auto-encrypt email. Note it is not recommended for production use yet. And to make mail servers less NSA friendly we should be setting up DANE and requiring starttls with forward secrecy anyway! It's on my TODO list! Chuck From xavier at maillard.im Mon Mar 2 06:23:00 2015 From: xavier at maillard.im (Xavier Maillard) Date: Mon, 02 Mar 2015 06:23:00 +0100 Subject: How to send a key to a keyserver? In-Reply-To: <87pp8scgu9.fsf@helmutwaitzmann.news.arcor.de> References: <87egpcwq41.fsf@helmutwaitzmann.news.arcor.de> <54F05BB2.9030405@nordnet.fr> <54F05FE1.5030101@sumptuouscapital.com> <87pp8scgu9.fsf@helmutwaitzmann.news.arcor.de> Message-ID: Helmut Waitzmann writes: > So it's a problem with my http proxy? Seems like actually. -- Xavier. From kristian.fiskerstrand at sumptuouscapital.com Mon Mar 2 08:43:21 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Mon, 02 Mar 2015 08:43:21 +0100 Subject: How to send a key to a keyserver? In-Reply-To: <87pp8scgu9.fsf@helmutwaitzmann.news.arcor.de> References: <87egpcwq41.fsf@helmutwaitzmann.news.arcor.de> <54F05BB2.9030405@nordnet.fr> <54F05FE1.5030101@sumptuouscapital.com> <87pp8scgu9.fsf@helmutwaitzmann.news.arcor.de> Message-ID: <54F41499.7070002@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/02/2015 02:45 AM, Helmut Waitzmann wrote: > Kristian Fiskerstrand > writes: > >> On 02/27/2015 12:57 PM, Philip Jackson wrote: >>> On 26/02/15 18:15, Helmut Waitzmann wrote: >>>> I tried >>>> >>>> gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net >>>> --send-keys -- 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 >>>> >>>> and got the message >>>> >>>> gpg: sending key FDEE765D017077F1 to hkp server >>>> pool.sks-keyservers.net gpgkeys: HTTP post error 22: The >>>> requested URL returned error: 417 gpg: keyserver internal >>>> error gpg: keyserver send failed: Keyserver error > >> 417 really shouldn't happen for any of the servers in the pool, >> as it is explicitly checked that this return code should not be >> used. > >> For 1.4/2.0, please use --keyserver-options debug,verbose to get >> more information about the interaction from the curl helpers, >> this will be useful for debugging. > .. > > Ah! gpg is using my http proxy. proxy.zuhause.test is only known > to my own DNS service, resolving (after following an alias) to IP > address 192.168.0.1. > > Issuing same gpg2-command again, after unsetting the environment > variable http_proxy: .. > > So it's a problem with my http proxy? > Anything else would surprise me. A hint is to look for any mismatch handling of HTTP/1.0 vs HTTP/1.1 with regards to the 100-Expect, you can find some information on the matter for the keyserver operators at [0] References: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aurum est Potestas Gold is power -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9BSUAAoJEP7VAChXwav66pwH/1fZIfNadxa2cEpgvsScQVid ggaJSfVrNyAye1bFacSjhMBxL61G7jVuGQkvOq+l1WNOYNzwP2ZsjQJ7XpaCP0IM bE1omqNwYM5GNk4eA1PTjxJjoX1O2l8+umzIOZ7lMOWnB8YsqziIwPz36RCVGQ15 cYzK9G+Ca7uCmyQ09dYnY7MvfN+U49SoSPz3PJJgGKD+9nuStSphaY7Bu8kWqXOm JyW4BgPThQvhLjqOIStbPIvFRC9BTSibRiCI5Bc3NMljYC/RFuXzmDyveVbf9jjc fN/X5tn0Ygax3AKZryGYynjOiDA+tQuazf+LzqZ0apHT+guEF1vW6zkS8xWN1s4= =mr9o -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Mon Mar 2 09:20:14 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 2 Mar 2015 08:20:14 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> <10210020677.20150301164545@my_localhost> Message-ID: <134737899.20150302082014@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sunday 1 March 2015 at 6:58:19 PM, in , Jonathan Schleifer wrote: > That "wasted energy" is a lot less than the energy we > currently waste on spam, I suspect my computer wastes very little energy in downloading and storing a few dozen spam messages per month. > especially if you take into > consideration the amount of human time wasted. Most are so obvious that we are talking fractions of a second per email. Or maybe people who automatically filter their spam spend a bit less time looking through it for false-positives. > The > majority of the e-mail traffic is used up by spam. I'm never convinced it is as big an iassue as some make out. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The truth is rarely pure and never simple -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU9B1IXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwUwUH/0HFsSprR+wbpx78c5LPCLxu GUlwOJXvoThi8k4N6GR1G0OqHct3c+cOqHpAYbjgYlvUluPJOS5riu1zZ3cXAcaG xKAgg7a2zCMNU5SIEnKAH3sgnUOucULeBZ55obXbJL3ZfSElP2yWflMaBJJ4PVA6 0WLKcx+3k/NUQsJ758q/tLPYrZeIkJMXOsU9TJK+MQ0jLkVLDhIKAvlsdzFALi7A 8m5pYD5zNzk/g32Y4gUKYrEC/MwR5105JzVChgLF2g/ILOBMJPCql6cjER6j6vcb 3JuyfEfsCMRsKldfEAJsuipNLK6ccC//t/wfsbHEOsppOL25Tw835WxRk2WOBECI vgQBFgoAZgUCVPQdY18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MhnAQDT6unA/Th7fYK0vb8e7zTUci7a WxTdv8jdDgbdP3EhUgEAwjd6EDzZH8sESeHZmQj5KUGGGNBRRmDkFXkAAzZ/6wA= =3dC9 -----END PGP SIGNATURE----- From 2014-667rhzu3dc-lists-groups at riseup.net Mon Mar 2 09:27:10 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 2 Mar 2015 08:27:10 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <10210020677.20150301164545@my_localhost> <2032941.xNPWa1j001@collossus.ingo-kloecker.de> Message-ID: <1379061197.20150302082710@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sunday 1 March 2015 at 10:43:25 PM, in , Jonathan Schleifer wrote: > The goal is that the > proof of work for a single message takes 4 minutes. Currently at work, when I ask somebody a question by email it is not unusual to see the CC of the question to somebody else and then receive the answer, all within a few minutes. Holding on to each message for four minutes before sending would be massively inefficient. And four minutes per message would cripple corporate email servers that serve thousands of staff. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Put knot yore trust inn spel chequers -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU9B7fXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwc2cH/1DlvZbcpocAXcv8/SHO9OyN fN7EUtqj9L4T+TIpBbZbyCRRHqTl476o4UujDsBzdCx1iekRUROx5UpAlJ2b6nRM FEQHiCxlQDkbqHs7A4wTGAsWoAuuyNJqp3JhQl972SwBQdLjpTrrxeaatUGyYQAp UpuxrRdozc+3P06GG+4b2QsCX+EKZX3qGaCOp0lICf0XrOyrGMI5MROC67kTjSFW FQIRYBTyb0Ni7zDS04VvCqkryRPhfHCW7aszvlRUI6w4Uc5/gG63UGHN+nH6ZHTZ fLWWBnxx6uJkknSDX3lxcpaPXmn2uI71foefZhBevmZM7C68N+EuaGz5SlmwvQ2I vgQBFgoAZgUCVPQe318UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45Hk/AQBX7xpvtBSHGQpZkFpY6KkJqCxU N12zpuvsjIfMHAd8bAEAW3xc6UkM7e3pd+GakLLxZk5F4PGVq0Vbvet4YBXHmQ4= =P15E -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Mon Mar 2 09:51:47 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Mon, 02 Mar 2015 09:51:47 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <20150302035052.GA20402@xen.axs.org> References: <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <54F32913.6010803@sumptuouscapital.com> <54F331C8.8060107@enigmail.net> <54F3326C.7010001@sumptuouscapital.com> <54F34110.20207@sumptuouscapital.com> <20150302035052.GA20402@xen.axs.org> Message-ID: <54F424A3.6040105@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/02/2015 04:50 AM, Chuck Peters wrote: > Kristian Fiskerstrand said: >>>> >>>> You wouldn't need the keyservers to be involved in this at >>>> all. Anyone could set up such a mail verification CA outside >>>> of the keyserver network. > > How about storing keys in a more distributed manner, DNS, in > addition to some other method of authentication, DNSSEC and DANE? See http://lists.gnupg.org/pipermail/gnupg-devel/2015-February/029544.html - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Ab esse ad posse - From being to knowing -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9CSbAAoJEP7VAChXwav6liwH+gILZFinaFUAPIL5vzX9eXM3 +kaRQOBl/XrTqW8Izk+qmjJncRTgUnJrmpKQC1ubDNJzi19ku4AA09mpD1PPc4HQ ytu9bqUGLnBj71Uffrn5lFQ/hSQGyGvtnmsBRw2f8P1d4qcxJdauHPBdI77eZvsJ d4rmzr6UKN9FQcCZQpkEiK/mzioh8/j7Dknzy9wC1Hb4ZmTpj/8LwMxMMh08djSF 3n6ZXmauKiBA6OnQgQ51guZF/abk1nDz6Y5J9fNIjbkJDgrYVFKUWKPxUOkgeOJM qPB1tOT6xcTrx/Wa+2NXZ4ZPzX7z5uMS/0IJPRvquEDT3FmbNfC+wdcL0FNlWVc= =/iS8 -----END PGP SIGNATURE----- From gnupgpacker at on.yourweb.de Mon Mar 2 10:16:01 2015 From: gnupgpacker at on.yourweb.de (gnupgpacker) Date: Mon, 2 Mar 2015 10:16:01 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F3251D.20300@enigmail.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> Message-ID: <000401d054c9$80c813e0$82583ba0$@on.yourweb.de> Hello, > On Behalf Of Patrick Brunschwig > Sent: Sunday, March 01, 2015 3:42 PM > The idea I have in mind is roughly as follows: if you upload a key to > a keyserver, the keyserver would send an encrypted email to every UID > in the key. Each encrypted mail contains a unique link to confirm the > email address. Once all email addresses are confirmed, the key is > validated and the keyserver will allow access to it just like with any > regular keyserver. > This way, we have a simple verification of the access to the private > the key, as well as access to the email addresses contained in the UID > by quite a simple means. I would say this is about as reliable as > sending an email to someone requesting their key. +1 This procedure should be implemented in keyservers. No CA needed, no centralisation necessary => just verifying of existing AND proper working email addresses. Additional: There are lot of old keys on keyservers not being verified in described manner. Those keys (or the newer, verified ones) could be marked with a short hint on keyservers to differ between verified and not verified email addresses. Facility of deleting own (!) keys on keyserver wanted for old (revoked, expired, test, failed...) keys. Regards, Chris From stebe at mailbox.org Mon Mar 2 11:35:19 2015 From: stebe at mailbox.org (Stephan Beck) Date: Mon, 02 Mar 2015 11:35:19 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F1B51B.4060205@digitalbrains.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F0CFA9.7070601@cardcontact.de> <54F0EA13.7020401@digitalbrains.com> <10330032.xGXXIq3lh9@inno> <54F1B51B.4060205@digitalbrains.com> Message-ID: <54F43CE7.1070008@mailbox.org> Am 28.02.2015 um 13:31 schrieb Peter Lebbing: > PS: By the way, my ISP and some of it's employees are in a perfect position to > do a man in the middle. No doubt about it. And we actually don't know how they "use" their position. Well, looking at some sort of collaboration published a few weeks ago, we might have some hints... >I sure hope they can't "just hack my system" because of > that position. Sticking to that "perfect position argument", in what kind of position are (would be) the people that control (packaging of) your distro? (Just curious.) >The one capability certainly does not imply the other. Cheers, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Mon Mar 2 12:32:40 2015 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 2 Mar 2015 12:32:40 +0100 Subject: A forgotten patch? In-Reply-To: <87zj7wildd.fsf@vigenere.g10code.de> References: <1425088957.14003.87.camel@neoprokrast.monkey.poo> <1425176984.14003.116.camel@neoprokrast.monkey.poo> <87zj7wildd.fsf@vigenere.g10code.de> Message-ID: <201503021232.46135.bernhard@intevation.de> On Sunday 01 March 2015 at 20:11:10, Werner Koch wrote: > > was a bug report for the patch? I would gladly write one if that would > > Well written bug reports are always appreciated. I believe the main thing that Werner is mentioning here is that analysis of an unwanted situation and a fix are two different things. Having a reproducable problem report is very valuable and may be easier to agree on as first step. Then there are always several ways to improve the situation. And naturally this may lead to a discussion about what is the best way to take. So if anyone find a problem with GnuPG - may it be a defect or a behaviour that should be different - best is to get a reproducable behaviour reported and get people to agree that it is a problem. Best Regards, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Mon Mar 2 12:35:30 2015 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 2 Mar 2015 12:35:30 +0100 Subject: wiki.gnupg.org (Re: LDAP-based Keyserver) In-Reply-To: <87y4ni9sza.wl%neal@walfield.org> References: <87y4ni9sza.wl%neal@walfield.org> Message-ID: <201503021235.32066.bernhard@intevation.de> Hi Neal, On Saturday 28 February 2015 at 12:27:05, Neal H. Walfield wrote: > ? http://wiki.gnupg.org/LDAPKeyserver and while you were at it, you have also went through a number of wiki pages correcting and improving the format and language! Thanks and welcome to the club of wiki.gnupg.org helpers! (We are always looking for more members! :) ) Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Mon Mar 2 13:20:41 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 02 Mar 2015 13:20:41 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: (Jonathan Schleifer's message of "Sun, 1 Mar 2015 23:43:25 +0100") References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <10210020677.20150301164545@my_localhost> <2032941.xNPWa1j001@collossus.ingo-kloecker.de> Message-ID: <87r3t7h9pi.fsf@vigenere.g10code.de> On Sun, 1 Mar 2015 23:43, js-gnupg-users at webkeks.org said: > I don't really agree with that. The goal is that the proof of work for a > single message takes 4 minutes. At that rate, sending spam really is not So you can send 360 mail a day. Assuming your 24/7 business make 700 Euro a day each mail costs you 2 Euro - snail mail would be much cheaper (or de-mail ;-). We had the discussion on proof-of-work as anti-spam measure more than a decade ago and the outcome was that it won't work. I can't see that any parameters changed since then. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From neal at walfield.org Mon Mar 2 14:33:53 2015 From: neal at walfield.org (Neal H. Walfield) Date: Mon, 02 Mar 2015 14:33:53 +0100 Subject: wiki.gnupg.org (Re: LDAP-based Keyserver) In-Reply-To: <201503021235.32066.bernhard@intevation.de> References: <87y4ni9sza.wl%neal@walfield.org> <201503021235.32066.bernhard@intevation.de> Message-ID: <87sidna5ha.wl%neal@walfield.org> At Mon, 2 Mar 2015 12:35:30 +0100, Bernhard Reiter wrote: > On Saturday 28 February 2015 at 12:27:05, Neal H. Walfield wrote: > > ? http://wiki.gnupg.org/LDAPKeyserver > > and while you were at it, you have also went through a number of wiki pages > correcting and improving the format and language! I was found out :) > Thanks and welcome to the club of wiki.gnupg.org helpers! > (We are always looking for more members! :) ) wiki.gnupg.org has the potential to be a great resource. But, it needs a lot more content. I think this would be a good place for recipes, such as , how to generate keys offline [1] or key signing related practices. Neal [1] http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/ From ndk.clanbo at gmail.com Mon Mar 2 14:38:21 2015 From: ndk.clanbo at gmail.com (NdK) Date: Mon, 02 Mar 2015 14:38:21 +0100 Subject: Whishlist for next-gen card In-Reply-To: <54F37C7A.3070800@digitalbrains.com> References: <54E6F12D.40504@gmail.com> <54E87133.2040202@digitalbrains.com> <54E8D46E.1080408@gmail.com> <54F0BAC0.7060503@digitalbrains.com> <54F0DAA3.9020208@gmail.com> <54F0E668.7020906@digitalbrains.com> <54F341B8.8040606@gmail.com> <54F37C7A.3070800@digitalbrains.com> Message-ID: <54F467CD.8020509@gmail.com> Il 01/03/2015 21:54, Peter Lebbing ha scritto: > No, I'm talking about that as well. And I don't think the fingerprint of > the host is part of the signed data or the signature. Why do you think the > fingerprint of the host is part of that? Because I didn't remember well the SSH protocol... > By /host/ authentication I mean that you verify that the host your are > connecting to is in fact the host you wanted to connect to; and /that/ is > through the public key of the host, of which you can verify the fingerprint. > Let's call this keypair A. That gets verified during initial key setup. > After you've verified the fingerprint, a copy of the hosts' public key, A, is > stored in ~/.ssh/known_hosts on your client machine. Ok, just something to help the user avoid a verification step every time. > But when the host is authenticating that you are in fact the user you are > claiming to be, you sign a challenge that only you could sign because you have > the private key, let's call it B. That is /user/ authentication. Ok. > The host checks that your public key B is in ~/.ssh/authorized_keys on the > server machine; if so, you're authenticated. Ok. But the signature contains the session identifier (called H in RFC4257 sec 8), that is derived from the initial key exchange (that should then be partially handled by the card as well). Luckily there's no need to recalculate it when keys are refreshed (RFC4257, sec 7.2), so it's one-time penalty. So the "card" should receive (and handle) the key exchange, prompting the user to accept the public key the server sent and then allow the auth key to just sign data where the session id is the one it calculated. Might be non-banal to handle concurrent ssh sessions with overlapping key exchanges (card generates a "blob" --might be symmetrically encrypted with a key only known to the card-- that's "cached" by ssh and passed back to the card when a new auth signature is requested for an existing session id?). BYtE, Diego. From rpuls at kcore.de Mon Mar 2 16:40:11 2015 From: rpuls at kcore.de (=?UTF-8?B?UmVuw6k=?= Puls) Date: Mon, 2 Mar 2015 16:40:11 +0100 Subject: Decrypting PGP/MIME on the command line In-Reply-To: <87sido9tr4.fsf@alice.fifthhorseman.net> References: <874mq4k0em.fsf@vigenere.g10code.de> <87sido9tr4.fsf@alice.fifthhorseman.net> Message-ID: On Mon, 02 Mar 2015 00:34:55 +0100 Daniel Kahn Gillmor wrote: > On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote: > > On Sun, 1 Mar 2015 15:32, rpuls at kcore.de said: > > > >> is there a command line utility that takes a PGP/MIME encrypted > >> message (a plain RFC 2822 text file) and outputs an unencrypted > >> copy? The > > > > Not really. MIME is a structured format and as such it may result > > in a bunch of encrypted, non-nencrypted, signed, unsigned, > > message/alternative sub-documents. Thus it is not easy to write a > > general purpose command line tool. > > python's email module is quite good for programmatically handling mime > parts if you want to manipulate an e-mail (though it may not be so > good for reconstructing it in some sort of bytewise exact fashion). Python seems to be the best solution for me, at least I have some experience with the language. Thank you, also to Werner and Doug, for the suggestions. > A tool that transforms an OpenPGP encrypted+signed MIME message into > an OpenPGP-signed MIME message while retaining the original signature > would be a really nice tool to have. I will post here if I manage to come up with something useful. :-) Ren? From peter at digitalbrains.com Mon Mar 2 18:53:57 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 02 Mar 2015 18:53:57 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F43CE7.1070008@mailbox.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F0CFA9.7070601@cardcontact.de> <54F0EA13.7020401@digitalbrains.com> <10330032.xGXXIq3lh9@inno> <54F1B51B.4060205@digitalbrains.com> <54F43CE7.1070008@mailbox.org> Message-ID: <54F4A3B5.8010800@digitalbrains.com> On 02/03/15 11:35, Stephan Beck wrote: > Sticking to that "perfect position argument", in what kind of position are > (would be) the people that control (packaging of) your distro? (Just > curious.) I think they basically completely control my system. For individual Debian Developers, it might need some ingenuity to get something sneaky on my computer, since they generally only provide source, and the binaries are built on the Debian infrastructure. Mind you, I say they need some ingenuity, that is a far shot from "it's difficult". But the keys that the package manager checks? If you have those, and can get my package manager to download your stuff, it's trivial to change any file, any binary, any program on my computer. It has occured to me that I probably could simply local-sign and fully trust all OpenPGP keys of Debian Developers, since if the holder of said key wanted, they could simply hardwire my GnuPG installation to effectively do the same without my consent. But still, I haven't done it :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From Deepak.Saxena at safenet-inc.com Mon Mar 2 16:41:06 2015 From: Deepak.Saxena at safenet-inc.com (Saxena, Deepak) Date: Mon, 2 Mar 2015 21:11:06 +0530 Subject: GPG4Win 2.2.3 Smart card support Message-ID: <33B1BAEAF9B37A439F73D9BF6B32ED4205F0096F@NOI1EXCH03.apac.sfnt.local> Hello, I am Deepak Saxena from Gemalto (formerly SafeNet Inc) and I am curious if smart cards are supported for storing the keys which will be used to encrypt files or email using gpg4win. I have installed gpg4win 2.2.3 and want to test SafeNet smart cards. I am getting following error: [cid:image001.jpg at 01D0552D.660C8450] Can you please update me if third party tokens/smartcard cards are supported in your product. Is MSCAPI/PKCS11 supported? --Deepak saxena +919911641953 The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 12493 bytes Desc: image001.jpg URL: From 2014-667rhzu3dc-lists-groups at riseup.net Mon Mar 2 22:00:23 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Mon, 2 Mar 2015 21:00:23 +0000 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <20150302104012.99d46e72ccd25b087199472f@webkeks.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> <10210020677.20150301164545@my_localhost> <134737899.20150302082014@my_localhost> <20150302104012.99d46e72ccd25b087199472f@webkeks.org> Message-ID: <232704321.20150302210023@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Monday 2 March 2015 at 9:40:12 AM, in , Jonathan Schleifer wrote: > It's not only your computer. Likewise, it is not just my computer that would be wasting orders of magnitude more energy on "proof of work" for all outgoing messages than it currently wastes on downloading a little spam. > Just think about the > processing power required by spam filters. I do not use spam filters because I have always regarded a single missed important message due to a "false positive" from a spam filter to be a more serious problem than any number of spam messages received. And if an email provider I use has spam filters that I cannot effectively opt out of, I still don't pay the electric bill for their processing power. > Think about > the load servers have. Think about wasted harddrive > space (mail providers do need to store that spam). I would wager that needless use of HTML in emails probably contributes far more to un-necessary server load and storage requirements than is contributed by than spam. > What does obvious have to do with wasting resources? If the spam messages were not obvious, far more man-hours would be wasted in spotting and deleting them. And people's time is the most precious resource of all. > Ok, you clearly haven't looked at it *at all*. There is > no corporate server involved. It's peer-to-peer. And > the proof of work is done on your local machine. I don't see corporate iT and data security policies giving up corporate email servers to allow peer-to-peer communication between staff's workstations and the outside world anytime soon. I would expect them to still want to know what staff were sending out, and maybe encrypt it at the network boundary. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net Alcohol and Calculus don't mix. Never drink and derive. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU9M9zXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwGsYIAJo0AO2vHomsEhwAC8m4zGHc 563MGDo4Q6USWNJGUZx+aDPZ5VYHsARB0gRS/wx4Az+nUnHS6VrEo9CH3PNFKIrp 1Wl8dkaNGUyc8FPJKhwNMMi/SJDQhAPshUeWZmkDp8BaWsTrPhlE91NVMUWeNdOO bu2qRwXxOsEjK+Ac/Spds2oyHwRjZTg9DT3mm892IBxBwZysLzkGXXtb8VhXmYJv Y11oenxYBlbzd95a2LYgdEQFhaHPFRjien179g3XroKqdZ3bOs7j6TF/OxP//cxU OwBC0c6yFkJoj9tEh649LjsVTJyaY6uSN9gWX/Hb3og45RzB9F1FFo/m4yLRMk6I vgQBFgoAZgUCVPTPeF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MN0AQDyacdIGkv0JiOzeUWrOlx3wLyb fuM8bA6vAnrVHFO8QgEAyncDMAY6b341xc8weBPKMJwYiIM9+kX6KJIPGvzf5gE= =ehQz -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Mon Mar 2 22:16:35 2015 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 02 Mar 2015 22:16:35 +0100 Subject: trust paths In-Reply-To: <7E6223D2-9610-435C-B4D1-FC9FB7A1233A@webkeks.org> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F0CFA9.7070601@cardcontact.de> <1425068740.5204.81.camel@scientia.net> <1756253.oFcBDuDOmV@inno> <1425072641.5204.95.camel@scientia.net> <54F1FD55.8080308@vulcan.xs4all.nl> <1425146173.4857.17.camel@scientia.net> <54F205AE.5010307@vulcan.xs4all.nl> <7E6223D2-9610-435C-B4D1-FC9FB7A1233A@webkeks.org> Message-ID: <54F4D333.5030503@vulcan.xs4all.nl> On 01-03-2015 13:27, Jonathan Schleifer wrote: > You are assuming it will be spoofed for everyone. It could just > be spoofed for you. Anybody who can MITM you and give you a fake > SSL cert that you accept Well, perhaps they could if the ONLY way I communicated wit someone would be electronically. I usually discuss sensitive matters with people I know personally, so I could compare key ID's when I meet the other in person. No way to spoof that. That might not work when whistleblowing to a reporter I don't know personally bu then, I would either first talk to him personally or remain completely anonymous. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From vedaal at nym.hush.com Mon Mar 2 22:23:23 2015 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 02 Mar 2015 16:23:23 -0500 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <232704321.20150302210023@my_localhost> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> <10210020677.20150301164545@my_localhost> <134737899.20150302082014@my_localhost> <20150302104012.99d46e72ccd25b087199472f@webkeks.org> <232704321.20150302210023@my_localhost> Message-ID: <20150302212323.7F50AE044A@smtp.hushmail.com> This month's Wired has an article about encryption for voice and text using pgp, and intercompatibility between i-phone and android while using it. http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ I wouldn't trust it with my real key, but would make a new 'smartphone' key signed with my real key, and comment it as for phone use only. If this catches on, as Wired thinks, then it might be a new way of introducing pgp encryption to the general public, and from there it's not such a difficult step to getting phone users to try encrypting e-mails and files, ... and breathe new life into pgp encryption ... vedaal From johanw at vulcan.xs4all.nl Mon Mar 2 22:24:45 2015 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 02 Mar 2015 22:24:45 +0100 Subject: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption] In-Reply-To: <54F37E20.3020101@riseup.net> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1425060977.5204.10.camel@scientia.net> <54F1B456.2080900@vulcan.xs4all.nl> <87a8zycel8.fsf@alice.fifthhorseman.net> <54F200CD.6060108@vulcan.xs4all.nl> <54F37E20.3020101@riseup.net> Message-ID: <54F4D51D.1010501@vulcan.xs4all.nl> On 01-03-2015 22:01, flapflap wrote: > Just think about the "grandchild trick" ([0], unfortunately not in > English) which is a method where the criminals phone (often elder) > people and tell them that they are a grandchild, nephew, or other remote > relative and need some money for some reason Ah yes, but then, with such methods a number of failures are to be expected and the scammers don't care as long as a certain percentage is fooled. When using this trick to fool someone into telling confidentuial things it is very uncertain. For once, I've never heard of the police trying something like this to obtain confessions or information: the chance of failure in an indivicual case are too big. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From js-gnupg-users at webkeks.org Mon Mar 2 22:29:56 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Mon, 2 Mar 2015 22:29:56 +0100 Subject: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption] In-Reply-To: <54F4D51D.1010501@vulcan.xs4all.nl> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1425060977.5204.10.camel@scientia.net> <54F1B456.2080900@vulcan.xs4all.nl> <87a8zycel8.fsf@alice.fifthhorseman.net> <54F200CD.6060108@vulcan.xs4all.nl> <54F37E20.3020101@riseup.net> <54F4D51D.1010501@vulcan.xs4all.nl> Message-ID: <20150302222956.d0021cc58ddd76f6ca91112e@webkeks.org> On Mon, 02 Mar 2015 22:24:45 +0100, Johan Wevers wrote: > For once, I've never heard of the police > trying something like this to obtain confessions or information: the > chance of failure in an indivicual case are too big. I'm guessing the reason is more that this would be a legal mine field and most likely completely useless in court. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available URL: From kristian.fiskerstrand at sumptuouscapital.com Mon Mar 2 22:36:19 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Mon, 02 Mar 2015 22:36:19 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F4458C.7050700@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf__7019.33337045393$1425067345$gmane$org@vigenere.g10code.de> <54F3251D.20300@enigmail.net> <000401d054c9$80c813e0$82583ba0$@on.yourweb.de> <54F4458C.7050700@sumptuouscapital.com> Message-ID: <54F4D7D3.4080700@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/02/2015 12:12 PM, Kristian Fiskerstrand wrote: > On 03/02/2015 10:16 AM, gnupgpacker wrote: >> Hello, Seems I inadvertently sent this message only directly without CCing the list > > > .. > > >> This procedure should be implemented in keyservers. > >> No CA needed, no centralisation necessary => just verifying of >> existing AND proper working email addresses. > > This _is_ a CA, granted with weak verification (could arguably say > similar to domain validated X.509 certs), but conceptually a CA > none the less. Such weak verification does not rely on being > implemented in keyservers, and would be better off outside it. > > >> Additional: There are lot of old keys on keyservers not being >> verified in described manner. > > Because they are not designed for it, nor need it. > >> Those keys (or the newer, verified ones) could be marked with a >> short hint on keyservers to differ between verified and not >> verified email addresses. > >> Facility of deleting own (!) keys on keyserver wanted for old >> (revoked, expired, test, failed...) keys. > > This could open up to several attacks, in particular where keys > have been revoked. The keyservers are add only for a reason, and > should remain so. > > > - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Expect the best. Prepare for the worst. Capitalize on what comes." (Zig Ziglar) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9NfPAAoJEP7VAChXwav6eSoH/1Gmz850g/CtJjo5La10GeO5 mIojoblh3P6k8yJ2FyHJqBQM12BqYXzjIa+cJizBBQG8ZSw4feX7kP2Ucznx37H/ 8UUzUmWEFDDF0A4asNX1oVo4xaDmJbbqyBIRzOIkDXsyoyC1vrKdfnA7wODO9U+F x4DBgOq/IaPVsZggeeEuKc5SoYKXhZ9+eHcPsSCWh0JrHR11YHR9nIV5LuxXoY0d z0X+afV2cExRRD8iGWb7QIA/sR33V2IaGCUfIwhi4+O+xmzETZTohiO03Jx5hE7H N/JYSPeNOSaVPPZ+2TNsbYkVs3RMOMdb3TvTZAQCOoNXo28T8nkAg8n0UZA3X9g= =EpMZ -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Mon Mar 2 23:33:40 2015 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 02 Mar 2015 23:33:40 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <20150302212323.7F50AE044A@smtp.hushmail.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <54F061B6.3070205@seichter.de> <20150227234821.GA15748@athena.barrera.io> <54F1A86D.1050907@seichter.de> <20150228123619.GA7370@athena.barrera.io> <54F1BD40.4080504@seichter.de> <54F1BEB8.5090603@digitalbrains.com> <4B188EF8-3D01-461F-BEF9-C8E4504A2301@webkeks.org> <10210020677.20150301164545@my_localhost> <134737899.20150302082014@my_localhost> <20150302104012.99d46e72ccd25b087199472f@webkeks.org> <232704321.20150302210023@my_localhost> <20150302212323.7F50AE044A@smtp.hushmail.com> Message-ID: <54F4E544.9070801@vulcan.xs4all.nl> On 02-03-2015 22:23, vedaal at nym.hush.com wrote: > http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ > > I wouldn't trust it with my real key, but would make a new > 'smartphone' key signed with my real key, and comment it as > for phone use only. You can't, it uses an own key scheme not compatible with openpgp. The protocol is described on https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2, they use ECC with Curve25519 and AES256. Signatures on a key are not possible. Only manual verification of the key fingerprint, or, when ypou meet in person, scanning this number represented in a QR code on screen with the camera, is possibble. > If this catches on, as Wired thinks I use Textsecure quite some time as sms replacement but failed to convinvce anyone else to use it too (wether as sms replacement or stand alone chatapp). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From hans at guardianproject.info Tue Mar 3 10:18:12 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 10:18:12 +0100 Subject: Circumvention Tech Summit in Valencia Message-ID: Are any GnuPG dev people at the Circumvention Tech Summit in Valencia, that is now until Saturaday? I'm arriving today. It could be useful to have a little GnuPG chat in person. .hc From rjh at sixdemonbag.org Tue Mar 3 12:51:52 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 12:51:52 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: References: Message-ID: <54F5A058.8010804@sixdemonbag.org> > Are any GnuPG dev people at the Circumvention Tech Summit in > Valencia, that is now until Saturaday? I'm arriving today. It could > be useful to have a little GnuPG chat in person. Daniel Kahn Gillmor and I are both here. (And in fact, we met briefly, and much to the surprise of many people here but not to either dkg or myself, there was mutual respect, goodwill, and a stunning lack of bloodshed.) :) Admittedly, "the GnuPG dev people" is really a one-element list containing Werner. But there are certainly people active in the GnuPG community here. From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 3 13:34:01 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 03 Mar 2015 13:34:01 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <54F5A058.8010804@sixdemonbag.org> References: <54F5A058.8010804@sixdemonbag.org> Message-ID: <54F5AA39.6090009@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/03/2015 12:51 PM, Robert J. Hansen wrote: >> Are any GnuPG dev people at the Circumvention Tech Summit in >> Valencia, that is now until Saturaday? I'm arriving today. It >> could be useful to have a little GnuPG chat in person. > > Daniel Kahn Gillmor and I are both here. (And in fact, we met > briefly, and much to the surprise of many people here but not to > either dkg or myself, there was mutual respect, goodwill, and a > stunning lack of bloodshed.) :) > Hope you guys have a great time! (and remember to sign each other's OpenPGP keys) :) - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nosce te ipsum! Know thyself! -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9ao0AAoJEP7VAChXwav6pAwIAKEN1XVB/PpHe/L3FVsurCZi BMDJrk7gszoIRzu8xJ+2wqUgmStdE1IZ/owQHZnBsF+PSF+OA0C0cfPy1ibCPj3Z K2GjayAx923SmaPsdaCnhqU/gn6hfeQsEYrBP5HXsa9KPMmFukW88SibxRNl5QAF WxRjKXS2aMNOxh+96xixgAynLeu72Mgdfogth2G8Z1daM6503t7fYtsIFjBITH9X yKjq1ItuNi8SvK7mimJWFfY+ngh/NSB5SKFHP0YpABI6vRihr7SgTJ8/Gwqj1Exq 11WMMkk36WIO6uRmpdBn5aqseniCEnNyUklP4Uwfgqxe6LDxgtklpnPsOH+MkVY= =Z2uc -----END PGP SIGNATURE----- From stebe at mailbox.org Tue Mar 3 13:54:01 2015 From: stebe at mailbox.org (Stephan Beck) Date: Tue, 03 Mar 2015 13:54:01 +0100 Subject: Fwd: Re: German ct magazine postulates death of pgp encryption In-Reply-To: <54F4A3B5.8010800@digitalbrains.com> References: <54F4A3B5.8010800@digitalbrains.com> Message-ID: <54F5AEE9.8080207@mailbox.org> Hi Peter, as your message hasn't reached the list inspite of being addressed to it, I resend it. Thanks Stephan -------- Weitergeleitete Nachricht -------- Betreff: Re: German ct magazine postulates death of pgp encryption Datum: Mon, 02 Mar 2015 18:53:57 +0100 Von: Peter Lebbing An: Stephan Beck , gnupg-users at gnupg.org On 02/03/15 11:35, Stephan Beck wrote: > Sticking to that "perfect position argument", in what kind of position are > (would be) the people that control (packaging of) your distro? (Just > curious.) I think they basically completely control my system. For individual Debian Developers, it might need some ingenuity to get something sneaky on my computer, since they generally only provide source, and the binaries are built on the Debian infrastructure. Mind you, I say they need some ingenuity, that is a far shot from "it's difficult". But the keys that the package manager checks? If you have those, and can get my package manager to download your stuff, it's trivial to change any file, any binary, any program on my computer. It has occured to me that I probably could simply local-sign and fully trust all OpenPGP keys of Debian Developers, since if the holder of said key wanted, they could simply hardwire my GnuPG installation to effectively do the same without my consent. But still, I haven't done it :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 3 13:59:54 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 03 Mar 2015 13:59:54 +0100 Subject: Fwd: Re: German ct magazine postulates death of pgp encryption In-Reply-To: <54F5AEE9.8080207@mailbox.org> References: <54F4A3B5.8010800@digitalbrains.com> <54F5AEE9.8080207@mailbox.org> Message-ID: <54F5B04A.6000301@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/03/2015 01:54 PM, Stephan Beck wrote: > Hi Peter, > > as your message hasn't reached the list inspite of being addressed > to it, I resend it. Fwiw, it reached the list just fine: http://lists.gnupg.org/pipermail/gnupg-users/2015-March/052931.html - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Audaces fortuna iuvat Fortune favors the brave -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9bBFAAoJEP7VAChXwav67NgIAI5R8vDx6cH/X7mtOVz3MdFi 9gT59pDxc+PD3ru3er0gF7k6Y0SGqRBHC9wparTyw/IuVIleziuQPVtMKqAU/sz5 htq9lsjVwRcLtzqSzjAOpF811yx2hpwxz7V5OrXkYinpXx6orfZVFCFSz143lVLX Kv6a96rsGVbOrEMrepHbCkqzayX1qpj+IHAmO+jKHUXeICporhky2VTTQKQ488Sb Id1xmEznig/9kUDBmqzGtEQPiNYGXh7Z3X9SWrdT7168ZiT4StnJeGzPjP7W+9gt pPubbh4R2GKX5tAeYxJfSN+6eHNrOwLtwimHI/SP/PWPzmtxpcMXGtbtkqCReuE= =wuAX -----END PGP SIGNATURE----- From mailing-lists at asatiifm.net Tue Mar 3 14:00:27 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Tue, 03 Mar 2015 15:00:27 +0200 Subject: Fwd: Re: German ct magazine postulates death of pgp encryption In-Reply-To: <54F5AEE9.8080207@mailbox.org> References: <54F4A3B5.8010800@digitalbrains.com> <54F5AEE9.8080207@mailbox.org> Message-ID: <54F5B06B.8030701@asatiifm.net> On 03.03.15 14:54, Stephan Beck wrote: > as your message hasn't reached the list inspite of being addressed to it It did :). -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From brian at minton.name Tue Mar 3 14:35:18 2015 From: brian at minton.name (Brian Minton) Date: Tue, 3 Mar 2015 08:35:18 -0500 Subject: Decrypting PGP/MIME on the command line In-Reply-To: References: Message-ID: Mailpile may be useful. https://mailpile.is It lets you scan in a bunch of messages, and decrypt them, and indexes them, keeping the index and message store encrypted. It has command line as well as a gui. On Sun, Mar 1, 2015 at 9:32 AM, Ren? Puls wrote: > Hi, > > is there a command line utility that takes a PGP/MIME encrypted message > (a plain RFC 2822 text file) and outputs an unencrypted copy? The > secret key is available and GnuPG is configured correctly. It is okay > if the process is somewhat lossy; signatures or attachments do not need > to be preserved, although I would not mind that either. :-) > > Background: I would like to decrypt e-mails permanently for archiving > and searching, and run this utility over hundreds of e-mails in a > single batch. > > Alternatively, if there is a way to permanently decrypt an e-mail in > Claws Mail, that would help me as well. It seems that Enigmail has such > a feature[1] (or will have it soon), but I have not found anything > similar for Claws Mail and would prefer a general-purpose utility which > I can just run as a filter, independent of my e-mail client. > > Ren? > > [1] http://sourceforge.net/p/enigmail/bugs/1/ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From stebe at mailbox.org Tue Mar 3 15:40:45 2015 From: stebe at mailbox.org (Stephan Beck) Date: Tue, 03 Mar 2015 15:40:45 +0100 Subject: Fwd: Re: German ct magazine postulates death of pgp encryption In-Reply-To: <54F5B06B.8030701@asatiifm.net> References: <54F4A3B5.8010800@digitalbrains.com> <54F5AEE9.8080207@mailbox.org> <54F5B06B.8030701@asatiifm.net> Message-ID: <54F5C7ED.9080608@mailbox.org> Am 03.03.2015 um 14:00 schrieb Ville M??tt?: > On 03.03.15 14:54, Stephan Beck wrote: >> as your message hasn't reached the list inspite of being addressed to it > > It did :). > Strange, I did only receive the PM, not the listmail, so I thought it might be useful to resend it. In that case, sorry for the duplication. Regards Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From samir at samirnassar.com Tue Mar 3 15:44:35 2015 From: samir at samirnassar.com (Samir Nassar) Date: Tue, 03 Mar 2015 15:44:35 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <54F5AA39.6090009@sumptuouscapital.com> References: <54F5A058.8010804@sixdemonbag.org> <54F5AA39.6090009@sumptuouscapital.com> Message-ID: <25918770.FihGgUjN1J@unicorn> On Tuesday, March 03, 2015 01:34:01 PM Kristian Fiskerstrand wrote: > On 03/03/2015 12:51 PM, Robert J. Hansen wrote: > > Daniel Kahn Gillmor and I are both here. (And in fact, we met > > briefly, and much to the surprise of many people here but not to > > either dkg or myself, there was mutual respect, goodwill, and a > > stunning lack of bloodshed.) :) > Hope you guys have a great time! (and remember to sign each other's > OpenPGP keys) :) Non developers are also here and happy to verify OpenPGP certificates as well. Samir -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Tue Mar 3 15:49:41 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 15:49:41 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <25918770.FihGgUjN1J@unicorn> References: <54F5A058.8010804@sixdemonbag.org> <54F5AA39.6090009@sumptuouscapital.com> <25918770.FihGgUjN1J@unicorn> Message-ID: <54F5CA05.7090205@sixdemonbag.org> > Non developers are also here and happy to verify OpenPGP certificates > as well. And happy to buy people beer. Thanks again, Samir. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From hans at guardianproject.info Tue Mar 3 13:50:24 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 13:50:24 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F05EF5.6050105@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105@sumptuouscapital.com> Message-ID: <8257BF12-09C1-41C2-9C5F-F78CB60FD5A9@guardianproject.info> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 02/27/2015 12:43 PM, Hauke Laging wrote: >> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker: >> >>> Maybe implementation with an opt-in could preserve publishing of >>> faked keys on public keyservers? >> >> We need keyservers which are a lot better that today's. IMHO that >> also means that a keyserver should tell a client for each offered >> certificate whether it (or a trusted keyserver) has made such an >> email verification. > > The keyservers have no role in this, they are pure data store and can > never act as a CA. That would bring up a can of worm of issues, both > politically and legally, I wouldn't want to see the first case where a > keyserver operator was sued for permitting a "fake key" (the term > itself is very misleading, the key itself isn't fake at all, but a > fully valid key where the UID has not been mated to its holder through > proper validation). The standard PGP keyserver pool is a mess with racist spam, lost keys that will be there forever, etc. The concept of email validation is very very common and proven in internet service providers. It is time for OpenPGP keyservers to join the rest of the internet. Keyservers should not be located in jurisdictions where they could be sued for merely acting as a conduit for data. There are many countries that meet this criteria. The US is one good example there: internet service providers are not liable for what their users do. .hc > Another way this is being handled in some systems is dedicated > keyservers for an organization (standard is keys.[domain] in the cases > I've seen) that looks up key using LDAP. This is a read-only store > that is connected to the Domain Controller / Active Directory in the > system I'm thinking of. So at least Symantec Encryption Server checks > for the existence of such a keyserver when sending and asking it for > it. The keys are automatically maintained with a short time to expiry > requiring frequent refreshes. I understand the rationale, but would > rather see a CA involved in this (i.e a Company Employee CA). > > People need to understand that operational security is critical for > any security of a system and validate the key through secondary > channel (fingerprint, algorithm type, key length etc verifiable > directly or through probabilistic measures e.g. based on historical > postings on mailing lists over a long time for a project etc). > > - -- > - ---------------------------- > Kristian Fiskerstrand > Blog: http://blog.sumptuouscapital.com > Twitter: @krifisk > - ---------------------------- > Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > - ---------------------------- > Ubi mel ibi apes > Where there's honey, there are bees > -----BEGIN PGP SIGNATURE----- > > iQEcBAEBCgAGBQJU8F7vAAoJEP7VAChXwav6yrwIAI95x/GZrq+5gCYhHjDuCWhv > a2FB1ki5c5unMzN6gtBjwY0Tf8SfAicnR2NpRn2VUkb68/hVG5H3JEhQcVsLt6Je > 5LUFR9gjyN8VGoDnMl0g1khxfNcakYh6f1vPmLihfiP4Yh6Pf6PebIkurqhvhwkf > NnwtIipSipDeXuQgJBMmN9fMXUqkO1uA2tt0tewtIaJy2y+BMmzVbRkpqZocl2z6 > VcwBT/7FUUv4ePdV16xTuim9DvmbsCoPmwl+1XRauEeJsN3AOyE0X/Y/gKYX4QX0 > RWUaCu2b7YRqMYyaYs053EsH+XEAPVOVDnBHUFst/c6j4hIJV7T4zB2mpi5+VKw= > =IZT3 > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From hans at guardianproject.info Tue Mar 3 14:00:23 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 14:00:23 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <87lhjjm8mn.fsf@vigenere.g10code.de> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf@vigenere.g10code.de> Message-ID: <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> On Feb 27, 2015, at 8:56 PM, Werner Koch wrote: > On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said: > >> that anyone can upload _every_ key to a keyserver is an issue. If >> keyservers would do some sort of verification (e.g. confirmation of >> the email addresses) then this would lead to much more reliable data. > > We have such a system. It is called S/MIME. > > Ever tried to find an S/MIME (X.509) key (aka certificate) for an > arbitrary mail address? The only working solution to get such a key is > by sending a mail and asking for the key. You can do the very same with > PGP of course. Keyservers along with visting cards are much nicer. > > So, why is there no public service to distribute X.509 keys? Because > nobody want to be legally responsible for such a key unless you push a > stack of money over the table for a qualified signature certificate. > > BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut > down for similar legal reasons. However, it is not a problem, we can > use other keyservers. > >> believe that this would make keyservers more trustworthy than today. > > There is no trust in keyservers by design. As soon as you start > changing this you are turning PGP into a centralized system. Services like keybase.io with poor security practices are going to rapidly take over from the PGP keyserver pool because they address side of the human interaction, unlike the PGP keyservers. They are easy to use and the follow the very common interaction patterns that basically all web services these days use. That must also be considered when thinking about security. The PGP keyservers need email validation not as a way to provide any kind of "trusted" status of that key, but rather so enable people to delete keys that should no longer be there, and to prevent keyserver spam and vandalism. For a good example, search for Richard Stallman and you will see how badly the PGP keyservers are failing. Another common scenario is that people make mistakes when learning how to use PGP. There is a common mistake of generating a key to play with, publishing to the keyserver, then deleting. That key will then be on the keyserver forever with no way to delete it. That is terrible both security-wise because it is confusing for people who are searching for keys, and it is terrible human-interaction-wise because it adds pointless noise when searching for keys. .hc From hans at guardianproject.info Tue Mar 3 14:29:38 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 14:29:38 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F07A7D.3040709@digitalbrains.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> Message-ID: On Feb 27, 2015, at 3:09 PM, Peter Lebbing wrote: > On 27/02/15 12:02, Hans-Christoph Steiner wrote: >> For example, I think that >> `gpg --json` is great idea. I ended up using a Java wrapper of GPGME, which >> is in turn a wrapper of GnuPG. I think it makes a lot more sense to have `gpg >> --json` as the parseble interface, then implement a GPGME-style framework in >> each language (Python, Java, etc). > > I'd say the JSON interface could just be an additional set of functions in > GPGME; and GPGME simply talks the old colon-separated protocol to the gpg > binary. You can't just take out the colon-separated protocol, and that protocol > has all the information. You could simply have GPGME reformat the output. > > Unless you mean that you want to speak to the gpg binary yourself, without GPGME > in between. In that, case, I simply think you might be on the wrong track, and > should use a library. If GPGME itself is a problem because you don't know what > platform you should compile for, like in Python, then the library could be > re-implemented in pure Python instead of using a foreign function interface. > > The old calling conventions of the binary cannot change, otherwise you'd break > everything that already depends on it. And adding multiple ways of doing the > same thing in the gpg binary seems the wrong place; more code, more chance of > bugs, etcetera. This is where libraries come in, to save you the burden of > working with the gpg binary. It is actually more difficult to wrap GPGME in Java than to have just rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad API for other languages. You end up with an API that feels like a C API forced into the language, e.g. Java, python, etc. That makes for more coding mistakes because it feels foreign to the programmer. More mistakes means more security issues. .hc From samir at samirnassar.com Tue Mar 3 16:10:59 2015 From: samir at samirnassar.com (Samir Nassar) Date: Tue, 03 Mar 2015 16:10:59 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <54F5CA05.7090205@sixdemonbag.org> References: <25918770.FihGgUjN1J@unicorn> <54F5CA05.7090205@sixdemonbag.org> Message-ID: <3995222.d1cKYBiXjx@unicorn> On Tuesday, March 03, 2015 03:49:41 PM Robert J. Hansen wrote: > > Non developers are also here and happy to verify OpenPGP certificates > > as well. > > And happy to buy people beer. Thanks again, Samir. :) It is in the constitution; if you are a FOSS developer the least I can do is provide $beverage. Samir -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From hans at guardianproject.info Tue Mar 3 14:33:13 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 14:33:13 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <20150227121834-25258-9117-mailpile@slinky> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> Message-ID: <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> On Feb 27, 2015, at 1:19 PM, Bjarni Runar Einarsson wrote: > Hi Hans-Christoph! > > Hans-Christoph Steiner wrote: >> With all the recent attention to GnuPG and Werner's work, I have begun to >> think about things differently. GnuPG has an amazing security track record. >> It has had few serious security bugs, nothing even close to heartbleed that I >> know of, and yet it is core to providing security to GNU/Linux distros, as >> well as protecting people like Laura Poitras and Edward Snowden. So instead >> of complaining about the difficulties, I now try to think about whether such >> difficulties might actually be related to what makes GnuPG so solid. > > Some of the more jaded will call this Stockholm syndrome. :-P > > I don't agree with the voices that want to discard PGP and start from > scratch. There is valuable experience and maturity in this project, > which is why we care enough to complain when it is hard to work with. > >> anyone interested in providing usable security needs to think hard about this. >> Sure we can make things easier to use, but it is a very slippery slope >> towards reducing security. > > I really disagree with this. If a security tool is too hard to > understand, whether for a developer or user, then insecurity will be the > inevitable result: people will use it wrong. This is only in part > GnuPG's resposibility, most of the complexity is inherited from OpenPGP > and the fact that public/private key crypto and key management are just > very complex topics. > > This is the one point where I agree with the voices calling for > abandoning OpenPGP entirely. It can well be argued that the whole > cryptoscheme has been field tested and proven too complex for humans to > use correctly. That's not exactly GnuPG's problem either, but these > voices are becoming louder and, increasingly, there is finally > competition in this space. The project will get marginalized if > usability is ignored completely. > > Mailpile's attempt to make OpenPGP easy to use is us stubbornly trying > to prove that it can be done. But I'm only somewhat optimistic that > we'll succeed, and we'll only do so if we face reality and drop a large > number of the features that make PGP what it is - in particular the web > of trust and default trust model, and who knows what else. I don't mind > if that code exists inside GnuPG, but Mailpile is absolutely not going > to be using it. I think if you actually disagree, you are missing my essential point. But my guess is that we agree more than disagree. Of course, I entirely agree that bad usability can also make a technically secure system actually very insecure. This point is not mutually exclusive with what I said, and indeed both must be taken fully into account. So for example, we could make PGP email really easy if we consider only a mass surveillance threat model. Just make all the processes transparent in the background: passphrases, key generation, downloading public keys, etc. But that would produce a system that would not work for the highly targeted threat models like Edward Snowden and Laura Poitras. They would need to use a specialized system, and that specialized system might then be a marker of suspicion (for example, lots of governments, including the NSA, already mark all PGP messages as suspicious). That then makes it a lot harder for people who suddenly realize that they might be under scrutiny. There is a big tide of thinking about usability of security tools. This is a great thing, and we need lots of contributions. But what it happening far too often these days is that the new generation are trumpeting "ease of use" above all else. We are seeing systems like keybase.io that make things really easy, but also expect users to upload their _private_ key to some alpha web service. That is terrible security practice. I've also been arguing that we need to make encryption much easier to do. But we are failing as UX designers if we do not deeply understand the systems that are trying to make easier to use. And that is why I advocate thinking long and hard about GnuPG, and what makes it hard to use, and what makes it secure. Only then can we really make solid security usable. >> I also have to call out that part of the problem that mailpile is continuing: >> it is generally more fun to write code, rather than figure out someone else's >> library. That is especially true when its a complicated thing like GnuPG. >> But in order to have shared maintenance and work, we all need to take >> responsibility and try to build upon the work of others whenever possible. >> Mailpile did not do that, and instead wrote yet another incomplete >> python API for GnuPG. > > Fair enough. We were in a hurry, and we probably did make a mistake > here. There is a reason why we haven't broken our library out and > published separately though: we do hope to tear it out and replace it > with something more standard down the line. > > However, having done the work, I can now state with confidence that the > complexity of our library is not because GnuPG is doing complex things. > It is because the GnuPG command line interfaces for automation are > incomplete and very hard to work with. Libraries might be able to hide > this fact, but that doesn't make the problem go away - sysadmins and > scripters everywhere have to deal with this all the time. It's a real > burden and the source of many, many posts to this list and others. > > It's easy for developers to lose sight of the fact that no matter how > many libraries exist, most people first encounter gpg at the command > line. Slowly expanding on that and automating what you have learned is > the Unix way, and it's a wonderful thing. Whatever the reason, GnuPG is > not very good at this today. > > Unfortunately lots of existing code depends on these things staying > unchanged, quirks and all. So it may be too late to fix, realistically > speaking. Missing flags could be added, but cleaning up the stuff that > already exists may be impossible. If that's Werner's verdict, then I > totally understand and promise to stop complaining about it. I strongly support an effort to make a clean, modern method of interacting with GnuPG. Then we can make flexible, maintainable, and native-feeling GnuPG libraries. I think that `gpg --json` encapsulates the idea quite well. Then --with-colons can remain as is for compatibility. The big question here is: who is going to do the work? And I don't think it is a valid question to just punt and say "GnuPG has all this money now". It is bigger than that. >> Another possibility is making ASSUAN, the internal protocol between GnuPG >> components, the API instead of `gpg --json`. This only works on GnuPG 2.1, as >> far as I understand it, since in 2.1, even commands like gpg communicate with >> gpg-agent using ASSUAN, and it is actually gpg-agent that does all the work. > > FWIW, I took a lok at Assuan a while back, and I really like it. > Replacing Assuan with JSON might help the project interface with the > rest of the world, but that's the only argument in its favour; Assuan is > definitely more suited to the things that GPG has to do. There is also a > nice little Python library for interacting with it, so if gpg-agent ends > up exposing an Assuan interface which can do all the stuff people do > with GPGME, then I'll be very happy to switch to that. > > Very happy! :-) Werner wasn't too keen in the past, but maybe there are some new thoughts on this. `gpg --json` seems like a worthwhile fallback for public ASSUAN. >> Contrary to the mailpile write-ups, I think that having all the work >> happen in gpg-agent makes sense, as long as there is a good API to it. > > I think you misunderstood my complaint. I don't mind if the agent is a > persistance daemon that provides GPG-related services, that's all well > and good. It's good process separation and I have no problem with that. > > My gripe with the agent, is the agent is controlling the UI of > authentication. This breaks Mailpile, and this is one of the key areas > where GnuPG crosses the imaginary line between library/utility and > "application". Fixing this was point 1. in my list of suggestions and explaining why it was necessary was the bulk of the post. > > I took a look at the kludge Werner directed me towards in his previous > mail - as far as I can tell, I can't use it unless I run my own > dedicated gpg-agent with a custom configuration and custom keyring. > Because gpg-agent controls the UI. > > I can do that. I can run a dedicated gpg-agent just for Mailpile and > have a dedicated keyring. That'll work fine for most people and some may > even prefer it. Only the folks on this list and folks that already have > PGP keys will be unhappy that suddenly they have two keyrings to worry > about, not just one... and for people wanting to keep their keychains in > sync, we will have made key management even harder than it already is. > > As far as I can tell, those are the options available to me at the > moment, unless I just stick with gnupg 1.4.x. My guess is that you can achieve whatever you want to achieve using a custom pinentry. But my memory is rusting, and Abel Luck, the other main dev on the Android port, did the bulk of that work. .hc From rjh at sixdemonbag.org Tue Mar 3 16:15:45 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 16:15:45 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <3995222.d1cKYBiXjx@unicorn> References: <25918770.FihGgUjN1J@unicorn> <54F5CA05.7090205@sixdemonbag.org> <3995222.d1cKYBiXjx@unicorn> Message-ID: <54F5D021.1070009@sixdemonbag.org> > It is in the constitution; if you are a FOSS developer the least I > can do is provide $beverage. I'm glad I contribute code to a couple of small FOSS digital forensics projects, then. Because I've never contributed a single line of code to GnuPG or Enigmail. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Mar 3 16:14:15 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 03 Mar 2015 16:14:15 +0100 Subject: Circumvention Tech Summit in Valencia In-Reply-To: <54F5A058.8010804@sixdemonbag.org> (Robert J. Hansen's message of "Tue, 03 Mar 2015 12:51:52 +0100") References: <54F5A058.8010804@sixdemonbag.org> Message-ID: <87ioeidsfs.fsf@vigenere.g10code.de> On Tue, 3 Mar 2015 12:51, rjh at sixdemonbag.org said: > Admittedly, "the GnuPG dev people" is really a one-element list > containing Werner. But there are certainly people active in the GnuPG The web page lists more and several more have write access to git.gnupg.org. I considered to affend but the number of open bugs keeps me working here. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 3 16:20:34 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 03 Mar 2015 16:20:34 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <8257BF12-09C1-41C2-9C5F-F78CB60FD5A9@guardianproject.info> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105@sumptuouscapital.com> <8257BF12-09C1-41C2-9C5F-F78CB60FD5A9@guardianproject.info> Message-ID: <54F5D142.3090200@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/03/2015 01:50 PM, Hans of Guardian wrote: > > On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > > On 02/27/2015 12:43 PM, Hauke Laging wrote: >>>> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker: >>>> >>>>> Maybe implementation with an opt-in could preserve >>>>> publishing of faked keys on public keyservers? >>>> >>>> We need keyservers which are a lot better that today's. IMHO >>>> that also means that a keyserver should tell a client for >>>> each offered certificate whether it (or a trusted keyserver) >>>> has made such an email verification. > > The keyservers have no role in this, they are pure data store and > can never act as a CA. That would bring up a can of worm of > issues, both politically and legally, I wouldn't want to see the > first case where a keyserver operator was sued for permitting a > "fake key" (the term itself is very misleading, the key itself > isn't fake at all, but a fully valid key where the UID has not been > mated to its holder through proper validation). > > >> The standard PGP keyserver pool is a mess with racist spam, lost >> keys that will be there forever, etc. The concept of email >> validation is very very common and proven in internet service >> providers. And anyone is free to set up a CA that performs this validation and signs the returned key. >> It is time for OpenPGP keyservers to join the rest of the >> internet. > They are already quite up to date, SKS 1.1.5+ (development master) even supports the experimental Ed25519 draft used by GnuPG. What you are proposing here isn't about joining the rest of the internet, it is about subverting the security by introducing a false sense of security and even worse, that opens up well known attack vectors. By the way, an OpenPGP key is fully valid without any email address as part of any UID. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Acta est fabula So ends the story -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9dE9AAoJEP7VAChXwav6ThcH/iTlxKZA9VQoExj8BEueXx61 hC1vCYwozu03+D1NnEjaR4M60i3M+rGz47NNQ3CXGgSkMNP1jp5WYt2V1TZ9maWO Ho5O1XEqXAW0KGmoKUCmRFPstAWjySpa1fOc/4Zx6N9Ay4WqzPxu7OyJwK174AKz LKahw+LRntlbj7NrgJqFwQfXzbqKO23oFD9bd4Z9dX4UuM7lWnSk55AKw7K3R2gW UnTt4DAdBEDjz3IwClFCArY87MiW+i2F7sSmg6MkH4A6LkSQRjvSgUa0+tUO+4SR yHC9KVV1Ru+JxJsxcqM9gOjU1i5Pq9qc7/z5+oNvgju7ltPAKLB6MJjOz4RK1BM= =7Z2B -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 3 16:22:56 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 03 Mar 2015 16:22:56 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F5D142.3090200@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105@sumptuouscapital.com> <8257BF12-09C1-41C2-9C5F-F78CB60FD5A9@guardianproject.info> <54F5D142.3090200@sumptuouscapital.com> Message-ID: <54F5D1D0.1050008@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/03/2015 04:20 PM, Kristian Fiskerstrand wrote: > On 03/03/2015 01:50 PM, Hans of Guardian wrote: > >> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > ... > >>> The standard PGP keyserver pool is a mess with racist spam, >>> lost keys that will be there forever, etc. The concept of >>> email validation is very very common and proven in internet >>> service providers. > > And anyone is free to set up a CA that performs this validation > and signs the returned key. > >>> It is time for OpenPGP keyservers to join the rest of the >>> internet. > > > They are already quite up to date, SKS 1.1.5+ (development master) > even supports the experimental Ed25519 draft used by GnuPG. What > you are proposing here isn't about joining the rest of the > internet, it is about subverting the security by introducing a > false sense of security and even worse, that opens up well known > attack vectors. > > By the way, an OpenPGP key is fully valid without any email address > as part of any UID. For completeness, going to include some of the template for my response to delete key requests; But your situation is a good example of why one should never trust a key based on email address in UID alone, but need to verify fingerprint, creation type, key algorithm etc with the perceived owner and certify/sign the key. If you google you'll find some more detailed explanations as to why you can't delete a key from a keyserver. Long story short, even if it was technically possible the social protocol is missing. Speaking more generally, there might've been two (or more) people sharing the same name, and email addresses change over time, if the previous user deleted his email, it wouldn't make the key any less valid that someone else take over the email address. This is why one should never trust email address alone, but always verify keys through other means (mainly fpr, creation date, algo, size). That several keys exists for a single address is, from a cryptographical and security point of view irrelevant, as it is only applicable as a potential issue if people don't follow proper procedure for due dilligence. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9dHLAAoJEP7VAChXwav6CmwH/AhHo8DYGxagxwESb6o1LlHm oDHv/W4tWF5tcp7gOW4bQfjHglgIIVJqAZoroyRIYfmK4amrX1kGqWDHG2aJ80Rr IoQwJjAyhQkUhea+lIZ+w3JaY80gtZ2ZaFZ1Dj88OAg5qX02Dy5ip2e0SunzA/91 jPjqFyUuuXDt5ThUblaTS4DgrlDEXWtYacaalE/nCZhdtlwVE4eBbma5Fp7LTLfU nBIzPtZNe64gXz9h9BWZmDgLLXWvrlj1CuUCe6KKkxZoDUUgsWZBszwW+tv9HlPq x3Gc8e2A5aIc4UooJlMnlvS/78AQ6nDieTBcgMiYKyxuyC7fP3bWEf9Xrhv6SKE= =Z4Ie -----END PGP SIGNATURE----- From brian at minton.name Tue Mar 3 16:23:13 2015 From: brian at minton.name (Brian Minton) Date: Tue, 03 Mar 2015 10:23:13 -0500 Subject: Thoughts on GnuPG and automation In-Reply-To: <87mw3y94fj.fsf@alice.fifthhorseman.net> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <87mw3y94fj.fsf@alice.fifthhorseman.net> Message-ID: <54F5D1E1.5030405@minton.name> It breaks mailpile because gpg-agent is not session aware. A user could be logged in locally, using mailpile, and a remote attacker could access the web interface of that locally running mailpile instance, which since it is talking to the same gpg-agent, would think the remote user is logged in (or more precisely, has the private key). I think that one solution would be to have mailpile use a per-session gpg home dir. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 274 bytes Desc: OpenPGP digital signature URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 3 16:32:41 2015 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 03 Mar 2015 16:32:41 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf@vigenere.g10code.de> <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> Message-ID: <54F5D419.6040206@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/03/2015 02:00 PM, Hans of Guardian wrote: > > On Feb 27, 2015, at 8:56 PM, Werner Koch wrote: > ... > > Services like keybase.io with poor security practices are going to > rapidly take over from the PGP keyserver pool because they address > side of the human interaction, unlike the PGP keyservers. They > are easy to use and the follow the very common interaction patterns > that basically all web services these days use. That must also be > considered when thinking about security. The PGP keyservers need > email validation not as a way to provide any kind of "trusted" > status of that key, but rather so enable people to delete keys that > should no longer be there, and to prevent keyserver spam and > vandalism. For a good example, search for Richard Stallman and you > will see how badly the PGP keyservers are failing. I fail to see how this is a failure on the side of the keyservers, it is part of the expected practise and a fully understood scenario, which is why it is mandated to conduct key verification through secure channels. > > Another common scenario is that people make mistakes when learning > how to use PGP. There is a common mistake of generating a key to > play with, publishing to the keyserver, then deleting. That key > will then be on the keyserver forever with no way to delete it. > That is terrible both security-wise because it is confusing for > people who are searching for keys, and it is terrible > human-interaction-wise because it adds pointless noise when > searching for keys. It doesn't affect neither security nor the user at all, the first because the key anyways needs to be verified, the second because the key anyways needs to be verified. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU9dQVAAoJEP7VAChXwav6BuoH/0IT/ihPi4ImnOGrKDId8xNg 9s17GVVjIZJQrWSCWLH35YhgtXNVxCeyhzSuIps6C1V5V7joRdHMAmDFq7XKtptf FKvysceQ97Vd1eLILyLJi/IEQbR52x0Kp+HcqCtk1TuiqVEtQKXfPtaobVDNxbxQ eUhigPi0ep7IiO6udE8cZ+3tWqzqzVWPEyyeP5kOucHdfE6UuCVqFd8XgP4sDYHT nuvXn/LGXrKcG40LhFSjDaHHX2xx5Mow/dGNKWDH+GIAuIy2yJN/TaZw+vohXGy8 3bjlyeoFJQeBPu7O8BjVT20OK6jnJPFZywMdd09U/SX1lDqKVt4zPcyPwSNPHZc= =VSei -----END PGP SIGNATURE----- From peter at digitalbrains.com Tue Mar 3 16:43:12 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 03 Mar 2015 16:43:12 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> Message-ID: <54F5D690.9030607@digitalbrains.com> On 03/03/15 14:29, Hans of Guardian wrote: > It is actually more difficult to wrap GPGME in Java than to have just > rewritten GPGME in Java. In my opinion, if this is the case, then that is indeed the proper solution: write a general-purpose library ? la GPGME, but don't call gpg directly from your application. Calling the gpg binary is indeed an API, as was said here. It's the API GPGME uses, for instance. GPGME does not somehow load gpg in its address space or something; it simply invokes gpg, in a separate process. That calling the gpg binary is an API doesn't make it the right API for other programs to use. The right API in general would be GPGME or an alternative to GPGME. Just like libc is the proper API for a program to use instead of directly issuing syscalls to the Linux kernel. The syscall interface is an API; it's just not the right one in many cases. At least, this is my view of it. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From MichaelQuigley at TheWay.Org Tue Mar 3 16:02:43 2015 From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org) Date: Tue, 3 Mar 2015 10:02:43 -0500 Subject: Fwd: Re: German ct magazine postulates death of pgp encryption In-Reply-To: References: Message-ID: "Gnupg-users" wrote on 03/03/2015 09:41:25 AM: > ----- Message from Stephan Beck on Tue, 03 Mar > 2015 15:40:45 +0100 ----- > > To: gnupg-users at gnupg.org > > Subject: Re: Fwd: Re: German ct magazine postulates death of pgp encryption > > Am 03.03.2015 um 14:00 schrieb Ville M??tt?: > > On 03.03.15 14:54, Stephan Beck wrote: > >> as your message hasn't reached the list inspite of being addressed to it > > > > It did :). > > > Strange, I did only receive the PM, not the listmail, so I thought it might be > useful to resend it. In that case, sorry for the duplication. > > Regards > > Stephan I believe if you are personally addressed, the list management software doesn't send you a duplicate copy of the message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From calestyo at scientia.net Tue Mar 3 16:48:31 2015 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Tue, 03 Mar 2015 16:48:31 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf@vigenere.g10code.de> <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> Message-ID: <1425397711.4798.22.camel@scientia.net> On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote: > The PGP keyservers need email validation no it's pretty useless from a security POV and they don't need it. > not as a way to provide any kind of "trusted" status of that key, but > rather so enable people to delete keys that should no longer be there, > and to prevent keyserver spam and vandalism. Unfortunately it seems that you miss(understand) some of the basic paradigms of security here: Actually the opposite is the case - removing keys from the keyservers (even if they're allegedly spam) would be a big security compromise of the whole system, as potentially important information (revocation certs, valid keys, etc.) would be removed as well. And who should in the end decide which key respectively which identity is valid? For there may be many Richard Stallmans, and if even such famous person uses an address like stallman at gmail.com, he could later give it up and someone else takes it (or vice-versa). If such keys would then considered spam,... then good night. > Another common scenario is that people make mistakes when learning how > to use PGP. There is a common mistake of generating a key to play > with, publishing to the keyserver, then deleting. While that's unfortunate... it's part of the game and as long as you aren't a keyserver operator/developer this shouldn't make you any concerns - unless of course you use the keyservers to authenticate (i.e. only one Richard Stallman -> that must be him) ... but then you're doomed anyway and no one will, should or could help you. > That is terrible both security-wise because Actually the contrary as laid out above. For that reasons the keyserver used to generally refuse removal of keys for years, and exceptions where only made on selective servers and then only to obey some stupid laws which actually degrade security here. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5313 bytes Desc: not available URL: From rjh at sixdemonbag.org Tue Mar 3 16:53:14 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 16:53:14 +0100 Subject: German ct magazine postulates death of pgp encryption In-Reply-To: <54F5D419.6040206@sumptuouscapital.com> References: <000d01d05269$c1726dd0$44574970$@on.yourweb.de> <1890860.SDiBssEjyI@inno> <000e01d05280$656fed70$304fc850$@on.yourweb.de> <7920271.MAWFr6xyvP@inno> <54F05EF5.6050105__7398.9701144912$1425039188$gmane$org@sumptuouscapital.com> <54F09ACB.6020108@enigmail.net> <87lhjjm8mn.fsf@vigenere.g10code.de> <865C8D86-B091-4C51-B010-7D3BD4F27818@guardianproject.info> <54F5D419.6040206@sumptuouscapital.com> Message-ID: <54F5D8EA.4040003@sixdemonbag.org> >> Services like keybase.io with poor security practices... > > I fail to see how this is a failure on the side of the keyservers... I fully agree with Kristian. I further don't see how keybase.io amounts to "poor security practice". The Web of Trust is, itself, a poor practice because it's rarely-if-ever used in practice; even something like TOFU is far superior to the Web of Trust in most real-world environments. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Mar 3 17:01:34 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 17:01:34 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> Message-ID: <54F5DADE.3030507@sixdemonbag.org> Hans, please trim your quoted material. > They would need to use a specialized system, and that specialized > system might then be a marker of suspicion (for example, lots of > governments, including the NSA, already mark all PGP messages as > suspicious). Unless you've got a desk somewhere deep inside Fort Meade and you're sitting in on briefings the rest of us aren't, you don't know this. There's a lot of panic and paranoia in the air already without people making it worse by treating what they *think* is true as if they *know* it's true. (I don't know if what he's claiming is true or false... but I *do* know that I don't believe his certainty, and I wouldn't believe anyone else who claimed to be certain, either!) > trumpeting "ease of use" above all else. We are seeing systems like > keybase.io that make things really easy, but also expect users to > upload their _private_ key to some alpha web service. keybase doesn't expect users to upload the private key. It works just fine if you don't, and in fact you have to go through an extra couple of steps to put the private key on the keybase servers. For some use cases this is a good practice. For many more it's a bad practice. But it's way too facile to simply say, > That is terrible security practice. From hans at guardianproject.info Tue Mar 3 17:28:12 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 17:28:12 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5D1E1.5030405@minton.name> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <87mw3y94fj.fsf@alice.fifthhorseman.net> <54F5D1E1.5030405@minton.name> Message-ID: Yeah, mailpile has a very unusual architecture, so its no surprise it'll need some unusual tricks. Unusual tricks in software that aims to be secure generally make me nervous since it is important to keep code readable and understandable for both the core devs, but also contributors, auditors, etc. .hc On Mar 3, 2015, at 4:23 PM, Brian Minton wrote: > It breaks mailpile because gpg-agent is not session aware. A user could > be logged in locally, using mailpile, and a remote attacker could access > the web interface of that locally running mailpile instance, which since > it is talking to the same gpg-agent, would think the remote user is > logged in (or more precisely, has the private key). > > I think that one solution would be to have mailpile use a per-session > gpg home dir. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From hans at guardianproject.info Tue Mar 3 17:33:14 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 17:33:14 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5D690.9030607@digitalbrains.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> Message-ID: On Mar 3, 2015, at 4:43 PM, Peter Lebbing wrote: > On 03/03/15 14:29, Hans of Guardian wrote: >> It is actually more difficult to wrap GPGME in Java than to have just >> rewritten GPGME in Java. > > In my opinion, if this is the case, then that is indeed the proper > solution: write a general-purpose library ? la GPGME, but don't call gpg > directly from your application. > > Calling the gpg binary is indeed an API, as was said here. It's the API > GPGME uses, for instance. GPGME does not somehow load gpg in its address > space or something; it simply invokes gpg, in a separate process. > > That calling the gpg binary is an API doesn't make it the right API for > other programs to use. The right API in general would be GPGME or an > alternative to GPGME. > > Just like libc is the proper API for a program to use instead of > directly issuing syscalls to the Linux kernel. The syscall interface is > an API; it's just not the right one in many cases. > > At least, this is my view of it. > > Peter. Different programming languages and operating systems can have very different ways of launching and handling external processes. By forcing them all to launch GPG in the UNIX way makes for complicated and weird software. For example, Android works very differently than any UNIX or even Windows, especially when it comes to launching and managing processes. At the risk of being repetitive: Android runs the Linux kernel, but is it far far far from being UNIX or GNU/Linux. .hc From rjh at sixdemonbag.org Tue Mar 3 17:49:42 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 17:49:42 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> Message-ID: <54F5E626.5010808@sixdemonbag.org> > Different programming languages and operating systems can have very > different ways of launching and handling external processes. Eh. Different operating systems, sure: that's the nature of kernels. They provide different syscalls, and that's at root how you launch an external process -- by making syscalls. But different programming languages can have very different ways of launching and handling external processes? I've never seen that to be true. C#'s Process, C's fork/exec, Python's subprocess, Go's syscall.StartProcess()... it's all pretty much identical. There are a couple of exotics, but they're exotic. > By forcing them all to launch GPG in the UNIX way makes for > complicated and weird software. It *can* make for complicated and weird software. I don't doubt that GnuPG doesn't fit well into the Android model, but this isn't a reason to do GPGME differently. If I'm Count Rugen, I'm not going to complain that glovemakers need to change the way they do things to accommodate my six fingers. I'm going to acknowledge that my hands are quite a lot different from the glovemakers' models, and rather than tell the glovemakers how five-fingered gloves are a mistake because they don't account for the possibility of six, I'm just going to hire a tailor to make my gloves. (Count Rugen: the six-fingered villain from _The Princess Bride_.) From hans at guardianproject.info Tue Mar 3 18:26:03 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 18:26:03 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5DADE.3030507@sixdemonbag.org> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> Message-ID: On Mar 3, 2015, at 5:01 PM, Robert J. Hansen wrote: > Hans, please trim your quoted material. > >> They would need to use a specialized system, and that specialized >> system might then be a marker of suspicion (for example, lots of >> governments, including the NSA, already mark all PGP messages as >> suspicious). > > Unless you've got a desk somewhere deep inside Fort Meade and you're > sitting in on briefings the rest of us aren't, you don't know this. > > There's a lot of panic and paranoia in the air already without people > making it worse by treating what they *think* is true as if they *know* > it's true. > > (I don't know if what he's claiming is true or false... but I *do* know > that I don't believe his certainty, and I wouldn't believe anyone else > who claimed to be certain, either!) This is definitely public information from the Snowden leaks. There is also quite a bit of information about other governments doing similar things. Here's one example article: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ > >> trumpeting "ease of use" above all else. We are seeing systems like >> keybase.io that make things really easy, but also expect users to >> upload their _private_ key to some alpha web service. > > keybase doesn't expect users to upload the private key. It works just > fine if you don't, and in fact you have to go through an extra couple of > steps to put the private key on the keybase servers. > > For some use cases this is a good practice. For many more it's a bad > practice. But it's way too facile to simply say, > >> That is terrible security practice. keybase has started to downplay the private key stuff. When it started, you had to upload your private key to use the service. Uploading your private key to keybase sets people up for a centralized system with terrible security. It'll be an obvious target, and they are a startup doing webby things, which also has a terrible security track record. There are so many exploits in ruby, javascript, etc. The fact that they even considered this an option just shows that they only care about easy, not about secure. .hc From hans at guardianproject.info Tue Mar 3 18:29:40 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 18:29:40 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5E626.5010808@sixdemonbag.org> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> Message-ID: On Mar 3, 2015, at 5:49 PM, Robert J. Hansen wrote: >> Different programming languages and operating systems can have very >> different ways of launching and handling external processes. > > Eh. Different operating systems, sure: that's the nature of kernels. > They provide different syscalls, and that's at root how you launch an > external process -- by making syscalls. > > But different programming languages can have very different ways of > launching and handling external processes? I've never seen that to be > true. C#'s Process, C's fork/exec, Python's subprocess, Go's > syscall.StartProcess()... it's all pretty much identical. There are a > couple of exotics, but they're exotic. > >> By forcing them all to launch GPG in the UNIX way makes for >> complicated and weird software. > > It *can* make for complicated and weird software. I don't doubt that > GnuPG doesn't fit well into the Android model, but this isn't a reason > to do GPGME differently. > > If I'm Count Rugen, I'm not going to complain that glovemakers need to > change the way they do things to accommodate my six fingers. I'm going > to acknowledge that my hands are quite a lot different from the > glovemakers' models, and rather than tell the glovemakers how > five-fingered gloves are a mistake because they don't account for the > possibility of six, I'm just going to hire a tailor to make my gloves. > > (Count Rugen: the six-fingered villain from _The Princess Bride_.) Android has an installed base of hundreds of millions. Desktop UNIX is the exotic system here as compared to Windows, Android, etc. .hc From peter at digitalbrains.com Tue Mar 3 19:09:32 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 03 Mar 2015 19:09:32 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> Message-ID: <54F5F8DC.8030804@digitalbrains.com> On 03/03/15 18:29, Hans of Guardian wrote: > Android has an installed base of hundreds of millions. Desktop UNIX > is the exotic system here as compared to Windows, Android, etc. I have no idea about how difficult it is to launch the gpg binary with a few pipes attached to a few file descriptors and perhaps anything else you need. But I fail to see why you brought it up. I thought we were discussing two alternatives: - Call gpg directly - Use a library such as GPGME that calls gpg for you In both cases, the gpg binary is executed as a separate process. So it seems to me any issues with this are the same in both cases. In fact, if it indeed is tricky as you say, you're better off if you have a library do this for you, so you don't have to get it right in each and every application. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From rjh at sixdemonbag.org Tue Mar 3 19:31:14 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 19:31:14 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> Message-ID: <54F5FDF2.5030306@sixdemonbag.org> > This is definitely public information from the Snowden leaks. There > is also quite a bit of information about other governments doing > similar things. Here's one example article: If all encrypted traffic is deemed suspicious, then 99.9999999% of the suspicious set -- Amazon transactions, Google searches, SMTP transfers, instant messaging, OkCupid profiles, iTunes purchases, and more -- is totally clean. You'd have statistically better odds by arresting random people on suspicion of murder. The policy would be completely pants-on-head absurd. This leads to a different question: "Is it more likely that this is the real pants-on-head absurd policy, or that the _Forbes_ journo has profoundly misunderstood the subject?" Just because something's been published doesn't mean it should be trusted. Bring your brain -- and when someone tells you something that supports your worldview, look at that thing hard and twice. From rjh at sixdemonbag.org Tue Mar 3 19:35:40 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 03 Mar 2015 19:35:40 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> Message-ID: <54F5FEFC.8020405@sixdemonbag.org> > Android has an installed base of hundreds of millions. So? GnuPG and GPGME are products of their birth, just like anything else. It was built for desktop operating systems. If you want to make it live in the mobile space, go with God and I wish you all the luck in the world -- but if GPGME isn't working well for you, the burden is on you to do something better. The burden isn't on GPGME to totally change how it does things. I really don't understand what you're getting at here. From wk at gnupg.org Tue Mar 3 20:52:36 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 03 Mar 2015 20:52:36 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: (Hans of Guardian's message of "Tue, 3 Mar 2015 14:29:38 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> Message-ID: <87twy1dfjv.fsf@vigenere.g10code.de> On Tue, 3 Mar 2015 14:29, hans at guardianproject.info said: > It is actually more difficult to wrap GPGME in Java than to have just > rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad Sorry, but that is not your problem. The problem on Android seems to be that it is not easy to install anything else than plain Java apps. We have GPGME bindings for all kind of languages from Ada over Java to Scheme. Thus I can't see the problem - need another kind of data object to be handled in GPGME? No problem, it can easily be done. Is the event loop the problem? That is somewhat harder to get right but that is always the case if you use a library. I don't really understand your complaints given that we worked together to port GnuPG to Android. GPGME is just a small thing on top of it and way easier than GnuPG itself. It has nothing to do with fork+exec - GnuPG uses that itself a lot. In 2010 we ported GnuPG and GPGME and Kontact (includes KMail) to Windows Mobile 6.5. I can tell you, that was a task but we finally did it. And the problems were not due to GnuPG (even that it ate up many of the scarce process slots) but due to the shear amount of memory KDE stuff required. Consider as an example this: On Windows CE (the kernel of Windows Mobile), you don't have stdout and stdin, nor is there a way to inherit or pass on file descriptors. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kloecker at kde.org Tue Mar 3 21:24:15 2015 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Tue, 3 Mar 2015 21:24:15 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5FDF2.5030306@sixdemonbag.org> References: <54F04EC5.3000107@guardianproject.info> <54F5FDF2.5030306@sixdemonbag.org> Message-ID: <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> On Tuesday 03 March 2015 19:31:14 Robert J. Hansen wrote: > > This is definitely public information from the Snowden leaks. There > > is also quite a bit of information about other governments doing > > > similar things. Here's one example article: > If all encrypted traffic is deemed suspicious, then 99.9999999% of the > suspicious set -- Amazon transactions, Google searches, SMTP transfers, > instant messaging, OkCupid profiles, iTunes purchases, and more -- is > totally clean. You'd have statistically better odds by arresting random > people on suspicion of murder. The policy would be completely > pants-on-head absurd. After the recent terrorist attacks in Paris and Brussels some German politicians are again arguing that we need Vorratsdatenspeicherung (data retention, i.e. storage of all communication meta data for 6 months) in Germany to prevent such attacks. Obviously, 99.9999999 % of this data will be completely unrelated to terrorist attacks, i.e. totally clean as you put it. You'd have statistically better odds by arresting random people on suspicion of terror. Still this completely pants-on-head absurd policy will become reality if those German politicians get what they want. > This leads to a different question: "Is it more likely that this is the > real pants-on-head absurd policy, or that the _Forbes_ journo has > profoundly misunderstood the subject?" Well, the Guardian wrote "However, alongside those provisions [to minimise data collected from US persons; I.K.], the Fisa court-approved policies allow the NSA to: [...] ? Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;" Full article: http://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-without-warrant Specifically, see Exhibit B, Section 5 (3) a. http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document Moreover, see the recent article http://justsecurity.org/19308/congress-latest-rules-long-spies-hold-encrypted-data-familiar/ which claims "The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ?incidentally? collected encrypted communications for an indefinite period of time." So, you are right, that the articles do not claim that the NSA collects and keeps all encrypted communication forever. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From hans at guardianproject.info Tue Mar 3 21:29:08 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Tue, 3 Mar 2015 21:29:08 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5F8DC.8030804@digitalbrains.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> Message-ID: On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: > On 03/03/15 18:29, Hans of Guardian wrote: >> Android has an installed base of hundreds of millions. Desktop UNIX >> is the exotic system here as compared to Windows, Android, etc. > > I have no idea about how difficult it is to launch the gpg binary with a > few pipes attached to a few file descriptors and perhaps anything else > you need. > > But I fail to see why you brought it up. > > I thought we were discussing two alternatives: > > - Call gpg directly > - Use a library such as GPGME that calls gpg for you > > In both cases, the gpg binary is executed as a separate process. So it > seems to me any issues with this are the same in both cases. In fact, if > it indeed is tricky as you say, you're better off if you have a library > do this for you, so you don't have to get it right in each and every > application. > > Peter. GPGME is that library that wraps gpg execution, and I've spent weeks of my life working GPGME on Android. The way that GPGME wraps gpg is built entirely on UNIX assumptions, which is turns out that Windows works actually pretty close to that. Android, on the other hand is a very different story. Some key differences: * Android will kill apps when it needs to, app lifecycle is automatically managed, the app has no control over it, and often zero warning is given * Android was not meant to support launching processes from a shell/terminal, it was there for core debugging, then opened up on demand from devs, but it is very much a second class citizen to a Java Android app. * all apps are child processes of 'zygote' * there is no way to install shared libraries to be shared by apps There are other differences as well. And iOS actually works a lot like Android, but also blends some UNIX stuff in. I think we can also find similar issues when looking at how to make a proper Python API for GnuPG (though probably not as extreme). .hc From 2014-667rhzu3dc-lists-groups at riseup.net Tue Mar 3 21:33:17 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Tue, 3 Mar 2015 20:33:17 +0000 Subject: Duplicate copies of list messages when you are also addressed personally [Was: Re: Fwd: Re: German ct magazine postulates death of pgp encryption] In-Reply-To: <54F5C7ED.9080608@mailbox.org> References:

<54F5C7ED.9080608@mailbox.org> Message-ID: <1774836432.20150303203317@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tuesday 3 March 2015 at 3:02:43 PM, in , MichaelQuigley at TheWay.Org wrote: > I believe if you are personally addressed, the list > management software doesn't send you a duplicate copy > of the message. The option is set at . "Avoid duplicate copies of messages? When you are listed explicitly in the To: or Cc: headers of a list message, you can opt to not receive another copy from the mailing list. Select Yes to avoid receiving copies from the mailing list; select No to receive copies. " - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net War is a matter of vital importance to the State. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJU9hqQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwKz0IAKi63hONqYt0dkU2/hJaCAa+ KQmg9oYgtZsuBa/z1on4TCJc+hvJuoXwW383zMkC8uaTkhMXMnpoLwYcI7466nal plSSRdtn28hJ/DZSKzpFwZ2fKOwTP7EW7Yjp4d/mWNa/3yzxSdK7Tpq+p3G7VYg9 67FYsV56yp75aTOSGa4AjPkrcoBvUME2H5VC/quUxcjF6XgrlOvLZGnszoTYuek7 HhhUF5SKUTJ9HGWJ2i0bUr44nL2+ximj3BkuBGxsrT9e40EZ0/6+O6Vc71DBiWIw RNj3ni9emQwD8WQi+VvBwUaf7knHX99hW2Q7xmNcy0Ff+n8NEPFaptJT1jwUCwqI vgQBFgoAZgUCVPYall8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CYPAQAXEgORb3g660Ii+KH/6Ziv+z/f p3KnJN2+i0d8pUiX8gEA5uE52W7xqw4/2TxJPV/7v+fYFSDoIS69vWnHlL9gUQs= =QKwF -----END PGP SIGNATURE----- From brad at fineby.me.uk Tue Mar 3 21:38:02 2015 From: brad at fineby.me.uk (Brad Rogers) Date: Tue, 3 Mar 2015 20:38:02 +0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> References: <54F04EC5.3000107@guardianproject.info> <54F5FDF2.5030306@sixdemonbag.org> <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> Message-ID: <20150303203802.6ab7551c@abydos.stargate.org.uk> On Tue, 3 Mar 2015 21:24:15 +0100 Ingo Kl?cker wrote: Hello Ingo, >of terror. Still this completely pants-on-head absurd policy will >become reality if those German politicians get what they want. It's not just in Germany: Politicians across the world utilise similar scaremongering tactics to justify their paranoid, and xenophobic, vision of society. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" Just coz they do it in the movies, don't mean to say that it's cool Keep It Clean - The Vibrators -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From m.mansfeld at mansfeld-elektronik.de Tue Mar 3 21:42:53 2015 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Tue, 03 Mar 2015 21:42:53 +0100 Subject: Newspeek, (was: Re: Thoughts on GnuPG and automation) In-Reply-To: <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> References: <54F04EC5.3000107@guardianproject.info>, <54F5FDF2.5030306@sixdemonbag.org>, <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> Message-ID: <54F61CCD.11863.40B9F01@m.mansfeld.mansfeld-elektronik.de> On 3 Mar 2015 at 21:24, Ingo Kl?cker wrote: [..] > After the recent terrorist attacks in Paris and Brussels some German > politicians are again arguing that we need Vorratsdatenspeicherung > (data retention, i.e. storage of all communication meta data for 6 > months) in Germany to prevent such attacks. We here in Germany use newspeek and call this now "Digitale Spurensicherung" = "digital forensics" See https://www.youtube.com/watch?v=ZCSei796yHA made by our CSU here in Bavaria. Only in German language, but there is no difference with or without text. Simplification beyond recognition, and everything is fine, just fine and easy... :-/ Regards Matthias -- OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF From s.murthy at mykolab.com Tue Mar 3 21:47:54 2015 From: s.murthy at mykolab.com (Sandeep Murthy) Date: Wed, 4 Mar 2015 07:47:54 +1100 Subject: Thoughts on GnuPG and automation In-Reply-To: <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> References: <54F04EC5.3000107@guardianproject.info> <54F5FDF2.5030306@sixdemonbag.org> <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de> Message-ID: <38BC893A-6452-4157-B9F3-9592F6B5FBF5@mykolab.com> > On 4 Mar 2015, at 07:24, Ingo Kl?cker wrote: > After the recent terrorist attacks in Paris and Brussels some German > politicians are again arguing that we need Vorratsdatenspeicherung (data > retention, i.e. storage of all communication meta data for 6 months) in > Germany to prevent such attacks. Obviously, 99.9999999 % of this data will be > completely unrelated to terrorist attacks, i.e. totally clean as you put it. > You'd have statistically better odds by arresting random people on suspicion > of terror. Still this completely pants-on-head absurd policy will become > reality if those German politicians get what they want. > In Australia this idea, unfortunately, may become reality - a proposed change to existing laws to require companies to retain metadata is being debated in parliament, although public opinion is against data retention. Hopefully this change will fail. Once such a data retention law is in place it is dangerous because inevitably there is a ?mission creep? that sets in - it is not hard to imagine one day that encryption software users, maybe GPG users, will be required to disclose information about the way they use it. I think in the UK recently the PM made some ambiguous comments which can be interpreted as seeking a ban on end-to-end encryption software by private users on the grounds that terrorists benefit just as much as ordinary law-abiding citizens from using encryption. Of course this shows he just does not understand the issues involved and this idea will not go anywhere. Sandeep Murthy s.murthy at mykolab.com From m.mansfeld at mansfeld-elektronik.de Tue Mar 3 22:02:10 2015 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Tue, 03 Mar 2015 22:02:10 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <38BC893A-6452-4157-B9F3-9592F6B5FBF5@mykolab.com> References: <54F04EC5.3000107@guardianproject.info>, <20078833.0pHQCTGTDG@collossus.ingo-kloecker.de>, <38BC893A-6452-4157-B9F3-9592F6B5FBF5@mykolab.com> Message-ID: <54F62152.31716.41D4677@m.mansfeld.mansfeld-elektronik.de> On 4 Mar 2015 at 7:47, Sandeep Murthy wrote: [...] > Once such a data retention law is in place it is dangerous because > inevitably there is a "mission creep" that sets in - it is not > hard to imagine one day that encryption software users, maybe GPG > users, will be required to disclose information about the way they use > it. I think in the UK recently the PM made some ambiguous comments > which can be interpreted as seeking a ban on end-to-end encryption > software by private users on the grounds that terrorists benefit just > as much as ordinary law-abiding citizens from using encryption. Of > course this shows he just does not understand the issues involved and > this idea will not go anywhere. I assume everybody here knows http://xkcd.com/538/ ....... and stuff like this is law in some countries. Coercive detention, or (if we just forget "law, what the f*** is law") some fine ideas used against unlawful combatants...... Today in paranoid mode Matthias -- Unsere Korrespondenz kann mitgelesen werden. Wollen Sie das erschweren, mailen wir uns gerne mit (Open)PGP verschl?sselt. -- Matthias Mansfeld Elektronik * Leiterplattenlayout Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF From hans at guardianproject.info Wed Mar 4 00:50:44 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Wed, 4 Mar 2015 00:50:44 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5FDF2.5030306@sixdemonbag.org> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> Message-ID: <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> On Mar 3, 2015, at 7:31 PM, Robert J. Hansen wrote: >> This is definitely public information from the Snowden leaks. There >> is also quite a bit of information about other governments doing >> similar things. Here's one example article: > > If all encrypted traffic is deemed suspicious, then 99.9999999% of the > suspicious set -- Amazon transactions, Google searches, SMTP transfers, > instant messaging, OkCupid profiles, iTunes purchases, and more -- is > totally clean. You'd have statistically better odds by arresting random > people on suspicion of murder. The policy would be completely > pants-on-head absurd. > > This leads to a different question: "Is it more likely that this is the > real pants-on-head absurd policy, or that the _Forbes_ journo has > profoundly misunderstood the subject?" > > Just because something's been published doesn't mean it should be > trusted. Bring your brain -- and when someone tells you something that > supports your worldview, look at that thing hard and twice. If you are interested, you should read the details. Because you are missing some key details here. I believe they log all PGP encrypted communication. That would be easy for them to do. I don't know about HTTPS. .hc From hans at guardianproject.info Wed Mar 4 00:55:28 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Wed, 4 Mar 2015 00:55:28 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5F8DC.8030804@digitalbrains.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> Message-ID: <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: > On 03/03/15 18:29, Hans of Guardian wrote: >> Android has an installed base of hundreds of millions. Desktop UNIX >> is the exotic system here as compared to Windows, Android, etc. > > I have no idea about how difficult it is to launch the gpg binary with a > few pipes attached to a few file descriptors and perhaps anything else > you need. > > But I fail to see why you brought it up. > > I thought we were discussing two alternatives: > > - Call gpg directly > - Use a library such as GPGME that calls gpg for you > > In both cases, the gpg binary is executed as a separate process. So it > seems to me any issues with this are the same in both cases. In fact, if > it indeed is tricky as you say, you're better off if you have a library > do this for you, so you don't have to get it right in each and every > application. > > Peter. In Android, you can't really have shared libraries. Apps share functionality at a higher level (aka Activities and Services). So GnuPG-for-Android _is_ the shared library in effect, since it provides OpenPGP via Activities. No one is saying that each app should have a custom wrapper for GnuPG. What I think mailpile is saying, and what I'm trying to say is that for programming environments where GPGME does not make sense, there should be the ability to easily make a native version of what GPGME is doing. .hc From hans at guardianproject.info Wed Mar 4 00:57:46 2015 From: hans at guardianproject.info (Hans of Guardian) Date: Wed, 4 Mar 2015 00:57:46 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <87twy1dfjv.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> Message-ID: <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> On Mar 3, 2015, at 8:52 PM, Werner Koch wrote: > On Tue, 3 Mar 2015 14:29, hans at guardianproject.info said: > >> It is actually more difficult to wrap GPGME in Java than to have just >> rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad > > Sorry, but that is not your problem. The problem on Android seems to be > that it is not easy to install anything else than plain Java apps. > > We have GPGME bindings for all kind of languages from Ada over Java to > Scheme. Thus I can't see the problem - need another kind of data object > to be handled in GPGME? No problem, it can easily be done. Is the > event loop the problem? That is somewhat harder to get right but that > is always the case if you use a library. > > I don't really understand your complaints given that we worked together > to port GnuPG to Android. GPGME is just a small thing on top of it and > way easier than GnuPG itself. It has nothing to do with fork+exec - > GnuPG uses that itself a lot. > > In 2010 we ported GnuPG and GPGME and Kontact (includes KMail) to > Windows Mobile 6.5. I can tell you, that was a task but we finally did > it. And the problems were not due to GnuPG (even that it ate up many of > the scarce process slots) but due to the shear amount of memory KDE > stuff required. Consider as an example this: On Windows CE (the kernel > of Windows Mobile), you don't have stdout and stdin, nor is there a way > to inherit or pass on file descriptors. And that is why this thread is going on, so hopefully we can come to an agreement that there are many areas where GnuPG can be used but GPGME is a bad solution to do it. That is all I ask really from this thread at this point. The bizarre Java wrapper of GPGME was not the biggest part of the problem of the GnuPG-for-Android port, but it was nonetheless a real problem. Sure it is possible to use GPGME with Java, but it is not good, and ill-fitting APIs make for bad software, which in turn often leads to bad security. It also took a lot of time. In retrospect, I think it would have been quicker to write a native GPGME in Java on Android than to continue the work on the gnupg-for-java wrapper. Now I'm trying to convey my experience of what I learned by actually getting GPGME working on Android, and how the situation can be improved. It turns out that I came to some quite similar conclusions to the mailpile team: there needs to be a shared interface for native frameworks, GPGME is not the way for many popular environments. .hc From rjh at sixdemonbag.org Wed Mar 4 01:40:52 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 04 Mar 2015 01:40:52 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> Message-ID: <54F65494.1070708@sixdemonbag.org> > If you are interested, you should read the details. Did. Have. > Because you are missing some key details here. In other words, "you're wrong, but I'm not going to present any evidence or reasoning, I'm just going to make vague statements about how you're missing details which I am privy to." > I believe they log all PGP encrypted communication. At this point, you saying that you believe something -- without supporting evidence -- no longer carries any weight with me. If you're going to present this without evidence, I'm going to reject it without comment. From robertc at broadcom.com Wed Mar 4 01:43:29 2015 From: robertc at broadcom.com (Bob (Robert) Cavanaugh) Date: Wed, 4 Mar 2015 00:43:29 +0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> Message-ID: <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> Native to what? Processor, OS? I think Peter and the group already adequately answered this: If GPGME is not providing an interface that meets Android requirements, then look into how GPGME interfaces to GPG and emulate that interface. For you to request that the interface be changed can be likened to someone requesting that I2C be changed because you have a hard time implementing it. This is pretty much a non-starter IMHO. Implementing interfaces to existing infrastructures is bread-and-butter to software development. Stop asking for fundamental infrastructure changes and start solving your problem. The group has literally hundreds of m-y that can be used productively to help you do this, but harness the group's power in a constructive manner. Bob Cavanaugh -----Original Message----- From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Hans of Guardian Sent: Tuesday, March 03, 2015 3:55 PM To: Peter Lebbing Cc: gnupg Subject: Re: Thoughts on GnuPG and automation On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: In Android, you can't really have shared libraries. Apps share functionality at a higher level (aka Activities and Services). So GnuPG-for-Android _is_ the shared library in effect, since it provides OpenPGP via Activities. No one is saying that each app should have a custom wrapper for GnuPG. What I think mailpile is saying, and what I'm trying to say is that for programming environments where GPGME does not make sense, there should be the ability to easily make a native version of what GPGME is doing. .hc _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From rjh at sixdemonbag.org Wed Mar 4 01:45:12 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 04 Mar 2015 01:45:12 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> Message-ID: <54F65598.50100@sixdemonbag.org> > And that is why this thread is going on, so hopefully we can come to > an agreement that there are many areas where GnuPG can be used but > GPGME is a bad solution to do it. Maybe I'm a little irritable here, but -- pretty much everyone who's ever hacked on GnuPG has found situations where GPGME isn't a good solution, sometimes for architectural reasons and sometimes for API reasons and sometimes for language binding reasons and sometimes for licensing reasons and... etc. No one has ever said GPGME is the all-purpose, all-in-one solution. No one. So why are we having this discussion? What was the point in even bringing it up? From wk at gnupg.org Wed Mar 4 09:58:28 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 09:58:28 +0100 Subject: gpgme and Java (was: Thoughts on GnuPG and automation) In-Reply-To: <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> (Hans of Guardian's message of "Wed, 4 Mar 2015 00:57:46 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> Message-ID: <87385lcf63.fsf_-_@vigenere.g10code.de> On Wed, 4 Mar 2015 00:57, hans at guardianproject.info said: > thread at this point. The bizarre Java wrapper of GPGME was not the > biggest part of the problem of the GnuPG-for-Android port, but it was > nonetheless a real problem. Sure it is possible to use GPGME with You mean Stefan's decade old Java binding? Well, there was not much interest in it for years and if there is now a need for a proper Java binding, it should be done. > Java, but it is not good, and ill-fitting APIs make for bad software, > which in turn often leads to bad security. It also took a lot of Please describe the problems you have with the API so that we actually have something to talk about. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 4 09:55:07 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 09:55:07 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F65598.50100@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 04 Mar 2015 01:45:12 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> <54F65598.50100@sixdemonbag.org> Message-ID: <877fuxcfbo.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 01:45, rjh at sixdemonbag.org said: > ever hacked on GnuPG has found situations where GPGME isn't a good > solution, sometimes for architectural reasons and sometimes for API > reasons and sometimes for language binding reasons and sometimes for > licensing reasons and... etc. It can't be that bad: $ apt-cache rdepends libgpgme11 | wc -l 84 and the majority of problems I hear are by projects which do not use GPGME. So I wonder a bit about your statement. Right, it is not easy to control the advanced features of OpenPGP with GPGME. It can be done and there is quite some example code available. Please also consider that GPGME is not an OpenPGP thing but a protocol independent library for off-line encryption protocols (actually it is also possible to do add online things with it). GPGME works on all kind of platforms, form WindowsCE over Android to any Unix system. There are two open bugs out of 69 filed bugs over the last 10 years. Development might have been a bit slower in the last 2 years after Marcus had to leave us. If there are real problems and not just a "I do not like the open-process-close" paradigm, this should be raised and discussed (gnupg-devel). In particular problems with language binding should be solved and if possible I'd like to add the language binding to the gpgme release to be sure that it is a one-stop-solution. > No one has ever said GPGME is the all-purpose, all-in-one solution. No > one. So why are we having this discussion? What was the point in even Right, key signing and such is not a primary goal of GPGME. It is about bread-and-butter encryption services. we always said, that if there is a real need for a new interface we will add that. But before we do that it is important to see whether such a use pattern actually works. GPGME is under the LGPGv2.1+ - this is the most liberal copyleft license I know. On purpose this has not been changed to GPLv3 or LGPGv3 so that it can even be used by evil DRM riddled proprietary software. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 4 10:04:05 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 10:04:05 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> (Hans of Guardian's message of "Wed, 4 Mar 2015 00:50:44 +0100") References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> Message-ID: <87y4ndb0ca.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 00:50, hans at guardianproject.info said: > If you are interested, you should read the details. Because you are > missing some key details here. I believe they log all PGP encrypted > communication. That would be easy for them to do. I don't know about > HTTPS. I don't known for sure about encrypted mail but it is known that https connection information is recorded and stored for future attacks: For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 4 10:07:43 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 10:07:43 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> (Bob Cavanaugh's message of "Wed, 4 Mar 2015 00:43:29 +0000") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: <87twy1b068.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 01:43, robertc at broadcom.com said: > I think Peter and the group already adequately answered this: If GPGME > is not providing an interface that meets Android requirements, then > look into how GPGME interfaces to GPG and emulate that interface. FWIW, EasyPG, the GnuPG interface used by Emacs, is more or less exactly modelled after GPGME - in Elisp of course. This is due to an Emacs policy to keep the C-written core small with not to much dependencies. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Wed Mar 4 10:50:53 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 04 Mar 2015 10:50:53 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <87y4ndb0ca.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> <87y4ndb0ca.fsf@vigenere.g10code.de> Message-ID: <54F6D57D.6020903@sixdemonbag.org> > I don't known for sure about encrypted mail but it is known that > https connection information is recorded and stored for future > attacks: Perhaps. Plausible, even, given storage requirements for connection information. But storing traffic, when 99.999999% of it is good -- that's ridiculous. The reason why I'm so fervent about stomping down on fashionable misinformation, by the way, is because the people propagating these things are *hurting* *people*. Security is as much a state of mind as it is a state of reality. Here in the United States, violent crime is down 50% since the 1990s, and crimes against children are down even more than that. Yet, due to a steady stream of awful news stories, most people feel they're in more danger than ever before, and parents are genuinely afraid to let their kids play outdoors. The last time we've been this safe in our communities was the early 1970s, and we feel like we're under siege. That's no way to live. When people feel like they're under siege they act like they're under siege. Personal relationships fray. People stop trusting each other. Happiness plummets. Suffering increases. We face a lot of threats on the electronic front, yes. We absolutely need to face these threats squarely. If we pretend a real threat doesn't exist, that's terrible for our overall health as a society. But if we pretend a false threat *does* exist... that's just as bad. The possibility of widespread metadata collection is real, troubling, and the free countries of the world need to engage in some spirited discussion about it. The possibility of *every encrypted communication* being intercepted and stored for later exploitation ... is not real, and we need to stop treating it as such. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Wed Mar 4 10:57:57 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 04 Mar 2015 10:57:57 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <877fuxcfbo.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> <54F65598.50100@sixdemonbag.org> <877fuxcfbo.fsf@vigenere.g10code.de> Message-ID: <54F6D725.9040301@sixdemonbag.org> > It can't be that bad: > > $ apt-cache rdepends libgpgme11 | wc -l 84 > > and the majority of problems I hear are by projects which do not use > GPGME. So I wonder a bit about your statement. You're looking at FOSS projects that have successfully used GPGME, but that doesn't tell you about proprietary projects that have chosen not to use GPGME. I've had clients refuse to use GPGME because of the licensing, even under the LGPLv2.1. (Foolish, I know.) Other times I've discovered GPGME doesn't support a particular feature I need, like discovering the default preference lists that are currently in use. Etc. This doesn't impact my opinion of GPGME as a tool. It just means that, like all tools, there are environments where other tools are better ideas. From wk at gnupg.org Wed Mar 4 11:01:16 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 11:01:16 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: (Hans of Guardian's message of "Tue, 3 Mar 2015 21:29:08 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> Message-ID: <87mw3taxoz.fsf@vigenere.g10code.de> On Tue, 3 Mar 2015 21:29, hans at guardianproject.info said: > * Android will kill apps when it needs to, app lifecycle is automatically managed, > the app has no control over it, and often zero warning is given That is the same as with Linux. Ever heard of the OOM killer? > * Android was not meant to support launching processes from a shell/terminal, > it was there for core debugging, then opened up on demand from devs, but it > is very much a second class citizen to a Java Android app. Why do you want to launch a process from a shell or terminal (actually a shell is just an interpreter which has options to be used on a tty (job control etc.)) > * all apps are child processes of 'zygote' All processes excuted from GPGME are children of init. What is the problem? > * there is no way to install shared libraries to be shared by apps I can't comment on this. > There are other differences as well. And iOS actually works a lot Given that we worked together on adding features to GnuPG and GPGME for use on Android I can't see your point. Given that Android uses a Unix kernel it is much more Unix than Windows or VMS. You are thinking in the context of an application which runs on that Android Unix kernel. That might be indeed limited. However we are hackers and we can find ways to make almost everything work. Shall we sit down and talk about the Android problems? If we can do that close to my place I will be available most of the time. If it is better for you to do it somewhere else, like Berlin, we need a bit more planning. Travel expenses should not be a concern. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Wed Mar 4 11:10:52 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 04 Mar 2015 11:10:52 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> Message-ID: <54F6DA2C.5020607@digitalbrains.com> On 04/03/15 00:55, Hans of Guardian wrote: > [...] what I'm trying to say is that for programming environments > where GPGME does not make sense, there should be the ability to > easily make a native version of what GPGME is doing. Couldn't this be achieved by writing a C program that, for instance, talks via JSON to you, and itself uses GPGME to call the gpg binary? [JSON] [GPGME] I think there is opposition to adding more stuff to the gpg binary. I don't think there is opposition to you writing a program that uses GPGME :). If it's good, it might be picked up for wider inclusion. Since your Java/Python/etc program needs to install gpg anyway, it could install the other C program as well. Packaging and distribution definitely isn't a solved problem, but a separate one from what we are now discussing, so let's not muddle this discussion by including it just now. Peter. PS: When I say "you could write" I mean "someone could write" -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From daniele at grinta.net Wed Mar 4 11:25:23 2015 From: daniele at grinta.net (Daniele Nicolodi) Date: Wed, 04 Mar 2015 11:25:23 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> Message-ID: <54F6DD93.9060203@grinta.net> On 03/03/15 14:29, Hans of Guardian wrote: > It is actually more difficult to wrap GPGME in Java than to have just > rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad > API for other languages. You end up with an API that feels like a C > API forced into the language, e.g. Java, python, etc. That makes for > more coding mistakes because it feels foreign to the programmer. > More mistakes means more security issues. Hello, I have no idea about the Java tooling for interfacing to external libraries, but (after seeing so many complaints on the mailing list) I've recently started to work on Python bindings to GPGME using Cython, and so far it has been an extremely smooth process and the resulting Python API feels quite pythonic (I haven't started with the asynchronous calls yet, those will probably be harder to map in a pythonic way). The fact that writing the bindings is quite easy, is due indeed to the fact that GPGME is a fine API for C (and to Cython to a large extent). Cheers, Daniele From wk at gnupg.org Wed Mar 4 11:36:25 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 11:36:25 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F6D57D.6020903@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 04 Mar 2015 10:50:53 +0100") References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> <87y4ndb0ca.fsf@vigenere.g10code.de> <54F6D57D.6020903@sixdemonbag.org> Message-ID: <87bnk9aw2e.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 10:50, rjh at sixdemonbag.org said: >> I don't known for sure about encrypted mail but it is known that >> https connection information is recorded and stored for future >> attacks: > > Perhaps. Plausible, even, given storage requirements for connection > information. But storing traffic, when 99.999999% of it is good -- > that's ridiculous. That has not been said. From my understanding the FLYING PIG thing is about extracting information from all gathered TLS handshakes. This shall either be used as a tool to decrypt suspicious connections or to research weaknesses in TLS. The authors of the article should be able to explain that more in terms we understand - shall I ask them? > That's no way to live. When people feel like they're under siege they > act like they're under siege. Personal relationships fray. People stop > trusting each other. Happiness plummets. Suffering increases. I fully agree with you on that. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 4 11:48:16 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 11:48:16 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F6D725.9040301@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 04 Mar 2015 10:57:57 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> <54F65598.50100@sixdemonbag.org> <877fuxcfbo.fsf@vigenere.g10code.de> <54F6D725.9040301@sixdemonbag.org> Message-ID: <877fuxavin.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 10:57, rjh at sixdemonbag.org said: > You're looking at FOSS projects that have successfully used GPGME, but Sure. > that doesn't tell you about proprietary projects that have chosen not to > use GPGME. I've had clients refuse to use GPGME because of the > licensing, even under the LGPLv2.1. (Foolish, I know.) Other times And I have had several hints that it was used anyway and violating the license. But that is another story. If there is a compelling reason to change the license, like to increase the adaption of mail encryption, I am willing to consider that. I am able do that for most of the code but there are some practical drawbacks, like the ability to share code between the other libraries. > I've discovered GPGME doesn't support a particular feature I need, like > discovering the default preference lists that are currently in use. Etc. The bug tracker allows to file feature requests ... Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Wed Mar 4 11:51:45 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 04 Mar 2015 11:51:45 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <87bnk9aw2e.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> <87y4ndb0ca.fsf@vigenere.g10code.de> <54F6D57D.6020903@sixdemonbag.org> <87bnk9aw2e.fsf@vigenere.g10code.de> Message-ID: <54F6E3C1.405@sixdemonbag.org> > That has not been said. Not by you, correct. I've heard it from others. From wk at gnupg.org Wed Mar 4 11:59:03 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 11:59:03 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F6DA2C.5020607@digitalbrains.com> (Peter Lebbing's message of "Wed, 04 Mar 2015 11:10:52 +0100") References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <54F6DA2C.5020607@digitalbrains.com> Message-ID: <871tl5av0o.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 11:10, peter at digitalbrains.com said: > > [JSON] > > [GPGME] That already exists: gpgme-tool. It creates output in XML but adding an option for JSON output should be straightforward. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 4 13:00:18 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Mar 2015 13:00:18 +0100 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F5D1E1.5030405@minton.name> (Brian Minton's message of "Tue, 03 Mar 2015 10:23:13 -0500") References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <87mw3y94fj.fsf@alice.fifthhorseman.net> <54F5D1E1.5030405@minton.name> Message-ID: <87mw3t9dm5.fsf@vigenere.g10code.de> On Tue, 3 Mar 2015 16:23, brian at minton.name said: > It breaks mailpile because gpg-agent is not session aware. A user could > be logged in locally, using mailpile, and a remote attacker could access > the web interface of that locally running mailpile instance, which since > it is talking to the same gpg-agent, would think the remote user is How do you distinguish between a remote user and a remote hacker? I use my Gnus MUA most of the time locally, but if need arise I can also login from remote and use the very same process and gpg-agent. It is also questionable what remote means: Client-server is a core principle of Unix and in particular X11. > I think that one solution would be to have mailpile use a per-session > gpg home dir. That is an architectural decision. BTW, gpg-agent has this --extra-socket feature which distinguishes between remote and local use (modulo some discussed changes). It would be easy to extend it in a way that gpg can tell gpg-agent to act as if it was used via --extra-socket. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From steve at secretvolcanobase.org Wed Mar 4 11:52:22 2015 From: steve at secretvolcanobase.org (Steve Jones) Date: Wed, 4 Mar 2015 10:52:22 +0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <54F6D57D.6020903@sixdemonbag.org> References: <54F04EC5.3000107@guardianproject.info> <20150227121834-25258-9117-mailpile@slinky> <50378E65-5560-4AE1-9190-959E4435B40B@guardianproject.info> <54F5DADE.3030507@sixdemonbag.org> <54F5FDF2.5030306@sixdemonbag.org> <2062B95D-BD0D-4756-9CDF-AD785954D595@guardianproject.info> <87y4ndb0ca.fsf@vigenere.g10code.de> <54F6D57D.6020903@sixdemonbag.org> Message-ID: <20150304105222.23996f36@steves-laptop> On Wed, 04 Mar 2015 10:50:53 +0100 "Robert J. Hansen" wrote: > The possibility of *every encrypted communication* being intercepted > and stored for later exploitation ... is not real, and we need to stop > treating it as such. I remember when we used to think this about the NSA or GCHQ taking in every single email that crossed their borders. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From bre at pagekite.net Wed Mar 4 17:21:05 2015 From: bre at pagekite.net (Bjarni Runar Einarsson) Date: Wed, 04 Mar 2015 16:21:05 -0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <87mw3t9dm5.fsf@vigenere.g10code.de> References: <87mw3t9dm5.fsf@vigenere.g10code.de> Message-ID: <20150304162017-26425-11039-mailpile@slinky> Werner Koch wrote: > > > I think that one solution would be to have mailpile use a per-session > > gpg home dir. > > That is an architectural decision. > > BTW, gpg-agent has this --extra-socket feature which distinguishes > between remote and local use (modulo some discussed changes). It would > be easy to extend it in a way that gpg can tell gpg-agent to act as if > it was used via --extra-socket. Hi Werner! In order to use that in current releases of GnuPG, then Mailpile needs to run its own gpg-agent, correct? And in order to use a custom pinentry as discussed elsewhere? Can I run multiple agents off the same keychain, or do I also need to create a separate gpg home dir for each one? I ask, because although current users of GnuPG are proportionally very few, they are still a group I consider important. I expect many such users to become quite annoyed if Mailpile doesn't integrate cleanly with their existing keychain. Regarding other topics broached on this thread, I think it is very interesting to hear that GPGME is basically the "official" implementation of something that wraps the gpg binary. I hadn't looked deeply enough into GPGME to be aware of this. I will probably take a peek at the GPGME source to see if I missed some more elegant ways to solve things. In particular, both generating keys and editing the UID list on a key are quite gross in Mailpile's wrapper and I wonder if GPGME offers a better implementation? GPGME proponents will be frustrated to hear that this knowledge actually makes me feel much better about Mailpile's decision to wrap gpg directly: it means I've removed two layers of abstraction between my code and gpg! Win! Although supposedly such layers are supposed to help developers (and people will continue to accuse me of NIH and whatnot), in my experience on other projects, they've more often than not been sources of additional architectural constraints and bugs of their own. OpenSSL wrapper libraries for Python are a prime example, for one. More code: more bugs. This is one of the reasons having a native "protocol" such as JSON or Assuan in the gpg binary itself (or the gpg-agent if things move there) appeals to me so much. With a well designed protocol, wrapper libraries almost become unnecessary and layers and layers of code can just be stripped away and discarded. Consider that with a protocol approach, new features in gpg become available immediately to all applications speaking the protocol. With two layers of wrappers, we have to wait for GPGME to get updated and THEN wait for the Python wrappers to get updated. We're all overworked, so removing layers that need to be kept up-to-date and in lockstep is a hugely valuable investment. A well defined protocol also has the potential to eliminate mountains of platform-specific hacks - if you can talk to the protocol server, things work, no matter whether it's a fifo in the file system, stdio or a TCP/IP connection to a remote box. So people can choose the transport that best suits their platform and just get on with "real work". Anyway, I'm very glad this discussion is taking place. In my opinion, if GnuPG wants to be a platform other apps can build on, these interfaces matter a great deal. Whether there are hacks or workarounds is kind of irrelevant; if developers are unhappy they'll just go develop something else. This stuff matters. Thanks for the comments, - Bjarni -- Sent using Mailpile, Free Software from www.mailpile.is -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: OpenPGP Digital Signature URL: From paulo at mlopes.net Wed Mar 4 20:14:14 2015 From: paulo at mlopes.net (Paulo Lopes) Date: Wed, 4 Mar 2015 20:14:14 +0100 (CET) Subject: where can one find an official gnupg project statement on the state of sub project? Message-ID: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> Hello, I am a active use of gnupg and gnupg smart card, and unfortunately my OSS contributions are to other projects where I do have more experience so I totally understand any reply to my question. Currently I use: * gnupg * gnupg2 * poldi And did use: * scute It turns out that gnupg and gnupg2 are live and kicking, however the other 2 projects seem to be dorment for long time without any updates. I do use poldi as a pam because it allows me to setup SUDO not using the sudoers file but using my gnupg card. Now until recently I've been mostly developing in Debian and Ubuntu but more recently I needed to upgrade my development environments to Fedora and openSUSE. In these 2 distros there is no official packages for poldi. After a quick search on google it turns out that poldi has been removed in the latest openSUSE releases and fedora has no maintainer for it. Maybe the reason for dropping poldi was due to build issues that have already been fixed on git master? master was updated 9 months ago but the latest release 0.4.1 is 6 years old. Same for scute however i did stop using it. Now that there seems to be some extra momentum in the project with the amazing funding campaign, what are the plans for the sub projects? And in the case that poldi is not going to be develop, are there any recommended alternatives? Thanks! Paulo From mailing-lists at asatiifm.net Wed Mar 4 21:19:46 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Wed, 04 Mar 2015 22:19:46 +0200 Subject: Thoughts on GnuPG and automation In-Reply-To: <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> Message-ID: <54F768E2.9030403@asatiifm.net> On 04.03.15 01:55, Hans of Guardian wrote: > In Android, you can't really have shared libraries. Apps share functionality at a higher level (aka Activities and Services). Qt applications can share Qt libraries [1] with an external dependency called Ministro [2]. [1]: http://doc.qt.io/qtcreator/creator-deploying-android.html [2]: https://play.google.com/store/apps/details?id=org.kde.necessitas.ministro -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Wed Mar 4 22:04:52 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Wed, 04 Mar 2015 23:04:52 +0200 Subject: Thoughts on GnuPG and automation In-Reply-To: <20150304162017-26425-11039-mailpile@slinky> References: <87mw3t9dm5.fsf@vigenere.g10code.de> <20150304162017-26425-11039-mailpile@slinky> Message-ID: <54F77374.6000504@asatiifm.net> On 04.03.15 18:21, Bjarni Runar Einarsson wrote: > GPGME proponents will be frustrated to hear that this knowledge actually > makes me feel much better about Mailpile's decision to wrap gpg > directly: it means I've removed two layers of abstraction between my > code and gpg! Win! Although supposedly such layers are supposed to help > developers (and people will continue to accuse me of NIH and whatnot), > in my experience on other projects, they've more often than not been > sources of additional architectural constraints and bugs of their own. Separation of concerns. Separating different, sufficiently unrelated, functionality into their own layer / process / service can be just as beneficial as on a normal *NIX using multiple processes to achieve a given task. I.e. the so called "UNIX philosophy" [1]. > OpenSSL wrapper libraries for Python are a prime example, for one. More > code: more bugs. Implementing something in one monolithic binary instead of two or more separate binaries does not necessarily mean much more code. We can always screw up wherever the functionality is. > This is one of the reasons having a native "protocol" such as JSON or > Assuan in the gpg binary itself (or the gpg-agent if things move there) > appeals to me so much. I'm not taking sides one way or the other right now on this one? > With two layers of wrappers, we have to wait for GPGME to get updated > and THEN wait for the Python wrappers to get updated. With separate layers they can be updated separately. There is no need for every single GPG user to update the binary if a change in some layered feature needs to be updated. If features live in a separate layer, certainly there needs to be some coordination and care that a change does not break some dependant layer. But that's not really anything new and one needs to always be careful with such things whether with monolithic and modular binaries alike. > A well defined protocol also > has the potential to eliminate mountains of platform-specific hacks So it has. [1]: https://en.wikipedia.org/wiki/Unix_philosophy -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Wed Mar 4 22:09:03 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Wed, 04 Mar 2015 23:09:03 +0200 Subject: Thoughts on GnuPG and automation In-Reply-To: <877fuxavin.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> <54F65598.50100@sixdemonbag.org> <877fuxcfbo.fsf@vigenere.g10code.de> <54F6D725.9040301@sixdemonbag.org> <877fuxavin.fsf@vigenere.g10code.de> Message-ID: <54F7746F.80204@asatiifm.net> On 04.03.15 12:48, Werner Koch wrote: >> that doesn't tell you about proprietary projects that have chosen not to >> > use GPGME. I've had clients refuse to use GPGME because of the >> > licensing, even under the LGPLv2.1. (Foolish, I know.) Other times > And I have had several hints that it was used anyway and violating the > license. But that is another story. > > If there is a compelling reason to change the license, like to increase > the adaption of mail encryption, I am willing to consider that. I am > able do that for most of the code but there are some practical > drawbacks, like the ability to share code between the other libraries. > I'd rather not have a license changed off copyleft. -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Mar 5 10:34:16 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 05 Mar 2015 10:34:16 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> (Paulo Lopes's message of "Wed, 4 Mar 2015 20:14:14 +0100 (CET)") References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> Message-ID: <87oao77ppj.fsf@vigenere.g10code.de> On Wed, 4 Mar 2015 20:14, paulo at mlopes.net said: > It turns out that gnupg and gnupg2 are live and kicking, however the other 2 > projects seem to be dorment for long time without any updates. Right I have not looked at scrute and poldi for a long time. There seems to be not enough interest. However, I think that gniibe is maintaining them for Debian. > Maybe the reason for dropping poldi was due to build issues that have already > been fixed on git master? master was updated 9 months ago but the latest release > 0.4.1 is 6 years old. Same for scute however i did stop using it. Do you think we should do a new release for poldi? > Now that there seems to be some extra momentum in the project with the amazing > funding campaign, what are the plans for the sub projects? Working on GnuPG 2.1 has top prioroty right now. If there is enough interest in Poldi, the development shoudl be taken up again. Is there? Regarding Scute, I expect that we will start to work on it again in ralation to Thunderbird. I know of at least one project which plans to start working on Thunderbird. I'll put a note into the Wiki. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From pmlopes at gmail.com Thu Mar 5 11:33:00 2015 From: pmlopes at gmail.com (Paulo Lopes) Date: Thu, 5 Mar 2015 11:33:00 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: <87oao77ppj.fsf@vigenere.g10code.de> References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> <87oao77ppj.fsf@vigenere.g10code.de> Message-ID: On Thu, Mar 5, 2015 at 10:34 AM, Werner Koch wrote: > On Wed, 4 Mar 2015 20:14, paulo at mlopes.net said: > > > It turns out that gnupg and gnupg2 are live and kicking, however the > other 2 > > projects seem to be dorment for long time without any updates. > > Right I have not looked at scrute and poldi for a long time. There > seems to be not enough interest. However, I think that gniibe is > maintaining them for Debian. > > > Maybe the reason for dropping poldi was due to build issues that have > already > > been fixed on git master? master was updated 9 months ago but the latest > release > > 0.4.1 is 6 years old. Same for scute however i did stop using it. > > Do you think we should do a new release for poldi? > If I could suggest something else, what about having official packages, say: * official ppa for ubuntu * official rpm for RHEL/Centos/Fedora/SUSE * official Arch AUR Of course this is quite some work and lots of distros are not here but for example this would mean that gnupg users would always have an official build unlike for example: as of today (March 5, 2015) ubuntu 14.04 LTS is still offering gnupg 1.4.16 even though there have been security issues fixed in 1.4.17, 1.4.18 and 1.4.19. In a way a uninformed user that is under the impression that gnupg is secure due to the fact that the distro he/she uses does not update the packages in time is using vulnerable software while the project has already issued security fixes long time ago... Again this is just an idea that requires quite some work and thought... > > Now that there seems to be some extra momentum in the project with the > amazing > > funding campaign, what are the plans for the sub projects? > > Working on GnuPG 2.1 has top prioroty right now. If there is enough > interest in Poldi, the development shoudl be taken up again. Is there? > > Regarding Scute, I expect that we will start to work on it again in > ralation to Thunderbird. I know of at least one project which plans to > start working on Thunderbird. > > I'll put a note into the Wiki. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Paulo Lopes www.jetdrone.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From philip.jackson at nordnet.fr Thu Mar 5 13:22:24 2015 From: philip.jackson at nordnet.fr (Philip Jackson) Date: Thu, 05 Mar 2015 13:22:24 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> <87oao77ppj.fsf@vigenere.g10code.de> Message-ID: <54F84A80.3020604@nordnet.fr> On 05/03/15 11:33, Paulo Lopes wrote: > If I could suggest something else, what about having official packages, say: > > * official ppa for ubuntu > * official rpm for RHEL/Centos/Fedora/SUSE > * official Arch AUR > > Of course this is quite some work and lots of distros are not here but for > example this would mean that gnupg users would always have an official build > unlike for example: > > as of today (March 5, 2015) ubuntu 14.04 LTS is still offering gnupg 1.4.16 even > though there have been security issues fixed in 1.4.17, 1.4.18 and 1.4.19. In a > way a uninformed user that is under the impression that gnupg is secure due to > the fact that the distro he/she uses does not update the packages in time is > using vulnerable software while the project has already issued security fixes > long time ago... > > Again this is just an idea that requires quite some work and thought... Wow .... at last someone has said it. What a good idea !! For gnupg 2.1.2 as well ... This might encourage distros to be a little more adventurous and also spread the workload from distro maintainers to include other volunteers. At present, the concensus of many threads is that encryption in general is just too difficult for the average email user to use willingly and successfully. The 'average email user' just has his burden increased exponentially if he has to build everything from source as well in order to follow the progress of the 'industry'. Philip -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Thu Mar 5 15:10:25 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 05 Mar 2015 15:10:25 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> <87oao77ppj.fsf@vigenere.g10code.de> Message-ID: <54F863D1.3010706@digitalbrains.com> On 05/03/15 11:33, Paulo Lopes wrote: > as of today (March 5, 2015) ubuntu 14.04 LTS is still offering gnupg > 1.4.16 even though there have been security issues fixed in 1.4.17, > 1.4.18 and 1.4.19. In a way a uninformed user that is under the > impression that gnupg is secure due to the fact that the distro > he/she uses does not update the packages in time is using vulnerable > software while the project has already issued security fixes long > time ago... I think you'll find that many distributions in fact backport security fixes. Especially if they amount to more than a DoS. Debian, for instance, has a policy to try and avoid new versions of software in their stable version, favouring backporting fixes. Why do you think an "official" (wouldn't be my words) package maintained by an official GnuPG upstream, for instance, would be better than what dkg does for Debian, for instance? Which distribution's packaging are you dissatisfied with particularly, and shouldn't you take this up with the maintainers of the package rather than asking here for a different package for your distro? I think sticking with your distribution's repository offers many advantages: it works out of the box, you get security updates without having to enter an additional repository in your package management, and it leaves time for upstream GnuPG to focus on their software, leaving packaging, and for instance packaging policy changes in a distribution, to other people. Plus, a fair number of distributions use GnuPG to authenticate the software in their repository. It's part of the very core of the distribution. It needs to be in the main repository, it needs to receive security fixes. If you feel the packaging of GnuPG is lacking in your distribution, you should definitely take that up with the maintainers there. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From robert.deroy at mail.ru Wed Mar 4 12:29:47 2015 From: robert.deroy at mail.ru (=?UTF-8?B?Um9iZXJ0IERlcm95?=) Date: Wed, 04 Mar 2015 14:29:47 +0300 Subject: =?UTF-8?B?Z3BnIGluIGEgY3liZXJjYWbDqQ==?= Message-ID: <1425468587.871457089@f386.i.mail.ru> Good Morning. Sorry, because my english is not very good. How could i do for use gpg on a usb key, because i have no computer, i only go in cybercaf?. I want to use the last version, 2.1.1, with gpa. Thank you very much for your answer. Robert Deroy -------------- next part -------------- An HTML attachment was scrubbed... URL: From js-gnupg-users at webkeks.org Thu Mar 5 18:30:45 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Thu, 5 Mar 2015 18:30:45 +0100 Subject: gpg in a =?ISO-8859-1?Q?cybercaf=E9?= In-Reply-To: <1425468587.871457089@f386.i.mail.ru> References: <1425468587.871457089@f386.i.mail.ru> Message-ID: <20150305183045.0a84427bb224d379f41d4152@webkeks.org> On Wed, 04 Mar 2015 14:29:47 +0300, Robert Deroy wrote: > How could i do for use gpg on a usb key, because i have no computer, i only go in cybercaf?. > > I want to use the last version, 2.1.1, with gpa. I woudl recommend to boot off a Tails USB stick, as everything else would be way too risky in a public place. Don't even think about just running the executable on some system! Tails is - as far as I know - the only system designed to still provide security in the environment of a caf?. It goes so far as so try to wipe the memory when you shut down. And here's the catch: It comes with GnuPG - but GnuPG 2.0.x AFAIK. Are you positive you absolutely need 2.1? The main reason to require 2.1 is to use ECC, I guess. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available URL: From dgouttegattat at incenp.org Thu Mar 5 19:26:09 2015 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Thu, 05 Mar 2015 19:26:09 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: <87oao77ppj.fsf@vigenere.g10code.de> References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> <87oao77ppj.fsf@vigenere.g10code.de> Message-ID: <54F89FC1.8040700@incenp.org> On 03/05/2015 10:34 AM, Werner Koch wrote: > Regarding Scute, I expect that we will start to work on it again in > ralation to Thunderbird. I know of at least one project which plans to > start working on Thunderbird. Well, if you plan to work on Scute and release a new version, please consider applying your own patch for support of TLS 1.2. You posted that patch on the gnupg-devel list some months ago [1], but it never made its way to the public repository. This patch is not only useful for TLS 1.2, it also makes Scute work with Thunderbird to apply S/MIME signatures to emails, and even with LibreOffice to sign OpenDocument files (well, with LibreOffice it only works if the card PIN has already been verified; otherwise LibreOffice crashes, but I don?t think this is Scute?s fault). And although I didn?t have the chance to test, I suspect that with this patch, Scute could also work with GNOME Evolution. May I remind you also of a patch I posted in january [2], which fixes a bug that caused Scute to fail to sign anything in some occasions (only when used with GnuPG 2.1, not 2.0). Damien [1] http://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028750.html [2] http://lists.gnupg.org/pipermail/gnupg-devel/2015-January/029440.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rpuls at kcore.de Thu Mar 5 22:34:14 2015 From: rpuls at kcore.de (=?UTF-8?B?UmVuw6k=?= Puls) Date: Thu, 5 Mar 2015 22:34:14 +0100 Subject: Decrypting PGP/MIME on the command line References: <874mq4k0em.fsf@vigenere.g10code.de> <87sido9tr4.fsf@alice.fifthhorseman.net> Message-ID: On Mon, 2 Mar 2015 16:40:11 +0100 Ren? Puls wrote: > > A tool that transforms an OpenPGP encrypted+signed MIME message into > > an OpenPGP-signed MIME message while retaining the original > > signature would be a really nice tool to have. > > I will post here if I manage to come up with something useful. :-) Here is my first attempt (Python 3.4 and GPGME bindings required): https://github.com/kianga/pgpmime Needless to say, this is HIGHLY EXPERIMENTAL ? use at your own risk, and keep backups of your e-mails! However, any feedback, patches or pull requests are appreciated. Current limitations: - Tested against PGP/MIME encrypted messages created by Claws Mail only - Does not handle inline PGP encrypted messages at all More details are in the README. To my surprise, it does seem to preserve signatures, but only if they are not part of the encrypted message itself, but rather a separate attachment inside the message. It also does some strange things with the MIME structure: the resulting message is a multipart/mixed with a single sub-part. My Claws Mail will display this like any other message, but I have not tested it with other mail clients yet. Again, feedback is welcome, and please make backups. :-) Ren? From flapflap at riseup.net Thu Mar 5 23:27:36 2015 From: flapflap at riseup.net (flapflap) Date: Thu, 05 Mar 2015 22:27:36 +0000 Subject: gpg in a =?windows-1252?Q?cybercaf=E9?= In-Reply-To: <20150305183045.0a84427bb224d379f41d4152@webkeks.org> References: <1425468587.871457089@f386.i.mail.ru> <20150305183045.0a84427bb224d379f41d4152@webkeks.org> Message-ID: <54F8D858.7080307@riseup.net> Jonathan Schleifer: > On Wed, 04 Mar 2015 14:29:47 +0300, Robert Deroy wrote: > >> How could i do for use gpg on a usb key, because i have no computer, i only go in cybercaf?. >> >> I want to use the last version, 2.1.1, with gpa. > > I woudl recommend to boot off a Tails USB stick, as everything else would be way too risky in a public place. Don't even think about just running the executable on some system! Tails is - as far as I know - the only system designed to still provide security in the environment of a caf?. It goes so far as so try to wipe the memory when you shut down. FWIW: Tails https://tails.boum.org/ Despite Tails' aim to protect its users and their communication, you would still put a lot of trust in other people when using it in an internet caf? and Tails could not protect you. A simple thing an attacker (evil internet caf? owner, previous users) could do is to install a keylogger or another hardware implant in the computer that you cannot see. The attacker could then easily record your keystrokes when you type in the passphrase to your key. As a countermeasure, Tails also ships with Florence [0], a virtual keyboard that you can use to type instead of the hardware keyboard. But even if you use the virtual keyboard, there could be a camera behind you watching your screen (and keystrokes), or the cable from the computer to the monitor could split the signals to a video recorder or other implants inside the monitor. Personally, I'd rather ask a close and trustworthy friend whether I could use their computer instead of an internet caf?, library, or other publicly accessible location where I don't know the people behind. But of course, there may be situations where these are the only options. > And here's the catch: It comes with GnuPG - but GnuPG 2.0.x AFAIK. Are you positive you absolutely need 2.1? The main reason to require 2.1 is to use ECC, I guess. The current version (1.3) of Tails comes with GnuPG 1.4.12. However, if you require a more/the most recent GnuPG you could build/install it manually but it requires some additional steps: - You can /download and verify/ the Tails ISO image [1] and then burn it onto a DVD [2]. - You can now boot Tails from the DVD. - When it has booted you can plug in a USB stick (>=4GB) and use the small tool /Tails Installer/ [3] to copy the image from the DVD to the USB stick. - Shutdown, remove the DVD from the DVD drive, and boot from the USB stick. - Tails offers a /persistence feature/ [4] which is an encrypted volume using the remaining space of the USB stick (so there is the plain unencrypted Tails installation and an encrypted partition). When you reboot from the USB stick/SD Card with enabled persistence feature, the welcome screen /Tails Greeter/ lets you enter the passphrase to unlock the persistent volume. _Unfortunately, it is not possible to enter the passphrase using Florence here_! - In your home directory, there's now a directory "Persistent" that is stored in the encrypted volume and the data you put there stay there even when you reboot Tails (but not on outside directories). As next steps you would install tools needed to build GnuPG, download and verify the GnuPG sources, and build your GnuPG. - In /Tails Greeter/ you can set a root password, so you can `sudo apt-get install gcc binutils' and all the other build tools and libraries afterwards. You can even install these additional software packages [5] on every session (though it is an experimental feature and not presented in the assistants). - Then you can download the GnuPG sources to your ~/Persistent directory, verify the signature, and build GnuPG. If you have further questions regarding Tails, you can read the documentation [6] (there's a lot of it!) or write an email to their mailing lists tails-support-private at boum.org [7] (private/non-public) tails-support at boum.org [7] (public) HTH, ~flapflap [0] https://tails.boum.org/doc/encryption_and_privacy/virtual_keyboard/index.en.html [1] https://tails.boum.org/download/index.en.html [2] https://tails.boum.org/doc/first_steps/dvd/index.en.html [3] https://tails.boum.org/doc/first_steps/installation/index.en.html [4] https://tails.boum.org/doc/first_steps/persistence/index.en.html [5] https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html#index14h2 [6] https://tails.boum.org/doc/index.en.html [7] https://tails.boum.org/support/index.en.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From htd+ml at fritha.org Fri Mar 6 09:12:42 2015 From: htd+ml at fritha.org (Heinz Diehl) Date: Fri, 6 Mar 2015 09:12:42 +0100 Subject: gpg in a =?iso-8859-1?Q?cybercaf=E9?= In-Reply-To: <1425468587.871457089@f386.i.mail.ru> References: <1425468587.871457089@f386.i.mail.ru> Message-ID: <20150306081242.GB1899@fritha.org> On 05.03.2015, Robert Deroy wrote: > How could i do for use gpg on a usb key, because i have no computer, i only go in cybercaf?. Don't do it, it's not safe. In case you're allowed to boot from an external medium, this still won't be secure. Because you have no control over the hardware built into the computer, a keylogger could read your input (read: passphrase), and somebody else with remote access could copy your secret key. After all, it boils down to what your thread model is, and how much unsecurity you can live with. If your data is crucial: don't do it. From wk at gnupg.org Fri Mar 6 11:05:18 2015 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Mar 2015 11:05:18 +0100 Subject: gpg in a =?utf-8?Q?cybercaf=C3=A9?= In-Reply-To: <20150306081242.GB1899@fritha.org> (Heinz Diehl's message of "Fri, 6 Mar 2015 09:12:42 +0100") References: <1425468587.871457089@f386.i.mail.ru> <20150306081242.GB1899@fritha.org> Message-ID: <87egp24f1d.fsf@vigenere.g10code.de> On Fri, 6 Mar 2015 09:12, htd+ml at fritha.org said: > In case you're allowed to boot from an external medium, this still won't be > secure. Because you have no control over the hardware built into the computer, Does not even need to be hardware: A (remotely) modified firmware might first boot you into a virtual machine and only then boot the OS from disk or USB. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From felix.klee at inka.de Fri Mar 6 13:50:22 2015 From: felix.klee at inka.de (Felix E. Klee) Date: Fri, 6 Mar 2015 12:50:22 +0000 Subject: Trezor - Could this be the model for a PGP crypto device? Message-ID: Yesterday in Las Palmas de Gran Canaria, I attended a [talk][1] by Marek Palatinus, one of the relatively early Bitcoin miners and cofounder of [SatoshiLabs][2]. He gave an introduction to his path into Bitcoin, and things that went wrong, and then he presented the [Trezor][3] crypto device. The Trezor has a little display and two buttons. It generates and stores your private key which is used for identifying your address in the Bitcoin network. The Bitcoins that you own are associated with your address. Connected via USB to a computer, the Trezor signs Bitcoin transactions. Marek later explained to me that the Bitcoin crypto standard is different from those used with PGP. After the talk, I hammered him with questions: * What if I lose the device or if it breaks? For backup, the device presents a list of 24 English words, that the user should write down and keep on paper in a safe place. Using this list, the private key can be recreated. * What if Eve wants to access the device without my authorization? There is a PIN. * How is the key generated? With an RNG on the device, using entropy gathered from the connected computer. * There?s no PIN pad on the device; Couldn?t malware sniff the PIN? The device has a little screen that displays a matrix of nine numbers. On the computer?s screen appears the same matrix without numbers, and one clicks on these with the mouse. * Do I have to enter the PIN for every transaction? Only once, then the device remains activated. * Once the device is activated, couldn?t malware do arbitrary transactions? For every transaction there is information displayed on the device?s display, and it has to be confirmed with the press of a button on the device. * Can I trust the firmware? [Source code][4] is available. Users can check the code, compile it, and flash their own version. * What if Eve modifies the firmware in a malignant way and flashs it to the device? Flashing unsigned firmware causes the private key to be erased by the bootloader. * Can I trust the bootloader? Source code is available as well. Of course there could still be backdoors. However, at the moment I cannot see what can be done better, other than building your own hardware, ideally down to chip manufacturing level. [1]: http://www.meetup.com/lpa-tech/events/220413356/ [2]: http://satoshilabs.com/ [3]: http://satoshilabs.com/trezor/ [4]: https://github.com/trezor/ From michard.antoine at gmail.com Fri Mar 6 14:05:42 2015 From: michard.antoine at gmail.com (Antoine Michard) Date: Fri, 6 Mar 2015 14:05:42 +0100 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: References: Message-ID: Hi Felix, I've got one of this device ! Work like a charm ! Love the idea that everything was encrypt inside of the device, nothing on the computer. Try to restore my wallet, again no problem !!! I will love to see one of this device for PGP. I'm thinking to use a smartcard inside Gemalto K50 but on a computer without GPG is useless... Same thing about NitroKeys Last thing: For Trezor, you have to install a bridge compatible on Windows, MacOSX and Linux. Of course, source code is available: https://github.com/trezor/trezord 2015-03-06 13:50 GMT+01:00 Felix E. Klee : > Yesterday in Las Palmas de Gran Canaria, I attended a [talk][1] by Marek > Palatinus, one of the relatively early Bitcoin miners and cofounder of > [SatoshiLabs][2]. He gave an introduction to his path into Bitcoin, and > things that went wrong, and then he presented the [Trezor][3] crypto > device. > > The Trezor has a little display and two buttons. It generates and stores > your private key which is used for identifying your address in the > Bitcoin network. The Bitcoins that you own are associated with your > address. Connected via USB to a computer, the Trezor signs Bitcoin > transactions. > > Marek later explained to me that the Bitcoin crypto standard is > different from those used with PGP. > > After the talk, I hammered him with questions: > > * What if I lose the device or if it breaks? For backup, the device > presents a list of 24 English words, that the user should write down > and keep on paper in a safe place. Using this list, the private key > can be recreated. > > * What if Eve wants to access the device without my authorization? > There is a PIN. > > * How is the key generated? With an RNG on the device, using entropy > gathered from the connected computer. > > * There?s no PIN pad on the device; Couldn?t malware sniff the PIN? > The device has a little screen that displays a matrix of nine > numbers. On the computer?s screen appears the same matrix without > numbers, and one clicks on these with the mouse. > > * Do I have to enter the PIN for every transaction? Only once, then > the device remains activated. > > * Once the device is activated, couldn?t malware do arbitrary > transactions? For every transaction there is information displayed > on the device?s display, and it has to be confirmed with the press > of a button on the device. > > * Can I trust the firmware? [Source code][4] is available. Users can > check the code, compile it, and flash their own version. > > * What if Eve modifies the firmware in a malignant way and flashs it > to the device? Flashing unsigned firmware causes the private key to > be erased by the bootloader. > > * Can I trust the bootloader? Source code is available as well. > > Of course there could still be backdoors. However, at the moment I > cannot see what can be done better, other than building your own > hardware, ideally down to chip manufacturing level. > > [1]: http://www.meetup.com/lpa-tech/events/220413356/ > [2]: http://satoshilabs.com/ > [3]: http://satoshilabs.com/trezor/ > [4]: https://github.com/trezor/ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Antoine Michard -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Fri Mar 6 17:45:46 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 06 Mar 2015 17:45:46 +0100 Subject: where can one find an official gnupg project statement on the state of sub project? In-Reply-To: <54F84A80.3020604@nordnet.fr> References: <18364009.16951.1425496454366.JavaMail.open-xchange@app1.ox.privateemail.com> <87oao77ppj.fsf@vigenere.g10code.de> <54F84A80.3020604@nordnet.fr> Message-ID: <54F9D9BA.4050803@sixdemonbag.org> > Wow .... at last someone has said it. What a good idea !! For gnupg > 2.1.2 as well ... I think this is a bad idea. Third-party software repositories are beyond the capabilities of many users, particularly casual ones. Their distro came with certain repositories pre-configured. So for us to say, "oh, and by the way, you need to add this new third-party distro, and then do these steps to replace your old distro-provided package with a new one," runs smack in the face of > At present, the [consensus] of many threads is that encryption in > general is just too difficult for the average email user to use > willingly and successfully. The 'average email user' just has his > burden increased exponentially if he has to build everything from > source as well in order to follow the progress of the 'industry'. We're not going to make things better by demanding casual users develop even more skills. From gniibe at fsij.org Sat Mar 7 01:44:56 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Sat, 07 Mar 2015 09:44:56 +0900 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: References: Message-ID: <54FA4A08.50006@fsij.org> On 03/06/2015 09:50 PM, Felix E. Klee wrote: > Marek later explained to me that the Bitcoin crypto standard is > different from those used with PGP. Do you mean the curve of secp256k1? GnuPG modern 2.1.x with development version of libgcrypt support secp256k1. Development version of Gnuk also supports secp256k1. It was introduced to GnuPG and Gnuk, so that we can sign the transactions of Bitcoin with GnuPG (and using Gnuk Token, if you have). That was the intention. I also asked Kristian for SKS server. And the support was added. I considered some enhancement to existing Bitcion client (such as Electrum), so that it can ask signing to GnuPG. However, nothing more happened beyond these lower level implementation enhancement. Perhaps, there wouldn't be enough demand (other than my own hack value). I had to stop my development for Bitcoin, because of infamous "BITTOKOIN" fraud in Japan. After all, their customers had no idea about controlling their own private keys and their computation by themselves, it could never be the potential market of Gnuk Token (or GnuPG). ... and I think that there is some interoperability issue(s) for handling of secp256k1 key in GnuPG implementation which doesn't support the specific curve (or ECC at all) and/or some? keyservers. I got report that my key on keyservers are huge, and it seems because of the subkey of secp256k1. I haven't examined the detail of this issue yet, and I don't know the cause of this trouble. So, I never recommend to join the experiment of secp256k1, now. If some people still want this direction, a person can check my subkey of secp256k1 (available in keyservers) with GnuPG modern and development version of libgcrypt. Then, he can see my Bitcoin address by a tool I posted last year (gpgkey2bc) [0]. And if he really wish to do so, he can send some Bitcoin to that address. When the amount of Bitcoin into the specific address will be much, it will be perhaps enough pressure to move my development to this area, back again. Well, I don't believe the device with good UI, in general. UI is (or can be) most complex component in a system. If there is a better UI, it means (for me, at least) that the system is more complex to make audit more difficult. And, in general, the hardware (MCU) requirement from good UI is rather bigger than the one from ECC itself. If a system will have a much power, power will corrupt. We could learn from the architecture of phone (with better UI). [0] gpgkey2bc: Generating address of Bitcoin from public key: https://lists.gnupg.org/pipermail/gnupg-devel/2014-January/028147.html -- From dsaklad at gnu.org Sat Mar 7 03:05:10 2015 From: dsaklad at gnu.org (Don Saklad) Date: Fri, 06 Mar 2015 21:05:10 -0500 Subject: Anything that just works easily for folks?... without knowing this stuff. Message-ID: <5i8uf9o949.fsf@fencepost.gnu.org> Anything that just works easily for folks?... without knowing this stuff. From clif at eugeneweb.com Sat Mar 7 05:12:24 2015 From: clif at eugeneweb.com (Mr. Clif) Date: Fri, 06 Mar 2015 20:12:24 -0800 Subject: A beautiful banker woman talks about the failed war on drugs in Latin America Message-ID: <54FA7AA8.3080103@eugeneweb.com> She is on some global council to change drug policy: http://www.ted.com/talks/ilona_szabo_de_carvalho_4_lessons_i_learned_from_taking_a_stand_against_drugs_and_gun_violence#t-380552 Clif From felix.klee at inka.de Sat Mar 7 16:09:43 2015 From: felix.klee at inka.de (Felix E. Klee) Date: Sat, 7 Mar 2015 15:09:43 +0000 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: <54FA4A08.50006@fsij.org> References: <54FA4A08.50006@fsij.org> Message-ID: On Sat, Mar 7, 2015 at 12:44 AM, NIIBE Yutaka wrote: > Well, I don't believe the device with good UI, in general. It?s not about the UI being pretty. What I like about Trezor is that it?s small yet has basically an external PIN pad, and every transaction has to be confirmed by the push of a button. So, unless there are backdoors (which also could be at chip level) or bugs, malware cannot sniff the PIN nor can it do unattended transactions. From jackyalcine at gmail.com Sat Mar 7 09:04:44 2015 From: jackyalcine at gmail.com (Jacky Alcine) Date: Sat, 07 Mar 2015 03:04:44 -0500 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <5i8uf9o949.fsf@fencepost.gnu.org> References: <5i8uf9o949.fsf@fencepost.gnu.org> Message-ID: <1633638.HTNhLanb3K@stark> On Friday, March 06, 2015 09:05:10 PM Don Saklad wrote: > Anything that just works easily for folks?... without knowing this stuff. What?s ?this? stuff? -- Jacky Alcine https://jacky.wtf -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From matt at mattrude.com Sat Mar 7 21:56:17 2015 From: matt at mattrude.com (Matt Rude) Date: Sat, 07 Mar 2015 14:56:17 -0600 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <5i8uf9o949.fsf@fencepost.gnu.org> References: <5i8uf9o949.fsf@fencepost.gnu.org> Message-ID: <54FB65F1.6040505@mattrude.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/6/2015 8:05 PM, Don Saklad wrote: > Anything that just works easily for folks?... > without knowing this stuff. I think were going to need a bit more to go on. What are you trying to do? - -Matt -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJU+2XwAAoJECcUOv/dI79zRhUQAIxD0a5Hi17KNlvwXES5l8m4 c9bI7YUZiZhrr3sHZMtgI6MSUx2XG0o8oFRL+bJpmakhIuJ7Zu3P4Zhi6NPPeRVQ 5CHMBobjBqZrlcvMHSyPtkDaSL6EFXmeIB0Is8bujv2on1sZ3LgiIbl9Bh5CesiU uC8+fdAjgHS4lWNggkcizlp6wr3Qvi3eNJ+YrGyVkwECRZ3X2mBnFTlvDUfoMAv2 a4RNHI42xHeMR14Ss5Bx2Lp2oB6G0qGCEEVRxMb9B+MYjfF/sw47rNK9esuWhWN9 Wv7TQGhosoQ8/aMrXMbUag9IRdoyxRgdG4jhavYvYLZ/PsM5BjC7z3HA9xzF9+uS GwWm/MgDJcTMAiN1cXUSBAUcGJ88koNWygz5zSn4rQ71BlmbzrWVE+gAYNodlRBt Hp1hHJybFgh8ebPp9pEJ98hlRttyg7YgVqsARSMHEZMheWF0zr4YUiLfpxfhtAK1 uFcw8q3/SR4CYICBjeMT/7lqKlJuurnj17mKJrFMICDb6Xi2g6opaPdhLIT/OWdr 0NYEeVeTY+Dh/l8bUhmncNB06FXIDxJtMuFRZwm+dQi6pZqLKEtDPpDg65s11rGj hdOHTZf3B3U+s4z4mA+q6zsbl9YkSp2aDmqLNjpBKgOOB8+GrLBgGLOCdV/EmCUQ jfHbsZLIVckBJLirKEUH =GAH7 -----END PGP SIGNATURE----- From jeandavid8 at verizon.net Sat Mar 7 20:38:30 2015 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Sat, 07 Mar 2015 14:38:30 -0500 Subject: gpg in a =?ISO-8859-1?Q?cybercaf=E9?= In-Reply-To: <87egp24f1d.fsf@vigenere.g10code.de> References: <1425468587.871457089@f386.i.mail.ru> <20150306081242.GB1899@fritha.org> <87egp24f1d.fsf@vigenere.g10code.de> Message-ID: <54FB53B6.7060606@verizon.net> On 03/06/2015 05:05 AM, Werner Koch wrote: > On Fri, 6 Mar 2015 09:12, htd+ml at fritha.org said: > >> In case you're allowed to boot from an external medium, this still won't be >> secure. Because you have no control over the hardware built into the computer, > > Does not even need to be hardware: A (remotely) modified firmware might > first boot you into a virtual machine and only then boot the OS from > disk or USB. > > I built a virtual machine once. I had a computer with no memory management hardware. And I had a FORTRAN compiler for it that worked pretty well, but if I wrote too many EQUIVALENCE statements, the computer crashed. A FORTRAN compiler is pretty big and inspecting all its code was out of the question. I wrote a program for a virtual machine that had all the same instructions as the real hardware did, so that was trivial: took less than a day to write it. But it had a little extra feature: memory management. The virtual machine ran as its input, the binary instructions of the programs that would normally run on the real machine. Like the OS, the compilers, etc. The easiest way to tell if the real machine was running or the virtual machine was that the virtual machine ran about 20x slower. I loaded the virtual machine and started it up. Then I invoked the FORTRAN compiler and presented it with a program with a lot of EQUIVALENCE statements, and saw that it was over-writing the interrupt vectors at the bottom of RAM, and further, what the offending instruction was. The original compiler had a bug were an index register needed to be specified, and it was omitted. Pretty simple. Now a black hat could easily put any old virtual machine on that machine, so doing nasty things would have been pretty easy. I suppose it is a little more difficult at a cyber cafe or public library. But not if I owned the cafe or worked in the library. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 14:25:01 up 6 days, 22:33, 2 users, load average: 4.02, 4.07, 4.11 From dsaklad at gnu.org Mon Mar 9 06:19:28 2015 From: dsaklad at gnu.org (Don Warner Saklad) Date: Mon, 09 Mar 2015 01:19:28 -0400 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <1633638.HTNhLanb3K@stark> (message from Jacky Alcine on Sat, 07 Mar 2015 03:04:44 -0500) Message-ID: <5itwxueoin.fsf@fencepost.gnu.org> It's too complicated to setup, a too complicated learning curve to setup... How to make it easier needs to be a greater priority. From m.mansfeld at mansfeld-elektronik.de Mon Mar 9 12:37:27 2015 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Mon, 09 Mar 2015 12:37:27 +0100 Subject: Heise: De-Mail integrates End-2-End Encryption with PGP Message-ID: <54FD85F7.16230.FC73C76@m.mansfeld.mansfeld-elektronik.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 At heise.de: De-Mail integrates End-2-End Encryption with PGP Currently only in German language, but I assume everybody here who is involved especially in semi-official German mail infrastructures like De-Mail can read and understand this stuff.. Original headline: "De-Mail integriert Ende-zu-Ende-Verschl?sselung mit PGP" http://heise.de/-2570632 Anybody here from the GnuPG developers involved in that stuff? I don't know whether that stuff is a good idea or not....... Regards Matthias - -- OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGrelay v0.962 iQEcBAEBCAAGBQJU/YX4AAoJEEBWH1SLWUDvxHMH/2LFZzr/JuWqQ2F1e6kKvNtf gByUdcW9HoHqSalLuhQEMGOkkbIBx/bR9glZSkaESfTyx3p/NFKRVOeaPquqnnA4 aLyhHQ9KyepF+tkd2hburmODa0zKFJZxRYHPl5D03C2AAtz8hZBwaNei2Xif1I03 d59STeA9uUM8OsQFnen4SbTSxcl25QPHoFC68xpCpoMCP7bogJeTjQy9lCh8Hkrj b7S2TsQRVSHS8S9RRgQNcZNDcgHCyem5Fz52WH8iJ5eh6fluUQ89WWqpTxYiWDo1 ngiYG9dNnlaRqx5/aSyyPuV5ypAjVQl+O6JzHndgfhL/tZZ0lrIcuI8SQEj9WuE= =MeIO -----END PGP SIGNATURE----- From wk at gnupg.org Mon Mar 9 13:08:40 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 09 Mar 2015 13:08:40 +0100 Subject: Heise: De-Mail integrates End-2-End Encryption with PGP In-Reply-To: <54FD85F7.16230.FC73C76@m.mansfeld.mansfeld-elektronik.de> (Matthias Mansfeld's message of "Mon, 09 Mar 2015 12:37:27 +0100") References: <54FD85F7.16230.FC73C76@m.mansfeld.mansfeld-elektronik.de> Message-ID: <87k2yqz83b.fsf@vigenere.g10code.de> On Mon, 9 Mar 2015 12:37, m.mansfeld at mansfeld-elektronik.de said: > Anybody here from the GnuPG developers involved in that stuff? Not that I know. Keep in mind that De-mail system has a serious problem: As soon as you register an account you are legally forced to check that account timely. All de-mails send to your account are considered delivered after (iirc) 3 days as an affidavit of service. Thus deadlines commence at that time even if you are on vacation and are not able to check your account. Better don't even not apply for a gratis account. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jeandavid8 at verizon.net Mon Mar 9 14:42:28 2015 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Mon, 09 Mar 2015 09:42:28 -0400 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <5itwxueoin.fsf@fencepost.gnu.org> References: <5itwxueoin.fsf@fencepost.gnu.org> Message-ID: <54FDA344.9010301@verizon.net> On 03/09/2015 01:19 AM, Don Warner Saklad wrote: > It's too complicated to setup, a too complicated learning curve to > setup... How to make it easier needs to be a greater priority. > Albert Einstein is credited with saying: Everything should be made as simple as possible: BUT NO SIMPLER. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 09:40:01 up 8 days, 16:48, 2 users, load average: 5.03, 4.93, 4.78 From maricelgregoraschko at yahoo.com Mon Mar 9 18:15:14 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Mon, 9 Mar 2015 17:15:14 +0000 (UTC) Subject: AES-NI, symmetric key generation Message-ID: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> Hello All,I would first like to thank you for your effort and time developing gnupgp.I have a couple of questions: 1. Does GnuGP (in particular, the Windows binaries distributed for gpg4win) use AES-NI, the Intel dedicated AES instruction set? There are some concerns, I'm not sure how realistic, about backdoors built into the CPU themselves.?I noticed there is an option to "configure", --disable-aesni-support. Where can I get the full configure command as it was used to build the posted gpg4win binaries, to check if that switch was present or not?Also is there any option to turn hardware acceleration on or off at runtime?? 2. ?When using symmetric encryption and providing a passphrase, I understand the actual encryption key is generated on the spot, used to do the encryption, and then discarded from memory and not stored anywhere, is that correct??If the user wanted, can they dump the encryption key to store it securely, and use it to decrypt, instead of the password?Is there a guarantee that the key derivation (passphrase to key) algorithm does not change between versions of GnuPG, so that a file encrypted with a passphrase and a previous GnuPG version can be decrypted with the same passphrase and a newer GnuPG version (i.e., the same key is generated from the passphrase)? Thank you very much for your support. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hans at guardianproject.info Mon Mar 9 20:01:40 2015 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Mon, 09 Mar 2015 15:01:40 -0400 Subject: gpgme and Java In-Reply-To: <87385lcf63.fsf_-_@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <87twy1dfjv.fsf@vigenere.g10code.de> <87F1333F-A27B-48B3-A763-D937B39562ED@guardianproject.info> <87385lcf63.fsf_-_@vigenere.g10code.de> Message-ID: <54FDEE14.4060604@guardianproject.info> Werner Koch: > On Wed, 4 Mar 2015 00:57, hans at guardianproject.info said: > >> thread at this point. The bizarre Java wrapper of GPGME was not the >> biggest part of the problem of the GnuPG-for-Android port, but it was >> nonetheless a real problem. Sure it is possible to use GPGME with > > You mean Stefan's decade old Java binding? Well, there was not much > interest in it for years and if there is now a need for a proper Java > binding, it should be done. I guess you forget that we worked a lot on it, ported it to GnuPG 2.1 and recent GPGME versions, and added features. There have been some other projects starting to use our version as well. https://github.com/guardianproject/gnupg-for-java >> Java, but it is not good, and ill-fitting APIs make for bad software, >> which in turn often leads to bad security. It also took a lot of > > Please describe the problems you have with the API so that we actually > have something to talk about. Its been a long while since I was working on the guts of this, so the details escape me. I can only say now what I remember without digging into the code again. One thing that is very clear to me: we spent a ton of time figuring out how to debug on Android, then actually running the debugging processes. That would have been drastically easier if we had been working with pure Java code that talked to the GnuPG processes. The Android tools are all about Java. And having all those layers of code wrapping code makes debugging also much harder. Another thing I remember clearly is that I had to first thing about implementing new features in JNI, then in Java. There are also a lot of times where data structures should be passed between Java and JNI, and that is generally a painful process in JNI. A pure Java interface to the GnuPG processes would totally eliminate that. At this point, I've done a lot of various things on Android, including running native processes, and JNI code. Working with a Java wrapper of GPGME made implementing things take many more hours, probably like 3-4 times as much, as I would expect from more native Android development. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From hans at guardianproject.info Mon Mar 9 20:07:31 2015 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Mon, 09 Mar 2015 15:07:31 -0400 Subject: Thoughts on GnuPG and automation In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: <54FDEF73.8020907@guardianproject.info> Why do I get so many responses like this on this list? I've spent a ton of time solving our own problems with the Android port, we also made sure to take out a support contract with Werner to pay him to answer our questions. I only wish we'd had more so we could pay him for all the work he has done, but we have long since run out of money for working on GnuPG. I continue this on my own time because I believe it is important. The point of this discussion is to talk about an shared architecture for using GnuPG outside of C/C++ on UNIX. That's why Bjarni started it, and that's why I've joined in here. It seems that half of this thread has been griping about the discussion process. We need a little more faith in each other so we can have productive discussions and further our shared goals. .hc Bob (Robert) Cavanaugh: > Native to what? Processor, OS? > I think Peter and the group already adequately answered this: If GPGME is not providing an interface that meets Android requirements, then look into how GPGME interfaces to GPG and emulate that interface. > For you to request that the interface be changed can be likened to someone requesting that I2C be changed because you have a hard time implementing it. This is pretty much a non-starter IMHO. Implementing interfaces to existing infrastructures is bread-and-butter to software development. Stop asking for fundamental infrastructure changes and start solving your problem. The group has literally hundreds of m-y that can be used productively to help you do this, but harness the group's power in a constructive manner. > > Bob Cavanaugh > > > > -----Original Message----- > From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Hans of Guardian > Sent: Tuesday, March 03, 2015 3:55 PM > To: Peter Lebbing > Cc: gnupg > Subject: Re: Thoughts on GnuPG and automation > > > On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: > > > In Android, you can't really have shared libraries. Apps share functionality at a higher level (aka Activities and Services). So GnuPG-for-Android _is_ the shared library in effect, since it provides OpenPGP via Activities. > > No one is saying that each app should have a custom wrapper for GnuPG. What I think mailpile is saying, and what I'm trying to say is that for programming environments where GPGME does not make sense, there should be the ability to easily make a native version of what GPGME is doing. > > .hc > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From hans at guardianproject.info Mon Mar 9 20:22:04 2015 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Mon, 09 Mar 2015 15:22:04 -0400 Subject: Thoughts on GnuPG and automation In-Reply-To: <87mw3taxoz.fsf@vigenere.g10code.de> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <87mw3taxoz.fsf@vigenere.g10code.de> Message-ID: <54FDF2DC.9070802@guardianproject.info> Werner Koch: > On Tue, 3 Mar 2015 21:29, hans at guardianproject.info said: > >> * Android will kill apps when it needs to, app lifecycle is automatically managed, >> the app has no control over it, and often zero warning is given > > That is the same as with Linux. Ever heard of the OOM killer? OOM killer is only comparable to the Android lifecycle in that it has the power to kill processes. In Android, apps are killed regularly, often many times a day. GNU/Linux was designed around the user telling a process to end (i.e. File->Quit or TERM). OOM killer is only a last resort in extreme situations. Android is designed around the system entirely determining when apps are terminated. >> * Android was not meant to support launching processes from a shell/terminal, >> it was there for core debugging, then opened up on demand from devs, but it >> is very much a second class citizen to a Java Android app. > > Why do you want to launch a process from a shell or terminal (actually a > shell is just an interpreter which has options to be used on a tty (job > control etc.)) > >> * all apps are child processes of 'zygote' > > All processes excuted from GPGME are children of init. What is the > problem? > >> * there is no way to install shared libraries to be shared by apps > > I can't comment on this. > >> There are other differences as well. And iOS actually works a lot > > Given that we worked together on adding features to GnuPG and GPGME for > use on Android I can't see your point. Given that Android uses a Unix > kernel it is much more Unix than Windows or VMS. > > You are thinking in the context of an application which runs on that > Android Unix kernel. That might be indeed limited. However we are > hackers and we can find ways to make almost everything work. It is a Linux kernel, which is most often used in UNIX-style OSes. But Android does not follow UNIX style, and Linux does not require an OS to follow them either. For example, in Android, UIDs and GIDs represent system permissions, not users and groups. You are going to be confusing things if you expect Android's Linux kernel to provide a UNIX environment for you. Even when Android's Linux kernel does support UNIX-ish things like symlinks, the Android runtime layer does not treat them as first class citizens. Even things like mount paths work differently in Android. A given mount path can have multiple simulatenous locations mounted to it, one per Android user account. > Shall we sit down and talk about the Android problems? If we can do that > close to my place I will be available most of the time. If it is better > for you to do it somewhere else, like Berlin, we need a bit more > planning. Travel expenses should not be a concern. Sure, that sounds good. I'm sorry I can't make the April meeting. I'll be back in Europe this summer indefinitely. I might be able to put together a multi-pronged trip to your area of the world, if that makes sense. But perhaps it makes the most sense to have a meeting at a relevant conference or similar thing. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From hans at guardianproject.info Mon Mar 9 20:27:10 2015 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Mon, 09 Mar 2015 15:27:10 -0400 Subject: cython wrapping gpgme WAS: Thoughts on GnuPG and automation In-Reply-To: <54F6DD93.9060203@grinta.net> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F6DD93.9060203@grinta.net> Message-ID: <54FDF40E.1060403@guardianproject.info> Daniele Nicolodi: > On 03/03/15 14:29, Hans of Guardian wrote: >> It is actually more difficult to wrap GPGME in Java than to have just >> rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad >> API for other languages. You end up with an API that feels like a C >> API forced into the language, e.g. Java, python, etc. That makes for >> more coding mistakes because it feels foreign to the programmer. >> More mistakes means more security issues. > > Hello, > > I have no idea about the Java tooling for interfacing to external > libraries, but (after seeing so many complaints on the mailing list) > I've recently started to work on Python bindings to GPGME using Cython, > and so far it has been an extremely smooth process and the resulting > Python API feels quite pythonic (I haven't started with the asynchronous > calls yet, those will probably be harder to map in a pythonic way). > > The fact that writing the bindings is quite easy, is due indeed to the > fact that GPGME is a fine API for C (and to Cython to a large extent). There are other C-Python wrappers of GPGME, like pyme. I hope you're aware of those, and have studied them. One thing that GnuPG suffers from is many people starting their own wrappers, but few people finishing them or contributing to existing ones. That is not a sustainable situation. http://pyme.sourceforge.net/ https://launchpad.net/pygpgme http://www.red-dove.com/python_gnupg/ https://bitbucket.org/vinay.sajip/python-gnupg https://github.com/isislovecruft/python-gnupg .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From robertc at broadcom.com Mon Mar 9 22:10:32 2015 From: robertc at broadcom.com (Bob (Robert) Cavanaugh) Date: Mon, 9 Mar 2015 21:10:32 +0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <54FDEF73.8020907@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> <54FDEF73.8020907@guardianproject.info> Message-ID: <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> Hi Hans, Wanted to respond to your post wondering why you are getting the responses you are. In another thread you write: "There are other C-Python wrappers of GPGME, like pyme. I hope you're aware of those, and have studied them. One thing that GnuPG suffers from is many people starting their own wrappers, but few people finishing them or contributing to existing ones. That is not a sustainable situation." This is the problem. You frame the dialog as blaming GnuPG and the design choices made in its implementation. Direct case in point: It is certainly not Werner's or any other principal GnuPG developer's issue if and when someone else independently took on a project to wrap GnuPG or GPGME. The fact that these people might have bitten off more than they can chew is completely irrelevant to the canonical implementation and frankly should be irrelevant to this discussion. When I said approach this in a constructive manner I meant this: You have some requirements. In your estimation these requirements are not met with the current toolset. Then instead of explicitly expecting this group to implement a paradigm shift (and forgive me if I misunderstand you, but that is what I infer you are asking for) generate a proposal for an Android-centric API. Or, if you feel that the infrastructure cannot support it, take the completely open sources Werner and group have provided and generate your own system that meets your needs. If possible, (and here again I am clarifying my original post) work with the people on this group to help you use the existing tools to get your requirements met. But speaking as a professional engineer of 25+ years experience, you will not get your desired results by starting the conversation impuning the work that went before and claiming that what you are asking for is far superior. If it is not your intent to convey that message then please review what you write before you send it, because that message was received loud and clear. Thanks, Bob Cavanaugh > -----Original Message----- > From: Hans-Christoph Steiner [mailto:hans at guardianproject.info] > Sent: Monday, March 09, 2015 12:08 PM > To: Bob (Robert) Cavanaugh; Peter Lebbing > Cc: gnupg > Subject: Re: Thoughts on GnuPG and automation > > > Why do I get so many responses like this on this list? I've spent a ton of time > solving our own problems with the Android port, we also made sure to take > out a support contract with Werner to pay him to answer our questions. I > only wish we'd had more so we could pay him for all the work he has done, > but we have long since run out of money for working on GnuPG. I continue > this on my own time because I believe it is important. > > The point of this discussion is to talk about an shared architecture for using > GnuPG outside of C/C++ on UNIX. That's why Bjarni started it, and that's > why I've joined in here. It seems that half of this thread has been griping > about the discussion process. We need a little more faith in each other so we > can have productive discussions and further our shared goals. > > .hc > > Bob (Robert) Cavanaugh: > > Native to what? Processor, OS? > > I think Peter and the group already adequately answered this: If GPGME is > not providing an interface that meets Android requirements, then look into > how GPGME interfaces to GPG and emulate that interface. > > For you to request that the interface be changed can be likened to > someone requesting that I2C be changed because you have a hard time > implementing it. This is pretty much a non-starter IMHO. Implementing > interfaces to existing infrastructures is bread-and-butter to software > development. Stop asking for fundamental infrastructure changes and start > solving your problem. The group has literally hundreds of m-y that can be > used productively to help you do this, but harness the group's power in a > constructive manner. > > > > Bob Cavanaugh > > > > > > > > -----Original Message----- > > From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf > Of > > Hans of Guardian > > Sent: Tuesday, March 03, 2015 3:55 PM > > To: Peter Lebbing > > Cc: gnupg > > Subject: Re: Thoughts on GnuPG and automation > > > > > > On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: > > > > > > In Android, you can't really have shared libraries. Apps share functionality > at a higher level (aka Activities and Services). So GnuPG-for-Android _is_ the > shared library in effect, since it provides OpenPGP via Activities. > > > > No one is saying that each app should have a custom wrapper for GnuPG. > What I think mailpile is saying, and what I'm trying to say is that for > programming environments where GPGME does not make sense, there > should be the ability to easily make a native version of what GPGME is doing. > > > > .hc > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > -- > PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 > https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From hans at guardianproject.info Mon Mar 9 22:21:40 2015 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Mon, 09 Mar 2015 17:21:40 -0400 Subject: Thoughts on GnuPG and automation In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> <54FDEF73.8020907@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: <54FE0EE4.9070904@guardianproject.info> I expect a discussion about what is working and what is not working with GPGME and various GnuPG APIs. I'm just trying to convey my experience with GnuPG-for-Android, gnupg-for-java, and a little bit with Python. I hope this will spur people to offer their experience, and generate new ideas and approaches. gpgme-tool is one version of that, `gpg --json` is another. .hc Bob (Robert) Cavanaugh: > Hi Hans, > Wanted to respond to your post wondering why you are getting the responses you are. > > In another thread you write: > "There are other C-Python wrappers of GPGME, like pyme. I hope you're aware of those, and have studied them. One thing that GnuPG suffers from is many people starting their own wrappers, but few people finishing them or contributing to existing ones. That is not a sustainable situation." > > This is the problem. You frame the dialog as blaming GnuPG and the design choices made in its implementation. Direct case in point: It is certainly not Werner's or any other principal GnuPG developer's issue if and when someone else independently took on a project to wrap GnuPG or GPGME. The fact that these people might have bitten off more than they can chew is completely irrelevant to the canonical implementation and frankly should be irrelevant to this discussion. When I said approach this in a constructive manner I meant this: You have some requirements. In your estimation these requirements are not met with the current toolset. Then instead of explicitly expecting this group to implement a paradigm shift (and forgive me if I misunderstand you, but that is what I infer you are asking for) generate a proposal for an Android-centric API. Or, if you feel that the infrastructure cannot support it, take the completely open sources Werner and group have provided and generate your ow n system that meets your needs. If possible, (and here again I am clarifying my original post) work with the people on this group to help you use the existing tools to get your requirements met. But speaking as a professional engineer of 25+ years experience, you will not get your desired results by starting the conversation impuning the work that went before and claiming that what you are asking for is far superior. If it is not your intent to convey that message then please review what you write before you send it, because that message was received loud and clear. > > Thanks, > > Bob Cavanaugh > > >> -----Original Message----- >> From: Hans-Christoph Steiner [mailto:hans at guardianproject.info] >> Sent: Monday, March 09, 2015 12:08 PM >> To: Bob (Robert) Cavanaugh; Peter Lebbing >> Cc: gnupg >> Subject: Re: Thoughts on GnuPG and automation >> >> >> Why do I get so many responses like this on this list? I've spent a ton of time >> solving our own problems with the Android port, we also made sure to take >> out a support contract with Werner to pay him to answer our questions. I >> only wish we'd had more so we could pay him for all the work he has done, >> but we have long since run out of money for working on GnuPG. I continue >> this on my own time because I believe it is important. >> >> The point of this discussion is to talk about an shared architecture for using >> GnuPG outside of C/C++ on UNIX. That's why Bjarni started it, and that's >> why I've joined in here. It seems that half of this thread has been griping >> about the discussion process. We need a little more faith in each other so we >> can have productive discussions and further our shared goals. >> >> .hc >> >> Bob (Robert) Cavanaugh: >>> Native to what? Processor, OS? >>> I think Peter and the group already adequately answered this: If GPGME is >> not providing an interface that meets Android requirements, then look into >> how GPGME interfaces to GPG and emulate that interface. >>> For you to request that the interface be changed can be likened to >> someone requesting that I2C be changed because you have a hard time >> implementing it. This is pretty much a non-starter IMHO. Implementing >> interfaces to existing infrastructures is bread-and-butter to software >> development. Stop asking for fundamental infrastructure changes and start >> solving your problem. The group has literally hundreds of m-y that can be >> used productively to help you do this, but harness the group's power in a >> constructive manner. >>> >>> Bob Cavanaugh >>> >>> >>> >>> -----Original Message----- >>> From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf >> Of >>> Hans of Guardian >>> Sent: Tuesday, March 03, 2015 3:55 PM >>> To: Peter Lebbing >>> Cc: gnupg >>> Subject: Re: Thoughts on GnuPG and automation >>> >>> >>> On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: >>> >>> >>> In Android, you can't really have shared libraries. Apps share functionality >> at a higher level (aka Activities and Services). So GnuPG-for-Android _is_ the >> shared library in effect, since it provides OpenPGP via Activities. >>> >>> No one is saying that each app should have a custom wrapper for GnuPG. >> What I think mailpile is saying, and what I'm trying to say is that for >> programming environments where GPGME does not make sense, there >> should be the ability to easily make a native version of what GPGME is doing. >>> >>> .hc >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> >> >> -- >> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From robertc at broadcom.com Mon Mar 9 22:23:23 2015 From: robertc at broadcom.com (Bob (Robert) Cavanaugh) Date: Mon, 9 Mar 2015 21:23:23 +0000 Subject: Thoughts on GnuPG and automation In-Reply-To: <54FE0EE4.9070904@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> <54FDEF73.8020907@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> <54FE0EE4.9070904@guardianproject.info> Message-ID: <8F0B09FC6339FA439524099BFCABC11F2D3C64F8@IRVEXCHMB11.corp.ad.broadcom.com> If that is the goal, that is a fair one. Thanks, Bob Cavanaugh > -----Original Message----- > From: Hans-Christoph Steiner [mailto:hans at guardianproject.info] > Sent: Monday, March 09, 2015 2:22 PM > To: Bob (Robert) Cavanaugh; Peter Lebbing > Cc: gnupg > Subject: Re: Thoughts on GnuPG and automation > > > I expect a discussion about what is working and what is not working with > GPGME and various GnuPG APIs. I'm just trying to convey my experience > with GnuPG-for-Android, gnupg-for-java, and a little bit with Python. I hope > this will spur people to offer their experience, and generate new ideas and > approaches. gpgme-tool is one version of that, `gpg --json` is another. > > .hc > > Bob (Robert) Cavanaugh: > > Hi Hans, > > Wanted to respond to your post wondering why you are getting the > responses you are. > > > > In another thread you write: > > "There are other C-Python wrappers of GPGME, like pyme. I hope you're > aware of those, and have studied them. One thing that GnuPG suffers from > is many people starting their own wrappers, but few people finishing them > or contributing to existing ones. That is not a sustainable situation." > > > > This is the problem. You frame the dialog as blaming GnuPG and the > > design choices made in its implementation. Direct case in point: It is > > certainly not Werner's or any other principal GnuPG developer's issue > > if and when someone else independently took on a project to wrap GnuPG > > or GPGME. The fact that these people might have bitten off more than > > they can chew is completely irrelevant to the canonical implementation > > and frankly should be irrelevant to this discussion. When I said > > approach this in a constructive manner I meant this: You have some > > requirements. In your estimation these requirements are not met with > > the current toolset. Then instead of explicitly expecting this group > > to implement a paradigm shift (and forgive me if I misunderstand you, > > but that is what I infer you are asking for) generate a proposal for > > an Android-centric API. Or, if you feel that the infrastructure cannot > > support it, take the completely open sources Werner and group have > > provided and generate your ow > n > system that meets your needs. If possible, (and here again I am clarifying > my original post) work with the people on this group to help you use the > existing tools to get your requirements met. But speaking as a professional > engineer of 25+ years experience, you will not get your desired results by > starting the conversation impuning the work that went before and claiming > that what you are asking for is far superior. If it is not your intent to convey > that message then please review what you write before you send it, because > that message was received loud and clear. > > > > Thanks, > > > > Bob Cavanaugh > > > > > >> -----Original Message----- > >> From: Hans-Christoph Steiner [mailto:hans at guardianproject.info] > >> Sent: Monday, March 09, 2015 12:08 PM > >> To: Bob (Robert) Cavanaugh; Peter Lebbing > >> Cc: gnupg > >> Subject: Re: Thoughts on GnuPG and automation > >> > >> > >> Why do I get so many responses like this on this list? I've spent a > >> ton of time solving our own problems with the Android port, we also > >> made sure to take out a support contract with Werner to pay him to > >> answer our questions. I only wish we'd had more so we could pay him > >> for all the work he has done, but we have long since run out of money > >> for working on GnuPG. I continue this on my own time because I believe > it is important. > >> > >> The point of this discussion is to talk about an shared architecture > >> for using GnuPG outside of C/C++ on UNIX. That's why Bjarni started > >> it, and that's why I've joined in here. It seems that half of this > >> thread has been griping about the discussion process. We need a > >> little more faith in each other so we can have productive discussions and > further our shared goals. > >> > >> .hc > >> > >> Bob (Robert) Cavanaugh: > >>> Native to what? Processor, OS? > >>> I think Peter and the group already adequately answered this: If > >>> GPGME is > >> not providing an interface that meets Android requirements, then look > >> into how GPGME interfaces to GPG and emulate that interface. > >>> For you to request that the interface be changed can be likened to > >> someone requesting that I2C be changed because you have a hard time > >> implementing it. This is pretty much a non-starter IMHO. Implementing > >> interfaces to existing infrastructures is bread-and-butter to > >> software development. Stop asking for fundamental infrastructure > >> changes and start solving your problem. The group has literally > >> hundreds of m-y that can be used productively to help you do this, > >> but harness the group's power in a constructive manner. > >>> > >>> Bob Cavanaugh > >>> > >>> > >>> > >>> -----Original Message----- > >>> From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On > Behalf > >> Of > >>> Hans of Guardian > >>> Sent: Tuesday, March 03, 2015 3:55 PM > >>> To: Peter Lebbing > >>> Cc: gnupg > >>> Subject: Re: Thoughts on GnuPG and automation > >>> > >>> > >>> On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote: > >>> > >>> > >>> In Android, you can't really have shared libraries. Apps share > >>> functionality > >> at a higher level (aka Activities and Services). So > >> GnuPG-for-Android _is_ the shared library in effect, since it provides > OpenPGP via Activities. > >>> > >>> No one is saying that each app should have a custom wrapper for > GnuPG. > >> What I think mailpile is saying, and what I'm trying to say is that > >> for programming environments where GPGME does not make sense, > there > >> should be the ability to easily make a native version of what GPGME is > doing. > >>> > >>> .hc > >>> _______________________________________________ > >>> Gnupg-users mailing list > >>> Gnupg-users at gnupg.org > >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users > >>> > >> > >> -- > >> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 > >> > https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 > > -- > PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 > https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 From daniele at grinta.net Mon Mar 9 22:40:33 2015 From: daniele at grinta.net (Daniele Nicolodi) Date: Mon, 09 Mar 2015 22:40:33 +0100 Subject: cython wrapping gpgme WAS: Thoughts on GnuPG and automation In-Reply-To: <54FDF40E.1060403@guardianproject.info> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F6DD93.9060203@grinta.net> <54FDF40E.1060403@guardianproject.info> Message-ID: <54FE1351.7080500@grinta.net> On 09/03/15 20:27, Hans-Christoph Steiner wrote: >> I have no idea about the Java tooling for interfacing to external >> libraries, but (after seeing so many complaints on the mailing list) >> I've recently started to work on Python bindings to GPGME using Cython, >> and so far it has been an extremely smooth process and the resulting >> Python API feels quite pythonic (I haven't started with the asynchronous >> calls yet, those will probably be harder to map in a pythonic way). >> >> The fact that writing the bindings is quite easy, is due indeed to the >> fact that GPGME is a fine API for C (and to Cython to a large extent). > > There are other C-Python wrappers of GPGME, like pyme. I hope you're aware of > those, and have studied them. One thing that GnuPG suffers from is many > people starting their own wrappers, but few people finishing them or > contributing to existing ones. That is not a sustainable situation. Hello Hans-Christoph, yes, I'm aware that there are other wrappers for GPGME. I cannot say that I studied them in detail, but I can give you my reasons why I started to work on a new one. I'm doing this in my (quite scarce) spare time, so the first requirements is that the development should be fun. > http://pyme.sourceforge.net/ I knew this one. It is based on SWIG, and my experience with SWIG is such that I want to stay as far as I can from that horrible mess. > https://launchpad.net/pygpgme I didn't know this one. It is interesting. However, it is written directly in C using the CPython extension API and this makes development quite tedious. There is probably something to learn from this project. > http://www.red-dove.com/python_gnupg/ > https://bitbucket.org/vinay.sajip/python-gnupg > https://github.com/isislovecruft/python-gnupg Those, as far as I know, work using the gpg command line, not the GPGME library and are all based on the same code. Unfortunately the gpg command line does not make some operations easy to script, therefore those are quite limited. Cheers, Daniele From dougb at dougbarton.email Mon Mar 9 22:41:44 2015 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 09 Mar 2015 14:41:44 -0700 Subject: Thoughts on GnuPG and automation In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> References: <54F04EC5.3000107@guardianproject.info> <54F07A7D.3040709@digitalbrains.com> <54F5D690.9030607@digitalbrains.com> <54F5E626.5010808@sixdemonbag.org> <54F5F8DC.8030804@digitalbrains.com> <69155963-925D-4776-9CC8-79504432FA87@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C2F9A@IRVEXCHMB11.corp.ad.broadcom.com> <54FDEF73.8020907@guardianproject.info> <8F0B09FC6339FA439524099BFCABC11F2D3C6486@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: <54FE1398.7010800@dougbarton.email> On 3/9/15 2:10 PM, Bob (Robert) Cavanaugh wrote: > you will not get your desired results by starting the conversation impuning the work that went before and claiming that what you are asking for is far superior OTOH, it's often useful when talking about a possible direction for new projects to have a frank and honest discussion about what did and did not work in old ones. Just as you pointed out that the slights you perceived Hans-Christoph offering on GnuPG are unfair because it's not responsible for what other project teams have started and failed to complete; it's equally unreasonable for you to infer that he was offering that slight, and for the same reason. The way I read Hans-Christoph's message was that there is a lack of coordination amongst various teams who have started API, wrapper, or other projects based on GnuPG tools, and that this fragmentation has harmed those efforts in various ways (including diverting precious resources to projects with little or no chance of success). And that it would be nice if we could take a hard look at what the real world requirements are for APIs and/or wrappers for various platforms, and have some coordinated effort put into work in this area. Both of those sound like perfectly reasonable observations to me, and I did not perceive any suggested slight by Hans-Christoph at any point in the conversation. FWIW, Doug From akbrandt at gmail.com Mon Mar 9 22:06:28 2015 From: akbrandt at gmail.com (Andy Brandt) Date: Mon, 9 Mar 2015 22:06:28 +0100 Subject: A strange problem with GnuPG & PSI/PSI+ Message-ID: I have a strange problem with GnuPG, that I have discovered when trying to get PSI to work with it. The scenario is pretty simple - I configure PSI for GnuPG encrypted messaging, then I do a test with another user. When I send a message to him all works ok, the message is encrypted and decrypts ok on the other end. When he sends me an encrypted message I do get the pinentry-qt4 window, there I enter my key password, but then instead of decrypted content I get "---BEGIN PGP---" message in Psi's chat window. To eliminate PSI as being the source of the problem (esp. since I used config files from Windows) I installed PSI+ and configured the account by hand from scratch. Same problem. But it doesn't end here. If I run gpg -d from the command line and paste the encrypted message from the PSI chat window and end with ^D the behavior is strange, because instead of decrypting the message to stdout it hangs and I have to hit ^C to get back to shell (if password was not provided before pinentry-qt4 appears again, on subsequent invocations it does not because gpg-agent keeps the password for a while). If I instead put the same message into a file and again run gpg -d file.txt then it decrypts correctly typing the result to stdout. This strange behavior leads me to believe the problem I encounter is with the GnuPG, not Psi/Psi+. I checked the gpg.conf but found nothing out of the ordinary there. I know the other user's setup works, because when I boot into Windows (where I have ident or talk with him from another machine everything works and he is not changing his configuration. I'm out of ideas for now, the Suse forum was unable to help me, so any help would be greatly appreciated. I use OpenSuse 13.2, versions: - gpg (GnuPG) 2.0.26 libgcrypt 1.6.1 - Psi 0.15-patched - Psi+ 0.16.376 (2014-07-23) -- Regards, Andy "Environment for Agile Teams " - my book for managers & founders My blog http://pragmaticleader.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From holtzm at cox.net Mon Mar 9 21:05:44 2015 From: holtzm at cox.net (Bob Holtzman) Date: Mon, 9 Mar 2015 13:05:44 -0700 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <5itwxueoin.fsf@fencepost.gnu.org> References: <1633638.HTNhLanb3K@stark> <5itwxueoin.fsf@fencepost.gnu.org> Message-ID: <20150309200543.GA2286@cox.net> On Mon, Mar 09, 2015 at 01:19:28AM -0400, Don Warner Saklad wrote: > It's too complicated to setup, a too complicated learning curve to > setup... How to make it easier needs to be a greater priority. Hand holding is down the hall on the left. -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From imeil8 at eml.cc Tue Mar 10 00:06:16 2015 From: imeil8 at eml.cc (imeil8 at eml.cc) Date: Mon, 09 Mar 2015 19:06:16 -0400 Subject: Suggestions for a Practical Scheme to Manage Multiple Identities? Message-ID: <1425942376.1466427.238101265.24AEC46F@webmail.messagingengine.com> Hi Folks- I have two identities with corresponding key pairs, one for work related needs and one for everything else. At the moment the keys for work live on my work machine and my everything else keys live on my laptop which I may or may not have access to at any given moment. The problem is sometimes I need my everything else identity at work and vice versa. Work is Ubuntu and home is Debian if that makes a difference to anything. The Debian is Wheezy and and the Ubuntu is 14.04. I'm using whichever gnupg is current in the repos NOT gnupg2 (sidebar issue: is there any pressing reason why I should switch to gnupg2?). Both my work and home machines are secure enough: I _think_. The disks are encrypted and the security settings are mostly in the sane to somewhat-paranoid range. I suppose my laptop is vulnerable to theft while I'm in transit but in that state the the disk encryption would be in effect. I _think_ the best scheme would be to combine the two identities onto a single keyring and write that out to an easily transported flash memory device and point gnupg to the to the flash device to find whichever key is needed. I _think_ I'm reasonably comfortable maintaining the security of the portable flash device and would place backups of my key revocation on my home and work machines in order to quickly revoke the keys in the event of loss. FWIW, my private keys have unreasonably long passphrases that I _think_ can withstand brute-forcing for a length of time sufficient for me to discover the loss of my flash device and issue a revocation and take steps to protect any files that may be vulnerable should the key become available in the wild. I have nothing against using a smartcard assuming there is no problem with storing multiple 2048 keys, the card is reasonably inexpensive, and can be had without jumping through hoops to find a vendor. If there is really good reason why using a portable flash device is a bad idea, I'd like to know about it. I read a discussion in the archives about it and concluded that it will likely serve my needs fairly well. So this is not a question about portable flash drives vs. smartcards per se. I _think_ I understand those risks and trade-offs but if there is something I'm missing then, of course, I'd like to know. Mainly, this is a key organization question: what is the best way to organize my identities so that I can access them as needed across my various machines? Thanks very much in advance. -Chris From carolyn at anhalt.org Tue Mar 10 00:06:02 2015 From: carolyn at anhalt.org (Carolyn Anhalt) Date: Mon, 9 Mar 2015 19:06:02 -0400 Subject: Anything that just works easily for folks?... without knowing this stuff. In-Reply-To: <54FDA344.9010301@verizon.net> References: <5itwxueoin.fsf@fencepost.gnu.org> <54FDA344.9010301@verizon.net> Message-ID: On Mon, Mar 9, 2015 at 9:42 AM, Jean-David Beyer wrote: > On 03/09/2015 01:19 AM, Don Warner Saklad wrote: >> It's too complicated to setup, a too complicated learning curve to >> setup... How to make it easier needs to be a greater priority. >> > Albert Einstein is credited with saying: > > Everything should be made as simple as possible: BUT NO SIMPLER. So true... Mailpile has actually managed to capture the simplicity at just about the right level, I think. It has a great interface to walk you through creating your key and setting it up to work with just about any existing mail account. It's not quite ready for general release, but the beta has been working pretty well for a while now. Definitely support them if you can! Until it's ready, I've found Mailvelope to be fairly simple as well for webmail interfaces, which is about as simple as email gets these days. Would either of those work for you? From gniibe at fsij.org Tue Mar 10 03:41:38 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 10 Mar 2015 11:41:38 +0900 Subject: Suggestions for a Practical Scheme to Manage Multiple Identities? In-Reply-To: <1425942376.1466427.238101265.24AEC46F@webmail.messagingengine.com> References: <1425942376.1466427.238101265.24AEC46F@webmail.messagingengine.com> Message-ID: <54FE59E2.4080907@fsij.org> On 03/10/2015 08:06 AM, imeil8 at eml.cc wrote: > So this is not a question about portable flash drives vs. smartcards per > se. I _think_ I understand those risks and trade-offs but if there is > something I'm missing then, of course, I'd like to know. I had an experience that one of my family members took my portable flash drive for his/her own purpose (and it took hours/days for me to realize the fact). This might be another risk. With this experience, I abandoned adding the feature of storage to Gnuk, even if I know the usefulness. If it's useful for you, it would be also useful for them, that might be a risk. P.S. I maintain Gauche, a Scheme interpreter, in Debian. Since the site is named "Practical Scheme" [0], at first glance, I completely misunderstood your subject. [0] Practical Scheme: http://practical-scheme.net/index.html -- From Deepak.Saxena at safenet-inc.com Tue Mar 10 05:30:47 2015 From: Deepak.Saxena at safenet-inc.com (Saxena, Deepak) Date: Tue, 10 Mar 2015 10:00:47 +0530 Subject: GPG4Win 2.2.3 Smart card support Message-ID: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB671@NOI1EXCH03.apac.sfnt.local> Hello, I am Deepak Saxena from Gemalto (formerly SafeNet Inc) and I am curious if smart cards are supported for storing the keys which will be used to encrypt files or email using gpg4win. I have installed gpg4win 2.2.3 and want to test SafeNet smart cards. I am getting following error: [cid:image003.jpg at 01D05B18.7E9178F0] Can you please update me if third party tokens/smartcard cards are supported in your product. Is MSCAPI/PKCS11 supported? --Deepak Saxena +919911641953 The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 12493 bytes Desc: image003.jpg URL: From gniibe at fsij.org Tue Mar 10 05:35:27 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 10 Mar 2015 13:35:27 +0900 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: References: <54FA4A08.50006@fsij.org> Message-ID: <54FE748F.3040400@fsij.org> On 03/08/2015 12:09 AM, Felix E. Klee wrote: > It?s not about the UI being pretty. What I like about Trezor is that > it?s small yet has basically an external PIN pad, and every transaction > has to be confirmed by the push of a button. So, unless there are > backdoors (which also could be at chip level) or bugs, malware cannot > sniff the PIN nor can it do unattended transactions. Thanks for your explanation. I see your point. Confirmation push button would be a good idea, and I have been considering how we can enhance the OpenPGPcard specification so that we could do something like that for future implementation(s). Still immature, but my current idea is something like following. Basically, OpenPGPcard requires another authentication (confirmation) to get the result of signing/decryption. Host PC OpenPGPcard command: PSO => <= response: 0x61 command: VERIFY with 0x84 or something different ==> <= response: 0x9000 OK command: GET_RESPONSE ==> <= response: of result of PSO I don't know if this kind of nested transaction is allowed or not in ISO 7816. If it's not allowed, there would be another way to do that. My point is that: if it's ok protocolwise, the confirmation feature can be implemented by OpenPGPcard using existing cardreader with pinpad. -- From gniibe at fsij.org Tue Mar 10 06:45:58 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 10 Mar 2015 14:45:58 +0900 Subject: GPG4Win 2.2.3 Smart card support In-Reply-To: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB671@NOI1EXCH03.apac.sfnt.local> References: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB671@NOI1EXCH03.apac.sfnt.local> Message-ID: <54FE8516.3020906@fsij.org> Hello, This is second time for me to receive the message like: > The information contained in this electronic mail transmission > may be privileged and confidential, and therefore, protected > from disclosure. If you have received this communication in > error, please notify us immediately by replying to this > message and deleting it from your computer without copying > or disclosing it. I can't answer to a message saying like this. Perhaps, so can't everyone (and that would be the reason why you didn't get reply). Thus, this is not the reply, but a monologue of mine. In January, I wrote a message to this list: https://lists.gnupg.org/pipermail/gnupg-users/2015-January/052298.html It may help somehow, but it should be just a coincidence. -- From Deepak.Saxena at safenet-inc.com Tue Mar 10 08:14:25 2015 From: Deepak.Saxena at safenet-inc.com (Saxena, Deepak) Date: Tue, 10 Mar 2015 12:44:25 +0530 Subject: GPG4Win 2.2.3 Smart card support In-Reply-To: <54FE8516.3020906@fsij.org> References: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB671@NOI1EXCH03.apac.sfnt.local> <54FE8516.3020906@fsij.org> Message-ID: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB777@NOI1EXCH03.apac.sfnt.local> Hi Yutaka, I am trying to test file encryption with SafeNet smart cards. (CardOs/ Java and other tokens). I am getting error message: The card application is not yet supported. I have dll libraries for my tokens but I am new to GPG4Win. Can you please guide me the way to import the library or steps by how can I configure GPG4win to support these tokens/ smartcards. I can see the list of supported tokens as: https://wiki.debian.org/GnuPG/CCID_Driver It it anyhow possible to support other tokens?? -----Original Message----- From: NIIBE Yutaka [mailto:gniibe at fsij.org] Sent: Tuesday, March 10, 2015 11:16 AM To: Saxena, Deepak Cc: gnupg-users at gnupg.org Subject: Re: GPG4Win 2.2.3 Smart card support Hello, This is second time for me to receive the message like: > The information contained in this electronic mail transmission may be > privileged and confidential, and therefore, protected from disclosure. > If you have received this communication in error, please notify us > immediately by replying to this message and deleting it from your > computer without copying or disclosing it. I can't answer to a message saying like this. Perhaps, so can't everyone (and that would be the reason why you didn't get reply). Thus, this is not the reply, but a monologue of mine. In January, I wrote a message to this list: https://lists.gnupg.org/pipermail/gnupg-users/2015-January/052298.html It may help somehow, but it should be just a coincidence. -- The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. From aheinecke at intevation.de Tue Mar 10 10:05:19 2015 From: aheinecke at intevation.de (Andre Heinecke) Date: Tue, 10 Mar 2015 10:05:19 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> References: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> Message-ID: <2938915.M7XCH4dMtl@esus> Hi, To answer your first question regarding gpg4win: On Monday, March 09, 2015 05:15:14 PM Maricel Gregoraschko wrote: > Hello All,I would first like to thank you for your effort and time > developing gnupgp.I have a couple of questions: 1. Does GnuGP (in > particular, the Windows binaries distributed for gpg4win) use AES-NI, the > Intel dedicated AES instruction set? No, it has been disabled due to a bug. I've opened gnupg/issue1919 to track this. > There are some concerns, I'm not sure > how realistic, about backdoors built into the CPU themselves. AES is an algorithm that produces deterministic results. Not really something to backdoor like a RNG. > I noticed > there is an option to "configure", --disable-aesni-support. Where can I get > the full configure command as it was used to build the posted gpg4win > binaries, to check if that switch was present or not? http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=blob;f=src/Makefile.am Look for gpg4win_pkg__configure (e.g. gpg4win_pkg_libgcrypt_configure) > Also is there any > option to turn hardware acceleration on or off at runtime? No. Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Tue Mar 10 11:25:14 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Mar 2015 11:25:14 +0100 Subject: GPG4Win 2.2.3 Smart card support In-Reply-To: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB777@NOI1EXCH03.apac.sfnt.local> (Deepak Saxena's message of "Tue, 10 Mar 2015 12:44:25 +0530") References: <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB671@NOI1EXCH03.apac.sfnt.local> <54FE8516.3020906@fsij.org> <33B1BAEAF9B37A439F73D9BF6B32ED4205FAB777@NOI1EXCH03.apac.sfnt.local> Message-ID: <87ioe9taid.fsf@vigenere.g10code.de> On Tue, 10 Mar 2015 08:14, Deepak.Saxena at safenet-inc.com said: > I am trying to test file encryption with SafeNet smart cards. (CardOs/ Java and other tokens). > I am getting error message: The card application is not yet supported. You need to write an application which GnuPG knows about. The source files scd/app-*.c implement the hist part of the card applictions. If you card has a pkcs#15 structure it would be used, if not you need to provide the specifications for the card and write such an application driver or find someone who is interested in doing that. You may however use the card directly sending the respecive APDUs to the card. You can test this with gpg-connect-agent; use scd serialno undefined to convince scdaemon to use the card without any known application and then run scd help apdu to learn about the APDU command. > I can see the list of supported tokens as: > https://wiki.debian.org/GnuPG/CCID_Driver This is a lower layer. On Windows pkcs at 11 is used and AFAICS it works for you. Salam-Shalom, Werner p.s. > The information contained in this electronic mail transmission > may be privileged and confidential, and therefore, protected > from disclosure. If you have received this communication in > error, please notify us immediately by replying to this Did the GCHQ complied with that request when they grabbed all those SIM card keys? ;-) -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From js-gnupg-users at webkeks.org Tue Mar 10 13:18:34 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Tue, 10 Mar 2015 13:18:34 +0100 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: <54FE748F.3040400@fsij.org> References: <54FA4A08.50006@fsij.org> <54FE748F.3040400@fsij.org> Message-ID: <20150310131834.455fb87c06755124a4351e7f@webkeks.org> On Tue, 10 Mar 2015 13:35:27 +0900, NIIBE Yutaka wrote: > Confirmation push button would be a good idea, and I have been > considering how we can enhance the OpenPGPcard specification so that > we could do something like that for future implementation(s). Does this really need to be part of the specification? For example, the Gnuk could just delay signing / decryption / authentication until the button has been pressed and return an error if it doesn't get pressed within a certain amount of time. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available URL: From js-gnupg-users at webkeks.org Tue Mar 10 13:23:22 2015 From: js-gnupg-users at webkeks.org (Jonathan Schleifer) Date: Tue, 10 Mar 2015 13:23:22 +0100 Subject: gpg in a =?ISO-8859-1?Q?cybercaf=E9?= In-Reply-To: <54F8D858.7080307@riseup.net> References: <1425468587.871457089@f386.i.mail.ru> <20150305183045.0a84427bb224d379f41d4152@webkeks.org> <54F8D858.7080307@riseup.net> Message-ID: <20150310132322.c69406fe8db7765f1f429a67@webkeks.org> On Thu, 05 Mar 2015 22:27:36 +0000, flapflap wrote: > The current version (1.3) of Tails comes with GnuPG 1.4.12. That's just not true. Not only is the gpg2 command available, but the change log even explicitly states that GnuPG 2 was added to improve smartcard support. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available URL: From wk at gnupg.org Tue Mar 10 15:58:05 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Mar 2015 15:58:05 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <2938915.M7XCH4dMtl@esus> (Andre Heinecke's message of "Tue, 10 Mar 2015 10:05:19 +0100") References: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> <2938915.M7XCH4dMtl@esus> Message-ID: <877fuoucg2.fsf@vigenere.g10code.de> On Tue, 10 Mar 2015 10:05, aheinecke at intevation.de said: >> Also is there any >> option to turn hardware acceleration on or off at runtime? You can globally disable certain hardware features: Create a file --8<---------------cut here---------------start------------->8--- # We do not want to use AES-NI intel-aesni --8<---------------cut here---------------end--------------->8--- and store it as /etc/gcrypt/hwf.deny . This should work also on Windows if you copy that file to every drive. The list of hardware features in the current development version is: { HWF_PADLOCK_RNG, "padlock-rng" }, { HWF_PADLOCK_AES, "padlock-aes" }, { HWF_PADLOCK_SHA, "padlock-sha" }, { HWF_PADLOCK_MMUL,"padlock-mmul"}, { HWF_INTEL_CPU, "intel-cpu" }, { HWF_INTEL_BMI2, "intel-bmi2" }, { HWF_INTEL_SSSE3, "intel-ssse3" }, { HWF_INTEL_PCLMUL,"intel-pclmul" }, { HWF_INTEL_AESNI, "intel-aesni" }, { HWF_INTEL_RDRAND,"intel-rdrand" }, { HWF_INTEL_AVX, "intel-avx" }, { HWF_INTEL_AVX2, "intel-avx2" }, { HWF_ARM_NEON, "arm-neon" } Libgcrypt 1.6 has less features. BTW, I just pushed a change for 2.1 to show the used Libgcrypt configuration: --8<---------------cut here---------------start------------->8--- $ gpg --list-gcrypt-config version:1.6.3-beta12: ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147: pubkeys:dsa:elgamal:rsa:ecc: digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog: rnd-mod:linux: cpu-arch:x86: mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S: threads:none: hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx: fips-mode:n:n: rng-type:standard:1: --8<---------------cut here---------------end--------------->8--- Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From pete at heypete.com Tue Mar 10 15:36:36 2015 From: pete at heypete.com (Pete Stephenson) Date: Tue, 10 Mar 2015 15:36:36 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> References: <2060751138.1681310.1425921314299.JavaMail.yahoo@mail.yahoo.com> Message-ID: <54FF0174.7060301@heypete.com> On 3/9/2015 6:15 PM, Maricel Gregoraschko wrote: > Hello All, Hi! > 2. When using symmetric encryption and providing a passphrase, I > understand the actual encryption key is generated on the spot, used to > do the encryption, and then discarded from memory and not stored > anywhere, is that correct? Correct. > If the user wanted, can they dump the encryption key to store it > securely, and use it to decrypt, instead of the password? Yes, but the security is only as strong as the weakest link: if one uses a weak passphrase to encrypt a message, an adversary could guess the password. If one used a long random string as a passphrase, this is functionally equivalent to a strong key, so why bother with using the key itself to decrypt instead of the passphrase? You can show the symmetric session key for a message using the "--show-session-key" option. Here's an example of text I encrypted with "gpg --symmetric": -----BEGIN PGP MESSAGE----- Version: GnuPG v1 jA0EAwMCYFod0NxVEONgySM6oLcax81PoXTPKk2R+zdP2XZ+rA1ILbKy3+sg0xs8 B8SW2A== =Iz40 -----END PGP MESSAGE----- The passphrase is "test" (no quotes). pete at kaylee:~$ gpg --show-session-key < example.txt [prompt for password] gpg: CAST5 encrypted data gpg: gpg-agent is not available in this session gpg: encrypted with 1 passphrase gpg: session key: `3:62A2421F805F6CB1767A9DF07983ADDF' gpg: example.txt: unknown suffix Later, I can use gpg with the "--override-session-key" option to supply the decryption key directly. Use "gpg --override-session-key [session key]", using the format given above: pete at kaylee:~$ gpg --override-session-key 3:62A2421F805F6CB1767A9DF07983ADDF < example.txt gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase Hello world! gpg: WARNING: message was not integrity protected See the manpage or https://www.gnupg.org/documentation/manpage.html for more details. One interesting note about show/override-session-key: if one is compelled to decrypt a message (or else...), one can use those options on messages encrypted using GnuPG's symmetric or the more usual asymmetric (i.e., public key) encryption methods. The manpage says, "This option is normally not used but comes handy in case someone forces you to reveal the content of an encrypted message; using this option you can do this without handing out the secret key." In other words, if you're compelled to decrypt a message that was encrypted to your public key, you don't need to hand over your private key (which would allow someone to decrypt all your messages, sign new messages, etc.). Instead, you would just hand over the encrypted message and the session key used to encrypt it. Since each message uses a new, random session key, only that single message can be decrypted and your private key is not compromised. Cheers! -Pete From mailing-lists at asatiifm.net Tue Mar 10 17:56:27 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Tue, 10 Mar 2015 18:56:27 +0200 Subject: Suggestions for a Practical Scheme to Manage Multiple Identities? In-Reply-To: <54FE59E2.4080907@fsij.org> References: <1425942376.1466427.238101265.24AEC46F@webmail.messagingengine.com> <54FE59E2.4080907@fsij.org> Message-ID: <54FF223B.4030805@asatiifm.net> On 10.03.15 04:41, NIIBE Yutaka wrote: >> So this is not a question about portable flash drives vs. smartcards per >> > se. I _think_ I understand those risks and trade-offs but if there is >> > something I'm missing then, of course, I'd like to know. > I had an experience that one of my family members took my portable > flash drive for his/her own purpose (and it took hours/days for me to > realize the fact). > > This might be another risk. On top of all the other problems of a general purpose storage device. I'd say just go with a smartcard or purpose built token device [1][2]. As for the multiple identities, different smartcards as needed. That makes the reader the only device to carry and the cards you can cut (some precut) to SIM-card size to make carrying easy. And there are small readers available. [1]: http://www.seeedstudio.com/wiki/index.php?title=FST-01 [2]: http://www.fsij.org/doc-gnuk/ -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Mar 10 19:38:45 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Mar 2015 19:38:45 +0100 Subject: GnuPG News for February 2015 Message-ID: <87oao0puiy.fsf@vigenere.g10code.de> Hi! Find below the plain text version of https://gnupg.org/blog/20150310-gnupg-in-february.html Shalom-Salam, Werner 1 GnuPG News for February 2015 ?????????????????????????????? Indeed, very exiting news this month: The financial crisis of The GnuPG Project is over. Due to an unexpected amount of donations received in the first days of February we can keep on working for at least the next 2 or 3 years. How did this happen? At the [31C3] Nico Josattis arranged an Interview with [Julia Angwin] who writes for [ProPublica]. Eventually on the 5th her [article] was published and immediately received a lot of attention. Not only at the ProPublica site but at many other news site as well. While checking my mail on that evening, I noticed more than thousand notification mails for donations and even better: that continuous stream of donations did not stop for the next days. Alone on the first day we received more than 120,000?? and thus more than our initial goal. I even had to fix the script building the donation progress bar to not overflow the right margin the same night. I also received a call from one of the Stripe founders who offered yearly donations from Stripe and Facebook each at 50,0000?$. Amazing. I like to *thank everyone* for supporting the project, be it small or large individual donations, helping users, providing corporate sponsorship, working on the software, and for all the encouraging words by mail, blogs, and even postcards. Due to that new publicity for GnuPG, I received many requests for interviews and for several days journalists and photographers visited me in my office. They wrote several articles for German papers and radio stations, for example in the [taz], the [S?ddeutsche Zeitung], and the [Deutsche Welle]. I hope these articles help to keep up the awareness for the importance of privacy issues. GnuPG does not stand alone: there are many other projects, often unknown to most people, which are essential to keep the free Internet running. Many of them are run by volunteers who spend a lot of unpaid time on them. They need our support as well! Now what to do with all that money? Before a final plan can be drafted, tax issues need to be resolved. Given that g10^code (the legal entity behind the project) is not a charity, we need to find a way to stretch the use of the money beyond this year. My tax advisor is currently looking into this and I will report on the outcome in another blog entry. Regardless of this I started to look out for a second developer and fortunately [Neal Walfield] was searching for a job and accepted my offer to work on GnuPG. Neal is well known for his work on modern operating systems and I consider him an excellent hacker. I am glad to have him on board. [31C3] https://events.ccc.de/congress/2014/wiki/Main_Page [Julia Angwin] http://juliaangwin.com [ProPublica] http://www.propublica.org [article] http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke [taz] http://www.taz.de/Verschluesselung-mit-GnuPG/!154635/ [S?ddeutsche Zeitung] http://www.sueddeutsche.de/digital/verschluesselungssoftware-gnu-pg-wie-ein-mann-das-e-mail-geheimnis-verteidigt-1.2355155 [Deutsche Welle] http://dw.de/p/1Eebj [Neal Walfield] http://walfield.org 1.1 Release status ?????????????????? GnuPG [2.1.2] was released on the 11th, [2.0.27] on the 18th, and [1.4.19] on the 27th. The 1.4.19 release features a fix for a new side channel attack on the Elgamal encryption (which used to be the default public key encryption algorithm until 2009). Go ahead and read how Genkin?s group describes the [details] of this attack. The release also includes a mitigation for another SCA to be described in the forthcoming paper /Last-Level Cache Side-Channel Attacks are Practical/ by Yarom et al. Libgcrypt [1.6.3] was released on the 27th to fix the described SCAs for GnuPG 2.0 and 2.1. [2.1.2] https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html [2.0.27] http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html [1.4.19] http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html [details] http://www.cs.tau.ac.il/~tromer/radioexp/ [1.6.3] http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html 1.2 Released and not yet released changes ????????????????????????????????????????? Several segfaults due to NULL-derefs and invalid memory reads when using garbled keyrings were fixed. These unlikely exploitable bugs were detected by fuzzing instrumented versions of GnuPG; [Hanno B?ck's report] has some details. A long standing implementation flaw copying memory stored values to integers variables was also found and fixed. These bug fixes have been backported to 2.0 and 1.4; Daniel Kahn Gillmor was kind enough to help with this. The decade old PKA system was modernized. The formerly used TXT records haven been replaced with CERT records of the IPGP type, and the local part of the mail address is now hashed and base32 encoded to support all valid mail addresses. This has been backported to 1.4.19. The new option `--print-pka-records' for 2.1 can be used to create zone files for PKA. The removal of the PGP-2 support from 2.1 turned out to be more complicated than expected. Another bug related to this only showed up and was fixed after the release of 2.1.2. To help people not fluent in the spelling alphabet or when using small fonts the option `--with-icao-spelling' has been added to 2.1: ????? ? pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31] ? Key fingerprint = 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 ? "Eight Zero Six One Five Eight Seven Zero ? Foxtrot Five Bravo Alfa Delta Six Niner Zero ? Three Three Three Six Eight Six Delta Zero ? Foxtrot Two Alfa Delta Eight Five Alfa Charlie ? One Echo Four Two Bravo Three Six Seven" ????? The dropped support for LDAP keyserver will be re-introduced with 2.1.3. Neal started to work on this and published a detailed description on how to setup such an [LDAP server]. [Hanno B?ck's report] https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html [LDAP server] https://wiki.gnupg.org/LDAPKeyserver 2 About this news posting ????????????????????????? I try to write a news posting every month. However, other work may have a higher priority (e.g. security fixes) and thus I won?t promise any fix publication date. If you have an interesting topic for a news posting, please feel free to mail me or gnupg-users at . A summary of the mailing list discussion would be a nice to have. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From maricelgregoraschko at yahoo.com Tue Mar 10 20:28:21 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Tue, 10 Mar 2015 19:28:21 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <54FF0174.7060301@heypete.com> References: <54FF0174.7060301@heypete.com> Message-ID: <1847944164.2940725.1426015701245.JavaMail.yahoo@mail.yahoo.com> Pete,Very useful info about using --show-session-key to avoid revealing your private asymmetric key.In your example ("gpg --show-session-key < example.txt") , had you somehow set up gpg to use symmetric by default, rather than asymmetric + symmetric?If I explicitly pass --symmetric, --show-session-key does nothing (gpg4win) (and I guess the key is not really a random "session" key as when sending a PGP message) but rather the key deterministically generated from the passphrase. I agree, using key instead of passphrase doesn't enhance security (assuming an attacker knows that the key was derived from a passphrase and with what key derivation algorithm? I assume the randomness/entropy of the key itself is high enough regardless of the passphrase strength?).?The reason I was asking if it's a possibility to store the symmetric key to decrypt with later, was to protect against future changes in the key derivation algorithm, that would make gpg generate a different key for the same passphrase, useless to decrypt previously encrypted data.Thank you for your support. From: Pete Stephenson To: Maricel Gregoraschko Cc: gnupg-users at gnupg.org Sent: Tuesday, March 10, 2015 10:36 AM Subject: Re: AES-NI, symmetric key generation On 3/9/2015 6:15 PM, Maricel Gregoraschko wrote: > Hello All, Hi! > 2.? When using symmetric encryption and providing a passphrase, I > understand the actual encryption key is generated on the spot, used to > do the encryption, and then discarded from memory and not stored > anywhere, is that correct? Correct. > If the user wanted, can they dump the encryption key to store it > securely, and use it to decrypt, instead of the password? Yes, but the security is only as strong as the weakest link: if one uses a weak passphrase to encrypt a message, an adversary could guess the password. If one used a long random string as a passphrase, this is functionally equivalent to a strong key, so why bother with using the key itself to decrypt instead of the passphrase? You can show the symmetric session key for a message using the "--show-session-key" option. Here's an example of text I encrypted with "gpg --symmetric": -----BEGIN PGP MESSAGE----- Version: GnuPG v1 jA0EAwMCYFod0NxVEONgySM6oLcax81PoXTPKk2R+zdP2XZ+rA1ILbKy3+sg0xs8 B8SW2A== =Iz40 -----END PGP MESSAGE----- The passphrase is "test" (no quotes). pete at kaylee:~$ gpg --show-session-key < example.txt [prompt for password] gpg: CAST5 encrypted data gpg: gpg-agent is not available in this session gpg: encrypted with 1 passphrase gpg: session key: `3:62A2421F805F6CB1767A9DF07983ADDF' gpg: example.txt: unknown suffix Later, I can use gpg with the "--override-session-key" option to supply the decryption key directly. Use "gpg --override-session-key [session key]", using the format given above: pete at kaylee:~$ gpg --override-session-key 3:62A2421F805F6CB1767A9DF07983ADDF < example.txt gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase Hello world! gpg: WARNING: message was not integrity protected See the manpage or https://www.gnupg.org/documentation/manpage.html for more details. One interesting note about show/override-session-key: if one is compelled to decrypt a message (or else...), one can use those options on messages encrypted using GnuPG's symmetric or the more usual asymmetric (i.e., public key) encryption methods. The manpage says, "This option is normally not used but comes handy in case someone forces you to reveal the content of an encrypted message; using this option you can do this without handing out the secret key." In other words, if you're compelled to decrypt a message that was encrypted to your public key, you don't need to hand over your private key (which would allow someone to decrypt all your messages, sign new messages, etc.). Instead, you would just hand over the encrypted message and the session key used to encrypt it. Since each message uses a new, random session key, only that single message can be decrypted and your private key is not compromised. Cheers! -Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From maricelgregoraschko at yahoo.com Tue Mar 10 20:33:39 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Tue, 10 Mar 2015 19:33:39 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <2938915.M7XCH4dMtl@esus> References: <2938915.M7XCH4dMtl@esus> Message-ID: <646335208.2968758.1426016019492.JavaMail.yahoo@mail.yahoo.com> > AES is an algorithm that produces deterministic results. Not really something? to backdoor like a RNG.? I admit I haven't looked at the AES-NI instruction set, but I've read that it could be easy for the CPU to reconstruct the key from a sequence of calls typical to AES encryption/decryption (I think implementations even use Intel-provided code), and store it for later retrieval through a secret CPU instruction set. From: Andre Heinecke To: gnupg-users at gnupg.org; Maricel Gregoraschko Sent: Tuesday, March 10, 2015 5:05 AM Subject: Re: AES-NI, symmetric key generation Hi, To answer your first question regarding gpg4win: On Monday, March 09, 2015 05:15:14 PM Maricel Gregoraschko wrote: > Hello All,I would first like to thank you for your effort and time > developing gnupgp.I have a couple of questions: 1. Does GnuGP (in > particular, the Windows binaries distributed for gpg4win) use AES-NI, the > Intel dedicated AES instruction set? No, it has been disabled due to a bug. I've opened gnupg/issue1919 to track this. > There are some concerns, I'm not sure > how realistic, about backdoors built into the CPU themselves. AES is an algorithm that produces deterministic results. Not really something to backdoor like a RNG. > I noticed > there is an option to "configure", --disable-aesni-support. Where can I get > the full configure command as it was used to build the posted gpg4win > binaries, to check if that switch was present or not? http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=blob;f=src/Makefile.am Look for gpg4win_pkg__configure (e.g. gpg4win_pkg_libgcrypt_configure) > Also is there any > option to turn hardware acceleration on or off at runtime? No. Regards, Andre -- Andre Heinecke |? ++49-541-335083-262? |? http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- An HTML attachment was scrubbed... URL: From maricelgregoraschko at yahoo.com Tue Mar 10 20:39:45 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Tue, 10 Mar 2015 19:39:45 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <877fuoucg2.fsf@vigenere.g10code.de> References: <877fuoucg2.fsf@vigenere.g10code.de> Message-ID: <135913303.2983865.1426016385331.JavaMail.yahoo@mail.yahoo.com> Thanks Werner.On Windows, you mean on each drive letter, in the root directory? (e.g. c:\hwf.deny, d:\hwf.deny, etc.?).Also would there be a way to make gpg display which hardware features are being used when encrypting/decrypting (to confirm that the deny file was correctly placed and actually had an effect)??Thank you. From: Werner Koch To: Andre Heinecke Cc: gnupg-users at gnupg.org; Maricel Gregoraschko Sent: Tuesday, March 10, 2015 10:58 AM Subject: Re: AES-NI, symmetric key generation On Tue, 10 Mar 2015 10:05, aheinecke at intevation.de said: >> Also is there any >> option to turn hardware acceleration on or off at runtime? You can globally disable certain hardware features: Create a file --8<---------------cut here---------------start------------->8--- # We do not want to use AES-NI intel-aesni --8<---------------cut here---------------end--------------->8--- and store it as /etc/gcrypt/hwf.deny . This should work also on Windows if you copy that file to every drive.? The list of hardware features in the current development version is: ? ? { HWF_PADLOCK_RNG, "padlock-rng" }, ? ? { HWF_PADLOCK_AES, "padlock-aes" }, ? ? { HWF_PADLOCK_SHA, "padlock-sha" }, ? ? { HWF_PADLOCK_MMUL,"padlock-mmul"}, ? ? { HWF_INTEL_CPU,? "intel-cpu" }, ? ? { HWF_INTEL_BMI2,? "intel-bmi2" }, ? ? { HWF_INTEL_SSSE3, "intel-ssse3" }, ? ? { HWF_INTEL_PCLMUL,"intel-pclmul" }, ? ? { HWF_INTEL_AESNI, "intel-aesni" }, ? ? { HWF_INTEL_RDRAND,"intel-rdrand" }, ? ? { HWF_INTEL_AVX,? "intel-avx" }, ? ? { HWF_INTEL_AVX2,? "intel-avx2" }, ? ? { HWF_ARM_NEON,? ? "arm-neon" } Libgcrypt 1.6 has less features. BTW, I just pushed a change for 2.1 to show the used Libgcrypt configuration: --8<---------------cut here---------------start------------->8--- $ gpg --list-gcrypt-config version:1.6.3-beta12: ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147: pubkeys:dsa:elgamal:rsa:ecc: digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog: rnd-mod:linux: cpu-arch:x86: mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S: threads:none: hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx: fips-mode:n:n: rng-type:standard:1: --8<---------------cut here---------------end--------------->8--- Shalom-Salam, ? Werner -- Die Gedanken sind frei.? Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at nym.hush.com Tue Mar 10 21:42:51 2015 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Tue, 10 Mar 2015 16:42:51 -0400 Subject: AES-NI, symmetric key generation In-Reply-To: <1847944164.2940725.1426015701245.JavaMail.yahoo@mail.yahoo.com> References: <54FF0174.7060301@heypete.com> <1847944164.2940725.1426015701245.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150310204252.04E94E03D4@smtp.hushmail.com> On 3/10/2015 at 4:19 PM, "Maricel Gregoraschko" wrote: >I agree, using key instead of passphrase doesn't enhance security >(assuming an attacker knows that the key was derived from a >passphrase and with what key derivation algorithm? I assume the >randomness/entropy of the key itself is high enough regardless of >the passphrase strength?).?The reason I was asking if it's a >possibility to store the symmetric key to decrypt with later, was >to protect against future changes in the key derivation algorithm, >that would make gpg generate a different key for the same >passphrase, useless to decrypt previously encrypted data.Thank you >for your support. ----- If you don't want to keep your passsphrase, and want only to keep the session key, and you want this to have no weakness because of a questionably strong enough password that was used to generate the key, then there is an easy way to do what you want: [1] Encrypt a test message to any of your own keys. [2] Decrypt this test message, with the option of --show-session-key [3] Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message). [4] Decrypt your symmetrically encrypted file or message, using the option of --show-session-key [5] Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step [1] ). The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password. You can't find a better password (especially even one that you don't have to remember ;-) ) vedaal From wk at gnupg.org Tue Mar 10 22:08:50 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Mar 2015 22:08:50 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <135913303.2983865.1426016385331.JavaMail.yahoo@mail.yahoo.com> (Maricel Gregoraschko's message of "Tue, 10 Mar 2015 19:39:45 +0000 (UTC)") References: <877fuoucg2.fsf@vigenere.g10code.de> <135913303.2983865.1426016385331.JavaMail.yahoo@mail.yahoo.com> Message-ID: <8761a8pnkt.fsf@vigenere.g10code.de> On Tue, 10 Mar 2015 20:39, maricelgregoraschko at yahoo.com said: > Thanks Werner.On Windows, you mean on each drive letter, in the root > directory? (e.g. c:\hwf.deny, d:\hwf.deny, etc.?).Also would there be Yes, that was the idea. The file names should however be c:\etc\gcrypt\hwf.deny d:\etc\gcrypt\hwf.deny I have not tested this. > a way to make gpg display which hardware features are being used when > encrypting/decrypting (to confirm that the deny file was correctly > placed and actually had an effect)??Thank you. From: Werner Koch Not yet. 2.1.3 will have a command to list it. You may simply encrypt a large file and compare the times. It is way faster with AES-NI enabled. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Mar 10 22:13:34 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Mar 2015 22:13:34 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <646335208.2968758.1426016019492.JavaMail.yahoo@mail.yahoo.com> (Maricel Gregoraschko's message of "Tue, 10 Mar 2015 19:33:39 +0000 (UTC)") References: <2938915.M7XCH4dMtl@esus> <646335208.2968758.1426016019492.JavaMail.yahoo@mail.yahoo.com> Message-ID: <871tkwpncx.fsf@vigenere.g10code.de> On Tue, 10 Mar 2015 20:33, maricelgregoraschko at yahoo.com said: > I admit I haven't looked at the AES-NI instruction set, but I've read > that it could be easy for the CPU to reconstruct the key from a Possible. It is also easy to detect the instructions used for software based AES keyscheduling and leak the key from that knowledge. I'd pick AES-NI for its better performace and SCA resistance. RDRAND for random numbers is a different story. No sane crypto tool should soley rely on this instruction. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From pete at heypete.com Tue Mar 10 22:32:11 2015 From: pete at heypete.com (Pete Stephenson) Date: Tue, 10 Mar 2015 22:32:11 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <1847944164.2940725.1426015701245.JavaMail.yahoo@mail.yahoo.com> References: <54FF0174.7060301@heypete.com> <1847944164.2940725.1426015701245.JavaMail.yahoo@mail.yahoo.com> Message-ID: <54FF62DB.6000009@heypete.com> On 3/10/2015 8:28 PM, Maricel Gregoraschko wrote: > Pete, > Very useful info about using --show-session-key to avoid revealing your > private asymmetric key. No worries. > In your example ("gpg --show-session-key < example.txt") , had you > somehow set up gpg to use symmetric by default, rather than asymmetric + > symmetric? No. It was a nearly "out of the box" setup with only some minor changes to my gpg.conf file in regards to accessing keyservers. Nothing that would affect the modes of encryption. > If I explicitly pass --symmetric, --show-session-key does nothing > (gpg4win) (and I guess the key is not really a random "session" key as > when sending a PGP message) but rather the key deterministically > generated from the passphrase. Works fine for me. Try copy-pasting the text into the command prompt rather than reading from a file. Use Ctrl-Z then Enter to tell GnuPG you're done entering a message and it should start processing things. Here's an encrypted message I generated with "gpg --symmetric --armor" on GPG4Win 2.2.3: -----BEGIN PGP MESSAGE----- Version: GnuPG v2 jA0EAwMC2lG4z3grm9G1ySTYXvITlKTun7NvaLnznJZI4AhGJyTk+rFkAdufNRzB cC6eqAI= =j73k -----END PGP MESSAGE----- (password is "test" with no quotes) gpg --show-session-key yields a session key of "3:C4A5BBCBB7C8F846FCA3A9BDDED0EB7F". The same message encrypted a few seconds later with the same password yields: -----BEGIN PGP MESSAGE----- Version: GnuPG v2 jA0EAwMCgnIlCp86aLq1ySQt2veDYta5U1uxPiust4siTyduBe7+CVhupax2HKeI Zcm3Rx0= =kZPs -----END PGP MESSAGE----- and a session key of "3:A81A96428D44DEAD3A6079CC22145B51 It appears that GnuPG uses the iterated-and-salted secret-to-key method (see https://tools.ietf.org/html/rfc4880#section-3.7.1.3 ) to generate the session key. You're right: the key is derived from a passphrase and so is not truly random, but the salt is random which helps a bit. Of course, the salt is not encrypted, so the message protection depends only on the strength of your passphrase. > I agree, using key instead of passphrase doesn't enhance security > (assuming an attacker knows that the key was derived from a passphrase > and with what key derivation algorithm? I assume the randomness/entropy > of the key itself is high enough regardless of the passphrase strength?). The attacker would be able determine quite a bit of information about how the message was encrypted (as this same information would be needed by a legitimate user to decrypt the message): Here's an excerpt from the double-verbose (-vv) output from the second encrypted message above (all this is available without entering the passphrase): :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 8272250a9f3a68ba, count 2752512 (181) The attacker would know the cipher being used (cipher 3 = CAST5), the fact that the key is derived from a user-provided string (the fact that s2k is used), which string-to-key algorithm is used (s2k 3 = iterated-and-salted), the hash used (hash 2 = SHA-1), the salt, and the number of times to iterate the S2K algorithm. The attacker won't know the strength of your passphrase -- it could be "cat" or a long string of random characters -- but it tells them that the key was generated using user-provided input. > The reason I was asking if it's a possibility to store the symmetric key > to decrypt with later, was to protect against future changes in the key > derivation algorithm, that would make gpg generate a different key for > the same passphrase, useless to decrypt previously encrypted data. GnuPG follows the OpenPGP standard (RFC 4880). The standard defines certain key derivation algorithms and provides the ability to add new ones if needed. Adding new key derivation algorithms in the future should not have any affect on existing encrypted messages. Since each message clearly identifies the algorithm used to encrypt it, future versions of GnuPG should have no problem decrypting it. Indeed, the current version of GnuPG is able to decrypt messages generated from old (even ancient!) versions of PGP and GnuPG with few, if any, issues. Cheers! -Pete From gniibe at fsij.org Wed Mar 11 06:04:50 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 11 Mar 2015 14:04:50 +0900 Subject: Trezor - Could this be the model for a PGP crypto device? In-Reply-To: <20150310131834.455fb87c06755124a4351e7f@webkeks.org> References: <54FA4A08.50006@fsij.org> <54FE748F.3040400@fsij.org> <20150310131834.455fb87c06755124a4351e7f@webkeks.org> Message-ID: <54FFCCF2.6060408@fsij.org> On 03/10/2015 09:18 PM, Jonathan Schleifer wrote: > Does this really need to be part of the specification? For example, > the Gnuk could just delay signing / decryption / authentication > until the button has been pressed and return an error if it doesn't > get pressed within a certain amount of time. Good point. Yes, it is possible to implement "ack" button in a way you describe. But, technically, it's not good for the underlying layer to impose this kind of "snatch". It is better for Host PC to know the interaction. Besides, when possible, I don't want a feature to be implemented only for Gnuk. I don't want to differentiate, but to collaborate. Well, I realized that my idea of yesterday was not good. According to ISO 7816-4, no command is allowed before GET RESPONSE. So, we could consider something like this: Host PC OpenPGPcard command: PSO => <= response: 0x9F command: VERIFY with 0x84 ==> (or something different than 0x81, 0x82, or 0x83) <= response: 0x9000 OK command: GET DATA on some pseudo Data Object ==> <= response: of result of PSO It seems for me that we can use 0x9F to let host PC the length of data. (while 0x61 expects succeeding GET RESPONSE.) This can be done with smartcard + cardreader with pinpad. -- From xavier at maillard.im Wed Mar 11 07:18:15 2015 From: xavier at maillard.im (Xavier Maillard) Date: Wed, 11 Mar 2015 07:18:15 +0100 Subject: [cygwin] gpg-agent with ssh support ? Message-ID: <86mw3koy54.fsf@kcals2.maillard.im> Hi all, On my workstation, I have installed cygwin and GPG4win which is bundled with a version of gpg-agent (cygwin comes whith oldies and no gpg-agent AFAICS). I enabled ssh support in the gpg-agent.conf file as usual and I clearly see the socket files for both GNUpg and SSH. When starting a cygwin terminal and trying to decrypt one file using gpg --decrypt file.gpg, pinentry comes in and asks for my passphrase (and then cache it into gpg-agent). On the other hand, trying to add an identify file into the agent fails. It tells it can't connect to the agent. In fact, after hours of trial and errors, I gave up launching ssh-agent manually. Do you know a way to fix that and only use gpg-agent as my sole agent entry point for both gpg and ssh ? Regards -- Xavier. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 1494 bytes Desc: not available URL: From wk at gnupg.org Wed Mar 11 11:15:58 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Mar 2015 11:15:58 +0100 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <86mw3koy54.fsf@kcals2.maillard.im> (Xavier Maillard's message of "Wed, 11 Mar 2015 07:18:15 +0100") References: <86mw3koy54.fsf@kcals2.maillard.im> Message-ID: <87egovon4x.fsf@vigenere.g10code.de> On Wed, 11 Mar 2015 07:18, xavier at maillard.im said: > I enabled ssh support in the gpg-agent.conf file as usual and I > clearly see the socket files for both GNUpg and SSH. The Unix Domain Socket emulation used by Cygwin is different from the emulation used by GnuPG on Windows. Recall that Cygwin is its own OS on top of Windows. You may try to build GnuPG for Cygwin and install this. However, I would not suggest this. The standard ssh client on Windows seems to be Putty; you may use it with the native GnuPG for Windows (i.e. Gpg4win) by using the option --enable-putty-support instead of --enable-ssh-support. > Do you know a way to fix that and only use gpg-agent as my sole agent > entry point for both gpg and ssh ? IIRC, gniibe once posted a description on how Cygwin's socket emulation works on Windows. It might be possible to add this to gpg-agent. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From brian at minton.name Wed Mar 11 14:28:10 2015 From: brian at minton.name (Brian Minton) Date: Wed, 11 Mar 2015 09:28:10 -0400 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <87egovon4x.fsf@vigenere.g10code.de> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> Message-ID: I would like to second the request for this feature. On Wed, Mar 11, 2015, 6:23 AM Werner Koch wrote: > On Wed, 11 Mar 2015 07:18, xavier at maillard.im said: > > > I enabled ssh support in the gpg-agent.conf file as usual and I > > clearly see the socket files for both GNUpg and SSH. > > The Unix Domain Socket emulation used by Cygwin is different from the > emulation used by GnuPG on Windows. Recall that Cygwin is its own OS on > top of Windows. You may try to build GnuPG for Cygwin and install this. > However, I would not suggest this. > > The standard ssh client on Windows seems to be Putty; you may use it > with the native GnuPG for Windows (i.e. Gpg4win) by using the option > --enable-putty-support instead of --enable-ssh-support. > > > Do you know a way to fix that and only use gpg-agent as my sole agent > > entry point for both gpg and ssh ? > > IIRC, gniibe once posted a description on how Cygwin's socket emulation > works on Windows. It might be possible to add this to gpg-agent. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at minton.name Wed Mar 11 15:12:59 2015 From: brian at minton.name (Brian Minton) Date: Wed, 11 Mar 2015 10:12:59 -0400 Subject: bugs.gnupg.org TLS certificate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I wanted to report a bug of gnupg, but my browser complained about the certificate (self-signed, and for kerckhoffs.g10code.com) rather than bugs.gnupg.org. I noticed that https://gnupg.org has a trusted certificate from Gandi Standard SSL CA, but bugs.gnupg.org (and other sites such as git.gnupg.org) don't use that certificate. Have you considered a wildcard certificate? I know this has been discussed before, e.g. at https://lists.gnupg.org/pipermail/gnupg-users/2013-December/048415.html thanks, - -- Brian Minton brian at minton.name http://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iF4EAREIAAYFAlT95+kACgkQa46zoGXPuql5WQD/ekTmNWoSkZmaBN4R24Y59cHt rOYzvL0k0kWWOKTt0dwA/1T+07f4PT8zH5QQJdQxcK8HvoxZeJHbwH1uJqIrzKv1 =9aIo -----END PGP SIGNATURE----- From wk at gnupg.org Wed Mar 11 17:38:54 2015 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Mar 2015 17:38:54 +0100 Subject: bugs.gnupg.org TLS certificate In-Reply-To: (Brian Minton's message of "Wed, 11 Mar 2015 10:12:59 -0400") References: Message-ID: <87zj7jlc9t.fsf@vigenere.g10code.de> On Wed, 11 Mar 2015 15:12, brian at minton.name said: > git.gnupg.org) don't use that certificate. Have you considered a wildcard > certificate? I know this has been discussed before, e.g. at Too expensive ;-). To stop all these complaints I will add a so called real certificate but first I need to move the tracker to another machine. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Wed Mar 11 18:10:08 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 11 Mar 2015 13:10:08 -0400 Subject: Enigmail speed geeking Message-ID: <550076F0.70507@sixdemonbag.org> At the Circumvention Tech Festival there was an event called speed-geeking, where the people responsible for a tool would speak for a few minutes on something related to the tool and field a few minutes of Q&A from the audience about the tool. I received a number of requests afterwards to reprise my Enigmail speed-geeking presentation, so I wrote it up and put it online. "Things you're doing wrong with Enigmail" is a short (500-word) essay on four mistakes I repeatedly see Enigmail users making. However, it's not limited to Enigmail: most of the content is broadly applicable to any cryptosystem. http://robert-hansen.com/?p=83 From dougb at dougbarton.email Wed Mar 11 18:23:16 2015 From: dougb at dougbarton.email (Doug Barton) Date: Wed, 11 Mar 2015 10:23:16 -0700 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <87egovon4x.fsf@vigenere.g10code.de> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> Message-ID: <55007A04.9010808@dougbarton.email> On 3/11/15 3:15 AM, Werner Koch wrote: > The standard ssh client on Windows seems to be Putty; you may use it > with the native GnuPG for Windows (i.e. Gpg4win) by using the option > --enable-putty-support instead of --enable-ssh-support. PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Doug From maricelgregoraschko at yahoo.com Wed Mar 11 18:55:20 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Wed, 11 Mar 2015 17:55:20 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <54FF62DB.6000009@heypete.com> References: <54FF62DB.6000009@heypete.com> Message-ID: <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> Thank you Pete for clearing things up. Makes a lot of sense to store passphrase-to-key identification data, in addition to actual algorithm used, in the output message rather than have the decryptor just assume things. I figured out how to use --show-session-key: in my tests it doesn't show the key when encrypting, only when decrypting, that's good enough, I'm ok with doing a test decryption just to show the key. One more question: Is there any standardization in output formats between encryption programs and libraries, for example say you encrypt with AES128 in CBC, with the same key (directly or via passphrase), and since the output will have to have, in addition to the actual ciphertext, algorithm indentification on it, possible pasphrase-to-key, plus mode-specific data such as the iv/nonce, is there a specification of the format of how these come in?Thanks! From: Pete Stephenson To: Maricel Gregoraschko ; gnupg-users at gnupg.org Sent: Tuesday, March 10, 2015 5:32 PM Subject: Re: AES-NI, symmetric key generation On 3/10/2015 8:28 PM, Maricel Gregoraschko wrote: > Pete, > Very useful info about using --show-session-key to avoid revealing your > private asymmetric key. No worries. > In your example ("gpg --show-session-key < example.txt") , had you > somehow set up gpg to use symmetric by default, rather than asymmetric + > symmetric? No. It was a nearly "out of the box" setup with only some minor changes to my gpg.conf file in regards to accessing keyservers. Nothing that would affect the modes of encryption. > If I explicitly pass --symmetric, --show-session-key does nothing > (gpg4win) (and I guess the key is not really a random "session" key as > when sending a PGP message) but rather the key deterministically > generated from the passphrase. Works fine for me. Try copy-pasting the text into the command prompt rather than reading from a file. Use Ctrl-Z then Enter to tell GnuPG you're done entering a message and it should start processing things. Here's an encrypted message I generated with "gpg --symmetric --armor" on GPG4Win 2.2.3: -----BEGIN PGP MESSAGE----- Version: GnuPG v2 jA0EAwMC2lG4z3grm9G1ySTYXvITlKTun7NvaLnznJZI4AhGJyTk+rFkAdufNRzB cC6eqAI= =j73k -----END PGP MESSAGE----- (password is "test" with no quotes) gpg --show-session-key yields a session key of "3:C4A5BBCBB7C8F846FCA3A9BDDED0EB7F". The same message encrypted a few seconds later with the same password yields: -----BEGIN PGP MESSAGE----- Version: GnuPG v2 jA0EAwMCgnIlCp86aLq1ySQt2veDYta5U1uxPiust4siTyduBe7+CVhupax2HKeI Zcm3Rx0= =kZPs -----END PGP MESSAGE----- and a session key of "3:A81A96428D44DEAD3A6079CC22145B51 It appears that GnuPG uses the iterated-and-salted secret-to-key method (see https://tools.ietf.org/html/rfc4880#section-3.7.1.3 ) to generate the session key. You're right: the key is derived from a passphrase and so is not truly random, but the salt is random which helps a bit. Of course, the salt is not encrypted, so the message protection depends only on the strength of your passphrase. > I agree, using key instead of passphrase doesn't enhance security > (assuming an attacker knows that the key was derived from a passphrase > and with what key derivation algorithm? I assume the randomness/entropy > of the key itself is high enough regardless of the passphrase strength?). The attacker would be able determine quite a bit of information about how the message was encrypted (as this same information would be needed by a legitimate user to decrypt the message): Here's an excerpt from the double-verbose (-vv) output from the second encrypted message above (all this is available without entering the passphrase): :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 ? ? ? ? salt 8272250a9f3a68ba, count 2752512 (181) The attacker would know the cipher being used (cipher 3 = CAST5), the fact that the key is derived from a user-provided string (the fact that s2k is used), which string-to-key algorithm is used (s2k 3 = iterated-and-salted), the hash used (hash 2 = SHA-1), the salt, and the number of times to iterate the S2K algorithm. The attacker won't know the strength of your passphrase -- it could be "cat" or a long string of random characters -- but it tells them that the key was generated using user-provided input. > The reason I was asking if it's a possibility to store the symmetric key > to decrypt with later, was to protect against future changes in the key > derivation algorithm, that would make gpg generate a different key for > the same passphrase, useless to decrypt previously encrypted data. GnuPG follows the OpenPGP standard (RFC 4880). The standard defines certain key derivation algorithms and provides the ability to add new ones if needed. Adding new key derivation algorithms in the future should not have any affect on existing encrypted messages. Since each message clearly identifies the algorithm used to encrypt it, future versions of GnuPG should have no problem decrypting it. Indeed, the current version of GnuPG is able to decrypt messages generated from old (even ancient!) versions of PGP and GnuPG with few, if any, issues. Cheers! -Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From maricelgregoraschko at yahoo.com Wed Mar 11 18:59:10 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Wed, 11 Mar 2015 17:59:10 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <20150310204252.04E94E03D4@smtp.hushmail.com> References: <20150310204252.04E94E03D4@smtp.hushmail.com> Message-ID: <2019083499.3942100.1426096750887.JavaMail.yahoo@mail.yahoo.com> Thanks Vedaal, yep that would be one mighty strong password! From: "vedaal at nym.hush.com" To: Maricel Gregoraschko ; gnupg-users at gnupg.org Sent: Tuesday, March 10, 2015 4:42 PM Subject: Re: AES-NI, symmetric key generation On 3/10/2015 at 4:19 PM, "Maricel Gregoraschko" wrote: >I agree, using key instead of passphrase doesn't enhance security >(assuming an attacker knows that the key was derived from a >passphrase and with what key derivation algorithm? I assume the >randomness/entropy of the key itself is high enough regardless of >the passphrase strength?).?The reason I was asking if it's a >possibility to store the symmetric key to decrypt with later, was >to protect against future changes in the key derivation algorithm, >that would make gpg generate a different key for the same >passphrase, useless to decrypt previously encrypted data.Thank you >for your support. ----- If you don't want to keep your passsphrase, and want only to keep the session key, and you want this to have no weakness because of a questionably strong enough password that was used to generate the key, then there is an easy way to do what you want: [1] Encrypt a test message to any of your own keys. [2] Decrypt this test message, with the option of --show-session-key [3] Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message). [4] Decrypt your symmetrically encrypted file or message, using the option of --show-session-key [5] Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step [1] ). The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password. You can't find a better password (especially even one that you don't have to remember ;-)? ) vedaal -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Mar 11 19:13:47 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 11 Mar 2015 14:13:47 -0400 Subject: AES-NI, symmetric key generation In-Reply-To: <2019083499.3942100.1426096750887.JavaMail.yahoo@mail.yahoo.com> References: <20150310204252.04E94E03D4@smtp.hushmail.com> <2019083499.3942100.1426096750887.JavaMail.yahoo@mail.yahoo.com> Message-ID: <550085DB.9010306@sixdemonbag.org> > Thanks Vedaal, yep that would be one mighty strong password! It's also way overkill. :) "gpg --armor --gen-rand 1 16" will produce a (relatively) short passphrase suitable for pretty much any imaginable usage. 128 shannons of entropy's nothing to sneeze at. From peter at digitalbrains.com Wed Mar 11 20:06:54 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 11 Mar 2015 20:06:54 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> References: <54FF62DB.6000009@heypete.com> <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> Message-ID: <5500924E.4020408@digitalbrains.com> On 11/03/15 18:55, Maricel Gregoraschko wrote: > One more question: Is there any standardization in output formats > between encryption programs and libraries, for example say you > encrypt with AES128 in CBC, with the same key (directly or via > passphrase), and since the output will have to have, in addition to > the actual ciphertext, algorithm indentification on it, possible > pasphrase-to-key, plus mode-specific data such as the iv/nonce, is > there a specification of the format of how these come in? The passphrase-based encryption of GnuPG is entirely specified in RFC 4880, and there is no reason to worry that future versions of GnuPG cannot read a symmetrically encrypted file created now. Also, it is *not* the case that the key used to encrypt the data is the key derived from your password! The key to encrypt the data, the session key, is randomly generated. The passphrase is used to derive a key, and this derived key is used to encrypt the session key, and only the session key! However, I do notice that RFC 4880 allows the use of a password-derived key to encrypt the data[1]. I don't think GnuPG will generate such OpenPGP messages, but it might accept and decrypt them. HTH, Peter. [1] RFC 4880 section 5.3: > If the encrypted session key is not present (which can be detected on > the basis of packet length and S2K specifier size), then the S2K > algorithm applied to the passphrase produces the session key for > decrypting the file, using the symmetric cipher algorithm from the > Symmetric-Key Encrypted Session Key packet. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From pete at heypete.com Wed Mar 11 20:39:58 2015 From: pete at heypete.com (Pete Stephenson) Date: Wed, 11 Mar 2015 20:39:58 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> References: <54FF62DB.6000009@heypete.com> <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55009A0E.9010207@heypete.com> On 3/11/2015 6:55 PM, Maricel Gregoraschko wrote: > Thank you Pete for clearing things up. Makes a lot of sense to store > passphrase-to-key identification data, in addition to actual algorithm > used, in the output message rather than have the decryptor just assume > things. Indeed. The folks who created the OpenPGP standard were quite forward-thinking in regards to such things. > I figured out how to use --show-session-key: in my tests it doesn't show > the key when encrypting, only when decrypting, that's good enough, I'm > ok with doing a test decryption just to show the key. Ah, that was my mistake: I forgot to specify that --show-session-key only works when decrypting a message. Considering the intended purpose of that option (being compelled to turn over a key), I suppose that's a reasonable limitation in when it can be used. > One more question: Is there any standardization in output formats > between encryption programs and libraries, for example say you encrypt > with AES128 in CBC, with the same key (directly or via passphrase), and > since the output will have to have, in addition to the actual > ciphertext, algorithm indentification on it, possible pasphrase-to-key, > plus mode-specific data such as the iv/nonce, is there a specification > of the format of how these come in? You'd have to ask Werner, the head developer, about that. RFC 4880 completely specifies how the algorithms are implemented. In theory, it should be possible to split a message into it's various packets (gpgsplit is designed to do this), then decrypt the symmetrically-encrypted packet using the method specified in the RFC, but I have not attempted to do this. Cheers! -Pete From maricelgregoraschko at yahoo.com Wed Mar 11 20:50:16 2015 From: maricelgregoraschko at yahoo.com (Maricel Gregoraschko) Date: Wed, 11 Mar 2015 19:50:16 +0000 (UTC) Subject: AES-NI, symmetric key generation In-Reply-To: <5500924E.4020408@digitalbrains.com> References: <5500924E.4020408@digitalbrains.com> Message-ID: <1273048816.4094696.1426103416800.JavaMail.yahoo@mail.yahoo.com> Peter,My understanding was that if you don't pass --symmetric, then a session key is generated, with which the clear text is (symmetrically) encrypted and then the session key is encrypted (asymmetrically) with the public key.?Conversely, if you do pass --symmetric, then there is no random-generated "session" key, and gpg simply generates a symmetric key from the passphrase, that it encrypts the clear text with. Are you saying that that is not the case, and there there is a session key, used to encrypt the clear text, and the session key gets encrypted, again, symmetrically with the passphrase-generated key? However my question regarding the standardization format was not necessarily related to the OpenPGP protocol, but rather, at the most basic level of symmetric encryption in general: you have a key, a cleartext, a symmetric block cipher algorithm and a mode of operation . Is the format of the output standardized within this context, of a symmetric block cipher encryption, rather than as part of OpenPGP? Would another software or encryption library be able to decrypt a text symmetrically encrypted with gpg, not taking into account additional layers of asymmetric encryption?Thank you for your help. From: Peter Lebbing To: Maricel Gregoraschko ; Gnupg-users Sent: Wednesday, March 11, 2015 3:06 PM Subject: Re: AES-NI, symmetric key generation On 11/03/15 18:55, Maricel Gregoraschko wrote: > One more question: Is there any standardization in output formats > between encryption programs and libraries, for example say you > encrypt with AES128 in CBC, with the same key (directly or via > passphrase), and since the output will have to have, in addition to > the actual ciphertext, algorithm indentification on it, possible > pasphrase-to-key, plus mode-specific data such as the iv/nonce, is > there a specification of the format of how these come in? The passphrase-based encryption of GnuPG is entirely specified in RFC 4880, and there is no reason to worry that future versions of GnuPG cannot read a symmetrically encrypted file created now. Also, it is *not* the case that the key used to encrypt the data is the key derived from your password! The key to encrypt the data, the session key, is randomly generated. The passphrase is used to derive a key, and this derived key is used to encrypt the session key, and only the session key! However, I do notice that RFC 4880 allows the use of a password-derived key to encrypt the data[1]. I don't think GnuPG will generate such OpenPGP messages, but it might accept and decrypt them. HTH, Peter. [1] RFC 4880 section 5.3: > If the encrypted session key is not present (which can be detected on > the basis of packet length and S2K specifier size), then the S2K > algorithm applied to the passphrase produces the session key for > decrypting the file, using the symmetric cipher algorithm from the > Symmetric-Key Encrypted Session Key packet. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- An HTML attachment was scrubbed... URL: From stebe at mailbox.org Wed Mar 11 23:30:52 2015 From: stebe at mailbox.org (Stephan Beck) Date: Wed, 11 Mar 2015 23:30:52 +0100 Subject: Enigmail speed geeking In-Reply-To: <550076F0.70507@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> Message-ID: <5500C21C.1000607@mailbox.org> Hi Robert, Am 11.03.2015 um 18:10 schrieb Robert J. Hansen: > "Things you're doing wrong with Enigmail" is a short (500-word) essay on > four mistakes I repeatedly see Enigmail users making. However, it's not > limited to Enigmail: most of the content is broadly applicable to any > cryptosystem. > > http://robert-hansen.com/?p=83 I enjoyed reading your blog. In particular, the about page is really worth reading. As to your enigmail essay, point 1, would you go that far that keeping keys on hard disk is unsafe and using a smart card is a must? I joined the list some weeks ago and half of the messages (I'm exaggerating) were/are about smart cards, so I take up this point here, although you might not have implied it. TIA Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From xavier at maillard.im Thu Mar 12 06:27:09 2015 From: xavier at maillard.im (Xavier Maillard) Date: Thu, 12 Mar 2015 06:27:09 +0100 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <55007A04.9010808@dougbarton.email> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> Message-ID: <86mw3ieqfm.fsf@kcals2.maillard.im> Doug Barton writes: > On 3/11/15 3:15 AM, Werner Koch wrote: >> The standard ssh client on Windows seems to be Putty; you may use it >> with the native GnuPG for Windows (i.e. Gpg4win) by using the option >> --enable-putty-support instead of --enable-ssh-support. > > PuTTY also has its own agent support, which works quite well. I'm not > sure why it's necessary to reinvent the wheel here. :) Still, one has to install a new piece of software but, in my case, it can be ok. So, just to be sure I understand: 1. install putty 2. put enable-putty-support into gpg-agent.conf 3. gpg-connect-agent reloadagent /bye 4. enjoy ? Regards -- Xavier. From dougb at dougbarton.email Thu Mar 12 07:20:09 2015 From: dougb at dougbarton.email (Doug Barton) Date: Wed, 11 Mar 2015 23:20:09 -0700 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <86mw3ieqfm.fsf@kcals2.maillard.im> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <86mw3ieqfm.fsf@kcals2.maillard.im> Message-ID: <55013019.8090209@dougbarton.email> On 3/11/15 10:27 PM, Xavier Maillard wrote: > > Doug Barton writes: > >> On 3/11/15 3:15 AM, Werner Koch wrote: >>> The standard ssh client on Windows seems to be Putty; you may use it >>> with the native GnuPG for Windows (i.e. Gpg4win) by using the option >>> --enable-putty-support instead of --enable-ssh-support. >> >> PuTTY also has its own agent support, which works quite well. I'm not >> sure why it's necessary to reinvent the wheel here. :) > > Still, one has to install a new piece of software but, in my case, it > can be ok. > > So, just to be sure I understand: > > 1. install putty 2. Use PuTTY's agent, called Pageant. http://the.earth.li/~sgtatham/putty/0.64/htmldoc/Chapter9.html#pageant It comes in the PuTTY package, so nothing new to install. Starting and running gpg-agent so that you can use it with ssh is very different from the "easy" socket method that is used for simple password entry. If you have an actual reason to try and fit the square peg into the round hole, or if you're the kind of person who likes to do things the hard way for whatever reason, then I wish you the best of luck. Otherwise, there is an easy way to solve your problem on the Windows platform, you should strongly consider it. Good luck, Doug From xavier at maillard.im Thu Mar 12 07:30:42 2015 From: xavier at maillard.im (Xavier Maillard) Date: Thu, 12 Mar 2015 07:30:42 +0100 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <55013019.8090209@dougbarton.email> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <86mw3ieqfm.fsf@kcals2.maillard.im> <55013019.8090209@dougbarton.email> Message-ID: <868uf2enhp.fsf@kcals2.maillard.im> Doug Barton writes: > Otherwise, there is an easy way to solve your problem on the Windows > platform, you should strongly consider it. I fear I do not understand. Did I miss something ? Off course I'd rather go the easy way ! :D Regards -- Xavier. From Deepak.Saxena at safenet-inc.com Thu Mar 12 07:39:32 2015 From: Deepak.Saxena at safenet-inc.com (Saxena, Deepak) Date: Thu, 12 Mar 2015 12:09:32 +0530 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <55013019.8090209@dougbarton.email> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <86mw3ieqfm.fsf@kcals2.maillard.im> <55013019.8090209@dougbarton.email> Message-ID: <33B1BAEAF9B37A439F73D9BF6B32ED420608C8CC@NOI1EXCH03.apac.sfnt.local> Hi, I am curious on how/if gpg4win integrates with Windows credential providers. We at SafeNet have smart cards and middleware for our smartcard, SAC, registers itself as a credential provider any Windows application that leverages MS crypto libraries can integrate with it. Can anyone help me with that? -- Deepak Saxena The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. From dougb at dougbarton.email Thu Mar 12 07:47:50 2015 From: dougb at dougbarton.email (Doug Barton) Date: Wed, 11 Mar 2015 23:47:50 -0700 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <868uf2enhp.fsf@kcals2.maillard.im> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <86mw3ieqfm.fsf@kcals2.maillard.im> <55013019.8090209@dougbarton.email> <868uf2enhp.fsf@kcals2.maillard.im> Message-ID: <55013696.2060506@dougbarton.email> On 3/11/15 11:30 PM, Xavier Maillard wrote: > > Doug Barton writes: > >> Otherwise, there is an easy way to solve your problem on the Windows >> platform, you should strongly consider it. > > I fear I do not understand. Did I miss something ? Off course I'd > rather go the easy way ! :D Try reading my previous post, and the web page that I included the URL for. It will explain it for you. :) Doug From wk at gnupg.org Thu Mar 12 10:56:47 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 12 Mar 2015 10:56:47 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <55009A0E.9010207@heypete.com> (Pete Stephenson's message of "Wed, 11 Mar 2015 20:39:58 +0100") References: <54FF62DB.6000009@heypete.com> <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> <55009A0E.9010207@heypete.com> Message-ID: <87r3suk080.fsf@vigenere.g10code.de> On Wed, 11 Mar 2015 20:39, pete at heypete.com said: >> One more question: Is there any standardization in output formats >> between encryption programs and libraries, for example say you encrypt >> with AES128 in CBC, with the same key (directly or via passphrase), and >> since the output will have to have, in addition to the actual >> ciphertext, algorithm indentification on it, possible pasphrase-to-key, >> plus mode-specific data such as the iv/nonce, is there a specification >> of the format of how these come in? > > You'd have to ask Werner, the head developer, about that. Sorry, I do not understand the question. The format is defined by the OpenPGP standard or the CMS standard (aka S/MIME). There are also some other less common formats. Or is the question how applications present this to the user or whether a standard API is defined? That is not defined by one of these protocols. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Mar 12 10:59:49 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 12 Mar 2015 10:59:49 +0100 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <55007A04.9010808@dougbarton.email> (Doug Barton's message of "Wed, 11 Mar 2015 10:23:16 -0700") References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> Message-ID: <87mw3ik02y.fsf@vigenere.g10code.de> On Wed, 11 Mar 2015 18:23, dougb at dougbarton.email said: > PuTTY also has its own agent support, which works quite well. I'm not > sure why it's necessary to reinvent the wheel here. :) Because that integrates seemless with GnuPG. For example you can use your OpenPGP card (or other supoorted smartcards) for ssh. No need for the ssh-add kludge. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From pete at heypete.com Thu Mar 12 11:08:50 2015 From: pete at heypete.com (Pete Stephenson) Date: Thu, 12 Mar 2015 11:08:50 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: <87r3suk080.fsf@vigenere.g10code.de> References: <54FF62DB.6000009@heypete.com> <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> <55009A0E.9010207@heypete.com> <87r3suk080.fsf@vigenere.g10code.de> Message-ID: On Thu, Mar 12, 2015 at 10:56 AM, Werner Koch wrote: > On Wed, 11 Mar 2015 20:39, pete at heypete.com said: > >>> One more question: Is there any standardization in output formats >>> between encryption programs and libraries, for example say you encrypt >>> with AES128 in CBC, with the same key (directly or via passphrase), and >>> since the output will have to have, in addition to the actual >>> ciphertext, algorithm indentification on it, possible pasphrase-to-key, >>> plus mode-specific data such as the iv/nonce, is there a specification >>> of the format of how these come in? >> >> You'd have to ask Werner, the head developer, about that. > > Sorry, I do not understand the question. The format is defined by the > OpenPGP standard or the CMS standard (aka S/MIME). There are also some > other less common formats. > > Or is the question how applications present this to the user or whether > a standard API is defined? That is not defined by one of these > protocols. I (perhaps incorrectly) interpreted the question as "If GnuPG makes backwards-incompatible changes in the future, would it be possible for one who knows the encryption algorithm used, key, etc. of a message to decrypt that message with other, non-GnuPG tools?" For example, if one knows that CAST5-CFB, ZIP, and salted-and-iterated S2K was used (as well as the value of the salt and number of iterations), might one be able to decrypt the message using OpenSSL and other common utilities? I suspect yes, as the encryption and compression methods are standards, but doing so would probably be non-trivial. I could be wrong with both the interpretation of the question and the answer, though. Cheers! -Pete -- Pete Stephenson From wk at gnupg.org Thu Mar 12 13:36:01 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 12 Mar 2015 13:36:01 +0100 Subject: AES-NI, symmetric key generation In-Reply-To: (Pete Stephenson's message of "Thu, 12 Mar 2015 11:08:50 +0100") References: <54FF62DB.6000009@heypete.com> <575607817.3958641.1426096520303.JavaMail.yahoo@mail.yahoo.com> <55009A0E.9010207@heypete.com> <87r3suk080.fsf@vigenere.g10code.de> Message-ID: <87385aiea6.fsf@vigenere.g10code.de> On Thu, 12 Mar 2015 11:08, pete at heypete.com said: > I (perhaps incorrectly) interpreted the question as "If GnuPG makes > backwards-incompatible changes in the future, would it be possible for > one who knows the encryption algorithm used, key, etc. of a message to > decrypt that message with other, non-GnuPG tools?" Sure. As long as the tool understand the OpenPGP protocol. > For example, if one knows that CAST5-CFB, ZIP, and salted-and-iterated > S2K was used (as well as the value of the salt and number of > iterations), might one be able to decrypt the message using OpenSSL > and other common utilities? I suspect yes, as the encryption and Yes. Many years ago there used to be a toolset with reference implementation based on OpenSSL. IIRC, it was also available as a printed book. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Thu Mar 12 16:51:15 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 11:51:15 -0400 Subject: Enigmail speed geeking In-Reply-To: <5500C21C.1000607@mailbox.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> Message-ID: <5501B5F3.5030503@sixdemonbag.org> > As to your enigmail essay, point 1, would you go that far that > keeping keys on hard disk is unsafe and using a smart card is a > must? For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill. Frankly, they have awful usability, just terrible. When I receive an email message encrypted to my smart card key, finding the smart card is easy -- it's in my wallet -- but finding the smart card *reader* is the sort of thing that leads me to crazed conspiracy theories. Is the reader attached to my laptop? Did I leave it at the office? Did I kick it under the sofa? Did the space aliens from Zarbnulax take it? The upshot of it is that whenever I want to decrypt messages sent to my smart card, in the best case scenario (I remember where the reader is and it's within a few meters of my desk) it takes me 30-45 seconds to read the message. In the worst-case scenario, I'm in Valencia, Spain, and my reader is in Washington, D.C., and there's no way I'm reading this traffic until I get home. (And in case you're wondering, yes, that really happened to me.) If email crypto makes it hard to read email, few people will adopt the technology. We want technologies that make our lives easier, not harder. Smart cards, although a really good idea in certain environments, make crypto harder in a lot of environments. I'm not sure the (marginal) additional security from using a smart card is worth the (very real) usability expense. Is it unsafe to keep your keys on your hard disk? Dunno. Depends a lot on your situation. Is using a smart card a must? Dunno. Depends a lot on your situation. Hope this helps. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From andreas.schwier.ml at cardcontact.de Thu Mar 12 17:13:52 2015 From: andreas.schwier.ml at cardcontact.de (Andreas Schwier) Date: Thu, 12 Mar 2015 17:13:52 +0100 Subject: Enigmail speed geeking In-Reply-To: <5501B5F3.5030503@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> Message-ID: <5501BB40.9060604@cardcontact.de> On 03/12/2015 04:51 PM, Robert J. Hansen wrote: > For many users, smart cards are a good idea. (I've got one myself.) > But for just as many users, smart cards are inconvenient and overkill. > Frankly, they have awful usability, just terrible. When I receive an > email message encrypted to my smart card key, finding the smart card is > easy -- it's in my wallet -- but finding the smart card *reader* is the > sort of thing that leads me to crazed conspiracy theories. Is the > reader attached to my laptop? Did I leave it at the office? Did I kick > it under the sofa? Did the space aliens from Zarbnulax take it? There are USB-Sticks with an embedded smart card controller that take away the burden to find a working card reader (which _is_ a real pain). The one we use has a standard CCID interface that works without driver installation on the majority of operating systems. -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Sch?lerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com From rjh at sixdemonbag.org Thu Mar 12 17:25:27 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 12:25:27 -0400 Subject: Enigmail speed geeking In-Reply-To: <5501BB40.9060604@cardcontact.de> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> Message-ID: <5501BDF7.8020904@sixdemonbag.org> > There are USB-Sticks with an embedded smart card controller that > take away the burden to find a working card reader (which _is_ a real > pain). The one we use has a standard CCID interface that works > without driver installation on the majority of operating systems. Yeah -- back in 2000 I used a Rainbow iKey, which was one of the first USB tokens. Then I discovered the downside of USB tokens: they don't take well to going through the wash. (You know how when you pull clothes out of the dryer they've got all kinds of static electricity on them? USB tokens don't take kindly to that.) I dunno, maybe today we've got USB tokens that can survive the wash. Wouldn't surprise me. Unfortunately, I don't have the money to make a good empirical test. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Thu Mar 12 17:52:46 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Thu, 12 Mar 2015 18:52:46 +0200 Subject: Enigmail speed geeking In-Reply-To: <5501BDF7.8020904@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> <5501BDF7.8020904@sixdemonbag.org> Message-ID: <5501C45E.4030704@asatiifm.net> > But for just as many users, smart cards are inconvenient and overkill. > Frankly, they have awful usability, just terrible. ? > finding the smart card is > easy -- it's in my wallet -- but finding the smart card *reader* is the > sort of thing that leads me to crazed conspiracy theories. That's quite a personal issue to count as a failing of smart cards. That whole rant about the reader being MIA is, /for me personally/, a complete non-issue. I keep it attached to the smart card. > I'm not sure > the (marginal) additional security from using a smart card is worth the > (very real) usability expense. Oh, you mean like being able to use a more humane PIN / passphrase? On 12.03.15 18:25, Robert J. Hansen wrote: > Then I discovered the downside of USB tokens: they don't > take well to going through the wash. Are you serious? I wouldn't know but I'm guessing the computer you use to decrypt those messages won't take too well to water either. Sure you need a reader and sure, you shouldn't throw the reader into water but come on. You go out of your way to make them sound like something completely unusable. I think they add security and depending on the user and use case they either add inconvenience minutely or the complete opposite, they add usability. -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Mar 12 18:21:56 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 13:21:56 -0400 Subject: Enigmail speed geeking In-Reply-To: <5501C45E.4030704@asatiifm.net> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> <5501BDF7.8020904@sixdemonbag.org> <5501C45E.4030704@asatiifm.net> Message-ID: <5501CB34.6000000@sixdemonbag.org> > That's quite a personal issue to count as a failing of smart cards. Sure! And I even said that. "For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill." Your use case isn't my use case. That said, I've heard from enough people over the years sharing the "I can never find a reader when I need one" problem for me to think I'm not alone. >> I'm not sure the (marginal) additional security from using a smart >> card is worth the (very real) usability expense. > > Oh, you mean like being able to use a more humane PIN / passphrase? Depends on the user. I personally have three different 128-bit passphrases memorized (sixteen random bytes base-64 encoded). Other people have trouble remembering their four-digit ATM PIN code. Will I get additional security from using a smart card? Depends on my specific usage and my goals, but in most of my cases, no. Enough to justify the usability expense? Again: it depends on my specific usage and my goals, but in most of my cases, no. But that doesn't mean I don't use my smart card. I do. I just use it in use cases where it makes sense to do it. >> Then I discovered the downside of USB tokens: they don't take well >> to going through the wash. > > Are you serious? I wouldn't know but I'm guessing the computer you > use to decrypt those messages won't take too well to water either. Probably not, but in my defense, Apple didn't put a hole in my laptop and give me a glossy brochure showing a MacBook Pro hanging off my keychain, either. Rainbow Technologies did, and what happened to the token after that was predictable. It went where my car keys did. Namely, the wash. > Sure you need a reader and sure, you shouldn't throw the reader into > water but come on. You go out of your way to make them sound like > something completely unusable. Not "completely unusable". In the best case, a smart card adds 30-45 seconds to my operation time. That's a price I'm willing to pay for certain operations. For others, it's not. If you think I'm portraying them as "completely unusable," then I think you didn't bother to read my message very closely. Their usability and appropriateness is *intensely* dependent on the user and the operating environment. For some users they make a lot of sense. For others, they don't. > I think they add security and depending on the user and use case > they either add inconvenience minutely or the complete opposite, they > add usability. The number of environments, number of users, and number of use cases, is way too vast to be able to make a glib statement like this. You're just wrong. :) The answer is, "it depends." -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3744 bytes Desc: S/MIME Cryptographic Signature URL: From stebe at mailbox.org Thu Mar 12 18:55:08 2015 From: stebe at mailbox.org (Stephan Beck) Date: Thu, 12 Mar 2015 18:55:08 +0100 Subject: Enigmail speed geeking In-Reply-To: <5501B5F3.5030503@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> Message-ID: <5501D2FC.4090008@mailbox.org> Am 12.03.2015 um 16:51 schrieb Robert J. Hansen: >> As to your enigmail essay, point 1, would you go that far that >> keeping keys on hard disk is unsafe and using a smart card is a >> must? > > If email crypto makes it hard to read email, few people will adopt the > technology. We want technologies that make our lives easier, not > harder. Smart cards, although a really good idea in certain > environments, make crypto harder in a lot of environments. I'm not sure > the (marginal) additional security from using a smart card is worth the > (very real) usability expense. > > Is it unsafe to keep your keys on your hard disk? Dunno. Depends a lot > on your situation. > > Is using a smart card a must? Dunno. Depends a lot on your situation. > > Hope this helps. :) Yes, thanks a lot. From your answer I deduce that a single-user, non-professional environment may not require use of a smart card, or may not require it with the necessity it may have in high-security environments. As Andreas pointed out in his message, there are the USB sticks as, for instance, the Yubico Key that my email provider offers or has been offering for a while. I was actually thinking about moving in that direction. As to the "email crypto (devices/technology/software) have to be easy to use" and "it makes crypto harder" arguments, that's certainly true for extending (mass) usage. But on an individual level, I guess it also depends on how much you love (playing with) software and related devices and are already used to it. The cries for simplifying GnuPG, for instance, that have been resounding throughout this list lately may be reasonable up to some point, but, in my case, I like it (and the WoT as a central concept behind it) too much to ever change (to another mail/file encryption software). And for me there is a bunch of commands/options yet to be discovered! Stephan > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Thu Mar 12 19:43:46 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Thu, 12 Mar 2015 20:43:46 +0200 Subject: Enigmail speed geeking In-Reply-To: <5501CB34.6000000@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> <5501BDF7.8020904@sixdemonbag.org> <5501C45E.4030704@asatiifm.net> <5501CB34.6000000@sixdemonbag.org> Message-ID: <5501DE62.4080509@asatiifm.net> On 12.03.15 19:21, Robert J. Hansen wrote: > If you think I'm portraying them as "completely unusable," then I think > you didn't bother to read my message very closely. I read both of your messages quite closely. Had you merely pointed out the downsides of having to carry a card, a reader etc. I would probably have just agreed with you and likely just read and said nothing. My point was that you wrote multiple paragraphs worth of stories on two emails from which I really got the impression that people should just not bother. On 12.03.15 19:55, Stephan Beck wrote: >> Yes, thanks a lot. From your answer I deduce that a single-user, >> non-professional environment may not require use of a smart card, >> or may not require it with the necessity it may have in high-security >> environments. It would appear so did Stephan. >> I think they add security and depending on the user and use case >> they either add inconvenience minutely or the complete opposite, they >> add usability. > > The number of environments, number of users, and number of use cases, is > way too vast to be able to make a glib statement like this. You're just > wrong. > > The answer is, "it depends." > Isn't "it depends" exactly what I said :)? I think you went a bit overboard with the stories and wanted to point that out, that's all. Smart cards are not some scary thing only "necessary" in "high-security environments". Whatever that might mean. -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From jose.castillo at gmail.com Thu Mar 12 19:36:53 2015 From: jose.castillo at gmail.com (Joey Castillo) Date: Thu, 12 Mar 2015 14:36:53 -0400 Subject: Whishlist for next-gen card Message-ID: > > On 20/02/15 09:32, NdK wrote: > > 1 - support for more keys (expired ENC keys, multiple signature keys) > At the very least, adding expired ENC keys to the card spec is a really great suggestion. I'm trying to pitch people on using smart cards to secure their email, and one common question I get is "What happens if I lose my card?" Telling them they have to generate a new key is a bitter pill if it means they can't decrypt their old emails. This feature is not without precedent; the NIST standard for CAC/PIV cards includes fields for 20 retired "key management" keys, which are used to decrypt old messages. [1] I think this one feature would go a long way to making smart cards a more accessible solution for everyday use. [1]: http://csrc.nist.gov/publications/nistpubs/800-73-3/sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf in item 2.4.7, "Key History Object". -- Joey Castillo www.joeycastillo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Mar 12 19:52:36 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 14:52:36 -0400 Subject: Enigmail speed geeking In-Reply-To: <5501DE62.4080509@asatiifm.net> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> <5501BDF7.8020904@sixdemonbag.org> <5501C45E.4030704@asatiifm.net> <5501CB34.6000000@sixdemonbag.org> <5501DE62.4080509@asatiifm.net> Message-ID: <5501E074.5080609@sixdemonbag.org> > My point was that you wrote multiple paragraphs worth of stories on > two emails from which I really got the impression that people should > just not bother. In response to someone who was thinking that storing keys on your hard drive was categorically unsafe, and that smart cards were categorically necessary, yes. If you want to illustrate that smart cards are not categorically necessary, you don't highlight instances where they're useful and/or necessary: you highlight instances where they're not. Had the original poster said, "Is it correct to say there's no real use case for smart cards?", I would have talked about situations where they're a real benefit. >>> I think they add security and depending on the user and use case >>> they either add inconvenience minutely or the complete opposite, >>> they add usability. >> >> The number of environments, number of users, and number of use >> cases, is way too vast to be able to make a glib statement like >> this. You're just wrong. >> >> The answer is, "it depends." > > Isn't "it depends" exactly what I said :)? No. You said they add security, period, and that they either inconvenience minutely or add convenience. That's not an "it depends" answer. That's a "this is true in all times and situations" answer, and that's exactly wrong. They do *not* add security in all times and situations, and they do *not* only ever cause minute inconvenience. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Mar 12 20:04:26 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 15:04:26 -0400 Subject: Enigmail speed geeking In-Reply-To: <5501D2FC.4090008@mailbox.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501D2FC.4090008@mailbox.org> Message-ID: <5501E33A.9090804@sixdemonbag.org> > Yes, thanks a lot. From your answer I deduce that a single-user, > non-professional environment may not require use of a smart card, or > may not require it with the necessity it may have in high-security > environments. Yep! And just as importantly: it may require it. It depends on your threat model and what you need to defend against. Ultimately, it's a judgment call. > But on an individual level, I guess it also depends on how much you > love (playing with) software and related devices and are already > used to it. This, too! If you want to play around with them and have fun, don't let me stop you. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Thu Mar 12 20:04:36 2015 From: dougb at dougbarton.email (Doug Barton) Date: Thu, 12 Mar 2015 12:04:36 -0700 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <87mw3ik02y.fsf@vigenere.g10code.de> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <87mw3ik02y.fsf@vigenere.g10code.de> Message-ID: <5501E344.4060105@dougbarton.email> On 3/12/15 2:59 AM, Werner Koch wrote: > On Wed, 11 Mar 2015 18:23, dougb at dougbarton.email said: > >> PuTTY also has its own agent support, which works quite well. I'm not >> sure why it's necessary to reinvent the wheel here. :) > > Because that integrates seemless with GnuPG. For example you can use > your OpenPGP card (or other supoorted smartcards) for ssh. No need for > the ssh-add kludge. And that would be a good reason, sure. But I don't get the impression that the OP has one of those. :) Doug From dougb at dougbarton.email Thu Mar 12 20:17:57 2015 From: dougb at dougbarton.email (Doug Barton) Date: Thu, 12 Mar 2015 12:17:57 -0700 Subject: Enigmail speed geeking In-Reply-To: <5501B5F3.5030503@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> Message-ID: <5501E665.1000801@dougbarton.email> On 3/12/15 8:51 AM, Robert J. Hansen wrote: > For many users, smart cards are a good idea. (I've got one myself.) > But for just as many users, smart cards are inconvenient and overkill. I would go so far as to say for the vast majority of users they are totally unnecessary. It's cool to play with smart cards, and I'm all in favor of that sort of thing ... but for the overwhelming number of PGP users the threat model just isn't there. Further, the inconvenience of having to deal with generating and socializing a new key if your smart card gets lost, becomes inoperable, etc. is way too high a cost for near-zero benefit. FWIW, Doug From rjh at sixdemonbag.org Thu Mar 12 20:44:31 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Mar 2015 15:44:31 -0400 Subject: Enigmail speed geeking In-Reply-To: <5501E665.1000801@dougbarton.email> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> Message-ID: <5501EC9F.9080906@sixdemonbag.org> > I would go so far as to say for the vast majority of users they are > totally unnecessary. It's cool to play with smart cards, and I'm all > in favor of that sort of thing ... but for the overwhelming number of > PGP users the threat model just isn't there. I dunno. I think there are some good arguments for regular users employing them; I just don't think those arguments are all that compelling. For instance, I have my smartcard cross-signed with my usual certificate (0xD6B98E10). If you trust 0xD6B98E10, you'll probably also trust my smartcard certificate -- and vice-versa. Now let's say that in a couple of years 0xD6B98E10 gets compromised. I revoke the certificate, propagate the revocation, and generate a new cert (0xBADD00D5). I sign 0xBADD00D5 with the smartcard cert and put it up on the servers. Etc. People can see 0xBADD00D5 is signed by my smartcard and can have confidence this is my new certificate. This is basically the idea of the "offline master signing key" that a lot of people talk about, but a lot more convenient due to the smartcard form-factor. I don't have to worry about air-gapping the signing system, I just have to worry about finding the card reader when it comes time to generate a new cert. > Further, the inconvenience of having to deal with generating and > socializing a new key if your smart card gets lost, becomes > inoperable, etc. is way too high a cost for near-zero benefit. Yep. Don't lose 'em. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Thu Mar 12 20:49:08 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Thu, 12 Mar 2015 21:49:08 +0200 Subject: Enigmail speed geeking In-Reply-To: <5501E074.5080609@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501BB40.9060604@cardcontact.de> <5501BDF7.8020904@sixdemonbag.org> <5501C45E.4030704@asatiifm.net> <5501CB34.6000000@sixdemonbag.org> <5501DE62.4080509@asatiifm.net> <5501E074.5080609@sixdemonbag.org> Message-ID: <5501EDB4.4030604@asatiifm.net> On 12.03.15 20:52, Robert J. Hansen wrote: >> My point was that you wrote multiple paragraphs worth of stories on >> > two emails from which I really got the impression that people should >> > just not bother. > In response to someone who was thinking that storing keys on your hard > drive was categorically unsafe, and that smart cards were categorically > necessary, yes. Absolutely. I agree. I think the difference of opinion here stems from how I read the reply you sent. After the first couple sentences it's not much about answering the question anymore :). The questions was: Are smart cards a must? No they are not. >>> The answer is, "it depends." >> >> Isn't "it depends" exactly what I said ? > > No. You said they add security, period, and that they either > inconvenience minutely or add convenience. All things being equal, they do practically add security, period :). Well, you're quite right that it's impossible to say that they would add security in all situations. Maybe they could also weaken it in some. But you can use the same passphrase with or without the card. You can have your subkeys on the card or on the computer. Maybe you can fill in the rest. I.e. all things being equal: The card can and on defaults probably will limit the amount of passphrase attempts. And then it locks. Is it absolutely secure against hacking? No. But it should be quite difficult to hack. And an important point if to only have subkeys in there that you can revoke. > That's not an "it depends" > answer. That's a "this is true in all times and situations" answer, and > that's exactly wrong. I said "depending on the user and use case". It is an it depends answer. > They do *not* add security in all times and > situations I'm not making such a claim. The world is not black and white. Yes or no only. I'm not talking about some theoretical, mathematically proven statement that smart cards are more secure in every possible way. They are not. >, and they do *not* only ever cause minute inconvenience. I don't know how you count the 30-45 second number from before but for me it adds 1-10 seconds, maybe. Hard to estimate but it doesn't really add any inconvenience to my use. And obviously, that's quite subjective. I'm not even trying to make a point that they would be more secure all the time. But, practically, they can be a cheap and convenient way to add security. Everyone has to evaluate their use case though. Here's an example. Is it better to store secret keys on each computer or a smart card? I use multiple different computers and think that it's more secure to have the keys on my smart card. So, more security by not having to distribute the secret keys to all those computers. I'd say that's convenient security as the secret keys come with me to whichever computer I happen to be using. -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From brian at minton.name Thu Mar 12 21:13:40 2015 From: brian at minton.name (Brian Minton) Date: Thu, 12 Mar 2015 16:13:40 -0400 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <5501E344.4060105@dougbarton.email> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <87mw3ik02y.fsf@vigenere.g10code.de> <5501E344.4060105@dougbarton.email> Message-ID: Another option that I often use is https://github.com/wesleyd/charade, which opens a unix domain socket on cygwin, connected to Pageant, so cygwin programs and windows programs that use PuTTY can share the same authentication. Another similar program is http://github.com/cuviper/ssh-pageant On Thu, Mar 12, 2015 at 3:04 PM, Doug Barton wrote: > On 3/12/15 2:59 AM, Werner Koch wrote: >> >> On Wed, 11 Mar 2015 18:23, dougb at dougbarton.email said: >> >>> PuTTY also has its own agent support, which works quite well. I'm not >>> sure why it's necessary to reinvent the wheel here. :) >> >> >> Because that integrates seemless with GnuPG. For example you can use >> your OpenPGP card (or other supoorted smartcards) for ssh. No need for >> the ssh-add kludge. > > > And that would be a good reason, sure. But I don't get the impression that > the OP has one of those. :) > > Doug > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From stebe at mailbox.org Fri Mar 13 00:00:16 2015 From: stebe at mailbox.org (Stephan Beck) Date: Fri, 13 Mar 2015 00:00:16 +0100 Subject: Question concerning OpenLDAP PGP Keyserver setup guide (wiki.gnupg.org) Message-ID: <55021A80.40203@mailbox.org> Hi, reproducing the OpenLDAP PGP keyserver setup guide on http://wiki.gnupg.org, published by Neal, I get the following error message: ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}hdb,cn=config" I am reproducing the guide on debian stable (main sources only), which uses "hdb" (not "mdb") database format, OpenLDAP3, being the server package slapd. To see the error message in its context: $ sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" | grep olcDatabase: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 olcDatabase: {-1}frontend olcDatabase: {0}config olcDatabase: {1}hdb $ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/keyserver-acls.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}hdb,cn=config" contents of keyserver-acls.ldif are as follows: # userPassword may be written only by users themselves dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcAccess # Allow access via localhost to add or modify keys. # Allow authenticated PGP Users to update keys. # Allow anyone else to read the keys. olcAccess: {2} to dn.subtree="ou=PGP Keys,dc=FOO,dc=EXAMPLE,dc=ORG" by peername.ip=127.0.0.1 write by peername.ip=:: write by dn.regex="^uid=([^,]+),ou=PGP Users,dc=FOO,dc=EXAMPLE,dc=ORG" write by * read # Allow any connection to localhost to update the PGP keys # (including removing them!) This is only needed if the anonymous # updates from localhost are desired. dn: cn=config add: olcAllows olcAllows: update_anon -------------------------------------------------------------------------- It seems that the error message indicates that line 5 by peername.ip=127.0.0.1 write has a a wrong attribute type. I checked the LDAP for Rocket scientists guide on zytrax.com (1) and (3) for hours, and also some documentation about the peername.ip attribute, but I cannot figure out what's wrong. I found that there are 2 ways of using the peername.[ip] attribute. If you use it with ipv4 you do not have to put peername.ipv4, but just peername.ip, being the value (127.0.0.1) that which defines the format (ipv4). With ipv6 you would have to specify it, i.e. peername.ipv6=[ipv6] The other way is using "peername.[type]" but that's not the case here. Is there anyone who can lend me a hand? TIA Stephan Note: On slapd debconf install I used FOO.EXAMPLE.ORG, so whenever the wiki guide uses dc=EXAMPLE,dc=ORG I use dc=FOO,dc=EXAMPLE,dc=ORG (1) http://www.zytrax.com/books/ldap/ch6 (2) http://www.zytrax.com/books/ldap/ch3 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From hugo at barrera.io Fri Mar 13 00:21:58 2015 From: hugo at barrera.io (Hugo Osvaldo Barrera) Date: Thu, 12 Mar 2015 20:21:58 -0300 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <87zj7jlc9t.fsf@vigenere.g10code.de> References: <87zj7jlc9t.fsf@vigenere.g10code.de> Message-ID: <20150312232158.GB18878@athena.barrera.io> On 2015-03-11 17:38, Werner Koch wrote: > On Wed, 11 Mar 2015 15:12, brian at minton.name said: > > > git.gnupg.org) don't use that certificate. Have you considered a wildcard > > certificate? I know this has been discussed before, e.g. at > > Too expensive ;-). To stop all these complaints I will add a so called > real certificate but first I need to move the tracker to another > machine. > > > Shalom-Salam, > > Werner No need for a wildcard one. Just get one free certificate for each subdomain from StartSSL. Cheers, -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From pete at heypete.com Fri Mar 13 00:32:00 2015 From: pete at heypete.com (Pete Stephenson) Date: Fri, 13 Mar 2015 00:32:00 +0100 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150312232158.GB18878@athena.barrera.io> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> Message-ID: On Fri, Mar 13, 2015 at 12:21 AM, Hugo Osvaldo Barrera wrote: > On 2015-03-11 17:38, Werner Koch wrote: >> On Wed, 11 Mar 2015 15:12, brian at minton.name said: >> >> > git.gnupg.org) don't use that certificate. Have you considered a wildcard >> > certificate? I know this has been discussed before, e.g. at >> >> Too expensive ;-). To stop all these complaints I will add a so called >> real certificate but first I need to move the tracker to another >> machine. >> >> >> Shalom-Salam, >> >> Werner > > No need for a wildcard one. Just get one free certificate for each subdomain > from StartSSL. StartSSL's a great choice, as one can issue as many certificates as one wishes for validated domain names. Alternatively, several CAs[1][2] offer free certificates to open-source projects. Resellers[3][4] also offer quite reasonably-priced ($9 USD/year) certs as a standard price. Cheers! -Pete Full disclosure: I'm a paying customer of StartSSL, Gandi, and NameCheap, and have several certificates from each for different purposes. Other than being a customer, I have no other interest in those organizations. [1] https://www.godaddy.com/ssl/ssl-open-source.aspx [2] https://www.globalsign.com/en/ssl/ssl-open-source/ [3] https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx [4] https://www.gandi.net/ssl/standard -- Pete Stephenson From mick.crane at gmail.com Fri Mar 13 00:47:28 2015 From: mick.crane at gmail.com (Mick Crane) Date: Thu, 12 Mar 2015 23:47:28 +0000 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150312232158.GB18878@athena.barrera.io> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> Message-ID: >> On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera wrote: >> >> On 2015-03-11 17:38, Werner Koch wrote: >> On Wed, 11 Mar 2015 15:12, brian at minton.name said: >> >>> git.gnupg.org) don't use that certificate. Have you considered a wildcard >>> certificate? I know this has been discussed before, e.g. at >> >> Too expensive ;-). To stop all these complaints I will add a so called >> real certificate but first I need to move the tracker to another >> machine. >> >> >> Shalom-Salam, >> >> Werner > > No need for a wildcard one. Just get one free certificate for each subdomain > from StartSSL. I think Werner can make his own authority and certificate ? That sort of information stuff used to much more readily accessible on the net, like how to run your own DNS. For forgetful people is difficult to track things down now with so much available. -------------- next part -------------- An HTML attachment was scrubbed... URL: From avi.wiki at gmail.com Fri Mar 13 03:27:05 2015 From: avi.wiki at gmail.com (Avi) Date: Thu, 12 Mar 2015 22:27:05 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> Message-ID: I have no opinion one way or the other re: StartSSL, but there are those who do: < https://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_startcom_startssl_like_the_plague_ > < https://www.techdirt.com/articles/20140409/11442426859/shameful-security-startcom-charges-people-to-revoke-ssl-certs-vulnerable-to-heartbleed.shtml > etc. Avi ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane wrote: > > > On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera wrote: > > > On 2015-03-11 17:38, Werner Koch wrote: > > On Wed, 11 Mar 2015 15:12, brian at minton.name said: > > > git.gnupg.org) don't use that certificate. Have you considered a wildcard > > certificate? I know this has been discussed before, e.g. at > > > Too expensive ;-). To stop all these complaints I will add a so called > > real certificate but first I need to move the tracker to another > > machine. > > > > Shalom-Salam, > > > Werner > > > No need for a wildcard one. Just get one free certificate for each > subdomain > > from StartSSL. > > > I think Werner can make his own authority and certificate ? > That sort of information stuff used to much more readily accessible on the > net, like how to run your own DNS. > For forgetful people is difficult to track things down now with so much > available. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dougb at dougbarton.email Fri Mar 13 04:57:45 2015 From: dougb at dougbarton.email (Doug Barton) Date: Thu, 12 Mar 2015 20:57:45 -0700 Subject: bugs.gnupg.org TLS certificate In-Reply-To: References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> Message-ID: <55026039.9060205@dougbarton.email> It's quite disingenuous to say you don't have an opinion, when obviously you do. This topic was debated at length on this list when Heartbleed happened. There are two camps: 1. Those who think that if you offer any kind of free service, you have to offer all related services for free as well. "I want it, so you must give it to me." 2. Those who think that companies like StartSSL who are offering tremendous value to the community for free have the right to recoup some of their operational expenses for requests that go outside the norm, and/or cannot be handled with an automated system. If you are in the first camp, you have every right to your belief, but that belief does not match up with the real world. If you are in the second camp, pull up a chair, I've got a cooler full of $BEVERAGE that I'll be happy to share. :) Doug On 3/12/15 7:27 PM, Avi wrote: > I have no opinion one way or the other re: StartSSL, but there are those > who do: > > > > > > etc. > > Avi > > > ---- > User:Avraham > > pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) > > > Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 > F80E 29F9 > > On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane > wrote: > > > >>> On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera >> > wrote: >>> >>> On 2015-03-11 17:38, Werner Koch wrote: >>> On Wed, 11 Mar 2015 15:12, brian at minton.name >>> said: >>> >>>> git.gnupg.org ) don't use that >>>> certificate. Have you considered a wildcard >>>> certificate? I know this has been discussed before, e.g. at >>> >>> Too expensive ;-). To stop all these complaints I will add a so >>> called >>> real certificate but first I need to move the tracker to another >>> machine. >>> >>> >>> Shalom-Salam, >>> >>> Werner >> >> No need for a wildcard one. Just get one free certificate for each >> subdomain >> from StartSSL. From avi.wiki at gmail.com Fri Mar 13 05:24:33 2015 From: avi.wiki at gmail.com (Avi) Date: Fri, 13 Mar 2015 00:24:33 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <55026039.9060205@dougbarton.email> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <55026039.9060205@dougbarton.email> Message-ID: No, Doug, I really don't have an opinion. To do so, I would have had to given some thought to the relative merits of both sides and crystallized an opinion. Since SSL certificates do not directly apply to me at this moment, I have not given it the attention it deserves, and so I cannot in good faith have a reasoned opinion; so I don't--out of ignorance if you wish. My point in posting those links was that I remembered seeing this in the past, and thought it fair to bring to Werner's attention that there was some controversy, so that he can, if he wishes, research both sides and come to his own measured opinion. Avi Avi ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 On Thu, Mar 12, 2015 at 11:57 PM, Doug Barton wrote: > It's quite disingenuous to say you don't have an opinion, when obviously > you do. > > This topic was debated at length on this list when Heartbleed happened. > There are two camps: > > 1. Those who think that if you offer any kind of free service, you have to > offer all related services for free as well. "I want it, so you must give > it to me." > > 2. Those who think that companies like StartSSL who are offering > tremendous value to the community for free have the right to recoup some of > their operational expenses for requests that go outside the norm, and/or > cannot be handled with an automated system. > > If you are in the first camp, you have every right to your belief, but > that belief does not match up with the real world. > > If you are in the second camp, pull up a chair, I've got a cooler full of > $BEVERAGE that I'll be happy to share. :) > > Doug > > > On 3/12/15 7:27 PM, Avi wrote: > >> I have no opinion one way or the other re: StartSSL, but there are those >> who do: >> >> > avoid_startcom_startssl_like_the_plague_> >> >> > shameful-security-startcom-charges-people-to-revoke-ssl- >> certs-vulnerable-to-heartbleed.shtml> >> >> etc. >> >> Avi >> >> >> ---- >> User:Avraham >> >> pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) >> > >> Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 >> F80E 29F9 >> >> On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane > > wrote: >> >> >> >> On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera >>> > wrote: >>>> >>>> On 2015-03-11 17:38, Werner Koch wrote: >>>> On Wed, 11 Mar 2015 15:12, brian at minton.name >>>> said: >>>> >>>> git.gnupg.org ) don't use that >>>>> certificate. Have you considered a wildcard >>>>> certificate? I know this has been discussed before, e.g. at >>>>> >>>> >>>> Too expensive ;-). To stop all these complaints I will add a so >>>> called >>>> real certificate but first I need to move the tracker to another >>>> machine. >>>> >>>> >>>> Shalom-Salam, >>>> >>>> Werner >>>> >>> >>> No need for a wildcard one. Just get one free certificate for each >>> subdomain >>> from StartSSL. >>> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xavier at maillard.im Fri Mar 13 06:39:38 2015 From: xavier at maillard.im (Xavier Maillard) Date: Fri, 13 Mar 2015 06:39:38 +0100 Subject: [cygwin] gpg-agent with ssh support ? In-Reply-To: <5501E344.4060105@dougbarton.email> References: <86mw3koy54.fsf@kcals2.maillard.im> <87egovon4x.fsf@vigenere.g10code.de> <55007A04.9010808@dougbarton.email> <87mw3ik02y.fsf@vigenere.g10code.de> <5501E344.4060105@dougbarton.email> Message-ID: <86twxpmp5x.fsf@kcals2.maillard.im> Doug Barton writes: > On 3/12/15 2:59 AM, Werner Koch wrote: >> On Wed, 11 Mar 2015 18:23, dougb at dougbarton.email said: >> >>> PuTTY also has its own agent support, which works quite well. I'm not >>> sure why it's necessary to reinvent the wheel here. :) >> >> Because that integrates seemless with GnuPG. For example you can use >> your OpenPGP card (or other supoorted smartcards) for ssh. No need for >> the ssh-add kludge. > > And that would be a good reason, sure. But I don't get the impression > that the OP has one of those. :) Exact but I plan to get one in a quite short time ;) I am just studying the smartcard market to choose a good one (any suggestion ? :)). Regards -- Xavier. From wk at gnupg.org Fri Mar 13 08:21:16 2015 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Mar 2015 08:21:16 +0100 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150312232158.GB18878@athena.barrera.io> (Hugo Osvaldo Barrera's message of "Thu, 12 Mar 2015 20:21:58 -0300") References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> Message-ID: <87y4n1fjmb.fsf@vigenere.g10code.de> On Fri, 13 Mar 2015 00:21, hugo at barrera.io said: > No need for a wildcard one. Just get one free certificate for each subdomain > from StartSSL. Definitely not. It far easier to pay 10 Euro a year for one from Gandi. But that is all not an issue, migrating Roundup to a newer version is more work. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From hugo at barrera.io Fri Mar 13 09:55:53 2015 From: hugo at barrera.io (Hugo Osvaldo Barrera) Date: Fri, 13 Mar 2015 05:55:53 -0300 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <87y4n1fjmb.fsf@vigenere.g10code.de> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> Message-ID: <20150313085553.GA3688@athena.barrera.io> On 2015-03-13 08:21, Werner Koch wrote: > On Fri, 13 Mar 2015 00:21, hugo at barrera.io said: > > > No need for a wildcard one. Just get one free certificate for each subdomain > > from StartSSL. > > Definitely not. It far easier to pay 10 Euro a year for one from > Gandi. But that is all not an issue, migrating Roundup to a newer > version is more work. > > I don't see what's easier (maybe it takes a few minutes less?), nor the point in paying for something you can have for free with the same quality. Personally, I can eat almost a week with 10 Euros, so I'd very much go with the free version. -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From peter at digitalbrains.com Fri Mar 13 11:25:58 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 13 Mar 2015 11:25:58 +0100 Subject: Enigmail speed geeking In-Reply-To: <5501E665.1000801@dougbarton.email> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> Message-ID: <5502BB36.20106@digitalbrains.com> On 12/03/15 20:17, Doug Barton wrote: > Further, the inconvenience of having to deal with generating and > socializing a new key if your smart card gets lost, becomes inoperable, > etc. is way too high a cost for near-zero benefit. And what if your hard drive holding your on-disk key crashes? Do you also "socialize" a new key? Of course not (I hope). You keep a backup of your key in a safe place. This goes for smartcard keys as well. The situation is the same whether you use a smartcard or not. For signing subkeys, a backup isn't very necessary, not for on-disk keys or for smartcard keys. But for your primary key and especially encryption subkeys, this is important. Not having a backup of your encryption subkeys means a not very robust single point of failure, and if that hard disk crashes, or the file system is corrupted, or your smartcard dies, you suddenly lose access to all your encrypted files. I cannot fathom why you would not have at the very least one backup of your encryption subkey. It sounds like a phenomenally bad idea. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From mwood at IUPUI.Edu Fri Mar 13 14:04:30 2015 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Fri, 13 Mar 2015 09:04:30 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150313085553.GA3688@athena.barrera.io> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> Message-ID: <20150313130430.GA31437@IUPUI.Edu> On Fri, Mar 13, 2015 at 05:55:53AM -0300, Hugo Osvaldo Barrera wrote: > On 2015-03-13 08:21, Werner Koch wrote: > > On Fri, 13 Mar 2015 00:21, hugo at barrera.io said: > > > > > No need for a wildcard one. Just get one free certificate for each subdomain > > > from StartSSL. > > > > Definitely not. It far easier to pay 10 Euro a year for one from > > Gandi. But that is all not an issue, migrating Roundup to a newer > > version is more work. > > > > > > I don't see what's easier (maybe it takes a few minutes less?), nor the point > in paying for something you can have for free with the same quality. That is precisely the issue with free or even cheap certificates: they are likely *not* of the same quality. A few years ago, I ordered my first certificate from a well-known CA. They charged us $159.00. I *know* that they check up on new applicants: our security officer got a phone call from them, asking if I was legitimately representing the organization. That certificate certified more than just "probably the same host that presented this certificate to you last time." A CA that charges nothing cannot afford to do much (any?) checking of the assertions in my CSR. The resulting signature thus cannot have some of the meaning that a more thoroughly investigated CSR can support. A free cert. may have all of the qualities that you need, but I recommend that you think as carefully about your choice of CA as you do about who you would have sign a PGP key. The more you depend on a certificate for *establishing* trust, the more it's going to cost you, because it's going to cost the issuer more to provide that assurance while protecting his own reputation. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From wk at gnupg.org Fri Mar 13 14:27:47 2015 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Mar 2015 14:27:47 +0100 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150313130430.GA31437@IUPUI.Edu> (Mark H. Wood's message of "Fri, 13 Mar 2015 09:04:30 -0400") References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> Message-ID: <871tktf2ng.fsf@vigenere.g10code.de> On Fri, 13 Mar 2015 14:04, mwood at IUPUI.Edu said: > A CA that charges nothing cannot afford to do much (any?) checking of > the assertions in my CSR. The resulting signature thus cannot have > some of the meaning that a more thoroughly investigated CSR can Given the implicit cross certification of all CA in the browsers this does not matter. Except for those who tightly control their Root CA but that is a rare case and not really practical. The more expensive CAs are only selling you a fashionable background color for your the client's address bar. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mailing-lists at asatiifm.net Fri Mar 13 14:57:16 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Fri, 13 Mar 2015 15:57:16 +0200 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <20150313130430.GA31437@IUPUI.Edu> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> Message-ID: <5502ECBC.9040807@asatiifm.net> On 13.03.15 15:04, Mark H. Wood wrote: > On Fri, Mar 13, 2015 at 05:55:53AM -0300, Hugo Osvaldo Barrera wrote: >> > On 2015-03-13 08:21, Werner Koch wrote: >>> > > On Fri, 13 Mar 2015 00:21, hugo at barrera.io said: >>> > > >>>> > > > No need for a wildcard one. Just get one free certificate for each subdomain >>>> > > > from StartSSL. >>> > > >>> > > Definitely not. It far easier to pay 10 Euro a year for one from >>> > > Gandi. But that is all not an issue, migrating Roundup to a newer >>> > > version is more work. >>> > > >>> > > >> > >> > I don't see what's easier (maybe it takes a few minutes less?), nor the point >> > in paying for something you can have for free with the same quality. > That is precisely the issue with free or even cheap certificates: > they are likely *not* of the same quality. > > A few years ago, I ordered my first certificate from a well-known CA. > They charged us $159.00. I *know* that they check up on new > applicants: our security officer got a phone call from them, asking if > I was legitimately representing the organization. That certificate > certified more than just "probably the same host that presented this > certificate to you last time." The CA cartel has specified clear and binding rules for the participating CAs as to what level of validation is required. This is overly simplified but they are essentially: Domain validation (Class 1) Organization validation (Class 2) Extended Validation (Class 3) Any automatically validated, i.e. some file on a URL or DNS check etc. is a Class 1 cert. The rest require filing paper work and usually take from hours to days to complete. And there is no reason for anyone to try guessing which level a cert belongs to, they tell you the validation beforehand. > A CA that charges nothing cannot afford to do much (any?) checking of > the assertions in my CSR. ? > A free cert. may have all of the qualities that you need, but I > recommend that you think as carefully about your choice of CA as you > do about who you would have sign a PGP key. Many CAs will be happy to sell a Class 1 certificate for 100-200$ or more. Paying money for a cert doesn't necessarily make it any more "certified". The CA business is a badly monopolized cartel where the old farts have dug in years ago and are just counting the money :). Am Organization cert is the same regardless of where it comes from (in the cartel). They have their own auditing and other requirements that make sure of it. And for the end user of a site it (should be) of no concern which CA is behind the cert. Just what level of validation is the cert. And how many users actually care? Not many (except for the branded "green bar"). -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From mailing-lists at asatiifm.net Fri Mar 13 15:02:26 2015 From: mailing-lists at asatiifm.net (=?windows-1252?Q?Ville_M=E4=E4tt=E4?=) Date: Fri, 13 Mar 2015 16:02:26 +0200 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <871tktf2ng.fsf@vigenere.g10code.de> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> <871tktf2ng.fsf@vigenere.g10code.de> Message-ID: <5502EDF2.8000202@asatiifm.net> On 13.03.15 15:27, Werner Koch wrote: > The more expensive CAs are only selling you a fashionable background > color for your the client's address bar. Essentially, that's it :). There are however clearly defined hard requirements to the Extended Validation, aka "green bar" level. That is, more involved validation of the organization and the person requesting the certificate. But those EV certs can be had for cheaper than hundreds of dollars per year. -- Ville -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Mar 13 15:08:46 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 13 Mar 2015 10:08:46 -0400 Subject: Enigmail speed geeking In-Reply-To: <5502BB36.20106@digitalbrains.com> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> Message-ID: <5502EF6E.3040302@sixdemonbag.org> > Of course not (I hope). You keep a backup of your key in a safe > place. This goes for smartcard keys as well. The situation is the > same whether you use a smartcard or not. This is not true. There are a lot of use cases where "there are no backups of this smart-card key" are baked into the security model. That's why we can create keys on the card directly: that way they never need to exist outside of the card. > Not having a backup of your encryption subkeys means a not very > robust single point of failure, and if that hard disk crashes, or the > file system is corrupted, or your smartcard dies, you suddenly lose > access to all your encrypted files. Yes, and in some security models that's preferable to having a backup copy somewhere. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Fri Mar 13 15:22:20 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 13 Mar 2015 15:22:20 +0100 Subject: Enigmail speed geeking In-Reply-To: <5502EF6E.3040302@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> Message-ID: I interpreted Dougs message as saying that a disadvantage of smartcards, as opposed to on-disk keys, is that you lose the key when the smartcard stops functioning. I was replying to this statement by Doug: > Further, the inconvenience of having to deal with generating and > socializing a new key if your smart card gets lost, becomes inoperable, > etc. is way too high a cost for near-zero benefit. So I say: you should use backups, duh. The fact that you /can/ use a smartcard without a backup, which as you say can be advantageous, by no means implies that you /cannot/ keep a backup. This is what I was saying. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From brian at minton.name Fri Mar 13 15:31:11 2015 From: brian at minton.name (Brian Minton) Date: Fri, 13 Mar 2015 10:31:11 -0400 Subject: Enigmail speed geeking In-Reply-To: References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 If a key is generated externally, a backup can be taken before the key is moved to the card. For a key generated on the card, there is (by design), no way to extract the secret key, including for the purpose of backing it up -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iF4EAREIAAYFAlUC9JUACgkQa46zoGXPuqlGIwD+MqwlNB6gkMnOlNDITREhS0W6 0r8PkacHiQckvJTgZ8UA/33GtkpcUCSzSemcfCYx+AnZ3bDct9xaDtBORe6PyMPk =NmcR -----END PGP SIGNATURE----- From peter at digitalbrains.com Fri Mar 13 15:40:17 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 13 Mar 2015 15:40:17 +0100 Subject: Enigmail speed geeking In-Reply-To: References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> Message-ID: <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> On 2015-03-13 15:31, Brian Minton wrote: > If a key is generated externally, a backup can be taken before the > key > is moved to the card. For a key generated on the card, there is (by > design), no way to extract the secret key, including for the purpose > of > backing it up When you ask GnuPG to create an on-card key, it will ask you whether you want to keep a backup of the key or not. If you choose to proceed without a backup, the key is generated on-card. I consider this the inferior of the two methods because I trust the RNG of Linux much more than I trust the RNG of a smartcard that costs a few euros to produce. If you choose to have a backup, GnuPG will create the key just as it would for a normal on-disk key, and then upload that key to the smartcard and keep a backup file. This thus uses the RNG of your PC; on which I would be running Linux. You could then discard the backup if you want to have the quality of the RNG of the PC but don't want the backup. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.email Fri Mar 13 19:17:27 2015 From: dougb at dougbarton.email (Doug Barton) Date: Fri, 13 Mar 2015 11:17:27 -0700 Subject: Enigmail speed geeking In-Reply-To: References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> Message-ID: <550329B7.8080000@dougbarton.email> On 3/13/15 7:22 AM, Peter Lebbing wrote: > I interpreted Dougs message as saying that a disadvantage of smartcards, > as opposed to on-disk keys, is that you lose the key when the smartcard > stops functioning. I was replying to this statement by Doug: > >> Further, the inconvenience of having to deal with generating and >> socializing a new key if your smart card gets lost, becomes >> inoperable, etc. is way too high a cost for near-zero benefit. > > So I say: you should use backups, duh. > > The fact that you /can/ use a smartcard without a backup, which as you > say can be advantageous, by no means implies that you /cannot/ keep a > backup. This is what I was saying. Seriously? Wasn't it obvious from the context of what Robert and I wrote that we were talking about keys that existed only on a card? And even if that bit of subtlety escaped you, isn't it even more obvious that if you have a backup copy of the key already then the point I was making doesn't apply? If neither of those things were obvious to you from the thread then maybe you should reconsider whether you should be posting on the topic at all. Doug From rjh at sixdemonbag.org Fri Mar 13 19:23:35 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 13 Mar 2015 14:23:35 -0400 Subject: Enigmail speed geeking In-Reply-To: <550329B7.8080000@dougbarton.email> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <550329B7.8080000@dougbarton.email> Message-ID: <55032B27.8000503@sixdemonbag.org> > Seriously? Wasn't it obvious from the context of what Robert and I > wrote that we were talking about keys that existed only on a card? Let's calm things down, folks. :) We're communicating in a text medium. Sometimes, things we think are obvious aren't obvious to others. Let's take a deep breath and remember that everyone's discussing things in good faith, okay? :) Nothing but peace here, guys. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Fri Mar 13 19:54:18 2015 From: dougb at dougbarton.email (Doug Barton) Date: Fri, 13 Mar 2015 11:54:18 -0700 Subject: Enigmail speed geeking In-Reply-To: <55032B27.8000503@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <550329B7.8080000@dougbarton.email> <55032B27.8000503@sixdemonbag.org> Message-ID: <5503325A.5020808@dougbarton.email> On 3/13/15 11:23 AM, Robert J. Hansen wrote: >> Seriously? Wasn't it obvious from the context of what Robert and >> I wrote that we were talking about keys that existed only on a >> card? > > Let's calm things down, folks. :) FWIW, I'm perfectly calm, as in the sense of not angry. But it is a major source of frustration when folks take comments out of context to use the tiniest bit of leverage with which to forward an agenda. It's not only intellectually dishonest, but it's a massive waste of everyone's time when the conversation devolves into the degree that some argument is correct in some context, no matter how far removed it is from the actual point under discussion. Calling "BS" on that rhetorical technique may get me a shiny new "Curmudgeon" badge to add to my collection, but I still think it's a worthwhile exercise. Doug From antony at blazrsoft.com Fri Mar 13 20:23:30 2015 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 13 Mar 2015 15:23:30 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <5502EDF2.8000202@asatiifm.net> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> <871tktf2ng.fsf@vigenere.g10code.de> <5502EDF2.8000202@asatiifm.net> Message-ID: <55033932.6000403@blazrsoft.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/13/2015 10:02 AM, Ville M??tt? wrote: > On 13.03.15 15:27, Werner Koch wrote: >> The more expensive CAs are only selling you a fashionable background >> color for your the client's address bar. > > Essentially, that's it :). > > There are however clearly defined hard requirements to the Extended > Validation, aka "green bar" level. That is, more involved validation of > the organization and the person requesting the certificate. But those EV > certs can be had for cheaper than hundreds of dollars per year. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > This topic brought to mind some interesting proposed RFCs that could essentially eliminate the need for centralized certificate authorities. Just wanted to get some opinions on the topics since its related to certificate issues and the slavery of security to an external authority. The combination of DNSSEC[1] and DANE[2] authentication can essentially make a self-signed certificate as legitimate as one signed by an "official" CA (if I'm not mistaken). There were some security implications IIRC, but not being a professional on the subject, I'm not sure what they were. I started implementing them on my own website and I am very interested in seeing these proposals become official standards. I'm also interested on anyone else's thoughts who might have more insight into the downsides or repercussions of relying strictly on such a system (if external CA's no longer existed, for example). [1]https://tools.ietf.org/html/rfc4035 [2]https://tools.ietf.org/html/rfc6698 - -- Antony Prince Key ID: 0x4F040744 Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744 URL: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xA6E162424F040744 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVAzkuAAoJEKbhYkJPBAdEYQkIAJtCFlUcXZP7jFBD8Ken4wvK 62TOFcwR8S8No0xmeFgCevwCzkB9B+wzFkI6mX1MvXIMZyhHUNstVqKw9Lq2lOj/ DTdyiV6L/XiZ9GpQd/2Ekd6GhwPGD4aoyenzrPsx1O0Ox5Wqc8cdG52qSiyaiQmT jCHy2A4TED087jtfzR7sBbHmHUatNQD5hYzAmK9ZJocfzUMrZO7hzhRfwA2lzLon UQdER3G+ob8L5/TpG/4Q3JoHCyECis3fws0HgUYobZz76zcQILod2nXTwlaEYFws 4Byz+iN7UEUWW+bFsDdOhHcZ2qP/sEbDKn9D1UKG+Y7xpIb9hHZinhlDPKg65Dk= =wVE0 -----END PGP SIGNATURE----- From jose.castillo at gmail.com Fri Mar 13 21:13:38 2015 From: jose.castillo at gmail.com (Joey Castillo) Date: Fri, 13 Mar 2015 16:13:38 -0400 Subject: Making the case for smart cards for the average user Message-ID: Hi there, I'm working on a Kickstarter right now that aims to popularize smart cards as an easier way for the average user to adopt GnuPG. https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards Putting aside any security benefits, smart cards seem simpler to use for the average person. Unlocking a card with a PIN is a metaphor that people already know and use with bank cards. Choosing and memorizing a strong passphrase, by comparison, is something the average user is likely to have trouble with. Moreover, we're a multi-screen environment now; people expect to have access to their stuff across devices. With a smart card they can keep their secret keys in one place, as opposed to creating multiple points of potential compromise. Plus by integrating NFC technology, we open up the potential for use on smartphones and tablets, which is where most people's computing is moving anyway. Of course smart cards aren't some kind of magic bullet, but if the goal is to drive wider adoption of GnuPG and OpenPGP based cryptography, I can't shake the feeling that smart cards are a huge part of the answer. Thoughts? -- Joey Castillo www.joeycastillo.com From peter at digitalbrains.com Fri Mar 13 22:17:23 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 13 Mar 2015 22:17:23 +0100 Subject: Enigmail speed geeking In-Reply-To: <5503325A.5020808@dougbarton.email> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <550329B7.8080000@dougbarton.email> <55032B27.8000503@sixdemonbag.org> <5503325A.5020808@dougbarton.email> Message-ID: <202ba66fd7f4e5145b2f99c088100486@butters.digitalbrains.com> On 2015-03-13 19:54, Doug Barton wrote: > But it is a > major source of frustration when folks take comments out of context > to > use the tiniest bit of leverage with which to forward an agenda. WHAT?!?! It is true, text is a truly god awful medium to communicate in. We are apparently completely unaware of each other's intentions. I honestly thought you thought a disadvantage of using a smartcard is that you lose the key once it breaks. It quite surprised me, but I've seen smart people have odd misconceptions of things[1], so I simply sought to rectify it. Let's put this whole thing to rest. Nobody thinks you can't have a backup of a smartcard key, nobody thinks that a smartcard without a backup is a useless thing, and we should all go and read a nice book. Perhaps even for the third time, in my case. It's a nice book! Peter. [1] Sometimes in the mirror ;P -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From rjh at sixdemonbag.org Fri Mar 13 22:20:39 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 13 Mar 2015 17:20:39 -0400 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <550354A7.6080804@sixdemonbag.org> > Of course smart cards aren't some kind of magic bullet, but if the > goal is to drive wider adoption of GnuPG and OpenPGP based > cryptography, I can't shake the feeling that smart cards are a huge > part of the answer. Thoughts? (ObWarning: no facts, just opinions.) I think the biggest problem we face, to be honest, is our conviction that there's an answer out there and we just have to find it. It seems to me far more likely that it's like curing cancer -- if/when we finally cure cancer, we won't cure cancer, because there is no single thing, "cancer". Cancer is a name we give to literally thousands of distinct different diseases which have exactly one thing in common: uncontrolled cell growth. Leukemia isn't glioblastoma, and my wanting to keep my email safe against sneaking sysadmins isn't the same as a human rights worker in Syria who's living under persistent surveillance. In a similar vein, I don't think we will ever reach "the answer" for email crypto. There are too many people with too many different use cases, skill levels, threat models, needs, and so on. Our obsession with finding "the answer" seems to blind us to the possibilities of making small positive changes in small communities, with the idea that if we do this enough times, for enough small communities, we might be able to make a difference overall. So -- no, I actually don't hold out much hope for your project. Smart cards are not part of the answer, because I don't think there's an answer to be had. But smart cards could definitely be a part of many small answers. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Fri Mar 13 22:26:21 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 13 Mar 2015 22:26:21 +0100 Subject: Enigmail speed geeking In-Reply-To: <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> Message-ID: On 2015-03-13 15:40, Peter Lebbing wrote: > I consider this the inferior of the two methods because I > trust the RNG of Linux much more than I trust the RNG of a smartcard > that costs a few euros to produce. Make that: I trust the RNG of GnuPG. There's more to it than what is provided by the Linux kernel. I should have acknowledged this extra work done by the GnuPG developers. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From rjh at sixdemonbag.org Fri Mar 13 22:33:05 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 13 Mar 2015 17:33:05 -0400 Subject: Enigmail speed geeking In-Reply-To: References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> Message-ID: <55035791.6070102@sixdemonbag.org> > Make that: I trust the RNG of GnuPG. There's more to it than what is > provided by the Linux kernel. Be careful. When was the last time you checked the GnuPG code? And when was the last time you checked the options your distro maintainer used to build your GnuPG? :) GnuPG doesn't have one RNG. It has *many* RNGs. Some of them are really just thin wrappers over lower-level OS facilities. And if you don't trust /dev/urandom, I'd suggest using a different operating system, because that's a game-over compromise. It's like not trusting CryptGenRand on Win32. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From stebe at mailbox.org Fri Mar 13 23:19:53 2015 From: stebe at mailbox.org (Stephan Beck) Date: Fri, 13 Mar 2015 23:19:53 +0100 Subject: Enigmail speed geeking In-Reply-To: <55035791.6070102@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> <55035791.6070102@sixdemonbag.org> Message-ID: <55036289.7020001@mailbox.org> Am 13.03.2015 um 22:33 schrieb Robert J. Hansen: > GnuPG doesn't have one RNG. It has *many* RNGs. Some of them are > really just thin wrappers over lower-level OS facilities. And if you > don't trust /dev/urandom, I'd suggest using a different operating > system, because that's a game-over compromise. Wouldn't the installation of haveged, at least for GNU/linux distros, extend the possibilities of traditional /dev/(u)random based RNG? Wouldn't GnuPG benefit from it? No expert, just curious, prepared to receive a game-over knockout. :) Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From dgouttegattat at incenp.org Fri Mar 13 23:31:08 2015 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Fri, 13 Mar 2015 23:31:08 +0100 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <55033932.6000403@blazrsoft.com> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> <871tktf2ng.fsf@vigenere.g10code.de> <5502EDF2.8000202@asatiifm.net> <55033932.6000403@blazrsoft.com> Message-ID: <5503652C.2010306@incenp.org> On 03/13/2015 08:23 PM, Antony Prince wrote: > I am very interested in seeing these proposals become official standards. The fact that they are called ?proposed standards? does not really mean anything. Many widely deployed and successful IETF protocols are still officially considered ?proposed standard? and not ?Internet standard?, that does not make them less official. DNSSEC and DANE are as much ?official standards? as, for example, OpenPGP (RFC 4880) and the X.509 PKI system (RFC 5280). > I'm also interested on anyone else's thoughts who might have more > insight into the downsides or repercussions of relying strictly on such > a system (if external CA's no longer existed, for example). I don?t have any more insight, but I?d say that the main downside of both DNSSEC and DANE is that almost no TLS client implements them? As far as I know, most if not all of the DNS resolvers immediately available on a client system don?t perform DNSSEC validation. Even if we assume that the system DNS resolver is DNSSEC-capable, I don?t know of any browser (or any other kind of TLS client software) that care about DNSSEC and/or TLSA records. For Firefox, you have to install a third-party extension [1], and for Chrome, support of DANE is not on Google?s agenda [2] (they prefer to rely on Certificate Transparency [3] instead, which in my opinion does not solve any of the main problems of the PKIX system, but this is another subject). I am, too, very interested in DANE, and in fact I have great hopes in it (all my TLS servers have TLSA records, and my browser can check them). But we are very far from the point where nobody would need to rely on ?trusted? external CAs. [1] https://www.dnssec-validator.cz/ [2] https://www.imperialviolet.org/2015/01/17/notdane.html [3] http://www.certificate-transparency.org/what-is-ct -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Fri Mar 13 23:31:48 2015 From: dougb at dougbarton.email (Doug Barton) Date: Fri, 13 Mar 2015 15:31:48 -0700 Subject: Enigmail speed geeking In-Reply-To: <202ba66fd7f4e5145b2f99c088100486@butters.digitalbrains.com> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <550329B7.8080000@dougbarton.email> <55032B27.8000503@sixdemonbag.org> <5503325A.5020808@dougbarton.email> <202ba66fd7f4e5145b2f99c088100486@butters.digitalbrains.com> Message-ID: <55036554.7050806@dougbarton.email> On 3/13/15 2:17 PM, Peter Lebbing wrote: > On 2015-03-13 19:54, Doug Barton wrote: >> But it is a >> major source of frustration when folks take comments out of context to >> use the tiniest bit of leverage with which to forward an agenda. > > WHAT?!?! > > It is true, text is a truly god awful medium to communicate in. > > We are apparently completely unaware of each other's intentions. I > honestly thought you thought a disadvantage of using a smartcard is that > you lose the key once it breaks. It quite surprised me, but I've seen > smart people have odd misconceptions of things[1], so I simply sought to > rectify it. > > Let's put this whole thing to rest. Nobody thinks you can't have a > backup of a smartcard key, nobody thinks that a smartcard without a > backup is a useless thing, and we should all go and read a nice book. > Perhaps even for the third time, in my case. It's a nice book! > > Peter. > > [1] Sometimes in the mirror ;P Thank you for clarifying. Doug From stebe at mailbox.org Fri Mar 13 23:56:55 2015 From: stebe at mailbox.org (Stephan Beck) Date: Fri, 13 Mar 2015 23:56:55 +0100 Subject: Question concerning OpenLDAP PGP Keyserver setup guide (wiki.gnupg.org) In-Reply-To: <55021A80.40203@mailbox.org> References: <55021A80.40203@mailbox.org> Message-ID: <55036B37.9000704@mailbox.org> Obviously, this ** has to be OpenLDAP(slapd)2.4.31 not 3, sorry! Still stuck in there, though. Am 13.03.2015 um 00:00 schrieb Stephan Beck: > Hi, > > reproducing the OpenLDAP PGP keyserver setup guide on http://wiki.gnupg.org, > published by Neal, I get the following error message: > > ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}hdb,cn=config" > > I am reproducing the guide on debian stable (main sources only), which uses > "hdb" (not "mdb") database format, *OpenLDAP3*, being the server package slapd. > > To see the error message in its context: > > > $ sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" | grep olcDatabase: > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > olcDatabase: {-1}frontend > olcDatabase: {0}config > olcDatabase: {1}hdb > > > $ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/keyserver-acls.ldif > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}hdb,cn=config" > > > contents of keyserver-acls.ldif are as follows: > > > # userPassword may be written only by users themselves > dn: olcDatabase={1}hdb,cn=config > changetype: modify > add: olcAccess > # Allow access via localhost to add or modify keys. > # Allow authenticated PGP Users to update keys. > # Allow anyone else to read the keys. > olcAccess: {2} to dn.subtree="ou=PGP Keys,dc=FOO,dc=EXAMPLE,dc=ORG" > by peername.ip=127.0.0.1 write > by peername.ip=:: write > by dn.regex="^uid=([^,]+),ou=PGP Users,dc=FOO,dc=EXAMPLE,dc=ORG" write > by * read > > # Allow any connection to localhost to update the PGP keys > # (including removing them!) This is only needed if the anonymous > # updates from localhost are desired. > dn: cn=config > add: olcAllows > olcAllows: update_anon > -------------------------------------------------------------------------- > > It seems that the error message indicates that line 5 > > by peername.ip=127.0.0.1 write > > has a a wrong attribute type. > > I checked the LDAP for Rocket scientists guide on zytrax.com (1) and (3) for > hours, and also some documentation about the peername.ip attribute, but I cannot > figure out what's wrong. > I found that there are 2 ways of using the peername.[ip] attribute. > > If you use it with ipv4 you do not have to put peername.ipv4, but just > peername.ip, being the value (127.0.0.1) that which defines the format (ipv4). > With ipv6 you would have to specify it, i.e. peername.ipv6=[ipv6] > > The other way is using "peername.[type]" but that's not the case here. > > > Is there anyone who can lend me a hand? > > TIA > > Stephan > > Note: On slapd debconf install I used FOO.EXAMPLE.ORG, so whenever the wiki > guide uses dc=EXAMPLE,dc=ORG I use dc=FOO,dc=EXAMPLE,dc=ORG > > (1) http://www.zytrax.com/books/ldap/ch6 > (2) http://www.zytrax.com/books/ldap/ch3 > > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From antony at blazrsoft.com Sat Mar 14 02:28:47 2015 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 13 Mar 2015 21:28:47 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <5503652C.2010306@incenp.org> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> <871tktf2ng.fsf@vigenere.g10code.de> <5502EDF2.8000202@asatiifm.net> <55033932.6000403@blazrsoft.com> <5503652C.2010306@incenp.org> Message-ID: <55038ECF.3000802@blazrsoft.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/13/2015 6:31 PM, Damien Goutte-Gattat wrote: > The fact that they are called ?proposed standards? does not really mean > anything. Many widely deployed and successful IETF protocols are still > officially considered ?proposed standard? and not ?Internet standard?, > that does not make them less official. I know what you mean. They were proposed years ago and still maintain the "proposed" status. > I don?t have any more insight, but I?d say that the main downside of > both DNSSEC and DANE is that almost no TLS client implements them? > > As far as I know, most if not all of the DNS resolvers immediately > available on a client system don?t perform DNSSEC validation. I use BIND(named) as my DNS server and it is DNSSEC capable as well as DLV-Lookaside capable. Google's public DNS server are also capable of both as well since I used them a lot for DNS record timeout testing among other things. > Even if we assume that the system DNS resolver is DNSSEC-capable, I > don?t know of any browser (or any other kind of TLS client software) > that care about DNSSEC and/or TLSA records. For Firefox, you have to > install a third-party extension [1], and for Chrome, support of DANE is > not on Google?s agenda [2] (they prefer to rely on Certificate > Transparency [3] instead, which in my opinion does not solve any of the > main problems of the PKIX system, but this is another subject). I have the Firefox extension myself and refuse to use Chrome since, IMO, its nothing more than a bloated version of the Gecko engine which does a lot of useless crap I'm not interested in. Your mileage may vary. LOL. But that is another problem with its adoption as a standard is that most (if not all) mainstream browsers don't support it natively. > I am, too, very interested in DANE, and in fact I have great hopes in it > (all my TLS servers have TLSA records, and my browser can check them). > But we are very far from the point where nobody would need to rely on > ?trusted? external CAs. This I think is the main problem. It's adoption has not become mainstream. I'm of the conspiracy theory opinion that its the CA's who are making sure it stays in the background because otherwise they could potentially lose their entire market if everyone realized they didn't need a CA to properly and securely validate their certificates. (Pure personal opinion here, no facts to back it up). My domain is secured via DNSSEC and all my certificates have TLSA records to back them up. I'm no professional at server administration, so if I can do it, anyone can. Its disheartening to see something so promising pushed to the side for so long when it could be a major benefit as far as internet security is concerned. Thanks for your reply BTW. :) - -- Antony Prince Key ID: 0x4F040744 Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744 URL: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xA6E162424F040744 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVA47MAAoJEKbhYkJPBAdEpi0IALJwjhR0uILmFH2cFLADVEvv jc5/+kwchlkWbIOifLvuqgb7t8DEgVib5rlLBHu72iCIPcLw/1ACJs1xhxhqCSUA xsu7GXXKhA0F6hiev80LhUzVEI/O4Rd71akH6j8sTnUmuFBb1vXqINCn7q1O/O6i Bo2kNZyiR0hMk29S88hb78utmnOLs5eaFyX0hVCpZNc8oOv2EquHE4i3/a2d52/K Ij5BYCV5ZlK/epTHuzYAlKSUWaB1f8VcY1MjgHGsZ298lnR1d54UtPiyEtYuPRLR TrBx+GNhbziFGHFDOo8i4uAwio4ydG1VfdgbZazbxt2pf+Bgj3rvpzPE8iKtozk= =YDqt -----END PGP SIGNATURE----- From antony at blazrsoft.com Sat Mar 14 02:35:56 2015 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 13 Mar 2015 21:35:56 -0400 Subject: bugs.gnupg.org TLS certificate In-Reply-To: <55038ECF.3000802@blazrsoft.com> References: <87zj7jlc9t.fsf@vigenere.g10code.de> <20150312232158.GB18878@athena.barrera.io> <87y4n1fjmb.fsf@vigenere.g10code.de> <20150313085553.GA3688@athena.barrera.io> <20150313130430.GA31437@IUPUI.Edu> <871tktf2ng.fsf@vigenere.g10code.de> <5502EDF2.8000202@asatiifm.net> <55033932.6000403@blazrsoft.com> <5503652C.2010306@incenp.org> <55038ECF.3000802@blazrsoft.com> Message-ID: <5503907C.8080603@blazrsoft.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/13/2015 9:28 PM, Antony Prince wrote: >> As far as I know, most if not all of the DNS resolvers >> immediately >>> available on a client system don?t perform DNSSEC validation. > I use BIND(named) as my DNS server and it is DNSSEC capable as well > as DLV-Lookaside capable. Google's public DNS server are also > capable of both as well since I used them a lot for DNS record > timeout testing among other things. > My mistake. You said resolvers, not servers. Only a minor difference there. Great! The server supports it! The resolver doesn't care! ;-) - -- Antony Prince Key ID: 0x4F040744 Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744 URL: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xA6E162424F040744 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVA5B7AAoJEKbhYkJPBAdEJRkH/1ZI3Yy+8myaVafwCHAZD6FR X0iucr95MW01lIpB6CGRslB6Lat0c7YdgiPFLOIuWBOuUrlWFZcdmysjwLabLfZv 1KwNaraOb1Gkxi92Pfq5B4yk2metgOSnN8bpKP2RE9fMLsm4G3Mtnmd5TEZ61LpG hCFuTfS5kcJQOb21pHHDLta/tV+xn02ZDx/7PULAnJ9kyGPJIQbyD8yrSxfauvil 2FGNKkjw6mbkFt+dmRA0/U5A9zUDEr61z3gJtWfsUm3RDAGDE2abioTdyiPMuVRW +2WCtDv8r4IdlBDUpaLSewukVG1kVy3L3GqPnKWH74jM7nwFJux76o4o9NbGseU= =9mpV -----END PGP SIGNATURE----- From peter at digitalbrains.com Sat Mar 14 10:59:02 2015 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 14 Mar 2015 10:59:02 +0100 Subject: Enigmail speed geeking In-Reply-To: <55035791.6070102@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> <55035791.6070102@sixdemonbag.org> Message-ID: <55040666.5090306@digitalbrains.com> On 13/03/15 22:33, Robert J. Hansen wrote: > And if you don't trust /dev/urandom, I'd suggest using a different > operating system, because that's a game-over compromise. I trust both /dev/random and the sanity of the default settings of GnuPG. And when I'm generating a key in GnuPG, I put my trust in both. I don't know what is all going on in GnuPG for generating the highest quality of randomness, but it's more than "cat /dev/random". It was simply incomplete to just say "Linux's RNG", and it didn't acknowledge the effort the GnuPG developers put into the code that generates the randomness. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From 2014-667rhzu3dc-lists-groups at riseup.net Sat Mar 14 13:53:55 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 14 Mar 2015 12:53:55 +0000 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <1479786172.20150314125355@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Friday 13 March 2015 at 8:13:38 PM, in , Joey Castillo wrote: > Unlocking a card > with a PIN is a metaphor that people already know and > use with bank cards. Yes, and a sizeable minority have problems with this method of using bank cards. > Choosing and memorizing a strong > passphrase, by comparison, is something the average > user is likely to have trouble with. This trouble goes away for the "average user" who uses a password manager. > Moreover, we're a multi-screen environment now; people > expect to have access to their stuff across devices. > With a smart card they can keep their secret keys in > one place, as opposed to creating multiple points of > potential compromise. It there not still potential compromise each time you use it, such as the possibility of malware substituting the message? > Plus by integrating NFC > technology, we open up the potential for use on > smartphones and tablets, which is where most people's > computing is moving anyway. How secure is the NFC communication? Could a situation be contrived where the person next to you in a crowd managed to get you to sign a message on their device instead of your own? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net The best way to destroy your enemy is to make him your friend. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJVBC96XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwv1wH/iZAIFd1grKteFhMSpZ7L3Y7 F/nHWqjD5XEHxscYnE/BfVjF72ZBe+PIyBfiFnfdZAHyEDNCukoDxZVP+SbhX5dq ho1QymCJYds5Uo+uLCbZd3PfabcnMATzNj5uU3MZ4rvR5yBaiSr3uwt5TPQbEFCf pEYAbixsegGThab8TQHbWru615mIEsM/Sc2xAuwjeSO9o5zaFZDTdv18EFz5vbZs i1aQkYvI7whalvTakK18+UTGDKagBRIBHTqHrEqNQH0rpFYRRH0EzTMNj/PeS2vE Ja5tC/9xUMG7KY/jwCO9dxn6zMi0E1Z57COmSdVnGX1hn5UnPDrW+PYOVI2iQmyI vgQBFgoAZgUCVQQvg18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PEcAQCkvlcPhVcGBKTNX/gAKUIHR9Z6 QZigL/uAQmmvovpTGwEA7sDRSS70YfJVYGDqnyejQDtKIGYFnS+pkmaWYIj1fws= =mCZy -----END PGP SIGNATURE----- From flapflap at riseup.net Sat Mar 14 17:40:57 2015 From: flapflap at riseup.net (flapflap) Date: Sat, 14 Mar 2015 16:40:57 +0000 Subject: gpg in a =?windows-1252?Q?cybercaf=E9?= In-Reply-To: <20150310132322.c69406fe8db7765f1f429a67@webkeks.org> References: <1425468587.871457089@f386.i.mail.ru> <20150305183045.0a84427bb224d379f41d4152@webkeks.org> <54F8D858.7080307@riseup.net> <20150310132322.c69406fe8db7765f1f429a67@webkeks.org> Message-ID: <55046499.5020203@riseup.net> Jonathan Schleifer: > On Thu, 05 Mar 2015 22:27:36 +0000, flapflap wrote: > >> The current version (1.3) of Tails comes with GnuPG 1.4.12. > > That's just not true. Not only is the gpg2 command available, but the change log even explicitly states that GnuPG 2 was added to improve smartcard support. oh sorry, I have missed that. I just tried `gpg --version' and not `gpg2 --version'. amnesia at amnesia:~$ gpg --version gpg (GnuPG) 1.4.12 [...] amnesia at amnesia:~$ gpg2 --version gpg (GnuPG) 2.0.25 libgcrypt 1.5.0 [...] ~flapflap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From philip.jackson at nordnet.fr Sat Mar 14 17:52:54 2015 From: philip.jackson at nordnet.fr (Philip Jackson) Date: Sat, 14 Mar 2015 17:52:54 +0100 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <55046766.4020203@nordnet.fr> On 13/03/15 21:13, Joey Castillo wrote: > Hi there, > > I'm working on a Kickstarter right now that aims to popularize smart > cards as an easier way for the average user to adopt GnuPG. > > https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards > Geographic distribution of the product seems to be limited to US only - at least for your sponsors. Philip From jose.castillo at gmail.com Sat Mar 14 22:00:08 2015 From: jose.castillo at gmail.com (Joey Castillo) Date: Sat, 14 Mar 2015 17:00:08 -0400 Subject: Making the case for smart cards for the average user Message-ID: I'll concede the first point: some minority of people won't get it even if we make it simpler. As to the second one: even with a password manager, the security of that still depends on choosing and guarding a complex password to secure the password store. It's passwords all the way down. >> With a smart card they can keep their secret keys in >> one place, as opposed to creating multiple points of >> potential compromise. > > It there not still potential compromise each time you use it, such as > the possibility of malware substituting the message? Certainly; if your system is compromised by malware it could substitute the message, store session keys, or keylog your PIN for that matter. If your system is compromised, all bets are off. The difference is that with your keys on a smart card, at least such a breach won't compromise your secret key material. And you can prevent further unauthorized use by simply removing the card; this is not possible if the attacker has stolen your keyring and passphrase. Without smart cards, if I want to use GnuPG on my laptop, my iPhone and my Nexus 7, I have to put my secret key on each of those devices and enter my passphrase into each of those devices. This dramatically increases the surface area available for an attack on my secret keys. > How secure is the NFC communication? Could a situation be contrived > where the person next to you in a crowd managed to get you to sign a > message on their device instead of your own? In practice, you have to more or less touch the card to the device you're using it with; an attacker would have to generate an RF field that overpowers the one generated by the device. But yes: with specialized equipment and close proximity, an attacker could theoretically modify data or eavesdrop. [1] It's a tradeoff: in exchange for better security for my secret key material, I'm exposing myself to a threat from a determined, active attacker that's able to get specialized gear into the same room as me while I'm using my card. For some minority of people, that may be a reasonable concern; for most people, it really isn't. Also, there's nothing preventing us from better securing the NFC channel in a future card specification; in particular, NFC's resistance to man in the middle attacks makes it easy to establish a shared secret to secure the channel, as proposed in a 2010 standard. [2] [1]: http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf [2]: http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf -- Joey Castillo www.joeycastillo.com From jose.castillo at gmail.com Sat Mar 14 22:23:45 2015 From: jose.castillo at gmail.com (Joey Castillo) Date: Sat, 14 Mar 2015 17:23:45 -0400 Subject: Making the case for smart cards for the average user Message-ID: On 14/03/15 17:52, Philip Jackson wrote: > https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards > > Geographic distribution of the product seems to be limited > to US only - at least for your sponsors. I desperately wanted to make it worldwide, but feared running afoul of U.S. cryptographic export laws. Since both GnuPG and the smart card application are open source, my sense was that it would be exempt from export controls, but I didn't want to check the box without speaking to a lawyer. To quote the OpenSSL foundation [1], "U.S. exports controls are complex and quite nonsensical from the perspective of the uninitiated professional software developer." [1]: http://www.opensslfoundation.com/export/README.blurb -- Joey Castillo www.joeycastillo.com From jose.castillo at gmail.com Sat Mar 14 23:37:18 2015 From: jose.castillo at gmail.com (Joey Castillo) Date: Sat, 14 Mar 2015 18:37:18 -0400 Subject: Making the case for smart cards for the average user Message-ID: On 13/03/15 17:20, Robert J. Hansen wrote: > (ObWarning: no facts, just opinions.) > > I think the biggest problem we face, to be honest, is our conviction > that there's an answer out there and we just have to find it. > ... Thanks for your thoughtful response. I think it's absolutely true that different people have different security needs, but I wonder if we can't make progress for an average person's use case. I'm recalling a message you wrote some months ago making the point that GnuPG is a cryptographic toolbox, but that it does not provide policy. That's one of the things I've been trying to get at with this project, writing guidelines for the people who participate on how they should use the tools. The goal is to simplify not just everyday things like how to make a key or encrypt an email, but also more complex things like "what is my identity and how do I verify it?" [1] I'm certain that this is not "the answer" for everyone's use case, and I also know that even if this Kickstarter project gets funded, the end result will be a small community, not a world-changing critical mass of people. But it might provide a collaborative place where we can test out a policy framework and see how well it performs for people who aren't as intimately familiar with the tools. That's the thing that excites me, and the thing that I think might make a difference. Because if the human rights worker in Syria wants to communicate securely with, say, an academic in the U.S., we have to figure out a simple way to introduce that person to the tools as well. [1]: https://github.com/josecastillo/signet/blob/master/guidelines.md#certification-and-trust -- Joey Castillo www.joeycastillo.com From gniibe at fsij.org Sun Mar 15 09:47:51 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Sun, 15 Mar 2015 17:47:51 +0900 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <55054737.90304@fsij.org> On 03/14/2015 05:13 AM, Joey Castillo wrote: > Of course smart cards aren't some kind of magic bullet, but if the > goal is to drive wider adoption of GnuPG and OpenPGP based > cryptography, I can't shake the feeling that smart cards are a huge > part of the answer. Thoughts? I think that smartcard is _not_ the "must", and having private keys on host PC as files are good, given the condition where user keeps computer safe. If a user is good at administrating POSIX system (or whatever operating system) and managing specific files, it would be safer than using unfamiliar hardware. And... users should keep their computer safe from the beginning, you know. Well, when I needed to make copies of private keys (for multiple computers), I felt anxious. This is a major reason why I started using OpenPGPcard, and then, I started to develop Gnuk. For myself and for the one of release keys of GnuPG, I use Gnuk Tokens. However, please note that the situation is not that perfect. Please note that I have been doing my best to improve GnuPG's smartcard support (especially about its stability), now, it only supports basic smartcard things. For example, you can easily find a lack of multiple cards / tokens support. We need more improvements here (and there). I'm happy that I can see people discuss about using smartcard/token for GnuPG nowadays. I interpret it as the stability/usefulness of scdaemon. If not, please file a bug report or two. :-) >From here, it's tl;dr. :-) It is a somehow long story. The culture/practice around smartcard, especially the industry (in Japan), is not friendly to free software development. Basically, they require NDA here and there. Although many engineers just say "we support FLOSS", there are conflicts in practice, when they try to give technical information to outside. In general, for free software, it is difficult (or simply no way sometimes) to support existing smartcards. It is mostly similar for smartcard readers, although the situation is better than the smartcard itself. When I started Gnuk on 2010, I had expected it were the (last) missing piece. I soon realized that I was wrong. And we still have many things to do in 2015. I worked and I am working for: * Firmware as free software: Gnuk * TRNG implementation: NeuG * Reference hardware: FST-01 * Software improvements on host PC: scdaemon ... while I highly depend on: * Improvements of development environment: GCC, OpenOCD, KiCAD, etc. ... and I would like to do something around: * Improvements on OpenPGPcard specification Well, I'm afraid... the situation around smartcard for GnuPG is not yet mature enough to invite average users. My focus is on the development of those things, and my work is supported by the sales of FST-01. Since the situation is not mature enough (for me), I am caught in a dilemma: I want to sell more FST-01, but selling more FST-01 now means more possible troubles (to me). If someone is a user of GnuPG already, I could invite him to use Gnuk Token. I mean, I could sell FST-01 with Gnuk to him, and I would say that the access using SSH could be also safe and easier. However, if it is the first time for him to use any tool of Free Software, it would be difficult for me to help him effectively. When I need to start from the explanation of the difference of proprietary software and free software, I would hesitate in some occasions. Yes, I _do_ or I try to do so (not always, but most cases), but my physical body and my hours are limited. Or, if it is the first time for him to use any smartcard/token on his system, it would be difficult for me to help him effectively. Because of this situation, I don't advertise FST-01 much to general public, while I believe Gnuk Token would be better solution in many cases. I think that it's ready for the evaluation by developers and experienced users of Free Software. -- From al-gnupg_users at none.at Sun Mar 15 10:43:32 2015 From: al-gnupg_users at none.at (Aleksandar Lazic) Date: Sun, 15 Mar 2015 10:43:32 +0100 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <2648f241dfefd05ddd272e5b43591f79@none.at> Hi. Am 13-03-2015 21:13, schrieb Joey Castillo: > Hi there, > > I'm working on a Kickstarter right now that aims to popularize smart > cards as an easier way for the average user to adopt GnuPG. > > https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards > > Putting aside any security benefits, smart cards seem simpler to use > for the average person. Unlocking a card with a PIN is a metaphor that > people already know and use with bank cards. Choosing and memorizing a > strong passphrase, by comparison, is something the average user is > likely to have trouble with. [snipp] Today a lot of people sends there mail over smart phone (Androdid, IPhone, Blackberry, ....) How can I use "any" smartcard with this devices? BR Aleks From rjh at sixdemonbag.org Sun Mar 15 13:57:21 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 15 Mar 2015 08:57:21 -0400 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <550581B1.2030701@sixdemonbag.org> > Thanks for your thoughtful response. I think it's absolutely true > that different people have different security needs, but I wonder if > we can't make progress for an average person's use case. I disagree: I don't believe there is an "average person" or an "average use case". But please, don't mistake this for discouragement! I just want to caution you against judging your efforts by an impossible standard. Your efforts are very unlikely to be "the solution", because (IMO) there is no single solution. But that does not invalidate the benefit some will receive from what you do. Really, please read this as strong encouragement. But please don't judge your success by an unachievable goal. You deserve better treatment than that. :) From rjh at sixdemonbag.org Sun Mar 15 13:59:42 2015 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 15 Mar 2015 08:59:42 -0400 Subject: Enigmail speed geeking In-Reply-To: <55036289.7020001@mailbox.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org> <5cda1031caf0f94f8eff9c414aaf4955@butters.digitalbrains.com> <55035791.6070102@sixdemonbag.org> <55036289.7020001@mailbox.org> Message-ID: <5505823E.5070704@sixdemonbag.org> > Wouldn't the installation of haveged, at least for GNU/linux distros, > extend the possibilities of traditional /dev/(u)random based RNG? No idea -- I haven't looked at haveged. Sorry. :( From 2014-667rhzu3dc-lists-groups at riseup.net Sun Mar 15 14:06:40 2015 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sun, 15 Mar 2015 13:06:40 +0000 Subject: Making the case for smart cards for the average user In-Reply-To: References: Message-ID: <1713955696.20150315130640@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 14 March 2015 at 9:00:08 PM, in , Joey Castillo wrote: First [OT], I'll point out that your message didn't thread below my message to which you replied. Your message arrived missing the "In-Reply-To:" and "References:" headers, which would have enabled this to happen. > even with a password manager, the security > of that still depends on choosing and guarding a > complex password to secure the password store. It's > passwords all the way down. Fair enough, the user needs a password for the password manager. But it is no extra effort to have the password manager remember a complex password for the key. > Certainly; if your system is compromised by malware it > could substitute the message, store session keys, or > keylog your PIN for that matter. If your system is > compromised, all bets are off. Pretty much any system *could* be compromised. Should we say all bets are off because there is a possibility the system might be compromised? > The difference is that > with your keys on a smart card, at least such a breach > won't compromise your secret key material. Good point. We are told that smartcard design precludes copying the key material without physically destroying the card and applying some pretty heavy-duty forensics. But do we *know* this to be true, or is it just collective wishful thinking? > Without smart cards, if I want to use GnuPG on my > laptop, my iPhone and my Nexus 7, I have to put my > secret key on each of those devices and enter my > passphrase into each of those devices. This > dramatically increases the surface area available for > an attack on my secret keys. The secret key material is safe if it is protected by a suitably-strong passphrase. Passphrase-compromise is the issue on any networked device (even an air-gapped device that occasionally receives/sends files by sneakernet). > tradeoff: in exchange for better security for my secret > key material, I'm exposing myself to a threat from a > determined, active attacker that's able to get > specialized gear into the same room as me while I'm > using my card. For some minority of people, that may be > a reasonable concern; for most people, it really isn't. Sounds like less of an issue than NFC payments from credit/debit cards with no requirement for a PIN or a signature. PIN-entry being on the Android device you are using presumably means that an attacker who managed to evesdrop your NFC connection would be able to record the signal containing the PIN. Which they may then be able to re-send, hypothetically allowing them to continue signing or decrypting so long as your card was within range of their equipment. How is this type of threat mitigated against in your current specification? > Also, there's nothing preventing us from better > securing the NFC channel in a future card > specification; in particular, NFC's resistance to man > in the middle attacks makes it easy to establish a > shared secret to secure the channel, as proposed in a > 2010 standard. [2] That would be a future solution to my question above. (-: - -- Best regards MFPA Put knot yore trust inn spel chequers -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJVBYPwXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwi6MH/A8gK4haIH6RoVV2zTlA7RAT CnC3n3l53TvCtwXAsBzetaTLQnCWX3LvTioMzkuG39IWkUWhIZgvXVHOqBIFSi9e 3CIfWx3LFohQ0jDnWafqk/zlqqesmF4+I8Fr6B6nU4+CkoP2GkStQaqPEd7Kcsww 55tDGDj0sBiwmjGugSVrD4PPqhztjlACeZnTLaxz5kpgO8QtMpiqdLJFeOniAVUI /sBYlQMkprKsZVO5ssHGIrOQLdyDLjOflp8SDCkVWrFIPzS7956Q3rA0q94d1pom reU6CEx8Ix5KpEAqCLuwFoFrz+7T9mK6rpmAzPxaOmhCNt0D8hXAexv1C7C2+mOI vgQBFgoAZgUCVQWD/F8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45BgdAQByZOf8R/U7W3ub6p0jJdEkmJLq sdSU5g0YCOM52N2uxQEAjwUbEOHl6SPq61jH5Ffrx749BMEiybJzrj5XDPmDcQQ= =PLgc -----END PGP SIGNATURE----- From stebe at mailbox.org Sun Mar 15 16:32:54 2015 From: stebe at mailbox.org (Stephan Beck) Date: Sun, 15 Mar 2015 16:32:54 +0100 Subject: Enigmail speed geeking In-Reply-To: <5505823E.5070704@sixdemonbag.org> References: <550076F0.70507@sixdemonbag.org> <5500C21C.1000607@mailbox.org> <5501B5F3.5030503@sixdemonbag.org> <5501E665.1000801@dougbarton.email> <5502BB36.20106@digitalbrains.com> <5502EF6E.3040302@sixdemonbag.org>