From gnupg at soondae.co.uk Tue Mar 1 01:09:41 2016 From: gnupg at soondae.co.uk (keith) Date: Tue, 01 Mar 2016 00:09:41 +0000 Subject: Retrieval of passphrase In-Reply-To: <1E8BC9C4-07E4-4B93-A77E-A20F946B3C2F@hillsdalecorp.com> References: <1E8BC9C4-07E4-4B93-A77E-A20F946B3C2F@hillsdalecorp.com> Message-ID: <1456790981.2770.6.camel@keith> No Idea... Linux Mint User and I regularly break it. I would, probably incorrectly, assume that if you still had your old G5 with the Old Version of GPG Installer Suite on it then there will be an Export Keys Function which you would use to Export your Public and Private keys to a USB drive. Then you would plug your USB drive up your new iMac and use the New Version of GPG Installer Suite which is likely to have an Import Keys Function to drag your old Keys onto your New Computer... I assume you have a PostIt note with the passphrase on. Apologies if that was either wrong or a bit tongue in cheek. Best Keith On Mon, 2016-02-29 at 11:03 -0800, Daniel H. Werner wrote: > Hi everyone, > > > I hope someone can give me some advice. > I have been a Mac user for years (and years!) and used PGP most of > that time. I was running v. 9.7.1 when I upgraded my old G5 to a new > iMac. And, of course, that old version of PGP does not run on OS X > 10.11. I downloaded the GPG Installer Suite and read some of the > online Tutorials. And I now have a question: > How do I retrieve my existing key pair so I can continue to use them. > > > Thanks. > > > Daniel > > > > > _______________________________ > > > > Daniel H. Werner, > President > Hillsdale Corporation > 9 Oregon Yacht Club > Portland, OR 97202 USA > www.hillsdalecorp.com > Cell: (503) 709-0950 > > > Confidentiality Notice: The information contained in this e-mail is > confidential and for the intended recipient(s) alone. It may contain > privileged and confidential information and is covered by > Non-Disclosure Agreements. If you are not an intended recipient, you > must not copy, distribute or take any action in reliance on it. If you > have received this e-mail in error, please notify us immediately. > Thank You. > > > > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From joshterrill.dev at gmail.com Tue Mar 1 01:14:15 2016 From: joshterrill.dev at gmail.com (Joshua Terrill) Date: Mon, 29 Feb 2016 16:14:15 -0800 Subject: Question about getting started with PGP and smart cards In-Reply-To: <56D4774B.5040908@andrewg.com> References: <56D1D598.8000902@chezgeek.fr> <56D1D976.3000203@digitalbrains.com> <56D1DF12.2060403@chezgeek.fr> <56D4774B.5040908@andrewg.com> Message-ID: Thanks for the replies, everyone. So what about a solution like Yubikey NEO? I read on their site that you can generate a keypair and put it on the yubikey. But what I'm a little confused about is, once you have the public and private key on the card, how do you use it to encrypt/sign/decrypt things? Excuse my lack of knowledge on this. It all seems pretty cool, and I'm just trying to wrap my head around it. On Mon, Feb 29, 2016 at 8:52 AM, Andrew Gallagher wrote: > On 29/02/16 15:31, Martin Ilchev wrote: > > > > For Windows I installed gpg4win and migrated my linux gpg.conf and keys > > over and it just worked. Also in windows if you want to use putty with a > > smart card you will need a patched putty agent. You can get one from > > here http://smartcard-auth.de/ssh-en.html. It is free to use with > > OpenPGP Smartcards from kernel concepts so a win-win :). > > Unfortunately the developer of that pageant replacement distributes > unsigned binary blobs over plain HTTP. The Windows build of GnuPG 2.1 on > the other hand (linked from the official gnupg site) has a gpg-agent > that can run as a pageant replacement for putty (same idea as ssh-agent > replacement). You don't get all the graphical tools that come with > GPG4Win, but it's a safer (and more future-proof) solution IMO. > > A > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- Josh Terrill // developer 209-676-7334 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Mar 1 08:42:13 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 1 Mar 2016 08:42:13 +0100 Subject: Retrieval of passphrase In-Reply-To: <1E8BC9C4-07E4-4B93-A77E-A20F946B3C2F@hillsdalecorp.com> References: <1E8BC9C4-07E4-4B93-A77E-A20F946B3C2F@hillsdalecorp.com> Message-ID: <56D547D5.8070509@sixdemonbag.org> > How do I retrieve my existing key pair so I can continue to use them. They're stored in two files: pubring.pkr and secring.skr. Look for those files. Then import them into GnuPG. :) From andrewg at andrewg.com Tue Mar 1 12:20:41 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 1 Mar 2016 11:20:41 +0000 Subject: Question about getting started with PGP and smart cards In-Reply-To: References: <56D1D598.8000902@chezgeek.fr> <56D1D976.3000203@digitalbrains.com> <56D1DF12.2060403@chezgeek.fr> <56D4774B.5040908@andrewg.com> Message-ID: <56D57B09.7070606@andrewg.com> On 01/03/16 00:14, Joshua Terrill wrote: > Thanks for the replies, everyone. So what about a solution like Yubikey > NEO? I read on their site that you can generate a keypair and put it on > the yubikey. But what I'm a little confused about is, once you have the > public and private key on the card, how do you use it to > encrypt/sign/decrypt things? Excuse my lack of knowledge on this. It all > seems pretty cool, and I'm just trying to wrap my head around it. Only the private keys go on the card. Public keys are intended to be public. ;-) A yubikey Neo will work in the same way as a PGP smartcard, the main difference being that you can directly connect it to a USB port without a smartcard reader. If you have your private subkeys on a smartcard, you can sign and decrypt in the normal fashion so long as the smartcard is plugged in. You don't need the card for encryption or verification, as these are done (by other people!) using your public key. If you run "gpg2 --card-status" when you plug the card in for the first time, gpg will remember to check the card for those subkeys in the future. You will also need a copy of your public key on the same machine - depending on where you generated your private key this may not be automatic. You can fix this by running "gpg2 --card-edit fetch" with the card plugged in. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From cannon at cannon-ciota.info Wed Mar 2 06:23:53 2016 From: cannon at cannon-ciota.info (CANNON NATHANIEL CIOTA) Date: Wed, 02 Mar 2016 05:23:53 +0000 Subject: Question about getting started with PGP and smart cards In-Reply-To: References: Message-ID: <8f3608f11f17c391929f48ec19791774@cannon-ciota.info> On 2016-02-26 22:08, Joshua Terrill wrote: > Hello, > > I am looking to play around/experiment with gnupg and smart cards. > From what little research I've done, I've read about OpenPGP smart > cards don't reveal private keys, and do all decrypting/signing on the > device itself after entering a PIN. Do I have a correct understanding > of this, and if so, is this the common/most secure way to use these > cards? For simple encrypting, decrypting, and signing what card and > card reader would you recommend? I have a windows environment and an > ubuntu environment that I can play with it on. > > Thanks! > -Josh > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users I am very experienced with PGP and smartcards. For GPG & PGP use I recommend the Gnupg OpenPGP smartcards available at http://shop.kernelconcepts.de/ which supports 4096 keys these are the best smartcards there are for GPG use. For getting started with GPG and smartcards, my recommendation would be to: 1- Use an airgap system with linux, i.e. raspberry pi or spare laptop to generate the keypair offline. Can use a live distro as another option. Just be sure you generate the keys and upload to smartcard offline. If generate GPG keys on a system that saves information i.e. something that is not a live system, make sure you use whole disc encryption. When using GPG use secure GPG configuration: https://github.com/ioerror/duraconf/tree/master/configs/gnupg 2- When using GPG use gpg --gen-key --expert so we have more options. Generate 4096 RSA with certification flag, then create 3 seperate subkeys for each purpose (encrypt, signing, authentication). It is better for crypto security to not use one key for more than one purpose. After we have our primary key with the subkeys, we will want to generate a revocation certifacte. Here is a good guide: https://alexcabal.com/creating-the-perfect-gpg-keypair/ 3- We will want to then upload only the 3 subkeys to the smartcard. Then change the default admin pin and user pin on smartcard. Never enter admin pin on a non-airgapped system. 4- After generating key and uploading to smartcard, create backup of your full keypair and revocation certificate onto a CD or DVD or USB drive encrypted, then store in a safe place. If use encrypted media for backup of keys and revoc cert NEVER forget your passcode. Smartcards are best way to use PGP since your key is always protected, though however if use smartcard is used there is a chance that a keylogger could capture your pin code. If you are worried about an adversary using a keylogger to log your pin then stealing your physical card then you would want to use a smartcard reader that has built in pin pad. -- Cannon N. Ciota Digital Identity (namecoin): id/cannon Website: www.cannon-ciota.info Email: cannon at cannon-ciota.info PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2 -- Cannon N. Ciota Digital Identity (namecoin): id/cannon Website: www.cannon-ciota.info Email: cannon at cannon-ciota.info PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2 From rjh at sixdemonbag.org Wed Mar 2 08:12:15 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 2 Mar 2016 08:12:15 +0100 Subject: Question about getting started with PGP and smart cards In-Reply-To: <8f3608f11f17c391929f48ec19791774@cannon-ciota.info> References: <8f3608f11f17c391929f48ec19791774@cannon-ciota.info> Message-ID: <56D6924F.800@sixdemonbag.org> > best smartcards there are for GPG use. For getting started with GPG and > smartcards, my recommendation would be to: Please, *don't* do this. This is genuinely bad advice for someone who's just getting started. If you're just getting started, then use the defaults. The defaults are good ones; they were chosen for a reason. You don't need to go through this much more complicated key generation scheme. Start using GnuPG and your smartcard with the defaults. If, later on, you decide that your specific needs require more extreme steps, you can always take those steps then. From brian at minton.name Wed Mar 2 19:52:06 2016 From: brian at minton.name (Brian Minton) Date: Wed, 2 Mar 2016 13:52:06 -0500 Subject: Migrating to Gmail. Recommendations? In-Reply-To: <8F0B09FC6339FA439524099BFCABC11F2D4FCB53@IRVEXCHMB11.corp.ad.broadcom.com> References: <8F0B09FC6339FA439524099BFCABC11F2D4FCB53@IRVEXCHMB11.corp.ad.broadcom.com> Message-ID: Thunderbird is pretty common. I've used mailvelope with some success directly in the gmail client. -------------- next part -------------- An HTML attachment was scrubbed... URL: From muri+gnupg-users at immerda.ch Thu Mar 3 09:59:42 2016 From: muri+gnupg-users at immerda.ch (Muri Nicanor) Date: Thu, 3 Mar 2016 09:59:42 +0100 Subject: Edit Context using PyGPGME Message-ID: <56D7FCFE.1010602@immerda.ch> hello list, i'm trying to edit a key using PyGPGME. I've written a short snipplet based on the tests in the PyGPGME package: https://share.riseup.net/#NqlNA3GiycVKuzxOJGEmHA (the test only sends 'quit' but the goal is to send a 'minimize'). I get the error > gpgme.GpgmeError: (32, 1, u'General error') When trying to run the packaged tests of PyGPGME [0], this codeblock seems to work- does anybody see what might be the problem here? thanks and cheers, muri [0] https://github.com/rshk/pygpgme/blob/master/tests/test_editkey.py From oub at mat.ucm.es Thu Mar 3 12:28:54 2016 From: oub at mat.ucm.es (Uwe Brauer) Date: Thu, 03 Mar 2016 11:28:54 +0000 Subject: the .gnupg directory and fuse.encfs a problem Message-ID: <8737s72421.fsf@mat.ucm.es> Hi I am on Kubuntu 10.04/ I have my .gnupg directory in the directory $HOME/init_files And set a symbolic link to the home directory. Everything works fine. In an attack of ?paranoia? I thought this is not save. So I created a directory, using cryptkeeper which is mounted using fuse.encfs Mount gives encfs on /home/oub/ALLES/init_files/cryptstuff type fuse.encfs (rw,nosuid,nodev,default_permissions,user=oub) I then did rsync -auvz /home/oub/ALLES/init_files/.gnupg /home/oub/ALLES/init_files/cryptstuff/.gnupg And changed the symbolic link But then when I did gpgsm --list-keys I obtained gpgsm: lock not made: link() failed: Operation not permitted So what is the problem? Thanks Uwe Brauer From carnap at gmx.at Sat Mar 5 10:34:08 2016 From: carnap at gmx.at (Josef Carnap) Date: Sat, 5 Mar 2016 10:34:08 +0100 Subject: Encryption of multiple files into another directory Message-ID: <56DAA810.1040703@gmx.at> Hello everyone, GnuPG 2.0.29 Linux and Windows by using the command gpg2 --recipient 0x12345678 --encrypt-files /media/usb/folder_1/* I can encrypt with a public key all files in the directory folder_1. How can I encrypt alle the files in this directory to another directory folder_2? This command gpg2 --output /media/usb/folder_2/ --recipient 0x12345678 --encrypt-files /media/usb/folder_1/* does not work unfortunately. -- Any hints? Best regards Josef From wish at dumain.com Sat Mar 5 10:12:17 2016 From: wish at dumain.com (William Hay) Date: Sat, 5 Mar 2016 09:12:17 +0000 Subject: Non-Beeping keypad Message-ID: <20160305091216.GA18609@cerberus.dumain.com> I currently use a PGP card with an SPR532 keypad/cardreader. However this beeps for attention and with each key press when I enter my pin. This can be annoying to those around me and also leaks information about the length of my PIN. I'd like to replace it with a GNUPG 2.0.x compatible reader With a built in keypad that is silent (or can be configured to be so). However keypads aren't generally advertised with noise level indicators so I was hoping someone on this list might have a recommendation. Thanks in Advance William -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From peter at digitalbrains.com Sat Mar 5 12:00:04 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 5 Mar 2016 12:00:04 +0100 Subject: Non-Beeping keypad In-Reply-To: <20160305091216.GA18609@cerberus.dumain.com> References: <20160305091216.GA18609@cerberus.dumain.com> Message-ID: <56DABC34.30000@digitalbrains.com> On 05/03/16 10:12, William Hay wrote: > This can be annoying to those around me I have the same reader, I can understand that that can be pretty annoying. > and also leaks information about the length of my PIN. This is really not an issue. The length adds so utterly little entropy... besides, the entropy content of a PIN is already not really a feature. The true security feature is that the card locks after three wrong tries. The entropy content of a PIN would be hopelessly insufficient to protect against brute force if it weren't for the "three strikes you're out" rule. > However keypads aren't generally advertised with noise level indicators so I was hoping > someone on this list might have a recommendation. I can't directly help you with that, but I can tell you that you can use your current reader without using the keypad, simply by entering the PIN on your PC, by adding this to scdaemon.conf (for instance at ~/.gnupg/scdaemon.conf, depending on OS): disable-pinpad HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Sat Mar 5 12:12:01 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 5 Mar 2016 12:12:01 +0100 Subject: Encryption of multiple files into another directory In-Reply-To: <56DAA810.1040703@gmx.at> References: <56DAA810.1040703@gmx.at> Message-ID: <56DABF01.9070207@digitalbrains.com> On 05/03/16 10:34, Josef Carnap wrote: > How can I encrypt alle the files in this directory to another directory > folder_2? On Linux: for x in /media/usb/folder_1/*; do gpg2 -o "/media/usb/folder_2/$(basename "$x")" -r 0x12345678 -e "$x"; done You can do progressively more complicated stuff as well. The program "find" is your friend, and "$(echo "$x" | sed 's+^/media/usb/folder_1/+/media/usb/folder_2/+')" can be used for more complicated pathname changes in other situations. Note that I used a plus as substitute command delimiter because slash is already in the strings, and that I anchored it at the start of $x by including a hat operator (^). On Windows: I haven't got a clue ;). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From guanx.bac at gmail.com Sat Mar 5 13:40:15 2016 From: guanx.bac at gmail.com (Guan Xin) Date: Sat, 5 Mar 2016 13:40:15 +0100 Subject: Non-Beeping keypad In-Reply-To: <20160305091216.GA18609@cerberus.dumain.com> References: <20160305091216.GA18609@cerberus.dumain.com> Message-ID: On Sat, Mar 5, 2016 at 10:12 AM, William Hay wrote: > ... > I'd like to replace it with a GNUPG 2.0.x compatible reader With a built > in keypad that is silent (or can be > configured to be so). > Cherry SmartTerminal ST-2000U or other readers that don't advertise "Buzzer" in their datasheets. Guan -------------- next part -------------- An HTML attachment was scrubbed... URL: From carnap at gmx.at Sat Mar 5 19:33:06 2016 From: carnap at gmx.at (Josef Carnap) Date: Sat, 5 Mar 2016 19:33:06 +0100 Subject: Encryption of multiple files into another directory In-Reply-To: <56DABF01.9070207@digitalbrains.com> References: <56DAA810.1040703@gmx.at> <56DABF01.9070207@digitalbrains.com> Message-ID: <56DB2662.6000606@gmx.at> Hi Peter, thanks for your suggestion. Am 05.03.2016 um 12:12 schrieb Peter Lebbing: > On 05/03/16 10:34, Josef Carnap wrote: > On Linux: > > for x in /media/usb/folder_1/*; do gpg2 -o "/media/usb/folder_2/$(basename "$x")" -r 0x12345678 -e "$x"; done I've tried this command, but unfortunately it did't work perfectly. In folder_1 there are files: foo1.docx, foo2.docx, foo3.docx etc. After processing there are files in folder_2, but the file have the same file extenstion like the original files: foo1.docx, foo2.docx, foo3.docx etc. It looks as if the files simply were copied to folder_2. But when I try to open the *.docx files with Libre Office for example I can see that doesn't work. So I guess the very problem ist the missing file extension *gpg for the files in folder_2. Do you have any idea to modify the command so that the files in folder_2 are: foo1.docx.gpg, foo2.docx.gpg, foo3.docx.gpg etc. (without renaming the files manually)? Best regards Josef From peter at digitalbrains.com Sat Mar 5 21:12:44 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 5 Mar 2016 21:12:44 +0100 Subject: Encryption of multiple files into another directory In-Reply-To: <56DB2662.6000606@gmx.at> References: <56DAA810.1040703@gmx.at> <56DABF01.9070207@digitalbrains.com> <56DB2662.6000606@gmx.at> Message-ID: <56DB3DBC.7000501@digitalbrains.com> On 05/03/16 19:33, Josef Carnap wrote: > After processing there are files in folder_2, but the file have the same > file extenstion like the original files: foo1.docx, foo2.docx, foo3.docx > etc. Whoops! > So I guess the very problem ist the missing file extension *gpg for the > files in folder_2. Yes! Hehe :) > > Do you have any idea to modify the command so that the files in folder_2 > are: foo1.docx.gpg, foo2.docx.gpg, foo3.docx.gpg etc. (without renaming > the files manually)? for x in /media/usb/folder_1/*; do gpg2 -o "/media/usb/folder_2/$(basename "$x").gpg" -r 0x12345678 -e "$x"; done I simply forgot the extension, and GnuPG does what "I" told it to do. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From viktordick86 at gmail.com Sat Mar 5 21:11:40 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Sat, 5 Mar 2016 21:11:40 +0100 Subject: Encryption of multiple files into another directory In-Reply-To: <56DB2662.6000606@gmx.at> References: <56DAA810.1040703@gmx.at> <56DABF01.9070207@digitalbrains.com> <56DB2662.6000606@gmx.at> Message-ID: <56DB3D7C.5060405@gmail.com> On 05.03.2016 19:33, Josef Carnap wrote: > It looks as if the files simply were copied to folder_2. But when I try > to open the *.docx files with Libre Office for example I can see that > doesn't work. > So I guess the very problem ist the missing file extension *gpg for the > files in folder_2. > > Do you have any idea to modify the command so that the files in folder_2 > are: foo1.docx.gpg, foo2.docx.gpg, foo3.docx.gpg etc. (without renaming > the files manually)? Hi, the filenames are not important for the content of the files. If you run the 'file' command on the files (i.e., "file /media/usb/folder_2/foo1.docx"), it should tell you that these are indeed gpg-encrypted files. You can simply rename the files to add the '.gpg' extension if you want. The original command can be modified as for x in /media/usb/folder_1/*; do gpg2 -o "/media/usb/folder_2/$(basename "$x").gpg" -r 0x12345678 -e "$x"; done if you want to append the extension directly. Best regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From carnap at gmx.at Sun Mar 6 15:28:57 2016 From: carnap at gmx.at (Josef Carnap) Date: Sun, 6 Mar 2016 15:28:57 +0100 Subject: Encryption of multiple files into another directory In-Reply-To: <56DB3DBC.7000501@digitalbrains.com> References: <56DAA810.1040703@gmx.at> <56DABF01.9070207@digitalbrains.com> <56DB2662.6000606@gmx.at> <56DB3DBC.7000501@digitalbrains.com> Message-ID: <56DC3EA9.6030901@gmx.at> Am 05.03.2016 um 21:12 schrieb Peter Lebbing: > > for x in /media/usb/folder_1/*; do gpg2 -o "/media/usb/folder_2/$(basename "$x").gpg" -r 0x12345678 -e "$x"; done > > I simply forgot the extension, and GnuPG does what "I" told it to do. > > Thank you so much Peter and Viktor. The improved command works perfectly. Best regards Josef From marcoagpinto at mail.telepac.pt Tue Mar 8 12:54:55 2016 From: marcoagpinto at mail.telepac.pt (Marco A.G.Pinto) Date: Tue, 8 Mar 2016 11:54:55 +0000 Subject: Remove photos from OpenPGP key in the keyservers Message-ID: <56DEBD8F.7080903@mail.telepac.pt> Hello! I have made the mistake of adding the same photo with different file sizes using Enigmail and export it to the servers. I have already deleted two of the three photos using the CLI, but the key in the server still has three photos and a size of 70 kB. Is there anyone I could contact to export this attached public key which only has one photo? Thanks! Kind regards, >Marco A.G.Pinto ------------------------ -- -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: emails_signature2016msc.png Type: image/png Size: 13987 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xE378EFD3.asc Type: application/pgp-keys Size: 12630 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Mar 8 15:06:08 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 8 Mar 2016 09:06:08 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEBD8F.7080903@mail.telepac.pt> References: <56DEBD8F.7080903@mail.telepac.pt> Message-ID: <56DEDC50.3000506@sixdemonbag.org> > Is there anyone I could contact to export this attached public key which > only has one photo? You'll get the same answer here you got on Enigmail's list. Photographs on certificates are there for the long haul once they're uploaded to the keyservers. There is no practical way to remove them. From dshaw at jabberwocky.com Tue Mar 8 15:19:03 2016 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 8 Mar 2016 09:19:03 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEBD8F.7080903@mail.telepac.pt> References: <56DEBD8F.7080903@mail.telepac.pt> Message-ID: <54AD298E-0ADD-4CA2-9B8A-8B3747AC11C3@jabberwocky.com> On Mar 8, 2016, at 6:54 AM, Marco A.G.Pinto wrote: > > Hello! > > I have made the mistake of adding the same photo with different file sizes using Enigmail and export it to the servers. > > I have already deleted two of the three photos using the CLI, but the key in the server still has three photos and a size of 70 kB. > > Is there anyone I could contact to export this attached public key which only has one photo? Alas, no. Like other key items (user IDs, signatures, subkeys), the keyservers are strictly additive. Once you add something, the servers have no means to remove them. The most you can do is revoke those photos (like you'd revoke a user ID). That does not remove them, but at least marks them as no longer intended. David From brian at minton.name Tue Mar 8 16:00:15 2016 From: brian at minton.name (Brian Minton) Date: Tue, 8 Mar 2016 10:00:15 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEDC50.3000506@sixdemonbag.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEDC50.3000506@sixdemonbag.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 It is not possible. All the key servers share everything uploaded to them. There is no real way to delete it. The best you could do would be to revoke that particular ID. However, that would only increase the size of the key. Fortunately, from a usability standpoint, there's not much difference between a 7K public key and a 70K one. Most of the time, people either download them automatically from the key servers, or copy/paste from a web browser, etc. Since the fingerprint of the main key won't change, you can always use that to unambiguously refer to your public key. regards, Brian Minton -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iF4EAREIAAYFAlbe6NAACgkQa46zoGXPuqkZDQD/Yk6A2iH+6My2g6hh99ddJ4Fe YiSt47GEfqvQZY29pqEA/icq+eHimHThS233K2u7J2HTjJb6yA619KfQhalyRg8q =5nVu -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Mar 8 16:33:06 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 08 Mar 2016 10:33:06 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEBD8F.7080903@mail.telepac.pt> References: <56DEBD8F.7080903@mail.telepac.pt> Message-ID: <877fhdrnm5.fsf@alice.fifthhorseman.net> On Tue 2016-03-08 06:54:55 -0500, Marco A.G.Pinto wrote: > I have made the mistake of adding the same photo with different file > sizes using Enigmail and export it to the servers. > > I have already deleted two of the three photos using the CLI, but the > key in the server still has three photos and a size of 70 kB. > > Is there anyone I could contact to export this attached public key which > only has one photo? Sorry, but no. The keyservers are globally-synced and append-only. you will not be able to remove stuff once it's posted there. The MIT keyserver has a good succinct FAQ about why this is: https://pgp.mit.edu/faq.html regards, --dkg From anthony at cajuntechie.org Tue Mar 8 17:08:00 2016 From: anthony at cajuntechie.org (Anthony Papillion) Date: Tue, 8 Mar 2016 10:08:00 -0600 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEBD8F.7080903@mail.telepac.pt> References: <56DEBD8F.7080903@mail.telepac.pt> Message-ID: <56DEF8E0.1040803@cajuntechie.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/08/2016 05:54 AM, Marco A.G.Pinto wrote: > Hello! > > I have made the mistake of adding the same photo with different > file sizes using Enigmail and export it to the servers. > > I have already deleted two of the three photos using the CLI, but > the key in the server still has three photos and a size of 70 kB. > > Is there anyone I could contact to export this attached public key > which only has one photo? I'm pretty sure that, if you just send your modified key to the keyserver again, it will replace the one that's there. HTH, Anthony -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW3vjgAAoJEAKK33RTsEsVzFUP/iDugmLIYW4kpFsqnBBvpgBp uAxywtakdaM6Dzw0IlDBc/ETrlzSPcCqp9KmogbPRPI66WfGW8zHMg9mSe3LD3R3 ZK3bwPEGIDUumFLvTH6d6YRHFq9KVORQGfGBvksWCeD7/TudR11eQRP/freSJOfj jhIzN10+3b0YAVX+VcrmrGU9vNonK9of67qzpX+WiTCTxQIS1SYfNzJWMCQiy2xX mVn4IW63AdtGSm1V99Y7RIFmFxr4NfOdXumkHtOEOL5F89XC5kmHfyycSNhiQDZ2 ZFdxRuRLGTXWDOjE+GVI/qCz4CJOvuljBumzYi5RN/PF+gbC0XW9hcp3ia70PBpt VvGZj9juid1L4Ci3IP8Lwil2jVpHn1k+GHl+8St2ghIlaVJhdZbVGU/0WkwJS9j4 aY+2uLoYnL00RI9eNZoJeQf/cHUXGPq5QTworx1pMQzQIXRsfgsRlYjsqwIiQFPq JkEvQkguVDfHGTNqEdoeLZXGfAbh6jHdGEVlwVSt9hlJewdakUURrtZXhHAmKUq3 lbAeiMUnTJUV2Cvs0ymaDh1hfonf1zXz4OzWzfdqd9YnIYTh++JMxxenXLYh11EP PaWuECF2xO0Ryxl/s04koHOYlqUAHitIifHouvdxkl6LBB2HSTx9NcNT4TO1QuBJ c393PzoAb3yQreKiwoC8 =Zw23 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Mar 8 17:47:38 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 8 Mar 2016 11:47:38 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEF8E0.1040803@cajuntechie.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> Message-ID: <56DF022A.9080101@sixdemonbag.org> > I'm pretty sure that, if you just send your modified key to the > keyserver again, it will replace the one that's there. This is not correct. From viktordick86 at gmail.com Tue Mar 8 18:00:30 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Tue, 8 Mar 2016 18:00:30 +0100 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <877fhdrnm5.fsf@alice.fifthhorseman.net> References: <56DEBD8F.7080903@mail.telepac.pt> <877fhdrnm5.fsf@alice.fifthhorseman.net> Message-ID: <56DF052E.904@gmail.com> On 08.03.2016 16:33, Daniel Kahn Gillmor wrote: > Sorry, but no. The keyservers are globally-synced and append-only. you > will not be able to remove stuff once it's posted there. I always wondered what would happen if someone uploaded something to the keyservers where he has no permission to do so. Maybe some revealing photograph of someone. It might also be possible to somehow use the keyservers for file sharing, although it might be difficult to do so since they probably have a file size limitation. How do keyservers manage DMCA claims? Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From fa-ml at ariis.it Tue Mar 8 18:16:28 2016 From: fa-ml at ariis.it (Francesco Ariis) Date: Tue, 8 Mar 2016 18:16:28 +0100 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DF052E.904@gmail.com> References: <56DEBD8F.7080903@mail.telepac.pt> <877fhdrnm5.fsf@alice.fifthhorseman.net> <56DF052E.904@gmail.com> Message-ID: <20160308171628.GA14311@casa.casa> On Tue, Mar 08, 2016 at 06:00:30PM +0100, Viktor Dick wrote: > I always wondered what would happen if someone uploaded something to the > keyservers where he has no permission to do so. An interesting presentation on the subjest is "Trolling the Web of Trust" [1] by Micah Lee. [1] https://github.com/micahflee/trollwot/blob/master/trollwot.pdf From andrewg at andrewg.com Tue Mar 8 18:24:10 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 8 Mar 2016 17:24:10 +0000 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEF8E0.1040803@cajuntechie.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> Message-ID: <56DF0ABA.1000308@andrewg.com> On 08/03/16 16:08, Anthony Papillion wrote: > > I'm pretty sure that, if you just send your modified key to the > keyserver again, it will replace the one that's there. You shouldn't think of a PGP key as a single file that is overwritten - it's more like a logbook that is progressively filled. Your primary key is the first entry, and each "fact" that is associated with the primary key (id, certification, subkey, photo) gets appended to the bottom. You can upload a new fact to the keyservers, including a fact that repudiates a previous fact, but it all just gets appended to the log and it's the client's job to sort through it and decide what bits are still relevant. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Mar 8 18:37:12 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 8 Mar 2016 12:37:12 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DF052E.904@gmail.com> References: <56DEBD8F.7080903@mail.telepac.pt> <877fhdrnm5.fsf@alice.fifthhorseman.net> <56DF052E.904@gmail.com> Message-ID: <56DF0DC8.6040102@sixdemonbag.org> > How do keyservers manage DMCA claims? They go down. A few years ago Peter Pramberger, a keyserver operator in Austria, had a request from someone who had uploaded a certificate but was now asserting their right under EU data privacy directives to have their personal information removed. After consulting with legal counsel, Peter realized the only step he could take would be to shut down his keyserver. Otherwise, he'd be hit with large per-day fines for failure to comply with the user's demand. From bjmgeek at gmail.com Tue Mar 8 17:36:20 2016 From: bjmgeek at gmail.com (Brian Minton) Date: Tue, 8 Mar 2016 11:36:20 -0500 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DEF8E0.1040803@cajuntechie.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> Message-ID: <56DEFF84.7070808@gmail.com> On 03/08/2016 11:08 AM, Anthony Papillion wrote: > > I'm pretty sure that, if you just send your modified key to the > keyserver again, it will replace the one that's there. > I tried it, deleting some subkeys locally, and adding others. I submitted it to the keyservers, but now all the keys, old and new, are on the servers. GnuPG (and probably other products) will use the newest subkey for a given purpose (encryption, signing, etc.) if it is usable. For instance, I have a key with some ECC keys and some DSA and El Gamal keys. GnuPG version 1 will automatically use the newest El Gamal key for encrypting to my public key. GnuPG version 2 uses the newest ECC keys for encrypting to my key (because I created them later). After receiving the key from the keyservers (which I did in an isolated environment), now both gpg 1 and gpg2 use the most recent usable key for encryption, which is the El Gamal one. I say all that to say, the keyservers won't replace your existing key, they only merge. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: OpenPGP digital signature URL: From anthony at cajuntechie.org Wed Mar 9 19:47:29 2016 From: anthony at cajuntechie.org (Anthony Papillion) Date: Wed, 9 Mar 2016 12:47:29 -0600 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DF0ABA.1000308@andrewg.com> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> <56DF0ABA.1000308@andrewg.com> Message-ID: <56E06FC1.4080306@cajuntechie.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/08/2016 11:24 AM, Andrew Gallagher wrote: > On 08/03/16 16:08, Anthony Papillion wrote: >> >> I'm pretty sure that, if you just send your modified key to the >> keyserver again, it will replace the one that's there. > > You shouldn't think of a PGP key as a single file that is > overwritten - it's more like a logbook that is progressively > filled. Your primary key is the first entry, and each "fact" that > is associated with the primary key (id, certification, subkey, > photo) gets appended to the bottom. You can upload a new fact to > the keyservers, including a fact that repudiates a previous fact, > but it all just gets appended to the log and it's the client's job > to sort through it and decide what bits are still relevant. Thank you, Andrew, for the clarification. I suppose I've never thought of it that way but, as you explained it, it makes sense. So am I correct in this thinking: if I attach a picture to my key and upload it to a keyserver then remove the picture and upload that 'version' of my key to the server, the key on the server STILL HAS my picture and the clients choose to ignore it at that point? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW4G/BAAoJEAKK33RTsEsVlAIP/3UfE2WiynAb4igUXWdPdGK1 GobpOLlFXVX2P7XhGUioQWKytARAgMZNY+rNaqY/sG0o8Nmc0I0v/Na81mkp2bDV y5ykgsiI3h1MkPbacszQTaB9SJTY36GM8QplUR5HfC70rFFZU64rrc6cYGZpms+c O0oHCiUONKpqu8nPtx2jlBcZVneRj2MCYNr6mLGgGi562Cklws5WHmRckQPYubdI Pk3Qx8hdmVqHtbvNhk8lDifxd7QumHds56JYHwyBGT4TjIj8bkSp+YqyKLjmr10g 1FTZzW3FP7Hyhy7qg/m45PTuOG7jximiGLngV4F/SspzsEzQPzxKQBu2mstku3AA V3Rq7bJgw/JyL72G4T6MBtDuN1y1c1agDO7r1MZM6kQz/ndXXLC/NHSYkiy9trjh NcS/0CKzSq70YgIFe/2AxXGsDYtvCIft5sznSOsreKJh79zdMmF7ILBYlTFTM9jP 26/ipBxEKz1J9e7Tm+ijK+WYA/EKrjhiU3RtWM8sQTlMNZyjwoWTSJiCBz17CwzR fa+pyyvdyYNm6TMfTEBgpa3yQV88RMdRRlqj62+06x+lwCNOB6+iG+M5NQNdOJ4C e2sNzXdgcZIYsc5rBIIrEho+z8KUMVcUKO2xDTiWrsHrzORUspomSxi0XyXN8Oy8 ulV2P9Rz8kpTc9KskI2j =TIee -----END PGP SIGNATURE----- From anthony at cajuntechie.org Wed Mar 9 19:49:26 2016 From: anthony at cajuntechie.org (Anthony Papillion) Date: Wed, 9 Mar 2016 12:49:26 -0600 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56DF022A.9080101@sixdemonbag.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> <56DF022A.9080101@sixdemonbag.org> Message-ID: <56E07036.10101@cajuntechie.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/08/2016 10:47 AM, Robert J. Hansen wrote: >> I'm pretty sure that, if you just send your modified key to the >> keyserver again, it will replace the one that's there. > > This is not correct. Apparently not. Thanks for the correction. I made an incorrect assumption due to not thinking things through properly. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW4HA2AAoJEAKK33RTsEsV130P/2g8GV/Eh3Qn0tEEEnOrf0u4 PaNwhUmN5XM1mmatTBgLL6dWHGpsrl7DO9bOEedRkZDifFbKqjYTKiNLdOQBBEO2 8Qf4pQacgpjclcJYdmMThztSMZWyn06/V6Q406hXbdFaOD/AiNLoVfuOXXdZ3XS/ 1J53XF8RCERfn6/Cg5WeLmwTaTAxe+nJ8oAkEYRq1LUjBcj+g52Zg8rz4aq6orQ8 t/7FW49pdvu1rQlZNpSTp0evXROjoTIWlJjPjWnlEIW2dmewfF8biXNLbSqQ8gyL R3n4byBJwNobJn7VByzjPpUDfPsHk3Gn8InpNy1YJekt1OG/DlpV+/dl253Nq9vA 8U0q5/fn6qmfS6RIS+GDv4aQ1KrZ88xlnZBrQ9U4bKhKwat87jfZQ0mxq2ilUpSf OO2IuKlHre/b9nRBrUgdkoO3XNi1aBR6OnxMqVM5tDZlO+9LbS8eLYfpAXdDLe1h 8Oj6Fy5mURLmMA+my0WnPYEZBqN+7DepjzugDqo6eCROZLMlUEWyBjSMTT95d7u5 n2CX3DHzdn0QMgNSK44kMVUVDAnTSUiTDdXbuW446Q3Q1ouIRSMBXy8PDYpOMMYA pd3Nzw5Vj+32HWN3gOwXiTa2grY+XnE3SuSksCPvIVkTF0n/yjptcst3fwmMlm/Q r0DseVPj0eFUngMtnhZV =JXTO -----END PGP SIGNATURE----- From andrewg at andrewg.com Wed Mar 9 20:30:11 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Wed, 9 Mar 2016 19:30:11 +0000 Subject: Remove photos from OpenPGP key in the keyservers In-Reply-To: <56E06FC1.4080306@cajuntechie.org> References: <56DEBD8F.7080903@mail.telepac.pt> <56DEF8E0.1040803@cajuntechie.org> <56DF0ABA.1000308@andrewg.com> <56E06FC1.4080306@cajuntechie.org> Message-ID: <56E079C3.3060807@andrewg.com> On 09/03/16 18:47, Anthony Papillion wrote: > So am I > correct in this thinking: if I attach a picture to my key and upload > it to a keyserver then remove the picture and upload that 'version' of > my key to the server, the key on the server STILL HAS my picture and > the clients choose to ignore it at that point? Not only do the servers still have your picture, but clients cannot know to ignore it unless you explicitly revoke the picture and upload the revocation. But all this does is mark the picture as invalid. Clients have to download the picture before they find out it has been revoked - so other people will still be able to see it. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Thu Mar 10 15:39:05 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 10 Mar 2016 15:39:05 +0100 Subject: Edit Context using PyGPGME In-Reply-To: <56D7FCFE.1010602@immerda.ch> References: <56D7FCFE.1010602@immerda.ch> Message-ID: <201603101539.07075.bernhard@intevation.de> Hi Muri, On Thursday 03 March 2016 at 09:59:42, Muri Nicanor wrote: > i'm trying to edit a key using PyGPGME. I've written a short snipplet > based on the tests in the PyGPGME package: > https://share.riseup.net/#NqlNA3GiycVKuzxOJGEmHA (the test only sends > 'quit' but the goal is to send a 'minimize'). > I get the error > > > gpgme.GpgmeError: (32, 1, u'General error') > > When trying to run the packaged tests of PyGPGME [0], this codeblock > seems to work- does anybody see what might be the problem here? > [0] https://github.com/rshk/pygpgme/blob/master/tests/test_editkey.py you did see that each test case gets to run the setup and teardown from https://github.com/rshk/pygpgme/blob/master/tests/util.py maybe that is the difference that you haven't done the proper setup for your test. Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Thu Mar 10 15:30:37 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 10 Mar 2016 15:30:37 +0100 Subject: the .gnupg directory and fuse.encfs a problem In-Reply-To: <8737s72421.fsf@mat.ucm.es> References: <8737s72421.fsf@mat.ucm.es> Message-ID: <201603101530.42230.bernhard@intevation.de> On Thursday 03 March 2016 at 12:28:54, Uwe Brauer wrote: > encfs on /home/oub/ALLES/init_files/cryptstuff type fuse.encfs > (rw,nosuid,nodev,default_permissions,user=oub) > gpgsm: lock not made: link() failed: Operation not permitted I am not familiar with encfs, it maybe that it does not support some file operations that gpgsm wants to use. You could try to a) run gpgsm with more debug options to see if you get a better clue, e.g. gpgsm -vvv --debug-all --list-keys (be careful with posting the results, it my contain sensitive information.) b) run an strace on the process to see which operation it tries to perform when failing. Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bedygotr at ruggedinbox.com Mon Mar 14 04:03:05 2016 From: bedygotr at ruggedinbox.com (bedygotr at ruggedinbox.com) Date: Mon, 14 Mar 2016 04:03:05 +0100 Subject: Unattended/batch key signing Message-ID: <73941a0189c5b6f4d4af6bb1007c78c1.squirrel@ruggedinbox.com> Hello, I need to do key signing via script. This command: /usr/bin/gpg --passphrase-fd 0 --yes --batch --homedir /path/to/home/.gnupg -u 8B81FA972BF046A1 --edit-key 6C28103815AE3921 sign Shows me the key being signed and the key being used to sign, and exits with no errors, exit code 0. If I add --no-tty no output is shown and it also exits without errors. So I expected it would work, but the keyring seems unchanged. Is this impossible? If so, why no errors? This is with gpg2, which I'd like to stick with if possible. From fulanoperez at cryptolab.net Mon Mar 14 10:37:59 2016 From: fulanoperez at cryptolab.net (Fulano Diego Perez) Date: Mon, 14 Mar 2016 20:37:59 +1100 Subject: mathematicians-discover-prime-conspiracy Message-ID: <56E68677.9030600@cryptolab.net> https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ From wk at gnupg.org Mon Mar 14 11:55:01 2016 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Mar 2016 11:55:01 +0100 Subject: Unattended/batch key signing In-Reply-To: <73941a0189c5b6f4d4af6bb1007c78c1.squirrel@ruggedinbox.com> (bedygotr@ruggedinbox.com's message of "Mon, 14 Mar 2016 04:03:05 +0100") References: <73941a0189c5b6f4d4af6bb1007c78c1.squirrel@ruggedinbox.com> Message-ID: <87io0ppbwa.fsf@wheatstone.g10code.de> On Mon, 14 Mar 2016 04:03, bedygotr at ruggedinbox.com said: > I need to do key signing via script. This command: A "save" is missing. But you can't do it this way because you miss certain cases where gpg ask you about some special properties. You need to implement a state machine to implement the signing (cf. GPA's code). Better switch to gnupg 2.1: --quick-sign-key fpr [names] --quick-lsign-key fpr [names] Directly sign a key from the passphrase without any further user interaction. The fpr must be the verified primary fingerprint of a key in the local keyring. If no names are given, all useful user ids are signed; with given [names] only useful user ids matching one of theses names are signed. The command --quick-lsign-key marks the signatures as non-exportable. If such a non-exportable signature already exists the --quick-sign-key turns it into a exportable signature. This command uses reasonable defaults and thus does not provide the full flexibility of the "sign" subcommand from --edit-key. Its intended use is to help unattended key signing by utilizing a list of verified fingerprints. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From fsantiago at garbage-juice.com Mon Mar 14 20:27:17 2016 From: fsantiago at garbage-juice.com (Fabian Santiago) Date: Mon, 14 Mar 2016 15:27:17 -0400 Subject: gnupg doesn't create new keys Message-ID: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Hello, i have centos 7.2.x gpg v2.0.22 when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? - Fabian S. From andrewg at andrewg.com Mon Mar 14 20:40:05 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Mon, 14 Mar 2016 19:40:05 +0000 Subject: gnupg doesn't create new keys In-Reply-To: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: You're not running this on a VM by any chance? A > On 14 Mar 2016, at 19:27, Fabian Santiago wrote: > > Hello, > > i have centos 7.2.x > > gpg v2.0.22 > > when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? > > - Fabian S. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From gnupg at soondae.co.uk Mon Mar 14 21:00:24 2016 From: gnupg at soondae.co.uk (keith) Date: Mon, 14 Mar 2016 20:00:24 +0000 Subject: gnupg doesn't create new keys In-Reply-To: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: <1457985624.3003.42.camel@keith> Hi... Trust me. I know nothing. I have an Intel Core-2 Duo running Linux Mint. I assume you got a message that you had to do something in order to collect 'the entropy'. That doing something involves going off and using the computer to do other things rather than looking at the terminal. The message, IIRC, says you have to move the mouse about or use the keyboard but, and someone else might step in... Try watching some movies or perhaps better still go tar some random files on your hard disk and write a snotty letter to someone whilst playing 'Heavy Metal' and other stuff. Again I know nothing but I think the 'entropy thing' is an effort to generate some random prime numbers and you need to create the randomness by picking your nose or scratching your arse in between fiddling with the keyboard and other things to do with the computer. Apologies if that comes across as being facetious. The more random you are as a human and the faster you do more random things as a human the faster the entropy arises. Best Keith On Mon, 2016-03-14 at 15:27 -0400, Fabian Santiago wrote: > Hello, > > i have centos 7.2.x > > gpg v2.0.22 > > when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? > > - Fabian S. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From fsantiago at garbage-juice.com Mon Mar 14 21:02:00 2016 From: fsantiago at garbage-juice.com (Fabian Santiago) Date: Mon, 14 Mar 2016 16:02:00 -0400 Subject: gnupg doesn't create new keys In-Reply-To: References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: Technically yes. It's a hosted vps. Sincerely, Fabian Santiago Sent from my iPhone > On Mar 14, 2016, at 3:40 PM, Andrew Gallagher wrote: > > You're not running this on a VM by any chance? > > A > >> On 14 Mar 2016, at 19:27, Fabian Santiago wrote: >> >> Hello, >> >> i have centos 7.2.x >> >> gpg v2.0.22 >> >> when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? >> >> - Fabian S. >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> From muelli at cryptobitch.de Mon Mar 14 16:51:29 2016 From: muelli at cryptobitch.de (Tobias Mueller) Date: Mon, 14 Mar 2016 16:51:29 +0100 Subject: Unattended/batch key signing In-Reply-To: <87io0ppbwa.fsf@wheatstone.g10code.de> References: <73941a0189c5b6f4d4af6bb1007c78c1.squirrel@ruggedinbox.com> <87io0ppbwa.fsf@wheatstone.g10code.de> Message-ID: <1457970689.3483.15.camel@cryptobitch.de> Hi! On Mo, 2016-03-14 at 11:55 +0100, Werner Koch wrote: > ?? --quick-sign-key fpr [names] > ?? --quick-lsign-key fpr [names] > > ????????????? Directly sign a key from the passphrase without any > ????????????? further user interaction.? That's already quite helpful. Can I make GnuPG not save the signature for a name in the local keyring but export it to, same stdout? The reason is that I don't necessarily want my regular keyring to carry the signature just yet. From what I understand of the currently believed best practices, I would want to send the signature to the email address first to verify that the person does indeed have access to the mailbox. Currently, this seems to require a rather artistic dance of exporting a key, deleting all but one UID from a key, signing, and minimally exporting. For each UID on a key. ?Not even gpgme seems to be of help here. Mainly, because I don't see how to make gpgme work with the default secret keys, but a temporary public keyring. Cheers, ? Tobi From fsantiago at garbage-juice.com Mon Mar 14 16:20:10 2016 From: fsantiago at garbage-juice.com (fsantiago at garbage-juice.com) Date: Mon, 14 Mar 2016 11:20:10 -0400 Subject: gnupg doesn't create new keys Message-ID: Hello, i have centos 7.2.x gpg v2.0.22 when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? - Fabian S. From dougb at dougbarton.email Mon Mar 14 21:25:19 2016 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 14 Mar 2016 13:25:19 -0700 Subject: gnupg doesn't create new keys In-Reply-To: References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: <56E71E2F.7080004@dougbarton.email> On 03/14/2016 01:02 PM, Fabian Santiago wrote: > Technically yes. It's a hosted vps. If you have any thought of using your key(s) for anything security related you need to create them on something you have exclusive control over. Creating them on someone else's virtual server means that they are compromised from the moment you create them. That said, if you are just creating keys for fun, or for some sort of experiment, that's fine, but please don't publish them to the key servers. Doug From dougb at dougbarton.email Mon Mar 14 21:38:49 2016 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 14 Mar 2016 13:38:49 -0700 Subject: DNS record for finding a key from an e-mail address Message-ID: <56E72159.2040107@dougbarton.email> Howdy, The IETF is currently working on a specification for a DNS record (secured by DNSSEC) that will allow users to find a PGP key from an e-mail address. I'm interested in feedback on how y'all think that should work. In one version the receiving user would create a truncated version of their key, using only the UID that is related to that e-mail address. The sending user would retrieve that key, and the mail software would rely on it to encrypt the mail to the receiving user. There is also some discussion in regards to how or whether the software doing the DNS lookup would, or would not, also utilize the sending user's key ring, but let's keep it simple for now. In another version the receiving user would place the full fingerprint of their key in the DNS, and the sending user's software would use that fingerprint to retrieve the key and compare that retrieved key to the user's existing WOT, then inform the user of the results. Of these alternatives, which do you see as most useful, and why? Or, do you imagine a different approach? Doug From andrewg at andrewg.com Mon Mar 14 21:47:04 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Mon, 14 Mar 2016 20:47:04 +0000 Subject: gnupg doesn't create new keys In-Reply-To: References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: VMs are notorious for having poor entropy gathering. You can mitigate this by installing haveged. A > On 14 Mar 2016, at 20:02, Fabian Santiago wrote: > > Technically yes. It's a hosted vps. > > Sincerely, > > Fabian Santiago > > Sent from my iPhone > >> On Mar 14, 2016, at 3:40 PM, Andrew Gallagher wrote: >> >> You're not running this on a VM by any chance? >> >> A >> >>> On 14 Mar 2016, at 19:27, Fabian Santiago wrote: >>> >>> Hello, >>> >>> i have centos 7.2.x >>> >>> gpg v2.0.22 >>> >>> when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? >>> >>> - Fabian S. >>> >>> >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From jkt at kde.org Mon Mar 14 20:39:43 2016 From: jkt at kde.org (=?iso-8859-1?Q?Jan_Kundr=E1t?=) Date: Mon, 14 Mar 2016 20:39:43 +0100 Subject: gnupg doesn't create new keys In-Reply-To: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: <60d2ef01-2a70-415a-bd24-3b231b2c897e@kde.org> On Monday, 14 March 2016 20:27:17 CET, Fabian Santiago wrote: > when i run it with --gen-key, it goes through the motions but > on the final step of collecting entropy, it simply hangs and > does nothing and my new key is not created. Are you sure that it isn't "just" waiting for more bits of entropy/randomness from the kernel? I guess that `strace` should probably verify this. If it's stick reading from /dev/random, it's the lack of randomness that is slowing it down. Cheers, Jan -- Trojit?, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/ From fsantiago at garbage-juice.com Mon Mar 14 22:03:39 2016 From: fsantiago at garbage-juice.com (Fabian Santiago) Date: Mon, 14 Mar 2016 17:03:39 -0400 Subject: gnupg doesn't create new keys In-Reply-To: References: <5B549133-E91E-4898-8D3F-10375E02B806@garbage-juice.com> Message-ID: Haveged solved my issue. Worked instantly after installation. Understood about my vps' comprised state. This is for testing. My server published keys were indeed created under my own full control. Sincerely, Fabian Santiago Sent from my iPhone > On Mar 14, 2016, at 4:47 PM, Andrew Gallagher wrote: > > VMs are notorious for having poor entropy gathering. You can mitigate this by installing haveged. > > A > >> On 14 Mar 2016, at 20:02, Fabian Santiago wrote: >> >> Technically yes. It's a hosted vps. >> >> Sincerely, >> >> Fabian Santiago >> >> Sent from my iPhone >> >>> On Mar 14, 2016, at 3:40 PM, Andrew Gallagher wrote: >>> >>> You're not running this on a VM by any chance? >>> >>> A >>> >>>> On 14 Mar 2016, at 19:27, Fabian Santiago wrote: >>>> >>>> Hello, >>>> >>>> i have centos 7.2.x >>>> >>>> gpg v2.0.22 >>>> >>>> when i run it with --gen-key, it goes through the motions but on the final step of collecting entropy, it simply hangs and does nothing and my new key is not created. what can i check on this issue? >>>> >>>> - Fabian S. >>>> >>>> >>>> _______________________________________________ >>>> Gnupg-users mailing list >>>> Gnupg-users at gnupg.org >>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> From jmire at lsuhsc.edu Mon Mar 14 23:25:49 2016 From: jmire at lsuhsc.edu (Mire, John) Date: Mon, 14 Mar 2016 22:25:49 +0000 Subject: DNS record for finding a key from an e-mail address References: <56E72159.2040107@dougbarton.email> Message-ID: <0B62814C161EBA4BB69C995965D04C7090FAAEDC@SH-ExchMB2.master.lsuhsc.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/14/2016 15:38, Doug Barton wrote: [..snip..] In one version the receiving user would create a truncated version of their key, using only the UID that is related to that e-mail address. The sending user would retrieve that key, and the mail software would rely on it to encrypt the mail to the receiving user. There is also some discussion in regards to how or whether the software doing the DNS lookup would, or would not, also utilize the sending user's key ring, but let's keep it simple for now. In another version the receiving user would place the full fingerprint of their key in the DNS, and the sending user's software would use that fingerprint to retrieve the key and compare that retrieved key to the user's existing WOT, then inform the user of the results. Of these alternatives, which do you see as most useful, and why? Or, do you imagine a different app [..snip..] There are other people that are more qualified to answer this, but having been a sysadmin since mail route maps were the rule and NS was a hosts.txt downloaded from your upstream connection... I think there is a system in place that works pretty well, keys are not 'siloed' in one place but are distributed to every keyserver for the public to see, its the sks openpgp keyservers. At last count, there are 4,215,893 keys that occupy approximately 7.7Gb of space. https://sks-keyservers.net/ /john -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIVAwUBVuc6d+PfSlFQACbmAQhLLw/9FUhsVbQv6hBICJUiNOvW9D7uh4scZwpV RfQKCX0ieLfaMjvP9oaVr5tMX0pdVTJwLaCZIJu0wR09mb0WRDjsajXLZpLUP7sP SozQwxI8TeHrsRNowKqklhmMgqnCc8vWA9XBjNz4anOcBgM2N+lYNJrhCPJPmsTU m+JuVnvxNSHy8/SYSbUb1o3KXneL7SPJbKkB7hcPMAEFjTlA0WW7T97r3CkkUi4V LcMiMOI2l2vBSAmhBukV5AxXU2UNR5UuInOjuw3bT8cO0wGPr7g8aT9qhnpmlJHe 5KPBYxOOgff8riE2xcqgh6+9OzbZWA6Bwt8TRplTChBDienU0QIsGjuJB/QBsbGB HQIgPW1MT3zg28V1pixaz0lKbCw6WkdUDeV0iKzpaAqY1ZOwGiYuZ2SLlqUSJg+9 naUvdP+pvd+1T4ZHq3DIeXZhTcd6rlPozlFOiEZdjNxuA3RTcbo6xfkJgIbW+ZEv OrA5FLiPTDy3ozh1hI7h9xbmTegiGXlKllTpfbPhmv6XxvUa0NAoRVcU/iIzGifZ MW/3EikeSlCTPh00cLNMRiUYIDxQLY0dAZtdLgdfEXxgAjfPkN6B5hEHKXeY8uQd T7cfEEX8pJt5u8pEFVrIqbnKeFHnnmKUKzqPgOukioH0LctVBfvna60PqKZ39iZt MdvfEle5VYE= =zWDY -----END PGP SIGNATURE----- From brian at minton.name Tue Mar 15 01:21:59 2016 From: brian at minton.name (Brian Minton) Date: Tue, 15 Mar 2016 00:21:59 +0000 Subject: DNS record for finding a key from an e-mail address In-Reply-To: <56E72159.2040107@dougbarton.email> References: <56E72159.2040107@dougbarton.email> Message-ID: Sounds like CERT (TYPE37) records? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dougb at dougbarton.email Tue Mar 15 02:19:31 2016 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 14 Mar 2016 18:19:31 -0700 Subject: DNS record for finding a key from an e-mail address In-Reply-To: <0B62814C161EBA4BB69C995965D04C7090FAAEDC@SH-ExchMB2.master.lsuhsc.edu> References: <56E72159.2040107@dougbarton.email> <0B62814C161EBA4BB69C995965D04C7090FAAEDC@SH-ExchMB2.master.lsuhsc.edu> Message-ID: <56E76323.7070405@dougbarton.email> On 03/14/2016 03:25 PM, Mire, John wrote: > On 3/14/2016 15:38, Doug Barton wrote: > > I think there is a system in place that works pretty well, keys are > not 'siloed' in one place but are distributed to every keyserver for > the public to see, its the sks openpgp keyservers. I'm having trouble understanding your response, sorry. Are you saying that the DNS method involving the fingerprint and retrieval from the key server is better, or are you saying that no DNS method is necessary at all? Doug From dougb at dougbarton.email Tue Mar 15 02:22:41 2016 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 14 Mar 2016 18:22:41 -0700 Subject: DNS record for finding a key from an e-mail address In-Reply-To: References: <56E72159.2040107@dougbarton.email> Message-ID: <56E763E1.1020701@dougbarton.email> On 03/14/2016 05:21 PM, Brian Minton wrote: > Sounds like CERT (TYPE37) records? Yes, the first example I gave is similar in nature to those records. For a variety of reasons the various communities involved have shied away from a general purpose record for this purpose, and have gravitated towards unique RRs instead (e.g., the TLSA record). Doug From fsantiago at garbage-juice.com Tue Mar 15 02:40:44 2016 From: fsantiago at garbage-juice.com (Fabian Santiago) Date: Mon, 14 Mar 2016 21:40:44 -0400 Subject: gnupg doesn't create new keys In-Reply-To: <20160315002911.414A6A80086@webmail.sinamail.sina.com.cn> References: <20160315002911.414A6A80086@webmail.sinamail.sina.com.cn> Message-ID: <43FDE244-A1FC-43EC-8044-06B2C44D8683@garbage-juice.com> ?Que? Sincerely, Fabian Santiago Sent from my iPhone > On Mar 14, 2016, at 8:29 PM, "wxwangw at sina.com" wrote: > > ????????? > ----- Original Message ----- > From: fsantiago at garbage-juice.com > To: gnupg-users at gnupg.org > Subject: gnupg doesn't create new keys > Date: 2016-03-15 04:30 > > > Hello, > i have centos 7.2.x > gpg v2.0.22 > when i run it with --gen-key, it goes through the motions but on the > final step of collecting entropy, it simply hangs and does nothing and > my new key is not created. what can i check on this issue? > - Fabian S. > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From fulanoperez at cryptolab.net Tue Mar 15 07:17:54 2016 From: fulanoperez at cryptolab.net (Fulano Diego Perez) Date: Tue, 15 Mar 2016 17:17:54 +1100 Subject: Fwd: mathematicians-discover-prime-conspiracy Message-ID: <56E7A912.60303@cryptolab.net> -------- Forwarded Message -------- Subject: mathematicians-discover-prime-conspiracy Date: Mon, 14 Mar 2016 20:37:59 +1100 From: Fulano Diego Perez To: gnupg-users at gnupg.org https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ From jmire at lsuhsc.edu Tue Mar 15 15:56:36 2016 From: jmire at lsuhsc.edu (Mire, John) Date: Tue, 15 Mar 2016 14:56:36 +0000 Subject: DNS record for finding a key from an e-mail address References: <56E72159.2040107@dougbarton.email> <0B62814C161EBA4BB69C995965D04C7090FAAEDC@SH-ExchMB2.master.lsuhsc.edu> <56E76323.7070405@dougbarton.email> Message-ID: <0B62814C161EBA4BB69C995965D04C7090FAE2B6@SH-ExchMB2.master.lsuhsc.edu> On 3/14/2016 20:18, Doug Barton wrote: > On 03/14/2016 03:25 PM, Mire, John wrote: >> On 3/14/2016 15:38, Doug Barton wrote: >> >> I think there is a system in place that works pretty well, keys are >> not 'siloed' in one place but are distributed to every keyserver for >> the public to see, its the sks openpgp keyservers. > I'm having trouble understanding your response, sorry. Are you saying > that the DNS method involving the fingerprint and retrieval from the key > server is better, or are you saying that no DNS method is necessary at all? > DNS is distributed from a hierarchical model from the top down, in it's nature it's siloed. So, for example john.doe.com, doug.barton.com and john.mire.com, each site has its pgp key info in it's dns server(s), no one else would have that info. If your site was DDS'd, I could'nt automatically get your public key from dns.john.mire.com or dns.john.doe.com and vice versa unless we setup secondary zones, it's not automatic and it has very little redundancy. In the keyserver world, if your keyserver was DDS'd, you could get your info from keyserver.john.mire.com or keyserver.john.doe.com or any other keyserver, if you knew the address. Also, as far as DR(disaster recovery) is concerned, if you didn't bring your keyserver(s) backup, your info would still be available and you could move forward unlike your dns, unless you offloaded it. This view is from my experience from my work, we have about 8500 people, that's a lot of entries already into dns for the machines, we are authoritative for our domain and don't have secondary zones, we have one keyserver but if it goes down, we can just use the keyserver pool. /john From andrewg at andrewg.com Tue Mar 15 17:47:06 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 15 Mar 2016 16:47:06 +0000 Subject: DNS record for finding a key from an e-mail address In-Reply-To: <0B62814C161EBA4BB69C995965D04C7090FAE2B6@SH-ExchMB2.master.lsuhsc.edu> References: <56E72159.2040107@dougbarton.email> <0B62814C161EBA4BB69C995965D04C7090FAAEDC@SH-ExchMB2.master.lsuhsc.edu> <56E76323.7070405@dougbarton.email> <0B62814C161EBA4BB69C995965D04C7090FAE2B6@SH-ExchMB2.master.lsuhsc.edu> Message-ID: <56E83C8A.4020108@andrewg.com> On 15/03/16 14:56, Mire, John wrote: > > DNS is distributed from a hierarchical model from the top down, in it's > nature it's siloed. So, for example john.doe.com, doug.barton.com and > john.mire.com, each site has its pgp key info in it's dns server(s), no > one else would have that info. If your site was DDS'd, I could'nt > automatically get your public key from dns.john.mire.com or > dns.john.doe.com and vice versa unless we setup secondary zones, it's > not automatic and it has very little redundancy. "Secondary zones"? If you mean secondary nameservers, you must enjoy living on the edge if you don't have them set up already. Your hosting provider will often give them to you for free. I have five. DNS is a distributed cache, so it's much more difficult to DDOS your DNS records than it is to DDOS your website. And if you're being DDOSed you have bigger problems. The advantage of putting a key in DNS is that it can make use of the DNSSEC chain of trust. A user may wish to configure their client to regard such keys as valid in the absence of a traditional PGP trust path (yes, there are important caveats with the DNSSEC security model, but it's nowhere near as broken as X509). This contrasts with the keyservers, where the presence of a key implies no validation whatsoever. But. DNS typically has a very high latency (often measured in hours), so one should probably also check the keyservers for revocations before placing any trust in a DNSSEC-validated key. So the keyservers and DNSSEC each provide features that the other does not, and can be regarded as complementary. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From gnupg at oliverklee.de Tue Mar 15 20:48:17 2016 From: gnupg at oliverklee.de (Oliver Klee) Date: Tue, 15 Mar 2016 20:48:17 +0100 Subject: Getting rid of key stub when moving key to new smart card? Message-ID: <56E86701.8020305@oliverklee.de> Hi everybody, I'm using GnuPG 2.0.28 on Kubuntu 15.10. So far, I've been using a YubiKey Neo as a OpenPGP smart card. I've dutifully done all the steps including creating my key off-card, backing it up externally and then moving it to the YubiKey using keytocard. I've decided to move to a new YubiKey. I've deleted my secret key (i.e. more or less the stub) using --delete-secret-keys and re-imported the backup. Now when I try to do a keytocard to the new YubiKey, I get an error message that the key already is on a card. If I do a --list-secret-keys, I indeed see the reference to the card for my key. My (hopefully) educated guess is that the stub still is there even after I have deleted the secret key from my key chain. My questions: - How can I verify that the stub really is gone after deleting the secret key? - How can I really remove the stub? - Or how can I transfer my secret key to a new YubiKey? Thanks, Oliver From Kevin.Grondin at telus.com Tue Mar 15 15:36:20 2016 From: Kevin.Grondin at telus.com (Kevin Grondin) Date: Tue, 15 Mar 2016 10:36:20 -0400 Subject: public key used by many users on a single system Message-ID: Hi, I'm currently working on setting up gpg for it to encrypt documents my software is producing. Basically, I only require the signed public key from a client in order to encrypt my data. My problem lies in the fact that multiple users log on to the computer (windows server 2003/2008/2012). Let's say I have users a and b. Both user will send to the same 'c' user for which I have the public key. What is the best way for both users to have access to the key ? Should I log on to each user and use gpg -import ? Or is there a better way ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Mar 15 22:14:17 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Mar 2016 17:14:17 -0400 Subject: public key used by many users on a single system In-Reply-To: References: Message-ID: <56E87B29.8010500@sixdemonbag.org> > Should I log on to each user and use gpg ?import ? This is probably the easiest way, yes. From dashohoxha at gmail.com Tue Mar 15 22:06:53 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 15 Mar 2016 22:06:53 +0100 Subject: How to silence gpg-agent? Message-ID: Hi, I am writting some wrapper shell scripts around gpg, trying to make it a bit more user-friendly for beginners: https://github.com/dashohoxha/egpg I have a problem that time after time I get output like this, which is somewhat unrelated to the operation performed and a bit confusing: ---------- gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u gpg: next trustdb check due at 2017-01-05 ---------- I believe that it comes from gpg-agent. I have tried to silence it, using the option '--quiet', but it seems not to work. Any idea what else I can try? Thanks, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From holtzm at cox.net Tue Mar 15 20:32:55 2016 From: holtzm at cox.net (Bob Holtzman) Date: Tue, 15 Mar 2016 12:32:55 -0700 Subject: gnupg doesn't create new keys In-Reply-To: References: <20160315002911.414A6A80086@webmail.sinamail.sina.com.cn> Message-ID: <20160315193255.GA1541@cox.net> On Mon, Mar 14, 2016 at 09:40:44PM -0400, Fabian Santiago wrote: > ?Que? What are you questioning? Don't top post. -- Bob Holtzman A man is a man who will fight with a sword or conquer Mt. Everest in snow. But the bravest of all owns a '34 Ford and tries for six thousand in low. From arthur at ulfeldt.com Tue Mar 15 23:19:13 2016 From: arthur at ulfeldt.com (Arthur Ulfeldt) Date: Tue, 15 Mar 2016 15:19:13 -0700 Subject: How to make "gpg --card-status" forget an old card Message-ID: I got a new Yubikee Neo and loaded my encryption key to it and generated new signing and authentication keys. everytime I try to decrypt a file using the new key, it asks me to insert the old key. (which i don't have here). When I run gpg --card-status I see that it still associates the key with the old key: ~ ? gpg --card-status arthur at a:13:32:50 Reader ...........: 1050:0111:X:0 Application ID ...: D2760001240102000006036346220000 Version ..........: 2.0 Manufacturer .....: Yubico Serial number ....: 03634622 Name of cardholder: Arthur Ulfeldt Language prefs ...: [not set] Sex ..............: unspecified URL of public key : https://arthur.ulfeldt.com/static/B50A93EA.asc Login data .......: [not set] Signature PIN ....: forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 17 Signature key ....: 45CA 8D38 F583 E3B3 DAB4 A72C 7119 B2CA 9829 2DD1 created ....: 2015-09-10 23:03:19 Encryption key....: 342C F561 976F 6DC0 5DD1 CC34 CFED 512B 6EE4 E07A created ....: 2015-08-13 08:24:46 Authentication key: C92B 7FEE FDC4 C27A 4F80 E1E5 1CA6 9467 7CCF 8B90 created ....: 2015-08-18 07:35:01 General key info..: sub rsa2048/98292DD1 2015-09-10 Arthur Ulfeldt sec# rsa3072/B50A93EA created: 2015-08-13 expires: 2018-08-12 ssb> rsa2048/6EE4E07A created: 2015-08-13 expires: 2018-08-12 card-no: 0000 00000001 ssb> rsa2048/BC4C4B6C created: 2015-08-13 expires: 2018-08-12 card-no: 0000 00000001 ssb> rsa2048/67E40B89 created: 2015-08-13 expires: 2018-08-12 card-no: 0000 00000001 ssb# rsa2048/91FF2F99 created: 2015-08-16 expires: 2018-08-15 ssb# rsa2048/3157DA5D created: 2015-08-16 expires: 2018-08-15 ssb> rsa2048/EADB1671 created: 2015-08-18 expires: 2018-08-17 card-no: 0006 03634622 ssb> rsa2048/7CCF8B90 created: 2015-08-18 expires: 2018-08-17 card-no: 0006 03634622 ssb> rsa2048/98292DD1 created: 2015-09-10 expires: 2018-09-09 card-no: 0006 03634622 I'd like to know how to make gpg forget about the old cards keys From arthur at ulfeldt.com Wed Mar 16 00:22:25 2016 From: arthur at ulfeldt.com (Arthur Ulfeldt) Date: Tue, 15 Mar 2016 16:22:25 -0700 Subject: Getting rid of key stub when moving key to new smart card? In-Reply-To: <56E86701.8020305@oliverklee.de> References: <56E86701.8020305@oliverklee.de> Message-ID: I am having the same problem. The only way to make it see the key on the new card that I have come across is to completely remove the entire .gnupg directory and not restore any of it, then import the public key and only then run gpg --card-status. If I don't completely wipe everything out (including all other keys and signatures) then the stub (if thats the right term for this) seems to survive. On Tue, Mar 15, 2016 at 12:48 PM, Oliver Klee wrote: > Hi everybody, > > I'm using GnuPG 2.0.28 on Kubuntu 15.10. > > So far, I've been using a YubiKey Neo as a OpenPGP smart card. I've > dutifully done all the steps including creating my key off-card, backing > it up externally and then moving it to the YubiKey using keytocard. > > I've decided to move to a new YubiKey. I've deleted my secret key (i.e. > more or less the stub) using --delete-secret-keys and re-imported the > backup. > > Now when I try to do a keytocard to the new YubiKey, I get an error > message that the key already is on a card. If I do a --list-secret-keys, > I indeed see the reference to the card for my key. > > My (hopefully) educated guess is that the stub still is there even after > I have deleted the secret key from my key chain. > > My questions: > > - How can I verify that the stub really is gone after deleting the > secret key? > - How can I really remove the stub? > - Or how can I transfer my secret key to a new YubiKey? > > Thanks, > > > Oliver > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From gniibe at fsij.org Wed Mar 16 03:14:37 2016 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 16 Mar 2016 11:14:37 +0900 Subject: How to make "gpg --card-status" forget an old card In-Reply-To: References: Message-ID: <56E8C18D.8090709@fsij.org> On 03/16/2016 07:19 AM, Arthur Ulfeldt wrote: > I got a new Yubikee Neo and loaded my encryption key to it and > generated new signing and authentication keys. everytime I try to > decrypt a file using the new key, it asks me to insert the old key. > (which i don't have here). > > When I run gpg --card-status I see that it still associates the key > with the old key: > > > ~ ? gpg --card-status > > arthur at a:13:32:50 > > Reader ...........: 1050:0111:X:0 You are talking about GnuPG 2.1.x, right? IIUC, for now, there is no way to remove secret key stub by GnuPG. We can identify the keygrip by: gpg-connect-agent 'KEYINFO --list' /bye I can see something like: S KEYINFO 79709FD2793C6A95E0CEF2D6B347CD68FC35B671 T D276000124010200FFFE872549450000 OPENPGP.1 - - - - - Then I can remove the file ~/.gnupg/private-keys-v1.d/79709FD2793C6A95E0CEF2D6B347CD68FC35B671.key. No, I don't claim this is the way to remove secret key (stub) for smartcard. I am only explaining current situation. I'll consider for improvement. At least, I think that gpg-connect-agent "DELETE_KEY 79709FD2793C6A95E0CEF2D6B347CD68FC35B671" /bye should be supported. -- From gniibe at fsij.org Wed Mar 16 03:40:08 2016 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 16 Mar 2016 11:40:08 +0900 Subject: Getting rid of key stub when moving key to new smart card? In-Reply-To: <56E86701.8020305@oliverklee.de> References: <56E86701.8020305@oliverklee.de> Message-ID: <56E8C788.40001@fsij.org> On 03/16/2016 04:48 AM, Oliver Klee wrote: > So far, I've been using a YubiKey Neo as a OpenPGP smart card. I've > dutifully done all the steps including creating my key off-card, backing > it up externally and then moving it to the YubiKey using keytocard. > > I've decided to move to a new YubiKey. I've deleted my secret key (i.e. > more or less the stub) using --delete-secret-keys and re-imported the > backup. Possible situations would be: (1) Secret key stub was created automatically by --card-status with old card after --delete-secret-keys before keytocard. (2) The imported secret key (backup) was actually a stub. For (2), you can check by gpg --list-packets. If it's real secret key, you can see something like following. :secret key packet: version 4, algo 1, created 1457319074, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 3D495A960ABAAD41 protect count: 3276800 (185) protect IV: a1 89 e1 ba a8 9d 92 5e 32 0e 39 8a 27 2d 5e cd skey[2]: [v4 protected] keyid: A8E60C81E56B3D5C "skey[2] [v4 protected]" means that it is real secret key. On the other hand, if it's a stub, it's something like: :secret key packet: version 4, algo 1, created 1287125193, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 f5 17 00 00 00 01 00 00 keyid: 00B45EBD4CA7BABE "gnu-divert-to-card S2K" means it's a stub. > - How can I verify that the stub really is gone after deleting the > secret key? You can check by "gpg --edit-key YOURKEYID". When secret key is there, it says "Secret key is available." and show you the secret key information. > - How can I really remove the stub? For 2.1.x, we have a problem; you need to remove the file manually. For 2.0, --delete-secret-keys should remove the stub. > - Or how can I transfer my secret key to a new YubiKey? After removal of the stub and having real secret key, it should be able to be done. If you will have encounter any problem, please let me know. -- From gniibe at fsij.org Wed Mar 16 04:58:35 2016 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 16 Mar 2016 12:58:35 +0900 Subject: How to silence gpg-agent? In-Reply-To: References: Message-ID: <56E8D9EB.3020109@fsij.org> On 03/16/2016 06:06 AM, Dashamir Hoxha wrote: > I have a problem that time after time I get output like this, which is > somewhat unrelated to the operation performed and a bit confusing: > > ---------- > gpg: checking the trustdb > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u > gpg: next trustdb check due at 2017-01-05 > ---------- > > I believe that it comes from gpg-agent. I have tried to silence it, using > the option '--quiet', but it seems not to work. Any idea what else I can > try? It is not gpg-agent which outputs this message, but gpg frontend itself, as it says "gpg:". GnuPG checks trustdb periodically. You can stop it by --no-auto-check-trustdb option. -- From dashohoxha at gmail.com Wed Mar 16 07:30:14 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 16 Mar 2016 07:30:14 +0100 Subject: How to silence gpg-agent? In-Reply-To: <56E8D9EB.3020109@fsij.org> References: <56E8D9EB.3020109@fsij.org> Message-ID: On Wed, Mar 16, 2016 at 4:58 AM, NIIBE Yutaka wrote: > On 03/16/2016 06:06 AM, Dashamir Hoxha wrote: > > I have a problem that time after time I get output like this, which is > > somewhat unrelated to the operation performed and a bit confusing: > > > > ---------- > > gpg: checking the trustdb > > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > > gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u > > gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u > > gpg: next trustdb check due at 2017-01-05 > > ---------- > > > > I believe that it comes from gpg-agent. I have tried to silence it, using > > the option '--quiet', but it seems not to work. Any idea what else I can > > try? > > It is not gpg-agent which outputs this message, but gpg frontend > itself, as it says "gpg:". GnuPG checks trustdb periodically. > > You can stop it by --no-auto-check-trustdb option. > Maybe you are right, I will try this option. The problem is that this happens time after time, so I cannot be sure immediately that it solved the problem. I have to wait and see what happens. Thanks, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Wed Mar 16 08:11:32 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 16 Mar 2016 08:11:32 +0100 Subject: How to silence gpg-agent? In-Reply-To: References: <56E8D9EB.3020109@fsij.org> Message-ID: On Wed, Mar 16, 2016 at 7:30 AM, Dashamir Hoxha wrote: > On Wed, Mar 16, 2016 at 4:58 AM, NIIBE Yutaka wrote: > >> On 03/16/2016 06:06 AM, Dashamir Hoxha wrote: >> > I have a problem that time after time I get output like this, which is >> > somewhat unrelated to the operation performed and a bit confusing: >> > >> > ---------- >> > gpg: checking the trustdb >> > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model >> > gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u >> > gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u >> > gpg: next trustdb check due at 2017-01-05 >> > ---------- >> > >> > I believe that it comes from gpg-agent. I have tried to silence it, >> using >> > the option '--quiet', but it seems not to work. Any idea what else I can >> > try? >> >> It is not gpg-agent which outputs this message, but gpg frontend >> itself, as it says "gpg:". GnuPG checks trustdb periodically. >> >> You can stop it by --no-auto-check-trustdb option. >> > Actually, there is no problem if GnuPG checks trustdb periodically, I just don't want it to spill the output on stdin. Maybe it can do it silently, or maybe it can record the output on a log file. What options can I use for this? > > Maybe you are right, I will try this option. > The problem is that this happens time after time, so I cannot be sure > immediately that it solved the problem. I have to wait and see what > happens. > > Thanks, > Dashamir > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jochen at intevation.de Wed Mar 16 09:19:02 2016 From: jochen at intevation.de (Jochen Saalfeld) Date: Wed, 16 Mar 2016 09:19:02 +0100 Subject: How to silence gpg-agent? In-Reply-To: References: Message-ID: <201603160919.05919.jochen@intevation.de> Hi Dahsamir, I digged the code a bit and found, the piece of code. As you already assumed correctly, the trust-db is checked periodically, if the --no-auto-check-trustdb option is not set, and a log output is made, when the option --quiet is not set (./g10/trustdb.c:970), but the validate function is always called. So setting --quiet will just silence the otuput "gpg: checking the trustdb". If you dig a bit deeper in the validate function (./g10/trustdb.c:2057), you'll see that the logging output about the validation is always done and it doesn't care about any flag. You can redirect the log output to a file with the --logger-fd option. You still have the output from the trustdb check, but maybe its easier to parse it from a file, then from the stdin. Kind regards Jochen Am Mittwoch 16 M?rz 2016 08:11:32 schrieb Dashamir Hoxha: > On Wed, Mar 16, 2016 at 7:30 AM, Dashamir Hoxha > > wrote: > > On Wed, Mar 16, 2016 at 4:58 AM, NIIBE Yutaka wrote: > >> On 03/16/2016 06:06 AM, Dashamir Hoxha wrote: > >> > I have a problem that time after time I get output like this, which is > >> > somewhat unrelated to the operation performed and a bit confusing: > >> > > >> > ---------- > >> > gpg: checking the trustdb > >> > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > >> > gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u > >> > gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u > >> > gpg: next trustdb check due at 2017-01-05 > >> > ---------- > >> > > >> > I believe that it comes from gpg-agent. I have tried to silence it, > >> > >> using > >> > >> > the option '--quiet', but it seems not to work. Any idea what else I > >> > can try? > >> > >> It is not gpg-agent which outputs this message, but gpg frontend > >> itself, as it says "gpg:". GnuPG checks trustdb periodically. > >> > >> You can stop it by --no-auto-check-trustdb option. > > Actually, there is no problem if GnuPG checks trustdb periodically, I just > don't want it to spill the output on stdin. Maybe it can do it silently, or > maybe it can record the output on a log file. What options can I use for > this? > > > Maybe you are right, I will try this option. > > The problem is that this happens time after time, so I cannot be sure > > immediately that it solved the problem. I have to wait and see what > > happens. > > > > Thanks, > > Dashamir -- jochen at intevation.de | intevation.de/ | 0541335083214 | PGPkey: 0x64B67DF4 Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998 Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: This is a digitally signed message part. URL: From free10pro at gmail.com Wed Mar 16 09:49:46 2016 From: free10pro at gmail.com (Paul R. Ramer) Date: Wed, 16 Mar 2016 01:49:46 -0700 Subject: How to silence gpg-agent? In-Reply-To: References: <56E8D9EB.3020109@fsij.org> Message-ID: <56E91E2A.2070002@gmail.com> On 03/16/2016 12:11 AM, Dashamir Hoxha wrote: > On Wed, Mar 16, 2016 at 7:30 AM, Dashamir Hoxha > wrote: >>> You can stop it by --no-auto-check-trustdb option. >>> >> > Actually, there is no problem if GnuPG checks trustdb periodically, I just > don't want it to spill the output on stdin. Maybe it can do it silently, or > maybe it can record the output on a log file. What options can I use for > this? Have you tried adding the -q (AKA --quiet) option to gpg? -Paul From dashohoxha at gmail.com Wed Mar 16 10:59:01 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 16 Mar 2016 10:59:01 +0100 Subject: How to silence gpg-agent? In-Reply-To: <201603160919.05919.jochen@intevation.de> References: <201603160919.05919.jochen@intevation.de> Message-ID: On Wed, Mar 16, 2016 at 9:19 AM, Jochen Saalfeld wrote: > > Hi Dahsamir, > > I digged the code a bit and found, the piece of code. As you already > assumed > correctly, the trust-db is checked periodically, if > the --no-auto-check-trustdb option is not set, and a log output is made, > when > the option --quiet is not set (./g10/trustdb.c:970), but the validate > function is always called. So setting --quiet will just silence the > otuput "gpg: checking the trustdb". If you dig a bit deeper in the validate > function (./g10/trustdb.c:2057), you'll see that the logging output about > the > validation is always done and it doesn't care about any flag. > > You can redirect the log output to a file with the --logger-fd option. You > still have the output from the trustdb check, but maybe its easier to parse > it from a file, then from the stdin. > Yes, either redirecting stderr (2>/dev/null) or using --logger-fd, does suppress the output. Thanks Jochen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cannon at cannon-ciota.info Thu Mar 17 07:32:21 2016 From: cannon at cannon-ciota.info (CANNON NATHANIEL CIOTA) Date: Thu, 17 Mar 2016 01:32:21 -0500 Subject: Using gpg for ssh access Message-ID: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Trying to figure out how to use GPG for accessing servers via ssh. I have a key with an authentication sub-key, and used gpgkey2ssh to convert that subkey to an ssh key then saved the output in .ssh/authorized_keys file. Still unable to connect. I suspect I am missing a step or doing something wrong. I am unable to find any up to date or working guide on how to accomplish this. Can someone inform the correct procedure for using gpg to access ssh? (Please do not mention 'monkeysphere', that is not an option). Thanks Cannon -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW6k1AAAoJEAYDai9lH2mwi28P/0sGgHA8JWFOfacun8eI/5Nu wE0dIfFkauW1fkjC4dmYMkHO48Vl4hKekybw2+U2WEjS18+jZx9TMAsTodNKR65L ckCehPdzHB+yC+m3peLlKEIKSSpjgACTAN2PLuSdp6VQihTs9JbRUSuzlV+tE7Sf JSg2iye9XNE1jfEHTFl06dh7Kwclyhbd64iG0n5yQKsqRbIq51z3MFMNizJPAQWW LMdBkoCZLKtXzEoQZrOU+FXtf66MmYEekQivs8VO+IOI+MGeRPEKX4NxhBt2/Hq5 6HTMBz8YDK9IIhvrR13hPBp5mc6ArvRxemTpmqTOZbADRlyPXajqhnHM3tc3nTC6 BxqJc17bFLjU/fl507FNypQCTF1+0P2Hkl7nGueCqN24QqCMAjPTfSuWqqKizuZA DfInKvj2AE5Le9ymgg22zhffcPk4tECscXkVtjBhTmVYHcUR1rM44MbC2qHoxpv8 rdRLSQy0EJyQ85RIWNSmZp1DCYqoq5gZVhIgFg8fqeN0Wolvmm4bet/EU3NAmm+q zx+A1fqHCyWbTMlETextOEZEa5/2pPUIF/C5qWiJgH//LZH38k8Q1OID5xM2aBRZ OMacZG+ri2JcQKx7U++lBC/X+ImLZhWXa7IxHFf+JtVzVBX/SILQtRDEY3DJFYcR UKZd97b+X+/mcnCeVpOK =4LAy -----END PGP SIGNATURE----- -- Cannon N. Ciota Digital Identity (namecoin): id/cannon Website: www.cannon-ciota.info Email: cannon at cannon-ciota.info PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2 From arthur at ulfeldt.com Thu Mar 17 08:47:37 2016 From: arthur at ulfeldt.com (Arthur Ulfeldt) Date: Thu, 17 Mar 2016 00:47:37 -0700 Subject: Using gpg for ssh access In-Reply-To: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> References: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> Message-ID: When setting this up I missed the step of explicitly enabling ssh agent mode in gpg agent so it would listen for connections from ssh (and pretend to be the ssh agent) then I had to set the environment variable for the ssh socket to the gpg agent socket. After a short while this grew tedious and I installed envoy (arch Linux) to manage the gpg agent though there are many other equally good ways of doing this. Not having the agent working was really frustrating to figure out why it would not use the key, so perhaps this could be something worth checking, if only to double check that you are connecting to the correct agent. Den 16. mar. 2016 11.34 PM skrev "CANNON NATHANIEL CIOTA" < cannon at cannon-ciota.info>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Trying to figure out how to use GPG for accessing servers via ssh. I have > a key with an authentication sub-key, and used gpgkey2ssh to convert that > subkey to an ssh key then saved the output in .ssh/authorized_keys file. > Still unable to connect. I suspect I am missing a step or doing something > wrong. I am unable to find any up to date or working guide on how to > accomplish this. Can someone inform the correct procedure for using gpg to > access ssh? (Please do not mention 'monkeysphere', that is not an option). > Thanks > Cannon > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJW6k1AAAoJEAYDai9lH2mwi28P/0sGgHA8JWFOfacun8eI/5Nu > wE0dIfFkauW1fkjC4dmYMkHO48Vl4hKekybw2+U2WEjS18+jZx9TMAsTodNKR65L > ckCehPdzHB+yC+m3peLlKEIKSSpjgACTAN2PLuSdp6VQihTs9JbRUSuzlV+tE7Sf > JSg2iye9XNE1jfEHTFl06dh7Kwclyhbd64iG0n5yQKsqRbIq51z3MFMNizJPAQWW > LMdBkoCZLKtXzEoQZrOU+FXtf66MmYEekQivs8VO+IOI+MGeRPEKX4NxhBt2/Hq5 > 6HTMBz8YDK9IIhvrR13hPBp5mc6ArvRxemTpmqTOZbADRlyPXajqhnHM3tc3nTC6 > BxqJc17bFLjU/fl507FNypQCTF1+0P2Hkl7nGueCqN24QqCMAjPTfSuWqqKizuZA > DfInKvj2AE5Le9ymgg22zhffcPk4tECscXkVtjBhTmVYHcUR1rM44MbC2qHoxpv8 > rdRLSQy0EJyQ85RIWNSmZp1DCYqoq5gZVhIgFg8fqeN0Wolvmm4bet/EU3NAmm+q > zx+A1fqHCyWbTMlETextOEZEa5/2pPUIF/C5qWiJgH//LZH38k8Q1OID5xM2aBRZ > OMacZG+ri2JcQKx7U++lBC/X+ImLZhWXa7IxHFf+JtVzVBX/SILQtRDEY3DJFYcR > UKZd97b+X+/mcnCeVpOK > =4LAy > -----END PGP SIGNATURE----- > > > > -- > Cannon N. Ciota > Digital Identity (namecoin): id/cannon > Website: www.cannon-ciota.info > Email: cannon at cannon-ciota.info > PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dgouttegattat at incenp.org Thu Mar 17 10:40:27 2016 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Thu, 17 Mar 2016 10:40:27 +0100 Subject: Using gpg for ssh access In-Reply-To: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> References: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> Message-ID: <56EA7B8B.70503@incenp.org> On 03/17/2016 07:32 AM, CANNON NATHANIEL CIOTA wrote: > Can someone inform the correct procedure for using gpg to access > ssh? If I may, I wrote two blog posts on this subject: * http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html (for GnuPG 2.0) * http://www.incenp.org/notes/2015/gnupg-for-ssh-authentication.html (for GnuPG 2.1) I hope you?ll find them useful. If not, do not hesitate to ask for clarifications. From what you said, the step you probably missed is to use gpg-agent as a drop-in replacement for ssh-agent. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Thu Mar 17 18:09:20 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 17 Mar 2016 18:09:20 +0100 Subject: Unattended/batch key signing In-Reply-To: <1457970689.3483.15.camel@cryptobitch.de> References: <73941a0189c5b6f4d4af6bb1007c78c1.squirrel@ruggedinbox.com> <87io0ppbwa.fsf@wheatstone.g10code.de> <1457970689.3483.15.camel@cryptobitch.de> Message-ID: <56EAE4C0.3060909@digitalbrains.com> On 14/03/16 16:51, Tobias Mueller wrote: > The reason is that I don't necessarily want my regular keyring to carry > the signature just yet. From what I understand of the currently > believed best practices, I would want to send the signature to the > email address first to verify that the person does indeed have access > to the mailbox. > > Currently, this seems to require a rather artistic dance of [...] For this, you can use external tools, like caff, which is available in the signing-party package on Debian, and is also available for other distributions. It will do all the work in its own homedir, so you can keep your certifications separate. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From youcanlinux at gmail.com Thu Mar 17 19:01:59 2016 From: youcanlinux at gmail.com (Daniel Villarreal) Date: Thu, 17 Mar 2016 13:01:59 -0500 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? Message-ID: <56EAF117.6000604@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Any idea when you'll replace the SHA-1 checksums at the following page? https://gnupg.org/download/integrity_check.html List of SHA-1 check-sums For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below. Debian und Ubuntu vertrauen SHA1 nicht mehr http://www.pro-linux.de/news/1/23358/debian-und-ubuntu-vertrauen-sha1-ni cht-mehr.html Dropping SHA-1 support in APT https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/ Clarifications and updates on APT + SHA1 https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-a pt-sha1/ "...note that SHA1 support is not dropped, we merely do not consider it trustworthy." thanks! - -- Daniel Villarreal http://www.youcanlinux.org youcanlinux at gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW6vEUAAoJEPJRiTioPntJmhcH/jbN1sZAnW0axoZjKrCRja8v m7zn8VUGEFsFgRvleNfnT87u2xm2qQuG/+aSn7bjnUAxvl/zL+6Qs3BAnMZ3lKon Blkh10zkr8kR5pO0nu+ai02cB5Q874dWsNMdokc/LgOP6g6c8Azuzin2YkuPFNbs iyyYJ+yhr6RziF4Fl0vceuCTOrECLnXstMQxF8o9dzzeFuTmEcIBZ8lfu8/Dhcbo vXk7E/xgoPry514aQdIZsMPoYKUYwfCbWhCObHvP6Nb4HEVUqHUJl/YpGwCiwebi qJq/9YusweH47bkdz2ZeHMxwCYV7vT+d2bIVgpA8pyazw8oblNuy8fy03fo2dC0= =Actz -----END PGP SIGNATURE----- From wk at gnupg.org Thu Mar 17 20:08:45 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Mar 2016 20:08:45 +0100 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <56EAF117.6000604@gmail.com> (Daniel Villarreal's message of "Thu, 17 Mar 2016 13:01:59 -0500") References: <56EAF117.6000604@gmail.com> Message-ID: <87y49gj51e.fsf@wheatstone.g10code.de> On Thu, 17 Mar 2016 19:01, youcanlinux at gmail.com said: > Any idea when you'll replace the SHA-1 checksums at the following page? What is your threat model? FWIW, pre-image attacks on SHA-1 are not even on the horizon. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From fsantiago at garbage-juice.com Thu Mar 17 20:34:08 2016 From: fsantiago at garbage-juice.com (Fabian Santiago) Date: Thu, 17 Mar 2016 14:34:08 -0500 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <87y49gj51e.fsf@wheatstone.g10code.de> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> Message-ID: > > What is your threat model? FWIW, pre-image attacks on SHA-1 are not > even on the horizon. > Pre-image attack? - Fabian s From dkg at fifthhorseman.net Thu Mar 17 20:44:55 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 17 Mar 2016 15:44:55 -0400 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> Message-ID: <87h9g4khxk.fsf@alice.fifthhorseman.net> On Thu 2016-03-17 15:34:08 -0400, Fabian Santiago wrote: >> >> What is your threat model? FWIW, pre-image attacks on SHA-1 are not >> even on the horizon. >> > > Pre-image attack? https://en.wikipedia.org/wiki/Preimage_attack FWIW, the threat model of digest algorithms being published on an HTTPS website that then links to the file to be downloaded is much easier to work around than by compromising SHA-1's preimage resistance (or even collision resistance for that matter). However, it makes more sense to me to just move everything to sha-256 today. Anyone who actually checks the digests should be capable of using sha256 today, and it would avoid this sort of question coming up in the future. --dkg From kristian.fiskerstrand at sumptuouscapital.com Thu Mar 17 21:00:33 2016 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 17 Mar 2016 21:00:33 +0100 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <87h9g4khxk.fsf@alice.fifthhorseman.net> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> Message-ID: <56EB0CE1.40701@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/17/2016 08:44 PM, Daniel Kahn Gillmor wrote: > FWIW, the threat model of digest algorithms being published on an > HTTPS website that then links to the file to be downloaded is much > easier to work around than by compromising SHA-1's preimage > resistance (or even collision resistance for that matter). > > However, it makes more sense to me to just move everything to > sha-256 today. Anyone who actually checks the digests should be > capable of using sha256 today, and it would avoid this sort of > question coming up in the future. An argument could be made to remove the checksum altogether and focus only on proper verification of the OpenPGP signature. Of course the issue will persist in order to get a good basis for certificate verification, so if the server was to be compromised in some way and the user don't have a path; and this is first download so the TOFU scenario fails .. and they aren't doing some probabilistic consideration based on other public sources as well the end result will be the same as having provided the checksum, but... - -- - ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJW6wzdAAoJECULev7WN52FTAsH/i8blyldxK3hCRt8xHUYxeaA kBX+8pM7BJz4yQKxGeIZTR6fi4sU9xynZYEoDTxlebcYXo5V/lPzYIzhHIIF5UhN AUf0QP4gVk++C1zvv01NhiRxatzD20r2RvBtOXXs/PO6O2ZZ+TavuhnHzASZVTz+ F0+lInnJbUdGdwkXYL5YGLhljchtpR0iq90RPcSlML9cka3h2m0pJKAMV5l16dnS +ysVp9P+S4GafB7ai6bzWkduD7w4GrizuARMWSfqbybiWCmO97APNt1rqVaqb7uf XMQV3/1v0CSfORx3//M9jq5EVRtq22Utrdjz+xROrn/hWuhAgIUWwz1shuB2ixE= =V7G6 -----END PGP SIGNATURE----- From peter at digitalbrains.com Thu Mar 17 21:19:15 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 17 Mar 2016 21:19:15 +0100 Subject: (slightly OT) SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <56EAF117.6000604@gmail.com> References: <56EAF117.6000604@gmail.com> Message-ID: <56EB1143.8040307@digitalbrains.com> On 17/03/16 19:01, Daniel Villarreal wrote: > Clarifications and updates on APT + SHA1 > https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/ > "...note that SHA1 support is not dropped, we merely do not consider > it trustworthy." This page then continues: > This means that it feels like SHA1 support is dropped, because > sources without SHA2 won?t work; but the SHA1 signatures will still > be used in addition to the SHA2 ones, so there?s no point removing > them (same for MD5Sum fields). So, if I understand correctly, they intend to verify SHA2 checksums, and /also/ verify SHA1 checksums and MD5 checksums ("will be used in addition"). That's just overkill. Do you trust SHA2? Yes? Go with it. No? Stop using it. Don't "augment its reliability" with other checksums, especially MD5. That's wringing a poor snake for its oil... Although probably no snakes where harmed in the process. All the on-topicness has already been dealt with adequately, IMHO. My 2 cents, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.email Thu Mar 17 21:27:47 2016 From: dougb at dougbarton.email (Doug Barton) Date: Thu, 17 Mar 2016 13:27:47 -0700 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <56EB0CE1.40701@sumptuouscapital.com> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <56EB0CE1.40701@sumptuouscapital.com> Message-ID: <56EB1343.9000805@dougbarton.email> On 03/17/2016 01:00 PM, Kristian Fiskerstrand wrote: > so if the server was to be compromised in some way ... ... the checksum (that you are downloading from the same server) becomes useless. Doug From wk at gnupg.org Fri Mar 18 08:21:30 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Mar 2016 08:21:30 +0100 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <87h9g4khxk.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 17 Mar 2016 15:44:55 -0400") References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> Message-ID: <878u1gi745.fsf@wheatstone.g10code.de> On Thu, 17 Mar 2016 20:44, dkg at fifthhorseman.net said: > FWIW, the threat model of digest algorithms being published on an HTTPS > website that then links to the file to be downloaded is much easier to > work around than by compromising SHA-1's preimage resistance (or even I fully agree and I view cecksums only as the last resort to verify something downloaded. However sometimes it is required - there are some OS which do not have gpg installed (OpenBSD, Windows) and there need to be a way to bootstrap the installation. Of course the checksums on the web page are not sufficient and they do only work because we also announce them by mail and also by means of a signed file (gnupg.org/swdb.lst{,.sig). Any non-targeted tampering of the checksum will likely be reported soon. In fact we had such reports in the past due to a c+p bug by me. I'll look at how we can improve the description on the web page. > However, it makes more sense to me to just move everything to sha-256 > today. Anyone who actually checks the digests should be capable of > using sha256 today, and it would avoid this sort of question coming up Most people are actually not able to check even the SHA-1 checksums because they are missing a tool to do so (e.g. Windows) and have not the knowledge to install or compile and audit a shaXsum tool. Further, in my experience many users do not check the entire SHA-1 sum but just a few of the first and last digits. With the longer and harder to read SHA-256 checksums this will only get worse (?oh yes, the checksum is longer and thus safer and thus I need to compare less digits? :-(). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dashohoxha at gmail.com Fri Mar 18 09:49:16 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Fri, 18 Mar 2016 09:49:16 +0100 Subject: EasyGnuPG Message-ID: Hi, I am writting some shell scripts for making GnuPG more accessible and easier to use: - https://github.com/dashohoxha/egpg - http://dashohoxha.github.io/egpg/man/ - https://github.com/dashohoxha/egpg/wiki It is not finished yet (regarding the features that I have planned to implement), but I just made another release (which means that it is more or less tested and the docs are updated). Could you have a look at it and give me any feedback? Any suggestions or discussions are wellcome. Thanks, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Fri Mar 18 13:18:36 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 18 Mar 2016 13:18:36 +0100 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56E68677.9030600@cryptolab.net> References: <56E68677.9030600@cryptolab.net> Message-ID: <56EBF21C.1050908@digitalbrains.com> On 14/03/16 10:37, Fulano Diego Perez wrote: > https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ So forgive me for the off-topicness, but something in the text caught my attention: > Soundararajan was drawn to study consecutive primes after hearing a > lecture at Stanford by the mathematician Tadashi Tokieda, of the > University of Cambridge, in which he mentioned a counterintuitive > property of coin-tossing: If Alice tosses a coin until she sees a > head followed by a tail, and Bob tosses a coin until he sees two > heads in a row, then on average, Alice will require four tosses while > Bob will require six tosses (try this at home!), even though > head-tail and head-head have an equal chance of appearing after two > coin tosses. I did try this at home; only I wrote a Python script to do all the tedious tossing and accounting. This is its output: > $ ./cointoss HH HT > > H T HH HT > ---------- ---------- ---------- ---------- > 59821 (49.9%) 60079 (50.1%) 6.044 3.990 After over a million coin tosses, it takes 6 tosses on average until you see two heads in a row, but only 4 to see head-tail. Obviously, the script is attached. Supply the patterns on invocation, as shown above. Any number of patterns of any length are supported (I think). Well, strictly positive numbers and lengths :). Can someone point me in the direction of the solution to this counterintuitive probability theory result? Any of a common name for the property, a mathematical explanation or an intuitive explanation are much appreciated! Anyway, to make up for the off-topicness, let's get slightly on-topic... To the OP: Please provide at least a short abstract of the text when you post a link. That way people can tell from your mail what the text will be about. With regards to the article, I'm surprised by the choice of words in its title. Other than to draw in more readers, I don't see what place the word "conspiracy" has in it. That's like saying 0 and 1 are conspiring to be consecutive on the integral number line. Oh no, pretty much all are computers are based on 0's and 1's and now they are conspiring! Probably against us! Quick, we need neutral numbers without an agenda... In my opinion, this title really devalues the article. "Three secret ways to cope with prime conspiracy mathematicians don't want you to know about" isn't that much further out. Oh, I hope that phrasing doesn't tickle any spam filters... Ah well. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- #!/usr/bin/python3 import collections import sys import re import random import blessings class Observer(object): def __init__(self, pattern): self.pattern = pattern self.hist = collections.deque(maxlen=len(pattern)) self.hits = 0 self.run = 0 def toss(self,face): self.hist.append(face) if (''.join(self.hist) == self.pattern): self.hits += 1 self.run = 0 self.hist.clear() else: self.run += 1 class CoinToss(object): def __init__(self,argv): if (len(argv) < 2): print('Usage: {} PATTERN [PATTERN]...') sys.exit(1) self.os = list() self.labels = ['H', 'T'] for a in argv[1:]: if (re.fullmatch('[HT]+', a) is None): print('Patterns consist of H and T only') sys.exit(1) self.os.append(Observer(a)) self.labels.append(a) self.term = blessings.Terminal() self.tosses = 0 self.heads = 0 self.tails = 0 def toss(self,face): self.tosses += 1 if (face == 'H'): self.heads += 1 else: self.tails += 1 for o in self.os: o.toss(face) def run(self): random.seed() while True: for i in range(100): self.toss(random.choice(['H', 'T'])) self.print_data() def print_data(self): data = list() for x in [self.heads, self.tails]: data.append('{} ({:2.1%})'.format(x, x / self.tosses)) for o in self.os: if o.hits == 0: data.append('--') else: v = (self.tosses - o.run) / o.hits data.append('{:.3f}'.format(v)) for b in range((len(self.labels)-1) // 4 + 1): for l in self.labels[b * 4:(b + 1) * 4]: print(l,end='') print(' ' * (20-len(l)),end='') print() for l in self.labels[b * 4:(b + 1) * 4]: c = max(len(l), 10) print('-' * c,end='') print(' ' * (20-c), end='') print() for d in data[b * 4:(b + 1) * 4]: print(d,end='') print(' ' * (20-len(d)), end='') print('\n\n') print(self.term.move_up * 5 * ((len(self.labels) - 1) // 4 + 1),end='') if __name__ == '__main__': c = CoinToss(sys.argv) c.run() From viktordick86 at gmail.com Fri Mar 18 13:50:41 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Fri, 18 Mar 2016 13:50:41 +0100 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EBF21C.1050908@digitalbrains.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> Message-ID: <56EBF9A1.9020508@gmail.com> On 2016-03-18 13:18, Peter Lebbing wrote: > Can someone point me in the direction of the solution to this > counterintuitive probability theory result? Any of a common name for the > property, a mathematical explanation or an intuitive explanation are > much appreciated! Any match of a pattern (HH or HT) to a sequence of coin tosses can be either align (i.e., starting at the first/third/fifth etc. toss) or misaligned (second/fourth etc.). If you count the number of aligned matches in a sequence of a given length, you will get the same probability regardless of the pattern. The same with the misaligned matches. However, the number of aligned and misaligned matches is not independent. For HH, they are correlated (if one pair of tosses is a match, the two overlapping ones are each matches with probability 0.5 instead of 0.25) while for HT they are anticorrelated (if one pair is a match, the overlapping ones can't be matches). Therefore, you will find more matches for HH than for HT. If you toss until you get a result, with HH you will get it quicker on average. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From andrewg at andrewg.com Fri Mar 18 14:26:07 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Fri, 18 Mar 2016 13:26:07 +0000 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EBF21C.1050908@digitalbrains.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> Message-ID: <56EC01EF.5060806@andrewg.com> On 18/03/16 12:18, Peter Lebbing wrote: > > After over a million coin tosses, it takes 6 tosses on average until you > see two heads in a row, but only 4 to see head-tail. Obviously, the > script is attached. Supply the patterns on invocation, as shown above. > Any number of patterns of any length are supported (I think). Well, > strictly positive numbers and lengths :). > > Can someone point me in the direction of the solution to this > counterintuitive probability theory result? Any of a common name for the > property, a mathematical explanation or an intuitive explanation are > much appreciated! The intuitive result (that all sequences of N random equally-probable events must have the same probability of happening first) holds if one fixes the groupings of events in advance so that all possible sequences are independent of each other ("mutual independence" being the most important statistical precondition!). In this case, if the pairing of coin tosses is always the odd-numbered toss followed by the even-numbered toss, e.g: TH HT HH TT HT HH TH HT then for any *given* pair of tosses, the probability that it contains a particular sequence is independent of any other *non-overlapping* pair of tosses. However, if one looks for a sequence of N events in a string without specifying in advance which window into the string we are matching against, then sequences of identical events will generally be less likely than mixed ones. This is because we can choose after the fact whether to consider an event the beginning of a new sequence or a continuation of the previous one, and overlapping sequences of events are not mutually independent. An extreme example is the case of the ten-event sequences HHHHHHHHHH and THHHHHHHHHH. Unless the first sequence of ten heads occurs at the very beginning of the string of events (which is highly unlikely!), then the sequence beginning with a single tails must *always* occur one event earlier than the first sequence of ten-heads. But it could also have occurred much earlier than ten-heads, if it had been followed by another tail. Alternatively, we could consider how we treat the sequence history after a "success". Do we wipe the slate clean once we get ten heads and start over? Or if the eleventh toss was another head, do we consider that a second sequence of ten heads? If we can choose part-way through an experiment when to stop, then that skews not only the order in which events are seen, but also the probability that they will be seen at all. The moral of the story is: outside the comfortable walls of mutual independence, there be dragons. ;-) A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From brian at minton.name Fri Mar 18 14:38:54 2016 From: brian at minton.name (Brian Minton) Date: Fri, 18 Mar 2016 13:38:54 +0000 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <878u1gi745.fsf@wheatstone.g10code.de> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <878u1gi745.fsf@wheatstone.g10code.de> Message-ID: Windows has certutil built-in. On Fri, Mar 18, 2016, 3:27 AM Werner Koch wrote: > On Thu, 17 Mar 2016 20:44, dkg at fifthhorseman.net said: > > > FWIW, the threat model of digest algorithms being published on an HTTPS > > website that then links to the file to be downloaded is much easier to > > work around than by compromising SHA-1's preimage resistance (or even > > I fully agree and I view cecksums only as the last resort to verify > something downloaded. However sometimes it is required - there are some > OS which do not have gpg installed (OpenBSD, Windows) and there need to > be a way to bootstrap the installation. > > Of course the checksums on the web page are not sufficient and they do > only work because we also announce them by mail and also by means of a > signed file (gnupg.org/swdb.lst{,.sig ). > Any non-targeted tampering of > the checksum will likely be reported soon. In fact we had such reports > in the past due to a c+p bug by me. > > I'll look at how we can improve the description on the web page. > > > However, it makes more sense to me to just move everything to sha-256 > > today. Anyone who actually checks the digests should be capable of > > using sha256 today, and it would avoid this sort of question coming up > > Most people are actually not able to check even the SHA-1 checksums > because they are missing a tool to do so (e.g. Windows) and have not the > knowledge to install or compile and audit a shaXsum tool. Further, in > my experience many users do not check the entire SHA-1 sum but just a > few of the first and last digits. With the longer and harder to read > SHA-256 checksums this will only get worse (?oh yes, the checksum is > longer and thus safer and thus I need to compare less digits? :-(). > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Fri Mar 18 15:45:28 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 18 Mar 2016 10:45:28 -0400 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <878u1gi745.fsf@wheatstone.g10code.de> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <878u1gi745.fsf@wheatstone.g10code.de> Message-ID: <87shznhmk7.fsf@alice.fifthhorseman.net> On Fri 2016-03-18 03:21:30 -0400, Werner Koch wrote: > Most people are actually not able to check even the SHA-1 checksums > because they are missing a tool to do so (e.g. Windows) and have not the > knowledge to install or compile and audit a shaXsum tool. On any modern Windows installation (since Vista at least, i think) there is "certutil.exe" https://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_hashfile the syntax is: certutil -hashfile FileToHash.ext sha256 Looks like there's an older version available even for Windows XP (not that i recommend anyone use that) via something called "Windows Server 2003 Administration Pack": https://support.microsoft.com/en-us/kb/934576?spid=12925&sid=1569 (appears to require javascript, sorry) > Further, in my experience many users do not check the entire SHA-1 sum > but just a few of the first and last digits. With the longer and > harder to read SHA-256 checksums this will only get worse (?oh yes, > the checksum is longer and thus safer and thus I need to compare less > digits? :-(). Right, but surely you wouldn't advocate only displaying the first and last few digits of the SHA1 digest just because most people aren't going to look at anytihng else. Right? At any rate, checking the first and last X digits of SHA-256 is probably better than checking the first and last X digits of SHA-1, for any value of X. SHA-1 has worse cryptographic properties than SHA-256 (and about a decade more of intense analysis that reveals flaws). Likewise, i'm glad that we at least offer SHA-1, even though it's longer and harder to read than MD5, which itself is longer and harder to read than CRC32 :P We cannot force anyone to compare anything, but we can choose whether we give them the information that is capable of strong comparison. (while understanding that it's not meaningful in the face of webserver compromise) --dkg From wk at gnupg.org Fri Mar 18 16:57:50 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Mar 2016 16:57:50 +0100 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <878u1gi745.fsf@wheatstone.g10code.de> (Werner Koch's message of "Fri, 18 Mar 2016 08:21:30 +0100") References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <878u1gi745.fsf@wheatstone.g10code.de> Message-ID: <87a8lvdbi9.fsf@wheatstone.g10code.de> On Fri, 18 Mar 2016 08:21, wk at gnupg.org said: > I'll look at how we can improve the description on the web page. Actually the current text does not look too bad: If you are not able to use an old version of GnuPG, you can still verify the file's SHA-1 checksum. This is less secure, because if someone modified the files as they were transferred to you, it would not be much more effort to modify the checksums that you see on this webpage. As such, if you use this method, you should compare the checksums with those in release announcement. This is sent to the gnupg-announce mailing list (among others), which is widely mirrored. Don't use the mailing list archive on this website, but find the announcement on several other websites and make sure the checksum is consistent. This makes it more difficult for an attacker to trick you into installing a modified version of the software. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Mar 18 17:02:11 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Mar 2016 17:02:11 +0100 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <87shznhmk7.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 18 Mar 2016 10:45:28 -0400") References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <878u1gi745.fsf@wheatstone.g10code.de> <87shznhmk7.fsf@alice.fifthhorseman.net> Message-ID: <8760wjdbb0.fsf@wheatstone.g10code.de> On Fri, 18 Mar 2016 15:45, dkg at fifthhorseman.net said: > On any modern Windows installation (since Vista at least, i think) there > is "certutil.exe" I know but I have also seen on the gpg4win mailing list that people have problems using it or any other tool. Also worse than checksums or real signatures, I meanwhile think that an Authenticode signature would overall improve the situation. > Right, but surely you wouldn't advocate only displaying the first and > last few digits of the SHA1 digest just because most people aren't going > to look at anytihng else. Right? Ack. > glad that we at least offer SHA-1, even though it's longer and harder to > read than MD5, which itself is longer and harder to read than CRC32 :P Well, MD5 is out of every discussion - despite that not too old OpenSSH versions still use it for fingerprints by default. But then again, who really check the fingerprints ;-) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.email Fri Mar 18 21:20:33 2016 From: dougb at dougbarton.email (Doug Barton) Date: Fri, 18 Mar 2016 13:20:33 -0700 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EBF21C.1050908@digitalbrains.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> Message-ID: <56EC6311.6050509@dougbarton.email> On 03/18/2016 05:18 AM, Peter Lebbing wrote: > Can someone point me in the direction of the solution to this > counterintuitive probability theory result? You already got good answers as to why this happens from Viktor and Andrew. You can illustrate them by adding TT to your analysis. Doug From fulanoperez at cryptolab.net Sat Mar 19 08:31:10 2016 From: fulanoperez at cryptolab.net (Fulano Diego Perez) Date: Sat, 19 Mar 2016 18:31:10 +1100 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EC6311.6050509@dougbarton.email> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> <56EC6311.6050509@dougbarton.email> Message-ID: <56ED003E.9070708@cryptolab.net> Doug Barton: > You already got good answers /after/ as to why this happens From 2014-667rhzu3dc-lists-groups at riseup.net Sat Mar 19 13:46:12 2016 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Sat, 19 Mar 2016 12:46:12 +0000 Subject: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ? In-Reply-To: <87shznhmk7.fsf@alice.fifthhorseman.net> References: <56EAF117.6000604@gmail.com> <87y49gj51e.fsf@wheatstone.g10code.de> <87h9g4khxk.fsf@alice.fifthhorseman.net> <878u1gi745.fsf@wheatstone.g10code.de> <87shznhmk7.fsf@alice.fifthhorseman.net> Message-ID: <55354856.20160319124612@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Friday 18 March 2016 at 2:45:28 PM, in , Daniel Kahn Gillmor wrote: > On any modern Windows installation (since Vista at > least, i think) there > is "certutil.exe" > https://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_hashfile > the syntax is: > certutil -hashfile FileToHash.ext sha256 In Windows 10 (and possibly earlier) there is also the "Get-FileHash" cmdlet This works in Powershell, not in an ordinary Command window. The syntax is:- Get-FileHash FileToHash.ext -Algorithm sha1 - -- Best regards MFPA Wait. You think I'm right? -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJW7UoiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbFwH/RyFtbT6PBRvTvvabiV+oN5y lBs776OIAN4UJAPVx20oo3kT/EMRJO3iLJLBEYDgI2qkRHBv1wjr1YS2BWIK+m0P 9fUYn+7j68g/0hmloQx9RRXadlrHo9ZYIDDU8Bednim1XXhy9v4eTidPQkCZmLBC oGfO/lG4zOisq/e1pwZQXMvhVsZoqTXhJU5uLxpZT+Z/ZRMqQrCNKQAX0F8KMege t/N+fBWhKB+NHsbZkWMuEsqoTK3tDTgms1i9vmXNO+5T077vsZigUCwjTI1PtGEc c6QB/iEXPtXkBshUQZxJfx5q7H/XgEm0JPwfgCSZcPoNG47g/VJs0w7IHeY2kDKI vgQBFgoAZgUCVu1KMl8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45A2JAQCkfw25IBuMCT6f5DprD5hVHmkO AS2QNPPTNDdeTrg3yAD/ekCBGDQXN/+lWUk7FsOakpa5Ma3hO41zGsyGk8wSHw4= =trKU -----END PGP SIGNATURE----- --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus From wmsopou at gmail.com Sat Mar 19 13:24:32 2016 From: wmsopou at gmail.com (Me Self) Date: Sat, 19 Mar 2016 13:24:32 +0100 Subject: using master key from usb Message-ID: Hi All What is the best way to use a master key from a backup usb? The whole ~/gnupg folder is backed up to the usb, and the master key has been removed from the keyring on the harddrive. I can use the master key with: gpg --homedir /media/myusb/gnupg ... Now I want to --sign-keys a key that is imported in the keyring on the harddrive. I could export the key I want to sign and import it in the backup, sign it in the backup, then export it and import it back on the harddrive.. A bit longwinded.. Is there an easier way to use the master key? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Sat Mar 19 14:36:07 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Sat, 19 Mar 2016 14:36:07 +0100 Subject: using master key from usb In-Reply-To: References: Message-ID: On Sat, Mar 19, 2016 at 1:24 PM, Me Self wrote: > Hi All > > What is the best way to use a master key from a backup usb? > > The whole ~/gnupg folder is backed up to the usb, and the master key has > been removed from the keyring on the harddrive. > > I can use the master key with: > gpg --homedir /media/myusb/gnupg ... > > Now I want to --sign-keys a key that is imported in the keyring on the > harddrive. > > I could export the key I want to sign and import it in the backup, sign it > in the backup, then export it and import it back on the harddrive.. A bit > longwinded.. > > Is there an easier way to use the master key? > Instead of export/import, you can also transfer the signed key through the keyserver network: alias gpg-sec="gpg --homedir /media/myusb/gnupg" gpg-sec --search-key gpg-sec --recv-key gpg-sec --sign-key gpg-sec --send-key gpg-sec --delete-keys gpg --recv-key Does this make sense? -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Sat Mar 19 14:45:03 2016 From: wk at gnupg.org (Werner Koch) Date: Sat, 19 Mar 2016 14:45:03 +0100 Subject: How to silence gpg-agent? In-Reply-To: (Dashamir Hoxha's message of "Tue, 15 Mar 2016 22:06:53 +0100") References: Message-ID: <8737rma8f4.fsf@wheatstone.g10code.de> On Tue, 15 Mar 2016 22:06, dashohoxha at gmail.com said: > gpg: checking the trustdb > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > I believe that it comes from gpg-agent. I have tried to silence it, using > the option '--quiet', but it seems not to work. Any idea what else I can It comes from gpg. I just pushed a fix for 2.1 toseilence it with --quiet. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Sat Mar 19 15:09:14 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 19 Mar 2016 15:09:14 +0100 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56ED003E.9070708@cryptolab.net> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> <56EC6311.6050509@dougbarton.email> <56ED003E.9070708@cryptolab.net> Message-ID: <56ED5D8A.10803@digitalbrains.com> On 19/03/16 08:31, Fulano Diego Perez wrote: > Doug Barton: >> You already got good answers /after/ as to why this happens Please, please, /please/ don't change any text you are quoting. This is not what Doug said, so it is not a quote, but really looks like one. Other than that, I have no idea what you are trying to convey. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From amr_mahmoud38 at yahoo.com Sat Mar 19 15:35:13 2016 From: amr_mahmoud38 at yahoo.com (=?UTF-8?B?4oCr2LnZhdix2Ygg2YPZhdin2YQg2KfZhNiv?= =?UTF-8?B?2YrZhiDYqNi02LEg2YXYrdmF2YjYr+KArCDigKs=?=) Date: Sat, 19 Mar 2016 14:35:13 +0000 (UTC) Subject: testing installation for the new modern version 2.1.11 References: <1632111934.2289065.1458398113079.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <1632111934.2289065.1458398113079.JavaMail.yahoo@mail.yahoo.com> Hi,? every one I have just installed gpg2 version 2.1.11 with some difficulties , and I managed to create new keys but I need to make sure that?? it has been installed properly ,how can I run self test for all the components and programs? conforming this new version ,sorry for redundancy and my english .Thanks and Best Regards Amr Kamal -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Sat Mar 19 16:34:19 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 19 Mar 2016 16:34:19 +0100 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EC01EF.5060806@andrewg.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> <56EC01EF.5060806@andrewg.com> Message-ID: <56ED717B.5090301@digitalbrains.com> Thank you all for helpful responses, I understand where the difference comes from now! On 18/03/16 14:26, Andrew Gallagher wrote: > Alternatively, we could consider how we treat the sequence history after > a "success". Do we wipe the slate clean once we get ten heads and start > over? Or if the eleventh toss was another head, do we consider that a > second sequence of ten heads? Ah, in my code, I indeed wipe the slate clean. It feels more appropriate; and since I get the same expected number of throws as the article states, apparently so do they. > The moral of the story is: outside the comfortable walls of mutual > independence, there be dragons. ;-) Oh yes! Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dgouttegattat at incenp.org Sat Mar 19 19:26:35 2016 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Sat, 19 Mar 2016 19:26:35 +0100 Subject: using master key from usb In-Reply-To: References: Message-ID: <56ED99DB.1030704@incenp.org> On 03/19/2016 01:24 PM, Me Self wrote: > I can use the master key with: > gpg --homedir /media/myusb/gnupg ... > > Now I want to --sign-keys a key that is imported in the keyring on the > harddrive. You can use the --keyring option to add your normal public keyring (containing the key you want to sign): $ gpg --homedir /media/myusb/gnupg --keyring ~/.gnupg/pubring.gpg ... > Is there an easier way to use the master key? If you?re using GnuPG 2.1, an easy and (IMHO) elegant way is to create a symlink pointing to your master key on the USB stick: $ ln -s /media/myusb/gnupg/private-keys-v1.d/XXXXXXX.key ~/.gnupg/private-keys-v1.d/XXXXXX.key (where XXXXXX is the *keygrip* of your master key, which you can learn with the --with-keygrip option when listing keys). You can then call gpg as usual, without needing to change its home directory. When you are done, just remove the symlink and unmount your USB stick. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From andrewg at andrewg.com Sat Mar 19 23:35:52 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Sat, 19 Mar 2016 22:35:52 +0000 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56ED717B.5090301@digitalbrains.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> <56EC01EF.5060806@andrewg.com> <56ED717B.5090301@digitalbrains.com> Message-ID: > On 19 Mar 2016, at 15:34, Peter Lebbing wrote: > >> On 18/03/16 14:26, Andrew Gallagher wrote: >> Alternatively, we could consider how we treat the sequence history after >> a "success". Do we wipe the slate clean once we get ten heads and start >> over? Or if the eleventh toss was another head, do we consider that a >> second sequence of ten heads? > > Ah, in my code, I indeed wipe the slate clean. It feels more appropriate; and > since I get the same expected number of throws as the article states, apparently > so do they. You are correct, as this is implicit in the formulation of the problem: start flipping coins and see how long it takes for a particular pattern to turn up once. The implicit assumption is that you then stop, rather than continuing to accumulate data. And that's where the problems start. :-) A From tony.caduto at gmail.com Sat Mar 19 19:06:51 2016 From: tony.caduto at gmail.com (Tony Caduto) Date: Sat, 19 Mar 2016 13:06:51 -0500 Subject: win32 gpgme passphrase callback FD issues Message-ID: Hi, I have looked back in the list archives and did find some info about this but no resolutions. I am using FPC (free pascal) and have gpgme.dll working (currently using older versions that don't require the pinentry support) The problem I am having is with the passphrase call back. Basically the win32 writefile function does not work, I did see in the docs that a internal function is available in newer versions called gpgme_io_writen problem is I can't find a version that has that function exposed except the very newest which have that pinentry, I need to use this on a server and a dialog popping up to ask for the passphrase is not good. I have tried this with verison 1.1.8 through 1.3.0 and they all fail. What happens is it just goes into a loop calling back over and over that the password was bad. The only way I can get it to not hang is to close the file handle, then on the next callback it fails because the file handle is gone. Does anyone know what is the newest version of gpgme.dll that still supports the passphrase call back function? Here is my FCP call back function: (it gets called back and all params are populated but it just hangs after returning 0. function gpgme_passphrase_cb(handle:pointer;uid_hint:pchar;passphrase_info:pchar;prev_was_bad:integer;fd:integer):Tgpgme_error;cdecl; var password:pchar; ret:dword; filehandle:windows.HANDLE; newline:pchar = #10; begin filehandle:=windows.HANDLE(fd); password:='coutweha'; windows.WriteFile(filehandle,password,Length(password),ret,nil); windows.WriteFile(filehandle,newline,Length(newline),ret,nil); //windows.FlushFileBuffers(filehandle); // Tried this to see if it was not fully writing to handle. windows.CloseHandle(filehandle); //Loops forever if you don't close handle, errors out on second try because handle is closed. result.errorcode:=GPG_ERR_NO_ERROR; result.error:=GPG_ERR_NO_ERROR;; result.errorsource:=0; end; -------------- next part -------------- An HTML attachment was scrubbed... URL: From amr_mahmoud38 at yahoo.com Sun Mar 20 18:40:21 2016 From: amr_mahmoud38 at yahoo.com (amr) Date: Sun, 20 Mar 2016 20:40:21 +0300 Subject: testing installation for the new modern version 2.1.11 Message-ID: <56EEE085.1070308@yahoo.com> Hi, every one I have just installed gpg2 version 2.1.11 from a previous version 2.0.29 (without removing the old version ) with some difficulties , and I managed to create new keys but I need to make sure that it has been installed properly , how can I run self test for all the components and programs conforming this new version ,sorry for redundancy that might occur and my English . Thanks and Best Regards Amr Kamal From amr_mahmoud38 at yahoo.com Sun Mar 20 18:44:54 2016 From: amr_mahmoud38 at yahoo.com (amr) Date: Sun, 20 Mar 2016 20:44:54 +0300 Subject: testing installation for the new modern version 2.1.11 Message-ID: <56EEE196.8070406@yahoo.com> Hi, every one I have just installed gpg2 version 2.1.11 from the previous version 2.0.29 (without removing the old version) with some difficulties , and I managed to create new keys but I need to make sure that it has been installed properly , how can I run self test for all the components and programs conforming this new version ,sorry for redundancy and my english . Thanks and Best Regards Amr Kamal From wmsopou at gmail.com Sun Mar 20 21:51:54 2016 From: wmsopou at gmail.com (Me Self) Date: Sun, 20 Mar 2016 21:51:54 +0100 Subject: using master key from usb In-Reply-To: <56ED99DB.1030704@incenp.org> References: <56ED99DB.1030704@incenp.org> Message-ID: Hi Damian and Dashamir Those are all great solutions, tnx :) On Sat, Mar 19, 2016 at 7:26 PM, Damien Goutte-Gattat < dgouttegattat at incenp.org> wrote: > On 03/19/2016 01:24 PM, Me Self wrote: > >> I can use the master key with: >> gpg --homedir /media/myusb/gnupg ... >> >> Now I want to --sign-keys a key that is imported in the keyring on the >> harddrive. >> > > You can use the --keyring option to add your normal public keyring > (containing the key you want to sign): > > $ gpg --homedir /media/myusb/gnupg --keyring ~/.gnupg/pubring.gpg ... > > > Is there an easier way to use the master key? >> > > If you?re using GnuPG 2.1, an easy and (IMHO) elegant way is to create a > symlink pointing to your master key on the USB stick: > > $ ln -s /media/myusb/gnupg/private-keys-v1.d/XXXXXXX.key > ~/.gnupg/private-keys-v1.d/XXXXXX.key > > (where XXXXXX is the *keygrip* of your master key, which you can learn > with the --with-keygrip option when listing keys). > > You can then call gpg as usual, without needing to change its home > directory. When you are done, just remove the symlink and unmount your USB > stick. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Mon Mar 21 04:52:55 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 21 Mar 2016 04:52:55 +0100 Subject: using master key from usb In-Reply-To: References: <56ED99DB.1030704@incenp.org> Message-ID: Solutions explained by Damien are better than mine. I was not aware of them. I would recommend one of them. On Sun, Mar 20, 2016 at 9:51 PM, Me Self wrote: > Hi Damian and Dashamir > > Those are all great solutions, tnx :) > > > On Sat, Mar 19, 2016 at 7:26 PM, Damien Goutte-Gattat < > dgouttegattat at incenp.org> wrote: > >> On 03/19/2016 01:24 PM, Me Self wrote: >> >>> I can use the master key with: >>> gpg --homedir /media/myusb/gnupg ... >>> >>> Now I want to --sign-keys a key that is imported in the keyring on the >>> harddrive. >>> >> >> You can use the --keyring option to add your normal public keyring >> (containing the key you want to sign): >> >> $ gpg --homedir /media/myusb/gnupg --keyring ~/.gnupg/pubring.gpg ... >> >> >> Is there an easier way to use the master key? >>> >> >> If you?re using GnuPG 2.1, an easy and (IMHO) elegant way is to create a >> symlink pointing to your master key on the USB stick: >> >> $ ln -s /media/myusb/gnupg/private-keys-v1.d/XXXXXXX.key >> ~/.gnupg/private-keys-v1.d/XXXXXX.key >> >> (where XXXXXX is the *keygrip* of your master key, which you can learn >> with the --with-keygrip option when listing keys). >> >> You can then call gpg as usual, without needing to change its home >> directory. When you are done, just remove the symlink and unmount your USB >> stick. >> >> > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo.bolzoni.brown at gmail.com Mon Mar 21 10:44:06 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Mon, 21 Mar 2016 10:44:06 +0100 Subject: Should always add myself as recipient when ecrypting? Message-ID: Dear list, The subject pretty much says it all already, I am using GnuPG 2.1.11 (with libgcrypt 1.6.5) and I was wondering if I should always add myself as recipient when encrypting a file, of course, in addition of the real recipient. Is there a reason not to? Cheers, Paolo From brian at minton.name Mon Mar 21 13:03:18 2016 From: brian at minton.name (Brian Minton) Date: Mon, 21 Mar 2016 12:03:18 +0000 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: References: Message-ID: Here's a possible reason: suppose your recipient is being targeted by an enemy who wishes to read their communications. They have determined through traffic analysis that you are in communication with their target. They may then attempt to convince/coerce/trick you to decrypt the message. In other words, by adding an additional human target, you reduce the need for actual cryptanalysis. On Mon, Mar 21, 2016, 6:50 AM Paolo Bolzoni wrote: > Dear list, > > The subject pretty much says it all already, I am using GnuPG 2.1.11 > (with libgcrypt 1.6.5) and I was wondering if I should always add > myself as recipient when encrypting a file, of course, in addition of > the real recipient. > > Is there a reason not to? > > Cheers, > Paolo > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Mon Mar 21 13:08:18 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 21 Mar 2016 13:08:18 +0100 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: References: Message-ID: On Mon, Mar 21, 2016 at 10:44 AM, Paolo Bolzoni < paolo.bolzoni.brown at gmail.com> wrote: > Dear list, > > The subject pretty much says it all already, I am using GnuPG 2.1.11 > (with libgcrypt 1.6.5) and I was wondering if I should always add > myself as recipient when encrypting a file, of course, in addition of > the real recipient. > > Is there a reason not to? > I see it like this: - If you erase the original file after encryption, there is no reason not to. - If you don't erase the original file, there is no reason to. -------------- next part -------------- An HTML attachment was scrubbed... URL: From stargrave at stargrave.org Mon Mar 21 12:00:04 2016 From: stargrave at stargrave.org (Sergey Matveev) Date: Mon, 21 Mar 2016 14:00:04 +0300 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: References: Message-ID: <20160321110004.ObO9dZyuA%stargrave@stargrave.org> *** Paolo Bolzoni [Mon, 21 Mar 2016 10:44:06 +0100]: >I was wondering if I should always add >myself as recipient when encrypting a file, of course, in addition of >the real recipient. > >Is there a reason not to? Without yourself adding to the recipient: only remote party's key compromising will lead to message decryption. With yourself added: at least two keys can be compromised for message decryption. Higher risks. Question of trust. Some people are accurate in context of security and key management, others are absent-minded and because of them, as one of recipients, your messages under higher risk. -- Happy hacking From bernhard at intevation.de Mon Mar 21 15:05:05 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 21 Mar 2016 15:05:05 +0100 Subject: EasyGnuPG In-Reply-To: References: Message-ID: <201603211505.14794.bernhard@intevation.de> Hi Dashamir, On Friday 18 March 2016 at 09:49:16, Dashamir Hoxha wrote: > I am writting some shell scripts for making GnuPG more accessible and > easier to use: > - https://github.com/dashohoxha/egpg I like the goal of making gpg2 more accessible. However I am not sure that you are actually reaching the goal by using sh wrappers. When looking at the man pages, it seems that they are already long with a number of phrases to learn. Most of these commands are not much easier than the direct gpg2 commands they are aiming to replace. Drawbacks I see with your approach: * people will have to learn a slightly different set of commands with egpg and gpg2 and sooner or later will use the gpg2 commands and then they will be confused or have extra learning efforts. * shell scripts will not work on plattforms without a shell (e.g. Windows) * I haven't looked into the .epgp directory, but it may have some configs and then the behaviour of other applications will depend on whoch config they use. * BTW: There is a potential name clash with https://wiki.gnupg.org/EasyGpg2016 Ideas for improvements: * I you must, write wrappers code it in something more plattform indepentent, e.g. in python3 (using pyme or pygpgme where appropriate) * Suggest and improve the original gpg2 command line interface, so that usage is easier and the more esotheric options will not be seen or used by default. * Write a beginners man page for the original gpg2, which covers only the main use cases. Best Regards, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Mon Mar 21 15:20:19 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 21 Mar 2016 15:20:19 +0100 Subject: testing installation for the new modern version 2.1.11 In-Reply-To: <56EEE196.8070406@yahoo.com> References: <56EEE196.8070406@yahoo.com> Message-ID: <201603211520.20455.bernhard@intevation.de> Hi, On Sunday 20 March 2016 at 18:44:54, amr wrote: > I have just installed gpg2 version 2.1.11 from the previous version > 2.0.29 (without removing the old version) thanks for helping to test GnuPG. :) > with some difficulties , and I > managed to create new keys but I need to make sure that ? it has been > installed properly ,how can I run self test for all the components > and programs ?conforming this new version In the nature of testing there usually is no complete test coverage. :) Depending on how you have installed 2.1.11, you may have the automatic test available coming with the source code. Otherwise, I suggest you test your main use cases manually. (As an example, here is a testplan for GpgOL compatibility https://wiki.gnupg.org/GpgOL/Testplan) Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From dashohoxha at gmail.com Mon Mar 21 16:49:41 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 21 Mar 2016 16:49:41 +0100 Subject: EasyGnuPG In-Reply-To: <201603211505.14794.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> Message-ID: Hi Bernhard, thanks for having a look at it. On Mon, Mar 21, 2016 at 3:05 PM, Bernhard Reiter wrote: > Hi Dashamir, > > On Friday 18 March 2016 at 09:49:16, Dashamir Hoxha wrote: > > I am writting some shell scripts for making GnuPG more accessible and > > easier to use: > > - https://github.com/dashohoxha/egpg > > I like the goal of making gpg2 more accessible. > However I am not sure that you are actually reaching the goal > by using sh wrappers. When looking at the man pages, it seems > that they are already long with a number of phrases to learn. > Most of these commands are not much easier than the direct gpg2 > commands they are aiming to replace. > Yes, but the overall number of commands and options supported is 10 times smaller than those of gpg2. Tutorials about egpg are also much shorter. And the default values of the options are more suitable for a beginner (at least in my opinion). > Drawbacks I see with your approach: > * people will have to learn a slightly different set of commands > with egpg and gpg2 and sooner or later will use the gpg2 commands > and then they will be confused or have extra learning efforts. > I hope that the transition will be smoother, once they are familiar with the basics. > * shell scripts will not work on plattforms without a shell > (e.g. Windows) > I have heard that you can use shell scripts on Windows (with cygwin). > * I haven't looked into the .epgp directory, but it may have some configs > and then the behaviour of other applications will depend on whoch config > they use. > To switch from using egpg to using gpg2 you just need to change GNUPGHOME from '~/.gnupg' to '~/.egpg/.gnupg'. > * BTW: There is a potential name clash with > https://wiki.gnupg.org/EasyGpg2016 I don't think they clash because that is a contracted job this is a software project. > Ideas for improvements: > * I you must, write wrappers code it in something more plattform > indepentent, > e.g. in python3 (using pyme or pygpgme where appropriate) > The problem with Python is that I am not familar with it (and there may be other problems too, that I don't know). But if you could fork egpg and re-implement it in Python, it could be great. > * Suggest and improve the original gpg2 command line interface, so that > usage is easier and the more esotheric options will not be seen or used > by default. > * Write a beginners man page for the original gpg2, which covers only the > main > use cases. > I guess these two are suggestions for EasyGpg2016. Regards, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Mon Mar 21 18:38:31 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 21 Mar 2016 18:38:31 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> Message-ID: <56F03197.6050409@digitalbrains.com> On 21/03/16 16:49, Dashamir Hoxha wrote: > Yes, but the overall number of commands and options supported > is 10 times smaller than those of gpg2. Tutorials about egpg are also > much shorter. These things can simply be solved through new documentation rather than a new interface. The man page is typical reference style: all commands and options in a list format. It's not tutorial style, omitting all but common options and presenting the material in a tutorial form. > And the default values of the options are more suitable > for a beginner (at least in my opinion). I had a quick look through the source. The only thing I see in that category, IMHO, is automatically naming output filenames. The rest is debatable whether it should be the default, or it could easily go into gpg.conf. My impression is that it's superfluous. Automatically naming an output file would be some nice icing on the cake; the rest can go. If GnuPG had an option -A (--auto-name) I would definitely use it: $ gpg2 -Ar de500b3e -e file.txt is nicer than: $ gpg2 -o file.txt.gpg -r de500b3e -e file.txt My main objection to your solution: it increases incompatibility with other people. Your filenames end in .sealed and .signature where everybody else uses .asc (since you use ASCII armour) or .gpg (for binary files). You use a separate homedir, meaning for instance getting GnuPG plugins for e-mail programs to work require configuration work on the part of the user. The same for SSH authentication, where it may work automatically for a distribution-managed configuration. When somebody wishes to do something more than your wrappers handle, they need to take care of insuring they still work with the same homedir. I don't see the purpose of changing the homedir. You override defaults for key generation, and do so badly, I'm sorry. 4k RSA keys can be debated; I think they're overkill and are even unbalanced. But a primary key that signs, *encrypts* and certifies? An expiry of *one month*?? I'd pick the defaults, and would consider not setting an expiry, though I might also pick a long expiry to reduce the number of trash keys on the keyservers. Why do you make the passphrase end up in a process list through this construction: > "echo -e \"$PASSPHRASE\n$COMMANDS\" | gpg --batch --passphrase-fd=0 [...] While you should probably generate keys on a single user system, this still is unnecessarily revealing... anybody typing "ps a" at the correct time (a long time, it's key generation) will see the passphrase. GnuPG has an excellent passphrase interface: the pinentry. Why do you override the private key selection by always picking the first usable private key explicitly? This seems to me to be a worse default than the default algorithm, and it's not even possible to override it. Many of your commands rely on the user interface of GnuPG not changing, for example: > $(echo "addkey|4|4096|1m|addkey|6|4096|1m|save" | tr '|' "\n") Are you aware that this can change any time the developers feel like it? It is meant for human consumption. That's my first impression. > To switch from using egpg to using gpg2 you just need to change GNUPGHOME > from '~/.gnupg' to '~/.egpg/.gnupg'. Well... the distribution scripts that launch X may not look there, for instance. There may be more cases where programs will not notice an environment variable set in .profile. You probably should not change the homedir at all... what is the purpose? > I guess these two are suggestions for EasyGpg2016. I think they are meant as alternatives to your project. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Mon Mar 21 19:57:17 2016 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Mar 2016 19:57:17 +0100 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: (Paolo Bolzoni's message of "Mon, 21 Mar 2016 10:44:06 +0100") References: Message-ID: <87h9fz3bhu.fsf@wheatstone.g10code.de> On Mon, 21 Mar 2016 10:44, paolo.bolzoni.brown at gmail.com said: > myself as recipient when encrypting a file, of course, in addition of > the real recipient. That allows you to delete the plaintext while still being able to get it back. > Is there a reason not to? If you want to send an anonymous message it is better not to encrypt to an additional key. It is also smart not to use a wildcard (--throw-keyid) for your own key so that in case your secret key leaks it won't be possible to show that the message has also been encrypted to you. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From viktordick86 at gmail.com Mon Mar 21 20:16:21 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Mon, 21 Mar 2016 20:16:21 +0100 Subject: EasyGnuPG In-Reply-To: <56F03197.6050409@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <56F03197.6050409@digitalbrains.com> Message-ID: <56F04885.5060003@gmail.com> On 21.03.2016 18:38, Peter Lebbing wrote: > $ gpg2 -Ar de500b3e -e file.txt > > is nicer than: > > $ gpg2 -o file.txt.gpg -r de500b3e -e file.txt Actually, it seems that if you omit -o, gpg2 will do exactly this. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From viktordick86 at gmail.com Mon Mar 21 20:30:07 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Mon, 21 Mar 2016 20:30:07 +0100 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: References: Message-ID: <56F04BBF.6060008@gmail.com> On 21.03.2016 10:44, Paolo Bolzoni wrote: > Dear list, > > The subject pretty much says it all already, I am using GnuPG 2.1.11 > (with libgcrypt 1.6.5) and I was wondering if I should always add > myself as recipient when encrypting a file, of course, in addition of > the real recipient. > > Is there a reason not to? Hi, I guess if you have a reason to keep a copy in your 'Sent' folder (talking about email now) you have a reason to also encrypt to yourself. Especially for IMAP, where all you email correspondence is synced between multiple devices, you will not want to keep the cleartext file only on one machine and you will not want to put the cleartext on the server, so you will encrypt it to yourself and store the result on the server. One might argue that you should send a file that is only encrypted to your recipient and store a file that is only encrypted to yourself, so if one of you deletes his copy, the attack opportunities are also reduced. I know that Enigmail has the option to save draft messages encrypted to oneself, but I am not sure what it does with encrypted sent messages. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From mlisten at hammernoch.net Mon Mar 21 20:50:45 2016 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Mon, 21 Mar 2016 20:50:45 +0100 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: <56F04BBF.6060008@gmail.com> References: <56F04BBF.6060008@gmail.com> Message-ID: <94e705f1-7316-ebe1-8e53-01b41bb3a85f@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 21.03.16 20:30, Viktor Dick wrote: (...) > I know that Enigmail has the option to save draft messages > encrypted to oneself, but I am not sure what it does with encrypted > sent messages. Default is, that it also encrypts with the senders key. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJW8FCTAAoJEDrb+m0Aoeb+DpwP/jwTKcyD7NTcF5REk0XLFJ58 kNqnIUEmOZfh816/2MScjDqTIZTOJSmcG96AAacvUDkJT2OwfFhWFoYpXh8d3nP+ cTTcoL72up86Ai/pK6woZwJ7si0L+d1Nyf8d+YCpYTTSu0rOrDqrgYvOo+E57kak CB0y9zO7pQ72hRmBSfVPXlIkQkmHe8eT2068xZCJd1pm40uuHdmd3f4cAJQc4yJS 8XZpGqA9EL+psCIl1yowgmU0e2eCK9sLI/D9+3gt1Ef19k2VyzGNTh1ZKkKqj6wl BHFP8gvw3tqIuYfU9DsOBDtx2blWor91dvOK6N41F6RvUrIfNYQfUUyoxZOBATHZ D802zX6t+wypnCYO9EWYUHgxS6fdlxrvm9zaxtssXPVCEOheoc2CONRdRn8Z7Mr+ JNEpylLDV2yrJSLpsDHH+6HCmWoz77Ivu9iOFtMVNp2QydzpCLEAE1Is6BxYNbND GK/ZbBQb7JkZbOE7oW0u14YK/1yWGm+CAKNW7ddnfz996gpVU9L+5wKJBJii9L0n W+Og6kVbj67bMwTC742JN8SBkWKlieZNqtuIucv4R6nkP/Nm64Huw2EnSYUxIAqR bXpB5Ci4QFkU0Mf4obstouUVJBPMocE213rh0124vsuvm4MUQgWr31pURlpkXxa0 NDyfgO4wM/LWZz5NU+0Z =xHmQ -----END PGP SIGNATURE----- From peter at digitalbrains.com Mon Mar 21 20:54:15 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 21 Mar 2016 20:54:15 +0100 Subject: EasyGnuPG In-Reply-To: <56F04885.5060003@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <56F03197.6050409@digitalbrains.com> <56F04885.5060003@gmail.com> Message-ID: <56F05167.6000602@digitalbrains.com> On 21/03/16 20:16, Viktor Dick wrote: > Actually, it seems that if you omit -o, gpg2 will do exactly this. Ha! How silly of me. Why the hell did I think it would go to stdout? Once again: try before you state with confidence. Thanks for correcting me. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From viktordick86 at gmail.com Mon Mar 21 21:05:10 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Mon, 21 Mar 2016 21:05:10 +0100 Subject: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K' Message-ID: <56F053F6.40801@gmail.com> Hi, is there a possibility to list what each of the private keys in ~/.gnupg/private-keys-v1.d is? Some of them I recognize in the listing of 'gpg --with-keygrip -K', but there are six files in the folder while only three keygrips are shown by the command (one of which is the master key and not present in the folder). I guess these are expired subkeys which I somehow deleted from my keyring, but why would the private keys still be present? Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From dashohoxha at gmail.com Mon Mar 21 21:05:14 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 21 Mar 2016 21:05:14 +0100 Subject: EasyGnuPG In-Reply-To: <56F03197.6050409@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <56F03197.6050409@digitalbrains.com> Message-ID: Ok, criticism is always good, although I know from my experience that 90% of it is wrong. There is plenty of documentation about gpg out there, both old and new one. Maybe I am not smart enough, but believe me that I have spent a huge time with gpg documentation, many years ago and recently, but I still feel lost at it. For example I have seen some tutorials which explain some best practices about how to move the private key offline. I believe that it is time to write some scripts to automate these best practices, instead of writing more tutorials about them. There is no pupose in using a different homedir, except for being prudent not to mess with the existing keyring that people may already have. If you want, you can modify the config of egpg to use the default homedir, but you should not do it unless you are confident with using egpg. The expiry of one month is good for beginners, who may play around and don't really know what they are doing. If they loose the passphrase, or just forget at all about gpg after playing with it for some time, this is not going to have long lasting consequencies. Those who still remember the passphrase can always extend the expiration at any time, and make it as long as they wish. For simplicity, egpg tries to make sure that there is always only one valid private key at any time. And yes, there are still some bugs and things to be improved, it is not perfect yet. If you don't like this approach and think that you can do something better, this is fine, just give it a try, I have nothing against it. If you think that gpg is great and it needs no improvements, this is still fine. Peace, Dashamir On Mon, Mar 21, 2016 at 6:38 PM, Peter Lebbing wrote: > On 21/03/16 16:49, Dashamir Hoxha wrote: > > Yes, but the overall number of commands and options supported > > is 10 times smaller than those of gpg2. Tutorials about egpg are also > > much shorter. > > These things can simply be solved through new documentation rather than a > new > interface. The man page is typical reference style: all commands and > options in > a list format. It's not tutorial style, omitting all but common options and > presenting the material in a tutorial form. > > > And the default values of the options are more suitable > > for a beginner (at least in my opinion). > > I had a quick look through the source. > > The only thing I see in that category, IMHO, is automatically naming output > filenames. The rest is debatable whether it should be the default, or it > could > easily go into gpg.conf. > > My impression is that it's superfluous. Automatically naming an output file > would be some nice icing on the cake; the rest can go. If GnuPG had an > option -A > (--auto-name) I would definitely use it: > > $ gpg2 -Ar de500b3e -e file.txt > > is nicer than: > > $ gpg2 -o file.txt.gpg -r de500b3e -e file.txt > > My main objection to your solution: it increases incompatibility with other > people. Your filenames end in .sealed and .signature where everybody else > uses > .asc (since you use ASCII armour) or .gpg (for binary files). You use a > separate > homedir, meaning for instance getting GnuPG plugins for e-mail programs to > work > require configuration work on the part of the user. The same for SSH > authentication, where it may work automatically for a distribution-managed > configuration. When somebody wishes to do something more than your wrappers > handle, they need to take care of insuring they still work with the same > homedir. I don't see the purpose of changing the homedir. > > You override defaults for key generation, and do so badly, I'm sorry. 4k > RSA > keys can be debated; I think they're overkill and are even unbalanced. But > a > primary key that signs, *encrypts* and certifies? An expiry of *one > month*?? I'd > pick the defaults, and would consider not setting an expiry, though I > might also > pick a long expiry to reduce the number of trash keys on the keyservers. > > Why do you make the passphrase end up in a process list through this > construction: > > > "echo -e \"$PASSPHRASE\n$COMMANDS\" | gpg --batch --passphrase-fd=0 [...] > > While you should probably generate keys on a single user system, this > still is > unnecessarily revealing... anybody typing "ps a" at the correct time (a > long > time, it's key generation) will see the passphrase. GnuPG has an excellent > passphrase interface: the pinentry. > > Why do you override the private key selection by always picking the first > usable > private key explicitly? This seems to me to be a worse default than the > default > algorithm, and it's not even possible to override it. > > Many of your commands rely on the user interface of GnuPG not changing, > for example: > > > $(echo "addkey|4|4096|1m|addkey|6|4096|1m|save" | tr '|' "\n") > > Are you aware that this can change any time the developers feel like it? > It is > meant for human consumption. > > That's my first impression. > > > To switch from using egpg to using gpg2 you just need to change GNUPGHOME > > from '~/.gnupg' to '~/.egpg/.gnupg'. > > Well... the distribution scripts that launch X may not look there, for > instance. > There may be more cases where programs will not notice an environment > variable > set in .profile. You probably should not change the homedir at all... what > is > the purpose? > > > I guess these two are suggestions for EasyGpg2016. > > I think they are meant as alternatives to your project. > > Cheers, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at nym.hush.com Mon Mar 21 21:19:12 2016 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 21 Mar 2016 16:19:12 -0400 Subject: Should always add myself as recipient when ecrypting? In-Reply-To: <87h9fz3bhu.fsf@wheatstone.g10code.de> References: <87h9fz3bhu.fsf@wheatstone.g10code.de> Message-ID: <20160321201913.11F83E06A0@smtp.hushmail.com> On 3/21/2016 at 3:04 PM, "Werner Koch" wrote:On Mon, 21 Mar 2016 10:44, paolo.bolzoni.brown at gmail.com said: > myself as recipient when encrypting a file, of course, in addition of > the real recipient. That allows you to delete the plaintext while still being able to get it back. > Is there a reason not to? If you want to send an anonymous message it is better not to encrypt to an additional key. It is also smart not to use a wildcard (--throw-keyid) for your own key so that in case your secret key leaks it won't be possible to show that the message has also been encrypted to you. ===== A simple working to accomplish this, is to additionally symmetrically encrypt the message. Use the session key from a message encrypted only to your secret key, as the passphrase for the additionally symmetrically encrypted message. ( (afaik), there is minimal danger in continuing to use this passphrase for additional symmetrical messages.) It will allow decryption of sent messages, while providing anonymity. vedaal From edsuter at mac.com Mon Mar 21 14:48:47 2016 From: edsuter at mac.com (Edgar Suter) Date: Mon, 21 Mar 2016 06:48:47 -0700 Subject: Where is /usr/local/gnupg-2.1? Message-ID: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> I am trying to configure Enigmail for Thunderbird on my Intel Core 2 Duo iMac running OSX 10.10.5. When attempting the autoinstallation, the Wizard hung up at the ?downloading? popup. Time passed without any downloading as indicated on the screen shot from the Wikipage. So, I went to the GnuPG site and I was able to download GnuPG-2.1.11. I received a ?Installation successful? message, but the Thunderbird/Enigmail Set-up Wizard cannot find the files automatically. Too, I am unable to manually ?Browse" to find the files. The website suggests: "The software will be installed to /usr/local/gnupg-2.1.? However I search and look manually and am unable to find such a file location. If you can help I would be most appreciative. Ed -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 2-04.png Type: image/png Size: 46568 bytes Desc: not available URL: From rjh at sixdemonbag.org Mon Mar 21 23:39:33 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Mar 2016 18:39:33 -0400 Subject: Where is /usr/local/gnupg-2.1? In-Reply-To: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> References: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> Message-ID: <56F07825.3070803@sixdemonbag.org> Edgar reached out to me earlier, and I directed him here to this list in the hopes that someone with more clue than me would be able to help. Edgar, I'm not particularly up on GPG for OS X. However: > So, I went to the GnuPG site and I was able to download GnuPG-2.1.11. I > received a ?Installation successful? message, but > the Thunderbird/Enigmail Set-up Wizard cannot find the files > automatically. GnuPG doesn't host an OS X build. These are provided by either the GPGTools group (providing GnuPG 2.0) or Patrick Brunschwig (providing GnuPG 2.1). I don't know which version of GnuPG you installed, but if you got it from the GnuPG site then I'm pretty sure it wasn't what you think it is. Try downloading GnuPG 2.1 for OS X from Sourceforge instead: http://sourceforge.net/projects/gpgosx/files/GnuPG-2.1.11-002.dmg/download Install that version of GnuPG. Then open up a Terminal window (it's in your Applications folder, in the Utilities subfolder, called Terminal). At a command prompt type: ls /usr/local/gnupg-2.1 If you get back a listing of files in that directory, congratulations, things are installed. Try Enigmail again. If that doesn't work, ask us again and we'll keep on working the problem until it gets solved. :) From rjh at sixdemonbag.org Tue Mar 22 04:31:56 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Mar 2016 23:31:56 -0400 Subject: Where is /usr/local/gnupg-2.1? In-Reply-To: <20160322012552.GA12980@adversary.org> References: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> <56F07825.3070803@sixdemonbag.org> <20160322012552.GA12980@adversary.org> Message-ID: <56F0BCAC.1030506@sixdemonbag.org> > There are two other possible explanations: MacPorts (see macports.org) > and Home Brew. And Fink, and... etc. However, I'm omitting the ... let's call them "comprehensive" solutions that allow you to install all manner of things. For standalone packages, it's either GPGTools or GPGOSX. From ben at adversary.org Tue Mar 22 02:25:52 2016 From: ben at adversary.org (Ben McGinnes) Date: Tue, 22 Mar 2016 12:25:52 +1100 Subject: Where is /usr/local/gnupg-2.1? In-Reply-To: <56F07825.3070803@sixdemonbag.org> References: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> <56F07825.3070803@sixdemonbag.org> Message-ID: <20160322012552.GA12980@adversary.org> On Mon, Mar 21, 2016 at 06:39:33PM -0400, Robert J. Hansen wrote: > Edgar reached out to me earlier, and I directed him here to this list in > the hopes that someone with more clue than me would be able to help. > > Edgar, I'm not particularly up on GPG for OS X. However: > > > So, I went to the GnuPG site and I was able to download GnuPG-2.1.11. I > > received a ?Installation successful? message, but > > the Thunderbird/Enigmail Set-up Wizard cannot find the files > > automatically. > > GnuPG doesn't host an OS X build. These are provided by either the > GPGTools group (providing GnuPG 2.0) or Patrick Brunschwig (providing > GnuPG 2.1). I don't know which version of GnuPG you installed, but if > you got it from the GnuPG site then I'm pretty sure it wasn't what you > think it is. There are two other possible explanations: MacPorts (see macports.org) and Home Brew. By default Mac Ports installs software to /opt/local and users always have the option of compiling anything from source. Ports tend to have a a specific set of generic compilation or configuration options so more ofteh than not I'll use it to grab the libraries and then do some serious customisation on the last two packages (GPG and GPGME). Home Brew, however, is an autocratic little pain in the butt, but because it uses GitHub as an ad-hoc package manager it is very popular. The price os using home brew means that /usr/local is off-limits for your own projects (a deal breaker for me), it won't run if MacPorts is installed at all (another deal breaker), it doesn't source its tarballs from their origin projects they're all separate github repos with who knows what modifications or added. Plus it complains about any installation of Python other than the version each version of OS X shipped with (yet another deal breaker for me since I recompile Python each time there's a new OpenSSL release for starters) Anyway, there's a fair chance that that subdirectory from /usr/local is a Homebrew thing. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From wk at gnupg.org Tue Mar 22 09:49:50 2016 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Mar 2016 09:49:50 +0100 Subject: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K' In-Reply-To: <56F053F6.40801@gmail.com> (Viktor Dick's message of "Mon, 21 Mar 2016 21:05:10 +0100") References: <56F053F6.40801@gmail.com> Message-ID: <878u1a3nip.fsf@wheatstone.g10code.de> On Mon, 21 Mar 2016 21:05, viktordick86 at gmail.com said: > key and not present in the folder). I guess these are expired subkeys > which I somehow deleted from my keyring, but why would the private keys Or keys used by SSh or X.509. Use gpg-connect-agent and then: > help keyinfo # KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] # # Return information about the key specified by the KEYGRIP. If the # key is not available GPG_ERR_NOT_FOUND is returned. If the option # --list is given the keygrip is ignored and information about all # available keys are returned. If --ssh-list is given information # about all keys listed in the sshcontrol are returned. With --with-ssh # information from sshcontrol is always added to the info. Unless --data # is given, the information is returned as a status line using the format: # # KEYINFO # # KEYGRIP is the keygrip. # # TYPE is describes the type of the key: # 'D' - Regular key stored on disk, # 'T' - Key is stored on a smartcard (token), # 'X' - Unknown type, # '-' - Key is missing. # # SERIALNO is an ASCII string with the serial number of the # smartcard. If the serial number is not known a single # dash '-' is used instead. # # IDSTR is the IDSTR used to distinguish keys on a smartcard. If it # is not known a dash is used instead. # # CACHED is 1 if the passphrase for the key was found in the key cache. # If not, a '-' is used instead. # # PROTECTION describes the key protection type: # 'P' - The key is protected with a passphrase, # 'C' - The key is not protected, # '-' - Unknown protection. # # FPR returns the formatted ssh-style fingerprint of the key. It is only # printed if the option --ssh-fpr has been used. It defaults to '-'. # # TTL is the TTL in seconds for that key or '-' if n/a. # # FLAGS is a word consisting of one-letter flags: # 'D' - The key has been disabled, # 'S' - The key is listed in sshcontrol (requires --with-ssh), # 'c' - Use of the key needs to be confirmed, # '-' - No flags given. # # More information may be added in the future. OK This returns what gpg-agent knows about the private keys. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Tue Mar 22 09:56:28 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 22 Mar 2016 09:56:28 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> Message-ID: <201603220956.34169.bernhard@intevation.de> Hi Dashamir, On Monday 21 March 2016 at 16:49:41, Dashamir Hoxha wrote: > Hi Bernhard, thanks for having a look at it. you are welcome! I appreciate all efforts to make GnuPG more accessible, this is why I am taking a little bit of time to write up some feedback. > On Mon, Mar 21, 2016 at 3:05 PM, Bernhard Reiter > > Most of these commands are not much easier than the direct gpg2 > > commands they are aiming to replace. > > Yes, but the overall number of commands and options supported > is 10 times smaller than those of gpg2. Tutorials about egpg are also > much shorter. Just like Peter wrote I think that a user would usually not encounter all bells and wistles. You can get along with just a few commands. This is why I suggest of trying to approach this from the documentation angle and for the remaining options that are still too hard: Suggest improvements directly to gpg2. > And the default values of the options are more suitable > for a beginner (at least in my opinion). Just like Peter I do not fully understand the rationale behind those choices and would probably choose different ones. A good path forward would be to try to measure this with groups of users in a usability test. This is a lot of effort I guess, so instead we could try to develop a few personas (example user types) and try to argu from their point of view. > > * shell scripts will not work on plattforms without a shell > > (e.g. Windows) > > I have heard that you can use shell scripts on Windows (with cygwin). Using Cygwin is not a good approach because it is lik a second operating system within windows. Windows users would prefer a more windows like approach. > > Ideas for improvements: > > * I you must, write wrappers code it in something more plattform > > indepentent, > > e.g. in python3 (using pyme or pygpgme where appropriate) > > The problem with Python is that I am not familar with it (and there may be > other problems too, that I don't know). > But if you could fork egpg and re-implement it in Python, it could be > great. Any cross plattform approach would work. Python has the advantage that the source code can be changed by an editor an immedeately run and that it works fairly well cross-plattform. What is even more important is that you should use the official API to GnuPG which is Gpgme. https://wiki.gnupg.org/APIs > > * Suggest and improve the original gpg2 command line interface, so that > > usage is easier and the more esotheric options will not be seen or used > > by default. > > * Write a beginners man page for the original gpg2, which covers only the > > main > > use cases. > > I guess these two are suggestions for EasyGpg2016. The goals of out EasyGpg206 are different: We will add some new trust and cert distribution methods to GnuPG and some selected email applications. Users shall never needs to go to the command line. Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Tue Mar 22 10:09:30 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 22 Mar 2016 10:09:30 +0100 Subject: Using gpg for ssh access In-Reply-To: <56EA7B8B.70503@incenp.org> References: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info> <56EA7B8B.70503@incenp.org> Message-ID: <201603221009.35229.bernhard@intevation.de> On Thursday 17 March 2016 at 10:40:27, Damien Goutte-Gattat wrote: > If I may, I wrote two blog posts on this subject: > > * http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html > (for GnuPG 2.0) > > * http://www.incenp.org/notes/2015/gnupg-for-ssh-authentication.html > (for GnuPG 2.1) I've now linked them from https://wiki.gnupg.org/documentation. Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From viktordick86 at gmail.com Tue Mar 22 10:12:36 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Tue, 22 Mar 2016 10:12:36 +0100 Subject: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K' In-Reply-To: <878u1a3nip.fsf@wheatstone.g10code.de> References: <56F053F6.40801@gmail.com> <878u1a3nip.fsf@wheatstone.g10code.de> Message-ID: <56F10C84.3090603@gmail.com> Thanks, I found it myself but since the sender of a mail to the list does not get a copy of it, I could not simply reply. If I use '--list-options show-unusable-subkeys', I see the missing keys, they are simply expired. Sorry to disrupt. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Mar 22 10:46:25 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 22 Mar 2016 05:46:25 -0400 Subject: EasyGnuPG In-Reply-To: <201603220956.34169.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> Message-ID: <56F11471.1060101@sixdemonbag.org> > Just like Peter wrote I think that a user would usually not > encounter all bells and wistles. I think it's rather a bit more extreme than that. I think if a user has to fire GnuPG up from the command line *for anything*, something's gone terribly wrong and we're in danger of losing a user. No, no, I'm not saying GnuPG is bad for being a command-line application. But ask yourself how many users even know how to launch a terminal, much less interact with one. The number is shockingly low. If you want to improve GnuPG's adoption rate, the best path forward appears to be to target users who only know how to navigate GUI interfaces. I don't think the EasyGnuPG authors have thought through their target market. It targets users who are comfortable enough to say "oh, I should use the terminal for this!", but not comfortable enough to read a manpage. It's targeting a small subset of a small subset. From dashohoxha at gmail.com Tue Mar 22 11:20:40 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 11:20:40 +0100 Subject: EasyGnuPG In-Reply-To: <201603220956.34169.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> Message-ID: On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter wrote: > > Any cross plattform approach would work. Python has the advantage > that the source code can be changed by an editor an immedeately run > and that it works fairly well cross-plattform. > > What is even more important is that you should use the official API to > GnuPG which is Gpgme. https://wiki.gnupg.org/APIs This is an important point (using the API), because trying to use `gpg` in scripts is terribly difficult. I don't understand why `gpg` does not follow the unix philosophy of being easily used in scripts and cooperating easily with other commands. So, if there are some things to be improved on gpg, this is one of them: make it more scriptable. Alternatively, make a bash wrapper of Gpgme (which can be used on bash scripts). The other option (for EasyGnuPG) is to be reimplemented in Python or Ruby etc. (which have Gpgme wrappers and can use the API). Maybe someday somebody will do this, or maybe I will do it myself some day. But for the time being I have to stick to bash scripts and try to finish all the features that I had in mind when I started it. Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Tue Mar 22 11:27:08 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 11:27:08 +0100 Subject: EasyGnuPG In-Reply-To: <56F11471.1060101@sixdemonbag.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> Message-ID: On Tue, Mar 22, 2016 at 10:46 AM, Robert J. Hansen wrote: > > I don't think the EasyGnuPG authors have thought through their target > market. It targets users who are comfortable enough to say "oh, I > should use the terminal for this!", but not comfortable enough to read a > manpage. It's targeting a small subset of a small subset. > The target users (not market, because I don't intend to sell it) are people like me, who are comfortable using the terminal, but still find it difficult to use gpg properly, even after reading lots of docs and tutorials. And then, it is not difficult to build a GUI app on top of a command-line tool that works properly. I cannot do it, but somebody maybe can do it easily. Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Mar 22 11:35:47 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 22 Mar 2016 06:35:47 -0400 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> Message-ID: <56F12003.3060703@sixdemonbag.org> > And then, it is not difficult to build a GUI app on top of a > command-line tool that works properly. I cannot do it, but somebody > maybe can do it easily. Oh, it's *hard*. Look at how long it took Enigmail to get into a state where it wasn't painful to use -- and there are still, today, parts about it that give me the heebie-jeebies. (Admittedly, I don't have a good fix for it, but...) User interface design is a hard subject. It requires a much different set of skills than software development, particularly cognitive psychology. Look at how much money Apple spends making user interfaces; they're not throwing that much money at the problem because it's easy. ;) From paolo.bolzoni.brown at gmail.com Tue Mar 22 11:40:10 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Tue, 22 Mar 2016 11:40:10 +0100 Subject: EasyGnuPG In-Reply-To: <56F12003.3060703@sixdemonbag.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> Message-ID: And besides, it's much easier to build a GUI app in front of a C API than a command line application. On Tue, Mar 22, 2016 at 11:35 AM, Robert J. Hansen wrote: >> And then, it is not difficult to build a GUI app on top of a >> command-line tool that works properly. I cannot do it, but somebody >> maybe can do it easily. > > Oh, it's *hard*. Look at how long it took Enigmail to get into a state > where it wasn't painful to use -- and there are still, today, parts > about it that give me the heebie-jeebies. (Admittedly, I don't have a > good fix for it, but...) > > User interface design is a hard subject. It requires a much different > set of skills than software development, particularly cognitive > psychology. Look at how much money Apple spends making user interfaces; > they're not throwing that much money at the problem because it's easy. ;) > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From rjh at sixdemonbag.org Tue Mar 22 11:50:09 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 22 Mar 2016 06:50:09 -0400 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> Message-ID: <56F12361.6030403@sixdemonbag.org> > This is an important point (using the API), because trying to use `gpg` > in scripts is terribly difficult. I don't understand why `gpg` does not > follow the unix philosophy of being easily used in scripts and > cooperating easily with other commands. GnuPG is, believe it or not, a lot more like Apache than it is like grep, cat, or wc. When I start an Apache server it always asks me for an SSL certificate password, it opens network connections, it spawns daemons, it awaits connections... etc. When I run "gpg2 --card-status", GnuPG has to spawn at least two daemons: gpg-agent and scdaemon. When I do a "--recv-key" I'm opening HTTPS connections with the outside world. When I do a signing operation, gpg-agent has to connect with gpg2 and do complex handoffs between them. GnuPG isn't a single tool. GnuPG is a complete platform, a whole system, the same way that Apache or MySQL are. Thinking that the gpg command-line tool is GnuPG is sort of like thinking apachectl is Apache. In both cases they're just tools that you use to manipulate a far larger software ecosystem. From dashohoxha at gmail.com Tue Mar 22 11:53:40 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 11:53:40 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> Message-ID: On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni < paolo.bolzoni.brown at gmail.com> wrote: > And besides, it's much easier to build a GUI app in front of a C API > than a command line application. By no means I want to prevent anybody from starting to build a GUI app... -------------- next part -------------- An HTML attachment was scrubbed... URL: From paolo.bolzoni.brown at gmail.com Tue Mar 22 10:54:18 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Tue, 22 Mar 2016 10:54:18 +0100 Subject: EasyGnuPG In-Reply-To: <56F11471.1060101@sixdemonbag.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> Message-ID: I totally agree, Dashamir I really think you should focus on what you think is hard in gnupg? And why? Are you sure a new program (and not a simple patch) is the best answer? At the moment you are showing us strange defaults, an implementation that can break at any time, and I am not really sure how much it is easier anyway. For example, I find strange and needlessy difficult that the keys have a duration and not an expiration date. So when one wants the key to last until the end of the year or to his birthday one has to make a date difference manually. On Tue, Mar 22, 2016 at 10:46 AM, Robert J. Hansen wrote: >> Just like Peter wrote I think that a user would usually not >> encounter all bells and wistles. > > I think it's rather a bit more extreme than that. I think if a user has > to fire GnuPG up from the command line *for anything*, something's gone > terribly wrong and we're in danger of losing a user. > > No, no, I'm not saying GnuPG is bad for being a command-line > application. But ask yourself how many users even know how to launch a > terminal, much less interact with one. The number is shockingly low. > If you want to improve GnuPG's adoption rate, the best path forward > appears to be to target users who only know how to navigate GUI interfaces. > > I don't think the EasyGnuPG authors have thought through their target > market. It targets users who are comfortable enough to say "oh, I > should use the terminal for this!", but not comfortable enough to read a > manpage. It's targeting a small subset of a small subset. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From paolo.bolzoni.brown at gmail.com Tue Mar 22 14:16:22 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Tue, 22 Mar 2016 14:16:22 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> Message-ID: My real question is: what do you think in gpg is not easy enough? On Tue, Mar 22, 2016 at 11:53 AM, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni > wrote: >> >> And besides, it's much easier to build a GUI app in front of a C API >> than a command line application. > > > By no means I want to prevent anybody from starting to build a GUI app... From lachlan at twopif.net Tue Mar 22 13:21:57 2016 From: lachlan at twopif.net (Lachlan Gunn) Date: Tue, 22 Mar 2016 22:51:57 +1030 Subject: Verification via the web of trust Message-ID: <56F138E5.6070403@twopif.net> Hello, Apologies if this is an excessively newbie question, but is there any reasonably automated way to do verification via the web-of-trust when you don't have all the intermediate steps in the keyring already? All the pathfinders I've seen have been full-on HTML websites, is there anything out there more suitable for scripting? If not, is there a reason? I have a keyserver dump, a newly-written OpenPGP parser/verifier, and a mild sense of irritation :) Thanks, Lachlan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Mar 22 14:28:59 2016 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Mar 2016 14:28:59 +0100 Subject: EasyGnuPG In-Reply-To: (Dashamir Hoxha's message of "Tue, 22 Mar 2016 11:20:40 +0100") References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> Message-ID: <87h9fy1w10.fsf@wheatstone.g10code.de> On Tue, 22 Mar 2016 11:20, dashohoxha at gmail.com said: > scripts is terribly difficult. I don't understand why `gpg` does not follow > the unix philosophy of being easily used in scripts and cooperating easily > with other commands. It actually does. There are just two things which differ: - gpg needs to ask for a passphrase. For obvious reasons we do not want to take the passphrase from stdin by default but use a direct pty access for this. - gpg was designed as a replacement for pgp and thus comes with an extensive tty based user interface. This is indeed not what a Unix tool should be but it helps the user to get the crypto right. And different to many Unix tools, gpg keeps state like cron, batch, mail, and at does. There are two simple things you need to remember when using gpg in a script: 1. --batch to avoid all interaction. 2. --with-colons to get a well defined output format. That format is not good for humans, though. Well we could have done switching the output format automagically but that would be rather surprising. If it is used by a script, adding two extra options for the invocation is not really a bug task. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ben at adversary.org Tue Mar 22 14:50:57 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 00:50:57 +1100 Subject: Where is /usr/local/gnupg-2.1? In-Reply-To: <56F0BCAC.1030506@sixdemonbag.org> References: <11DE450F-9AD3-42C8-B6B7-31518300A4D9@mac.com> <56F07825.3070803@sixdemonbag.org> <20160322012552.GA12980@adversary.org> <56F0BCAC.1030506@sixdemonbag.org> Message-ID: <20160322135057.GA89846@adversary.org> On Mon, Mar 21, 2016 at 11:31:56PM -0400, Robert J. Hansen wrote: > > There are two other possible explanations: MacPorts (see macports.org) > > and Home Brew. > > And Fink, and... etc. However, I'm omitting the ... let's call them > "comprehensive" solutions that allow you to install all manner of > things. For standalone packages, it's either GPGTools or GPGOSX. True enough, but at least this time I managed to resist the temptation to answer the question with the facetious "it's in /usr/local" response. ;) Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From andrewg at andrewg.com Tue Mar 22 14:55:18 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 22 Mar 2016 13:55:18 +0000 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> Message-ID: <04A00397-C5B6-4582-8946-054E09E5443E@andrewg.com> > On 22 Mar 2016, at 10:40, Paolo Bolzoni wrote: > > And besides, it's much easier to build a GUI app in front of a C API > than a command line application. This is undeniably true. Unfortunately you first need to learn the API, which can be a barrier to someone who knows the command line interface and just wants to hack together a script to do a particular job. Cryptography is hard, and decades later we still aren't at the point where average computer users can take advantage of it without either first becoming experts or punching holes in the sides of the boat. For that we need to be encouraging hackers and tinkerers to experiment with novel interfaces; and this is best done by giving them the software equivalent of Lego rather than Meccano. This is not a gpg-specific issue. OpenSSL suffers the same problem of having to be both a comprehensive implementation and a user interface, and handles it pretty much the same way, by using a basic command prompt. Where is the gpg equivalent of easy-rsa though? This is a complaint about software tools in general, but for hackers and tinkerers inconsistency across UIs is a significant barrier to entry. If I can't take what I've learned from using the command line for years and apply it (safely) to writing a modest shell script, I'm going to think long and hard before taking the time to learn a Python API. At the very least, any feature accessible through an interactive interface should have an equivalent command line option, so that all interactive operations can trivially be automated. Thought should also be given to whether wrapping all functionality in a single binary with thousands of options is the best interface to present to even expert command line users (again, OpenSSL is another offender). I say this because I found myself in exactly the same boat as the OP. I wanted to write a small script for my technically-proficient but non-cryptography-expert users so that they could easily manage gpg private keys without me worrying that they'd screw it up; and I ended up with a fragile interface very similar to his that needed to be completely refactored using gpgme. Just interfacing with gpg was the most difficult part of the process; the logic that I built on top of it was easy by comparison. This is the wrong way around. A From brad at fineby.me.uk Tue Mar 22 13:39:07 2016 From: brad at fineby.me.uk (Brad Rogers) Date: Tue, 22 Mar 2016 12:39:07 +0000 Subject: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K' In-Reply-To: <56F10C84.3090603@gmail.com> References: <56F053F6.40801@gmail.com> <878u1a3nip.fsf@wheatstone.g10code.de> <56F10C84.3090603@gmail.com> Message-ID: <20160322123907.2cf73bf5@abydos.stargate.org.uk> On Tue, 22 Mar 2016 10:12:36 +0100 Viktor Dick wrote: Hello Viktor, >Thanks, I found it myself but since the sender of a mail to the list >does not get a copy of it, It's a gmail-ism; Most people get their list messages sent back to them, but not gmail users. It's a 'feature' google seem to be proud of. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" It's cool to know nothin' Never Miss A Beat - Kaiser Chiefs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From ben at adversary.org Tue Mar 22 15:14:41 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 01:14:41 +1100 Subject: EasyGnuPG In-Reply-To: <201603211505.14794.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> Message-ID: <20160322141441.GB89846@adversary.org> On Mon, Mar 21, 2016 at 03:05:05PM +0100, Bernhard Reiter wrote: > Hi Dashamir, > > On Friday 18 March 2016 at 09:49:16, Dashamir Hoxha wrote: > > I am writting some shell scripts for making GnuPG more accessible and > > easier to use: > > - https://github.com/dashohoxha/egpg > > I like the goal of making gpg2 more accessible. > However I am not sure that you are actually reaching the goal > by using sh wrappers. When looking at the man pages, it seems > that they are already long with a number of phrases to learn. > Most of these commands are not much easier than the direct gpg2 > commands they are aiming to replace. You know what might, though, if someone were to take up the old GPA project perhaps ... maybe port it to GTK 3 or implement a Qt version. Or make a free thing that does what that GPGShell GUI thing so many Windows users seem fond of, but isn't even available under a BSD or LGPL license, let alone GPL 2 or 3. I've never used that one, but so many of the PGPNET subscribers swear by the thing for ease of use as well as effectiveness. > Drawbacks I see with your approach: > * people will have to learn a slightly different set of commands > with egpg and gpg2 and sooner or later will use the gpg2 commands > and then they will be confused or have extra learning efforts. > * shell scripts will not work on plattforms without a shell > (e.g. Windows) And those of us used to using shells have probably rolled our own by this stage. In my case gpg1 is a shell wrapper for GPG 1.4.x and an alternate homedir so I really can keep using both keyring formats, gpg2 is 2.1 with some kind of proper-ish trust model, gpg21 is the same except it also reloads dirmngr to use tor and gpg runs the 2.1 binary with trust-model always. Although all mine still use and accept all the standard flags, they just load slightly different configurations for the most part. > * I haven't looked into the .epgp directory, but it may have some configs > and then the behaviour of other applications will depend on whoch config > they use. > * BTW: There is a potential name clash with https://wiki.gnupg.org/EasyGpg2016 Also with the old Emacs binding of EasyPG (now under the EPA banner). > Ideas for improvements: > * I you must, write wrappers code it in something more plattform indepentent, > e.g. in python3 (using pyme or pygpgme where appropriate) There's already a port of pyme to Python 3, it's pretty much ready to go save for some final PEP8 checks which I'm working through the last of currently (in between the occasional local unrelated catastrophe, of course). The 99% ready code is in one of my branches in the gpgme repo on playfair. > * Suggest and improve the original gpg2 command line interface, so that > usage is easier and the more esotheric options will not be seen or used > by default. Given most of them should be in the gpg.conf file anyway, they normally only need to be set once. Sometimes toggled back and forth (e.g. with --expert), but mostly it's set once and leave it that way (e.g. enable-large-rsa, enable-dsa2, allow-freeform-uid, etc.). Regards, Ben -- | Ben McGinnes | Adversarial Press | Twitter: benmcginnes | | Writer, Publisher, Systems Administrator, Trainer, ICT Consultant | | http://www.adversary.org/ http://publishing.adversary.org/ | | GPGME Python 3 API Dev, GNU Privacy Guard https://www.gnupg.org/ | | Encrypted email preferred, OpenPGP/GPG key: 0x321E4E2373590E5D | | OpenPGP/GPG key here: http://goo.gl/GVGwT and http://goo.gl/SDs0D | -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From ben at adversary.org Tue Mar 22 15:31:07 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 01:31:07 +1100 Subject: EasyGnuPG In-Reply-To: <56F03197.6050409@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <56F03197.6050409@digitalbrains.com> Message-ID: <20160322143107.GC89846@adversary.org> On Mon, Mar 21, 2016 at 06:38:31PM +0100, Peter Lebbing wrote: > On 21/03/16 16:49, Dashamir Hoxha wrote: > > Yes, but the overall number of commands and options supported > > is 10 times smaller than those of gpg2. Tutorials about egpg are also > > much shorter. > > These things can simply be solved through new documentation rather > than a new interface. The man page is typical reference style: all > commands and options in a list format. It's not tutorial style, > omitting all but common options and presenting the material in a > tutorial form. The thing about training in GPG is people have to want it. In my experience everyone in the general public decides that "it's all too hard" right up until the moment where it is actually their freedom on on the line or the opportunity to make a buck. Then they can suddenly learn the basics within 1 to 2 hours and love it. Funny that ... Mind you, some students are better than others and two of my best students certainly put it all to good use. One wrote this: https://store.kobobooks.com/en-ca/ebook/silk-road-4 And the other conducted the academic study while shepherding PhD candidates through the "dark net" (some of which was hilarious). > > And the default values of the options are more suitable > > for a beginner (at least in my opinion). > > I had a quick look through the source. > > The only thing I see in that category, IMHO, is automatically naming output > filenames. What, you mean like "gpg2 --use-embedded-filename"? The only time that is null is when the original file was actually from stdin (usually in the case of an email) in which case you should be able to generate a unique filename from the message ID. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From ben at adversary.org Tue Mar 22 15:41:53 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 01:41:53 +1100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> Message-ID: <20160322144153.GD89846@adversary.org> On Tue, Mar 22, 2016 at 11:20:40AM +0100, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter > wrote: > > > > Any cross plattform approach would work. Python has the advantage > > that the source code can be changed by an editor an immedeately run > > and that it works fairly well cross-plattform. > > > > What is even more important is that you should use the official API to > > GnuPG which is Gpgme. https://wiki.gnupg.org/APIs > > > This is an important point (using the API), because trying to use > `gpg` in scripts is terribly difficult. I don't understand why `gpg` > does not follow the unix philosophy of being easily used in scripts > and cooperating easily with other commands. > So, if there are some things to be improved on gpg, this is one of > them: make it more scriptable. Alternatively, make a bash wrapper of > Gpgme (which can be used on bash scripts). You might try experimenting with gpgme-tool then, it's one of the undocumented/self-documented extras which comes with GPGME. It provides a socket interface with which you can interact with portions of the GPGME functions, including most of the most common functions. You can also pipe its commands to it through a shell, so start with something like this: echo help | gpgme-tool Or this: echo help | gpgme-tool > gpgme-tool-cheatsheet.txt Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From bernhard at intevation.de Tue Mar 22 15:45:09 2016 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 22 Mar 2016 15:45:09 +0100 Subject: A better interface to the GnuPG-Framework (Re: EasyGnuPG) In-Reply-To: <20160322141441.GB89846@adversary.org> References: <201603211505.14794.bernhard@intevation.de> <20160322141441.GB89846@adversary.org> Message-ID: <201603221545.14392.bernhard@intevation.de> On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: > You know what might, though, if someone were to take up the old GPA > project perhaps ... maybe port it to GTK 3 or implement a Qt version. We have just cleanup and simplified the structure of Kleopatra, so that is making steps into the direction of the Qt5 version you are thinking of. If you want to help improve a gui part Andre currently is hacking on Kleopatra, so that is a good chance to test and give feedback about its user interface. We want to know what it would take to make Kleo an easy to use crypto GUI for GnuPG. Best, Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part. URL: From paolo.bolzoni.brown at gmail.com Tue Mar 22 15:53:22 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Tue, 22 Mar 2016 15:53:22 +0100 Subject: A better interface to the GnuPG-Framework (Re: EasyGnuPG) In-Reply-To: <201603221545.14392.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> <20160322141441.GB89846@adversary.org> <201603221545.14392.bernhard@intevation.de> Message-ID: I guess we should start from the desired use case. We want a GUI for what? Encrypting? Signing? Managing the web of trust? SSH login? Everything? On Tue, Mar 22, 2016 at 3:45 PM, Bernhard Reiter wrote: > On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: >> You know what might, though, if someone were to take up the old GPA >> project perhaps ... maybe port it to GTK 3 or implement a Qt version. > > We have just cleanup and simplified the structure of Kleopatra, > so that is making steps into the direction of the Qt5 version > you are thinking of. If you want to help improve a gui part > Andre currently is hacking on Kleopatra, so that is a good chance > to test and give feedback about its user interface. > > We want to know what it would take to make Kleo an easy > to use crypto GUI for GnuPG. > > Best, > Bernhard > > > -- > www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) > Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998 > Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From wk at gnupg.org Tue Mar 22 16:29:42 2016 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Mar 2016 16:29:42 +0100 Subject: EasyGnuPG In-Reply-To: <20160322144153.GD89846@adversary.org> (Ben McGinnes's message of "Wed, 23 Mar 2016 01:41:53 +1100") References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> Message-ID: <87a8lq1qft.fsf@wheatstone.g10code.de> On Tue, 22 Mar 2016 15:41, ben at adversary.org said: > provides a socket interface with which you can interact with portions > of the GPGME functions, including most of the most common functions. FWIW: We even consider to extend gpgme-tool to be a Native Messaging Server for Browsers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ben at adversary.org Tue Mar 22 17:35:48 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 03:35:48 +1100 Subject: A better interface to the GnuPG-Framework (Re: EasyGnuPG) In-Reply-To: <201603221545.14392.bernhard@intevation.de> References: <201603211505.14794.bernhard@intevation.de> <20160322141441.GB89846@adversary.org> <201603221545.14392.bernhard@intevation.de> Message-ID: <20160322163548.GE89846@adversary.org> On Tue, Mar 22, 2016 at 03:45:09PM +0100, Bernhard Reiter wrote: > On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: > > You know what might, though, if someone were to take up the old GPA > > project perhaps ... maybe port it to GTK 3 or implement a Qt version. > > We have just cleanup and simplified the structure of Kleopatra, > so that is making steps into the direction of the Qt5 version > you are thinking of. If you want to help improve a gui part > Andre currently is hacking on Kleopatra, so that is a good chance > to test and give feedback about its user interface. > > We want to know what it would take to make Kleo an easy > to use crypto GUI for GnuPG. Ah, no, I think I'll have to leave that to the others. Mainly because I already have quite the task ahead of me with the future planned GPGME Python 3 work (GPyGME, but it's waiting on the GPGME overhaul), though also because the last serious effort I made at any GUI programming was with Tkinter about 15 years ago (and I sucked at it). As for more modern things ... well I'verecently dumped Thunderbird to return to Mutt plus Emacs, so I guess that says something. Note, that wasn't Enigmail's fault, it was purely the compounding of Mozilla's ... whatever it's becoming (plus it can't handle the volume of mail and accounts I have to deal with). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From dashohoxha at gmail.com Tue Mar 22 17:43:00 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 17:43:00 +0100 Subject: A better interface to the GnuPG-Framework (Re: EasyGnuPG) In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <20160322141441.GB89846@adversary.org> <201603221545.14392.bernhard@intevation.de> Message-ID: On Tue, Mar 22, 2016 at 3:53 PM, Paolo Bolzoni < paolo.bolzoni.brown at gmail.com> wrote: > I guess we should start from the desired use case. > We want a GUI for what? Encrypting? Signing? Managing the web of > trust? SSH login? Everything? I think that deciding the desired use case(s) is important. In a certain use case only 5-6 commands/operations/options may be needed, not 300+. In my opinion this is one of the problems with `gpg`. It is so generic that it tries to cover all the possible cases. Consequently, it is huge, and difficult, and suitable for none of them. It is more like a library than like a user interface. Any GUI that tries to follow it faithfully will be difficult, confusing and unintuitive. Each GUI should try to simplify according to its specific use case. Another problem that people have noticed with PGP (and inherited to GPG by trying to follow PGP faithfully), is the confusing terminology (private key, public key, etc.). In egpg I have tried to improve this by using the term "key" for the personal key-pair, and using the term "contact" for the public keys of the people with whom we communicate. This term ("contact") maybe does not have an exactly correct meaning, but it is widely popular, even among dummies who have never used anything but a (non-smart) mobile phone. If you say "contact" they immediately think about the details of a person with whom you want to communicate The names of the commands and options can be improved as well, to better fit the use case on which the GUI app is being used. I have also tried to make sure that there is only one valid (unrevoked and unexpired) private key at any time. Allowing more than one would increase the complexity of the interface and make things more complicated. In certain cases you may need more than one valid keys, but these cases are rare and can be handled by other means. Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at minton.name Tue Mar 22 17:55:17 2016 From: brian at minton.name (Brian Minton) Date: Tue, 22 Mar 2016 16:55:17 +0000 Subject: Verification via the web of trust In-Reply-To: <56F138E5.6070403@twopif.net> References: <56F138E5.6070403@twopif.net> Message-ID: One idea I've been tossing about: import the whole dump. I read that gpg 2.1 uses a new efficient key database called keybox. It would be interesting to see if it could handle that much data, and if so, gpg could do the WoT calculations directly. On Tue, Mar 22, 2016, 9:33 AM Lachlan Gunn wrote: > Hello, > > Apologies if this is an excessively newbie question, but is there any > reasonably automated way to do verification via the web-of-trust when > you don't have all the intermediate steps in the keyring already? > > All the pathfinders I've seen have been full-on HTML websites, is there > anything out there more suitable for scripting? If not, is there a > reason? I have a keyserver dump, a newly-written OpenPGP > parser/verifier, and a mild sense of irritation :) > > Thanks, > Lachlan > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at adversary.org Tue Mar 22 18:06:15 2016 From: ben at adversary.org (Ben McGinnes) Date: Wed, 23 Mar 2016 04:06:15 +1100 Subject: EasyGnuPG In-Reply-To: <87a8lq1qft.fsf@wheatstone.g10code.de> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> <87a8lq1qft.fsf@wheatstone.g10code.de> Message-ID: <20160322170615.GA97148@adversary.org> On Tue, Mar 22, 2016 at 04:29:42PM +0100, Werner Koch wrote: > On Tue, 22 Mar 2016 15:41, ben at adversary.org said: > > > provides a socket interface with which you can interact with > > portions of the GPGME functions, including most of the most common > > functions. > > FWIW: We even consider to extend gpgme-tool to be a Native Messaging > Server for Browsers. Ah, well that explains the reasoning behind the XML format used for storing key data then. Presumably it was done back when XHTML was being pushed as the future of the web, way before the current H5 thing. Fortunately there's still a bunch of decent reasons to use XML when defining information sets, even if most developers and almost all users never touch it. I guess I'd better make another branch to put those Relax-NG and XSD (W3C) schemas I generated in for anyone who needs them. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From peter at digitalbrains.com Tue Mar 22 18:11:51 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 18:11:51 +0100 Subject: Verification via the web of trust In-Reply-To: <56F138E5.6070403@twopif.net> References: <56F138E5.6070403@twopif.net> Message-ID: <56F17CD7.9030104@digitalbrains.com> On 22/03/16 13:21, Lachlan Gunn wrote: > All the pathfinders I've seen have been full-on HTML websites, is there > anything out there more suitable for scripting? This doesn't help you one iota. The simple reason: trust is not transitive. If you want key A, which is 4 hops away from you, to become valid, you need to trust a key B that has signed it. So either you see among the people who signed key A someone you trust, or you don't. I'm pretty sure you would recognise the name of someone you trust. If you do see a name you recognise, key B, and who you trust, the task simply transfers from A to this B. Only if, on every hop along the path, there are people you recognise and trust, can you actually get valid keys that are several hops away. That trust is not transitive is not some quirk of the web of trust: it is fundamental. I might trust Carl, and Carl might trust Jenny, but if I don't know Jenny, I would not trust her, despite the fact that I trust someone who trusts her. Trust is personal and direct, not transitive. There is one exception: when you trust someone so much that you'd delegate the issue of trust to them. This is usually only done in specific, small communities and employer-employee relations, and is a "trust signature". They are hardly ever used. Note that the trust might be more built into the relationship than that you actually do trust your employer... ;) HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From andrewg at andrewg.com Tue Mar 22 19:14:45 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 22 Mar 2016 18:14:45 +0000 Subject: Verification via the web of trust In-Reply-To: <56F17CD7.9030104@digitalbrains.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> Message-ID: <56F18B95.90303@andrewg.com> On 22/03/16 17:11, Peter Lebbing wrote: > > That trust is not transitive is not some quirk of the web of trust: it > is fundamental. I might trust Carl, and Carl might trust Jenny, but if I > don't know Jenny, I would not trust her, despite the fact that I trust > someone who trusts her. Trust is personal and direct, not transitive. All this is true. But this does not help *me* one iota. While the usual formulation of the web of trust (or any PKI for that matter) runs along the lines of "given that I trust this finite list of people, can I verify this particular signature?", the question most useful to a user is "given this particular signature, how much confidence should I invest in it?". They are not the same question. Real world example. I wanted to install the latest copy of Apache for windows. It is signed by one William A Rowe Jr. I do not know William A Rowe Jr, nor do I know any of the people who have signed his key, nor am I ever likely to meet them, let alone trust them enough to verify other keys on my behalf. I'd never even heard of William A Rowe Jr before I tried to download his software. And yet the PGP signature on that binary must be worth something other than zero. In my quest to verify the signature of William A Rowe Jr, I ended up downloading over a thousand keys. Even importing the entire Debian keyring and setting them all to marginal trust (I'm already trusting them to write my OS, so why not?) wasn't enough. I did manage it in the end by assigning full trust to a judicious selection of people that I recognised by name and reputation, and a few that I didn't. Sure, it probably wasn't worth the effort I spent on it. And of course, I then ended up with a terrifyingly liberal trustdb - but which was still not liberal enough to verify a significant fraction of posts to debian-security despite me marginally trusting their entire keyring. My point is, there are times when you want to be absolutely certain that a particular key belongs to someone you know and trust. And there are times when you are looking for whatever assurances you can get that some random dude on the internet isn't about to pwn your server. I'd contend that the second use case is far more common than the first. If you can't ascribe at least *some* level of trust to multiple PGP signatures in the WOT made by named individuals (even those not personally known to you), then you certainly shouldn't be relying on X509 certificates issued by a single one of hundreds of faceless CAs through some automated process. But every day you do that, because the alternative is not to use the internet at all. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Tue Mar 22 19:30:15 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 19:30:15 +0100 Subject: Verification via the web of trust In-Reply-To: <56F18B95.90303@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> Message-ID: <56F18F37.1060002@digitalbrains.com> On 22/03/16 19:14, Andrew Gallagher wrote: > All this is true. But this does not help *me* one iota. It sounds to me like you're not looking for the Web of Trust, which is indeed very limited in its options. Instead, you are probably looking for something more like TOFU, in the sense that this developer whose signature you see is the same one whose signature you saw last time. Or maybe a radically different other trust model. Quite likely one which hasn't actually been implemented. It's still the same though: the OP talked about the Web of Trust, so my answer was about the Web of Trust. That the Web of Trust is not what you are looking for is a completely different issue. > Even importing the entire Debian keyring and setting them all to marginal > trust (I'm already trusting them to write my OS, so why not?) Exactly! Well observed. I've said it before as well, a nefarious person holding the private key of a Debian Developer can do much more interesting stuff than introduce false signatures in the Web of Trust, so you might as well trust them on that too. That is, as always, depending on your threat model. But I'd wager that it's compatible with a lot of threat models, since Debian developers can pretty much execute code as root on your machine. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Tue Mar 22 19:40:43 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 19:40:43 +0100 Subject: Verification via the web of trust In-Reply-To: <56F18B95.90303@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> Message-ID: <56F191AB.6090907@digitalbrains.com> On 22/03/16 19:14, Andrew Gallagher wrote: > Real world example. I wanted to install the latest copy of Apache for > windows. It is signed by one William A Rowe Jr. I do not know William A > Rowe Jr, nor do I know any of the people who have signed his key, nor am > I ever likely to meet them, let alone trust them enough to verify other > keys on my behalf. By the looks of it, you could get an interesting alternate trust path here. You say you run Debian. You can download digitally signed source code through Debian, and in this source code, I see this file: https://anonscm.debian.org/cgit/pkg-apache/apache2.git/tree/debian/upstream/signing-key.pgp My guess is that this is the list of keys accepted for apache2 source code for the Debian builds. Your William A Rowe Jr is in there. Apparently Debian trusts him, and if you download it with apt-get source, you can get a verified genuine copy of this file. So if the signature is valid for the key in this file, you can be pretty darn sure that you have the right one. Otherwise, somebody managed to subvert the integrity system of Debian. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From andrewg at andrewg.com Tue Mar 22 19:43:20 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 22 Mar 2016 18:43:20 +0000 Subject: Verification via the web of trust In-Reply-To: <56F18F37.1060002@digitalbrains.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F18F37.1060002@digitalbrains.com> Message-ID: <56F19248.9080307@andrewg.com> On 22/03/16 18:30, Peter Lebbing wrote: > On 22/03/16 19:14, Andrew Gallagher wrote: >> All this is true. But this does not help *me* one iota. > > It sounds to me like you're not looking for the Web of Trust, which is indeed > very limited in its options. Instead, you are probably looking for something > more like TOFU, in the sense that this developer whose signature you see is the > same one whose signature you saw last time. Only for a project with one developer! Otherwise, the person who signs it could legitimately change between releases. Large projects often have a separate release signing key, but not apache it seems... And at the risk of getting shot down (again), TOFU doesn't work. Not because TOFU is broken (it's a perfectly valid method), but because *people* are broken. How many times have you blithely clicked through an ssh "WARNING: the remote host key has changed!" prompt? ;-) A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From dashohoxha at gmail.com Tue Mar 22 20:07:41 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 20:07:41 +0100 Subject: EasyGnuPG In-Reply-To: <20160322144153.GD89846@adversary.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> Message-ID: On Tue, Mar 22, 2016 at 3:41 PM, Ben McGinnes wrote: > > You might try experimenting with gpgme-tool then, it's one of the > undocumented/self-documented extras which comes with GPGME. It > provides a socket interface with which you can interact with portions > of the GPGME functions, including most of the most common functions. > You can also pipe its commands to it through a shell, so start with > something like this: > > echo help | gpgme-tool > > Or this: > > echo help | gpgme-tool > gpgme-tool-cheatsheet.txt > This seems promissing. Thanks for the suggestion. The problem is that I cannot find `gpgme-tool` in ubuntu 14.04 and it seems that the only way to install it is by compiling. This certainly complicates things a bit. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Tue Mar 22 20:11:23 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 20:11:23 +0100 Subject: EasyGnuPG In-Reply-To: <87a8lq1qft.fsf@wheatstone.g10code.de> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> <87a8lq1qft.fsf@wheatstone.g10code.de> Message-ID: On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch wrote: > On Tue, 22 Mar 2016 15:41, ben at adversary.org said: > > > provides a socket interface with which you can interact with portions > > of the GPGME functions, including most of the most common functions. > > FWIW: We even consider to extend gpgme-tool to be a Native Messaging > Server for Browsers. > In this case, "gpgme-tool" should be packaged on its own, not inside the package "*libgpgme11-dev*". I am refering to this message: https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029206.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Tue Mar 22 20:24:53 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 20:24:53 +0100 Subject: EasyGnuPG In-Reply-To: <04A00397-C5B6-4582-8946-054E09E5443E@andrewg.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> <04A00397-C5B6-4582-8946-054E09E5443E@andrewg.com> Message-ID: On Tue, Mar 22, 2016 at 2:55 PM, Andrew Gallagher wrote: > > For that we need to be encouraging hackers and tinkerers to experiment > with novel interfaces; and this is best done by giving them the software > equivalent of Lego rather than Meccano. > I find the Lego analogy very suitable. This is how unix/linux tools work. > Thought should also be given to whether wrapping all functionality in a > single binary with thousands of options is the best interface to present to > even expert command line users. > For example, converting from binary to asc format can be done by an external tool, through piping. No need to cluter the code, the interface and the docs with extra options. I am sure that there are other cases as well, if one thinks carefully about it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Tue Mar 22 20:35:51 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 20:35:51 +0100 Subject: EasyGnuPG In-Reply-To: <87h9fy1w10.fsf@wheatstone.g10code.de> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <87h9fy1w10.fsf@wheatstone.g10code.de> Message-ID: On Tue, Mar 22, 2016 at 2:28 PM, Werner Koch wrote: > > There are two simple things you need to remember when using gpg in a > script: > > 1. --batch to avoid all interaction. > > 2. --with-colons to get a well defined output format. That format is > not good for humans, though. > > Well we could have done switching the output format automagically but > that would be rather surprising. If it is used by a script, adding two > extra options for the invocation is not really a bug task. > I don't think that automagic would be a good thing. I still think that the colons format is a bit difficult to process and not so suitable. But most importantly, I think that these two options are not enough, it is not as easy as that. For example there is also --passphrase-fd, --command-fd, --logging-fd etc. and sometimes I still don't manage to control properly all the input and output, or I have to do spectacular things that complicate things a lot. I think that it doesn't have to be that difficult. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Tue Mar 22 20:53:59 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 20:53:59 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> Message-ID: On Tue, Mar 22, 2016 at 10:54 AM, Paolo Bolzoni < paolo.bolzoni.brown at gmail.com> wrote: > I totally agree, Dashamir I really think you should focus on what you > think is hard in gnupg? And why? > Are you sure a new program (and not a simple patch) is the best answer? > > At the moment you are showing us strange defaults, an implementation > that can break at any time, and I am not really sure how much it is > easier anyway. > The implementation will not break, as long as it is based on the latest stable release. When the next stable release of gpg is out, the implementation will be adjusted to match it. > For example, I find strange and needlessy difficult that the keys have > a duration and not an expiration date. So when one wants the key to > last until the end of the year or to his birthday one has to make a > date difference manually. > You are right, I find it strange and counterintuitive too. I can try to fix it on egpg. Regarding your main question above (I have also answered it previously), I think that `gpg` (the command) is monolithic, bloated with functionality and options, the docs are like a maze and not clearly structured, the number of commands and options is huge, there is no clear distinction between the commands and the options, the supported use cases are not so clear (it actually tries to support everything), the default values are not well-thought, the terminology is confusing and counter-intuitive, etc. Do you think these can be fixed with simple patches? -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Tue Mar 22 22:21:31 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 22:21:31 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> Message-ID: <56F1B75B.1000805@digitalbrains.com> First of all, let me say that I regret that I didn't start my mail with feedback on your project on a positive note. I think it's good that people spend effort trying to make things more usable, and I applaud you for it. It would have been a lot nicer of me to start out with that. There's no excuse for forgetting basic civility and just being friendly to one another. Sorry. Please don't feel put off by the fact that I might lack some tact here and there... On 22/03/16 20:53, Dashamir Hoxha wrote: > The implementation will not break, as long as it is based on the latest stable > release. > When the next stable release of gpg is out, the implementation will be adjusted > to match it. So you should do a check on the version and fail if it is different than the version you worked with. And you need to support all the versions of all your users; on short notice as well, probably. Plus the elephant in the room that the developers of GnuPG are very explicit in that this interface is not for scripting, yet you use it as such. You can reason about it all you want, in the end, you're still using it differently than upstream intended. > Regarding your main question above (I have also answered it previously), I think > that `gpg` (the command) is monolithic All asymmetric crypto is done in the agent by now, there are separate programs for several tasks like keyserver communication and smartcard communication. Sure you can argue that the tasks are not spread in the way you would like, but in a strict sense it is definitely not monolithic. "Fairly monolithic" at most. >, bloated with functionality and options, You might be bothered by this on principal grounds, since it is security software and there's the attack surface and amount of code to consider, but it's not a practical issue, purely a principal one. That's like saying you don't like Inkscape because it lets you paint in pink and you hate pink and never use it... > the docs are like a maze and not clearly structured A reasonably fair criticism... writing good documentation is hard, very hard. In fact, it turned out to be easier to write academical papers on why it is so difficult to make crypto easy to use than to write documentation that makes crypto easy to use. When I refer to the man page, which is just one bloody long list without structure (and hence not a maze either), I use search terms to find what I look for. If specific ones will not do, a generic one, repeating the search until I find the option I want. Then again, by now I've referred to it reasonably often when trying to help people on this list or playing around. >, the number of commands and > options is huge, Yes. Again, if we had documentation that omitted these, you would not be bothered by it, right? > there is no clear distinction between the commands and the > options This one is odd. Have you examined the structure of the man page? Let me quote (quite) a bit: > COMMANDS > Commands are not distinguished from options except for the fact that only one > command is allowed. > > [...] > Commands not specific to the function > [...] > Commands to select the type of operation > [...] > How to manage your keys > [...] > OPTIONS > gpg2 features a bunch of options to control the exact behaviour and to change > the default configuration. > > [...] > How to change the configuration > [...] > Key related options > [...] > Input and Output > [...] > OpenPGP protocol specific options. > [...] > Compliance options > [...] > Doing things one usually doesn't want to do. > [...] > Deprecated options > [...] This is the structure of the two sections 'commands' and 'options'. I find it perfectly obvious which are which. If you're lost in the massive list of options and wonder whether you're looking at a command or an option, you do a backwards search for a line that doesn't start with a blank. You'll end up at either "COMMANDS" or "OPTIONS", and you'll have your answer. Basic man page voodoo, searching for a non-blank first character to navigate sections. >, the supported use cases are not so clear (it actually tries to support > everything) Everything OpenPGP related, yes. The gpg2 binary is the front end to GnuPG with regards to OpenPGP. Is this the same argument as "it's monolithic"? What practical gain do you get if, for instance, key management were done with a binary called "keymgr", and so on? In the end, when you verify a signature, you want to know the validity of the key, so the same code gets exercised, whether it's in a library shared by several binaries or one binary. And even the library, GPGME, executes a binary: that way you get address space separation. That way, all the crypto is in a separate process, out of the grubby hands of whatever calls it. The private key is even further away in the agent :). Again a separate process. >, the default values are not well-thought This I strongly reject. A /lot/ of thought has gone into the defaults, for as far as I can see from the sideline. Your one month expiry thing is not well thought through. Not only will the owner need to re-sign and redistribute every damn month, but all his contacts will pretty much always need tor refresh the key before they can use it, /even/ if they are currently working offline (e.g., commuting), which means they simply need to wait until they have network coverage again. The 4k RSA primary key with 3 subkeys grows by 2 kilobytes on the keyserver every single month (new expiry signatures). When, not if but when the user forgets to renew, his contacts have no other recourse than to contact the user in plain text to remind them of their forgetfulness. And why is your primary key capable of encryption? One of the reasons for subkeys is so you don't have to use the same key material for both encryption and signing, since this opens up some subtle points of attack that are easily avoided. >, the terminology is > confusing and counter-intuitive, There is definitely some source of confusion: sometimes validity is referred to with some construction with the word "trust" in it, whereas ownertrust is something completely different. Also, the word key is overloaded: is it key material, or is it a certificate? Heck, in the vernacular, keys go with locks, not other keys. But if something in GnuPG, in official documentation, refers to validity with "trust" somewhere, I think you should definitely report it, because I think it's only third parties that do this. Unfortunately, I think it's a bit too late to introduce a different term than "key" for the certificate, even though it is clearly confusing. You could rename stuff to "contacts", but you have an established body of users and terminology. You can't just wish it away, unfortunately. That crypto is really hard from a usability standpoint is well-established. Renaming public keys of others to contacts might be pretty smart. But there is then some asymmetry. I send them my key, but they do not get my key, they get a contact. When my key preferences change, they should refresh their... contact information I suppose. It could work, I just think it's several decades too late to actually change it. > Do you think these can be fixed with simple patches? I think you're being overly critical of what is already there. Somebody one day might get it completely right; it could be you. But I personally don't feel that your current solution is it. It's too disconnected from the rest, and it meddles with stuff it should leave well alone. Current GnuPG is the culmination of several decades of very hard work by talented people. Don't forget that when you think something isn't as you think it should be. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dashohoxha at gmail.com Tue Mar 22 23:10:49 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Tue, 22 Mar 2016 23:10:49 +0100 Subject: EasyGnuPG In-Reply-To: <56F1B75B.1000805@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing wrote: > > Your one month expiry thing is not well thought through. Not only will the > owner > need to re-sign and redistribute every damn month, but all his contacts > will > pretty much always need tor refresh the key before they can use it, /even/ > if > they are currently working offline (e.g., commuting), which means they > simply > need to wait until they have network coverage again. The 4k RSA primary > key with > 3 subkeys grows by 2 kilobytes on the keyserver every single month (new > expiry > signatures). When, not if but when the user forgets to renew, his contacts > have > no other recourse than to contact the user in plain text to remind them of > their > forgetfulness. > You got this wrong. It does not enforce 1 month expiry. Right after creating the key you can change its expiry to 10y, if you wish. But if you say nothing, after 1m you will have to renew it (if you still remember the passphrase). This is like a safety measure for people who are not familiar with gpg. > And why is your primary key capable of encryption? One of the reasons for > subkeys is so you don't have to use the same key material for both > encryption > and signing, since this opens up some subtle points of attack that are > easily > avoided. > What is wrong with that? As long as there is a subkey for encryption, gpg will use the subkey for encryption, even if the primary key is capable of encryption. > Current GnuPG is the culmination of several decades of very hard work by > talented people. Don't forget that when you think something isn't as you > think > it should be. I did not judge the people who built GnuPG. And I know that it is easier to criticize than to do something better. Actually my goal was not to replace GnuPG, my goal was to make things a bit simpler (especially for beginners). And I beleive that this can be done with a bunch of simple shell scripts. Peace, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From k.mallen at soondae.co.uk Tue Mar 22 15:30:38 2016 From: k.mallen at soondae.co.uk (Keith Mallen) Date: Tue, 22 Mar 2016 14:30:38 +0000 Subject: EasyGnuPG In-Reply-To: <04A00397-C5B6-4582-8946-054E09E5443E@andrewg.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F12003.3060703@sixdemonbag.org> <04A00397-C5B6-4582-8946-054E09E5443E@andrewg.com> Message-ID: <1458657038.2970.21.camel@keith> Sorry to butt in here but in my first post to the list I mentioned that I was attempting to use FreePascal/Lazarus to interface with GPG via the command line but whilst I had managed to get it working with OpenSSL attempting the same methodology on GPG resulted in a 'hang'. Now I realise I am a novice and whilst Lazarus is supposedly cross-platform the documentation for Lazarus is hard to interpret presumably because I am a novice but Lazarus is Pascal and cross platform and it is Pascal so I would hope more understandable to knuckle scrapers such as myself. http://wiki.freepascal.org/Executing_External_Programs Someone recently asked about using FreePascal under Windows but made mention of using a DLL. As far as I am aware FreePascal should give you a 'direct' command line interface on any platform. I'll be rubbish here but scratching my head about DLLs reminds me of when I was looking into 'keyloggers' which, under Windows, require a hook into the system if you wish to capture data across running applications... Honest I was trying to catch out a 'Microsoft Support Person' who wanted to fix my computer over the phone. Anyway, for what it might be worth.. http://www.soondae.co.uk/testssl Yes I hate myself already for dropping that one on you with no explanation but basically it is a GUI that interfaces with OpenSSL via the command line in order to generate multiple key pairs. As I say similar does not work on GPG but it would seem that if you can get access to the command line interface for GPG in a similar manner then, being naive, it could be a solution Just floating one Keith On Tue, 2016-03-22 at 13:55 +0000, Andrew Gallagher wrote: > > On 22 Mar 2016, at 10:40, Paolo Bolzoni wrote: > > > > And besides, it's much easier to build a GUI app in front of a C API > > than a command line application. > > This is undeniably true. Unfortunately you first need to learn the API, which can be a barrier to someone who knows the command line interface and just wants to hack together a script to do a particular job. > > Cryptography is hard, and decades later we still aren't at the point where average computer users can take advantage of it without either first becoming experts or punching holes in the sides of the boat. For that we need to be encouraging hackers and tinkerers to experiment with novel interfaces; and this is best done by giving them the software equivalent of Lego rather than Meccano. > > This is not a gpg-specific issue. OpenSSL suffers the same problem of having to be both a comprehensive implementation and a user interface, and handles it pretty much the same way, by using a basic command prompt. > > Where is the gpg equivalent of easy-rsa though? This is a complaint about software tools in general, but for hackers and tinkerers inconsistency across UIs is a significant barrier to entry. If I can't take what I've learned from using the command line for years and apply it (safely) to writing a modest shell script, I'm going to think long and hard before taking the time to learn a Python API. At the very least, any feature accessible through an interactive interface should have an equivalent command line option, so that all interactive operations can trivially be automated. Thought should also be given to whether wrapping all functionality in a single binary with thousands of options is the best interface to present to even expert command line users (again, OpenSSL is another offender). > > I say this because I found myself in exactly the same boat as the OP. I wanted to write a small script for my technically-proficient but non-cryptography-expert users so that they could easily manage gpg private keys without me worrying that they'd screw it up; and I ended up with a fragile interface very similar to his that needed to be completely refactored using gpgme. Just interfacing with gpg was the most difficult part of the process; the logic that I built on top of it was easy by comparison. This is the wrong way around. > > A > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From peter at digitalbrains.com Tue Mar 22 23:25:54 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 23:25:54 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <56F1C672.1000308@digitalbrains.com> On 22/03/16 23:10, Dashamir Hoxha wrote: > You got this wrong. It does not enforce 1 month expiry. Right after > creating the key you can change its expiry to 10y, if you wish. But if > you say nothing, after 1m you will have to renew it (if you still > remember the passphrase). This is like a safety measure for people who > are not familiar with gpg. It's not a good default. There is something to be said for an expiry, so keys eventually become stale if the owner loses the revocation certificate and the key itself. But we clearly have an informed disagreement. There's nothing more I can say, I think. > What is wrong with that? As long as there is a subkey for encryption, > gpg will use the subkey for encryption, even if the primary key is > capable of encryption. That is not up to you! It's up to your peers, or your attackers. They pick which key they encrypt to, and your GnuPG will just use whatever key was encrypted to, to decrypt it. You don't have a say in it. Your only recourse is to delete your primary key, meaning you can't certify anymore either. If there are hidden recipients, GnuPG will simply try both your primary and your subkey to decrypt the hidden PKESK packet. Why did you change this to the setting it had in the way before, the long-long ago: one key for everything? I've only ever seen it advocated in the sense that "you should encrypt to the primary key for TOP SECRET material, since I only have that key on an air-gapped offline computer". Not precisely a beginner's scenario, and a flawed argument anyway if you ask me. > And I beleive that this can be done with a bunch of simple > shell scripts. Go ahead. You've heard multiple opinions from several people. But please be aware of the criticism with regard to the details like the key capabilities and so forth. You're choosing this for your users, not just for yourself. Be prudent. Don't hurt your users, and realise that the defaults are that for good reason. I would strongly urge you to keep GnuPG at its defaults: they are good. Just change the interface, not the defaults. Okay, I should stop, I get the feeling every next sentence is a rephrasing of previous ones :). Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From peter at digitalbrains.com Tue Mar 22 23:30:22 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 22 Mar 2016 23:30:22 +0100 Subject: EasyGnuPG In-Reply-To: <20160322143107.GC89846@adversary.org> References: <201603211505.14794.bernhard@intevation.de> <56F03197.6050409@digitalbrains.com> <20160322143107.GC89846@adversary.org> Message-ID: <56F1C77E.7060607@digitalbrains.com> On 22/03/16 15:31, Ben McGinnes wrote: > What, you mean like "gpg2 --use-embedded-filename"? No, I meant what it already does, I had it wrong in my head and should have tried it. I mean that it would be nice if the following were equivalent: $ gpg2 -r de500b3e -e file.ext $ gpg2 -o file.ext.gpg -r de500b3e -e file.ext Which they are. So the whole argument is moot. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From andrewg at andrewg.com Tue Mar 22 23:56:27 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 22 Mar 2016 22:56:27 +0000 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: On 22 Mar 2016, at 22:10, Dashamir Hoxha wrote: >> On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing wrote: >> And why is your primary key capable of encryption? One of the reasons for >> subkeys is so you don't have to use the same key material for both encryption >> and signing, since this opens up some subtle points of attack that are easily >> avoided. > > What is wrong with that? As long as there is a subkey for encryption, gpg will use the subkey for encryption, even if the primary key is capable of encryption. Please please for the love of all that is sweet and beautiful in the world don't make an encryption-usage primary key. If you ignore everything else Peter has said, please don't ignore this. There are no benefits whatsoever to making an E-usage primary key, and plenty of reasons not to. And unlike expiry dates which can be fixed later, once you have E enabled on a primary key you can't remove it without hacking the innards of the data structure. IMHO the only thing to do with E-usage primary keys is revoke them and start again from scratch. The only reason they are even still allowed in GPG is for backwards compatibility, right...? A -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Wed Mar 23 00:12:07 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 23 Mar 2016 00:12:07 +0100 Subject: EasyGnuPG In-Reply-To: <56F1C672.1000308@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F1C672.1000308@digitalbrains.com> Message-ID: On Tue, Mar 22, 2016 at 11:25 PM, Peter Lebbing wrote: > > > What is wrong with that? As long as there is a subkey for encryption, > > gpg will use the subkey for encryption, even if the primary key is > > capable of encryption. > > That is not up to you! It's up to your peers, or your attackers. They > pick which key they encrypt to, and your GnuPG will just use whatever > key was encrypted to, to decrypt it. You don't have a say in it. Your > only recourse is to delete your primary key, meaning you can't certify > anymore either. > > If there are hidden recipients, GnuPG will simply try both your primary > and your subkey to decrypt the hidden PKESK packet. > > Why did you change this to the setting it had in the way before, the > long-long ago: one key for everything? I've only ever seen it advocated > in the sense that "you should encrypt to the primary key for TOP SECRET > material, since I only have that key on an air-gapped offline computer". > Not precisely a beginner's scenario, and a flawed argument anyway if you > ask me. > You are right on this, I got it wrong. I had no particular reason for doing that. I will make the primary key ony with certification capability, if this is what the experts recommend. > > > And I beleive that this can be done with a bunch of simple > > shell scripts. > > Go ahead. You've heard multiple opinions from several people. But please > be aware of the criticism with regard to the details like the key > capabilities and so forth. You're choosing this for your users, not just > for yourself. Be prudent. Don't hurt your users, and realise that the > defaults are that for good reason. I would strongly urge you to keep > GnuPG at its defaults: they are good. Just change the interface, not the > defaults. I do expect some help on these matters, because I am neither a security expert nor a gpg expert. Regards, Dashamir -------------- next part -------------- An HTML attachment was scrubbed... URL: From mail at tankredhase.de Wed Mar 23 03:20:24 2016 From: mail at tankredhase.de (Tankred Hase) Date: Wed, 23 Mar 2016 10:20:24 +0800 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) Message-ID: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> Hi, I?ve implemented initial support for AES-GCM in OpenPGP.js using the IETF draft for authenticated encryption: https://tools.ietf.org/html/draft-ford-openpgp-format-00 I?ve created a pull request on GitHub for the implementation. The specification leaves quite a bit of wiggle room and I?ve listed my thoughts here: https://github.com/openpgpjs/openpgpjs/pull/430 I?ve already contacted the specification author to give feedback, but being the most widely adopted OpenPGP implementation out there, I also wanted to get the GnuPG community's thoughts. Making GCM the new standard mode for symmetric encryption would give us a modern and performant alternative to OpenPGP's CFB mode. Especially with regards to the WebCrypto api, where GCM is natively supported, but not CFB (currently marked as a 'WontFix' in the chromium bug tracker): https://www.chromium.org/blink/webcrypto#TOC-Supported-algorithms-as-of-Chrome-46- Together will ECC asymmetric encryption, GCM should give OpenPGP a modern cipher suite supported natively in browsers. This will hopefully also allow the community to deprecate some older crypto down the road. Looking forward to your feedback. Thanks, Tankred P.S. Just for reference, here are the GitHub issues tracking ECC in OpenPGP.js. We have not started implementing them, but the plan is to move ahead after GCM is merged: https://github.com/openpgpjs/openpgpjs/issues/427 https://github.com/openpgpjs/openpgpjs/issues/428 From viktordick86 at gmail.com Wed Mar 23 06:04:46 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Wed, 23 Mar 2016 06:04:46 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <56F223EE.8080004@gmail.com> On 22.03.2016 23:10, Dashamir Hoxha wrote: > You got this wrong. It does not enforce 1 month expiry. Right after > creating the key you can change its expiry to 10y, if you wish. But if > you say nothing, after 1m you will have to renew it (if you still > remember the passphrase). This is like a safety measure for people who > are not familiar with gpg. In this case, I think you have got a point. I think the gnupg default of 'expires: never' is not the best solution, since people who just try it out might end up with a public key published to keyservers where they have lost the private key. Of course, this is not different from fake keys published by third parties, as long as there are no relevant signatures on it nobody should trust them. But I still think it might be better to set a default expiry of, let's say, 1 year and two months for the primary key and one year for the subkeys. Then there is the problem that the user might not notice that his key is expired. I remember vagely spending a day trying to find the error until I noticed that my subkeys were expired. But this might have been a problem with Enigmail, which did not give a clear error message. However, one month is IMHO too short. But maybe I'm not the best judge since the last time I wrote an encrypted email was multiple months ago and I only once in my lifetime got an encrypted email except for testing purposes. Renewing my keys every month (and, which is more difficult than simply remembering to do so, distributing them between the couple or so machines where I read email) would be too much of a hassle. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From dashohoxha at gmail.com Wed Mar 23 08:27:57 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 23 Mar 2016 08:27:57 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: On Tue, Mar 22, 2016 at 11:56 PM, Andrew Gallagher wrote: > On 22 Mar 2016, at 22:10, Dashamir Hoxha wrote: > > On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing > wrote: >> >> And why is your primary key capable of encryption? One of the reasons for >> subkeys is so you don't have to use the same key material for both >> encryption >> and signing, since this opens up some subtle points of attack that are >> easily >> avoided. >> > > What is wrong with that? As long as there is a subkey for encryption, gpg > will use the subkey for encryption, even if the primary key is capable of > encryption. > > > Please please for the love of all that is sweet and beautiful in the world > don't make an encryption-usage primary key. If you ignore everything else > Peter has said, please don't ignore this. There are no benefits whatsoever > to making an E-usage primary key, and plenty of reasons not to. And unlike > expiry dates which can be fixed later, once you have E enabled on a primary > key you can't remove it without hacking the innards of the data structure. > > IMHO the only thing to do with E-usage primary keys is revoke them and > start again from scratch. The only reason they are even still allowed in > GPG is for backwards compatibility, right...? > I fixed it: https://github.com/dashohoxha/egpg/commit/d21ccdb42de6f48f316a19aadec93bfd9b7d55ca Is it OK to have a signing primary key? Is it useful? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dashohoxha at gmail.com Wed Mar 23 08:33:25 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 23 Mar 2016 08:33:25 +0100 Subject: EasyGnuPG In-Reply-To: <56F223EE.8080004@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F223EE.8080004@gmail.com> Message-ID: On Wed, Mar 23, 2016 at 6:04 AM, Viktor Dick wrote: > > Then there is the problem that the user might not notice that his key is > expired. I remember vagely spending a day trying to find the error until > I noticed that my subkeys were expired. But this might have been a > problem with Enigmail, which did not give a clear error message. > In egpg you get warnings before and after the key has expired: https://github.com/dashohoxha/egpg/blob/master/src/auxiliary.sh#L46-L60 However I am not sure how well this works in practice. -------------- next part -------------- An HTML attachment was scrubbed... URL: From flapflap at riseup.net Wed Mar 23 14:04:47 2016 From: flapflap at riseup.net (flapflap) Date: Wed, 23 Mar 2016 13:04:47 +0000 Subject: EasyGnuPG In-Reply-To: <56F223EE.8080004@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F223EE.8080004@gmail.com> Message-ID: <56F2946F.50900@riseup.net> Viktor Dick: > In this case, I think you have got a point. I think the gnupg default of > 'expires: never' is not the best solution, since people who just try it > out might end up with a public key published to keyservers where they > have lost the private key. [...] > But I still think it might be > better to set a default expiry of, let's say, 1 year and two months for > the primary key and one year for the subkeys. o IMHO, users of the terminal gpg program should be well aware of the existence of expiration of a key, because they were asked for it during key generation. o "People who just try it [gpg] out" should (and most likely will) not use the terminal interface. o "People who just try it [gpg] out" should use Enigmail or another GUI. And when using Enigmail, the expiry default is 5y, a revocation certificate is generated by default so that the user can revoke the key if s/he lost the passphrase/secret key. Also, the user is advised to make a copy to an external medium (CD/USB) or print it out. It is already 'fail safe' so to say. ~flapflap From bloodybowlers at gmail.com Wed Mar 23 14:33:29 2016 From: bloodybowlers at gmail.com (Bowlers Bloody) Date: Wed, 23 Mar 2016 14:33:29 +0100 Subject: gpg-agent scdaemon + yubikey smartcard on Windows not asking for PIN with PUTTY Message-ID: Hello, I'm using my yubikey 4 as a smartcard to log on remote SSH with PUTTY, under Windows. Putty have a little software called pageant that keep your keys available for putty to use. Unfortunately, it is not smartcard compatible. Fortunately, it works if I use a modified pageant.exe found here : http://smartcard-auth.de/ssh-en.html Now, back to my problem : I read that recent version of gpg4win/gpg-agent are compatible with putty and can replace pageant to talk to putty. So I tried but the problem is, when I use gpg-agent, it does not ask for a PIN (no PIN entry window) and then it fails in putty. This guy seems to have the same kind of problem : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/2015-October/001263.html I'm using Windows 7 64 bits with GnuPG 2.0.29 and Gpg4win 2.3.0. Using putty 0.67. I ran scdaemon and gpg-agent with logging in "guru" mode, and I can post the results here if it helps. It appears the card is read correctly, putty query is detected by gpg-agent, only the PIN entry is not asked/triggered... Any help appreciated, thank you Regards From wk at gnupg.org Wed Mar 23 15:56:49 2016 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Mar 2016 15:56:49 +0100 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> (Tankred Hase's message of "Wed, 23 Mar 2016 10:20:24 +0800") References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> Message-ID: <877fgtxmxa.fsf@wheatstone.g10code.de> On Wed, 23 Mar 2016 03:20, mail at tankredhase.de said: > wanted to get the GnuPG community's thoughts. Making GCM the new > standard mode for symmetric encryption would give us a modern and > performant alternative to OpenPGP's CFB mode. Especially with regards As I mentioned on the WG list, I would really like to see OCB used for OpenPGP. OCB is far superior over any other AE modes. There are no software patent issues even for closed source software with the exception for those whose business it is to kill people. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Mar 23 16:02:50 2016 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Mar 2016 16:02:50 +0100 Subject: EasyGnuPG In-Reply-To: (Dashamir Hoxha's message of "Tue, 22 Mar 2016 20:35:51 +0100") References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <87h9fy1w10.fsf@wheatstone.g10code.de> Message-ID: <8737rhxmn9.fsf@wheatstone.g10code.de> On Tue, 22 Mar 2016 20:35, dashohoxha at gmail.com said: > I still think that the colons format is a bit difficult to process and not The colon format difficult? I can do almost everything on the command line. awk(1) is your friend. > not as easy as that. For example there is also --passphrase-fd, > --command-fd, --logging-fd etc. and sometimes I still don't manage to Well, if you need interaction you need to have a way to pass the passphrase. Interaction and unattended use are mostly orthogonal requirement. Agreed, the required status-fd/command-fd FSM can get quite complex. However gpg 2.1 has the new --quick* commands which can replace most common usages of command-fd in scripts. What is the problem with a logging-fd? Being able to specify a file descriptor instead of a file is a very useful feature and can easily be used by a script. If you really want to log something. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From andrewg at andrewg.com Wed Mar 23 16:35:46 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Wed, 23 Mar 2016 15:35:46 +0000 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: > On 23 Mar 2016, at 07:27, Dashamir Hoxha wrote: > > Is it OK to have a signing primary key? Is it useful? A signing primary key is fine. I prefer making single-use subkeys for each of A,E,S but only the E subkey is strictly necessary. You can always generate the A,S subkeys later if you find you need them (e.g. if you buy a smartcard), and since you can always enforce use of your A,S subkeys (unlike E, where it's out of your hands) this shouldn't cause you any issues if you change your mind. If you are aiming your tool at beginners then single-use subkeys are probably overkill, so the GPG defaults are fine. In general, you should stick to the default behaviour unless you can justify doing otherwise. A From mail at tankredhase.de Wed Mar 23 17:04:59 2016 From: mail at tankredhase.de (Tankred Hase) Date: Thu, 24 Mar 2016 00:04:59 +0800 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <877fgtxmxa.fsf@wheatstone.g10code.de> References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> Message-ID: Hi Werner, thanks for quick response. > Am 23.03.2016 um 22:56 schrieb Werner Koch : > > As I mentioned on the WG list, I would really like to see OCB used for > OpenPGP. OCB is far superior over any other AE modes. There are no > software patent issues even for closed source software with the > exception for those whose business it is to kill people. Could you kindly point me to the discussion on the WG list? I?m new to the IETF world. Thanks. I have no objections against supporting multiple authenticated modes, including OCB. Like I said, the reason I would advocate for GCM is because of its support in the WebCrypto api [1]. Until now, OpenPGP.js has relied on JavaScript implementations of crypto primitives. These are are not only slower, but are also subject to well known side channel attacks. WebCrypto is now widely supported [2] and browsers also offer hardware acceleration for GCM [3]. Several application like Mailvelope and ProtonMail use OpenPGP.js and with the emergence of frameworks like electron and Microsoft?s Universal JS apps on Windows 10, probably more application will in the future. Tankred [1] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html [2] http://caniuse.com/#feat=cryptography [3] https://security.googleblog.com/2014/04/speeding-up-and-strengthening-https.html From paolo.bolzoni.brown at gmail.com Wed Mar 23 17:49:47 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Wed, 23 Mar 2016 17:49:47 +0100 Subject: Verification via the web of trust In-Reply-To: <56F19248.9080307@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F18F37.1060002@digitalbrains.com> <56F19248.9080307@andrewg.com> Message-ID: There is a way to know how many "hops" are a key from anything I trust and see the path? On Tue, Mar 22, 2016 at 7:43 PM, Andrew Gallagher wrote: > On 22/03/16 18:30, Peter Lebbing wrote: >> On 22/03/16 19:14, Andrew Gallagher wrote: >>> All this is true. But this does not help *me* one iota. >> >> It sounds to me like you're not looking for the Web of Trust, which is indeed >> very limited in its options. Instead, you are probably looking for something >> more like TOFU, in the sense that this developer whose signature you see is the >> same one whose signature you saw last time. > > Only for a project with one developer! Otherwise, the person who signs > it could legitimately change between releases. Large projects often have > a separate release signing key, but not apache it seems... > > And at the risk of getting shot down (again), TOFU doesn't work. Not > because TOFU is broken (it's a perfectly valid method), but because > *people* are broken. How many times have you blithely clicked through an > ssh "WARNING: the remote host key has changed!" prompt? ;-) > > A > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From andrewg at andrewg.com Wed Mar 23 17:54:51 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Wed, 23 Mar 2016 16:54:51 +0000 Subject: Verification via the web of trust In-Reply-To: References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F18F37.1060002@digitalbrains.com> <56F19248.9080307@andrewg.com> Message-ID: <56F2CA5B.7060708@andrewg.com> On 23/03/16 16:49, Paolo Bolzoni wrote: > There is a way to know how many "hops" are a key from anything I trust > and see the path? PGP pathfinder will tell you what paths exist between any two specific keys, so long as they are both in the strong set. http://pgp.cs.uu.nl/mk_path.cgi A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From paolo.bolzoni.brown at gmail.com Wed Mar 23 18:14:07 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Wed, 23 Mar 2016 18:14:07 +0100 Subject: Verification via the web of trust In-Reply-To: <56F2CA5B.7060708@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F18F37.1060002@digitalbrains.com> <56F19248.9080307@andrewg.com> <56F2CA5B.7060708@andrewg.com> Message-ID: Sigh.. it seems I am not yet part of the strong set. Thanks anyhow! On Wed, Mar 23, 2016 at 5:54 PM, Andrew Gallagher wrote: > On 23/03/16 16:49, Paolo Bolzoni wrote: >> There is a way to know how many "hops" are a key from anything I trust >> and see the path? > > PGP pathfinder will tell you what paths exist between any two specific > keys, so long as they are both in the strong set. > > http://pgp.cs.uu.nl/mk_path.cgi > > A > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From peter at digitalbrains.com Wed Mar 23 18:42:11 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 23 Mar 2016 18:42:11 +0100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <56F2D573.6090409@digitalbrains.com> On 23/03/16 16:35, Andrew Gallagher wrote: > [...] and since you can always enforce use of your A,S subkeys (unlike > E, where it's out of your hands) this shouldn't cause you any issues if you > change your mind. I haven't tried it (it's more work than most "let's try this" things), but I think if you have a smartcard with your primary key inserted, and your primary key can do A, GnuPG would be quite happy to negotiate that key for SSH auth and subsequently do that authentication. Smartcard keys are automatically considered for SSH authentication, which is where it differs from on-disk keys, which need to be added to sshcontrol explicitly. > If you are aiming your tool at beginners then single-use subkeys are probably > overkill, so the GPG defaults are fine. Yes, an on-disk authentication subkey seems really uncommon to me. I would completely omit an A subkey. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dkg at fifthhorseman.net Wed Mar 23 18:48:22 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 23 Mar 2016 13:48:22 -0400 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> <87a8lq1qft.fsf@wheatstone.g10code.de> Message-ID: <87zitpjdax.fsf@alice.fifthhorseman.net> On Tue 2016-03-22 15:11:23 -0400, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch wrote: > >> FWIW: We even consider to extend gpgme-tool to be a Native Messaging >> Server for Browsers. > > In this case, "gpgme-tool" should be packaged on its own, not inside the > package "*libgpgme11-dev*". > I am refering to this message: > https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029206.html I'm entirely open to packaging gpgme-tool separately from the -dev package, if there is a clear and compelling argument for it. If you feel that this is something particularly useful that you want to happen for debian, please file a debian bug report against the gpgme1.0 source package (e.g. "reportbug gpgme1.0"). Regards, --dkg From dkg at fifthhorseman.net Wed Mar 23 19:30:21 2016 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 23 Mar 2016 14:30:21 -0400 Subject: EasyGnuPG In-Reply-To: <56F2D573.6090409@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F2D573.6090409@digitalbrains.com> Message-ID: <87twjxjbcy.fsf@alice.fifthhorseman.net> On Wed 2016-03-23 13:42:11 -0400, Peter Lebbing wrote: > Yes, an on-disk authentication subkey seems really uncommon to me. I would > completely omit an A subkey. the monkeysphere project encourages the creation of on-disk authentication subkeys. While that may be uncommon, i don't think it's "really uncommon". --dkg From peter at digitalbrains.com Wed Mar 23 20:30:50 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 23 Mar 2016 20:30:50 +0100 Subject: EasyGnuPG In-Reply-To: <87twjxjbcy.fsf@alice.fifthhorseman.net> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F2D573.6090409@digitalbrains.com> <87twjxjbcy.fsf@alice.fifthhorseman.net> Message-ID: <56F2EEEA.6090608@digitalbrains.com> On 23/03/16 19:30, Daniel Kahn Gillmor wrote: > the monkeysphere project encourages the creation of on-disk > authentication subkeys. While that may be uncommon, i don't think it's > "really uncommon". Fair enough :). Things like monkeysphere are exactly where it makes sense. I have no idea how many people deploy monkeysphere for SSH. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dashohoxha at gmail.com Wed Mar 23 20:33:03 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Wed, 23 Mar 2016 20:33:03 +0100 Subject: EasyGnuPG In-Reply-To: <87zitpjdax.fsf@alice.fifthhorseman.net> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> <87a8lq1qft.fsf@wheatstone.g10code.de> <87zitpjdax.fsf@alice.fifthhorseman.net> Message-ID: On Wed, Mar 23, 2016 at 6:48 PM, Daniel Kahn Gillmor wrote: > > > In this case, "gpgme-tool" should be packaged on its own, not inside the > > package "*libgpgme11-dev*". > > I am refering to this message: > > https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029206.html > > I'm entirely open to packaging gpgme-tool separately from the -dev > package, if there is a clear and compelling argument for it. > If I write a tool that uses and depends on `gpgme-tool`, it doesn't seem right to me to depend on a -dev package. This is just a feeling, maybe I am wrong. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dougb at dougbarton.email Wed Mar 23 22:07:38 2016 From: dougb at dougbarton.email (Doug Barton) Date: Wed, 23 Mar 2016 14:07:38 -0700 Subject: Verification via the web of trust In-Reply-To: <56F18B95.90303@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> Message-ID: <56F3059A.2070406@dougbarton.email> On 3/22/2016 11:14 AM, Andrew Gallagher wrote: > the question most useful to a user is "given this particular > signature, how much confidence should I invest in it?". No, the question *most* users that bother to use the signature at all ask about it is, "Did it validate?" The answer to *your* question, "How much confidence should I invest in it?" is, "Very little." Except in certain specialized situations the only utility for a PGP signature is, "Does it show that the thing signed arrived unchanged?" You cannot reasonably place more confidence in it than that, regardless of the number of known signatures the key has. 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. And as Robert pointed out, for organizational keys there is no way that you can associate control of the key with a known, trusted individual. So trying to validate a key in the manner you described in your e-mail is at best a fool's errand. If you enjoy the work, by all means help yourself. But let's please stop pretending that signatures mean more than they really do. Doug From andrewg at andrewg.com Thu Mar 24 00:38:36 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Wed, 23 Mar 2016 23:38:36 +0000 Subject: Verification via the web of trust In-Reply-To: <56F3059A.2070406@dougbarton.email> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> Message-ID: <0AFBD695-6BE3-4CA1-95D7-7354E8447778@andrewg.com> On 23 Mar 2016, at 21:07, Doug Barton wrote: > >> On 3/22/2016 11:14 AM, Andrew Gallagher wrote: >> the question most useful to a user is "given this particular >> signature, how much confidence should I invest in it?". > > No, the question *most* users that bother to use the signature at all ask about it is, "Did it validate?" You're contradicting something I didn't say. > The answer to *your* question, "How much confidence should I invest in it?" is, "Very little." "Very little" is still better than "nothing", which is the only alternative on offer. > Except in certain specialized situations the only utility for a PGP signature is, "Does it show that the thing signed arrived unchanged?" Unchanged compared to what? ;-) > You cannot reasonably place more confidence in it than that, regardless of the number of known signatures the key has. > > 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. > > 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. > > And as Robert pointed out, for organizational keys there is no way that you can associate control of the key with a known, trusted individual. All true. And all beside the point that I was making, which is that a validated signature may not be much, but it's a) all that we have, and b) better than nothing. > So trying to validate a key in the manner you described in your e-mail is at best a fool's errand. If you enjoy the work, by all means help yourself. But let's please stop pretending that signatures mean more than they really do. Spending a lot of bandwidth refuting straw man points that I didn't actually make is also a fools' errand. ;-) A From mail at tankredhase.de Thu Mar 24 01:44:31 2016 From: mail at tankredhase.de (Tankred Hase) Date: Thu, 24 Mar 2016 08:44:31 +0800 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <877fgtxmxa.fsf@wheatstone.g10code.de> References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> Message-ID: <4F272982-3DFC-454B-96B4-F2A6E9FD9AF4@tankredhase.de> Hi again, > Am 23.03.2016 um 22:56 schrieb Werner Koch : > > On Wed, 23 Mar 2016 03:20, mail at tankredhase.de said: > >> wanted to get the GnuPG community's thoughts. Making GCM the new >> standard mode for symmetric encryption would give us a modern and >> performant alternative to OpenPGP's CFB mode. Especially with regards > > As I mentioned on the WG list, I would really like to see OCB used for > OpenPGP. OCB is far superior over any other AE modes. There are no > software patent issues even for closed source software with the > exception for those whose business it is to kill people. I've done some research concerning patents. It seems OCB is not unencumbered by patents [1][2] while GCM is patent free [3][4]. A least according to Wikipedia and Matthew Green?s blog... "GCM. Galois Counter Mode has quietly become the most popular AE(AD) mode in the field today, despite the fact that everyone hates it. The popularity is due in part to the fact that GCM is extremely fast, but mostly it's because the mode is patent-free. GCM is 'on-line' and can be parallelized, and (best): recent versions of OpenSSL and Crypto++ provide good implementations, mostly because it's now supported as a TLS ciphersuite. As a side benefit, GCM will occasionally visit your house and fix broken appliances." Would this change your perception of GCM in regards to GnuPG adoption? Thanks, Tankred [1] https://en.wikipedia.org/wiki/OCB_mode#Patents [2] http://crypto.stackexchange.com/questions/5639/why-is-ocb-aes-mode-not-becoming-a-standard-for-authenticated-encryption [3] https://en.wikipedia.org/wiki/Galois/Counter_Mode#Patents [4] http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html From dougb at dougbarton.email Thu Mar 24 07:34:08 2016 From: dougb at dougbarton.email (Doug Barton) Date: Wed, 23 Mar 2016 23:34:08 -0700 Subject: Verification via the web of trust In-Reply-To: <0AFBD695-6BE3-4CA1-95D7-7354E8447778@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> <0AFBD695-6BE3-4CA1-95D7-7354E8447778@andrewg.com> Message-ID: <56F38A60.5070506@dougbarton.email> On 03/23/2016 04:38 PM, Andrew Gallagher wrote: > On 23 Mar 2016, at 21:07, Doug Barton wrote: >> >>> On 3/22/2016 11:14 AM, Andrew Gallagher wrote: >>> the question most useful to a user is "given this particular >>> signature, how much confidence should I invest in it?". >> >> No, the question *most* users that bother to use the signature at all ask about it is, "Did it validate?" > > You're contradicting something I didn't say. Yes, I am. I'm trying to make a point. One which I think you failed to grasp. >> The answer to *your* question, "How much confidence should I invest in it?" is, "Very little." > > "Very little" is still better than "nothing", which is the only alternative on offer. > >> Except in certain specialized situations the only utility for a PGP signature is, "Does it show that the thing signed arrived unchanged?" > > Unchanged compared to what? ;-) I'm assuming that this is not a serious question. >> You cannot reasonably place more confidence in it than that, regardless of the number of known signatures the key has. >> >> 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. >> >> 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. >> >> And as Robert pointed out, for organizational keys there is no way that you can associate control of the key with a known, trusted individual. > > All true. And all beside the point that I was making, which is that a validated signature may not be much, but it's a) all that we have, and b) better than nothing. No, it's *not* beside the point. You keep saying "better than nothing," which is technically correct, but not sufficient. We need to understand and discuss exactly *how much* better than nothing a valid signature is before we can seriously discuss how much weight to put on it, or how much spelunking through the WOT we're willing to perform, or (more importantly) recommend. >> So trying to validate a key in the manner you described in your e-mail is at best a fool's errand. If you enjoy the work, by all means help yourself. But let's please stop pretending that signatures mean more than they really do. > > Spending a lot of bandwidth refuting straw man points that I didn't actually make is also a fools' errand. ;-) Ok, so let me be more direct, since I was obviously too subtle the first time. You described downloading keys and validating signatures in an effort to validate a key which signed a random software package that you downloaded from the Internet which is, by and large, a colossal waste of time. Further, you seem dangerously misinformed about what value to place on the work that you performed (that is, any actual increase in trust or validity that you placed on the key after you were done ... hint: It's zero). Because of the three points I listed above, any work spent validating they key that made the signature is simply a waste of time. You cannot, and more importantly should not, impart any additional "trust" in signatures made by that key due to the work you performed. Now it's your time to spend, so if you want to spend it thusly, that's great. More power to you. But before you create any grand plans or recommend that others do the same kind of work you really need to understand the situation better. hope this helps, Doug From wk at gnupg.org Thu Mar 24 10:27:18 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Mar 2016 10:27:18 +0100 Subject: EasyGnuPG In-Reply-To: <87zitpjdax.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 23 Mar 2016 13:48:22 -0400") References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <20160322144153.GD89846@adversary.org> <87a8lq1qft.fsf@wheatstone.g10code.de> <87zitpjdax.fsf@alice.fifthhorseman.net> Message-ID: <877fgsusy1.fsf@wheatstone.g10code.de> On Wed, 23 Mar 2016 18:48, dkg at fifthhorseman.net said: > I'm entirely open to packaging gpgme-tool separately from the -dev > package, if there is a clear and compelling argument for it. As of now it is not really stable and as long as there are no well known users I do not think that a separate package makes sense. Seo let's defer this decision. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Thu Mar 24 10:53:28 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Mar 2016 10:53:28 +0100 Subject: Verification via the web of trust In-Reply-To: <56F3059A.2070406@dougbarton.email> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> Message-ID: <56F3B918.4070002@digitalbrains.com> On 23/03/16 22:07, Doug Barton wrote: > 1. You don't know if the key was in full control of the > person/organization it purports to represent before, during, or after > the signatures you are trusting were applied. > > 2. You don't know if the person in control of the key at the time the > thing you care about was signed was being coerced, or not. These situations are rather more extreme than "is somebody MITM'ing my connection to the apache.org webserver". If you can decide that somebody authorized by the Apache Foundation to sign off on releases actually did sign the code you got, that's actually of value. The trust starts somewhere, there is always some base step where you say "I can't verify further, this will do". There are no absolutes in this game. In fact, the two points you give are /always/ valid. They do not make signatures useless. If I can conclude that the Debian project accepts signatures by someone for releases of the Apache webserver, I feel pretty confident that so can I. Somebody might actually be playing a very intricate game. Well, they seem to have managed to subvert a majorly large Linux distribution[1], I might as well give up against this actor, I'm no match for them. My 2 cents, Peter. [1] Or alternatively, the installation media from which I installed Debian, because again, the trust has to start somewhere. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Thu Mar 24 10:51:08 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Mar 2016 10:51:08 +0100 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: (Tankred Hase's message of "Thu, 24 Mar 2016 00:04:59 +0800") References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> Message-ID: <8737rgurub.fsf@wheatstone.g10code.de> On Wed, 23 Mar 2016 17:04, mail at tankredhase.de said: > Could you kindly point me to the discussion on the WG list? I?m new to > the IETF world. Thanks. They now have a strange mail archive but here is my last message regrading this topic (also copied below): BTW, there will be a WG session at IETF-95 on April 6, 11:00 - 12:30. You may participate remotely: > I have no objections against supporting multiple authenticated modes, > including OCB. Like I said, the reason I would advocate for GCM is That is not going to work. I am pretty sure that there is already a rough concensus in the WG that we will add only one new encryption format which will eventually replace the MDC format. The current discussion is around the idea to detecta corrupt large message early and not only after the full message has been processed. > channel attacks. WebCrypto is now widely supported [2] and browsers > also offer hardware acceleration for GCM [3]. GCM has only be developed to avoid the OCB patent which in fact is irrelevant these days. And frankly it will take at least 5 years before a new AE mode in OpenPGP will be widely deployed - by then the patent has expired. OCB is way easier than GCM and thus also easier to implement in JS Salam-Shalom, Werner ========== From: Werner Koch Subject: Re: [openpgp] OpenPGP SEIP downgrade attack On Thu, 8 Oct 2015 16:59, pgut001 at cs.auckland.ac.nz said: > (It's also not clear whether someone encrypting a 10k email message with PGP > is going to notice it being processed at 100MB/s or 150MB/s). I heard of backups somewhat larger than that. For mail it is anyway not a problem - you sign and encrypt and you are done. Not even a need for an MDC. > (I actually really like OCB and don't like GCM much, but the patent situation > makes it pretty problematic). Well, for the majority of uses cases there is a gratis license grant from Phil Rogaway for his patents. Further daft-zauner-tls-aes-ocb-03.txt states: 6. Intellectual Propery Rights Issues Historically OCB Mode has seen difficulty with deployment and standardization because of pending patents and intellectual rights claims on OCB itself. In preparation of this document all interested parties have declared they will issue IPR statements exempting use of OCB Mode in TLS from these claims. Specifically - OCB Mode as described in this document for use in TLS - is based, and strongly influenced, by earlier work from Charanjit Jutla on [IAPM]. At IETF-93 this case was mentioned and it was suggested to ask for a similar licenses exception [1,2] if we consider to use OCB for OpenPGP. Salam-Shalom, Werner [1] https://datatracker.ietf.org/ipr/2647/ [1] https://datatracker.ietf.org/ipr/2640/ -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Mar 24 10:52:06 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Mar 2016 10:52:06 +0100 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <4F272982-3DFC-454B-96B4-F2A6E9FD9AF4@tankredhase.de> (Tankred Hase's message of "Thu, 24 Mar 2016 08:44:31 +0800") References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> <4F272982-3DFC-454B-96B4-F2A6E9FD9AF4@tankredhase.de> Message-ID: <87y498td89.fsf@wheatstone.g10code.de> On Thu, 24 Mar 2016 01:44, mail at tankredhase.de said: > Would this change your perception of GCM in regards to GnuPG adoption? Please see my other reply on the patent status of OCB. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Thu Mar 24 11:01:18 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Mar 2016 11:01:18 +0100 Subject: Verification via the web of trust In-Reply-To: <56F3B918.4070002@digitalbrains.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> <56F3B918.4070002@digitalbrains.com> Message-ID: <56F3BAEE.2010001@digitalbrains.com> On 24/03/16 10:53, Peter Lebbing wrote: > [1] Or alternatively, the installation media from which I installed > Debian, because again, the trust has to start somewhere. This can clearly be broadened to just "subverted my computer", at any time, through any mechanism. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From paolo.bolzoni.brown at gmail.com Thu Mar 24 11:21:37 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Thu, 24 Mar 2016 11:21:37 +0100 Subject: Force textual pinpad Message-ID: Dear list, It is possible to simply use the terminal to input my password when using gpg from the command line? I often use the computer with two screens, one that the students see and the one in front of me. So, it's kinda a problem when the pinpad appears in the "wrong" screen as it seems to abuse the window manager and refuse to move, lose focus, or do what you expect from a window. So to make it easier, what about simply use the terminal? Is that possible? Yours faithfully, Paolo From dashohoxha at gmail.com Thu Mar 24 11:35:16 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Thu, 24 Mar 2016 11:35:16 +0100 Subject: Force textual pinpad In-Reply-To: References: Message-ID: On Thu, Mar 24, 2016 at 11:21 AM, Paolo Bolzoni < paolo.bolzoni.brown at gmail.com> wrote: > Dear list, > > It is possible to simply use the terminal to input my password when > using gpg from the command line? > I often use the computer with two screens, one that the students see > and the one in front of me. So, it's kinda a problem when the pinpad > appears in the "wrong" screen as it seems to abuse the window manager > and refuse to move, lose focus, or do what you expect from a window. > > So to make it easier, what about simply use the terminal? Is that possible? > Have you tried `--passphrase-fd=0`? This should tell gpg2 to get the passphrase from the stdin (terminal). If it doesn't work, try also `--passphrase-fd=0 <<< "your-passphrase" ` You can also try to through `--batch` in the mix, and then it should definitely work (stop complaining). -------------- next part -------------- An HTML attachment was scrubbed... URL: From mail at tankredhase.de Thu Mar 24 11:41:14 2016 From: mail at tankredhase.de (Tankred Hase) Date: Thu, 24 Mar 2016 18:41:14 +0800 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <8737rgurub.fsf@wheatstone.g10code.de> References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> <8737rgurub.fsf@wheatstone.g10code.de> Message-ID: > They now have a strange mail archive but here is my last message > regrading this topic (also copied below): > > Thanks! > BTW, there will be a WG session at IETF-95 on April 6, 11:00 - 12:30. > You may participate remotely: > > Sounds interesting. I might as well join in. >> I have no objections against supporting multiple authenticated modes, >> including OCB. Like I said, the reason I would advocate for GCM is > > That is not going to work. I am pretty sure that there is already a > rough concensus in the WG that we will add only one new encryption > format which will eventually replace the MDC format. The current > discussion is around the idea to detecta corrupt large message early and > not only after the full message has been processed. Understood. That makes sense. > GCM has only be developed to avoid the OCB patent which in fact is > irrelevant these days. And frankly it will take at least 5 years before > a new AE mode in OpenPGP will be widely deployed - by then the patent > has expired. > > OCB is way easier than GCM and thus also easier to implement in JS My main concern is not the developer experience, but rather the user experience: # Security Crypto primitives written in JS are widely considered to be insecure due to timing attack vectors. This is why the WebCrypto api was introduced in the first place. Browsers all ship with TLS stacks like NSS and OpenSSL/BoringSSL that already include primitives like AES-GCM. These are well tested and subject to release process with timely security updates. This means that web developers should not be rolling their own crypto and always use the WebCrypto api provided by browsers. # Performance I have done some benchmarks using Chrome's GCM implementation and it's about 30x faster than an optimized JS implementation on my Corei5: https://github.com/openpgpjs/openpgpjs/pull/430#issuecomment-200469142 # Platform support There are good reasons why OFB has not been standardized for TLS. As Matthew Green points out in his post, probably due to patent issues. Even if the patent issues are gone in 5 years, GCM will still have better support in browsers and other runtimes/libraries due to its head start. In 5 years we probably won't care about OFB anyway since we'll all be using a modern primitive like DJB's ChaCha20-Poly1305 (which is already being used in Chrome on mobile devices that don't have hardware acceleration for GCM). JavaScript in contrast to programming in a native environment like C/C++ simply has certain constraints, which makes us more dependent on the rest of the ecosystem. I understand that GnuPG does not have these constraints. But given that OpenPGP strives to be an interoperable open standard focused on growing its user base, these factors should be considered when choosing a new authenticated mode. Tankred From flapflap at riseup.net Thu Mar 24 11:55:24 2016 From: flapflap at riseup.net (flapflap) Date: Thu, 24 Mar 2016 10:55:24 +0000 Subject: Force textual pinpad In-Reply-To: References: Message-ID: <56F3C79C.70007@riseup.net> Dashamir Hoxha: > If it doesn't work, try also `--passphrase-fd=0 <<< "your-passphrase" ` sounds like a bad idea to me because the passphrase could end up in the ~/.bash_history (if bash is used) and physically stored on (a potentially unencrypted) hard disk... From paolo.bolzoni.brown at gmail.com Thu Mar 24 12:01:08 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Thu, 24 Mar 2016 12:01:08 +0100 Subject: Force textual pinpad In-Reply-To: <56F3C79C.70007@riseup.net> References: <56F3C79C.70007@riseup.net> Message-ID: To unset DISPLAY env var works really well, but I'd prefere something I can setup in the gpg options. On Thu, Mar 24, 2016 at 11:55 AM, flapflap wrote: > Dashamir Hoxha: >> If it doesn't work, try also `--passphrase-fd=0 <<< "your-passphrase" ` > > sounds like a bad idea to me because the passphrase could end up in the > ~/.bash_history (if bash is used) and physically stored on (a > potentially unencrypted) hard disk... From peter at digitalbrains.com Thu Mar 24 12:24:32 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Mar 2016 12:24:32 +0100 Subject: Force textual pinpad In-Reply-To: References: <56F3C79C.70007@riseup.net> Message-ID: <56F3CE70.7090006@digitalbrains.com> Please don't pass the passphrase on the command line as Dashamir Hoxha suggested. On 24/03/16 12:01, Paolo Bolzoni wrote: > To unset DISPLAY env var works really well, but I'd prefere something > I can setup in the gpg options. As long as you don't use gpg-agent as an SSH agent, you can use a terminal-based pinentry as the entry method. For instance, install the package of your OS that contains pinentry-curses and add this to $GNUPGHOME/gpg-agent.conf: pinentry-program /usr/bin/pinentry-curses Alternatively, pinentry-tty is for the true minimalists. I wouldn't recommend it, though. You will need to kill off your running gpg-agent; this should start a new one once you need it again. The precise behaviour depends on whether you're using GnuPG 2.0 or 2.1. Note that my 2.1 agent even survives X logouts :). So logout/login isn't even enough. The X11 pinentries are indeed the summum of modal dialog, and this is purposely done to at least somewhat protect against mistakes and rogue X clients. You can make it less obnoxious :) by adding to your gpg-agent.conf: no-grab This latter solution I mean as a solution on its own, not in combination with a different-than-the-default pinentry. To be able to use a terminal-based pinentry with gpg-agent as an SSH agent, more work needs to be done before it will work. Oh, as a final point of interest, Debian uses the "alternatives" mechanism for the pinentry, so it should be possible to change the used pinentry through update-alternatives rather than gpg-agent.conf; then it will be system-wide, though. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dgouttegattat at incenp.org Thu Mar 24 12:26:58 2016 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Thu, 24 Mar 2016 12:26:58 +0100 Subject: Force textual pinpad In-Reply-To: References: <56F3C79C.70007@riseup.net> Message-ID: <56F3CF02.6000005@incenp.org> On 03/24/2016 12:01 PM, Paolo Bolzoni wrote: > To unset DISPLAY env var works really well, but I'd prefere something > I can setup in the gpg options. You can configure the agent to use the TTY version of Pinentry. Add the following to your $GNUPGHOME/gpg-agent.conf: pinentry-program /usr/bin/pinentry-tty (Adjust for the location of the pinentry-tty binary if needed.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From paolo.bolzoni.brown at gmail.com Thu Mar 24 12:28:24 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Thu, 24 Mar 2016 12:28:24 +0100 Subject: Force textual pinpad In-Reply-To: <56F3CF02.6000005@incenp.org> References: <56F3C79C.70007@riseup.net> <56F3CF02.6000005@incenp.org> Message-ID: I don't have a $GNUPGHOME/gpg-agent.conf file, I can simply create it or I have to assume something is terribly wrong in my system? On Thu, Mar 24, 2016 at 12:26 PM, Damien Goutte-Gattat wrote: > On 03/24/2016 12:01 PM, Paolo Bolzoni wrote: >> >> To unset DISPLAY env var works really well, but I'd prefere something >> I can setup in the gpg options. > > > You can configure the agent to use the TTY version of Pinentry. Add the > following to your $GNUPGHOME/gpg-agent.conf: > > pinentry-program /usr/bin/pinentry-tty > > (Adjust for the location of the pinentry-tty binary if needed.) > From peter at digitalbrains.com Thu Mar 24 12:38:40 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Mar 2016 12:38:40 +0100 Subject: Force textual pinpad In-Reply-To: References: <56F3C79C.70007@riseup.net> <56F3CF02.6000005@incenp.org> Message-ID: <56F3D1C0.4080202@digitalbrains.com> (Note I also answered your post and suggested pinentry-curses rather than pinentry-tty :) On 24/03/16 12:28, Paolo Bolzoni wrote: > I don't have a $GNUPGHOME/gpg-agent.conf file, I can simply create it > or I have to assume something is terribly wrong in my system? There isn't one by default ($GNUPGHOME defaults to ~/.gnupg and is also unset by default). You can simply create one. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From paolo.bolzoni.brown at gmail.com Thu Mar 24 12:50:42 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Thu, 24 Mar 2016 12:50:42 +0100 Subject: Force textual pinpad In-Reply-To: <56F3D1C0.4080202@digitalbrains.com> References: <56F3C79C.70007@riseup.net> <56F3CF02.6000005@incenp.org> <56F3D1C0.4080202@digitalbrains.com> Message-ID: I works fine, thanks everyone. I wrote down the whole procedure for the men of the future with the same problem: 1- Ensure that pinentry is installed in your system, 2- See what options you have writing pinentry- in your shell and pressing tab, (The textual choices are pinentry-curses and pinentry-tty) 3- Edit $GNUPGHOME/gpg-agent.conf, if $GNUPGHOME is unset it means ~/.gnupg, and if the gpg-agent.conf file does not exist you can create it. 4- Add the following configuration line (here for example is curses) pinentry-program /usr/bin/pinentry-curses double check the file path. 5- Restart the agent: $ ps aux | grep gpg-agent # to get the pid $ kill -2 $ gpg-connect-agent /bye 6- Test if you like it $ gpg --symmetric On Thu, Mar 24, 2016 at 12:38 PM, Peter Lebbing wrote: > (Note I also answered your post and suggested pinentry-curses rather > than pinentry-tty :) > > On 24/03/16 12:28, Paolo Bolzoni wrote: >> I don't have a $GNUPGHOME/gpg-agent.conf file, I can simply create it >> or I have to assume something is terribly wrong in my system? > > There isn't one by default ($GNUPGHOME defaults to ~/.gnupg and is also > unset by default). You can simply create one. > > HTH, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at From peter at digitalbrains.com Thu Mar 24 12:56:23 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 24 Mar 2016 12:56:23 +0100 Subject: Force textual pinpad In-Reply-To: References: <56F3C79C.70007@riseup.net> <56F3CF02.6000005@incenp.org> <56F3D1C0.4080202@digitalbrains.com> Message-ID: <56F3D5E7.4040706@digitalbrains.com> Oh, BTW, could you please not top-post? It messes with the mind ;). On 24/03/16 12:50, Paolo Bolzoni wrote: > 5- Restart the agent: > $ ps aux | grep gpg-agent # to get the pid > $ kill -2 > $ gpg-connect-agent /bye On reflection, you just need: $ gpg-connect-agent reloadagent /bye And if that weren't enough, this would be prettier: $ gpg-connect-agent killagent /bye $ gpg-connect-agent /bye The latter is only needed if the first thing you do is SSH; it is automatically started for GnuPG. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From paolo.bolzoni.brown at gmail.com Thu Mar 24 16:56:46 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Thu, 24 Mar 2016 16:56:46 +0100 Subject: Force textual pinpad In-Reply-To: <56F3D5E7.4040706@digitalbrains.com> References: <56F3C79C.70007@riseup.net> <56F3CF02.6000005@incenp.org> <56F3D1C0.4080202@digitalbrains.com> <56F3D5E7.4040706@digitalbrains.com> Message-ID: Yes, the pair $ gpg-connect-agent killagent /bye $ gpg-connect-agent /bye works fine too and it is probably prettier than CTRL-C the agent. However, I think restarting the agent manually is very useful even without SSH. The reason is possible errors in the configuration, if the command fail you immediately know something is wrong and you can fix. I learnt from experience as I forgot the hyphen in ``no-grab'' and seeing the agent not working I double checked outright. From wk at gnupg.org Thu Mar 24 20:20:57 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Mar 2016 20:20:57 +0100 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: (Tankred Hase's message of "Thu, 24 Mar 2016 18:41:14 +0800") References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> <8737rgurub.fsf@wheatstone.g10code.de> Message-ID: <87fuvfsmw6.fsf@wheatstone.g10code.de> On Thu, 24 Mar 2016 11:41, mail at tankredhase.de said: > Crypto primitives written in JS are widely considered to be insecure > due to timing attack vectors. This is why the WebCrypto api was and due to lot of other reasons. But this is not a JavaScript specific thing but matter of fact for all software implementations. > NSS and OpenSSL/BoringSSL that already include primitives like > AES-GCM. These are well tested and subject to release process with You may want to read From: Peter Gutmann On the Impending Crypto Monoculture =================================== A number of IETF standards groups are currently in the process of applying the second-system effect to redesigning their crypto protocols. A major feature of these changes includes the dropping of traditional encryption algorithms and mechanisms like RSA, DH, ECDH/ECDSA, SHA-2, and AES, for a completely different set of mechanisms, including Curve25519 (designed by Dan Bernstein et al), EdDSA (Bernstein and colleagues), Poly1305 (Bernstein again) and ChaCha20 (by, you guessed it, Bernstein). What's more, the reference implementations of these algorithms also come from Dan Bernstein (again with help from others), leading to a never-before-seen crypto monoculture in which it's possible that the entire algorithm suite used by a security protocol, and the entire implementation of that suite, all originate from one person. How on earth did it come to this? [...] and watch out for his remarks on GCM. Let me comment on Peter's statement that OCB won't be used out legal fears. That might indeed be the case for License 2 (proprietary but non-military use) [1]. But both, License 1 (Free Software) and License 3 (OpenSSL), grant all rights to such software implementations of OCB without any restrictions. Now, given that Free Software is one of the imperative features of trustworthy security software, a License 2 based implementation won't be trustworthy anyway. Well, for non-software implementations one-time fees are still demanded. I do not consider this a major problem because by selling hardware you have to pay a lot of other fees as well. Using free software on FPGAs would be a bit tricky but there are ways to work around with just some performance degradation. This the reason why I hope for wider adaption of OCB mode. I do not want to see RC4 in new clothes in OpenPGP. Shalom-Salam, Werner [1] http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.email Thu Mar 24 20:40:23 2016 From: dougb at dougbarton.email (Doug Barton) Date: Thu, 24 Mar 2016 12:40:23 -0700 Subject: Verification via the web of trust In-Reply-To: <56F3B918.4070002@digitalbrains.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> <56F3B918.4070002@digitalbrains.com> Message-ID: <56F442A7.1030003@dougbarton.email> On 03/24/2016 02:53 AM, Peter Lebbing wrote: > On 23/03/16 22:07, Doug Barton wrote: >> 1. You don't know if the key was in full control of the >> person/organization it purports to represent before, during, or after >> the signatures you are trusting were applied. >> >> 2. You don't know if the person in control of the key at the time the >> thing you care about was signed was being coerced, or not. > > These situations are rather more extreme than "is somebody MITM'ing my > connection to the apache.org webserver". If you can decide that somebody > authorized by the Apache Foundation to sign off on releases actually did > sign the code you got, that's actually of value. But that's precisely my point. You have no idea what individual was actually responsible for signing the package you're downloading. It *could* be the same trusted package uploader that has signed the last few packages you grabbed, or it could be a nefarious individual who managed to get hold of Apache's secret key. My point is that there is no volume of signatures on or leading up to that key which will answer this question for you. > The trust starts somewhere, there is always some base step where you say > "I can't verify further, this will do". There are no absolutes in this > game. In fact, the two points you give are /always/ valid. They do not > make signatures useless. I didn't say that they are useless. I said that we have to be realistic about what their value is (and isn't). Doug From andrewg at andrewg.com Thu Mar 24 21:46:54 2016 From: andrewg at andrewg.com (Andrew Gallagher) Date: Thu, 24 Mar 2016 20:46:54 +0000 Subject: Verification via the web of trust In-Reply-To: <56F442A7.1030003@dougbarton.email> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F3059A.2070406@dougbarton.email> <56F3B918.4070002@digitalbrains.com> <56F442A7.1030003@dougbarton.email> Message-ID: > On 24 Mar 2016, at 19:40, Doug Barton wrote: > > But that's precisely my point. You have no idea what individual was actually responsible for signing the package you're downloading. It *could* be the same trusted package uploader that has signed the last few packages you grabbed, or it could be a nefarious individual who managed to get hold of Apache's secret key. My point is that there is no volume of signatures on or leading up to that key which will answer this question for you. I don't see anyone on this thread arguing otherwise. All that I've claimed is that *some* trust path is better than none, as it provides a speed bump against *some* attacks. All security is just speed bumps in the end - if the NSA really wants to get you, they probably will. Listing the attacks a particular measure *doesn't* cover (developer coercion!) doesn't tell us anything, particularly when a) nobody claimed that it did and b) no other practical measure covers them either. > I didn't say that they are useless. I said that we have to be realistic about what their value is (and isn't). Value is in the eye of the beholder. I did say that my effort was not worth the result. You said it was a fool's errand. I don't see how we are disagreeing on anything of substance. A From mail at tankredhase.de Fri Mar 25 02:08:44 2016 From: mail at tankredhase.de (Tankred Hase) Date: Fri, 25 Mar 2016 09:08:44 +0800 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: <87fuvfsmw6.fsf@wheatstone.g10code.de> References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> <8737rgurub.fsf@wheatstone.g10code.de> <87fuvfsmw6.fsf@wheatstone.g10code.de> Message-ID: <6A592D82-D8B4-4253-B0AE-C29EEA0CECA4@tankredhase.de> > Am 25.03.2016 um 03:20 schrieb Werner Koch : > > On Thu, 24 Mar 2016 11:41, mail at tankredhase.de said: > >> Crypto primitives written in JS are widely considered to be insecure >> due to timing attack vectors. This is why the WebCrypto api was > > and due to lot of other reasons. But this is not a JavaScript specific > thing but matter of fact for all software implementations. I'm aware with all the other arguments. Most are not problems of JavaScript. Together with constant time implementations of crypto primitives provided by native apis, programming the rest of the OpenPGP code in a memory safe language has many advantages. The problems are the way some applications choose to package their crypto. Using signed/installed applications and runtimes that enforce a strict Content Security Policy like browser extensions, Chrome Apps (see WhisperSystem's Signal-Desktop app) or Electron, developers can mitigate the web's attack vectors. Whether we like it or not the fact remains that most users today use webmail. Browser extensions like Mailvelope allow us to go to where the user is. But you're right this is not a JavaScript only discussion and I don't want to start a JS vs. native discussion. >> NSS and OpenSSL/BoringSSL that already include primitives like >> AES-GCM. These are well tested and subject to release process with > > You may want to read > > > From: Peter Gutmann > > On the Impending Crypto Monoculture > =================================== > > A number of IETF standards groups are currently in the process of > applying the second-system effect to redesigning their crypto > protocols. A major feature of these changes includes the dropping of > traditional encryption algorithms and mechanisms like RSA, DH, > ECDH/ECDSA, SHA-2, and AES, for a completely different set of > mechanisms, including Curve25519 (designed by Dan Bernstein et al), > EdDSA (Bernstein and colleagues), Poly1305 (Bernstein again) and > ChaCha20 (by, you guessed it, Bernstein). > > What's more, the reference implementations of these algorithms also > come from Dan Bernstein (again with help from others), leading to a > never-before-seen crypto monoculture in which it's possible that the > entire algorithm suite used by a security protocol, and the entire > implementation of that suite, all originate from one person. > > How on earth did it come to this? > [...] Thanks. That was a good read indeed. Just out of interest... Given that you're advocating Curve25519 for OpenPGP in your IETF draft. What do you think about ChaCha20-Poly1305 in regards as an alternative to AES-OCB? > and watch out for his remarks on GCM. > > Let me comment on Peter's statement that OCB won't be used out legal > fears. That might indeed be the case for License 2 (proprietary but > non-military use) [1]. But both, License 1 (Free Software) and License > 3 (OpenSSL), grant all rights to such software implementations of OCB > without any restrictions. Now, given that Free Software is one of the > imperative features of trustworthy security software, a License 2 based > implementation won't be trustworthy anyway. > > Well, for non-software implementations one-time fees are still demanded. > I do not consider this a major problem because by selling hardware you > have to pay a lot of other fees as well. Using free software on FPGAs > would be a bit tricky but there are ways to work around with just some > performance degradation. But it is a problem. I love the fact that GnuPG and OpenPGP.js are free software and they can still be used in proprietary software (at least OpenPGP.js' LGPL allows this). By adopting OCB we would be ignoring this fact and telling other software vendors to "build free software or get out". It's not our place to make that decision for them, nor will it work. It will simply prevent then from using OCB and build forks of OpenPGP implementations without OFB. Or worse adopt a competing authenticated ciphermode that is incompatible. For the sake of experimenting and to gain insight on the IETF draft, OpenPGP.js will go ahead and merge the AEAD pull request based on the current AES-GCM proposal. The feature will hidden behind a flag and disabled by default. But it will allow applications that do not require interoperability to opt-in and experiment with the security/performance benefits. Once there is agreement and a finalized RFC, we will update our implementation accordingly. > This the reason why I hope for wider adaption of OCB mode. I do not > want to see RC4 in new clothes in OpenPGP. I don't buy IV reuse argument to be honest. Users of OpenPGP libraries are shielded from that potential mistake, since a new random IV is generated for them in the AEAD package before package encryption. See the following code: https://github.com/openpgpjs/openpgpjs/blob/c8569e0cd5d6d96dab8b59faf972d144c57c8e03/src/packet/sym_encrypted_aead_protected.js#L84 Is there potential to do this wrong? Of course, but that's exactly why you use engineering best practices like code reviews and security audits for crypto libraries. Without those, there are a million other way to screw up. Despite our disagreement on the topic, I'm enjoying the exchange and learning a lot. Looking forward to the IETF WG session :) Tankred From marcio.barbado at gmail.com Fri Mar 25 04:17:58 2016 From: marcio.barbado at gmail.com (Marcio Barbado, Jr.) Date: Fri, 25 Mar 2016 00:17:58 -0300 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <56EBF21C.1050908@digitalbrains.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> Message-ID: Not sure if it's counterintuitive once tossing can be seen as abandoning inertia. Marcio Barbado, Jr. On Fri, Mar 18, 2016 at 9:18 AM, Peter Lebbing wrote: > On 14/03/16 10:37, Fulano Diego Perez wrote: >> https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ > > So forgive me for the off-topicness, but something in the text caught my > attention: > >> Soundararajan was drawn to study consecutive primes after hearing a >> lecture at Stanford by the mathematician Tadashi Tokieda, of the >> University of Cambridge, in which he mentioned a counterintuitive >> property of coin-tossing: If Alice tosses a coin until she sees a >> head followed by a tail, and Bob tosses a coin until he sees two >> heads in a row, then on average, Alice will require four tosses while >> Bob will require six tosses (try this at home!), even though >> head-tail and head-head have an equal chance of appearing after two >> coin tosses. > > I did try this at home; only I wrote a Python script to do all the > tedious tossing and accounting. This is its output: > >> $ ./cointoss HH HT >> >> H T HH HT >> ---------- ---------- ---------- ---------- >> 59821 (49.9%) 60079 (50.1%) 6.044 3.990 > > > After over a million coin tosses, it takes 6 tosses on average until you > see two heads in a row, but only 4 to see head-tail. Obviously, the > script is attached. Supply the patterns on invocation, as shown above. > Any number of patterns of any length are supported (I think). Well, > strictly positive numbers and lengths :). > > Can someone point me in the direction of the solution to this > counterintuitive probability theory result? Any of a common name for the > property, a mathematical explanation or an intuitive explanation are > much appreciated! > > Anyway, to make up for the off-topicness, let's get slightly on-topic... > > To the OP: Please provide at least a short abstract of the text when you > post a link. That way people can tell from your mail what the text will > be about. > > With regards to the article, I'm surprised by the choice of words in its > title. Other than to draw in more readers, I don't see what place the > word "conspiracy" has in it. That's like saying 0 and 1 are conspiring > to be consecutive on the integral number line. Oh no, pretty much all > are computers are based on 0's and 1's and now they are conspiring! > Probably against us! Quick, we need neutral numbers without an agenda... > In my opinion, this title really devalues the article. "Three secret > ways to cope with prime conspiracy mathematicians don't want you to know > about" isn't that much further out. Oh, I hope that phrasing doesn't > tickle any spam filters... Ah well. > > Cheers, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From antony at blazrsoft.com Fri Mar 25 05:34:51 2016 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 25 Mar 2016 00:34:51 -0400 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> Message-ID: <18116897-C3C2-4433-AFA1-9CC8A1CE3E82@blazrsoft.com> On March 24, 2016 11:17:58 PM EDT, "Marcio Barbado, Jr." wrote: >Not sure if it's counterintuitive once tossing can be seen as >abandoning inertia. > > >Marcio Barbado, Jr. > > > >On Fri, Mar 18, 2016 at 9:18 AM, Peter Lebbing > wrote: >> On 14/03/16 10:37, Fulano Diego Perez wrote: >>> >https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ >> >> So forgive me for the off-topicness, but something in the text caught >my >> attention: >> >>> Soundararajan was drawn to study consecutive primes after hearing a >>> lecture at Stanford by the mathematician Tadashi Tokieda, of the >>> University of Cambridge, in which he mentioned a counterintuitive >>> property of coin-tossing: If Alice tosses a coin until she sees a >>> head followed by a tail, and Bob tosses a coin until he sees two >>> heads in a row, then on average, Alice will require four tosses >while >>> Bob will require six tosses (try this at home!), even though >>> head-tail and head-head have an equal chance of appearing after two >>> coin tosses. >> >> I did try this at home; only I wrote a Python script to do all the >> tedious tossing and accounting. This is its output: >> >>> $ ./cointoss HH HT >>> >>> H T HH HT >>> ---------- ---------- ---------- >---------- >>> 59821 (49.9%) 60079 (50.1%) 6.044 3.990 >> >> >> After over a million coin tosses, it takes 6 tosses on average until >you >> see two heads in a row, but only 4 to see head-tail. Obviously, the >> script is attached. Supply the patterns on invocation, as shown >above. >> Any number of patterns of any length are supported (I think). Well, >> strictly positive numbers and lengths :). >> >> Can someone point me in the direction of the solution to this >> counterintuitive probability theory result? Any of a common name for >the >> property, a mathematical explanation or an intuitive explanation are >> much appreciated! >> >> Anyway, to make up for the off-topicness, let's get slightly >on-topic... >> >> To the OP: Please provide at least a short abstract of the text when >you >> post a link. That way people can tell from your mail what the text >will >> be about. >> >> With regards to the article, I'm surprised by the choice of words in >its >> title. Other than to draw in more readers, I don't see what place the >> word "conspiracy" has in it. That's like saying 0 and 1 are >conspiring >> to be consecutive on the integral number line. Oh no, pretty much all >> are computers are based on 0's and 1's and now they are conspiring! >> Probably against us! Quick, we need neutral numbers without an >agenda... >> In my opinion, this title really devalues the article. "Three secret >> ways to cope with prime conspiracy mathematicians don't want you to >know >> about" isn't that much further out. Oh, I hope that phrasing doesn't >> tickle any spam filters... Ah well. >> >> Cheers, >> >> Peter. >> >> -- >> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. >> You can send me encrypted mail if you want some privacy. >> My key is available at > >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users I've followed the thread for a bit now, but the concept definitely brings some things to light, especially for those less cryptographically or mathematically inclined. By the basics that I know, a 50-50 chance is a 50-50 chance. But as has been pointed out, the chance of getting a specific set of results consecutively is obviously (according to the data), not 50/50 even though the initial probability would imply that. I don't really have much more to add to the discussion other than it made me think a bit more about how probability and the effect that measuring the probability of predetermined sequences within that same set might produce results that are contradictory to the initial expectations. Such is the nature of these things and I merely found it interesting that the results defied the expectation. Which is the essence of discovery and progress. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From antony at blazrsoft.com Fri Mar 25 05:45:06 2016 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 25 Mar 2016 00:45:06 -0400 Subject: (OT) mathematicians-discover-prime-conspiracy In-Reply-To: <18116897-C3C2-4433-AFA1-9CC8A1CE3E82@blazrsoft.com> References: <56E68677.9030600@cryptolab.net> <56EBF21C.1050908@digitalbrains.com> <18116897-C3C2-4433-AFA1-9CC8A1CE3E82@blazrsoft.com> Message-ID: <789D66A9-233E-4F26-ACDD-04425AE0CEC1@blazrsoft.com> On March 25, 2016 12:34:51 AM EDT, Antony Prince wrote: >On March 24, 2016 11:17:58 PM EDT, "Marcio Barbado, Jr." > wrote: >>Not sure if it's counterintuitive once tossing can be seen as >>abandoning inertia. >> >> >>Marcio Barbado, Jr. >> >> >> >>On Fri, Mar 18, 2016 at 9:18 AM, Peter Lebbing >> wrote: >>> On 14/03/16 10:37, Fulano Diego Perez wrote: >>>> >>https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ >>> >>> So forgive me for the off-topicness, but something in the text >caught >>my >>> attention: >>> >>>> Soundararajan was drawn to study consecutive primes after hearing a >>>> lecture at Stanford by the mathematician Tadashi Tokieda, of the >>>> University of Cambridge, in which he mentioned a counterintuitive >>>> property of coin-tossing: If Alice tosses a coin until she sees a >>>> head followed by a tail, and Bob tosses a coin until he sees two >>>> heads in a row, then on average, Alice will require four tosses >>while >>>> Bob will require six tosses (try this at home!), even though >>>> head-tail and head-head have an equal chance of appearing after two >>>> coin tosses. >>> >>> I did try this at home; only I wrote a Python script to do all the >>> tedious tossing and accounting. This is its output: >>> >>>> $ ./cointoss HH HT >>>> >>>> H T HH HT >>>> ---------- ---------- ---------- >>---------- >>>> 59821 (49.9%) 60079 (50.1%) 6.044 3.990 >>> >>> >>> After over a million coin tosses, it takes 6 tosses on average until >>you >>> see two heads in a row, but only 4 to see head-tail. Obviously, the >>> script is attached. Supply the patterns on invocation, as shown >>above. >>> Any number of patterns of any length are supported (I think). Well, >>> strictly positive numbers and lengths :). >>> >>> Can someone point me in the direction of the solution to this >>> counterintuitive probability theory result? Any of a common name for >>the >>> property, a mathematical explanation or an intuitive explanation are >>> much appreciated! >>> >>> Anyway, to make up for the off-topicness, let's get slightly >>on-topic... >>> >>> To the OP: Please provide at least a short abstract of the text when >>you >>> post a link. That way people can tell from your mail what the text >>will >>> be about. >>> >>> With regards to the article, I'm surprised by the choice of words in >>its >>> title. Other than to draw in more readers, I don't see what place >the >>> word "conspiracy" has in it. That's like saying 0 and 1 are >>conspiring >>> to be consecutive on the integral number line. Oh no, pretty much >all >>> are computers are based on 0's and 1's and now they are conspiring! >>> Probably against us! Quick, we need neutral numbers without an >>agenda... >>> In my opinion, this title really devalues the article. "Three secret >>> ways to cope with prime conspiracy mathematicians don't want you to >>know >>> about" isn't that much further out. Oh, I hope that phrasing doesn't >>> tickle any spam filters... Ah well. >>> >>> Cheers, >>> >>> Peter. >>> >>> -- >>> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. >>> You can send me encrypted mail if you want some privacy. >>> My key is available at >> >>> >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> >> >>_______________________________________________ >>Gnupg-users mailing list >>Gnupg-users at gnupg.org >>http://lists.gnupg.org/mailman/listinfo/gnupg-users > >I've followed the thread for a bit now, but the concept definitely >brings some things to light, especially for those less >cryptographically or mathematically inclined. By the basics that I >know, a 50-50 chance is a 50-50 chance. But as has been pointed out, >the chance of getting a specific set of results consecutively is >obviously (according to the data), not 50/50 even though the initial >probability would imply that. I don't really have much more to add to >the discussion other than it made me think a bit more about how >probability and the effect that measuring the probability of >predetermined sequences within that same set might produce results that >are contradictory to the initial expectations. Such is the nature of >these things and I merely found it interesting that the results defied >the expectation. Which is the essence of discovery and progress. But to reply directly to the post at hand, inertia would definitely be a factor in a physical coin tossing. Even though the coin only has 2 sides, the amount of initial force used to flip it and all the other external factors affecting it before it landed would play a part, so though the beginning ratio might be 50/50, there are external factors that skew the ratio one way or the other in a true physical coin toss, so on that point, I applaud you for that observation. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From ben at adversary.org Fri Mar 25 09:12:41 2016 From: ben at adversary.org (Ben McGinnes) Date: Fri, 25 Mar 2016 19:12:41 +1100 Subject: EasyGnuPG In-Reply-To: <56F1B75B.1000805@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <20160325081241.GC2963@adversary.org> On Tue, Mar 22, 2016 at 10:21:31PM +0100, Peter Lebbing wrote: > On 22/03/16 20:53, Dashamir Hoxha wrote: > > > the docs are like a maze and not clearly structured > > A reasonably fair criticism... writing good documentation is hard, > very hard. In fact, it turned out to be easier to write academical > papers on why it is so difficult to make crypto easy to use than to > write documentation that makes crypto easy to use. Which is something I want to get right from the outset with GPyGME, even knowing that it's going to make the job much bigger in the process. With the PyME bindings, for instance, the documentation consists of "read the GPGME documentation" and that documentation basically consists of "this documentation is generated at compile time from in-line code snippet comments." Then people wonder why GPGME isn't used more often ... that right there is precisely why it isn't used more often. And that doesn't even get into the issues involved with selecting a format for producing the documentation in. Consider the following: 1. As a Python 3 project there is an expectation that source documentation SHOULD be in reStructuredText, as with all other Python documentation (including python.org docs). This facilitates generating end user documentation in [X]HTML 4 at build/install time with Sphinx. 2. As a GNU Project official project there is an expectation that source documentation SHOULD be in Org-Mode text, as with all other core GNU Project projects. This facilitates generating end user documentation in texi (for man and info pages) and (optionally) [X]HTML 4 at build/install time. 3. Most contributors not familiar with either standard Python practice or stnadard GNU Project practice will prefer to fallback to Markdown, particularly the GitHub variant. 4. Pandoc based conversions between reStructuredText, Org-Mode and Markdown are not always entirely consistent. This is because all Pandoc conversions convert to the Pandoc specialisation of Markdown first and then convert to other formats. 5. Best practices for technical documentation, especially with multiple contributors favours mark *up*, such as an XML dialect as it is easier to guarantee consistent source and to produce consistent output. Whereas managing multiple text-based source documents becomes more and more unwieldy with each additional contributor's chosen/preferred format and implementation. 6. Current best choice for technical documentation of anything with many components and/or subcomponents (which both GPGME and GPyGME definitely qualify as) is to use a topic based XML format. The lead candidate for this being the DITA implementation of XML, particularly since it allows for project specific specialisation *without* breaking the DITA standard (unlike DocBook). See also: http://dita.xml.org/ Obviously there's a few contradictions there ... ain't it fun! ;) I favour DITA (usually with the DITA for Publishers specialisation), but I also realise that most contributors will be coders first and not writers first, so I may just have to accept that XML can't be used at all. In which case chances are I'll need to send everything through Pandoc to produce both .rst and .org output and call both of them the source files. On the other hand, there's still time to try a few things and make a final decision, though it will probably require both .rst and .org files existing prior to build time just to conform with existing systems like the GNU build toolset and the Python setuptools and docutils libraries. As for my preference for DITA and what it can do, I have been experimenting with Don Day's rest2dita XSLT with good results on basic transformations, which means it *might* (and that's a fairly big might) be possible to produce fully searchable webhelp versions of documentation with a reStructuredText source. This is because docutils has its own XML format which is able to be generated from reST and perform the reverse to generate reST. I have yet to see if Don's project will go the other way and produce docutils XML from DITA. Fortunately for me, no decision even needs to be made until the GPGME overhaul is complete and GPyGME final design decisions can be set in stone. Until then I get to keep trying things, listening to different suggestions and trying to chart the most effective and uncluttered course. > When I refer to the man page, which is just one bloody long list > without structure (and hence not a maze either), I use search terms > to find what I look for. If specific ones will not do, a generic > one, repeating the search until I find the option I want. Then > again, by now I've referred to it reasonably often when trying to > help people on this list or playing around. Sounds familiar, when checking or double-checking anything I usually check that the command I'm thinking of exists with "--dump-options" piped into a grep and then check the resulting command or commands in the man (or info) page(s) to confirm the right syntax or instructions. Still, I only reached this point following years of practice with PGP 2.x, PGP 5.x, PGP 6.x, GPG 1.2.x, GPG 1.4.x and now GPG 2.1.x (I did play with both GPG 1.0.x and 2.0.x, but kinda leap-frogged both of them for general use). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From rjh at sixdemonbag.org Fri Mar 25 09:37:59 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Mar 2016 04:37:59 -0400 Subject: EasyGnuPG In-Reply-To: <20160325081241.GC2963@adversary.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <20160325081241.GC2963@adversary.org> Message-ID: <56F4F8E7.7060906@sixdemonbag.org> > And that doesn't even get into the issues involved with selecting a > format for producing the documentation in. Consider the following: Preach it, Brother Ben. And it's not just about formats, it's also about targets, because each of these formats works best with different targets. Do we want to optimize for reading in a browser on a desktop? Read in a mobile browser on a smartphone? What about reading on a tablet or e-reader? What about dead-tree editions? How will we make it accessible to the blind? How... And no matter which you choose there's always a sea of people eager to tell you that you're doing it wrong. It's very frustrating. From ben at adversary.org Fri Mar 25 10:21:34 2016 From: ben at adversary.org (Ben McGinnes) Date: Fri, 25 Mar 2016 20:21:34 +1100 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <20160325092134.GD2963@adversary.org> On Tue, Mar 22, 2016 at 10:56:27PM +0000, Andrew Gallagher wrote: > > IMHO the only thing to do with E-usage primary keys is revoke them > and start again from scratch. The only reason they are even still > allowed in GPG is for backwards compatibility, right...? Right. Primary keys MUST be C-usage and MAY be SCA usage, by default they're SC, but simply creating an S-usage subkey moves the S function to the subkey (by default GPG will select the newest subkey with a given capability to perform that function). Since default key generation does not include authentication (A) keys for SSH, the result is usually an SC master with an E subkey of matching bit sizes. Some people like to fiddle (i.e. use expert mode), so you may see keys with only C set for the primary key and subkeys for everything else. I like to fiddle too, but selected a middle of the road option (SC for primary, but an additional S subkey and an E subkey). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From dashohoxha at gmail.com Fri Mar 25 11:02:25 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Fri, 25 Mar 2016 11:02:25 +0100 Subject: EasyGnuPG In-Reply-To: <20160325092134.GD2963@adversary.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <20160325092134.GD2963@adversary.org> Message-ID: On Fri, Mar 25, 2016 at 10:21 AM, Ben McGinnes wrote: > > Primary keys MUST be C-usage and MAY be SCA usage, by default they're > SC, but simply creating an S-usage subkey moves the S function to the > subkey (by default GPG will select the newest subkey with a given > capability to perform that function). Since default key generation > does not include authentication (A) keys for SSH, the result is > usually an SC master with an E subkey of matching bit sizes. > Thanks for this explanation. I beleive that an A key (or subkey) that is never used, does not hurt. So, my default is to create one. On the other hand, if an A key is created, I beleive that it is better for it to be a subkey, rather than a primary key. The reason is that an A key most probably needs to be used frequently (for example daily), but you may wish to keep a primary key offline, and these two requirements conflict with each-other. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Mar 24 20:20:57 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Mar 2016 20:20:57 +0100 Subject: AES-GCM and AEAD Protected Data Packet (IETF draft) In-Reply-To: (Tankred Hase's message of "Thu, 24 Mar 2016 18:41:14 +0800") References: <8B2DF12F-7F64-421A-92C9-036AEBAD1827@tankredhase.de> <877fgtxmxa.fsf@wheatstone.g10code.de> <8737rgurub.fsf@wheatstone.g10code.de> Message-ID: <87r3eyreu5.fsf@wheatstone.g10code.de> On Thu, 24 Mar 2016 11:41, mail at tankredhase.de said: > Crypto primitives written in JS are widely considered to be insecure > due to timing attack vectors. This is why the WebCrypto api was and due to lot of other reasons. But this is not a JavaScript specific thing but matter of fact for all software implementations. > NSS and OpenSSL/BoringSSL that already include primitives like > AES-GCM. These are well tested and subject to release process with You may want to read From: Peter Gutmann On the Impending Crypto Monoculture =================================== A number of IETF standards groups are currently in the process of applying the second-system effect to redesigning their crypto protocols. A major feature of these changes includes the dropping of traditional encryption algorithms and mechanisms like RSA, DH, ECDH/ECDSA, SHA-2, and AES, for a completely different set of mechanisms, including Curve25519 (designed by Dan Bernstein et al), EdDSA (Bernstein and colleagues), Poly1305 (Bernstein again) and ChaCha20 (by, you guessed it, Bernstein). What's more, the reference implementations of these algorithms also come from Dan Bernstein (again with help from others), leading to a never-before-seen crypto monoculture in which it's possible that the entire algorithm suite used by a security protocol, and the entire implementation of that suite, all originate from one person. How on earth did it come to this? [...] and watch out for his remarks on GCM. Let me comment on Peter's statement that OCB won't be used out legal fears. That might indeed be the case for License 2 (proprietary but non-military use) [1]. But both, License 1 (Free Software) and License 3 (OpenSSL), grant all rights to such software implementations of OCB without any restrictions. Now, given that Free Software is one of the imperative features of trustworthy security software, a License 2 based implementation won't be trustworthy anyway. Well, for non-software implementations one-time fees are still demanded. I do not consider this a major problem because by selling hardware you have to pay a lot of other fees as well. Using free software on FPGAs would be a bit tricky but there are ways to work around with just some performance degradation. This the reason why I hope for wider adaption of OCB mode. I do not want to see RC4 in new clothes in OpenPGP. Shalom-Salam, Werner [1] http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From guanx.bac at gmail.com Fri Mar 25 11:11:28 2016 From: guanx.bac at gmail.com (Guan Xin) Date: Fri, 25 Mar 2016 11:11:28 +0100 Subject: All mails identified as spams by Google Message-ID: Hi All, All mails from gnupg-users are identified as spams by gmail since yesterday. Google says that the mailing list "is in violation of Google's recommended email sender guidelines". Why does it happen? This is the first time that I see 100% false positive of the gmail spam filter. Guan -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Mar 25 12:24:48 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Mar 2016 12:24:48 +0100 Subject: [admin] Mail problems yesterday Message-ID: <87mvpmre9r.fsf@wheatstone.g10code.de> Hi! There was a small problem with the mailing list server yesterday [1]. In case your MTA is sending or receiving via an IPv6 address you may have missed some mails or posted mails may have get lost. If they don't show up today, please resent your mail or check the mail archives. Sorry for that. Salam-Shalom, Werner [1] I added a v6 address for gnutls.org to the server but forgot to explicitly set the v6 address to be used by Exim. Thus mails were wrongly sent from the gnutls.org v6 address which does not match lists.gnupg.org. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 180 bytes Desc: not available URL: From jerry at seibercom.net Fri Mar 25 12:40:36 2016 From: jerry at seibercom.net (Jerry) Date: Fri, 25 Mar 2016 07:40:36 -0400 Subject: All mails identified as spams by Google In-Reply-To: References: Message-ID: <20160325074036.00007cba@seibercom.net> On Fri, 25 Mar 2016 11:11:28 +0100, Guan Xin stated: >All mails from gnupg-users are identified as spams by gmail since >yesterday. Google says that the mailing list "is in violation of >Google's recommended email sender guidelines". > >Why does it happen? This is the first time that I see 100% false >positive of the gmail spam filter. 1) I personally "HATE" Gmail and stay as far away from it as possible whenever able. 2) I am not seeing that problem here. -- Jerry "You see, in this world, there's two kinds of people, my friend ? those with loaded guns, and those who dig. You dig." ? Clint Eastwood, The Good, the Bad, and the Ugly (1966) From brad at fineby.me.uk Fri Mar 25 14:24:00 2016 From: brad at fineby.me.uk (Brad Rogers) Date: Fri, 25 Mar 2016 13:24:00 +0000 Subject: All mails identified as spams by Google In-Reply-To: References: Message-ID: <20160325132400.061af53a@abydos.stargate.org.uk> On Fri, 25 Mar 2016 11:11:28 +0100 Guan Xin wrote: Hello Guan, >Why does it happen? Google are a law unto themselves. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" Looking for something I can call my own Chairman Of The Bored - Crass -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From pete at heypete.com Fri Mar 25 13:47:06 2016 From: pete at heypete.com (Pete Stephenson) Date: Fri, 25 Mar 2016 13:47:06 +0100 Subject: All mails identified as spams by Google In-Reply-To: References: Message-ID: On Mar 25, 2016 12:21 PM, "Guan Xin" wrote: > > Hi All, > > All mails from gnupg-users are identified as spams by gmail since yesterday. Google says that the mailing list "is in violation of Google's recommended email sender guidelines". > > Why does it happen? This is the first time that I see 100% false positive of the gmail spam filter. I've observed the sane thing here on a Google Apps-hosted mail service Cheers! -Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From bre at pagekite.net Fri Mar 25 15:32:40 2016 From: bre at pagekite.net (Bjarni Runar Einarsson) Date: Fri, 25 Mar 2016 14:32:40 -0000 Subject: EasyGnuPG In-Reply-To: <877fgsusy1.fsf@wheatstone.g10code.de> References: <877fgsusy1.fsf@wheatstone.g10code.de> Message-ID: <20160325142310-22972-41746-mailpile@plonky> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! Werner Koch wrote: > On Wed, 23 Mar 2016 18:48, dkg at fifthhorseman.net said: > > > I'm entirely open to packaging gpgme-tool separately from the -dev > > package, if there is a clear and compelling argument for it. > > As of now it is not really stable and as long as there are no > well known users I do not think that a separate package makes > sense. Seo let's defer this decision. This is a chicken-and-egg problem. Until the tool is made widely available, people will not use it - most people don't even know it exists, not everyone comes to this mailing list to chat before they start developing. This is one of the complaints/wishes us Mailpile folks had, for some sort of stable socket/stdio-based programmatic API for talking to GnuPG. This sort of interface would make it much more accessible for folks developing in other programming languages to add PGP support to their apps. Requiring that a ruby, python or node.js dev know to install GnuPG from the C sources and build this tool is a non-starter, it's just not going to happen. In particular, because since the tool isn't part of any official distribution, nobody has it, so the resulting ruby/python/js code will be practically unusable. The current status quo requires that anyone who wants to use this tool become adept at building and shipping tools written in C. That's a huge barrier these days. In my opinion, until this tool is packaged, documented and shipped, it may as well not exist. So pretty please, ship it! :-) - Bjarni - -- PageKite.net lets your personal computer be part of the web. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW9UwIAAoJEI4ANxYAz5SRLkQH/1xRYS8lJXgA/2hEiiByoPrz XiozlenUknHgT8npaPC2f2/Ud65rBpCtXInLs9LhQhZMqnZcRWTfUNEl7d5NNd/c mASrTmlmqUxL6TpWECCtrakk8g/+ibUR/TkeSuUGrGIgU7akfQbNsE1eBl0dCAhZ PuHIJgc6rBW2Pe08Mu25xDu0Kx4fwgoxtjRf1YDufduvrzoV6JeAEhPG2OWUCkhA A+oam0CY0Xfxz5/YLvKpb2tRjfwERBXz9quX0jBavGnmIvpox8IX3GUppJB2w/HW 34Q0LMjMwNDYdMr87S2CAJ4au4QxryIBdhZNYmsr7WU0CT07HrfpNAt07H1soaQ= =CRu7 -----END PGP SIGNATURE----- From antony at blazrsoft.com Fri Mar 25 16:19:39 2016 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 25 Mar 2016 11:19:39 -0400 Subject: All mails identified as spams by Google In-Reply-To: <20160325132400.061af53a@abydos.stargate.org.uk> References: <20160325132400.061af53a@abydos.stargate.org.uk> Message-ID: <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> On March 25, 2016 9:24:00 AM EDT, Brad Rogers wrote: >On Fri, 25 Mar 2016 11:11:28 +0100 >Guan Xin wrote: > >Hello Guan, > >>Why does it happen? > >Google are a law unto themselves. May be a reverse lookup issue. Werner mentioned he added a V6 address to the server yesterday. Some MTA's do a reverse lookup on the inbound mail IP and if it does not match, the mail is flagged as spam. I could be wrong, but I'm guessing it is something along those lines. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From brad at fineby.me.uk Fri Mar 25 17:59:09 2016 From: brad at fineby.me.uk (Brad Rogers) Date: Fri, 25 Mar 2016 16:59:09 +0000 Subject: All mails identified as spams by Google In-Reply-To: <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> References: <20160325132400.061af53a@abydos.stargate.org.uk> <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> Message-ID: <20160325165909.33e3ce19@abydos.stargate.org.uk> On Fri, 25 Mar 2016 11:19:39 -0400 Antony Prince wrote: Hello Antony, >May be a reverse lookup issue. Werner mentioned he added a V6 address >to the server yesterday. I hope it is something as readily sorted as that (and I hope it already has been), but the point remains; google are a big enough force across the 'net to set their own protocols, irrespective of RFCs and so forth and others will cater for those protocols. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" Bet you think you're king but you're really a pawn When You're Young - The Jam -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From ben at adversary.org Fri Mar 25 18:17:37 2016 From: ben at adversary.org (Ben McGinnes) Date: Sat, 26 Mar 2016 04:17:37 +1100 Subject: EasyGnuPG In-Reply-To: <56F4F8E7.7060906@sixdemonbag.org> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <20160325081241.GC2963@adversary.org> <56F4F8E7.7060906@sixdemonbag.org> Message-ID: <20160325171737.GE2963@adversary.org> On Fri, Mar 25, 2016 at 04:37:59AM -0400, Robert J. Hansen wrote: > > And that doesn't even get into the issues involved with selecting a > > format for producing the documentation in. Consider the following: > > Preach it, Brother Ben. :-D > And it's not just about formats, it's also about targets, Right, possibly more about targets really since the purpose of documentation is to help the end users use the software, not to help developers tick a box on the feature list and say, "yeah, we've got (extensive) documentation, sure." [I do realise that saying that is sacrilege in some circles.] > because each of these formats works best with different targets. Do > we want to optimize for reading in a browser on a desktop? Read in > a mobile browser on a smartphone? What about reading on a tablet or > e-reader? What about dead-tree editions? How will we make it > accessible to the blind? How... All excellent examples, especially that last one (which is often overlooked by software projects until someone affected by it raises a bug). All of which, just in the asking, actually move things more in the pro-DITA direction since there are existing DITA transformations for XHTML 4 (strict & transitional), HTML 5, XHTML 5 (i.e. HTML 5 with XML), EPUB 2.0, EPUB 3.0 (which covers the DAISY Consortium's primary concerns with Accessibility), Docbook 4.2 & 5.0 (plus anything they can be transformed into, including a proven track record with dead tree versions), CHM output, ODF output, RTF output, Eclipse help output, PDF output (usually via a FOP or [X]HTML+CSS rendering) and with my setup there are three different types of WebHelp output (standard, mobile and one with builtin feedback/comments system, but the last needs to be built with SQL db support). For examples of dead tree versions of things made with either DITA or DocBook that actually sell, there's XML Press (not a huge surprise) and also O'Reilly Media (which uses the same editor I do, see below). For the EPUB files, results vary depending on which transformation and source is used, but all the output is better than anything produced with Pandoc, Calibre or Sphinx. Sphinx can't produce a validating EPUB 2, let alone EPUB 3; Calibre dumps everything in a single directory regardless of what it is, but still manages to produce validation errors (mainly in the XHTML) and can't produce EPUB 3; Pandoc can produce both EPUB 2 & 3, but cheats outrageously (say goodbye to all chapters, say hello to everything in a single XHTML file and hope the end user device recognises the markup defining what a chapter or section is). Whereas the D4P EPUB transformation will retain your project's directory structure inside the .epub zipfile and will produce a fully validating EPUB 3.0.1 file in almost all circumstances. The exceptions are if a smaller cover image is included to display in Apple iBooks, it will appear twice in the manifest and is easily fixed with a manual edit. The other issue is it currently uses XSLT 1.0, which can't convert the build system's time to UTC and this may cause issues depending on timezone, also easily fixed with a manual update or possibly scripted or running the build on a system set to UTC. For examples (other than me) of groups or orgs using the D4P EPUB transformation, the biggest one I can think of is HarperCollins. They did, after all, pay to have it done and didn't mind having it licensed the same way as the rest of the D4P project (Apache 2.0) and as freely available as both that project and the DITA Open Toolkit (they're both on GitHub). > And no matter which you choose there's always a sea of people eager to > tell you that you're doing it wrong. Yet ever so rarely are able to provide suggestions which meet all the requirements. No doubt there would also be objections to learning an entirely new XML syntax, but then much of the most common mark-up is very similar to HTML (e.g. b for bold, i for italics, u for underline, p for each paragraph), linking is a little different, but not hugely (i.e. GNU Privacy Guard, links within the same project don't need the scope and format bits) and images also differ slightly ( instead of ). On the other hand, once the realisation hits home about how much content re-use is supported and being able to make document-wide changes with a little careful design (including conditional output generation based on things like, say, software versions or supported feature sets), some of that grumpiness might dissipate. Maybe. Well, OK, probably not. > It's very frustrating. Yep. In some respects it becomes even harder with an official GNU Project like GPG and its sub-projects as there's that additional requirement (usually) that all components must be licensed under the GPL or LGPL (of whichever versions are relevant). DITA itself is an open enough standard to qualify, it's an OASIS standard, but the defining implementation (see dita-ot.org) and most public specialisations, like DITA for Publishers (see dita4publishers.org), are deliberately licensed more permissively (both use Apache 2.0). My setup is even "worse" since it mixes some more proprietary stuff in the implementation (but that's primarily the editor and some components which usually have Free/Libre or Open alternatives, albeit with greater potential for frustration). As the DITA-OT relies on something I loathe (Java) and I was quite prepared to shell out a modest sum to get what I wanted (generating valid EPUB 3 files and editing them without breaking them, since Sigil can't), I ended up getting oXygenXML Editor (their idea of support is in my experience unparallelled: it extended to full support to a freebie trial version and included adding a feature within 24 hours of asking about it during said trial; first as a plugin and later as a built-in). Oh, yes, I can load any file I have open in oXygenXML in Emacs from within it and doing so automatically loads nxml-mode, it's even bound to the same key sequence as It's All Text! in Firefox. Still, without a GNU implementation of DITA, it's still possible to produce everything with the DITA-OT I've mentioned so far, except the fully searchable WebHelp output (the XSLTs are part of oXygenXML Editor) and possibly not the rest2dita thing (depending on which version of Saxon is which, I keep getting them mixed up, but I've got it working with Saxon-HE 9.6.0.7). I know some people might argue against the DITA-OT itself with the Apache 2.0 license, but then turn a blind eye to Markdown (BSD license) and since both are GPL compatible I'm likely to ignore that argument. I will, however, pay more attention to arguments in favour of accessibility issues (e.g. generating screen reader friendly material) and translation of material (that's actual translations, not merely piping said material through translate.google.com). Regards, Ben P.S. The schemas I mentioned a few days ago are now in the ben/xml branch of GPGME on the git server. Licensing is the same as GPGME plus Apache 2.0 because it can't hurt. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From donach at gmail.com Fri Mar 25 17:24:04 2016 From: donach at gmail.com (Donach mc kenna) Date: Fri, 25 Mar 2016 16:24:04 +0000 Subject: All mails identified as spams by Google In-Reply-To: <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> References: <20160325132400.061af53a@abydos.stargate.org.uk> <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> Message-ID: Well, this has come thru fine to my Primary Gmail inbox, so I'm not experiencing that. *Donach McKenna DEA & GDA* *For all your energy efficiency and renewable energy needs.* On 25 March 2016 at 15:19, Antony Prince wrote: > On March 25, 2016 9:24:00 AM EDT, Brad Rogers wrote: > >On Fri, 25 Mar 2016 11:11:28 +0100 > >Guan Xin wrote: > > > >Hello Guan, > > > >>Why does it happen? > > > >Google are a law unto themselves. > > May be a reverse lookup issue. Werner mentioned he added a V6 address to > the server yesterday. Some MTA's do a reverse lookup on the inbound mail IP > and if it does not match, the mail is flagged as spam. I could be wrong, > but I'm guessing it is something along those lines. > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Mar 25 19:44:36 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Mar 2016 19:44:36 +0100 Subject: All mails identified as spams by Google In-Reply-To: <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> (Antony Prince's message of "Fri, 25 Mar 2016 11:19:39 -0400") References: <20160325132400.061af53a@abydos.stargate.org.uk> <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> Message-ID: <877fgqpfcb.fsf@wheatstone.g10code.de> On Fri, 25 Mar 2016 16:19, antony at blazrsoft.com said: > May be a reverse lookup issue. Werner mentioned he added a V6 address > to the server yesterday. Some MTA's do a reverse lookup on the inbound > mail IP and if it does not match, the mail is flagged as spam. I could Exactly. FWIW, We do the same for all incoming mail. It was my fault that I had not explicitly assigned the v6 address of lists.gnupg.org and so when I added a new v6 address that address was picked up and its reverse lookup showed gnutls.org. Sorry again. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ben at adversary.org Fri Mar 25 21:08:19 2016 From: ben at adversary.org (Ben McGinnes) Date: Sat, 26 Mar 2016 07:08:19 +1100 Subject: Verification via the web of trust In-Reply-To: <56F19248.9080307@andrewg.com> References: <56F138E5.6070403@twopif.net> <56F17CD7.9030104@digitalbrains.com> <56F18B95.90303@andrewg.com> <56F18F37.1060002@digitalbrains.com> <56F19248.9080307@andrewg.com> Message-ID: <20160325200819.GG2963@adversary.org> On Tue, Mar 22, 2016 at 06:43:20PM +0000, Andrew Gallagher wrote: > On 22/03/16 18:30, Peter Lebbing wrote: > > On 22/03/16 19:14, Andrew Gallagher wrote: > >> All this is true. But this does not help *me* one iota. > > > > It sounds to me like you're not looking for the Web of Trust, which is indeed > > very limited in its options. Instead, you are probably looking for something > > more like TOFU, in the sense that this developer whose signature you see is the > > same one whose signature you saw last time. > > Only for a project with one developer! Otherwise, the person who signs > it could legitimately change between releases. Large projects often have > a separate release signing key, but not apache it seems... A lot of larger projects leave component signing to the key of whoever manages that component rather than having one signing key which is shared amongst an ever widening group of approved managers. The Tor Project is one, Python is another. Far easier to say between version X and Y, the correct key was this one, belonging to Alice and since then it's been Bob than to have to deal with "hey, our ?ber-Auth key just got compromised, everyone needs to update and how do we contact those people who don't always refresh their keys, but do download the packages ... " Now whether those developers have a different key to sign the projects they're working on to their correspondence key(s), is another matter and presumably a decision left to each developer or build manager. > And at the risk of getting shot down (again), TOFU doesn't work. Not > because TOFU is broken (it's a perfectly valid method), but because > *people* are broken. How many times have you blithely clicked through an > ssh "WARNING: the remote host key has changed!" prompt? ;-) I just enforce strict. Normally they only change because I've wiped and reinstalled the server's OS and I know whose fault that is. ;) There's also TOFU+PGP and whichever default policy you want. I suspect most people go with either unknown or undefined. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: not available URL: From guanx.bac at gmail.com Fri Mar 25 21:11:48 2016 From: guanx.bac at gmail.com (Guan Xin) Date: Fri, 25 Mar 2016 21:11:48 +0100 Subject: All mails identified as spams by Google In-Reply-To: <877fgqpfcb.fsf@wheatstone.g10code.de> References: <20160325132400.061af53a@abydos.stargate.org.uk> <8DA489DF-3AC3-4E3A-8FC0-938352B42FC1@blazrsoft.com> <877fgqpfcb.fsf@wheatstone.g10code.de> Message-ID: On Fri, Mar 25, 2016 at 7:44 PM, Werner Koch wrote: > > Exactly. FWIW, We do the same for all incoming mail. It was my fault > that I had not explicitly assigned the v6 address of lists.gnupg.org and > so when I added a new v6 address that address was picked up and its > reverse lookup showed gnutls.org. > > Sorry again. > > > Shalom-Salam, > > Werner > > Thanks for the confirmation! Now everything works fine. Regards, Guan -------------- next part -------------- An HTML attachment was scrubbed... URL: From listofactor at mail.ru Fri Mar 25 21:50:25 2016 From: listofactor at mail.ru (listo factor) Date: Fri, 25 Mar 2016 20:50:25 +0000 Subject: EasyGnuPG In-Reply-To: <56F1B75B.1000805@digitalbrains.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> Message-ID: <56F5A491.4020107@mail.ru> On 03/22/2016 09:21 PM, Peter Lebbing wrote: > ... writing good documentation is hard, very hard. In > fact, it turned out to be easier to write academical papers on why it is so > difficult to make crypto easy to use than to write documentation that makes > crypto easy to use. It ~is~ hard, but only when the documentation is written ~after~ the software has been built, based on the functionality definitions derived from the program itself; instead of being based on a-priory functionality specifications, that both the program and the documentation must equally conform to. But even when that is the case, the documentation is hard to understand for the user if there is no separate "Concepts and Facilities" document, one that does not address or even mention any interface or procedure detail, and unless the user understands that a firm grasp of its content is an absolute requirement before he or she can get to the interface and procedures documentation (i.e., the "User Manual"). To perform tasks that GPG is designed to accomplish in a safe manner is *very, very hard*, and even the best documentation could not change that fact. The efforts which concentrate on making it easy might indeed increase the number of people that use it, but at the expense of their safety. That, to me, appears to be behind a lot of projects similar to the one discussed here. From dashohoxha at gmail.com Sat Mar 26 04:55:59 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Sat, 26 Mar 2016 04:55:59 +0100 Subject: EasyGnuPG In-Reply-To: <56F5A491.4020107@mail.ru> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> Message-ID: On Fri, Mar 25, 2016 at 9:50 PM, listo factor wrote: > > To perform tasks that GPG is designed to accomplish in a safe manner > is *very, very hard*, and even the best documentation could not change > that fact. The efforts which concentrate on making it easy might > indeed increase the number of people that use it, but at the expense > of their safety. That, to me, appears to be behind a lot of projects > similar to the one discussed here. > So, maybe they will be safer if they don't use GPG at all? No efforts to facilitate GPG should be made because this will undermine the security of the users? GPG is only for the super-experts? I don't get this logic. I beleive that in certain conditions and under certain assumptions, only a small subset of GPG is needed. The rest can just not be used or have reasonable defaults. I beleive that simplification is possible and useful. -------------- next part -------------- An HTML attachment was scrubbed... URL: From listofactor at mail.ru Sat Mar 26 07:51:34 2016 From: listofactor at mail.ru (listo factor) Date: Sat, 26 Mar 2016 06:51:34 +0000 Subject: EasyGnuPG In-Reply-To: References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> Message-ID: <56F63176.9020301@mail.ru> On 03/26/2016 03:55 AM, Dashamir Hoxha wrote: > On Fri, Mar 25, 2016 at 9:50 PM, listo factor wrote: >> ... The efforts which concentrate on making it easy might >> indeed increase the number of people that use it, but at the >> expense... > So, maybe they will be safer if they don't use GPG at all? That is, essentially, correct. Allow me to expand. There are three groups of people whose interests overlap only partially: [A] GPG developers [B] GPG users that "have nothing to hide" [C] GPG users with secrets that must be protected from active and capable adversaries This mailing list (and specifically, the project that is the subject of this thread), appears to be dedicated to increasing the size of [B] for the benefit of [A]. I wish both [A] and [B] well, but I am concerned here with [C], who would indeed be much better off by not using GPG at all, than by using it with insufficient understanding, competence and prudence. From dashohoxha at gmail.com Sat Mar 26 09:18:36 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Sat, 26 Mar 2016 09:18:36 +0100 Subject: EasyGnuPG In-Reply-To: <56F63176.9020301@mail.ru> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <56F63176.9020301@mail.ru> Message-ID: On Sat, Mar 26, 2016 at 7:51 AM, listo factor wrote: > On 03/26/2016 03:55 AM, Dashamir Hoxha wrote: > >> On Fri, Mar 25, 2016 at 9:50 PM, listo factor >> wrote: >> > >> ... The efforts which concentrate on making it easy might > >> indeed increase the number of people that use it, but at the > >> expense... > > So, maybe they will be safer if they don't use GPG at all? >> > > That is, essentially, correct. > > Allow me to expand. There are three groups of people whose > interests overlap only partially: > > [A] GPG developers > > [B] GPG users that "have nothing to hide" > > [C] GPG users with secrets that must be protected from active > and capable adversaries > > This mailing list (and specifically, the project that is the subject > of this thread), appears to be dedicated to increasing the size of > [B] for the benefit of [A]. I wish both [A] and [B] well, but I am > concerned here with [C], who would indeed be much better off by not > using GPG at all, than by using it with insufficient understanding, > competence and prudence. I understand. But I think that privacy is a meaningful notion even when it doesn't mean protection from powerful adversaries. Smaller or small adversaries are as bad a big adversaries (sometimes they may be even worse). I also think that when groups [A] and [B] become larger and stronger, this does not harm group [C], instead it makes it stronger. -------------- next part -------------- An HTML attachment was scrubbed... URL: From k.mallen at soondae.co.uk Fri Mar 25 23:24:23 2016 From: k.mallen at soondae.co.uk (Keith Mallen) Date: Fri, 25 Mar 2016 22:24:23 +0000 Subject: EasyGnuPG In-Reply-To: <56F5A491.4020107@mail.ru> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> Message-ID: <1458944663.2799.2.camel@keith> I'm a noob. I'm drunk. I'll try. What do you want? ..ulterior motive is I might learn. Keith On Fri, 2016-03-25 at 20:50 +0000, listo factor wrote: > On 03/22/2016 09:21 PM, Peter Lebbing wrote: > > > ... writing good documentation is hard, very hard. In > > fact, it turned out to be easier to write academical papers on why it is so > > difficult to make crypto easy to use than to write documentation that makes > > crypto easy to use. > > It ~is~ hard, but only when the documentation is written ~after~ > the software has been built, based on the functionality definitions > derived from the program itself; instead of being based on a-priory > functionality specifications, that both the program and the > documentation must equally conform to. > > But even when that is the case, the documentation is hard to > understand for the user if there is no separate "Concepts and > Facilities" document, one that does not address or even mention > any interface or procedure detail, and unless the user understands > that a firm grasp of its content is an absolute requirement before > he or she can get to the interface and procedures documentation > (i.e., the "User Manual"). > > To perform tasks that GPG is designed to accomplish in a safe manner > is *very, very hard*, and even the best documentation could not change > that fact. The efforts which concentrate on making it easy might > indeed increase the number of people that use it, but at the expense > of their safety. That, to me, appears to be behind a lot of projects > similar to the one discussed here. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From gnupg at soondae.co.uk Sat Mar 26 13:56:50 2016 From: gnupg at soondae.co.uk (keith) Date: Sat, 26 Mar 2016 12:56:50 +0000 Subject: EasyGnuPG In-Reply-To: <1458944663.2799.2.camel@keith> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <1458944663.2799.2.camel@keith> Message-ID: <1458997010.2985.6.camel@keith> There you go. I've already demonstrated how rubbish I am by using my primary e-mail address rather than my 'registered' one to respond. Either you will throw your hands up in despair or think 'If this idiot can be taught to the extent that he can explain things to other idiots...' I'm not proud and I am not going to get upset if you decide I am the wrong person for the job. Offer's there anyway. Keith On Fri, 2016-03-25 at 22:24 +0000, Keith Mallen wrote: > I'm a noob. I'm drunk. I'll try. What do you want? > > ..ulterior motive is I might learn. > > Keith > > On Fri, 2016-03-25 at 20:50 +0000, listo factor wrote: > > On 03/22/2016 09:21 PM, Peter Lebbing wrote: > > > > > ... writing good documentation is hard, very hard. In > > > fact, it turned out to be easier to write academical papers on why it is so > > > difficult to make crypto easy to use than to write documentation that makes > > > crypto easy to use. > > > > It ~is~ hard, but only when the documentation is written ~after~ > > the software has been built, based on the functionality definitions > > derived from the program itself; instead of being based on a-priory > > functionality specifications, that both the program and the > > documentation must equally conform to. > > > > But even when that is the case, the documentation is hard to > > understand for the user if there is no separate "Concepts and > > Facilities" document, one that does not address or even mention > > any interface or procedure detail, and unless the user understands > > that a firm grasp of its content is an absolute requirement before > > he or she can get to the interface and procedures documentation > > (i.e., the "User Manual"). > > > > To perform tasks that GPG is designed to accomplish in a safe manner > > is *very, very hard*, and even the best documentation could not change > > that fact. The efforts which concentrate on making it easy might > > indeed increase the number of people that use it, but at the expense > > of their safety. That, to me, appears to be behind a lot of projects > > similar to the one discussed here. > > > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From muri+gnupg-users at immerda.ch Mon Mar 28 17:03:09 2016 From: muri+gnupg-users at immerda.ch (Muri Nicanor) Date: Mon, 28 Mar 2016 17:03:09 +0200 Subject: Which key is used to sign key? Message-ID: <56F947AD.808@immerda.ch> Hello again gnupg-users, when i have multiple secret keys, how can i specify which one to use to sign a key? (i.e. when using --quick-sign-key) cheers, muri From flapflap at riseup.net Mon Mar 28 19:05:40 2016 From: flapflap at riseup.net (flapflap) Date: Mon, 28 Mar 2016 17:05:40 +0000 Subject: Which key is used to sign key? In-Reply-To: <56F947AD.808@immerda.ch> References: <56F947AD.808@immerda.ch> Message-ID: <56F96464.1050507@riseup.net> Hi, Muri Nicanor: > when i have multiple secret keys, how can i specify which one to use to > sign a key? (i.e. when using --quick-sign-key) I didn't check with --quick-sign-key specifically, but usually I do the signing key selection via --sign-with KEYID/NAME, for example: gpg2 --sign-with flapflap --sign-key muri But strangely enough, I did not find --sign-with in the man page (Debian stable) or gpg2 --help... Cheers, -- flapflap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From muri+gnupg-users at immerda.ch Mon Mar 28 19:32:41 2016 From: muri+gnupg-users at immerda.ch (Muri Nicanor) Date: Mon, 28 Mar 2016 19:32:41 +0200 Subject: Which key is used to sign key? In-Reply-To: <56F96464.1050507@riseup.net> References: <56F947AD.808@immerda.ch> <56F96464.1050507@riseup.net> Message-ID: <56F96AB9.8000302@immerda.ch> hi On 03/28/2016 07:05 PM, flapflap wrote: > Hi, > > Muri Nicanor: >> when i have multiple secret keys, how can i specify which one to use to >> sign a key? (i.e. when using --quick-sign-key) > > I didn't check with --quick-sign-key specifically, but usually I do the > signing key selection via --sign-with KEYID/NAME, for example: > > gpg2 --sign-with flapflap --sign-key muri > > But strangely enough, I did not find --sign-with in the man page (Debian > stable) or gpg2 --help... ah, thanks! yes, looking at the source this seems to be an alias for --local-user / -u cheers, muri From youcanlinux at gmail.com Mon Mar 28 19:16:21 2016 From: youcanlinux at gmail.com (Daniel Villarreal) Date: Mon, 28 Mar 2016 12:16:21 -0500 Subject: EasyGnuPG In-Reply-To: <1458997010.2985.6.camel@keith> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <1458944663.2799.2.camel@keith> <1458997010.2985.6.camel@keith> Message-ID: <56F966E5.50801@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 26/03/16 07:56 AM, keith wrote: ... > I'm not proud and I am not going to get upset if you decide I am > the wrong person for the job. Offer's there anyway. Keith ... Keith, Don't give up, just try to keep learning. No one is born knowing this stuff. Should we not strive to use gnupg v2x ? I always try to use gpg2 on the command-line, whereas documentation seems to show gpg. example... Encrypting and decrypting documents https://gnupg.org/gph/en/manual.html#AEN111 - -- Daniel Villarreal http://www.youcanlinux.org youcanlinux at gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW+WbbAAoJEPJRiTioPntJFH8IAKw5CbwWI2h1wjqEaVTbPN2F eh8juM5qGAKH4CZ/yLTjDaQU/WFCOhtfRFpOGQgJ8zkhfG7ZN28VjWDKPGv2ze3j woMVGPqWndYcAC0YriwUFQQhG5KUaH6M5EvvCWtV3geMEvmh8YAuHRAtJs+o4UgG S2WazKlnf80MflJqMW2cdFwJLoZvnwZ4iVjSW8fYJ3JUKKi8S+MkR8HdTZVo7bm3 RBsBSfafdLrhRBd0xobiAsnH2FYfwIDpSquAJMJXZZcaXjr2N24Ca5xQZec1eHtA UHWSZXhqcsdQzfMJ64dMLJ6Ch43XS/tiqNISrKWlMlszuKeFm080rSiKWpK4nTo= =xtkK -----END PGP SIGNATURE----- From dashohoxha at gmail.com Mon Mar 28 21:58:45 2016 From: dashohoxha at gmail.com (Dashamir Hoxha) Date: Mon, 28 Mar 2016 21:58:45 +0200 Subject: Which key is used to sign key? In-Reply-To: <56F947AD.808@immerda.ch> References: <56F947AD.808@immerda.ch> Message-ID: On Mon, Mar 28, 2016 at 5:03 PM, Muri Nicanor wrote: > Hello again gnupg-users, > > when i have multiple secret keys, how can i specify which one to use to > sign a key? (i.e. when using --quick-sign-key) > According to the docs, you use `--default-key=` or `--local-user=` You can find the key id with the kommand `-K` or `--list-secret-keys`. -------------- next part -------------- An HTML attachment was scrubbed... URL: From viktordick86 at gmail.com Tue Mar 29 05:43:47 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Tue, 29 Mar 2016 05:43:47 +0200 Subject: EasyGnuPG In-Reply-To: <56F966E5.50801@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <1458944663.2799.2.camel@keith> <1458997010.2985.6.camel@keith> <56F966E5.50801@gmail.com> Message-ID: <56F9F9F3.9080108@gmail.com> On 28.03.2016 19:16, Daniel Villarreal wrote: > Should we not strive to use gnupg v2x ? I always try to use gpg2 on > the command-line, whereas documentation seems to show gpg. > > example... > Encrypting and decrypting documents > https://gnupg.org/gph/en/manual.html#AEN111 Depending on the system, the gnupg 2.x executable is still called 'gpg'. I guess it depends on if the distributor wants to keep easy backwards compatibility. On archlinux, for example, there is only one gnupg package and it currently ships 2.1.11. The executable is called gpg. I'd think all distributions will do that at some point since 2.x is meant to replace 1.x. Regards, Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From youcanlinux at gmail.com Tue Mar 29 05:53:44 2016 From: youcanlinux at gmail.com (Daniel Villarreal) Date: Mon, 28 Mar 2016 22:53:44 -0500 Subject: EasyGnuPG In-Reply-To: <56F9F9F3.9080108@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <1458944663.2799.2.camel@keith> <1458997010.2985.6.camel@keith> <56F966E5.50801@gmail.com> <56F9F9F3.9080108@gmail.com> Message-ID: <56F9FC47.4020501@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> [I] use gpg2 on the [CL] whereas [doco] seems to show gpg. >> https://gnupg.org/gph/en/manual.html#AEN111 > > Depending ... the gnupg 2.x executable is still called 'gpg'. I > guess it depends on if the distributor wants to keep easy backwards > compatibility. On archlinux,.. only one gnupg package ... The > executable is called gpg...Regards, Viktor "pgp --version" and "pgp2 --version" indeed showed different results on my system. Hmm. I can't help but wonder if it's such a big deal, so long as I'm otherwise following best practice and using the software as appropriately as I can, but I figure I'm on the right track by using gpg2 on the CL. - -- Daniel Villarreal http://www.youcanlinux.org youcanlinux at gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW+fxGAAoJEPJRiTioPntJy4oH/3B1uosavvq0B5QRk1/KBgZR hRNRV9wHnZR0BVLqfgno/6P6MvqSMsQodZ9pVyvrjgNlICZ18Yunpj8k2iFFLLUc HzRh9rba63cuvasviXhKkvcBUEuDBJMTnm1IY2yBLaUZJY4g4S3oOTOBEi8ezyNI ffSwdC9NxbfqpFncq4EFWsKOe8zZWEruAxi86C/2ubruBBO4MBBm/nsSb1na6gs6 sfb5RUMdTbiWHTukNUuaC1yaqUX///MxoJVq31ibNct6LqSmDYNVtySWkS0HcEvD C8d1BMGtDODO79ifd1GjrBvm3p88YbHyeMZh7nPtaWspUuaLBibmBxYimkzThTo= =c8Ri -----END PGP SIGNATURE----- From viktordick86 at gmail.com Tue Mar 29 06:09:57 2016 From: viktordick86 at gmail.com (Viktor Dick) Date: Tue, 29 Mar 2016 06:09:57 +0200 Subject: EasyGnuPG In-Reply-To: <56F9FC47.4020501@gmail.com> References: <201603211505.14794.bernhard@intevation.de> <201603220956.34169.bernhard@intevation.de> <56F11471.1060101@sixdemonbag.org> <56F1B75B.1000805@digitalbrains.com> <56F5A491.4020107@mail.ru> <1458944663.2799.2.camel@keith> <1458997010.2985.6.camel@keith> <56F966E5.50801@gmail.com> <56F9F9F3.9080108@gmail.com> <56F9FC47.4020501@gmail.com> Message-ID: <56FA0015.3000205@gmail.com> On 29.03.2016 05:53, Daniel Villarreal wrote: >> Depending ... the gnupg 2.x executable is still called 'gpg'. I >> guess it depends on if the distributor wants to keep easy backwards >> compatibility. On archlinux,.. only one gnupg package ... The >> executable is called gpg...Regards, Viktor To make my statement more precise, the executable is called gpg2 and /usr/bin/gpg is a symlink to /usr/bin/gpg2. If one wants to use 1.x, one needs to install it from the arch user repositories. Archlinux is not known for emphasizing backwards compatibility. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Mar 29 16:19:11 2016 From: wk at gnupg.org (Werner Koch) Date: Tue, 29 Mar 2016 16:19:11 +0200 Subject: EasyGnuPG In-Reply-To: <20160325142310-22972-41746-mailpile@plonky> (Bjarni Runar Einarsson's message of "Fri, 25 Mar 2016 14:32:40 -0000") References: <877fgsusy1.fsf@wheatstone.g10code.de> <20160325142310-22972-41746-mailpile@plonky> Message-ID: <87oa9xl63k.fsf@wheatstone.g10code.de> On Fri, 25 Mar 2016 15:32, bre at pagekite.net said: > This is a chicken-and-egg problem. Until the tool is made widely > available, people will not use it - most people don't even know It is actually a tool to help with gpgme development. However, Ben Kibbey seems to be using it for some of his software which is the reason for the XML output stuff. I have mentioned it only because we are evaluating ways to interact with web browsers and gpgme-tool might be useful to prototype a Native Messaging based browser extension. > This is one of the complaints/wishes us Mailpile folks had, for > some sort of stable socket/stdio-based programmatic API for > talking to GnuPG. This sort of interface would make it much more A socket based interface exists for years if you are going to use the UI-server approach we are using in Kleopatra, GpgOL and GpgEX. gpgme even provides high level access functions. If you want to try this you need an UI server (Kleopatra, GPA, or whatever you want to write) and then test it with gpg-connect-agent --uiserver (try the "HELP" command) A stdio based interfaces exists for more than 20 years. For example gpg can be used as a drop-in replacement for mutt's pgp support. But be aware that a stdio based interface has several problems which you can only solve with several channels or at least descriptor passing. > Requiring that a ruby, python or node.js dev know to install > GnuPG from the C sources and build this tool is a non-starter, They only need to install their language binding for GPGME. > So pretty please, ship it! :-) It is not useful right now. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bre at pagekite.net Wed Mar 30 10:05:25 2016 From: bre at pagekite.net (Bjarni Runar Einarsson) Date: Wed, 30 Mar 2016 08:05:25 -0000 Subject: EasyGnuPG In-Reply-To: <87oa9xl63k.fsf@wheatstone.g10code.de> References: <87oa9xl63k.fsf@wheatstone.g10code.de> Message-ID: <20160330073150-30314-7438-mailpile@plonky> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Werner, Thanks for the reply! Werner Koch wrote: > > This is one of the complaints/wishes us Mailpile folks had, for > > some sort of stable socket/stdio-based programmatic API for > > talking to GnuPG. This sort of interface would make it much more > > A socket based interface exists for years if you are going to > use the UI-server approach we are using in Kleopatra, GpgOL and > GpgEX. gpgme even provides high level access functions. If you > want to try this you need an UI server (Kleopatra, GPA, or > whatever you want to write) and then test it with > > gpg-connect-agent --uiserver FYI, on the latest Ubuntu (15.10), that command does not work: $ gpg-connect-agent --uiserver gpg-connect-agent: invalid option "--uiserver" Maybe I missed a step, but it appears at first glance that folks writing software targeting mainstream Linux users cannot reasonably make use of this facility yet? Ubuntu's gpg-connect-agent command comes from a package named gnupg-agent 2.0.28. All that aside, based on https://www.gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html, it looks like that protocol is only suitable for localhost operations, it relies on both file paths and file descriptors - neither of which work over the network. This makes it unsuitable for a number of potential use-cases. > A stdio based interfaces exists for more than 20 years. We've discussed this at length. It's quite hard to use programmatically, in part because it has existed for so long and has to maintain quirks and compatibility with such a long legacy. But you know that! :-) > > Requiring that a ruby, python or node.js dev know to install > > GnuPG from the C sources and build this tool is a non-starter, > > They only need to install their language binding for GPGME. ... and figure out how to use it! The Python bindings had abysmal documentation when I started working on Mailpile, the assumption appears to have been that Python devs could just read the C library docs and fill in the blanks themselves (not a reasonable assumption). I'm glad to see that in the meantime someone did some work on improving that (https://github.com/rshk/pygpgme, https://pygpgme.readthedocs.org/en/latest/). Hopefully that work will make it back into the main library? > > So pretty please, ship it! :-) > > It is not useful right now. Okay. :-) Take care, - Bjarni - -- PageKite.net lets your personal computer be part of the web. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW+4jFAAoJEI4ANxYAz5SRDh8IALSdAFqL/5UjQw+m51YrNi6A 62jkhIcjs6FwEGlYsCZSFKte6uy/caHMFcLdl78Ca+BJfyY/030nGv2MIGPkMOZa nhfDet8bkuerKHAPDCTgukL6BS+ULOBGzKn1lbu+lCWVhPV7gtqp+l4vXirRJJGG 7isnKmhNglGqsNGNb2NNGDvM3YGhePe77jHcnwUKfiz48O9IzqO/Ka1vPqrXDS2v +b1Pl3FCjHti5/CIyY16tRrzSQ3d1a8R9reTq0IKKAu4eb9k4dLN2zCTKxhvDiH+ J8zJP/bsLYBJJXahyJN6HJ7+RoLPFDeF0t4DoU2quOSVSoB1FNHaPeb7CF/sUUQ= =RQcM -----END PGP SIGNATURE----- From paolo.bolzoni.brown at gmail.com Wed Mar 30 11:31:19 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Wed, 30 Mar 2016 11:31:19 +0200 Subject: How do you think the FBI managed to get the clear text of the infamous phone? Message-ID: Dear list, I am aware it is out topic, but still I assume as we are security oriented people (otherwise why being part of this email list?) I think it is interesting food for thought. As far as I understood the situation is: The iPhone uses AES (256?) to encrypt the storage. The phone owner, probably the only person who knew the password, is dead. To access the phone storage there is a Trusted Platform Module (TPM) chip that should force the access to the storage through a well known path: the Apple software FBI asked to change. The TPM contains the AES key protected with the password, the things FBI asked to change were: 1- removing the feature that the key is destroyed after 10 wrong tries, 2- remove the forced delay between every wrong password attempt, 3- allow machines to try a password. I far as I can see the only possible weak point is the TPM, it should not be possible to workaround it. But it sounds even less plausible to break AES directly or ask the dead person. What do you know about this case? Yours faithfully, Paolo From johanw at vulcan.xs4all.nl Wed Mar 30 12:47:44 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 12:47:44 +0200 Subject: How do you think the FBI managed to get the clear text of the infamous phone? In-Reply-To: References: Message-ID: <56FBAED0.7020906@vulcan.xs4all.nl> On 30-03-2016 11:31, Paolo Bolzoni wrote: > The TPM contains the AES key protected with the password, AFAIK on the iPhone 5c at last the password this is not in some special TMP. Only the iPhones with a fingerprint scanner (5s and above) have that hardware and should not be vulnerable to that kind of attack. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw at vulcan.xs4all.nl Wed Mar 30 12:49:38 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 12:49:38 +0200 Subject: How do you think the FBI managed to get the clear text of the infamous phone? In-Reply-To: References: Message-ID: <56FBAF42.1030707@vulcan.xs4all.nl> On 30-03-2016 11:31, Paolo Bolzoni wrote: AFAIK the Cellbrite hack works by replacing the boot manager and so being able to overwriting system memory, just as custom recoveries do on Android phones. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Wed Mar 30 13:28:06 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 07:28:06 -0400 Subject: How do you think the FBI managed to get the clear text of the infamous phone? In-Reply-To: <56FBAF42.1030707@vulcan.xs4all.nl> References: <56FBAF42.1030707@vulcan.xs4all.nl> Message-ID: <56FBB846.9010903@sixdemonbag.org> > AFAIK the Cellbrite hack works by replacing the boot manager and so > being able to overwriting system memory, just as custom recoveries do on > Android phones. It's also worth noting that we'll likely discover what the exploit was in the next few weeks. From listofactor at mail.ru Wed Mar 30 14:16:11 2016 From: listofactor at mail.ru (listo factor) Date: Wed, 30 Mar 2016 12:16:11 +0000 Subject: What am I missing? In-Reply-To: References: Message-ID: <56FBC38B.4050602@mail.ru> I do not use this device, so I am wondering if those that are familiar with it may be kind enough to confirm my understanding of its security architecture: The device uses a protected hardware module, which does several things: 1) It uses it's own secret, etched in silicone, in combination with a user-supplied secret to generate symmetric encryption key. 2) It never exports either it's own secret or the generated key, instead it performs all encryption/decryption operations on the blocks that the general-purpose processor provides to it and receives from it. 3) It only executes the code signed by a private key for which it holds a corresponding public key. 4) In order to make brute-forcing of user secret impractical, it delays successive key-generation requests and erases it's own secret after a small number of unsuccessful attempts. All of this is done in order to make it possible for the majority of device users to opt for the convenience of an extremely low-entropy user secret (only 4 digits?). However, there is nothing to prevent the user to opt for a pass-phrase of such length that brute-forcing it would be impossible, even on hardware that has no restrictions built into it. If this is all essentially correct, someone who knows that the content of his device-at-rest is extremely valuable to an attacker would surely use a pass-phrase of adequate length, and thus make a potential cooperation from the device builder to his adversary inconsequential. What am I missing in this whole case? From sscheerer at kc.rr.com Wed Mar 30 13:35:38 2016 From: sscheerer at kc.rr.com (Susan Scheerer) Date: Wed, 30 Mar 2016 06:35:38 -0500 Subject: Unsubscribe Message-ID: Unsubscribe Susan Scheerer 9717 North Harrison Street Kansas City, MO 64155 (816) 734-8595 Home (816) 405-1144 Cell -------------- next part -------------- An HTML attachment was scrubbed... URL: From johanw at vulcan.xs4all.nl Wed Mar 30 15:26:12 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 15:26:12 +0200 Subject: How do you think the FBI managed to get the clear text of the infamous phone? In-Reply-To: <56FBB846.9010903@sixdemonbag.org> References: <56FBAF42.1030707@vulcan.xs4all.nl> <56FBB846.9010903@sixdemonbag.org> Message-ID: <56FBD3F4.6050008@vulcan.xs4all.nl> On 30-03-2016 13:28, Robert J. Hansen wrote: >> AFAIK the Cellbrite hack works by replacing the boot manager and so >> being able to overwriting system memory, just as custom recoveries do on >> Android phones. > > It's also worth noting that we'll likely discover what the exploit was > in the next few weeks. Yes, if it would allow the community to write a custom recovery for iPhones that would be nice to have. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw at vulcan.xs4all.nl Wed Mar 30 15:29:27 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 15:29:27 +0200 Subject: What am I missing? In-Reply-To: <56FBC38B.4050602@mail.ru> References: <56FBC38B.4050602@mail.ru> Message-ID: <56FBD4B7.3090609@vulcan.xs4all.nl> On 30-03-2016 14:16, listo factor wrote: > If this is all essentially correct, someone who knows that > the content of his device-at-rest is extremely valuable to an > attacker would surely use a pass-phrase of adequate length, and > thus make a potential cooperation from the device builder to > his adversary inconsequential. > > What am I missing in this whole case? The assumption that access to this particular device was where this lawsuit was about. The FBI wanted clearly an easy access to ALL devices and a court ruling to force other companies into compliance. I assume their next victim will be a party with less deep pockets to fight back. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Wed Mar 30 15:41:47 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 09:41:47 -0400 Subject: What am I missing? In-Reply-To: <56FBC38B.4050602@mail.ru> References: <56FBC38B.4050602@mail.ru> Message-ID: <56FBD79B.3030402@sixdemonbag.org> > What am I missing in this whole case? As I might someday want to work in the field of digital forensics again, I'm going to keep my mouth shut about this specific case. But speaking generally ... Bruce Schneier is fond of saying that experience in breaking ciphers is necessary before someone can write a good cipher. The same applies to forensics: without a background in how forensicists actually work, you don't have good odds of figuring out how forensicists have recovered data. From rjh at sixdemonbag.org Wed Mar 30 15:46:12 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 09:46:12 -0400 Subject: What am I missing? In-Reply-To: <56FBD4B7.3090609@vulcan.xs4all.nl> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> Message-ID: <56FBD8A4.9070501@sixdemonbag.org> > The FBI wanted clearly an easy access to ALL devices and a court ruling > to force other companies into compliance... I try not to get involved in conspiracy theories, but this one's just... outrageous. So, let's assume the FBI wanted a court ruling to force other companies into compliance. Which makes more sense? To take on a multibillion-dollar and much-beloved company like Apple and fight their entire legal department to get a court precedent it can then use to force smaller guys into compliance... ... or would they take on a small company that can't put up as much of a legal fight and wouldn't get as much publicity? And then, having won that, go to Apple and say "we have precedent on our side"? Your idea works only if you assume the FBI is pathologically stupid. From panina at nonbinary.me Wed Mar 30 14:59:35 2016 From: panina at nonbinary.me (sverker wahlin) Date: Wed, 30 Mar 2016 14:59:35 +0200 Subject: All mails identified as spams by Google In-Reply-To: <56FB0924.6060108@nonbinary.me> References: <56FB0924.6060108@nonbinary.me> Message-ID: <56FBCDB7.6050903@nonbinary.me> I'm in the process of setting up my webmail services, and have been digging through quite a lot of standards. It seems to me that gnupg.org's mail servers do not have any SPF/DKIM/DMARC records in the DNS. These are authentication standards issued by IETF, and are meant to stop spam and authenticate senders. As a host for a mailing list, it might be something that might be interesting for gnupg.org to set up - at least the SPF is dead simple. I think google is starting to apply these rules more & more. Also, they seem to sometimes use ipv6 addresses, sometimes ipv4. Some of my emails bounced due to my lack of ipv6 addresses in my DNS, but some got delivered through ipv4. This might be why some google recipients got the list, and some not. However, if anyone finds out how to get emails delivered to hotmail.com, let me know. Surprisingly, btw, hotmail & has PGP verification built-in. <3 /panina, nonbinary.me On 2016-03-25 21:11, Guan Xin wrote: > On Fri, Mar 25, 2016 at 7:44 PM, Werner Koch > wrote: > > > Exactly. FWIW, We do the same for all incoming mail. It was my fault > that I had not explicitly assigned the v6 address of > lists.gnupg.org and > so when I added a new v6 address that address was picked up and its > reverse lookup showed gnutls.org . > > Sorry again. > > > Shalom-Salam, > > Werner > > > Thanks for the confirmation! Now everything works fine. > > Regards, > Guan > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From johanw at vulcan.xs4all.nl Wed Mar 30 17:40:16 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 17:40:16 +0200 Subject: What am I missing? In-Reply-To: <56FBD8A4.9070501@sixdemonbag.org> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> Message-ID: <56FBF360.2080102@vulcan.xs4all.nl> On 30-03-2016 15:46, Robert J. Hansen wrote: >> The FBI wanted clearly an easy access to ALL devices and a court ruling >> to force other companies into compliance... > I try not to get involved in conspiracy theories, but this one's just... > outrageous. Why would this be an outragious conspiracy theory? What could the FBI possibly find in that phone that would be so important? Nothing for a court case because the owner was already dead, and they already ghave the records who he called with the device, they can be obtained from the carrier. > So, let's assume the FBI wanted a court ruling to force other companies > into compliance. Which makes more sense? To take on a > multibillion-dollar and much-beloved company like Apple and fight their > entire legal department to get a court precedent it can then use to > force smaller guys into compliance... The smaller company would probably not have gone to court over it and just complied, so it would not set a legal precedent. Or it would just have closed itself, like Lavabit. > ... or would they take on a small company that can't put up as much of a > legal fight and wouldn't get as much publicity? And then, having won > that, go to Apple and say "we have precedent on our side"? That's probably their next step. They just have to wait for the right moment, i.e. a terrorist, child molester or serial killer case with a locked device. > Your idea works only if you assume the FBI is pathologically stupid. I won't rule that out either, but I was not assuming it. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Wed Mar 30 18:03:46 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 12:03:46 -0400 Subject: What am I missing? In-Reply-To: <56FBF360.2080102@vulcan.xs4all.nl> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FBF360.2080102@vulcan.xs4all.nl> Message-ID: <56FBF8E2.1060200@sixdemonbag.org> > Why would this be an outragious conspiracy theory? Because it assumes the FBI is stupid. Conspiracy theories which require the conspirators are morons are very rarely correct. > The smaller company would probably not have gone to court over it and > just complied, so it would not set a legal precedent. Or it would just > have closed itself, like Lavabit. So they find one that's large enough to put up a fight but not large enough to win. Your conspiracy theory founders on the fact that Apple is *the largest* and *most formidable* player in this space. (Maybe Alphabet can compete with them for that title.) If they can win against Apple, they don't need precedents to pull on others. If they need precedents, they would be for use against Apple. Put this in terms of a computer RPG. You take on the smallest monsters, get level-ups and better weapons, take out the mini-boss, get equipment from that fight, and ultimately use everything you acquired along the way to fight the boss monster and win. But if you're strong enough to take on the boss monster without any of that stuff, why would you need it to take on the small guys? From peter at digitalbrains.com Wed Mar 30 19:13:05 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 30 Mar 2016 19:13:05 +0200 Subject: What am I missing? In-Reply-To: <56FBD8A4.9070501@sixdemonbag.org> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> Message-ID: <56FC0921.6050200@digitalbrains.com> (I think this is too far off-topic actually, but hey) On 30/03/16 15:46, Robert J. Hansen wrote: > I try not to get involved in conspiracy theories, but this one's just... > outrageous. Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the FBI, or at least part of it, would like to have a backdoor? They even got the US president to say that he would like phones to have a backdoor. (It's clear his previous job wasn't in IT security, because he'd then know it would seriously weaken the protection of all phones the whole world over.) I hear the police here in the Netherlands sometimes outright say they would like easier access to suspects' files, not having to crack encryption. Is it hard to imagine that the FBI might want the same thing, and that they can decide to use public opinion, a case where a lot of innocent people died, as a lever to force a change they'd like to see? I don't believe one moment they are so kind-hearted that they would never exploit a tragedy for their own gain. (But obviously, you can't say you're doing that, because that would be self-defeating.) There are some really odd things. Everybody with some interest in this area knows the first thing you do is make a low-level copy of all storage before you begin anything. However, the FBI complains "it will wipe itself after X tries". Without a TPM-like chip, just using regular memory chips and software, this is not an obstacle for a well-funded shop. And several parties have offered to crack the encryption, but the FBI didn't take them up on it. Whereas once you have your copy, you can go crazy on a copy, fuck up, make a new copy and ?REDO FROM START. So as long as you are comfortable with the third party also reading what's on the phone, you can take them up on it without damage. Unless of course it isn't about the data on the phone. So I definitely did think this was about more than just this one phone. Like I said, they even got a statement from the US president that "phones should have a backdoor". But then suddenly they drop the case because they cracked the phone. That was a major surprise for me. I cannot place it. You know much more about digital forensics than me obviously. The only thing /I/ can think of is that there actually /is/ a TPM-like device involved. However, I've understood that there is not, that it is simply all software. Perhaps I was misinformed. > ... or would they take on a small company that can't put up as much of a > legal fight and wouldn't get as much publicity? Hmmm, if you want to use public opinion as a force, you'd first need a terrorist or child molester or what not who uses a phone made by a small company... Which phone would that even be, by the way? Ubuntu phone, Jolla? Because I think most people have either Android, Apple or Windows Phone. All three large companies. And it wouldn't help to sue Microsoft, as Microsoft is of the interesting opinion that the FBI is right, so you wouldn't get a court order with legal precedence. And you say the publicity is a bad thing. But they have a lot of sway because this is a terrorist. If they just went after a small fish with an uncommon phone and the court said "No, you can't have your backdoor", they'd have precedent for the wrong outcome! You want to go in strong. For instance, you need to make it like your opponent is in favour of terrorists and child molesters. "Smoking pot funds terrorism"? I'm not saying you're wrong; I don't know. I think there is more than just this one phone, it doesn't add up without a good TPM chip deterring them. But that they dropped the case doesn't seem to make sense in that scenario, which is in favour of your view. I /am/ surprised by your vehemency stating it's "outrageous". I don't think it's an outrageous view. My 2 cents, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Wed Mar 30 19:37:17 2016 From: wk at gnupg.org (Werner Koch) Date: Wed, 30 Mar 2016 19:37:17 +0200 Subject: EasyGnuPG In-Reply-To: <20160330073150-30314-7438-mailpile@plonky> (Bjarni Runar Einarsson's message of "Wed, 30 Mar 2016 08:05:25 -0000") References: <87oa9xl63k.fsf@wheatstone.g10code.de> <20160330073150-30314-7438-mailpile@plonky> Message-ID: <87y48zj29e.fsf@wheatstone.g10code.de> On Wed, 30 Mar 2016 10:05, bre at pagekite.net said: > FYI, on the latest Ubuntu (15.10), that command does not work: You need 2.1 of course .-) > https://www.gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html, > it looks like that protocol is only suitable for localhost > operations, it relies on both file paths and file descriptors - Right - it is an IPC protocol. > has to maintain quirks and compatibility with such a long legacy. > But you know that! :-) yep. > The Python bindings had abysmal documentation when I started > working on Mailpile, the assumption appears to have been that Right. Meanwhile we have a branch in gpgme with a very enhanced binding including documentation. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From paolo.bolzoni.brown at gmail.com Wed Mar 30 20:04:34 2016 From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni) Date: Wed, 30 Mar 2016 20:04:34 +0200 Subject: What am I missing? In-Reply-To: <56FC0921.6050200@digitalbrains.com> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> Message-ID: Actually I thought there is a TPM that is needed to "talk" with the storage. If one fails to input the password enough times, the TPM destroys the key. You can say that it is false that the storage get destroyed but, since it AES encrypted, after destroying the key it is pretty much the same. If it was only software, where the AES key is stored? And why not copy the storage? From rjh at sixdemonbag.org Wed Mar 30 20:08:18 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 14:08:18 -0400 Subject: What am I missing? In-Reply-To: <56FC0921.6050200@digitalbrains.com> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> Message-ID: <56FC1612.7020902@sixdemonbag.org> > Can I ask why the conspiracy theory is "outrageous"? Yes. You and Johann seem to be of the opinion the FBI's petition was unusual. It wasn't, really, except in the fact that they were going after someone who had the resources to fight it, and they were asking for just a little bit more than Apple was willing to go along with. But the general idea, "use the All Writs Act to compel a company to bypass security measures"? Already been done. The precedent already exists. See, e.g.: https://scholar.google.com/scholar_case?case=7012457256018582034 Johann's position: "The FBI wanted to get precedent on their side so they could use it as a club against other smaller companies." My position: "The FBI already had precedent on their side from clubbing other smaller companies, and they decided they finally had enough legal support to go after the big fish: Apple." If you believe Johann's position, it requires you to believe two things: * The FBI is dumb enough to go after the biggest player first, * The FBI doesn't know they already have the precedents they want. Do I think the FBI had plans for how to capitalize on a court victory? Sure. But this particular idea, that the FBI wanted to get precedent on their side to go after smaller players next, is ... it's crazy talk. > Hmmm, if you want to use public opinion as a force, you'd first need > a terrorist or child molester or what not who uses a phone made by a > small company... Which phone would that even be, by the way? Ubuntu > phone, Jolla? The Middle East in particular is full of small, weird mobile phone manufacturers. Looking over my notes of mobile manufacturers I've worked with and starting at the top, there's Alcatel. Lot of Motorola, lot of Samsung, and at the end there's ZTE. It is *not* hard to find atrocities on mobiles by small manufacturers. And in the interests of not going into detail on the stuff of my nightmares, I'm going to leave it at that. From raubvogel at gmail.com Wed Mar 30 19:26:23 2016 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed, 30 Mar 2016 13:26:23 -0400 Subject: What am I missing? In-Reply-To: <56FC0921.6050200@digitalbrains.com> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> Message-ID: On Wed, Mar 30, 2016 at 1:13 PM, Peter Lebbing wrote: > (I think this is too far off-topic actually, but hey) > > On 30/03/16 15:46, Robert J. Hansen wrote: >> I try not to get involved in conspiracy theories, but this one's just... >> outrageous. > > Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the > FBI, or at least part of it, would like to have a backdoor? They even got the US > president to say that he would like phones to have a backdoor. (It's clear his > previous job wasn't in IT security, because he'd then know it would seriously > weaken the protection of all phones the whole world over.) I hear the police > here in the Netherlands sometimes outright say they would like easier access to > suspects' files, not having to crack encryption. Is it hard to imagine that the > FBI might want the same thing, and that they can decide to use public opinion, a > case where a lot of innocent people died, as a lever to force a change they'd > like to see? I don't believe one moment they are so kind-hearted that they would > never exploit a tragedy for their own gain. (But obviously, you can't say you're > doing that, because that would be self-defeating.) > > There are some really odd things. Everybody with some interest in this area > knows the first thing you do is make a low-level copy of all storage before you > begin anything. However, the FBI complains "it will wipe itself after X tries". Which is amusing since the old Blackberry also did that. At least my Storm 2. > Without a TPM-like chip, just using regular memory chips and software, this is > not an obstacle for a well-funded shop. > Who is to say the TPM chip does not have a backdoor already? > And several parties have offered to crack the encryption, but the FBI didn't > take them up on it. Whereas once you have your copy, you can go crazy on a copy, > fuck up, make a new copy and ?REDO FROM START. So as long as you are comfortable > with the third party also reading what's on the phone, you can take them up on > it without damage. Unless of course it isn't about the data on the phone. > > So I definitely did think this was about more than just this one phone. Like I > said, they even got a statement from the US president that "phones should have a > backdoor". But then suddenly they drop the case because they cracked the phone. > That was a major surprise for me. I cannot place it. > > You know much more about digital forensics than me obviously. The only thing /I/ > can think of is that there actually /is/ a TPM-like device involved. However, > I've understood that there is not, that it is simply all software. Perhaps I was > misinformed. > >> ... or would they take on a small company that can't put up as much of a >> legal fight and wouldn't get as much publicity? > > Hmmm, if you want to use public opinion as a force, you'd first need a terrorist > or child molester or what not who uses a phone made by a small company... Which > phone would that even be, by the way? Ubuntu phone, Jolla? Because I think most > people have either Android, Apple or Windows Phone. All three large companies. > And it wouldn't help to sue Microsoft, as Microsoft is of the interesting > opinion that the FBI is right, so you wouldn't get a court order with legal > precedence. > Also, Google already gets data from whoever uses its services/software/hardware. Who is to day they too are not like Microsoft and giving it to government agencies? Now, the amusing thing is: had the FBI won, other nations would have a valid precedent to demand the very same thing. If you remember, for a while the Blackberry messaging system was considered highly secure if both parties were using the BB enterprise thing. But then a few countries forced RIM, who is smaller than Apple (and Canadian, which automatically means less clout and money) to put servers in those networks so they could decrypt the messages being sent. > And you say the publicity is a bad thing. But they have a lot of sway because > this is a terrorist. If they just went after a small fish with an uncommon phone > and the court said "No, you can't have your backdoor", they'd have precedent for > the wrong outcome! You want to go in strong. For instance, you need to make it > like your opponent is in favour of terrorists and child molesters. "Smoking pot > funds terrorism"? > > I'm not saying you're wrong; I don't know. I think there is more than just this > one phone, it doesn't add up without a good TPM chip deterring them. But that > they dropped the case doesn't seem to make sense in that scenario, which is in > favour of your view. I /am/ surprised by your vehemency stating it's > "outrageous". I don't think it's an outrageous view. > > My 2 cents, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From guru at unixarea.de Wed Mar 30 20:43:28 2016 From: guru at unixarea.de (Matthias Apitz) Date: Wed, 30 Mar 2016 20:43:28 +0200 Subject: What am I missing? In-Reply-To: References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> Message-ID: <20160330184328.GB2011@c720-r292778-amd64> El d?a Wednesday, March 30, 2016 a las 01:26:23PM -0400, Mauricio Tavares escribi?: > On Wed, Mar 30, 2016 at 1:13 PM, Peter Lebbing wrote: > > (I think this is too far off-topic actually, but hey) > > > > On 30/03/16 15:46, Robert J. Hansen wrote: > >> I try not to get involved in conspiracy theories, but this one's just... > >> outrageous. > > > > Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the > > FBI, or at least part of it, would like to have a backdoor? They even got the US > > ... Hello, The thread in general has less or nothing todo with GnuPG, but I understand the interest in the technical background, used tools etc. But we should not discuss here opinions about the politics of the "bad", whoever could be named with this word. This would be really off-topic and should be discussed elsewhere. Just my 0.02 pesos cubanos matthias -- Matthias Apitz, ? guru at unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045 From rjh at sixdemonbag.org Wed Mar 30 20:59:29 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 14:59:29 -0400 Subject: What am I missing? In-Reply-To: References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> Message-ID: <56FC2211.8020200@sixdemonbag.org> > If it was only software, where the AES key is stored? And why not copy > the storage? iPhones put memory in tamper-resistant hardware. I'll note that tamper-resistant isn't tamper-proof. From peter at digitalbrains.com Wed Mar 30 21:19:01 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 30 Mar 2016 21:19:01 +0200 Subject: What am I missing? In-Reply-To: <56FC1612.7020902@sixdemonbag.org> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> <56FC1612.7020902@sixdemonbag.org> Message-ID: <56FC26A5.2070909@digitalbrains.com> On 30/03/16 20:08, Robert J. Hansen wrote: > Johann's position: "The FBI wanted to get precedent on their side so > they could use it as a club against other smaller companies." I'll just speak for myself. My position: I think the FBI wanted something that could be /reused/ later, not just for this case. It wasn't just about this phone. And if they can /then/ use that to compell other companies to write the same software for their phones like Apple was supposed to do, that's pretty nice too, and also a form of "to be reused later". But this is getting into too much detail and only muddles the discussion. The core point is: they wanted more than just this phone. But they said it was only about this phone. Is this "conspiracy theory" outrageous? Or only the one where they wanted legal precedent? On 30/03/16 20:59, Robert J. Hansen wrote: > iPhones put memory in tamper-resistant hardware. I'll note that > tamper-resistant isn't tamper-proof. So you really think the FBI needed Apple to do this for them? It's an open question, it's not the leering "really" kind. They don't have the equipment to read out the memory? They can perfect their technique on a whole bunch of innocent sacrificial iPhones, I'm sure the expenses are tax-deductible ;). Anyway, I should mention that I limited my "what phones are there" to /smart/phones, because feature phones and dumb phones have much less interesting data... most of it can just be had from the provider (call records, SMS). And if it has picture and sound storage, I don't think it will be encrypted. Somebody else mentioned Blackberry, I guess there's still that one. Cheers, Peter. PS: In Dutch, we write the name "Johan" with one n; they seem to flourish quite well without the support of additional ones. It's the Germans that seem to have trouble to /stop/ spelling Johan :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From johanw at vulcan.xs4all.nl Wed Mar 30 21:25:57 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 30 Mar 2016 21:25:57 +0200 Subject: What am I missing? In-Reply-To: <56FC1612.7020902@sixdemonbag.org> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> <56FC1612.7020902@sixdemonbag.org> Message-ID: <56FC2845.8010300@vulcan.xs4all.nl> On 30-03-2016 20:08, Robert J. Hansen wrote: > My position: "The FBI already had precedent on their side from clubbing > other smaller companies, and they decided they finally had enough legal > support to go after the big fish: Apple." I didn't see this from the legal files, but did the FBI used these precedents in court? Further, a legal battle might be expensive but if you're a company over a certain size it's all the same. There is not really an advantage of having 10T$ instead of only 1T$ in your bank account. > Do I think the FBI had plans for how to capitalize on a court victory? > Sure. But this particular idea, that the FBI wanted to get precedent on > their side to go after smaller players next, is ... it's crazy talk. OK, perhaps going after others was not their main goal. However, using this tool to crack other iPhones was surely on their wish list. > The Middle East in particular is full of small, weird mobile phone > manufacturers. Looking over my notes of mobile manufacturers I've > worked with and starting at the top, there's Alcatel. Lot of Motorola, > lot of Samsung, and at the end there's ZTE. But how well are they protected? Android disk encryption uses (by default) the key you use to unlock the screen, which is probably easy in most cases. BTW, "Johann" with 2 n's is the German spelling. In Dutch it's only 1 n at the end. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Wed Mar 30 21:57:02 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 15:57:02 -0400 Subject: What am I missing? In-Reply-To: <56FC26A5.2070909@digitalbrains.com> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> <56FC1612.7020902@sixdemonbag.org> <56FC26A5.2070909@digitalbrains.com> Message-ID: <56FC2F8E.5020902@sixdemonbag.org> > The core point is: they wanted more than just this phone. But they > said it was only about this phone. That's the core point you're making, and I have no opinion on it. > Is this "conspiracy theory" outrageous? Or only the one where they > wanted legal precedent? The latter. They believed they already had the precedents they needed; otherwise they would've never brought the lawsuit. > They don't have the equipment to read out the memory? How would I know? What's public record is this: they hire a *lot* of forensics nerds from the private sector and have long-standing relationships with major forensics firms like Kyrus, Cellebrite, and others. I suspect it's fair to conclude they need support from the private sector for a lot of their operations. > PS: In Dutch, we write the name "Johan" with one n; they seem to > flourish quite well without the support of additional ones. It's the > Germans that seem to have trouble to /stop/ spelling Johan :). My apologies to Johan. :) Many years ago I was an exchange student in Hildesheim, Germany. My knowledge of German has atrophied considerably in the last twenty years, but I suspect some lingering instinct there compelled me to add the second 'n'. From rjh at sixdemonbag.org Wed Mar 30 22:04:28 2016 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 30 Mar 2016 16:04:28 -0400 Subject: What am I missing? In-Reply-To: <56FC2845.8010300@vulcan.xs4all.nl> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> <56FC1612.7020902@sixdemonbag.org> <56FC2845.8010300@vulcan.xs4all.nl> Message-ID: <56FC314C.50401@sixdemonbag.org> > BTW, "Johann" with 2 n's is the German spelling. In Dutch it's only 1 > n at the end. I apologize; I meant no disrespect. > I didn't see this from the legal files, but did the FBI used these > precedents in court? The particular case I cited was just one of many times the government used the All Writs Act to compel a manufacturer to bypass security. The FBI's petition with respect to Apple attempted to use the All Writs Act in a similar way. I don't know if they used the specific case I cited as precedent; they had many options to choose from. From robert.cavanaugh at broadcom.com Wed Mar 30 21:26:24 2016 From: robert.cavanaugh at broadcom.com (bob cavanaugh) Date: Wed, 30 Mar 2016 12:26:24 -0700 Subject: What am I missing? In-Reply-To: <56FC2211.8020200@sixdemonbag.org> References: <56FBC38B.4050602@mail.ru> <56FBD4B7.3090609@vulcan.xs4all.nl> <56FBD8A4.9070501@sixdemonbag.org> <56FC0921.6050200@digitalbrains.com> <56FC2211.8020200@sixdemonbag.org> Message-ID: <00d201d18aba$0ccd3420$26679c60$@broadcom.com> Group, Although this is off-topic, I have to jump in... Robert is being reticent about the state-of-the-art regarding shall we say "data recovery". While I will adopt the same level of reticence (probably for the same reasons) let me state my firm belief that the FBI could have applied to other US government agencies or third parties to achieve their ends. What I believe this was really about (while agreeing w/ Robert on the previous precedence issue) is 1) If Apple caved the FBI's job would be much easier, so why not try for the low-hanging fruit? Once Apple acquiesced, nobody else on the planet could take a stand against the precedents. Remember that even our US court system was divided on this issue 2) They took advantage of the heinous acts in San Bernadino to frame the debate on personal privacy vs security in their favor, making future requests more likely to succeed in the courts. It is more difficult to make a case for compelling companies to add back-doors to deter financial scam artists than it is to state you are protecting people from terrorists. Final note: The district attorney's office in New York City claims they have about 200 phones they want to unlock and were very eager to see the FBI court case resolved in their favor. Again, I believe this is not an issue of capability rather one of time, money and resources. All that being said, I believe the FBI and law enforcement need to update their toolsets and resources. Lest any of you think I am not concerned about this topic, I live about an hour from the office where the shootings took place. I do not believe that the entire security fabric that we all depend on every day should be compromised in response; there are other ways to handle the problem. Thanks, Bob Cavanaugh From MichaelQuigley at TheWay.Org Wed Mar 30 22:11:37 2016 From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org) Date: Wed, 30 Mar 2016 16:11:37 -0400 Subject: What am I missing? In-Reply-To: References: Message-ID: "Gnupg-users" wrote on 03/30/2016 03:25:55 PM: > ----- Message from "Robert J. Hansen" on Wed, > 30 Mar 2016 14:08:18 -0400 ----- > > To: > > Peter Lebbing , gnupg-users at gnupg.org . . . . . . . . . > > If you believe Johann's position, it requires you to believe two things: > > * The FBI is dumb enough to go after the biggest player first, > * The FBI doesn't know they already have the precedents they > want. And then why would they have dropped the case when they got access to the data? -------------- next part -------------- An HTML attachment was scrubbed... URL: From listofactor at mail.ru Thu Mar 31 03:41:06 2016 From: listofactor at mail.ru (listo factor) Date: Thu, 31 Mar 2016 01:41:06 +0000 Subject: What am I missing? (Again) In-Reply-To: References: Message-ID: <56FC8032.1040403@mail.ru> On 03/30/2016 12:16 PM, listo factor - listofactor at mail.ru wrote: > I do not use this device, so I am wondering... There was a quite a few posts following my question, but unfortunately those quickly drifted off to the aspects of this case (good/bad government(s), compelling rich/poor vendor(s)...) that are of no interest to me, and also clearly OT for this list, and none provided the answer. Let me condense and try again: 1) Is it correct that this particular device maker designed a sophisticated hardware-based system with the specific purpose of thwarting the brute-forcing of ridiculously low-entropy user's secret? Yes/no? 2) Is it possible for the user to circumvent the potential problem of the device maker cooperating with his adversary to by-pass this protection, simply by using a pass-phrase of an appropriate length? Yes/no? Is anybody on this list user/owner of this device? (as I am not). Can anybody answer (1) and/or (2) with "yes" or "no"? I really would like to know the answer... From johanw at vulcan.xs4all.nl Thu Mar 31 09:53:56 2016 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu, 31 Mar 2016 09:53:56 +0200 Subject: What am I missing? (Again) In-Reply-To: <56FC8032.1040403@mail.ru> References: <56FC8032.1040403@mail.ru> Message-ID: <56FCD794.1070505@vulcan.xs4all.nl> On 31-03-2016 3:41, listo factor wrote: > On 03/30/2016 12:16 PM, listo factor - listofactor at mail.ru wrote: > 1) Is it correct that this particular device maker designed a > sophisticated hardware-based system with the specific purpose of > thwarting the brute-forcing of ridiculously low-entropy user's > secret? > Yes/no? Both apply here: Yes they did design such a device. No they didn't use that in this particular model (iPhone 5c). It is used in the devices that contain a fingerprint scanner (5s and up). > 2) Is it possible for the user to circumvent the potential problem > of the device maker cooperating with his adversary to by-pass this > protection, simply by using a pass-phrase of an appropriate length? > Yes/no? Yes. > Is anybody on this list user/owner of this device? (as I am not). Sorry, I don't have an iPhone 5c. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Thu Mar 31 13:12:40 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 Mar 2016 13:12:40 +0200 Subject: [Announce] GnuPG 2.0.29 released Message-ID: <871t6qj3yv.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2.0 release: Version 2.0.30. This is a maintenance release which fixes a couple of bugs. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. GnuPG, also known as GPG, allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. Since version 2 GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different versions of GnuPG are actively maintained: - GnuPG "modern" (2.1) is the latest development with a lot of new features including support for ECC. All new installations should use that version. - GnuPG "stable" (2.0) - which this is about - is the current stable version for general use. This is what most users are currently using. - GnuPG "classic" (1.4) is the old standalone version which is most suitable for older or embedded platforms. You may not install "modern" (2.1) and "stable" (2.0) at the same time. However, it is possible to install "classic" (1.4) along with any of the other versions. What's New in 2.0.30 ==================== * gpg: Avoid too early timeout during key generation with 2.1 cards. * agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys. * agent: Fixed an alignment bug related to the passphrase confirmation. * scdaemon: Fixed a "conflicting usage" bug. * scdaemon: Fixed usb card reader removal problem on Windows 8 and later. * Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE. * Updated the Japanese and Dutch translations. * Fixed a few other bugs. Getting the Software ==================== Please follow the instructions found at https://gnupg.org/download/ or read on: Source code is hosted at the GnuPG FTP server and its mirrors as listed at . On the primary server the source tarball and its digital signature are: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.30.tar.bz2 (4311k) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.30.tar.bz2.sig or here: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2 (4311k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2.sig Note, that we don't distribute gzip compressed tarballs for GnuPG-2. A Windows version will soon be released at . If you are new to GnuPG please use the "modern" version 2.1.11. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.0.30.tar.bz2 you would use this command: gpg --verify gnupg-2.0.30.tar.bz2.sig gnupg-2.0.30.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See below for information on the signing keys. * If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file gnupg-2.0.29.tar.bz2, you would run the command like this: sha1sum gnupg-2.0.30.tar.bz2 and check that the output matches the next line: a9f024588c356a55e2fd413574bfb55b2e18794a gnupg-2.0.30.tar.bz2 Release Signing Keys ==================== To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key) rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 NIIBE Yutaka (GnuPG Release Key) rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 Werner Koch (Release Signing Key) You may retrieve these files from the keyservers using this command gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ 2071B08A33BD3F06 8A861B1C7EFD60D9 using an already installed version of gpg. Remeber to check the fingerprints against the above list (which you also find on the flip side of our printed visit cards). The keys are also available at and in the released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed using my standard PGP key. Documentation ============= The file gnupg.info has the complete user manual of the system. Separate man pages are included as well; however they have not all the details available in the manual. It is also possible to read the complete manual online in HTML format at https://www.gnupg.org/documentation/manuals/gnupg-2.0/ or in Portable Document Format at https://www.gnupg.org/documentation/manuals/gnupg-2.0.pdf . The chapters on gpg-agent, gpg and gpgsm include information on how to set up the whole thing. You may also want search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. Support ======= Please consult the archive of the gnupg-users mailing list before reporting a bug . We suggest to send bug reports for a new release to this list in favor of filing a bug at . For commercial support requests we keep a list of known service companies at: https://gnupg.org/service.html If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gnupg-devel mailing list for discussion. Maintenance and development of GnuPG is mostly financed by donations. We currently employ 3 full-time developers, one part-timer, and one contractor. They all work on GnuPG and closely related software like Enigmail. Please see https://gnupg.org/donate/ on how you can help. Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, and answering questions on the mailing lists. Maintenance and development of GnuPG is possible due to many individual and corporate donations; for a list of non-anonymous donors see . For the GnuPG hackers, Werner p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users 'at' gnupg.org mailing list. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 180 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From chd at chud.net Thu Mar 31 04:31:05 2016 From: chd at chud.net (Chris DeYoung) Date: Wed, 30 Mar 2016 19:31:05 -0700 Subject: What am I missing? (Again) In-Reply-To: <56FC8032.1040403@mail.ru> References: <56FC8032.1040403@mail.ru> Message-ID: <56FC8BE9.7000905@chud.net> > Let me condense and try again: Let me preface by saying that I am answering based on what I think likely, not what I *know*, so take my comments in that context (and I welcome corrections from anyone who does know, of course). > 1) Is it correct that this particular device maker designed a > sophisticated hardware-based system with the specific purpose of > thwarting the brute-forcing of ridiculously low-entropy user's > secret? > Yes/no? I don't know. However, it seems unlikely that you'll know the system internals so well that you can have true confidence in a "yes" answer, even if you suspect it to be yes, or the device maker claims it is yes. Therefore, for any applications where it actually matters, you'd be well advised to assume "no". > 2) Is it possible for the user to circumvent the potential problem > of the device maker cooperating with his adversary to by-pass this > protection, simply by using a pass-phrase of an appropriate length? > Yes/no? I imagine that the potential problem can be circumvented, yes, but not simply by using a longer passphrase. I don't know whether it even allows that option, but it really doesn't matter since you don't know what it does with that passphrase internally anyway. Since you don't know, you can't trust it. However, remember that the device in question is a computer. It's not a phone, or a camera, or a GPS receiver, it's just a computer that happens to have supporting hardware to enable some of those functions. As such, one can write whatever software one wants for it, and that includes a correctly implemented encrypted data storage mechanism which does not require you to trust any decisions made by the manufacturer. *That* is how you circumvent the problem you're referring to. The android world is more open to third party developers so it's probably easier there, but I expect it should be possible either way. Regardless, if the system relies on code you can't see, then (in principle) you can't trust it completely. -Chris From listofactor at mail.ru Thu Mar 31 19:32:17 2016 From: listofactor at mail.ru (listo factor) Date: Thu, 31 Mar 2016 17:32:17 +0000 Subject: What am I missing? (Again) In-Reply-To: <56FCD794.1070505@vulcan.xs4all.nl> References: <56FC8032.1040403@mail.ru> <56FCD794.1070505@vulcan.xs4all.nl> Message-ID: <56FD5F21.8020502@mail.ru> On 03/31/2016 07:53 AM, Johan Wevers - johanw at vulcan.xs4all.nl wrote: ... >> 1) Is it correct... > Both apply here: > Yes they did design such a device. No, they didn't use... > No they didn't use that in this particular model (iPhone 5c). >> 2) Is it possible for the user to circumvent > > Yes. Thank you. This is what I wanted to know. From peter at digitalbrains.com Thu Mar 31 19:52:28 2016 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 31 Mar 2016 19:52:28 +0200 Subject: What am I missing? (Again) In-Reply-To: <56FCD794.1070505@vulcan.xs4all.nl> References: <56FC8032.1040403@mail.ru> <56FCD794.1070505@vulcan.xs4all.nl> Message-ID: <56FD63DC.8000909@digitalbrains.com> On 31/03/16 09:53, Johan Wevers wrote: >> 2) Is it possible for the user to circumvent the potential problem of the >> device maker cooperating with his adversary to by-pass this protection, >> simply by using a pass-phrase of an appropriate length? Yes/no? > > Yes. Can this be concluded from documentation supplied by Apple? Has it been independently verified? Your "Yes." strikes me as a pretty strong statement. I feel much more in line with this statement: On 31/03/16 04:31, Chris DeYoung wrote: > I imagine that the potential problem can be circumvented, yes, but not simply > by using a longer passphrase. I don't know whether it even allows that > option, but it really doesn't matter since you don't know what it does with > that passphrase internally anyway. Since you don't know, you can't trust it. And given that most people will use a PIN with abysmally low entropy, I doubt that the device even uses the PIN for entropy. They would implement this functionality just for those few people who unlock their phones with a proper passphrase? It's possible, but it would be nice if you supported your claim with documentation. Of course, it is pretty good snake oil to state in your documentation that the unlock PIN is used to encrypt the data. It sounds really good, unless you know about entropy, and that an attacker would probably need mere seconds to crack it (offline attack). 10 bits of entropy, seriously.... (PIN consisting of 4 decimal numbers taken as example, I don't know what Apple uses) My 2 cents, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at