GPG2 encryption options
Peter Humphreys
eagleeyes426 at yahoo.com
Thu Oct 3 18:28:32 CEST 2013
Hi Guys,
Thanks for the response. I had been doing a lot more reading since posting this query and came across gpg-agent. I think that's a nice option. I've been having fun since then building the latest libgcrypt and gnupg 2.0.21 stable build, because while Ubuntu includes the 2.0.21 package, it's broken against the new version of libgcrypt (Ubuntu's libgcrypt is from 2011).
So I now have gpg-agent running and I'll try that out as it can cache my passphrase which will help considerably.
I also like the other option Mr Pentchev provided, and will try that out if I can successfully finish the script I'm writing to randomise it enough for my satisfaction :P
With shuf I can get random bits from those 100,000+ files, taken from random directories and random files each time, the issue is of course for decryption I would have to store that passphrase the script creates somewhere to enable it to be pulled for decryption before re-encrypting it with another random passphrase.
But I could definitely store that in a gpg file that's signed and encrypted against my key, that I decrypt once per session or however long gpg-agent caches my passphrase for.
Is that something that I can configure on the command line for gpg-agent or the options file?
Regards,
Peter
________________________________
From: Peter Lebbing <peter at digitalbrains.com>
To: Peter Pentchev <roam at ringlet.net>
Cc: mightymouse2045 <eagleeyes426 at yahoo.com>; gnupg-users at gnupg.org
Sent: Thursday, 3 October 2013 8:09 PM
Subject: Re: GPG2 encryption options
On 03/10/13 13:35, Peter Pentchev wrote:
> a smartcard that caches the PIN for a limited
> amount of time
Small detail: this feature is not working in the current stable versions. GnuPG
2.1 will support this.
I use the following script to make the card forget its PIN:
----------8<------------------------------------>8----------
#!/bin/sh
gpg-connect-agent 'SCD RESET' /bye
----------8<------------------------------------>8----------
I created this based on a message of Werner Koch to this list. Earlier, I killed
the scdaemon.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131003/81b77808/attachment-0001.html>
More information about the Gnupg-users
mailing list