From rjh at sixdemonbag.org Sat Apr 1 10:57:04 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 1 Apr 2017 04:57:04 -0400 Subject: Unicode and --with-colons Message-ID: C:\Users\Robert J. Hansen\Desktop> gpg --fixed-list-mode --with-colons --list-key 0x3ADBFA6D00A1E6FE ===== [... trimmed ...] uid:-::::1436536488::100E4A12486A5261E374B3B0CA16CF0516F4367C::Ludwig H??gelsch??fer : ===== "That's an odd encoding," I said to myself. "It must be UTF-8 presented as ASCII or Windows-1252. Let's look, shall we?" ===== C:\Users\Robert J. Hansen\Desktop> gpg --fixed-list-mode --with-colons --list-key 0x3ADBFA6D00A1E6FE > ludwig.asc C:\Users\Robert J. Hansen\Desktop> python Python 3.6.0 (v3.6.0:41df79263a11, Dec 23 2016, 08:06:12) [MSC v.1900 64 bit (AMD64)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> with open("ludwig.asc") as fh: ... bytes = fh.read() ... >>> bytes '??t\x00r\x00u\x00:\x00:\x001\x00:\x001\x004\x009\x001\x000\x003\x004\x004\x004\x009\x00:\x000\x00:\x003\x00:\x001\x00...' ===== Weirder and weirder. GnuPG is outputting data in UTF-16LE, complete with a correct byte-order mark... but is first taking what is (apparently) the UTF-8 of Ludwig's name, giving each byte a null pair byte, and calling it UTF-16. Looking at the output from just a plain --list-key, it appears correct: ===== \x00H\x00?\x00g\x00e\x00l\x00s\x00c\x00h\x00?\x00f\x00e\x00r ===== So -- what's the canonically approved way to convert this mangled form back into Unicode? Is this mangled form a deliberate design choice, or is this a bug? From wsenn1 at twu.edu Sat Apr 1 16:10:55 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sat, 1 Apr 2017 09:10:55 -0500 Subject: some beginner questions Message-ID: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> Hi, I am a relative newbie at using gnupg. I've tried it over the years, but never really committed to using it fully until now. Now, I plan to use gnupg for email and additional information security on a daily basis. I have read quite a few books and feel like I have a pretty good grasp of the basics. I have several practical questions: 1. It seems that the keyservers never forget. In creating keypairs while trying to figure this out every few years and then forgetting the passwords or losing the private keys and revocation certificates (which at the time, I didn't understand the ramifications of and was definitely not careful enough), it seems like I've left a bit of litter out there. Do I just move on and try not to do that in the future, or is there any hope for cleaning up? 2. In everyday use, what is the norm for folks to publish their keys to get other folks to use them? Do y'all put the fingerprint in your emails, attach your signatures (I see some of you on this list do), put the key on your social media, or what? 3. I've read https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems and other such pieces proclaiming the value of having the master key in a safe place and having subkeys on your actual devices. I've following the guides and it seems that I am unable to actually sign anything with the subkey, gpg complains with gpg: signing failed: No secret key. gpg -K shows: sec# rsa4096 2017-03-11 [SC] EA940B8B4625EC287C3BF93FFE9E46E0FBAAB459 uid [ultimate] Will Senn ssb rsa4096 2017-03-30 [E] ssb rsa2048 2017-03-30 [S] [expires: 2019-03-30] ssb rsa2048 2017-03-30 [E] [expires: 2019-03-30] The second ssb is a signing key [S], so what's up with that, or in other words, how do I tell gpg to use the signing subkey? 4. Is it safe to refer to my public key/fingerprint information as I did in the previous question with output from gpg? Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From fa-ml at ariis.it Sat Apr 1 18:22:46 2017 From: fa-ml at ariis.it (Francesco Ariis) Date: Sat, 1 Apr 2017 18:22:46 +0200 Subject: some beginner questions In-Reply-To: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> Message-ID: <20170401162246.GA4668@casa.casa> Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge): On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote: > 1. It seems that the keyservers never forget. In creating keypairs while > trying to figure this out every few years and then forgetting the > passwords or losing the private keys and revocation certificates (which > at the time, I didn't understand the ramifications of and was definitely > not careful enough), it seems like I've left a bit of litter out there. > Do I just move on and try not to do that in the future, or is there any > hope for cleaning up? You got it correctly, they indeed "never forget". Littering is something which many folks do from time to time (I think Phil Zimmermann himself, the creator of PGP, has an unrevoked/unrecoverable key in the servers). Just carry on and you will be fine! > 2. In everyday use, what is the norm for folks to publish their keys to > get other folks to use them? Do y'all put the fingerprint in your > emails, attach your signatures (I see some of you on this list do), put > the key on your social media, or what? There are a handful of options: fingerprint in the sig, mail headers (like `X-PGP-Key:`), advertising on social media or on your personal site. I chose the latter, but fingerprints/key IDs are so short they fit in a Twitter bio, so I'd say all are valid choices. If you advertise it to the "general public", maybe you want to link to a tutorial too, so people who have never used PGP can quickly learn how to send messages to you (that's what I did [1]). > 4. Is it safe to refer to my public key/fingerprint information as I did > in the previous question with output from gpg? Yep. [1] http://ariis.it/static/articles/1-2-3-PGP/page.html From rjh at sixdemonbag.org Sat Apr 1 22:08:13 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 1 Apr 2017 16:08:13 -0400 Subject: some beginner questions In-Reply-To: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> Message-ID: <2e4e3aa6-5c1d-e448-aa84-d3466c1e14a4@sixdemonbag.org> > Do I just move on and try not to do that in the future, or is there any > hope for cleaning up? Move on. It's okay, everybody makes this mistake in the beginning. :) > 2. In everyday use, what is the norm for folks to publish their keys to > get other folks to use them? Do y'all put the fingerprint in your > emails, attach your signatures (I see some of you on this list do), put > the key on your social media, or what? (My opinion on this used to be 100% orthodox; in the last few years I've seen it become heterodox. The cool kids are all about TOFU today; I think TOFU borders on crazy. So be warned, this opinion is ... stodgy, by present standards.) If I'm corresponding with someone, I ask if they use OpenPGP; if they do, I arrange for an out-of-band key verification. I also have my fingerprint on my business card, so that if I meet someone face-to-face it makes it easy as can be to do a key verification: here's my driver's license, here's my business card, you get to verify I'm really Rob Hansen and you have my fingerprint given to you directly by me. > 3. I've read > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems > and other such pieces proclaiming the value of having the master key in > a safe place and having subkeys on your actual devices. I've following > the guides and it seems that I am unable to actually sign anything with > the subkey, gpg complains with gpg: signing failed: No secret key. gpg > -K shows: Please read the FAQ. Question 8.1 is directly applicable. The internet is full of people who will tell you "the true secret" to "creating the perfect key". The reality is, unless you know exactly what changes you're making and why you need to make them, you will be far better served with the defaults. https://www.gnupg.org/faq/gnupg-faq.html > 4. Is it safe to refer to my public key/fingerprint information as I did > in the previous question with output from gpg? Yes. From wsenn1 at twu.edu Sun Apr 2 02:44:29 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sat, 1 Apr 2017 19:44:29 -0500 Subject: some beginner questions In-Reply-To: <20170401162246.GA4668@casa.casa> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <20170401162246.GA4668@casa.casa> Message-ID: <2aa3bde6-834c-b7c2-b1f0-9c6ddbb9cf7b@twu.edu> On 4/1/17 11:22 AM, Francesco Ariis wrote: > Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge): > > On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote: >> 1. It seems that the keyservers never forget. In creating keypairs while >> trying to figure this out every few years and then forgetting the >> passwords or losing the private keys and revocation certificates (which >> at the time, I didn't understand the ramifications of and was definitely >> not careful enough), it seems like I've left a bit of litter out there. >> Do I just move on and try not to do that in the future, or is there any >> hope for cleaning up? > You got it correctly, they indeed "never forget". Littering is something > which many folks do from time to time (I think Phil Zimmermann himself, > the creator of PGP, has an unrevoked/unrecoverable key in the servers). > Just carry on and you will be fine! > >> 2. In everyday use, what is the norm for folks to publish their keys to >> get other folks to use them? Do y'all put the fingerprint in your >> emails, attach your signatures (I see some of you on this list do), put >> the key on your social media, or what? > There are a handful of options: fingerprint in the sig, mail headers > (like `X-PGP-Key:`), advertising on social media or on your personal > site. > I chose the latter, but fingerprints/key IDs are so short they fit > in a Twitter bio, so I'd say all are valid choices. > If you advertise it to the "general public", maybe you want to link > to a tutorial too, so people who have never used PGP can quickly learn > how to send messages to you (that's what I did [1]). > >> 4. Is it safe to refer to my public key/fingerprint information as I did >> in the previous question with output from gpg? > Yep. > > > [1] http://ariis.it/static/articles/1-2-3-PGP/page.html > Thanks for the reply. I appreciate the answers. Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From wsenn1 at twu.edu Sun Apr 2 02:50:23 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sat, 1 Apr 2017 19:50:23 -0500 Subject: some beginner questions In-Reply-To: <2e4e3aa6-5c1d-e448-aa84-d3466c1e14a4@sixdemonbag.org> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <2e4e3aa6-5c1d-e448-aa84-d3466c1e14a4@sixdemonbag.org> Message-ID: <2d65ed7c-cc63-50b0-2695-1a118aa743b6@twu.edu> Robert, On 4/1/17 3:08 PM, Robert J. Hansen wrote: >> Do I just move on and try not to do that in the future, or is there any >> hope for cleaning up? > Move on. It's okay, everybody makes this mistake in the beginning. :) I thought this might be the case. On the one hand, bummer, on the other, ok. >> 2. In everyday use, what is the norm for folks to publish their keys to >> get other folks to use them? Do y'all put the fingerprint in your >> emails, attach your signatures (I see some of you on this list do), put >> the key on your social media, or what? > (My opinion on this used to be 100% orthodox; in the last few years I've > seen it become heterodox. The cool kids are all about TOFU today; I > think TOFU borders on crazy. So be warned, this opinion is ... stodgy, > by present standards.) > > If I'm corresponding with someone, I ask if they use OpenPGP; if they > do, I arrange for an out-of-band key verification. I also have my > fingerprint on my business card, so that if I meet someone face-to-face > it makes it easy as can be to do a key verification: here's my driver's > license, here's my business card, you get to verify I'm really Rob > Hansen and you have my fingerprint given to you directly by me. Sounds reasonable. I'll look into TOFU, but I think I'll lean towards a more conservative approach to start. >> 3. I've read >> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems >> and other such pieces proclaiming the value of having the master key in >> a safe place and having subkeys on your actual devices. I've following >> the guides and it seems that I am unable to actually sign anything with >> the subkey, gpg complains with gpg: signing failed: No secret key. gpg >> -K shows: > Please read the FAQ. Question 8.1 is directly applicable. > > The internet is full of people who will tell you "the true secret" to > "creating the perfect key". The reality is, unless you know exactly > what changes you're making and why you need to make them, you will be > far better served with the defaults. > > https://www.gnupg.org/faq/gnupg-faq.html If I don't get this master/sub key thing figured out successfully soon, I'll probably go back to defaults. >> 4. Is it safe to refer to my public key/fingerprint information as I did >> in the previous question with output from gpg? > Yes. > Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Sun Apr 2 20:20:16 2017 From: dougb at dougbarton.email (Doug Barton) Date: Sun, 2 Apr 2017 11:20:16 -0700 Subject: some beginner questions In-Reply-To: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> Message-ID: <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> Some answers below, and you've already received some good answers, but I have some more fundamental questions. :) First, and an important question for security-related stuff generally, what is your threat model? In other words, what dangers are you guarding against by using PGP? You mention evangelizing your key, and asking how to get more people to use PGP with you. Those are reasonable questions, but the first is the most important. If you simply want a secure way to communicate with people that you know without others being able to snoop on the conversation, there are other, arguably better, and certainly easier, solutions. PGP has its use cases, but unless we know why you want to use it, it's nearly impossible to give you good advice. More below. On 04/01/2017 07:10 AM, Will Senn wrote: > 3. I've read > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems > and other such pieces proclaiming the value of having the master key in > a safe place and having subkeys on your actual devices. What do you think a master key is, and why do you think it's important to protect it? What kind of devices do you want to put signing subkeys on? Why do you think that your use of PGP will be more secure if you have a signing subkey on a device, instead of your "main key?" > 4. Is it safe to refer to my public key/fingerprint information as I did > in the previous question with output from gpg? In what way(s) do you think it could be unsafe? Doug From neal at walfield.org Sun Apr 2 21:00:46 2017 From: neal at walfield.org (Neal H. Walfield) Date: Sun, 02 Apr 2017 21:00:46 +0200 Subject: some beginner questions In-Reply-To: <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> Message-ID: <874ly6zlb5.wl-neal@walfield.org> At Sun, 2 Apr 2017 11:20:16 -0700, Doug Barton wrote: > On 04/01/2017 07:10 AM, Will Senn wrote: > > 3. I've read > > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems > > and other such pieces proclaiming the value of having the master key in > > a safe place and having subkeys on your actual devices. > > What do you think a master key is, and why do you think it's important > to protect it? What kind of devices do you want to put signing subkeys > on? Why do you think that your use of PGP will be more secure if you > have a signing subkey on a device, instead of your "main key?" Your main key is a unique global identifier. It is what you write on your business card and what you compare to validate a key. If it is compromised, then you need to revoke your main key and generate a new one. This means you have to throw away your old business cards and inform all of your contacts that you have a new key. If a subkey is compromised, then you only need to rotate the subkey, not the whole key. In other words, you don't have to throw away your business cards or inform your contacts that something has changed: their OpenPGP implementation will automatically learn about the changes the next time your key is refreshed. In short, the main key acts as a level of indirection, which separates your identity from your encryption/signing keys. From iry at riseup.net Sun Apr 2 06:07:01 2017 From: iry at riseup.net (iry) Date: Sun, 2 Apr 2017 04:07:01 +0000 Subject: Complexities on faking one signature Message-ID: <6e61f4ff-f70a-a2cf-0e46-0140f9c97664@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone! When an adversary attempts to create someone's GPG signature of a certain message, there are at least two ways to do so: 1. Computing the private key from the public key of the target and then using the private key to sign the message; 2. Enumerating the possible signature of that certain message and using the target's public key to verify if one of the signatures is correct. If other conditions are same and the adversary only needs to get the target's signature of one certain message, will the second approach easier than the first approach in terms of computing complexity? I'm really looking forward to the answer and/or further discussion! Thank you! Best, iry -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJY4HjiAAoJEKFLTbxtzdU8d4QP/2UvpLxY3E2lhN3YVwmQnWMO O/X9svCSsrFLZZU6jskQn0zTTDr05TzYI3xKHOrAocllULMzTHF8Q1X47pUGtdI/ Y2Oa32A387e8bjaSA+iLBuhyfwkRXkNvKy8iwHaG6353i/7hS8EHGugsZYNeXKIv P7wHfaJFZ/7vj4BD4vQZAiLIU0W3jMslHNvNvp1jHSxyiHnM9o+bhdJd7WsqCD6A hAaUP1OAffKSjuM85QpmnsOW29SkkCMVDlyrNtDS58eBup2fxv3YCwzBdH53vnhY tNA5g/KclndmGD5IagacN90hB6cX/LTl55kWDgJdKRqKlMAkhnY4zllWdtM9dcp9 +3NYbWQptxgnfCqVeMLoUew0ioORjDjLulFRHM+X5iNdyanNgCA5H/4wOu4jlb6f dRK8xnzJ4wzVTQONDHDd9B5xQ1cKy1nqi+aeGpmkMJqFmY87ijd32rseWkTe5uKk TYRN8je9RQgLmJ7AYlngTEYw8frsMvprX/zLY88pYe99r2Ggc559yxu9zemqcwpv adWUUbc9ztJybDh4Py7EWSGR/6o2OUAoMlF80petRbDKJbSi/zE/C5HrczKHJkGS cgnW9CQxbJxkePnB6GbGo6tA5TYhcBzJ+8NaCZCFMonkg4ihPIqTLoIIZe/OGYZ4 GK65uMtyc4w8gRjC6sKl =OYVh -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x6DCDD53C.asc Type: application/pgp-keys Size: 3858 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x6DCDD53C.asc.sig Type: application/pgp-signature Size: 543 bytes Desc: not available URL: From rjh at sixdemonbag.org Mon Apr 3 01:12:38 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 2 Apr 2017 19:12:38 -0400 Subject: Complexities on faking one signature In-Reply-To: <6e61f4ff-f70a-a2cf-0e46-0140f9c97664@riseup.net> References: <6e61f4ff-f70a-a2cf-0e46-0140f9c97664@riseup.net> Message-ID: <6d0cbca8-b57e-369a-29ff-3acd1acf7e19@sixdemonbag.org> > 1. Computing the private key from the public key of the target and > then using the private key to sign the message; The difficulty of this is dependent on the length of the asymmetric key. NIST's guidance is that cracking a 1024-bit key is about 2**80 work, a 2048-bit key is about 2**112 work, and a 3072-bit key is about 2**128 work. > 2. Enumerating the possible signature of that certain message and > using the target's public key to verify if one of the signatures is > correct. I'm not sure what you mean here; that's not how signatures work. Signatures work by computing a digest over data and encrypting that with the private key. Since you lack the private key, you can't generate signatures. What you could do instead is look at an earlier message your target signed, get the digest of that, and generate new messages until you created one with an identical digest. The difficulty of this will depend on your target's signature: DSA-1024: 2**159 work DSA-2048: 2**223 work DSA-3072: 2**255 work RSA: varies by user prefs, but unlikely to be under 2**159 You'll notice the work to break the hash is almost exactly the square of the work to break the key. This is not an accident. :) From wsenn1 at twu.edu Mon Apr 3 01:18:52 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sun, 2 Apr 2017 18:18:52 -0500 Subject: some beginner questions In-Reply-To: <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> Message-ID: <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> On 4/2/17 1:20 PM, Doug Barton wrote: > Some answers below, and you've already received some good answers, but > I have some more fundamental questions. :) > > First, and an important question for security-related stuff generally, > what is your threat model? In other words, what dangers are you > guarding against by using PGP? You mention evangelizing your key, and > asking how to get more people to use PGP with you. Those are > reasonable questions, but the first is the most important. > Doug, interesting term "threat model". I've seen it a few times and wasn't sure what it meant. Thanks for the simplified explanation. It's a piece of technical jargon that is part of the difficulty I saw with learning the OpenPGP terrain. While security folks probably dig the lingo, for the lay person, it's, well, interesting... I perceive my threat model as being 1) a risk that someone other than my intended recipient will gain access to information that I am sending to my intended recipient 2) a risk that someone other than me will gain access to information that I want only to be accessible to me. I envision the solution, based on my understanding of available (affordable) technologies as being 1) secure method of transmitting information asynchronously over public media and 2) a method of encrypting information on local storage media. As you can see above, my threat model is neither comprehensive, nor is it fully informed. But, it's pretty much the same story for a lot of folks. I have learned over the past several weeks, that key management is potentially a vulnerable point... I kind of suspected this, but after hanging out in irc for a bit and tor, I'm kinda freaked out that it's a more widespread problem than most folks realize - trojans are everywhere :). > If you simply want a secure way to communicate with people that you > know without others being able to snoop on the conversation, there are > other, arguably better, and certainly easier, solutions. PGP has its > use cases, but unless we know why you want to use it, it's nearly > impossible to give you good advice. > > More below. > > On 04/01/2017 07:10 AM, Will Senn wrote: > >> 3. I've read >> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems >> >> and other such pieces proclaiming the value of having the master key in >> a safe place and having subkeys on your actual devices. > > What do you think a master key is, and why do you think it's important > to protect it? What kind of devices do you want to put signing subkeys > on? Why do you think that your use of PGP will be more secure if you > have a signing subkey on a device, instead of your "main key?" > Neal pretty much spelled out a reasonable answer to these questions, but I'm not having much luck signing with subkeys, so I'm not convinced this is worth the headache and increased complexity of key management. >> 4. Is it safe to refer to my public key/fingerprint information as I did >> in the previous question with output from gpg? > > In what way(s) do you think it could be unsafe? > > Doug > After some thought and additional input, I don't think it is unsafe. But I was curious if my slightly informed perspective would bear up to additional scrutiny. Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From wsenn1 at twu.edu Mon Apr 3 01:23:14 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sun, 2 Apr 2017 18:23:14 -0500 Subject: some beginner questions In-Reply-To: <874ly6zlb5.wl-neal@walfield.org> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> Message-ID: <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> On 4/2/17 2:00 PM, Neal H. Walfield wrote: > At Sun, 2 Apr 2017 11:20:16 -0700, > Doug Barton wrote: >> On 04/01/2017 07:10 AM, Will Senn wrote: >>> 3. I've read >>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems >>> and other such pieces proclaiming the value of having the master key in >>> a safe place and having subkeys on your actual devices. >> What do you think a master key is, and why do you think it's important >> to protect it? What kind of devices do you want to put signing subkeys >> on? Why do you think that your use of PGP will be more secure if you >> have a signing subkey on a device, instead of your "main key?" > Your main key is a unique global identifier. It is what you write on > your business card and what you compare to validate a key. If it is > compromised, then you need to revoke your main key and generate a new > one. This means you have to throw away your old business cards and > inform all of your contacts that you have a new key. If a subkey is > compromised, then you only need to rotate the subkey, not the whole > key. In other words, you don't have to throw away your business cards > or inform your contacts that something has changed: their OpenPGP > implementation will automatically learn about the changes the next > time your key is refreshed. > > In short, the main key acts as a level of indirection, which separates > your identity from your encryption/signing keys. Sounds like what I was led to believe to be the case, but at the end of the day, I don't seem to be able to sign anything with the signing subkey if the master key is not present (with sec instead of sec#). Do you know how I get it to use the subkey (the manual says it will default to a signing subkey, but that's not my experience). Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From iry at riseup.net Mon Apr 3 07:34:26 2017 From: iry at riseup.net (iry) Date: Mon, 3 Apr 2017 05:34:26 +0000 Subject: Complexities on faking one signature Message-ID: <4b5f3ff0-6ed4-d980-6696-350cb761a358@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone! When an adversary attempts to create someone's GPG signature of a certain message, there are at least two ways to do so: 1. Computing the private key from the public key of the target and then using the private key to sign the message; 2. Enumerating the possible signature of that certain message and using the target's public key to verify if one of the signatures is correct. If other conditions are same and the adversary only needs to get the target's signature of one certain message, will the second approach easier than the first approach in terms of computing complexity? I'm really looking forward to the answer and/or further discussion! Thank you! Best, iry -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJY4d7kAAoJEKFLTbxtzdU86f0P+gMB67gMyK9Bm+IPd/nxBULS 4DfpAAE6UjwF43OjFpPwGFshMKjSwGXUvdcgcg2cCNlPGfoRL7KQyxLVmagfsBY5 1v2bVQeNOYmvUtPa/98vTKzw/TRDEi90dRPbYvABqCONcUHTvvsaZmK8y/pleMs1 qAzGzXV8CeV44RevOqimeHYGC34JOXw9cyAUvUbNKewasuQpCkv5BiJ4Z7Wl8EWv DpHN6gAgoVgRl5d7KlnV7EFZU7oOtRz6aeH/LZonR4NdxaVHbFnAhR7S9x0DyaBO +2a+PIREmmy9H9zwsmNyrhGpZHaQI2qcdsY/g3hnE+h6Ox1ptUTimQUzu/NwSIyC MOY9sD4YiLW+bD7sIj8CeNLHK7Zte9YeptOFgJS8dc3XWAWcpjbnTnmuagdYa8JM 34vMSYH8gvIHkzSTL3XgDXDVl/JSJN0iJFdwBk05K9sUSVdQqlJmNcDUuVaA4M0T 35UwfSgtXnb7jiLt3F3lTMuSzWFb/N05iXIfiTqiJCJASyssnjLtXIHZAyYqoOle FfReMxL9M7saghMSASf4NVjvRsnFeM0QbuB1ZzOxDJIDngi06lnv32ERI2pjp3LV mzWLZsyIfD+L9sOAbRm3BnjyqLl6AKJGGkzVK2BVYMm18Hca1r9gxeGliEH+snTj f0tPURtNEgxuhf293w2O =mJXl -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x6DCDD53C.asc Type: application/pgp-keys Size: 3858 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x6DCDD53C.asc.sig Type: application/pgp-signature Size: 543 bytes Desc: not available URL: From dougb at dougbarton.email Mon Apr 3 08:25:16 2017 From: dougb at dougbarton.email (Doug Barton) Date: Sun, 02 Apr 2017 23:25:16 -0700 Subject: some beginner questions In-Reply-To: <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> Message-ID: <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2017-04-02 16:18, Will Senn wrote: > On 4/2/17 1:20 PM, Doug Barton wrote: >> Some answers below, and you've already received some good answers, but >> I have some more fundamental questions. :) >> >> First, and an important question for security-related stuff generally, >> what is your threat model? In other words, what dangers are you >> guarding against by using PGP? You mention evangelizing your key, and >> asking how to get more people to use PGP with you. Those are >> reasonable questions, but the first is the most important. >> > Doug, interesting term "threat model". I've seen it a few times and > wasn't sure what it meant. Thanks for the simplified explanation. It's a > piece of technical jargon that is part of the difficulty I saw with > learning the OpenPGP terrain. While security folks probably dig the > lingo, for the lay person, it's, well, interesting... I perceive my > threat model as being 1) a risk that someone other than my intended > recipient will gain access to information that I am sending to my > intended recipient Ok, for that scenario you probably don't want PGP. You probably want an application like Signal. When PGP was invented there was nothing else like it available. Nowadays that's not true. If you are interested strictly in one-to-one communication, or one-to-many, Signal is a better choice in the sense that it's much easier to use, much harder to get wrong, and easier to get friends to opt into. > 2) a risk that someone other than me will gain > access to information that I want only to be accessible to me. For that you DO want PGP, and a key can be useful, but is not necessary. Symmetric encryption will work just as well for this use case, and is simpler. > I envision the solution, based on my understanding of available > (affordable) technologies as being 1) secure method of transmitting > information asynchronously over public media and 2) a method of > encrypting information on local storage media. Yep, that's about right. > As you can see above, my threat model is neither comprehensive, nor is > it fully informed. But, it's pretty much the same story for a lot of > folks. I have learned over the past several weeks, that key management > is potentially a vulnerable point... I kind of suspected this, but after > hanging out in irc for a bit and tor, I'm kinda freaked out that it's a > more widespread problem than most folks realize - trojans are everywhere > :). Yes. Key management takes dedication, and knowledge. It's easy to get wrong, and not easy to get right. Using a purpose-built app like Signal avoids that problem. >> On 04/01/2017 07:10 AM, Will Senn wrote: >> >>> 3. I've read >>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems >>> >>> and other such pieces proclaiming the value of having the master key in >>> a safe place and having subkeys on your actual devices. >> >> What do you think a master key is, and why do you think it's important >> to protect it? What kind of devices do you want to put signing subkeys >> on? Why do you think that your use of PGP will be more secure if you >> have a signing subkey on a device, instead of your "main key?" >> > Neal pretty much spelled out a reasonable answer to these questions, He didn't, actually. He parroted some text about them, which is more or less correct. Also, you didn't answer my questions. :) But I'll play along for fun ... > but > I'm not having much luck signing with subkeys, so I'm not convinced this > is worth the headache and increased complexity of key management. It's not really that hard to do, what kind of problems are you having? The instructions at https://wiki.debian.org/Subkeys are better, as is the explanation. It would also be helpful to know what version of GnuPG you're using. I followed the instructions there and was able to successfully load the exported key into roundcube (which I'm sending this message from to verify that it works for others besides me) and K-9 Mail for Android (through OpenKeychain). I also tried moving my gnupg directory aside and importing the exported signing-only subkey with the expected results. However, that still doesn't address the "issues" with this approach. It only works for signing, if you want to be able to decrypt messages sent to you on your devices then you need to keep a copy of your encryption subkey on them as well. Personally, I would argue that is a much bigger risk in terms of compromise, as people being able to send messages signed by my key would be an annoyance, sure. But people being able to decrypt things that I wanted to keep secret could be potentially devastating. That said, as long as you have a suitable passphrase your risk of key compromise is really, really minimal, even if they did get total control over your device. Barring coercion, the chances of someone guessing your passphrase is near zero. And currently that's the only way to gain access to a secret key, even if you have it in your possession. But let's say that the worst happens, and your device is compromised by the bad folks, and they gain control of your key as well. Let's even use a signing-only subkey for this scenario. Now, your attackers have access to your full list of contacts, and your e-mail (so that they can get a solid idea of how you write). Then they send the following message to everyone in your contact list (assume for the sake of argument that the following is written in something close enough to your personal style to pass with your friends and family, etc.): Woah, dude, major bummer! My phone got stolen! Totally bogus! Not only that, but my PGP key was on it, and now they have that too! Sucks, man! So here is my new key fingerprint. Please download it ASAP, revoke your signatures on my old key, and mark it as bogus! And definitely, if you get another message from me signed by this key, DON'T TRUST IT! That'll be the hackers, man! Of course, the new key that they send the fingerprint for will be one that they have created, with all the same UID information, etc. Now this won't fool everyone of course, there will be some of your correspondents who will want to verify with you, some who won't act because they don't know what you're talking about, etc. But the usual stated goal of using a separate signing-only key is to protect the reputation of your certification key, and to avoid having to create a whole new key in response to a compromise. My argument is that in the unlikely event that the bad folks get control of your secret key (of any flavor) there is more than enough damage that they can do with it, even if they don't get your certification key. Now beyond THAT, you stated that your goal is to be able to ENCRYPT your communications on your devices, and presumably that means to decrypt as well. You can ENcrypt using just the recipient's public key of course. But you can't DEcrypt unless you have your own encryption subkey on the device. See above for why that's a much more significant risk (IMO). In light of that requirement, a sign-only subkey doesn't get you much, and given that with a good passphrase it's essentially impossible for them to compromise your key, even if they do get it, you're adding complexity for little, if any, benefit. I could go on, but I'll let you respond first in case I've already said enough. :) hope this helps, Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJY4erMAAoJEBkT4LHp40of9CYH/1/p+3yZsH59ZJ6QvoNLrPLl R/Xl29d+2zXjBM+EyBaYg+Gp2Hst3Wa46jBr3U0zkHYxXvZon/dRSr1VOP//xCk3 ke4E/FeUd9SSC//c380QQPpw5hKBjyg7UX7fP44wl8NgEEalaeY+R44ii4c0h6Kz eYo4R7RS3piy6J79p4BdQihld/ZggT7JGZ2Z3+pk6X8MZ3pRSQ9ZKbYvHI8IgX8B pGEYpKQqHb/QOzhLZkqGlhtN0ozSuGySH4aO7giH3b/s8cl3jSSnJqSiTV2lIViy BrZ5YoI3ADVZr9mXXH3R+Ukzkp6gtcXExDnE1BSSSA4L74x2TxIZyJtoShU6ElI= =mXI9 -----END PGP SIGNATURE----- From neal at walfield.org Mon Apr 3 09:24:27 2017 From: neal at walfield.org (Neal H. Walfield) Date: Mon, 03 Apr 2017 09:24:27 +0200 Subject: some beginner questions In-Reply-To: <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> Message-ID: <871staymvo.wl-neal@walfield.org> Hi, At Sun, 2 Apr 2017 18:23:14 -0500, Will Senn wrote: > but at the end of > the day, I don't seem to be able to sign anything with the signing > subkey if the master key is not present (with sec instead of sec#). Do > you know how I get it to use the subkey (the manual says it will default > to a signing subkey, but that's not my experience). It would be good if you good show us what you are doing. Specifically, what your key looks like (gpg -k KEYID), and the commands you are using to sign a message, and the actual output. Also, it might be helpful for us to know the version of the gpg and what OS you are using. :) Neal From peter at digitalbrains.com Mon Apr 3 13:16:43 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 3 Apr 2017 13:16:43 +0200 Subject: some beginner questions In-Reply-To: <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> Message-ID: <51a68e6c-7937-dd9c-1d85-f15e71288bfc@digitalbrains.com> On 03/04/17 08:25, Doug Barton wrote: > That said, as long as you have a suitable passphrase your risk of key > compromise is really, really minimal, even if they did get total control > over your device. Barring coercion, the chances of someone guessing your > passphrase is near zero. And currently that's the only way to gain > access to a secret key, even if you have it in your possession. I might misunderstand what you mean. But when somebody has full access to your device, they can simply log your keystrokes when you type the passphrase, and get your passphrase that way. Key compromise is very well possible without you knowningly handing over the passphrase. More generally, it is impossible to use GnuPG in a meaningful way on a compromised device. I think this generally goes for pretty much all cryptography. Different solutions limit compromise in different ways, but to actually keep on using cryptography problem-free, I don't think that will work. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Mon Apr 3 13:20:53 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 3 Apr 2017 13:20:53 +0200 Subject: some beginner questions In-Reply-To: <874ly6zlb5.wl-neal@walfield.org> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> Message-ID: On 02/04/17 21:00, Neal H. Walfield wrote: > In short, the main key acts as a level of indirection, which separates > your identity from your encryption/signing keys. I'd like to extend this short description a bit :-). There is one important somewhat-caveat, which is that you can't delegate the Certify capability to a subkey. This means you always need to use the primary key to sign other OpenPGP *keys*. Signing data can be delegated to a subkey. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Mon Apr 3 15:29:08 2017 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 3 Apr 2017 06:29:08 -0700 Subject: some beginner questions In-Reply-To: <51a68e6c-7937-dd9c-1d85-f15e71288bfc@digitalbrains.com> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> <51a68e6c-7937-dd9c-1d85-f15e71288bfc@digitalbrains.com> Message-ID: On 04/03/2017 04:16 AM, Peter Lebbing wrote: > On 03/04/17 08:25, Doug Barton wrote: >> That said, as long as you have a suitable passphrase your risk of key >> compromise is really, really minimal, even if they did get total control >> over your device. Barring coercion, the chances of someone guessing your >> passphrase is near zero. And currently that's the only way to gain >> access to a secret key, even if you have it in your possession. > > I might misunderstand what you mean. Yes, you did. :) > But when somebody has full access > to your device, they can simply log your keystrokes when you type the > passphrase, and get your passphrase that way. Key compromise is very > well possible without you knowningly handing over the passphrase. You are correct, but that's a different threat model than someone simply stealing the device (which is what I wrote about). What you're describing implies a level of sophistication and coordination on the attacker's part that few of us are subject to, and certainly wasn't included in what Will said he was trying to guard against. > More generally, it is impossible to use GnuPG in a meaningful way on a > compromised device. Well, yeah, but, again, not relevant to my post. :) Doug From dougb at dougbarton.email Mon Apr 3 15:30:23 2017 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 3 Apr 2017 06:30:23 -0700 Subject: some beginner questions In-Reply-To: References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> Message-ID: <6da064a5-f600-80a7-34a3-7a26261272db@dougbarton.email> On 04/03/2017 04:20 AM, Peter Lebbing wrote: > On 02/04/17 21:00, Neal H. Walfield wrote: >> In short, the main key acts as a level of indirection, which separates >> your identity from your encryption/signing keys. > > I'd like to extend this short description a bit :-). There is one > important somewhat-caveat, which is that you can't delegate the Certify > capability to a subkey. This means you always need to use the primary > key to sign other OpenPGP *keys*. We really need to stop referring to this as signing. The number of ways that the same term is used to mean different things in PGP is a huge contributor to the confusion on the part of new users. Doug From peter at digitalbrains.com Mon Apr 3 15:57:07 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 3 Apr 2017 15:57:07 +0200 Subject: That which we call a rose In-Reply-To: <6da064a5-f600-80a7-34a3-7a26261272db@dougbarton.email> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> <6da064a5-f600-80a7-34a3-7a26261272db@dougbarton.email> Message-ID: On 03/04/17 15:30, Doug Barton wrote: > We really need to stop referring to this as signing. I agree. But it might be too late. I used it as a means of explaining what I meant with "Certify capability". Next time I'll somehow work into my formulation that this should be called certification, not signing. Similar issues: certificate vs (public) key ownertrust, trust and validity I'm inclined to give up on the latter now we have TOFU. Your speech would become truly idiosyncratic if you were to introduce Validity On First Use in it... Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Apr 3 22:24:35 2017 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Apr 2017 22:24:35 +0200 Subject: [Announce] GnuPG 2.1.20 released Message-ID: <87h925qlx8.fsf@wheatstone.g10code.de> Hello! The GnuPG team is pleased to announce the availability of a new release of GnuPG: version 2.1.20. See below for a list of new features and bug fixes. About GnuPG ============= The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard which is commonly abbreviated as PGP. GnuPG allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. As an Universal Crypto Engine GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Noteworthy changes in version 2.1.20 ==================================== * gpg: New properties 'expired', 'revoked', and 'disabled' for the import and export filters. * gpg: New command --quick-set-primary-uid. * gpg: New compliance field for the --with-colon key listing. * gpg: Changed the key parser to generalize the processing of local meta data packets. * gpg: Fixed assertion failure in the TOFU trust model. * gpg: Fixed exporting of zero length user ID packets. * scd: Improved support for multiple readers. * scd: Fixed timeout handling for key generation. * agent: New option --enable-extended-key-format. * dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr uses a default keyserver. * dimngr: Do not treat TLS warning alerts as severe error when building with GNUTLS. * dirmngr: Actually take /etc/hosts in account. * wks: Fixed client problems on Windows. Published keys are now set to world-readable. * tests: Fixed creation of temporary directories. * A socket directory for a non standard GNUGHOME is now created on the fly under /run/user. Thus "gpgconf --create-socketdir" is now optional. The use of "gpgconf --remove-socketdir" to clean up obsolete socket directories is however recommended to avoid cluttering /run/user with useless directories. * Fixed build problems on some platforms. A detailed description of the changes found in this 2.1 branch can be found at . Getting the Software ==================== Please follow the instructions found at or read on: GnuPG 2.1.20 may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at . Note that GnuPG is not available at ftp.gnu.org. The GnuPG source code compressed using BZIP2 and its OpenPGP signature are available here: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 (6304k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig or via FTP: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig An installer for Windows without any graphical frontend except for a very minimal Pinentry tool is available here: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.20_20170403.exe (3755k) https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.20_20170403.exe.sig or via FTP: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.20_20170403.exe ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.20_20170403.exe.sig The source used to build the Windows installer can be found in the same directory with a ".tar.xz" suffix. The Windows installer now comes with TOFU support, many translations, support for Tor, and support for HKPS and the Web Key Directory. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.1.20.tar.bz2 you would use this command: gpg --verify gnupg-2.1.20.tar.bz2.sig gnupg-2.1.20.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See the end of this mail for information on the signing keys. * If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file gnupg-2.1.20.tar.bz2, you run the command like this: sha1sum gnupg-2.1.20.tar.bz2 and check that the output matches the next line: 500ddae8e4225ae2e300934090f9b9a427b8def1 gnupg-2.1.20.tar.bz2 69308ee80699ebb48a055963418597767a76d1d8 gnupg-w32-2.1.20_20170403.exe 6d9054625a6515971fd121e6648f6d0b0d4d9e44 gnupg-w32-2.1.20_20170403.tar.xz Internationalization ==================== This version of GnuPG has support for 26 languages with Chinese, Czech, French, German, Japanese, Norwegian, Russian, and Ukrainian being almost completely translated. Due to expected changes in forthcoming releases some strings pertaining to the TOFU code are not yet translated. Documentation ============= If you used GnuPG in the past you should read the description of changes and new features at doc/whats-new-in-2.1.txt or online at https://gnupg.org/faq/whats-new-in-2.1.html The file gnupg.info has the complete user manual of the system. Separate man pages are included as well but they have not all the details available as are the manual. It is also possible to read the complete manual online in HTML format at https://gnupg.org/documentation/manuals/gnupg/ or in Portable Document Format at https://gnupg.org/documentation/manuals/gnupg.pdf . The chapters on gpg-agent, gpg and gpgsm include information on how to set up the whole thing. You may also want search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. You may also want to follow our postings at and . Support ======== Please consult the archive of the gnupg-users mailing list before reporting a bug . We suggest to send bug reports for a new release to this list in favor of filing a bug at . If you need commercial support check out . If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gnupg-devel mailing list for discussion. Maintenance and development of GnuPG is mostly financed by donations. The GnuPG project employs 4 full-time developers, one part-timer, and one contractor. They all work exclusivly on GnuPG and closely related software like Libgcrypt, GPGME, and GPA. Please consider to donate via: https://gnupg.org/donate/ Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, answering questions on the mailing lists, and donating money. The GnuPG hackers, Andre, dkg, gniibe, Justus, Marcus, Neal, and Werner p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users'at'gnupg.org mailing list. p.p.s List of Release Signing Keys: To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key) rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 NIIBE Yutaka (GnuPG Release Key) rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 Werner Koch (Release Signing Key) rsa3072/4B092E28 2017-03-17 [expires: 2027-03-15] Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) You may retrieve these keys from a keyserver using this command gpg --keyserver hkp://keys.gnupg.net --recv-keys \ 249B39D24F25E3B6 04376F3EE0856959 \ 2071B08A33BD3F06 8A861B1C7EFD60D9 BCEF7E294B092E28 The keys are also available at https://gnupg.org/signature_key.html and in any recently released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed by a different key. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From marcus.brinkmann at ruhr-uni-bochum.de Mon Apr 3 22:53:56 2017 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 3 Apr 2017 22:53:56 +0200 Subject: A new bugtracker for GnuPG Message-ID: <7bb6cc61-71c3-7907-96b3-0c2f27d05973@ruhr-uni-bochum.de> Hi! Here is a plain text copy of Marcus' recent blog entry. The permanent URL is: . If you like to comment, please follow up on this mail. _____________________________________ 20170403-A-NEW-BUGTRACKER-FOR-GNUPG Marcus _____________________________________ April 3, 2017 Table of Contents _________________ 1 A New Bugtracker for GnuPG .. 1.1 dev.gnupg.org .. 1.2 Phabricator .. 1.3 New Users .. 1.4 Existing Users 1 A New Bugtracker for GnuPG ============================ 1.1 dev.gnupg.org ~~~~~~~~~~~~~~~~~ The GnuPG project has just launched [dev.gnupg.org], a new hub for GnuPG development! The site features a user-friendly task and bug tracker, a wiki, a Git repository browser, a calendar and utilities such as an URL shortener, a paste tool, bookmarks, customizable dashboards, and a meme generator. Starting today, the task and bug tracker replaces the old [Roundup] installation at [bugs.gnupg.org]. All existing tickets have been migrated under the same ticket number. Links to [https://bugs.gnupg.org/issue:NUMBER]: are redirected to [https://dev.gnupg.org/T:NUMBER]:, while all other links are redirected to the main site. The new wiki is currently empty, but ready to use. We are inviting the community at the [GnuPG Wiki] to join us on the new site, and will be glad to assist in the migration of existing documentation after the dust has settled. In the calendar you will be able to follow the GnuPG release cycles and the development sprints. We also plan to keep track of community meetups and hacker conferences there. The Git repositories provide a mirror of the core GnuPG and GnuPG-For-Windows projects with a very nice visual source code browser. There are no plans to replace the primary Git hosting at [git.gnupg.org], but we might add new community-oriented repositories in the future that are writable by a larger group of people. [dev.gnupg.org] https://dev.gnupg.org/ [Roundup] http://roundup.sourceforge.net/ [bugs.gnupg.org] https://bugs.gnupg.org/ [GnuPG Wiki] https://wiki.gnupg.org/ [git.gnupg.org] https://git.gnupg.org 1.2 Phabricator ~~~~~~~~~~~~~~~ dev.gnupg.org uses [Phabricator], a free, self-hosted and complete software development platform already deployed successfully by other free software projects such as [KDE] and [MediaWiki]. Phabricator supports a lot of features, but we disabled some of them to make onboarding easier for new users. However, we plan to roll out some of the additional features in the near future. In particular, we are interested in Phabricator's code review and audit capabilities, and are also looking at deeper integration with our Jenkins installation. If you are missing a particular feature of Phabricator on dev.gnupg.org, let us know! [Phabricator] https://www.phacility.com/ [KDE] https://phabricator.kde.org/ [MediaWiki] https://phabricator.wikimedia.org/ 1.3 New Users ~~~~~~~~~~~~~ If you are a new user, you can [register a new account] with just a username and an email address. [register a new account] https://dev.gnupg.org/auth/register/ 1.4 Existing Users ~~~~~~~~~~~~~~~~~~ If you were a user on bugs.gnupg.org, your account has been migrated to dev.gnupg.org under the same username and email. You have to use the [password reset form] to set a new password. After logging in you might want to configure the "Email Preferences" under your account settings. In some cases, duplicated accounts have been merged, and some [email addresses had to be adjusted] for Phabricator. If you have trouble recovering your account, contact [marcus] for support. [password reset form] https://dev.gnupg.org/login/email/ [email addresses had to be adjusted] https://secure.phabricator.com/T12359 [marcus] mailto:marcus at gnupg.org From wsenn1 at twu.edu Tue Apr 4 01:04:12 2017 From: wsenn1 at twu.edu (Will Senn) Date: Mon, 3 Apr 2017 18:04:12 -0500 Subject: some beginner questions In-Reply-To: <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> Message-ID: <023954fd-0844-9fba-509c-5b46b688a840@twu.edu> On 4/3/17 1:25 AM, Doug Barton wrote: > > > but > > I'm not having much luck signing with subkeys, so I'm not convinced this > > is worth the headache and increased complexity of key management. > > It's not really that hard to do, what kind of problems are you having? > The instructions at https://wiki.debian.org/Subkeys are better, as is > the explanation. It would also be helpful to know what version of GnuPG > you're using. > > I followed the instructions there and was able to successfully load the > exported key into roundcube (which I'm sending this message from to > verify that it works for others besides me) and K-9 Mail for Android > (through OpenKeychain). I also tried moving my gnupg directory aside > and importing the exported signing-only subkey with the expected > results. > > However, that still doesn't address the "issues" with this approach. It > only works for signing, if you want to be able to decrypt messages sent > to you on your devices then you need to keep a copy of your encryption > subkey on them as well. Personally, I would argue that is a much bigger > risk in terms of compromise, as people being able to send messages > signed by my key would be an annoyance, sure. But people being able to > decrypt things that I wanted to keep secret could be potentially > devastating. > > That said, as long as you have a suitable passphrase your risk of key > compromise is really, really minimal, even if they did get total control > over your device. Barring coercion, the chances of someone guessing your > passphrase is near zero. And currently that's the only way to gain > access to a secret key, even if you have it in your possession. > > But let's say that the worst happens, and your device is compromised by > the bad folks, and they gain control of your key as well. Let's even use > a signing-only subkey for this scenario. Now, your attackers have access > to your full list of contacts, and your e-mail (so that they can get a > solid idea of how you write). Then they send the following message to > everyone in your contact list (assume for the sake of argument that the > following is written in something close enough to your personal style to > pass with your friends and family, etc.): > > Woah, dude, major bummer! My phone got stolen! Totally bogus! Not only > that, but my PGP key was on it, and now they have that too! Sucks, man! > So here is my new key fingerprint. Please download it ASAP, revoke your > signatures on my old key, and mark it as bogus! And definitely, if you > get another message from me signed by this key, DON'T TRUST IT! That'll > be the hackers, man! > > Of course, the new key that they send the fingerprint for will be one > that they have created, with all the same UID information, etc. Now this > won't fool everyone of course, there will be some of your correspondents > who will want to verify with you, some who won't act because they don't > know what you're talking about, etc. But the usual stated goal of using > a separate signing-only key is to protect the reputation of your > certification key, and to avoid having to create a whole new key in > response to a compromise. My argument is that in the unlikely event that > the bad folks get control of your secret key (of any flavor) there is > more than enough damage that they can do with it, even if they don't get > your certification key. > > Now beyond THAT, you stated that your goal is to be able to ENCRYPT your > communications on your devices, and presumably that means to decrypt as > well. You can ENcrypt using just the recipient's public key of course. > But you can't DEcrypt unless you have your own encryption subkey on the > device. See above for why that's a much more significant risk (IMO). In > light of that requirement, a sign-only subkey doesn't get you much, and > given that with a good passphrase it's essentially impossible for them > to compromise your key, even if they do get it, you're adding complexity > for little, if any, benefit. > > I could go on, but I'll let you respond first in case I've already said > enough. :) > Actually, I appreciate all of the detail. I will start off with a simple keypair that I am careful with. Based on my current understanding, if my passphrase is known only to me, is sufficiently long and unique, if I keep my secret key reasonably secure, and keep it local to my own devices, I should be reasonably safe from exploit against all but the most determined folks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From wsenn1 at twu.edu Tue Apr 4 01:18:59 2017 From: wsenn1 at twu.edu (Will Senn) Date: Mon, 3 Apr 2017 18:18:59 -0500 Subject: Smart card Message-ID: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> In my PGP research, I have been looking for a smart card that supports openpgp. I found the OpenPGP Card Version 2.1 over at kernelconcepts, but I'm wondering if they are still operational. I also saw something called a Yubi Key on Amazon. I found this howto that is pretty dated: https://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html My questions for today are: Are smartcards out of vogue? If not, can you suggest resources that will help a newb make decisions regarding them? If this has been addressed recently, my apologies, I couldn't find a search interface for gnupg-users... Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Apr 4 03:32:59 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 3 Apr 2017 21:32:59 -0400 Subject: Complexities on faking one signature In-Reply-To: <20170404002003.dncaxcm5wraw75bn@grep.be> References: <6e61f4ff-f70a-a2cf-0e46-0140f9c97664@riseup.net> <6d0cbca8-b57e-369a-29ff-3acd1acf7e19@sixdemonbag.org> <20170404002003.dncaxcm5wraw75bn@grep.be> Message-ID: <757da5af-d807-9440-09bd-c3d5088e4991@sixdemonbag.org> > I believe the OP is asking whether it'd be easier to brute-force a > signature than it is to brute-force a private key. Unimaginably harder to brute-force a sig. Since RSA is deterministic (at least, na?ve RSA is), a sig is done on a digest (of let's say size 256 bits) and there are 2**256 different valid outputs. But the signature length itself is thousands of bits, for 2**thousands of possibilities. So the per-attempt likelihood of finding one of the 2**256 valid signatures out of a signature of 2**thousands of bits is likelihood is 2**(256 - thousands). 2**-2000 is so close to zero as makes no difference whatsoever. From rjh at sixdemonbag.org Tue Apr 4 03:37:56 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 3 Apr 2017 21:37:56 -0400 Subject: Smart card In-Reply-To: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> Message-ID: <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> > Are smartcards out of vogue? If not, can you suggest resources that will > help a newb make decisions regarding them? Smartcards are not out of vogue for people who need them. Those who don't will be better served by avoiding them. Do you have a need for one? If so, the kernelconcepts card works well, as do Yubikeys. From w at uter.be Tue Apr 4 02:20:03 2017 From: w at uter.be (Wouter Verhelst) Date: Tue, 4 Apr 2017 02:20:03 +0200 Subject: Complexities on faking one signature In-Reply-To: <6d0cbca8-b57e-369a-29ff-3acd1acf7e19@sixdemonbag.org> References: <6e61f4ff-f70a-a2cf-0e46-0140f9c97664@riseup.net> <6d0cbca8-b57e-369a-29ff-3acd1acf7e19@sixdemonbag.org> Message-ID: <20170404002003.dncaxcm5wraw75bn@grep.be> On Sun, Apr 02, 2017 at 07:12:38PM -0400, Robert J. Hansen wrote: > > 2. Enumerating the possible signature of that certain message and > > using the target's public key to verify if one of the signatures is > > correct. > > I'm not sure what you mean here; that's not how signatures work. > Signatures work by computing a digest over data and encrypting that with > the private key. Since you lack the private key, you can't generate > signatures. No, but you can generate random numbers and verify whether they happen to be a valid signature. I believe the OP is asking whether it'd be easier to brute-force a signature than it is to brute-force a private key. With RSA, the signature is exactly the same length as the (public) key. Therefore, naively, one could assume that the complexity would be approximately the same too. In practice, however, the work required to brute-force a signature is probably worse than that to brute-force a private key, because the public key must be the product of the private key's two prime numbers (which limits their values to things that can reasonably be the public key's divisors, and you can preselect for that), whereas a signature is a modulus and can therefore be pretty much anything. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From wsenn1 at twu.edu Tue Apr 4 04:12:38 2017 From: wsenn1 at twu.edu (Will Senn) Date: Mon, 3 Apr 2017 21:12:38 -0500 Subject: Smart card In-Reply-To: <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> Message-ID: <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> On 4/3/17 8:37 PM, Robert J. Hansen wrote: >> Are smartcards out of vogue? If not, can you suggest resources that will >> help a newb make decisions regarding them? > Smartcards are not out of vogue for people who need them. Those who > don't will be better served by avoiding them. Do you have a need for > one? If so, the kernelconcepts card works well, as do Yubikeys. > What do you mean by "will be better served by avoiding them"? What's the reservation? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Apr 4 04:27:12 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 3 Apr 2017 22:27:12 -0400 Subject: Smart card In-Reply-To: <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> Message-ID: > What do you mean by "will be better served by avoiding them"? What's the > reservation? Imagine we're in a restaurant and you ask me, "Should I order the pizza?" Well, beats heck out of me. I don't know you from Adam, I don't know your personal tastes, I don't even know if you're hungry. So I shrug and say, "Sure, if you like pizza." You may think that's a useless answer, but the question was no champ, either. Should you get a smartcard? Sure, if you need one. But I don't know how you expect me, or anyone else here, to be able to give a more precise answer than that. Only you can make those decisions about your local security policy. Smartcards haven't fallen out of vogue, but they're also not useful to everyone. Examine your needs, see if a smartcard can help satisfy those needs, and then make your decision. If you decide to go that route there are plenty of people here who can help. From alaricd at pengdows.com Tue Apr 4 03:52:31 2017 From: alaricd at pengdows.com (alaricd at pengdows.com) Date: Mon, 3 Apr 2017 20:52:31 -0500 Subject: Smart card In-Reply-To: <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> Message-ID: If you ask me... people don't want to learn anything, they are happy being ignorant and clueless about security. Sent from my android device. -----Original Message----- From: "Robert J. Hansen" To: gnupg-users at gnupg.org Sent: Mon, 03 Apr 2017 20:39 Subject: Re: Smart card > Are smartcards out of vogue? If not, can you suggest resources that will > help a newb make decisions regarding them? Smartcards are not out of vogue for people who need them. Those who don't will be better served by avoiding them. Do you have a need for one? If so, the kernelconcepts card works well, as do Yubikeys. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From wsenn1 at twu.edu Tue Apr 4 05:33:46 2017 From: wsenn1 at twu.edu (Will Senn) Date: Mon, 3 Apr 2017 22:33:46 -0500 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> Message-ID: <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> On 4/3/17 9:27 PM, Robert J. Hansen wrote: >> What do you mean by "will be better served by avoiding them"? What's the >> reservation? > Imagine we're in a restaurant and you ask me, "Should I order the > pizza?" Well, beats heck out of me. I don't know you from Adam, I > don't know your personal tastes, I don't even know if you're hungry. So > I shrug and say, "Sure, if you like pizza." You may think that's a > useless answer, but the question was no champ, either. I'm sure I should be offended, but I have a sneaky suspicion my question sucked :). > Should you get a smartcard? Sure, if you need one. But I don't know > how you expect me, or anyone else here, to be able to give a more > precise answer than that. Only you can make those decisions about your > local security policy. I didn't ask if I should get one. I asked if there were resources to help a newb make decisions regarding them. While I sense a certain disdain in your response, I'll make some clarifying comments in the hope that its worth the effort... By way of analogy (only goes so far, I know, but certainly far enough), let's take the realm of personal security, with which I am intimately and extensively familiar. If someone comes up to me and asks me if I could help point them to some resources about choosing a martial art, I might answer as follows: Should you study a martial art? Sure if you need to. Probably not though. I would likely just ask the necessary, perhaps even tedious guiding questions to help the novice understand why the question lacks elegance and then try to make some reasonable suggestion for further study. Something along the lines of: That's a pretty broad question, grasshopper, are you wanting to study for health, safety, fun or what? There's quite a bit of information out there on martial arts, a pretty good place to start is http://www.wikihow.com/Choose-a-Martial-Art, it's not a highly technical reference, but it's pretty broad in its coverage and it's written for the lay person. Oh, you've done Karate for a few years and Aiki, as well. Huh, ok, in that case you need to self reflect a bit and perhaps read some of the history associated with a variety of eastern and western arts to inform your decision process... I know, I'm a softy at heart and I'm by no means an RTFM, you should ask better questions you moron, type. Although, I certainly have no problem with those that are, other than finding them droll. A simple, I don't really know of a good, current overview of Smart Cards for non-expert users would have sufficed, that is if you lack knowledge of such. Otherwise, I could sure use a steer to a good overview... > Smartcards haven't fallen out of vogue, but they're also not useful to > everyone. Examine your needs, see if a smartcard can help satisfy those > needs, and then make your decision. If you decide to go that route > there are plenty of people here who can help. > This is really good advice for practically any purchase/system acquisition I'll ever make. I'll keep it in mind. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.email Tue Apr 4 06:48:52 2017 From: dougb at dougbarton.email (Doug Barton) Date: Mon, 3 Apr 2017 21:48:52 -0700 Subject: Smart card In-Reply-To: <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> Message-ID: <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> On 04/03/2017 08:33 PM, Will Senn wrote: > I didn't ask if I should get one. I asked if there were resources to > help a newb make decisions regarding them. While I sense a certain > disdain in your response, I'll make some clarifying comments in the hope > that its worth the effort... Robert's answer was more than a little snarky, yes. But, you send your question to a free mailing list, you get what you paid for. :) Meanwhile, go back to your first post, and remember the question I asked you, before anything else? What's your threat model? As Robert pointed out, it's really hard for us to give you a map if you can't tell us what you want your destination to be. Doug From wsenn1 at twu.edu Tue Apr 4 07:19:11 2017 From: wsenn1 at twu.edu (Will Senn) Date: Tue, 4 Apr 2017 00:19:11 -0500 Subject: Smart card In-Reply-To: <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> Message-ID: <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> On 4/3/17 11:48 PM, Doug Barton wrote: > On 04/03/2017 08:33 PM, Will Senn wrote: >> I didn't ask if I should get one. I asked if there were resources to >> help a newb make decisions regarding them. While I sense a certain >> disdain in your response, I'll make some clarifying comments in the hope >> that its worth the effort... > > Robert's answer was more than a little snarky, yes. But, you send your > question to a free mailing list, you get what you paid for. :) > Meanwhile, go back to your first post, and remember the question I > asked you, before anything else? > > What's your threat model? > Fair enough, and I have learned quite a bit based on everyone's responses. I admit, freely, to not understanding everything that y'all have said. I do not really know what I need vs what I think I need. In my uneducated state, I think I want to be as secure as possible and I'm willing to invest time and energy in the pursuit of what knowledge I need. But I don't know what I don't know. It just seems to me that if having access to PGP helps me secure my email from prying eyes, and keeps my sensitive files from being viewed by others, that is helpful. What I've read seems to hint that a smart card is a good way to limit some of the potential exposure of having keys laying around. I thought I answered the threat model question, but if I haven't I'm sorry. See if this is a threat model: I'm a tech savvy citizen who wants to protect my email (Seems to be working - Enigmail automates encryption, signing, and decryption pretty seemlessly), protect my files on disk (GPG's symmetric encryption works for this quite easily and well), sign files that I share (GPG signatures seem ideal), verify software packages that I download (gpg --verify seems much better than relying on a hash that has no relationship with an identity), begin to establish a public identity that is trustable and verifiable (web of trust type stuff, my understanding here begins to get fuzzier), and do this on mac/linux (very rarely, windows) machines that are permanently or occasionally attached to a reasonably secure home network that is behind a reasonably sophisticated firewall, as well as a laptop that occasionally connects to secure networks outside of the home. What I noticed, while I was figuring out how to do the six normal gpg operations, is that I have a hard time with key proliferation - it seems like having lots of devices either makes for having lot of copies of keys or lots of copying of files to and from the device with the keys... So, I just thought (hoped) that a Smart Card might be a solution for a problem like this :). > As Robert pointed out, it's really hard for us to give you a map if > you can't tell us what you want your destination to be. > > Doug I get it. Thanks... if I could only figure out how to ask the right question :). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From post at jankoppe.de Tue Apr 4 08:46:50 2017 From: post at jankoppe.de (Jan Koppe) Date: Tue, 4 Apr 2017 08:46:50 +0200 Subject: Smart card In-Reply-To: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> Message-ID: Hello Will, somewhat off-topic, but.. On 04.04.2017 01:18, Will Senn wrote: > If this has been addressed recently, my apologies, I couldn't find a > search interface for gnupg-users... You can use a google query like this: "site:https://lists.gnupg.org/pipermail/gnupg-users/ " This restricts the search to only the list archive. Regards, Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From sheldon.corey at openmailbox.org Tue Apr 4 12:41:56 2017 From: sheldon.corey at openmailbox.org (Corey Sheldon) Date: Tue, 4 Apr 2017 10:41:56 +0000 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> Message-ID: <1ea9ab8d-f47f-8571-fd15-8d6539c7c3c2@openmailbox.org> On 4/4/17 6:46 AM, Jan Koppe wrote: > Hello Will, > > somewhat off-topic, but.. > > On 04.04.2017 01:18, Will Senn wrote: > >> If this has been addressed recently, my apologies, I couldn't find a >> search interface for gnupg-users... > You can use a google query like this: > "site:https://lists.gnupg.org/pipermail/gnupg-users/ " > > This restricts the search to only the list archive. > > Regards, > Jan > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Hello there. Firstly, congrats on your journey to learn the intimacy of a more secure lifestyle. You mention your have ~ 6 devices with keys. Generally it is advised to have a 'Master" set which would be backed up on smartcard, ( in my case a Yubikey 4 - a usb sized smartcard with the smartcard/gpg applet cooked into the device ). with `portable` keychains on the 6 devices. Preferably these have at least 1 subkey each that can be used to maintain trust chains god forbid the main key or conversely the subkey is lost/compromised. as keys/subkeys are link-able via some small portion of the key data. Smartcard(s) purchase in your case would be advisable as you are on multiple devices and having a portable subkey on your other devices and the master key(s) on your Smartcard would also provide a sense of hardware-based 2fa and make the keys otherwise rather useless for anyone else. Due to form factor I'm a bit biased to usb form factor, also they tend to have the lowest bar of entry as any pc I've encountered built post 1980 has a usb 1.0+ port. In this context "smartcard" refers to the device type not a technology per-say, but a method/device to implement said technology (gpg among others). Something else to consider is that not all smartcards are equal some merely hold gpg keys, some like Yubikeys have other 2fa technologies onboard like x.509 keys (in a secure element storage on the device) and OTP ( Yubicloud,TOTP,HOTP,Chal-Resp, etc). so consider these things more thoroughly and tehn research brands from there, revisiting this list if needed. Respectfully, -- Corey W Sheldon ph: +1 (310).909.7672 Personal:0x90DD92F222C15DC2 || A897 3F1B A97B 33BC 5F73 CBBE 90DD 92F2 22C1 5DC2 Fedora:0x32C80DA97E25CEFE || 0DB4 A35F 22B9 C6DF 0F56 BEB8 32C8 0DA9 7E25 CEFE Ameridea (Admin):0x5C9AB5EC2C5CA3DA || 420D 115E 791D F34F C445 BEC1 5C9A B5EC 2C5C A3DA Freelance IT Consultant, Multi-Discipline Tutor Fedora AmbaNA (linuxmodder) Ameridea LLC Founder, CEO Find me elsewhere: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 "One must never underestimate the power of boredom...from which creativity and laziness are borne, which can spark great works of chaos and genius." --Anonymous "Any man willing to retreat freedom for security is deserving of neither." (Pp) -- Benjamin Franklin. This document, including attachments, is intended for the person or company named and contains confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please destroy this message and notify the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sheldon_corey.vcf Type: text/x-vcard Size: 327 bytes Desc: not available URL: From raubvogel at gmail.com Tue Apr 4 12:22:12 2017 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue, 4 Apr 2017 06:22:12 -0400 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> Message-ID: On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen wrote: >> What do you mean by "will be better served by avoiding them"? What's the >> reservation? > > Imagine we're in a restaurant and you ask me, "Should I order the > pizza?" Well, beats heck out of me. I don't know you from Adam, I > don't know your personal tastes, I don't even know if you're hungry. So > I shrug and say, "Sure, if you like pizza." You may think that's a > useless answer, but the question was no champ, either. > I think a better example would be "I've never ate a pizza before. Should I try it?" > Should you get a smartcard? Sure, if you need one. But I don't know > how you expect me, or anyone else here, to be able to give a more > precise answer than that. Only you can make those decisions about your > local security policy. > On the OP's defense, I do not think he understands enough of multifactor authentication in general and smartcards vs other alternatives specifically to answer the question. And this is probably what he had in mind with his rather poorly worded original question. > Smartcards haven't fallen out of vogue, but they're also not useful to I will add that the "Are smartcards out of vogue?" question has an loaded question taste to it. So, Will, what made you conclude that smartcards are going the same place as 8-track and Betamax tapes? > everyone. Examine your needs, see if a smartcard can help satisfy those > needs, and then make your decision. If you decide to go that route > there are plenty of people here who can help. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From andrewg at andrewg.com Tue Apr 4 14:23:58 2017 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 4 Apr 2017 13:23:58 +0100 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> Message-ID: <555c58b3-3de0-4d8d-64a7-2186e4d14996@andrewg.com> On 04/04/17 11:22, Mauricio Tavares wrote: > I will add that the "Are smartcards out of vogue?" question has > an loaded question taste to it. Depends whether by "smartcard" you mean the technology or the form factor. The underlying protocol is here for the long term - it's the same one banks use for credit cards so even if it's not fashionable, it will still be supported by software for the foreseeable future. But smart cards (the form factor) really only make practical sense if your equipment has a built-in smart card reader - and that is highly dependent on industry fashion. My current work laptop has an inbuilt reader and that's why I chose a full format smartcard over a yubikey or a clamshell reader - both of which are less physically portable but more logically portable. So while the smartcard protocol may be here to stay, the credit-card form factor might not. But don't agonise over it. As long as you are careful and keep an offline backup of your primary key and encryption subkey, all you lose by picking an obsolete form factor is the money you spent on the physical hardware. Andrew. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From wsenn1 at twu.edu Tue Apr 4 14:32:07 2017 From: wsenn1 at twu.edu (Will Senn) Date: Tue, 4 Apr 2017 07:32:07 -0500 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> Message-ID: Hi Jan, On 4/4/17 1:46 AM, Jan Koppe wrote: > Hello Will, > > somewhat off-topic, but.. > > On 04.04.2017 01:18, Will Senn wrote: > >> If this has been addressed recently, my apologies, I couldn't find a >> search interface for gnupg-users... > You can use a google query like this: > "site:https://lists.gnupg.org/pipermail/gnupg-users/ " > > This restricts the search to only the list archive. I've used site syntax all over the place, but I just never thought to use it against a mailing list archive in this way, so obvious in retrospect. Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Tue Apr 4 14:37:16 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 4 Apr 2017 08:37:16 -0400 Subject: Smart card In-Reply-To: <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> Message-ID: <505ea76b-9d22-98b0-c76c-09cb09cc1bbf@sixdemonbag.org> > I do not really know what I need vs what I think I need. Completely non-snarky: this is an important realization to make and we're happy to help with this. Getting this answered will go a long way towards answering your "should I get a smartcard?" question. > In my uneducated state, I think I want to be as secure as possible Again, completely non-snarky: this is the most common newbie mistake there is. The name of the game is not risk minimization -- it's risk *management*. > What I've read seems to hint that a smart card is a good way to > limit some of the potential exposure of having keys laying around. They can be. They can also be right royal pains in the ass, too. I have a kernelconcepts card and use it to store my secret key, since my laptop is a theft target. Whenever I receive an encrypted email I have to rummage in my laptop bag for my card reader, find it, plug it in, get my wallet, rifle through it for the card, plug it into the reader, discover gpg-agent got wedged, kill gpg-agent, try to decrypt the message, enter my PIN, and finally get my message. It's annoying as hell. OTOH, I deal with some high-value secrets. If I was dealing with lower-value secrets I probably wouldn't bother. > protect my files on disk (GPG's symmetric encryption works for this > quite easily and well) I used to work in computer forensics. GnuPG's symmetric encryption is probably not working as well for you as you think, since it doesn't remove traces of plaintext from the hard drive. (In its defense, it really can't.) Use an encrypted file system instead. > I get it. Thanks... if I could only figure out how to ask the right > question :). As in most of life, this is the big trick. :) From wsenn1 at twu.edu Tue Apr 4 14:47:02 2017 From: wsenn1 at twu.edu (Will Senn) Date: Tue, 4 Apr 2017 07:47:02 -0500 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> Message-ID: <406a01d1-edae-24aa-0857-b29ba36db65a@twu.edu> On 4/4/17 5:22 AM, Mauricio Tavares wrote: > On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen wrote: >>> What do you mean by "will be better served by avoiding them"? What's the >>> reservation? >> Imagine we're in a restaurant and you ask me, "Should I order the >> pizza?" Well, beats heck out of me. I don't know you from Adam, I >> don't know your personal tastes, I don't even know if you're hungry. So >> I shrug and say, "Sure, if you like pizza." You may think that's a >> useless answer, but the question was no champ, either. >> > I think a better example would be "I've never ate a pizza > before. Should I try it?" > >> Should you get a smartcard? Sure, if you need one. But I don't know >> how you expect me, or anyone else here, to be able to give a more >> precise answer than that. Only you can make those decisions about your >> local security policy. >> > On the OP's defense, I do not think he understands enough of > multifactor authentication in general and smartcards vs other > alternatives specifically to answer the question. And this is probably > what he had in mind with his rather poorly worded original question. Yes, sadly this is true, but I'm reading everything in sight trying to get up to speed. Security sites are littered with trashy, half-true, jargon ridden, gobbledegook, with a few gems here and there and a lot of it is so not newb friendly. Admittedly, I'm not your average user, just an uninformed one in the security realm, still, the going is a bit rough. I appreciate y'alls patience as I get up to speed. I'll try not to be a bore. > >> Smartcards haven't fallen out of vogue, but they're also not useful to > I will add that the "Are smartcards out of vogue?" question has > an loaded question taste to it. So, Will, what made you conclude that > smartcards are going the same place as 8-track and Betamax tapes? > > The kernelconcepts website has this banner: Soon the shop will return ... until then, please order the old-fashioned way by sending an email to order at kernelconcepts.de. So I emailed them and waited a week with no response. I then went looking for alternatives and found many sites that referred to that site as their distributor. Regarding the yubikey, I read a post that expressed some doubts about recent versions (completely unsubstantiated, but data of a sort nonetheless). Amazon didn't offer much in the way of product. Based on limited evidence I thought I should ask y'all. Hence the pointedness of the question. In retrospect, my original email would have been MUCH different :). Thanks, Will -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From andrewg at andrewg.com Tue Apr 4 14:53:06 2017 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 4 Apr 2017 13:53:06 +0100 Subject: Smart card In-Reply-To: <406a01d1-edae-24aa-0857-b29ba36db65a@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <406a01d1-edae-24aa-0857-b29ba36db65a@twu.edu> Message-ID: On 04/04/17 13:47, Will Senn wrote: > So I emailed them and waited a week with no response. I then went > looking for alternatives and found many sites that referred to that site > as their distributor. I bought mine from cryptoshop.com and was satisfied with the experience. A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From tlikonen at iki.fi Tue Apr 4 19:27:37 2017 From: tlikonen at iki.fi (Teemu Likonen) Date: Tue, 04 Apr 2017 20:27:37 +0300 Subject: Smart card In-Reply-To: <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> (Will Senn's message of "Tue, 4 Apr 2017 00:19:11 -0500") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> Message-ID: <87k2705bhy.fsf@iki.fi> Will Senn [2017-04-04 00:19:11-05] wrote: > On 4/3/17 11:48 PM, Doug Barton wrote: >> What's your threat model? > > [...] I do not really know what I need vs what I think I need. In my > uneducated state, I think I want to be as secure as possible [...] Considering possible threats is useful or even extremely important but here's another point of view. Perhaps it can be just "I'm interested in security technology and want to study smart cards. Thus, I'll buy one and learn how it works. Maybe it will turn out useful or even necessary." -- /// Teemu Likonen - .-.. // // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 /// -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 454 bytes Desc: not available URL: From faramir.cl at gmail.com Wed Apr 5 00:23:02 2017 From: faramir.cl at gmail.com (Faramir) Date: Tue, 4 Apr 2017 19:23:02 -0300 Subject: some beginner questions In-Reply-To: <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 02-04-2017 a las 20:23, Will Senn escribi?: ... >> In short, the main key acts as a level of indirection, which >> separates your identity from your encryption/signing keys. > Sounds like what I was led to believe to be the case, but at the > end of the day, I don't seem to be able to sign anything with the > signing subkey if the master key is not present (with sec instead > of sec#). Do you know how I get it to use the subkey (the manual > says it will default to a signing subkey, but that's not my > experience). I keep my whole key (main and subkeys) in an encrypted container, and use only the subkeys on a daily basis (one signing and one for encryption). The idea was that I could carry gpg on a pendrive and if the pendrive is lost, I could revoke the subkeys, and don't lose the signatures on the main key. It worked on gpg 1.4.x and it works for me on GPG4Win, the only things I can't sign are other keys (unless I mount my whole key). Now, if my computer gets infected by a key-stealing virus and I don't notice it before mounting my whole key, I'm toasted anyway. But at least I have a chance to get a warning, and I also can read my encrypted emails on my laptop without worrying about the keys in case I lose the laptop. Best Regards P.S: about orphan keys, I've set my keys to expire in 2 years, so if I lose the private keys, they won't haunt me forever. I just need to remember to change the expiration date from time to time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJY5BzGAAoJEMV4f6PvczxAJKcH/3vmRJ1YBr383P41Z681OL2J LTelFJbwwTmp1131UKZ4C9tKHAOykt6JPErCvoGcjkVjiuScy4lto/1i4SLsTnTo 3kvGd4/k8Wpo/G8iGiFZ3hERziJhs75RNkvw4T0vTpDigHepFAHrdX2CwTl84Dk6 Cz6TMbYnLIepiESO9R9QZcdiQ36SnOy8ViuGiEeokZvYsEfigdisWVps61I7Ip+r XRJmlEJW5GuuVtKG/DcmoOY3aocRMW0u08+jhDHaLihRiV+GrFKHaWcSLST9N3R+ GfvEU+hdoa/MMPZmFNAi/55E6RyKzTAWjegul0D+TwHN670hKwkY53HOvmhwY6o= =6o3D -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Apr 5 00:59:05 2017 From: faramir.cl at gmail.com (Faramir) Date: Tue, 4 Apr 2017 19:59:05 -0300 Subject: some beginner questions In-Reply-To: <023954fd-0844-9fba-509c-5b46b688a840@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <8b9d5d51-a5c9-2686-a701-6a94918af981@twu.edu> <04a94eb9357c9db79b7b93395604f7cc@dougbarton.email> <023954fd-0844-9fba-509c-5b46b688a840@twu.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 03-04-2017 a las 20:04, Will Senn escribi?: ... > Actually, I appreciate all of the detail. I will start off with a > simple keypair that I am careful with. Based on my current > understanding, if my passphrase is known only to me, is > sufficiently long and unique, if I keep my secret key reasonably > secure, and keep it local to my own devices, I should be reasonably > safe from exploit against all but the most determined folks. You may also want to set an expiration date for your keys (in case you lose the private keys and revocation certs... let's say they were on the same hdd and it crashed), which can be edited later (only problem is your correspondents will need to get an updated copy of your public key to still be able to use your key). You can also export your keys using paperkey utility, that way you can print them in an easy to type (maybe even easy to OCR) way and store the printed version in a safe place. I don't really care that much about my signing key, but if my hdd crashes and I need to use my remotely stored backups... I'll need my encryption key to open them. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJY5CU5AAoJEMV4f6PvczxAI8EIAKiYCeQoNwO8qG+BhYa/th2C ZpBctqO+uPWKuAJz40WoL6Adqn29KquI/L33TBJ+m5IOKklldtevSTgjXU7649+Q jy5IBhSl1qhxtetiK+yzKNGFYcZ96QZNUU0U9CJIIriV57+BPIsf3kynS/wfM2P5 jQcZdLcHUkLku6WtdANNsXfHqo7fMvw+6Tfxw+rIBFPcyHonrXKKdpBuTDxdYFst HyHhXb6hhFqurOCcKyKpGlFecfvt+0V6O4923xvQdBYIq/yBfLGU18O8OCmU6c2b PkZcJgA+D+0V5LbOus3IAROY+14SS8o+q7gEpOnT61qhCqF1v0weCDw8AxGc8JM= =E8Zl -----END PGP SIGNATURE----- From mogliii at gmx.net Thu Apr 6 05:03:16 2017 From: mogliii at gmx.net (mogliii) Date: Thu, 6 Apr 2017 12:03:16 +0900 Subject: Documentation about --list-secret-keys output Message-ID: <8eb2ec50-64a2-8fcc-2cb9-84348ec587e6@gmx.net> Hi, I got recently very confused about how secret keys on smartcards are presented and handled in gpg. In particular, after putting the subkeys on a Nitrokey, my output of gpg --list-secret-keys is sec# 4096R/XXXXXAB 2017-XX-XX [expires: 20XX-XX-XX] uid My name ssb> 2048R/XXXXXBB 2017-XX-XX ssb> 2048R/XXXXXCB 2017-XX-XX ssb> 2048R/XXXXXDB 2017-XX-XX Following confusions: 1. What is the meaning of # after sec? This means that the master key is not available (https://wiki.debian.org/Subkeys). We already have 5 lines of text. Why not add another line such as "#: Master key not present" 2. What is the meaning of > after ssb? It means that the secret sub keys are not present in the keyring, but on a known smartcard. This does not come up in a google search 'gpg "ssb>"'. I only came accross another post by accident that said that after issuing keytocard, the sub key is deleted (when using save) and only a reference is left. Following 1., why not write "#: Master key not present; >: reference to secret key on smart card" 3. This output means that there is *NO* secret key on this computer. This is an extremely important information, but it is not evident from the output. Enigmail makes it look like I have a private keypair. But actually it's not. Only a reference. 4. I cannot fully delete the secret key reference by "gpg --delete-secret-key XXXXXAB". Although it asks me for confirmation and does not show in --list-secret-keys anymore, it still shows in enigmail (bold for having private key) and .gnupg/private-keys-v1.d still contains the keys. So I'm kind of stuck in limbo here. Deleting the offending files in private-keys-v1.d is the only way to make enigmail forget about them. Has this discussed before? I think there was once a drive to improve usability of gpg. Is there a place to propose a change in the output? From bruegmann at eprd.de Thu Apr 6 10:18:25 2017 From: bruegmann at eprd.de (=?UTF-8?Q?J.Br=c3=bcgmann?=) Date: Thu, 6 Apr 2017 10:18:25 +0200 Subject: Access to YubiHSM 1.5 Message-ID: Dear Sir or Madam, a member of this group told me to post the following question and i hope it is in the right place. I'm working for a german quality assurance company in healthcare. We are working on an security improvement for our hashcode generator, which produces unique identifiers for patients. I'm just evaluating the YubiHSM USB Module Version 1.5 for to use the HMAC algorithm. I've configured the YubiHSM in HSM-Mode via PuttY as i found it in the manual but unfortunately I was not able to use the YubiHSM programmatically. I can establish a serial connection to the module with C#, but I was not able to find out, what data a have to transfer to the modul to get a HMAC-SH1 response. Is there anyobody who has some experience with that YubiHSM and could possibly provide me with some informations? Do you think it is a module that could be used in a 24/7 environment with a maximum request load of 2000 request a day? We are searching for an alternativ to a profession Network HSM because more than 15000 ? only for the secure build of a HMAC-Hash is a lot of money. Thanks! With kind regards -- Joachim Br?gmann CIO (Chief Information Officer) EPRD Deutsche Endoprothesenregister gGmbH Stra?e des 17. Juni 106-108 (Eingang Bachstra?e) 10623 Berlin Tel.: +49 (0)30-340 60 36 40 Fax: +49 (0)30-340 60 36 41 E-Mail: info at eprd.de URL: http://www.eprd.de Amtsgericht Charlottenburg: HRB 133570 B Gesch?ftsf?hrer: Dr. med. Andreas Hey Inhaltlich Verantwortlicher gem?? ? 10 Absatz 3 MDStV: Dr. med. Andreas Hey From dani at 00dani.me Thu Apr 6 14:21:29 2017 From: dani at 00dani.me (Danielle McLean) Date: Thu, 6 Apr 2017 22:21:29 +1000 Subject: [2.1.19] --list-secret-keys not # marking unavailable subkeys? Message-ID: <81cba2db-cd42-88f9-1505-ec0bc0c34797@00dani.me> Hi, I'm using GnuPG 2.1.19 on a Mac with a smartcard (a YubiKey NEO) holding my regularly-used subkeys - some of my keys are actually in my secret keyring, but others are only stubs. When I run gpg --card-status, each secret key is correctly marked with # when it's unavailable or > when it's stored on my smartcard. For example: $ gpg --card-status | sed -n '/General key info/,$p' General key info..: sub rsa2048/3844A6973C6058F1 2017-04-05 Danielle McLean sec# rsa4096/27D076D2ACA7BABE created: 2017-04-03 expires: never ssb# rsa4096/5A5D2D1AFF12EEC5 created: 2017-04-04 expires: 2018-04-04 ssb# rsa4096/D2081794136A2F3E created: 2017-04-04 expires: 2018-04-04 ssb> rsa2048/3844A6973C6058F1 created: 2017-04-05 expires: 2018-04-05 card-no: 0006 05312011 ssb rsa2048/9D50913E336B08C1 created: 2017-04-05 expires: 2018-04-05 ssb> rsa2048/9EC155D34F33D648 created: 2017-04-05 expires: 2018-04-05 card-no: 0006 05312011 The above information is correct - I have the subkeys 3C6058F1 and 4F33D648 stored on my smartcard, the subkey 336B08C1 stored in my secret keyring, and the other secret keys aren't available. However, when I run gpg --list-secret-keys, the # marker doesn't appear on unavailable subkeys: $ gpg -K ACA7BABE sec# rsa4096 2017-04-03 [C] 83F3DCEC98D522B6A38AF5D927D076D2ACA7BABE uid [ultimate] Danielle McLean ssb rsa4096 2017-04-04 [S] [expires: 2018-04-04] ssb rsa4096 2017-04-04 [A] [expires: 2018-04-04] ssb> rsa2048 2017-04-05 [S] [expires: 2018-04-05] ssb rsa2048 2017-04-05 [E] [expires: 2018-04-05] ssb> rsa2048 2017-04-05 [A] [expires: 2018-04-05] It's very confusing, as it seems to indicate my secret keyring contains keys that it definitely doesn't. Why the inconsistency? Can I somehow reconfigure GnuPG so that the --list-secret-keys output includes the missing information? Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From itzmereis at gmail.com Thu Apr 6 08:12:08 2017 From: itzmereis at gmail.com (Tay Too) Date: Thu, 6 Apr 2017 06:12:08 +0000 Subject: Opening the Gnupg interface on linux Message-ID: Hello everybody, very new to linux, and pretty unfamiliar with gnupg still, only used a few times. Yesterday i was able to open an actual window of Gnupg through my terminal with a command similar to ~/.gnupg now when i enter this it tells me this is a directory and wont do anything with it, any help? -------------- next part -------------- An HTML attachment was scrubbed... URL: From joaobeleza at yahoo.com Thu Apr 6 19:39:23 2017 From: joaobeleza at yahoo.com (joao baleza) Date: Thu, 6 Apr 2017 17:39:23 +0000 (UTC) Subject: Display a gpg signature as a string of zeros and ones? References: <136219181.2496500.1491500363318.ref@mail.yahoo.com> Message-ID: <136219181.2496500.1491500363318@mail.yahoo.com> Hi there,is there any way to display a gpg signature as a string of zeros and ones?Thanking in advance,jbs -------------- next part -------------- An HTML attachment was scrubbed... URL: From wsenn1 at twu.edu Thu Apr 6 22:53:54 2017 From: wsenn1 at twu.edu (William Senn) Date: Thu, 6 Apr 2017 15:53:54 -0500 Subject: Opening the Gnupg interface on linux In-Reply-To: References: Message-ID: Hi Tay Too, Yes, .gnupg is a directory where gpg finds/puts its files. The command you want is either: gpg or gpg2 You can learn a bit more about it via an online tutorial, but also via the man page (the manual page on your computer) by typing: man gpg or possibly man gnupg (i'm not at console atm)! There might also be an info page: info gpg Good luck! Will -- Sent from my iPhone Will Senn, PhD Assistant Professor of Community Informatics School of Library and Information Studies Texas Woman's University Stoddard Hall, Room 408 P.O. Box 425438 Denton, TX 76204-5438 Phone: 615-603-5354 Email: wsenn1 at twu.edu > On Apr 6, 2017, at 1:12 AM, Tay Too wrote: > > Hello everybody, very new to linux, and pretty unfamiliar with gnupg still, only used a few times. Yesterday i was able to open an actual window of Gnupg through my terminal with a command similar to ~/.gnupg now when i enter this it tells me this is a directory and wont do anything with it, any help? > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From antony at blazrsoft.com Thu Apr 6 23:02:41 2017 From: antony at blazrsoft.com (antony at blazrsoft.com) Date: Thu, 06 Apr 2017 17:02:41 -0400 Subject: Opening the Gnupg interface on linux In-Reply-To: References: Message-ID: On April 6, 2017 2:12:08 AM EDT, Tay Too wrote: >Hello everybody, very new to linux, and pretty unfamiliar with gnupg >still, >only used a few times. Yesterday i was able to open an actual window of >Gnupg through my terminal with a command similar to ~/.gnupg now >when i >enter this it tells me this is a directory and wont do anything with >it, >any help? It is indeed a directory. The tilde character is a shortcut for your home directory and .gnupg in your home directory is where gnupg stores its information for that particular user. Depending on the versions of your OS and gnupg, you can invoke gnupg by typing either 'gpg' or 'gpg2' into the terminal. Adding the switch '--help' to this command will show you common options and a brief explanation. 'man gpg' or 'man gpg2' should show you the gnupg manual pages which provides a more in depth explanation of various options. There are various guides on the website, but I don't have any links for them at the moment. -- HTH, Antony Sent from my Android device with K-9 Mail. Please excuse my brevity. From geniegate at yahoo.com Fri Apr 7 00:35:52 2017 From: geniegate at yahoo.com (Jamie H.) Date: Thu, 6 Apr 2017 22:35:52 +0000 (UTC) Subject: Opening the Gnupg interface on linux References: <835921336.2727561.1491518152012.ref@mail.yahoo.com> Message-ID: <835921336.2727561.1491518152012@mail.yahoo.com> Hello, You'll probably want to learn a bit about the shell and the directory structure of unix-ish based systems before going too far into gpg. (if you're using linux, the shell is most likely called bash) What you're attempting to do is execute a directory as if it were a command, what you may want to do is: echo $PATH There should be a bunch of pathnames delimited by colons, something like: /bin:/usr/bin:/usr/local/bin the directories listed in your PATH environment variable specify where the various programs are, so you can do a directory listing in each one if you wish to find out about the available commands. This isn't really a PGP question, and I'm thankful you asked it because I don't get many chances to answer peoples PGP questions, given that I don't really know much about PGP :-) Have fun with Linux, and be sure to check out FreeBSD too! ;-) Jamie -------------------------------------------- On Thu, 4/6/17, Tay Too wrote: Subject: Opening the Gnupg interface on linux To: gnupg-users at gnupg.org Date: Thursday, April 6, 2017, 2:12 AM Hello everybody, very new to linux, and pretty unfamiliar with gnupg still, only used a few times. Yesterday i was able to open an actual window of Gnupg through my terminal with a command similar to ~/.gnupg??? now when i enter this it tells me this is a directory and wont do anything with it, any help? _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Fri Apr 7 10:16:38 2017 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Apr 2017 10:16:38 +0200 Subject: [2.1.19] --list-secret-keys not # marking unavailable subkeys? In-Reply-To: <81cba2db-cd42-88f9-1505-ec0bc0c34797@00dani.me> (Danielle McLean's message of "Thu, 6 Apr 2017 22:21:29 +1000") References: <81cba2db-cd42-88f9-1505-ec0bc0c34797@00dani.me> Message-ID: <87o9w8fx95.fsf@wheatstone.g10code.de> Hi! On Thu, 6 Apr 2017 14:21, dani at 00dani.me said: > It's very confusing, as it seems to indicate my secret keyring contains > keys that it definitely doesn't. Why the inconsistency? Can I somehow Good catch. Thanks. There is a stupid bug in the code: --8<---------------cut here---------------start------------->8--- if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) secret = serialno? 3 : 1; else - secret = '2'; /* Key not found. */ + secret = 2; /* Key not found. */ --8<---------------cut here---------------end--------------->8--- I just pushed a fix to the repo. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From wk at gnupg.org Fri Apr 7 10:29:22 2017 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Apr 2017 10:29:22 +0200 Subject: Documentation about --list-secret-keys output In-Reply-To: <8eb2ec50-64a2-8fcc-2cb9-84348ec587e6@gmx.net> (mogliii@gmx.net's message of "Thu, 6 Apr 2017 12:03:16 +0900") References: <8eb2ec50-64a2-8fcc-2cb9-84348ec587e6@gmx.net> Message-ID: <87k26wfwnx.fsf@wheatstone.g10code.de> On Thu, 6 Apr 2017 05:03, mogliii at gmx.net said: > sec# 4096R/XXXXXAB 2017-XX-XX [expires: 20XX-XX-XX] > uid My name > ssb> 2048R/XXXXXBB 2017-XX-XX > ssb> 2048R/XXXXXCB 2017-XX-XX > ssb> 2048R/XXXXXDB 2017-XX-XX The man page explains the '#' under --list-secret-keys. I just added a description of '>' to the man page. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From mogliii at gmx.net Fri Apr 7 11:51:26 2017 From: mogliii at gmx.net (mogliii) Date: Fri, 7 Apr 2017 18:51:26 +0900 Subject: Documentation about --list-secret-keys output In-Reply-To: <87k26wfwnx.fsf@wheatstone.g10code.de> References: <8eb2ec50-64a2-8fcc-2cb9-84348ec587e6@gmx.net> <87k26wfwnx.fsf@wheatstone.g10code.de> Message-ID: <75952932-dca6-17cb-919c-920e3cc6b8cb@gmx.net> Dear Werner, Thank you for the fix. I think the explanation in the manpage is more clear now. Any idea how to delete subkey stubs so that they show deleted in enigmail as well? --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -301,10 +301,13 @@ and other programs. @itemx -K @opindex list-secret-keys List the specified secret keys. If no keys are specified, then all -known secret keys are listed. A @code{#} after the letters @code{sec} -means that the secret key is not usable (for example, if it was -exported using @option{--export-secret-subkeys}). See also - at option{--list-keys}. +known secret keys are listed. A @code{#} after the intial tags + at code{sec} or @code{ssb} means that the secret key or subkey is +currently not usable. We also say that this key has been taken +offline (for example, a primary key can be taken offline by exported +the key using the command @option{--export-secret-subkeys}). A + at code{>} after these tags indicate that the key is stored on a +smartcard. See also @option{--list-keys}. @item --list-signatures @opindex list-signatures On 04/07/2017 05:29 PM, Werner Koch wrote: > On Thu, 6 Apr 2017 05:03, mogliii at gmx.net said: > >> sec# 4096R/XXXXXAB 2017-XX-XX [expires: 20XX-XX-XX] >> uid My name >> ssb> 2048R/XXXXXBB 2017-XX-XX >> ssb> 2048R/XXXXXCB 2017-XX-XX >> ssb> 2048R/XXXXXDB 2017-XX-XX > The man page explains the '#' under --list-secret-keys. I just added a > description of '>' to the man page. > > > Shalom-Salam, > > Werner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Fri Apr 7 18:08:43 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 07 Apr 2017 12:08:43 -0400 Subject: Display a gpg signature as a string of zeros and ones? In-Reply-To: <136219181.2496500.1491500363318@mail.yahoo.com> References: <136219181.2496500.1491500363318.ref@mail.yahoo.com> <136219181.2496500.1491500363318@mail.yahoo.com> Message-ID: <87zifsgpys.fsf@alice.fifthhorseman.net> On Thu 2017-04-06 13:39:23 -0400, joao baleza via Gnupg-users wrote: > Hi there,is there any way to display a gpg signature as a string of > zeros and ones?Thanking in advance,jbs any data can be represented as a string of ones and zeros, but there are many different convention for how to order and group such a thing. the xxd tool will take any input and convert it to arbitrary forms. for ones and zeros, you can use -bits. for example: 0 dkg at alice:~$ echo this is a test | xxd -bits 00000000: 01110100 01101000 01101001 01110011 00100000 01101001 this i 00000006: 01110011 00100000 01100001 00100000 01110100 01100101 s a te 0000000c: 01110011 01110100 00001010 st. 0 dkg at alice:~$ you can use this technique on anything, including an OpenPGP signature. hth, --dkg From ndk.clanbo at gmail.com Fri Apr 7 19:09:44 2017 From: ndk.clanbo at gmail.com (NdK) Date: Fri, 7 Apr 2017 19:09:44 +0200 Subject: Documentation about --list-secret-keys output In-Reply-To: <75952932-dca6-17cb-919c-920e3cc6b8cb@gmx.net> References: <8eb2ec50-64a2-8fcc-2cb9-84348ec587e6@gmx.net> <87k26wfwnx.fsf@wheatstone.g10code.de> <75952932-dca6-17cb-919c-920e3cc6b8cb@gmx.net> Message-ID: <9f096dbc-23f7-4ecc-eecf-111e3eca8850@gmail.com> Il 07/04/2017 11:51, mogliii ha scritto: > +offline (for example, a primary key can be taken offline by exported Shouldn't it be "exporting" instead of "exported"? BYtE, Diego From joaobeleza at yahoo.com Fri Apr 7 18:55:05 2017 From: joaobeleza at yahoo.com (joao baleza) Date: Fri, 7 Apr 2017 16:55:05 +0000 (UTC) Subject: Display a gpg signature as a string of zeros and ones? In-Reply-To: <87zifsgpys.fsf@alice.fifthhorseman.net> References: <136219181.2496500.1491500363318.ref@mail.yahoo.com> <136219181.2496500.1491500363318@mail.yahoo.com> <87zifsgpys.fsf@alice.fifthhorseman.net> Message-ID: <1807747869.3318315.1491584105660@mail.yahoo.com> Sorry. I was not clear enough. I will try to explain better.? As far has I understand, a 2048 key gpg RSA digital signature has 2048 bits. But the binary gpg signature file has more than 2048 bits because the file has some extra data besides the signature itself. My question is: is there any way to display a gpg signature with no extra data, just the signature itself, as a string of zeros and ones? jbs Em Sexta-feira, 7 de Abril de 2017 17:09, Daniel Kahn Gillmor escreveu: On Thu 2017-04-06 13:39:23 -0400, joao baleza via Gnupg-users wrote: > Hi there,is there any way to display a gpg signature as a string of > zeros and ones?Thanking in advance,jbs any data can be represented as a string of ones and zeros, but there are many different convention for how to order and group such a thing. the xxd tool will take any input and convert it to arbitrary forms.? for ones and zeros, you can use -bits.? for example: 0 dkg at alice:~$ echo this is a test | xxd -bits 00000000: 01110100 01101000 01101001 01110011 00100000 01101001? this i 00000006: 01110011 00100000 01100001 00100000 01110100 01100101? s a te 0000000c: 01110011 01110100 00001010? ? ? ? ? ? ? ? ? ? ? ? ? ? st. 0 dkg at alice:~$ you can use this technique on anything, including an OpenPGP signature. hth, ? ? --dkg -------------- next part -------------- An HTML attachment was scrubbed... URL: From uefgkaruna at gmail.com Fri Apr 7 22:36:29 2017 From: uefgkaruna at gmail.com (UEFg Karuna) Date: Fri, 7 Apr 2017 22:36:29 +0200 Subject: A little problem verifying an hash Message-ID: Hello list, I downloaded the installer of the last windows version of gnupg along with its signature (i.e. gnupg-w32-2.1.20_20170403.exe. and gnupg-w32-2.1.20_20170403.exe.sig respectively) from the ftp server, then I proceeded to verify the SHA-1 of the executable and it matched (just because I'm feeling paranoid, is 69308ee80699ebb48a055963418597767a76d1d8 right?). Out of curiosity I then wanted to check if the .sig hash matched using all the hashing tools I have (since at this time I don't have gnupg installed, this is just a mean to say that the hashing tools I'm using are legitimate if they all report the same value; the hash of the signature is not provided). Now to the problem: a site called onlinemd5(dot)com (regular HTTP, no HTTPS) reported values (SHA-1: 161B31EA6F627D3F17E896486AF886283450C946 and SHA-256: 369648131DE31A8CA44BEDA00D6A8ECB61C405F8FD8F03649BF80720F02525A7) different from the ones of every other hashing tool (SHA-1: 3E15A03A29798718DCFAC54CADED34414284D6D9 and SHA-256: 3C5CEB2291C2314EDB55D905B94275FC871162D3BB7977BDDBCB6A97EFDBAC03). I verified some other files using 11 different tools and they all matched, but just in this case one of them failed. This is the first time I encounter such a situation. How can this happen? Mail priva di virus. www.avast.com <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> -------------- next part -------------- An HTML attachment was scrubbed... URL: From antony at blazrsoft.com Sat Apr 8 02:30:30 2017 From: antony at blazrsoft.com (antony at blazrsoft.com) Date: Fri, 07 Apr 2017 20:30:30 -0400 Subject: A little problem verifying an hash In-Reply-To: References: Message-ID: On April 7, 2017 4:36:29 PM EDT, UEFg Karuna wrote: ... >provided). Now to the problem: a site called onlinemd5(dot)com (regular >HTTP, no HTTPS) reported values (SHA-1: >161B31EA6F627D3F17E896486AF886283450C946 and SHA-256: >369648131DE31A8CA44BEDA00D6A8ECB61C405F8FD8F03649BF80720F02525A7) >different >from the ones of every other hashing tool (SHA-1: >3E15A03A29798718DCFAC54CADED34414284D6D9 and SHA-256: >3C5CEB2291C2314EDB55D905B94275FC871162D3BB7977BDDBCB6A97EFDBAC03). > >I verified some other files using 11 different tools and they all >matched, >but just in this case one of them failed. This is the first time I >encounter such a situation. How can this happen? > ... If everything matches up except for the results from that particular website, my first guesses would be an error during the upload of the file to the site or a faulty hashing algorithm used by the site. My personal preference for generating file hashes is OpenSSL since it is widely used and therefore fairly reliable in my opinion as an inconsistencies would be pointed out quickly. -- Regards, Antony Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 854 bytes Desc: not available URL: From dougb at dougbarton.email Sat Apr 8 07:32:22 2017 From: dougb at dougbarton.email (Doug Barton) Date: Fri, 7 Apr 2017 22:32:22 -0700 Subject: That which we call a rose In-Reply-To: References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> <6da064a5-f600-80a7-34a3-7a26261272db@dougbarton.email> Message-ID: On 04/03/2017 06:57 AM, Peter Lebbing wrote: > On 03/04/17 15:30, Doug Barton wrote: >> We really need to stop referring to this as signing. > > I agree. But it might be too late. It's never too late. Better is better. If we'd started being more rigorous years ago, TOFU never would have happened. Doug From w at uter.be Sat Apr 8 10:03:07 2017 From: w at uter.be (Wouter Verhelst) Date: Sat, 8 Apr 2017 10:03:07 +0200 Subject: some beginner questions In-Reply-To: <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> References: <6186082b-59af-68e6-7827-f1d2c94f7429@twu.edu> <7070f125-7486-3236-3ea3-497d28a01307@dougbarton.email> <874ly6zlb5.wl-neal@walfield.org> <2cd1338b-dffa-bce8-4676-6ad6725df265@twu.edu> Message-ID: <20170408080307.yns2jrmexycyvf6q@grep.be> On Sun, Apr 02, 2017 at 06:23:14PM -0500, Will Senn wrote: > Sounds like what I was led to believe to be the case, but at the end of > the day, I don't seem to be able to sign anything with the signing > subkey if the master key is not present (with sec instead of sec#). At a guess, you may need to clarify what type of signing you're talking about. Signing a document can be done with any signing subkey; however, signing another key can only be done by the certification key, which is usually the master key. If that's what you're trying to do, then no, you can't do that. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From niels at kobschaetzki.net Sat Apr 8 10:11:00 2017 From: niels at kobschaetzki.net (=?utf-8?Q?Niels=20Kobsch=C3=A4tzki?=) Date: Sat, 8 Apr 2017 10:11:00 +0200 Subject: No secret keys after rsync Message-ID: <8AF3DC8C-02B9-47FA-93F0-0B26F1BCC9CF@kobschaetzki.net> Hi, I rsyncd my .gnupg-folder to a new computer (moving from Fedora to TrueOS). When I try to decrypt now something I get the message "no secret key available". But when I do gpg -K all my secret keys get listed and when I do gpg -k all public keys are listed. gpg is a symlink to gpg2 on that system. My old installation used gpg2. What could be the problem? Cheers, Niels From w at uter.be Sat Apr 8 10:16:36 2017 From: w at uter.be (Wouter Verhelst) Date: Sat, 8 Apr 2017 10:16:36 +0200 Subject: Smart card In-Reply-To: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> Message-ID: <20170408081636.vlykxzcgr2jyuv3e@grep.be> Hi Will, On Mon, Apr 03, 2017 at 06:18:59PM -0500, Will Senn wrote: > Are smartcards out of vogue? No. Smartcards are useful. They ensure that the private half of your key is never on any hard disk or other general storage device, and therefore that it cannot possibly be stolen (because there's only one possible copy of it). Smartcards are a pain in the ass. They ensure that the private half of your key is never on any hard disk or other general storage device but instead sits in your wallet, so whenever you need to access it, you need to grab your wallet to be able to do so, which takes more effort than just firing up GnuPG. If your laptop doesn't have a builtin cardreader, you also need to fish the reader from your backpack or wherever, etc. Additionally, unfortunately accessing smartcards from software isn't always an entirely painless operation, and that may result in things like https://twitter.com/wouter_verhelst/status/844686341711581185 My most recent key uses a smart card from kernelconcepts (who are very much still alive -- at $WORK we recently bought two of their cards as well), but I don't recommend it to everyone, and I certainly wouldn't recommend it if you're just getting started with GnuPG. Regards, -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From niels at kobschaetzki.net Sat Apr 8 08:29:55 2017 From: niels at kobschaetzki.net (=?utf-8?Q?Niels=20Kobsch=C3=A4tzki?=) Date: Sat, 8 Apr 2017 08:29:55 +0200 Subject: No secret keys after rsync In-Reply-To: <8AF3DC8C-02B9-47FA-93F0-0B26F1BCC9CF@kobschaetzki.net> References: <8AF3DC8C-02B9-47FA-93F0-0B26F1BCC9CF@kobschaetzki.net> Message-ID: <20170408062819.kfnurqczar6mbemv@venus> On 17/04/08 10:11, Niels Kobsch?tzki wrote: >Hi, > >I rsyncd my .gnupg-folder to a new computer (moving from Fedora to TrueOS). When I try to decrypt now something I get the message "no secret key available". >But when I do gpg -K all my secret keys get listed and when I do gpg -k all public keys are listed. gpg is a symlink to gpg2 on that system. >My old installation used gpg2. What could be the problem? problem solved. I had a pinentry-program in my gpg-agent.conf which doesn't exist on my new installation. Cheers, Niels From rjh at sixdemonbag.org Sat Apr 8 10:29:58 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 8 Apr 2017 04:29:58 -0400 Subject: Smart card In-Reply-To: <20170408081636.vlykxzcgr2jyuv3e@grep.be> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> Message-ID: <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> > Smartcards are a pain in the ass. A funny but completely accurate way to put it: When your private key is on your laptop, you never put it through the wash by accident. (I can tell you from personal experience most smartcards handle being washed just fine, but the static charges they're exposed to in the dryer will often fry them.) Once you make a smartcard into a credit card, or a dongle you hang off your keychain, you open yourself up to some very interesting failure modes -- many of which you won't see coming. For instance, I once tried to pay for a hotel with my kernelconcepts card, because it was located adjacent to my credit card and I pulled it out by accident. From tlikonen at iki.fi Sat Apr 8 15:48:05 2017 From: tlikonen at iki.fi (Teemu Likonen) Date: Sat, 08 Apr 2017 16:48:05 +0300 Subject: Smart card In-Reply-To: <20170408081636.vlykxzcgr2jyuv3e@grep.be> (Wouter Verhelst's message of "Sat, 8 Apr 2017 10:16:36 +0200") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> Message-ID: <87efx3vwmi.fsf@iki.fi> Wouter Verhelst [2017-04-08 10:16:36+02] wrote: > Smartcards are a pain in the ass. [...] If your laptop doesn't have a > builtin cardreader, you also need to fish the reader from your > backpack or wherever, etc. But Nitrokey, Yubikey and maybe some other smart "keys" are actually handy. Using them don't cause pain in any part of my body. https://www.nitrokey.com/ https://www.yubico.com/ -- /// Teemu Likonen - .-.. // // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 /// -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 454 bytes Desc: not available URL: From dougb at dougbarton.email Sat Apr 8 19:42:38 2017 From: dougb at dougbarton.email (Doug Barton) Date: Sat, 08 Apr 2017 10:42:38 -0700 Subject: Fwd: Re: Smart card In-Reply-To: <08dbdcfb0a64d678aae16ab93cabadd9@dougbarton.us> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> <87k2705bhy.fsf@iki.fi> <08dbdcfb0a64d678aae16ab93cabadd9@dougbarton.us> Message-ID: <34d0b114e23ebe3610c122cef3566387@dougbarton.email> -------- Original Message -------- Subject: Re: Smart card Date: 2017-04-08 10:41 From: Doug Barton To: gnupg-users at gnupg.org On 2017-04-04 10:27, Teemu Likonen wrote: > Will Senn [2017-04-04 00:19:11-05] wrote: > >> On 4/3/17 11:48 PM, Doug Barton wrote: >>> What's your threat model? >> >> [...] I do not really know what I need vs what I think I need. In my >> uneducated state, I think I want to be as secure as possible [...] > > Considering possible threats is useful or even extremely important but > here's another point of view. Perhaps it can be just "I'm interested in > security technology and want to study smart cards. Thus, I'll buy one > and learn how it works. Maybe it will turn out useful or even > necessary." There is nothing wrong with that point of view of course. The danger comes in when people promote things like smart cards to newbies as "The right way to do PGP." They are/would be overkill for 99.9% of people who use PGP, and the additional hassle and complexity serves as a barrier to entry. Doug From mtg at gnu.org Sat Apr 8 18:23:01 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Sat, 08 Apr 2017 12:23:01 -0400 Subject: Smart card In-Reply-To: <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> (Robert J. Hansen's message of "Sat, 8 Apr 2017 04:29:58 -0400") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> Message-ID: <871st227iy.fsf@gnu.org> On Sat, Apr 08, 2017 at 04:29:58 -0400, Robert J. Hansen wrote: > (I can tell you from personal experience most smartcards handle being > washed just fine, but the static charges they're exposed to in the dryer > will often fry them.) Not that I'd recommend anyone else test this, but my Nitrokey survived a wash and the majority of a dry cycle unscathed. I've never run into the basement so quickly in my life when I realized what I had done. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From mtg at gnu.org Sat Apr 8 18:26:18 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Sat, 08 Apr 2017 12:26:18 -0400 Subject: Smart card In-Reply-To: <20170408081636.vlykxzcgr2jyuv3e@grep.be> (Wouter Verhelst's message of "Sat, 8 Apr 2017 10:16:36 +0200") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> Message-ID: <87r312zx05.fsf@gnu.org> On Sat, Apr 08, 2017 at 10:16:36 +0200, Wouter Verhelst wrote: > Smartcards are a pain in the ass. They ensure that the private half of > your key is never on any hard disk or other general storage device but > instead sits in your wallet, so whenever you need to access it, you need > to grab your wallet to be able to do so, which takes more effort than > just firing up GnuPG. If your laptop doesn't have a builtin cardreader, > you also need to fish the reader from your backpack or wherever, etc. I use a Nitrokey, which itself is a reader. I keep it in the small pocket of my pants (if it has it), and I'll even keep it on the side of my ankle in my sock if I'm wearing longer socks for work (interesting idea from a co-worker when it fell out of my pocket). I find it to be very convenient, and it cannot be stolen without me realizing, since it's stored in one of two locations that cannot be accessed without being seen and felt. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From rag at ragged-software.com Sat Apr 8 19:30:38 2017 From: rag at ragged-software.com (Roy A. Gilmore) Date: Sat, 8 Apr 2017 10:30:38 -0700 Subject: Smart card In-Reply-To: <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> Message-ID: I've been watching this thread for a while, and felt the need to chime in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving your private key on your laptop, tablet, or phone is about as secure as leaving a spare key to your house under the door mat. I cringe every time soft tokens are brought up. Laptops, tablets, and phones are hacked, lost or stolen frequently. If a physical smartcard or USB token seems like too much of an inconvenience, then your data probably isn't worth taking the time to encrypt in the first place. How much is your data worth to you? On 04/08/2017 01:29 AM, Robert J. Hansen wrote: >> Smartcards are a pain in the ass. > A funny but completely accurate way to put it: > > When your private key is on your laptop, you never put it through the > wash by accident. > > (I can tell you from personal experience most smartcards handle being > washed just fine, but the static charges they're exposed to in the dryer > will often fry them.) > > Once you make a smartcard into a credit card, or a dongle you hang off > your keychain, you open yourself up to some very interesting failure > modes -- many of which you won't see coming. For instance, I once tried > to pay for a hotel with my kernelconcepts card, because it was located > adjacent to my credit card and I pulled it out by accident. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From m.mansfeld at mansfeld-elektronik.de Sun Apr 9 00:05:27 2017 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Sun, 09 Apr 2017 00:05:27 +0200 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu>, <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org>, Message-ID: <58E95EA7.973.1B88E91@m.mansfeld.mansfeld-elektronik.de> On 8 Apr 2017 at 10:30, Roy A. Gilmore wrote: > I've been watching this thread for a while, and felt the need to chime > in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving > your private key on your laptop, tablet, or phone is about as secure > as leaving a spare key to your house under the door mat. Not so evil. Spare key under the door mat would be the private key on your laptop AND a post-it with the passphrase on the display. Regards Matthias -- OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF From rjh at sixdemonbag.org Sun Apr 9 04:20:47 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 8 Apr 2017 22:20:47 -0400 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> Message-ID: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> > BUT, leaving your private key on your laptop, tablet, or phone is > about as secure as leaving a spare key to your house under the door > mat. This is not true, not for any sensible definition of 'secure'. My passphrase is literally 16 random bytes read from /dev/random, base64 encoded, to produce a passphrase of 128 bits strength. If you'll pay to run the ad, I'll happily publish my private key in the newspaper of your choice. Yes, I'm serious. If your private key is at risk of being seen by your adversaries then it's extremely important to have a good passphrase. But so long as you do, your private key is safe. From rainer at hoerbe.at Sun Apr 9 08:09:16 2017 From: rainer at hoerbe.at (Rainer Hoerbe) Date: Sun, 9 Apr 2017 08:09:16 +0200 Subject: Smart card In-Reply-To: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: > Am 09.04.2017 um 04:20 schrieb Robert J. Hansen : > >> BUT, leaving your private key on your laptop, tablet, or phone is >> about as secure as leaving a spare key to your house under the door >> mat. > > This is not true, not for any sensible definition of 'secure?. ?secure? is not a one-dimensional scale with ?yes? and ?no? at each end. Precise definitions are only useful for specific attack vectors. Standards and laws like NIST 800-63 or eIDAS give a good overview on various risks, as they have been trying to squeeze them into assurance levels to reduce complexity. > > My passphrase is literally 16 random bytes read from /dev/random, base64 > encoded, to produce a passphrase of 128 bits strength. If you'll pay to > run the ad, I'll happily publish my private key in the newspaper of your > choice. Yes, I'm serious. > > If your private key is at risk of being seen by your adversaries then > it's extremely important to have a good passphrase. But so long as you > do, your private key is safe. A long and random passphrase is a good measure against dictionary and brute force attacks. It does not defend against malware sniffing the keyboard or scraping memory pages. It protects your /encrypted/ private key, but not during signing and encryption. Moving operations needing the unencrypted key to a smartcard provides additional protection on an infested system. Smartcard readers with pinpads and displays add defense against certain attacks that are possible against a Yubi-/Nitrokey-type reader. - Rainer From rjh at sixdemonbag.org Sun Apr 9 13:51:09 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 07:51:09 -0400 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: > A long and random passphrase is a good measure against dictionary and > brute force attacks. It does not defend against malware sniffing the > keyboard or scraping memory pages. Jim Mickens' essay, "This World Of Ours", ought be required reading for anyone talking seriously about scraping memory pages: "My point is that security people need to get their priorities straight. The 'threat model' section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler. Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you?ll probably be fine if you pick a good password and don?t respond to emails from ChEaPestPAiNPi11s at virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE?S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they?re going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they?re going to hold a press conference and say 'It wasn't us' as they wear t-shirts that say 'IT WAS DEFINITELY US,' and then they?re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere." Once you assume that your opponent is specifically targeting you with malware capable of sophisticated memory forensics, you're screwed. Pinning your hopes on a smartcard is the worst kind of crypto-fetishism. You can't proudly hold it up and say "ah ha, but *now* I am safe from Tier-1 actors!" It doesn't work that way. Smartcards are a great technology for a certain part of the problem domain, but they aren't magical crypto fairy dust. Mickens' full essay, BTW: https://www.usenix.org/system/files/1401_08-12_mickens.pdf From rainer at hoerbe.at Sun Apr 9 17:13:15 2017 From: rainer at hoerbe.at (Rainer Hoerbe) Date: Sun, 9 Apr 2017 17:13:15 +0200 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: > Am 09.04.2017 um 13:51 schrieb Robert J. Hansen : > >> A long and random passphrase is a good measure against dictionary and >> brute force attacks. It does not defend against malware sniffing the >> keyboard or scraping memory pages. > > Jim Mickens' essay, "This World Of Ours", ought be required reading for > anyone talking seriously about scraping memory pages: > > "My point is that security people need to get their priorities straight. > The 'threat model' section of a security paper resembles the script for > a telenovela that was written by a paranoid schizophrenic: there are > elaborate narratives and grand conspiracy theories, and there are heroes > and villains with fantastic (yet oddly constrained) powers that > necessitate a grinding battle of emotional and technical attrition. In > the real world, threat models are much simpler. Basically, you're either > dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then > you?ll probably be fine if you pick a good password and don?t respond to > emails from ChEaPestPAiNPi11s at virus-basket.biz.ru. If your adversary is > the Mossad, YOU'RE GONNA DIE AND THERE?S NOTHING THAT YOU CAN DO ABOUT > IT. The Mossad is not intimidated by the fact that you employ https://. > If the Mossad wants your data, they?re going to use a drone to replace > your cellphone with a piece of uranium that's shaped like a cellphone, > and when you die of tumors filled with tumors, they?re going to hold a > press conference and say 'It wasn't us' as they wear t-shirts that say > 'IT WAS DEFINITELY US,' and then they?re going to buy all of your stuff > at your estate sale so that they can directly look at the photos of your > vacation instead of reading your insipid emails about them. In summary, > https:// and two dollars will get you a bus ticket to nowhere.? > Good point, and I agree to that for a very basic assessment. However, the assumption that only politicians and government employees holding a security clearance are targeted by Mossad & co is a thing of the past. System admins, developers and certain NGO actors became exposed persons as well. In addition, attacks already have been automated to a high degree. Bulk penetration of end user devices is not only technically feasible, but has been legalized in the UK with the Investigatory Powers Act 2016. If you think that it is OK if the GCHQ is holding your passwords and SSH keys, think twice. APT tools have been automated, and escaped into the wild in the past. At the end of the day we do not have good enough data for a general threat assessment. Data from maleware vendors, cloud providers and forensics are too specific and biased. So we have to do our own fuzzy risk judgement, and, yes, I lean to the cautious side. > Once you assume that your opponent is specifically targeting you with > malware capable of sophisticated memory forensics, you're screwed. > Pinning your hopes on a smartcard is the worst kind of crypto-fetishism. > You can't proudly hold it up and say "ah ha, but *now* I am safe from > Tier-1 actors!" It doesn't work that way. > Memory scraping is just one of several attack vectors against unencrypted private keys. And of course smartcards are only one in many security measures. > Smartcards are a great technology for a certain part of the problem > domain, but they aren't magical crypto fairy dust. We agree in this point. - Rainer From rjh at sixdemonbag.org Sun Apr 9 17:26:39 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 11:26:39 -0400 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: > Good point, and I agree to that for a very basic assessment. However, > the assumption that only politicians and government employees holding > a security clearance are targeted by Mossad & co is a thing of the > past. It never was true -- for decades the French DGSE surveilled on Airbus's competitors, for instance. But the point still stands. The attacks you're talking about are not automated. They require significant per-target involvement from highly-skilled technical talent, and once you posit you're being targeted by people who have both technical talent and a budget you're far outside the realm where a smartcard can save you. There are definitely domains where smartcards make sense. I use a smartcard not just because of high-value secrets, but because I use several different computers. A smartcard means I have one copy of my private key that I can safely share between rigs, without the risks that come from each machine having a copy, putting my private key on an NFS share, storing it on a USB drive, or any of the other ways to tackle it. From rainer at hoerbe.at Sun Apr 9 18:34:42 2017 From: rainer at hoerbe.at (Rainer Hoerbe) Date: Sun, 9 Apr 2017 18:34:42 +0200 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: <2239D4D4-BDA5-4C41-B224-E9EB94214EE5@hoerbe.at> > Am 09.04.2017 um 17:26 schrieb Robert J. Hansen : > >> Good point, and I agree to that for a very basic assessment. However, >> the assumption that only politicians and government employees holding >> a security clearance are targeted by Mossad & co is a thing of the >> past. > > It never was true -- for decades the French DGSE surveilled on Airbus's > competitors, for instance. and their main competitor?s govmnt in reverse as well :-) > > But the point still stands. The attacks you're talking about are not > automated. They require significant per-target involvement from > highly-skilled technical talent, and once you posit you're being > targeted by people who have both technical talent and a budget you're > far outside the realm where a smartcard can save you. Sorry, not any more. Look at the online-banking fraud business. Automated credential stealing tools from simple keyloggers to sophisticated maleware such as from the Zeus family are available on a pay-and-play basis. > > There are definitely domains where smartcards make sense. I use a > smartcard not just because of high-value secrets, but because I use > several different computers. A smartcard means I have one copy of my > private key that I can safely share between rigs, without the risks that > come from each machine having a copy, putting my private key on an NFS > share, storing it on a USB drive, or any of the other ways to tackle it. I thought your private key is so well encrypted that your can publish it in a news paper? Anyway, from a market success point of view the dominant applications for smartcards are mobile and bank cards. They have solved the usability problem, which GPG, PKCS11 etc. did not do yet. As long as the effort to setup smartcards is so high it will not make sense to users to spend time with a risk that is difficult to assess. - Rainer From rjh at sixdemonbag.org Sun Apr 9 19:02:39 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 13:02:39 -0400 Subject: Smart card In-Reply-To: <2239D4D4-BDA5-4C41-B224-E9EB94214EE5@hoerbe.at> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <2239D4D4-BDA5-4C41-B224-E9EB94214EE5@hoerbe.at> Message-ID: > Sorry, not any more. Look at the online-banking fraud business. > Automated credential stealing tools from simple keyloggers to > sophisticated maleware such as from the Zeus family are available on > a pay-and-play basis. I've seen some truly scary malware, and I'm not seeing the level of sophistication you're talking about except from nation-state actors. GnuPG certificates aren't targeted by mass-market malware because there aren't enough GnuPG users to be worth targeting. Malware that targets online banking, though ... that's worth constructing specialized malware to target. > I thought your private key is so well encrypted that your can publish > it in a news paper? It is. Those aren't the risks I'm talking about. Why don't I want to store the private key on multiple computers? Because a good rule of thumb in a forensics lab is "store the minimum personal data possible on your systems". Why don't I want an NFS mount? Because these computers need to be isolated. Why don't I want to use a USB drive? Because USB is a critical vector for malware, and as such USB devices are closely controlled and monitored. Etc., etc. Standard fare for a forensics lab. From calmstorm at posteo.de Sun Apr 9 19:27:41 2017 From: calmstorm at posteo.de (zap) Date: Sun, 9 Apr 2017 13:27:41 -0400 Subject: I never quite got my answer, Message-ID: <499fa72d-8130-a61b-37a7-57b163741072@posteo.de> I will try phrasing it differently though, is it possible to make the ecc keys with sha512 and aes256? and is sha512 the most secure algorithm to go with aes256? From rsmckown at gmail.com Sun Apr 9 18:07:17 2017 From: rsmckown at gmail.com (Steve McKown) Date: Sun, 9 Apr 2017 10:07:17 -0600 Subject: Passphrase cache w/Yubikey varies: sign vs auth Message-ID: <88da28c6-9961-a652-6afb-9a65068066d1@gmail.com> Hi, I'm using a Yubikey NEO with GnuPG 2.1.11 on Ubuntu 16.04 LTS. Everything is working fine except that caching of the passphrase works differently depending upon whether the first operation is sign or authenticate. I can show this with two GnuPG operations: sign a file and ssh key-based login (I'm using gpg-agent.conf enable-ssh-support). If after inserting the Yubikey I sign first and then ssh second, both operations ask for the passphrase via pinentry. gpg2 --clearsign somefile # pinentry dialog ssh someserver # pinentry dialog I'm not sure why the ssh login above asks again for the passphrase. If after re-inserting the Yubikey I do ssh before sign, the sign uses the passphrase cached from the previous ssh, as expected: ssh someserver # pinentry dialog gpg2 --clearsign somefile # NO pinentry dialog It is true that the passphrase entered on first sign is cached, because if I run two back to back the second doesn't ask. Again, after re-inserting the Yubikey: gpg2 --clearsign somefile # pinentry dialog gpg2 --clearsign somefile # NO pinentry dialog The pinentry dialog for signing includes the text "[sigs done:NNN]" that is not present for auth or crypt operations. Can someone explain why ssh after sign asks for the passphrase again, and what I might be able to do to avoid this condition? It's not a big deal, but I do wonder if it suggests a misconfiguration on my part. Thanks, Steve From mtg at gnu.org Sun Apr 9 20:01:02 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Sun, 09 Apr 2017 14:01:02 -0400 Subject: Smart card In-Reply-To: (Robert J. Hansen's message of "Sun, 9 Apr 2017 07:51:09 -0400") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: <871st1wjdt.fsf@gnu.org> On Sun, Apr 09, 2017 at 07:51:09 -0400, Robert J. Hansen wrote: > In the real world, threat models are much simpler. Basically, you're > either dealing with Mossad or not-Mossad. If your adversary is > not-Mossad, then you?ll probably be fine if you pick a good password > and don?t respond to emails from > ChEaPestPAiNPi11s at virus-basket.biz.ru. If your adversary is the > Mossad, YOU'RE GONNA DIE AND THERE?S NOTHING THAT YOU CAN DO ABOUT > IT. The Mossad is not intimidated by the fact that you employ > https://. (Don't get me wrong---I like James Mickens; I watched an MIT course he partially taught, and I was rather fond of him. But this is a dangerous article, and hard to distinguish between satire and actual security advice. And there's both.) This type of defeatism is just as absurd as putting your faith in snake oil or failing to even contemplate a threat model before blindly following others' advice. In fact, the latter is precisely what this is---not from the author's standpoint, but from the reader's. Security is not binary (or ternary, in that article). You're not just dealing with "Mossad or not-Mossad". You're dealing with a wide range of adversaries from your grandmother who gets on your computer when you're still logged into your dating website, to script kiddies who discovered intro to Metasploit articles, to script kiddies at the CIA and NSA, to actual targeted attacks/surveillance by a State, to the guy who's going to break and then re-break your knee caps until you give him what he wants. If I know a threat exists, I'm going to evaluate my threat model and decide whether or not it is worth my time to mitigate it; whether I can hope to mitigate it; and whether attempting to do so is going to put me at even more risk for some other threat. I just gave a talk at LP2017 about "The Surreptitious Assault On Privacy, Security, and Freedom". The talk was focused on some threats that might actually be applicable to the audience. There weren't discussions about drone targeting or kneecap breaking or NSA interception of packages. There wasn't discussion about tapping underseas cables. And yet, the sophistication of the threats in the presentation were such that I didn't get to a fraction of what I wanted to discuss. Most people aren't going to have to worry about the CIA taking control of their stupid 4G-enabled, always-connected vehicle to assassinate them or abduct their children. But the attacks and surveillance methods the CIA and NSA use on these types of things---as revealed by Vault 7, Shadow Brokers, Snowden, Klein, and others---can be discovered or performed by other bad actors. And they are. So defeatist attitudes toward State actors make you immediately vulnerable to less skilled, less resourceful attackers. Using HTTPS doesn't protect me against a lot of things. But it does protect me from many things. > Once you assume that your opponent is specifically targeting you with > malware capable of sophisticated memory forensics, you're screwed. Again, defeatist. For your average user, yeah, they're screwed just by using technology in the first place---if not by crackers, then by adversaries like the companies they're feeding data to. But _I_ could target someone with memory forensics "malware", and I'm not a cracker! If not through an exploit for the slew of vulnerable systems users use, then through physical compromise of their computer. Maybe pay out an evil maid. I've never tried a cold boot attack, but maybe I'd have some luck with that. We're not talking about State-level knowledge here---we're talking about using existing tools; we're talking about a privilege escalation vulnerability; we're talking about data swapping to disk; we're talking about Heartbleed, and Cloudbleed, and many other such bugs; ...and so on! > Pinning your hopes on a smartcard is the worst kind of crypto-fetishism. > You can't proudly hold it up and say "ah ha, but *now* I am safe from > Tier-1 actors!" It doesn't work that way. > > Smartcards are a great technology for a certain part of the problem > domain, but they aren't magical crypto fairy dust. Nor should anyone think they are. But it's sure as hell a smaller attack surface than the, uh, near-unlimited attack surface of an Internet-connected computer (or mobile device!) that most people store their private keys on. I use a Smartcard because the attack surface is otherwise enormous---I cannot audit whether my key has been compromised. I don't have the time or resources. I like to believe my key was reasonably secure. But I generated a new one about a year ago, got me a Smartcard, stored the master key offline, and access it using an airgapped computer. Does that prevent me from being pwned by a committed adversary? No, not even close. But I can enumerate many such attacks against my current setup. And they're far fewer than the near innumerable number against my previous situation. If someone's setting up a GPG key, am I going to suggest to them that they use a Smarcard? _Of course_ I am! I'd rather do that then spend the next few months educating them on portions of a relevant threat model and do-this but no don't-do-that but oh that means you can't use the Internet at all, sorry! And by the time I'm done explaining that, there's be another catchily-named vulnerability out there peeking out from the stockpile of CVEs that have made their way into pentesting frameworks with a click-to-pwn usability level. Do I think Mickens is going to stand there and tell Karen Sandler that she shouldn't give a care about the security of her pacemaker because someone can season her cup of noodles with uranium? No, I don't. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From dougb at dougbarton.email Sun Apr 9 20:30:47 2017 From: dougb at dougbarton.email (Doug Barton) Date: Sun, 9 Apr 2017 11:30:47 -0700 Subject: Smart card In-Reply-To: <871st1wjdt.fsf@gnu.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> Message-ID: On 04/09/2017 11:01 AM, Mike Gerwitz wrote: > If I know a threat exists, I'm going to evaluate my threat model and > decide whether or not it is worth my time to mitigate it; whether I can > hope to mitigate it; and whether attempting to do so is going to put me > at even more risk for some other threat. You and Rainer have gone on at great length about the part of the threat model equation dealing with the attacker. However, you don't seem to take into account the other part of the equation, what you are protecting. The overwhelming number of PGP users simply use it because it's cool. They don't have anything approaching significant secrets to protect, it's just fun to do cryptography. There is nothing wrong with that, in and of itself. (Note, I acknowledge that there are people for whom signatures and encryption actually matter.) There is not even anything wrong with the idea that using smart cards, air-gapped computers, detached signing subkeys, etc. *can* be part of that fun. The concern is that when folks tell the new users that they are *required*, that becomes problematic for a couple of reasons. First, it gives a false impression of how secure the "basic" version of GnuPG is in the first place. Perhaps more importantly, it places a much higher barrier to entry for new users; for no measurable ROI. So if folks want to imagine that you live in a Bond film, and that SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. But when it comes to offering advice to new users, please be realistic about what they are actually going to benefit from. Doug From rainer at hoerbe.at Sun Apr 9 20:50:28 2017 From: rainer at hoerbe.at (Rainer Hoerbe) Date: Sun, 9 Apr 2017 20:50:28 +0200 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> Message-ID: <9CEB091D-4A5D-4B68-BEB1-649A86E85518@hoerbe.at> > Am 09.04.2017 um 20:30 schrieb Doug Barton : > > On 04/09/2017 11:01 AM, Mike Gerwitz wrote: >> If I know a threat exists, I'm going to evaluate my threat model and >> decide whether or not it is worth my time to mitigate it; whether I can >> hope to mitigate it; and whether attempting to do so is going to put me >> at even more risk for some other threat. > > You and Rainer have gone on at great length about the part of the threat model equation dealing with the attacker. However, you don't seem to take into account the other part of the equation, what you are protecting. > > The overwhelming number of PGP users simply use it because it's cool. They don't have anything approaching significant secrets to protect, it's just fun to do cryptography. There is nothing wrong with that, in and of itself. (Note, I acknowledge that there are people for whom signatures and encryption actually matter.) > > There is not even anything wrong with the idea that using smart cards, air-gapped computers, detached signing subkeys, etc. *can* be part of that fun. The concern is that when folks tell the new users that they are *required*, that becomes problematic for a couple of reasons. First, it gives a false impression of how secure the "basic" version of GnuPG is in the first place. Perhaps more importantly, it places a much higher barrier to entry for new users; for no measurable ROI. > > So if folks want to imagine that you live in a Bond film, and that SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. But when it comes to offering advice to new users, please be realistic about what they are actually going to benefit from. I know of PGP-based WoT used in security-aware networks of sysadmins, CERTs etc. I would have guessed that a significant part of the audience of this list are professional/experienced/involved admins or developers. But let me know why the majority of users are not. - Rainer From niels at kobschaetzki.net Sat Apr 8 08:18:50 2017 From: niels at kobschaetzki.net (=?utf-8?Q?Niels=20Kobsch=C3=A4tzki?=) Date: Sat, 8 Apr 2017 08:18:50 +0200 Subject: No secret key after rsync Message-ID: <5DDD394F-7E61-43C5-8F41-C1AD1345AEFC@kobschaetzki.net> Hi, I rsyncd my .gnupg-folder to a new computer (moving from Fedora to TrueOS). When I try to decrypt now something I get the message "no secret key available". But when I do gpg -K all my secret keys get listed and when I do gpg -k all public keys are listed. gpg is a symlink to gpg2 on that system. My old installation used gpg2. What could be the problem? Cheers, Niels From rjh at sixdemonbag.org Sat Apr 8 10:36:57 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 8 Apr 2017 04:36:57 -0400 Subject: GPA bug report Message-ID: <83ac9859-0676-0581-a51e-59d9045665ec@sixdemonbag.org> (Apologies for the HTML mail; it seems to be the best way to submit a screenshot, though.) The last two subkeys on this list are elliptical curves, not RSA. GPA is mis-reporting them. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ahfgehgfbhjknhdm.png Type: image/png Size: 90412 bytes Desc: not available URL: From dougb at dougbarton.us Sat Apr 8 19:41:05 2017 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 08 Apr 2017 10:41:05 -0700 Subject: Smart card In-Reply-To: <87k2705bhy.fsf@iki.fi> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <8e048868-999e-bbf2-5b0b-0821e6cc809f@sixdemonbag.org> <7c68ec9e-2016-a5e3-deee-ee82b146463a@twu.edu> <66fc1d1d-2cf4-c681-9ca4-f786e7773fb9@twu.edu> <1f32b650-07b1-77ac-90d5-df81df3fc47e@dougbarton.email> <9a36f523-5493-a516-94ad-b8b5e4a6c249@twu.edu> <87k2705bhy.fsf@iki.fi> Message-ID: <08dbdcfb0a64d678aae16ab93cabadd9@dougbarton.us> On 2017-04-04 10:27, Teemu Likonen wrote: > Will Senn [2017-04-04 00:19:11-05] wrote: > >> On 4/3/17 11:48 PM, Doug Barton wrote: >>> What's your threat model? >> >> [...] I do not really know what I need vs what I think I need. In my >> uneducated state, I think I want to be as secure as possible [...] > > Considering possible threats is useful or even extremely important but > here's another point of view. Perhaps it can be just "I'm interested in > security technology and want to study smart cards. Thus, I'll buy one > and learn how it works. Maybe it will turn out useful or even > necessary." There is nothing wrong with that point of view of course. The danger comes in when people promote things like smart cards to newbies as "The right way to do PGP." They are/would be overkill for 99.9% of people who use PGP, and the additional hassle and complexity serves as a barrier to entry. Doug From mkesper at schokokeks.org Sat Apr 8 22:51:20 2017 From: mkesper at schokokeks.org (Michael Kesper) Date: Sat, 8 Apr 2017 22:51:20 +0200 Subject: Smart card In-Reply-To: <20170408081636.vlykxzcgr2jyuv3e@grep.be> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> Message-ID: <972c23ff-ef0f-8098-1518-36415f3be7da@schokokeks.org> Hi all, Am 08.04.2017 um 10:16 schrieb Wouter Verhelst: > Smartcards are useful. They ensure that the private half of your key is > never on any hard disk or other general storage device, and therefore > that it cannot possibly be stolen (because there's only one possible > copy of it). The kernelconcept cards at least can also be used with a key "backup". If you store that backup safely, you can still use your key when you put your smart card into washing mashine AND dryer (or it breaks for whatever reason) but you don't risk it being stolen with your laptop. Best Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sun Apr 9 22:16:54 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 16:16:54 -0400 Subject: Smart card In-Reply-To: <9CEB091D-4A5D-4B68-BEB1-649A86E85518@hoerbe.at> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9CEB091D-4A5D-4B68-BEB1-649A86E85518@hoerbe.at> Message-ID: <67da6595-4c9f-4e76-24cb-10a1ff8d91f8@sixdemonbag.org> > I know of PGP-based WoT used in security-aware networks of sysadmins, > CERTs etc. I would have guessed that a significant part of the > audience of this list are professional/experienced/involved admins or > developers. But let me know why the majority of users are not. I've been in the PGP community for 25 years. I've been the official GnuPG FAQ maintainer for a few years, which has led to me getting a steady stream of questions from people who mistakenly (though understandably) think I'm GnuPG's helpdesk. I've been part of Enigmail's official help team for about a decade. For almost fifteen years I've been involved in training people in how to practice good communications security in hostile environments: journalists, NGO workers, and even union organizers. That's my background which is informing my answer. I'm not presenting it to argue that I'm right, but so you may have an estimate of how I may be biased. The average GnuPG user is not a technical expert. They come to GnuPG from somewhere else as the result of an awareness of how their communications may be at risk. When I addressed a crowd of United Electricalworkers employees, for instance, they were concerned employers might be snooping on private union communications. The average GnuPG user runs Windows. The average GnuPG user neither knows nor cares what MIME is. The average GnuPG user has a specific threat model in mind--"I'm worried my employer might be reading my union-related email which gets sent to my corporate account"--not diffuse, unfocused ideas about hypothetical malware that might be targeting certificates. The average GnuPG user understands the threat actor ("my employer", "the secret police", "a competing political party"), but has a poor understanding of the actor's capabilities or how to defend against them. The average GnuPG user uses GnuPG as a last, desperate, final resort. If they had a better avenue, they'd take it. (E.g., I pointed out to United Electricalworkers they could sign up for free webmail accounts and their union emails would no longer be on their employers' email servers.) The average GnuPG user is scared, and rightly so. This system is so eye-poppingly user-unfriendly that the userbase largely consists of two groups: people who have threats serious enough to warrant dealing with such a tool, and people who are paranoid and think they do. The average GnuPG user finds the system to be at the outer limit of their technical skill. The average GnuPG user is deeply interested in doing things right, but has no idea how to evaluate what's right. As a result they often get tied up in cryptographic technofetishism fed to them by others, and getting them to drop this technofetishism is *really really hard*. After all, their commitment to 16384-bit RSA keys has kept them safe, right? ===== Two years ago there was a Spanish digital civil liberties convention called Circumvention. (They've since changed their name to the Internet Freedom Festival.) They thought I'd be a good resource for them, so they flew me to Valencia for a week. During that week I met up with literally dozens of technical trainers -- people who after the convention were going home to places like Syria, Iran, and Zimbabwe, where they'd be meeting with local journalists and teaching them how to safely communicate with the West. I had heartbreaking conversations with them. Without exception, every one of the trainers had firsthand knowledge of people who critically needed communications security, but who found GnuPG (and Enigmail) to be too difficult to use. Without exception, every one of the trainers wanted GnuPG (and Enigmail) to be made simpler. Simplicity is literally a matter of life and death. So when someone asks about smartcards, please, let's keep the discussion focused on whether they need a smartcard. Because the instant people think smartcards are universally necessary, we lose. From niels at kobschaetzki.net Sun Apr 9 22:16:57 2017 From: niels at kobschaetzki.net (=?utf-8?Q?Niels=20Kobsch=C3=A4tzki?=) Date: Sun, 9 Apr 2017 22:16:57 +0200 Subject: No secret key after rsync In-Reply-To: <5DDD394F-7E61-43C5-8F41-C1AD1345AEFC@kobschaetzki.net> References: <5DDD394F-7E61-43C5-8F41-C1AD1345AEFC@kobschaetzki.net> Message-ID: <513EEBC2-91D7-46E1-B090-CF86AC818EDE@kobschaetzki.net> > On 8. Apr 2017, at 08:18, Niels Kobsch?tzki wrote: > > Hi, > > I rsyncd my .gnupg-folder to a new computer (moving from Fedora to TrueOS). When I try to decrypt now something I get the message "no secret key available". > But when I do gpg -K all my secret keys get listed and when I do gpg -k all public keys are listed. gpg is a symlink to gpg2 on that system. > My old installation used gpg2. What could be the problem? Please ignore this. I solved it already and sent the solution to the list. Sorry for the noise. Niels From rjh at sixdemonbag.org Sun Apr 9 22:44:03 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 16:44:03 -0400 Subject: Smart card In-Reply-To: <871st1wjdt.fsf@gnu.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> Message-ID: <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> > But this is a dangerous > article, and hard to distinguish between satire and actual security > advice. And there's both. I thoroughly disagree. This is not an article filled with actual security advice. It was published in USENIX's humor column, after all. It is straight-up satire of tendencies that need satirizing. Satire deeply grounded in truth, yes, but I shudder to think of the foolishness required to mistake this satire for actual security advice. Satire is an excellent weapon against folly, and the idea that everyone should use smartcards is exactly the kind of folly Mickens is railing against. >> Once you assume that your opponent is specifically targeting you with >> malware capable of sophisticated memory forensics, you're screwed. > > Again, defeatist. No, realistic. At that point you've got an attacker who is highly motivated against you specifically, who has access to technical experts, who has a significant operating budget. "You're screwed" might be understating things. > For your average user, yeah, they're screwed just by using technology in > the first place---if not by crackers, then by adversaries like the > companies they're feeding data to. But _I_ could target someone with > memory forensics "malware", and I'm not a cracker! If not through an > exploit for the slew of vulnerable systems users use, then through > physical compromise of their computer. Maybe pay out an evil > maid. I've never tried a cold boot attack, but maybe I'd have some luck > with that. We're not talking about State-level knowledge here---we're > talking about using existing tools; we're talking about a privilege > escalation vulnerability; we're talking about data swapping to disk; > we're talking about Heartbleed, and Cloudbleed, and many other such > bugs; ...and so on! You're making my case for me. > Nor should anyone think they are. But it's sure as hell a smaller > attack surface than the, uh, near-unlimited attack surface of an > Internet-connected computer (or mobile device!) that most people store > their private keys on. I've always been amused by how often people think that if their keys are safe, their communications are, too. "I'm worried a well-funded attacker might root my laptop, plant a keylogger, and get my passphrase and my secret key, and then be able to read my email. I use smartcards to prevent this attack." Apparently, the prospect of a well-funded attacker rooting your laptop, planting a trojaned GnuPG with a compromised PRNG, and being able to read all your traffic at their leisure, though, you're just fine with that. Once you assume the attacker can root your machine, *you* *are* *screwed*. There is no way around it. The universe of malfeasance the attacker can throw at you is effectively unlimited. And you're seriously saying, "but at least my keys are safe!"? Give me a break. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 821 bytes Desc: OpenPGP digital signature URL: From wsenn1 at twu.edu Mon Apr 10 00:09:03 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sun, 9 Apr 2017 17:09:03 -0500 Subject: Smart card In-Reply-To: <67da6595-4c9f-4e76-24cb-10a1ff8d91f8@sixdemonbag.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9CEB091D-4A5D-4B68-BEB1-649A86E85518@hoerbe.at> <67da6595-4c9f-4e76-24cb-10a1ff8d91f8@sixdemonbag.org> Message-ID: <696c1090-de74-30f8-1943-a314144218d7@twu.edu> On 4/9/17 3:16 PM, Robert J. Hansen wrote: >> I know of PGP-based WoT used in security-aware networks of sysadmins, >> CERTs etc. I would have guessed that a significant part of the >> audience of this list are professional/experienced/involved admins or >> developers. But let me know why the majority of users are not. > I've been in the PGP community for 25 years. I've been the official > GnuPG FAQ maintainer for a few years, which has led to me getting a > steady stream of questions from people who mistakenly (though > understandably) think I'm GnuPG's helpdesk. I've been part of > Enigmail's official help team for about a decade. For almost fifteen > years I've been involved in training people in how to practice good > communications security in hostile environments: journalists, NGO > workers, and even union organizers. That's my background which is > informing my answer. I'm not presenting it to argue that I'm right, but > so you may have an estimate of how I may be biased. > > The average GnuPG user is not a technical expert. They come to GnuPG > from somewhere else as the result of an awareness of how their > communications may be at risk. When I addressed a crowd of United > Electricalworkers employees, for instance, they were concerned employers > might be snooping on private union communications. > > The average GnuPG user runs Windows. > > The average GnuPG user neither knows nor cares what MIME is. > > The average GnuPG user has a specific threat model in mind--"I'm worried > my employer might be reading my union-related email which gets sent to > my corporate account"--not diffuse, unfocused ideas about hypothetical > malware that might be targeting certificates. > > The average GnuPG user understands the threat actor ("my employer", "the > secret police", "a competing political party"), but has a poor > understanding of the actor's capabilities or how to defend against them. > > The average GnuPG user uses GnuPG as a last, desperate, final resort. > If they had a better avenue, they'd take it. (E.g., I pointed out to > United Electricalworkers they could sign up for free webmail accounts > and their union emails would no longer be on their employers' email > servers.) > > The average GnuPG user is scared, and rightly so. This system is so > eye-poppingly user-unfriendly that the userbase largely consists of two > groups: people who have threats serious enough to warrant dealing with > such a tool, and people who are paranoid and think they do. > > The average GnuPG user finds the system to be at the outer limit of > their technical skill. > > The average GnuPG user is deeply interested in doing things right, but > has no idea how to evaluate what's right. As a result they often get > tied up in cryptographic technofetishism fed to them by others, and > getting them to drop this technofetishism is *really really hard*. > After all, their commitment to 16384-bit RSA keys has kept them safe, right? > > ===== > > Two years ago there was a Spanish digital civil liberties convention > called Circumvention. (They've since changed their name to the Internet > Freedom Festival.) They thought I'd be a good resource for them, so > they flew me to Valencia for a week. During that week I met up with > literally dozens of technical trainers -- people who after the > convention were going home to places like Syria, Iran, and Zimbabwe, > where they'd be meeting with local journalists and teaching them how to > safely communicate with the West. > > I had heartbreaking conversations with them. Without exception, every > one of the trainers had firsthand knowledge of people who critically > needed communications security, but who found GnuPG (and Enigmail) to be > too difficult to use. Without exception, every one of the trainers > wanted GnuPG (and Enigmail) to be made simpler. > > Simplicity is literally a matter of life and death. > > So when someone asks about smartcards, please, let's keep the discussion > focused on whether they need a smartcard. Because the instant people > think smartcards are universally necessary, we lose. > Robert et al., I have to admit the replies to this thread have been very informative in ways that simple answers just never would be. Here I was trying to get "it" "right" the first (thirty first) time, when it's clear that there's no it or right. I am heartened by the dialog and as a result of my reading, think that my approach will be fine for my threat vector :). BTW, I got a yubikey4 and immediately sent it packing back to the manufacturer after the tech support guy told me to reset the card and try again for the second time without being able to explain why this would help. I'm still waiting on my kernelconcepts card to arrive, no telling if it'll work any better, but as somebody else on the thread mentioned, it's fun trying out the cryptocandy. After reading this thread and some other resources, I'm pretty sure having a smartcard isn't going to make me much more secure than simply using gpg given my apparent naivete over so much of the terrain. On another note, while I am totally committed to better understand gnupg, I find the bulk of available material in its domain to be inconsistent, contradictory, sophmoric, written in faux cryptogeek, and generally misleading. Gems are nearly impossible to find. I have read at least a couple of dozen intro to gnupg articles that completely fail to arrive at consensus on the fundamentals. What gets encrypted with what keys? What is a detached signature and why might I want one? Interestingly, I looked at the documentation in the hopes that this might be canonical and informative: the actual command's help: gpg --help ... snip --detach-sign [file] make a detached signature ...snip kinda gathered... or from the user's manual: ...snip --detach-sign -b Make a detached signature. ...snip ok, so lemme guess, --detach-sign creates a detached signature... hmmm, nothing about why you'd want one, or what one is good for. Let's take a look at the uber helpful gnu privacy handbook: Detached signatures A signed document has limited usefulness. Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is a third method for signing a document that creates a detached signature, which is a separate file. A detached signature is created using the --detach-sig option. alice%gpg --output doc.sig --detach-sig doc You need a passphrase to unlock the secret key for user: "Alice (Judge)" 1024-bit DSA key, ID BB7576AC, created 1999-06-04 Enter passphrase: Both the document and detached signature are needed to verify the signature. The--verifyoption can beto check the signature. blake%gpg --verify doc.sig doc gpg: Signature made Fri Jun 4 12:38:46 1999 CDT using DSA key ID BB7576AC gpg: Good signature from "Alice (Judge)" Better, but no mention of what keys are used in the process or why. Also, it sounds like it's not even that useful "has limited usefulness" and yet, detached signatures are all over the place. Believe it or not, somebody trying to understand gpg just might like to know that a detached signature is (or isn't, you tell me, I've seen all kinds of descriptions) a derived hash (maybe sha512) of the plaintext of the original document that is encrypted with the sender's private key and which can only be decoded with the sender's public key (theoretically publicly accessible) and therefore available to verify by decrypting the hash and comparing it with an on-the-spot self generated hash of the current contents. I'm not sure this is how it works, but by reading dozens of descriptions, I think it's getting closer to reality than "Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original," whatever this is supposed to mean. I guess what I'm really trying to say is, this "system is so eye-poppingly user-unfriendly" that it could use some good, clear, accurate, reasonably comprehensive, accessible literature written by folks who actually know how stuff works. Thanks, Will From rjh at sixdemonbag.org Mon Apr 10 00:27:52 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 18:27:52 -0400 Subject: Smart card In-Reply-To: <696c1090-de74-30f8-1943-a314144218d7@twu.edu> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9CEB091D-4A5D-4B68-BEB1-649A86E85518@hoerbe.at> <67da6595-4c9f-4e76-24cb-10a1ff8d91f8@sixdemonbag.org> <696c1090-de74-30f8-1943-a314144218d7@twu.edu> Message-ID: <09741d09-8206-cc61-a9d4-329a7b00fdeb@sixdemonbag.org> > I have to admit the replies to this thread have been very informative in > ways that simple answers just never would be. Here I was trying to get > "it" "right" the first (thirty first) time, when it's clear that there's > no it or right. I am heartened by the dialog and as a result of my > reading, think that my approach will be fine for my threat vector :). There's a great quote from _Zero Effect_ that springs to mind. "There aren't any good guys! You realize that, don't you? I mean, there aren't evil guys, and innocent guys, and -- it's just -- it's just a bunch of guys!" There are very few good practices in communications security, and very few bad practices. Mostly, you have to pick from a very mixed bag of practices. > But as somebody else on the thread > mentioned, it's fun trying out the cryptocandy. That it is, and so long as it's fun I advise you to knock yourself out! > On another note, while I am totally committed to better understand > gnupg, I find the bulk of available material in its domain to be > inconsistent, contradictory, sophmoric, written in faux cryptogeek, and > generally misleading. Gems are nearly impossible to find. I have read > at least a couple of dozen intro to gnupg articles that completely fail > to arrive at consensus on the fundamentals. What gets encrypted with > what keys? What is a detached signature and why might I want one? Suggest questions to be addressed in the FAQ and I'll take a stab. Our FAQ needs reorganization -- badly -- but the answers are pretty good, I think. Wikipedia actually cites us in a couple of crypto articles. > I guess what I'm really trying to say is, this "system is so > eye-poppingly user-unfriendly" that it could use some good, clear, > accurate, reasonably comprehensive, accessible literature written by > folks who actually know how stuff works. So you want someone who isn't just a whiz in cryptogeekery, but has a detailed knowledge of the OpenPGP spec and how GnuPG implements it, *and* is a skilled technical writer, *and* has the free time to commit (conservatively speaking) hundreds of hours of free labor? You're looking for a unicorn -- but I encourage you to keep looking. :) From rag at ragged-software.com Mon Apr 10 01:35:03 2017 From: rag at ragged-software.com (Roy A. Gilmore) Date: Sun, 9 Apr 2017 16:35:03 -0700 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> Message-ID: <8b14b943-5c29-5dc8-becc-a57848c36783@ragged-software.com> OMG, this thread has gotten completely out of hand. I will reply to my own message in an attempt not to add too much to the hate and discontent already present. This is exactly why I normally only lurk, rarely comment, and only ask a question when I absolutely have to. I'm sorry that I bothered. I was trying to be brief when I made the "key under the door mat" analogy. But, I stand by the idea that I believe allowing physical access to your private key is a very *BAD* idea. Given enough time and resources, any system can be compromised. I don't believe that smartcards are the answer to all security issues, but, I do believe that a smartcard can *HELP* to reduce *SOME* of potential exposure, especially if used in a reader with a built-in pinpad. If the idea of smartcards gets somebody to start asking questions about security, and doing *SOMETHING* about their security, aren't they much better off than before? Anyway, please just let this particular fork of this thread die, and forget that I tried to contribute, I won't make that error again. On 04/08/2017 10:30 AM, Roy A. Gilmore wrote: > I've been watching this thread for a while, and felt the need to chime > in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving your > private key on your laptop, tablet, or phone is about as secure as > leaving a spare key to your house under the door mat. I cringe every > time soft tokens are brought up. Laptops, tablets, and phones are > hacked, lost or stolen frequently. If a physical smartcard or USB token > seems like too much of an inconvenience, then your data probably isn't > worth taking the time to encrypt in the first place. How much is your > data worth to you? > > On 04/08/2017 01:29 AM, Robert J. Hansen wrote: >>> Smartcards are a pain in the ass. >> A funny but completely accurate way to put it: >> >> When your private key is on your laptop, you never put it through the >> wash by accident. >> >> (I can tell you from personal experience most smartcards handle being >> washed just fine, but the static charges they're exposed to in the dryer >> will often fry them.) >> >> Once you make a smartcard into a credit card, or a dongle you hang off >> your keychain, you open yourself up to some very interesting failure >> modes -- many of which you won't see coming. For instance, I once tried >> to pay for a hotel with my kernelconcepts card, because it was located >> adjacent to my credit card and I pulled it out by accident. >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From anthony at cajuntechie.org Mon Apr 10 00:24:13 2017 From: anthony at cajuntechie.org (Anthony Papillion) Date: Sun, 9 Apr 2017 17:24:13 -0500 Subject: What could make GnuPG + Enigmail "easier"? Message-ID: There's been some discussion both on and off this list about the fact that people don't use GnuPG (even with Enigmail) because it's 'too hard'. I have friends that are reasonably intelligent who just can't figure it out and, for the life of me, I just don't see why. Don't get me wrong, GnuPG by itself can be confusing. Who wants to compose in a text file, drop to a terminal, issue some archaic command, open another text file, then copy and paste the results into a new document just to able to send an email? That's pretty rough and there's no reason any user should have to do that in 2017. But they don't! I've used GnuPG and Enigmail for a few years now and I only drop to a terminal when I /want/ to do so at this point. Encryption, decryption, signing, etc, never 'requires' it and, for the most part, the software 'just handles it'. Sure, if I add a smart card to the mix that complicates things but most people aren't going to do that. So I guess I'm asking "what's so hard about GnuPG/Enigmail these days and what's stopping us from making it better"? Anthony From fejj at gnome.org Mon Apr 10 02:21:01 2017 From: fejj at gnome.org (Jeffrey Stedfast) Date: Sun, 9 Apr 2017 20:21:01 -0400 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: References: Message-ID: <9f6b6382-9971-cadb-edcc-e93cab1149bd@gnome.org> On 4/9/2017 6:24 PM, Anthony Papillion wrote: > There's been some discussion both on and off this list about the fact > that people don't use GnuPG (even with Enigmail) because it's 'too > hard'. I have friends that are reasonably intelligent who just can't > figure it out and, for the life of me, I just don't see why. You aren't seeing why because you aren't really listening. You are focusing on the button clicks required and thinking "but it's just a click of a button or a checkbox in my email configuration options!" What you *aren't* hearing is: 1. *Why* should I care about signing my emails? Other people trying to impersonate me by falsifying emails from me is extremely low, other than perhaps the odd spam message here and there. And that's not *my* problem, that's *their* problem. 2. *Why* should I care about encrypting my emails? None of my emails are worth encrypting. Seriously, though, the risk of "hackers" or who-ever getting a hold of my emails is low and there's nothing really vital in them anyway. 3. Sure, clicking a button or checkbox might be easy, but what about the added hassle of managing my PGP keys? Now I have to upload them to a server so other people can get them? Ugh. I also have to copy them back and forth between the different computers that I use? More work. And I gotta keep my keys safe, as well? Jeez. 4. Just because I have a PGP key and sign my emails, it doesn't mean other people can automatically trust that they are from me. First they have to verify that the key id/fingerprint matches the key that I created. This means that for all practical purposes, unless I'm going to get involved in a *community* of PGP users that all sign each others keys, it's worthless. For the average email user, signing their emails has little-to-no added value. In general, they either know the person personally in which case they probably have a good idea whether or not an email is actually from said person or not simply based on pattern recognition of their writing style and/or topics being discussed. They can also verify emails by talking to the other person face-to-face or over the phone, skype, etc - for *important* emails, this often happens anyway. In other words, the people you are trying to convince to use PGP with Enigmail are saying "it's too hard" because that is the result of their cost/benefit analysis. It's not that clicking buttons or a checkbox is "too hard", it's that they don't *want to* for the minimal gain it will get them. Hope that helps, Jeff From mtg at gnu.org Mon Apr 10 04:32:23 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Sun, 09 Apr 2017 22:32:23 -0400 Subject: Smart card References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> Message-ID: <87tw5xq9fs.fsf@gnu.org> On Sun, Apr 09, 2017 at 16:44:03 -0400, Robert J. Hansen wrote: >> But this is a dangerous >> article, and hard to distinguish between satire and actual security >> advice. And there's both. > > I thoroughly disagree. This is not an article filled with actual > security advice. It was published in USENIX's humor column, after all. > It is straight-up satire of tendencies that need satirizing. Satire > deeply grounded in truth, yes, but I shudder to think of the foolishness > required to mistake this satire for actual security advice. > > Satire is an excellent weapon against folly, and the idea that everyone > should use smartcards is exactly the kind of folly Mickens is railing > against. The number of times I have seen this article to rationalize black-and-white threat models and dismiss threats is concerning---its grounding in truth is what makes it good satire, and it's not hard to distill security "advice" from it. >>> Once you assume that your opponent is specifically targeting you with >>> malware capable of sophisticated memory forensics, you're screwed. >> >> Again, defeatist. > > No, realistic. At that point you've got an attacker who is highly > motivated against you specifically, who has access to technical experts, > who has a significant operating budget. I think this is being confounded by adjoining two conversations---that smartcards provide additional security given a compromised system, and the satirical quote your provided. I was referring in this case to the latter. My point is that if you base your entire threat model and practices on the fact that some attacker somewhere is going to succeed in a targeted attack against you, then you may as well give up on security period. And my point was further that memory forensics is a pretty poor baseline for "screwed". That's the default category for any user of a surveillance operating system like Windows 10. Is the decision there to not attempt to address the problem at all? >> Nor should anyone think they are. But it's sure as hell a smaller >> attack surface than the, uh, near-unlimited attack surface of an >> Internet-connected computer (or mobile device!) that most people store >> their private keys on. > > I've always been amused by how often people think that if their keys are > safe, their communications are, too. I'm not sure if you're adding that to the discussion or saying that I implied that; I certainly didn't. > Apparently, the prospect of a well-funded attacker rooting your laptop, > planting a trojaned GnuPG with a compromised PRNG, and being able to > read all your traffic at their leisure, though, you're just fine with that. > > Once you assume the attacker can root your machine, *you* *are* > *screwed*. There is no way around it. The universe of malfeasance the > attacker can throw at you is effectively unlimited. And you're > seriously saying, "but at least my keys are safe!"? > > Give me a break. This is the other conversation, which I didn't comment on; I should have made that more clear. You seem to be suggesting that key safety isn't even a concern if you're compromised---that nothing else matters, and the distinction between a compromise as you described with or without access to the key(s) is irrelevant. This doesn't have to start with a compromise from Day 1. If you are using a compromised system for generating your GPG key, sure, a smartcard isn't going to help you at all. But note that you can also generate the keys on the smart card itself rather than the host system, which would circumvent a compromised PRNG. Of course that's not much of an option if you need a long-term identity, but for someone looking to use GPG for other purposes, that's certainly an option. Let's say you're not compromised Day 1, and you don't have a smartcard. Your key can be copied by malware at any point in time. The password can be brute-forced offline or can be gathered through some other method at a later date. Let's say Eve has access to system memory, and a keylogger, and can view communications before they are even encrypted. Fair enough, a smart card won't help you if crypto is circumvented entirely. That's the case with or without it. But GPG keys are seldom rotated. If you do happen to use it for encrypting sensitive communications, the compromise of your encryption key at any point means the compromise of possibly years (or a lifetime's worth) of data. With a smartcard, a passive eavesdropper can't do anything---Mallory would be forced to either steal it from you, or issue commands to decrypt when it's connected to the system, which would prompt for the PIN at least once, would be slow, and would hopefully trigger an indicator on the smartcard. Let's say I receive encrypted correspondence from someone. If Mallory has access to my communications/mailbox, he could grab the message, decrypt it, and be done. He could then write a reply, sign it as me, and have a full-on conversation, without me knowing. With a smartcard, I'm still needed---he'll have to find a way to sneak in those crypo operations on the card without me noticing. The primary purpose of my key is signing. If Mallory wanted me to sign something unwittingly, and I used an external reader, he would have to intercept a legitimate operation and replace it with his own. But then I wouldn't have the signature that I requested. If I noticed (I personally would, I don't know that everyone would; maybe a recipient), Mallory would be at risk of being discovered. My Nitrokey locks the user PIN after three invalid attempts and bricks itself after three admin PIN attempts. If my smartcard is stolen, brute force isn't possible---they will have had to have gathered my PIN in some other manner. Since I use a Nitrokey, I'd be owned by a keylogger. But if you use an external card reader with a PIN pad, then Mallory might have a harder time, especially if he is a remote attacker. I use GPG as an SSH agent---I can use SSH on any system that will recognize my card. Otherwise, you'd generate a key per host, any of which could be compromised at some point in the past or future. For users that need their GPG key on multiple boxes, I consider a smartcard to be essential. Otherwise, the user is just furthering her risk of compromise. Key safety is still important. But again, that's assuming that Eve/Mallory _exist_. With my original argument: they may not. The average user is far more likely to get some random malware and get added to a botnet than they are to be a specific target, and in those cases especially, their key won't be grabbed with all the other data on their disk. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From gniibe at fsij.org Mon Apr 10 04:49:56 2017 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 10 Apr 2017 11:49:56 +0900 Subject: Passphrase cache w/Yubikey varies: sign vs auth In-Reply-To: <88da28c6-9961-a652-6afb-9a65068066d1@gmail.com> References: <88da28c6-9961-a652-6afb-9a65068066d1@gmail.com> Message-ID: <87mvbpt1rf.fsf@iwagami.gniibe.org> Steve McKown wrote: > Can someone explain why ssh after sign asks for the passphrase again, > and what I might be able to do to avoid this condition? It's not a big > deal, but I do wonder if it suggests a misconfiguration on my part. It is not misconfiguration. It is expected behavior. Please note that there is no passphrase cache on host side for smartcard. It is the OpenPGP card which has the "authenticated" status. Once it gets authenticated by PIN, a user can ask crypto operations. And there are two different authenticated statuses for a user. We call them CHV1 and CHV2, where CHV means Card Holder Verification. One for signing (CHV1) and another for others (= decryption and authentication, CHV2). For OpenPGP card itself, CHV1 and CHV2 are independent (for v2 and later). By using GnuPG, they are not independent. When a user authenticate for CHV2, CHV1 is also authenticated automatically (provided the flag of the card for "Signature PIN" is "not forced"). When a user authenticate for CHV1, CHV2 is not affected. I agree this is a bit confusing. I don't know why it is so. Perhaps, we had some compatibility issue with older OpenPGP card. I don't think we have an easy way to avoid being asked PIN for SSH after signing. -- From mtg at gnu.org Mon Apr 10 04:52:59 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Sun, 09 Apr 2017 22:52:59 -0400 Subject: Smart card In-Reply-To: (Doug Barton's message of "Sun, 9 Apr 2017 11:30:47 -0700") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> Message-ID: <87wpatotx0.fsf@gnu.org> On Sun, Apr 09, 2017 at 11:30:47 -0700, Doug Barton wrote: > You and Rainer have gone on at great length about the part of the threat > model equation dealing with the attacker. However, you don't seem to take > into account the other part of the equation, what you are protecting. Sure: the sensitivity of the data determines the threat model. If I'm just protecting the password to my bank account, then law enforcement isn't part of my threat model, because they wouldn't need it to access my account. > The overwhelming number of PGP users simply use it because it's cool. They > don't have anything approaching significant secrets to protect, it's just > fun to do cryptography. There is nothing wrong with that, in and of > itself. (Note, I acknowledge that there are people for whom signatures and > encryption actually matter.) My advice isn't useful to those people (unless they find it cool), you're right; but they aren't my audience, generally speaking. With that said, everyone can benefit from strong crypto to some degree to protect their privacy. Whether or not they care, and whether or not GPG is the solution to any sort of problem they're having, is another story. > The concern is that when folks tell the new users that they are > *required*, that becomes problematic for a couple of reasons. First, it > gives a false impression of how secure the "basic" version of GnuPG is in > the first place. Perhaps more importantly, it places a much higher barrier > to entry for new users; for no measurable ROI. I agree. I don't mean to give the impression that I convey that it is required. When introducing users to the concept of PGP, smartcards are always mentioned as an extra step that might help with certain concerns they have (e.g. sharing the key on multiple devices). I don't invent reasons, unless someone's asking from a crypto perspective and wants that level of detail. Sometimes smartcards don't come up at all. With that said, my use of my smartcard sometimes initiates discussion. And sometimes people use GPG simply because they want to be able to use a smartcard for something like SSH. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From dsaklad at gnu.org Mon Apr 10 03:49:47 2017 From: dsaklad at gnu.org (Don Saklad) Date: Sun, 09 Apr 2017 21:49:47 -0400 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: (message from Anthony Papillion on Sun, 9 Apr 2017 17:24:13 -0500) Message-ID: <5ir3113ubo.fsf@fencepost.gnu.org> What's the first step to begin using it?... Anthony Papillion writes: > There's been some discussion both on and off this list about the > fact that people don't use GnuPG (even with Enigmail) because it's > 'too hard'. I have friends that are reasonably intelligent who > just can't figure it out and, for the life of me, I just don't see > why. > > Don't get me wrong, GnuPG by itself can be confusing. Who wants to > compose in a text file, drop to a terminal, issue some archaic > command, open another text file, then copy and paste the results > into a new document just to able to send an email? That's pretty > rough and there's no reason any user should have to do that in > 2017. But they don't! I've used GnuPG and Enigmail for a few years > now and I only drop to a terminal when I /want/ to do so at this > point. Encryption, decryption, signing, etc, never 'requires' it > and, for the most part, the software 'just handles it'. Sure, if I > add a smart card to the mix that complicates things but most > people aren't going to do that. > > So I guess I'm asking "what's so hard about GnuPG/Enigmail these > days and what's stopping us from making it better"? > > Anthony > > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From rjh at sixdemonbag.org Mon Apr 10 05:25:06 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 23:25:06 -0400 Subject: Smart card In-Reply-To: <87tw5xq9fs.fsf@gnu.org> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> Message-ID: > I think this is being confounded by adjoining two conversations---that > smartcards provide additional security given a compromised system, and > the satirical quote your provided. I was referring in this case to the > latter. If you send or receive sensitive communications from a compromised endpoint, you're screwed. The smartcard will not save you. It can't. When I hear people talk about how the smartcard will keep their keys safe even after a system compromise, I hear that as being like a survivalist talking about how great it is his tiny bomb shelter will keep his seeds safe after a direct hit from a nuclear bomb. Great, I'm very happy for you, but you're giving *terrible* advice to people who are worried about the bomb dropping. Even encouraging them to move somewhere that's not a high-priority target for a nuclear strike, as impractical as that advice is, is better. > My point is that if you base your entire threat model and practices on > the fact that some attacker somewhere is going to succeed in a targeted > attack against you, then you may as well give up on security period. If your threat model includes Tier-1 actors, you're gonna get Mossaded. You. Cannot. Win. Therefore, any threat model that assumes you're the target of Tier-1 interest is inherently -- I'll say it again -- screwed. Once you become a target of Tier-1 interest it's all over. Don't come to their attention. And don't mislead newbies by making them think they can win against Tier-1s, either. > You seem to be suggesting that key safety isn't even a concern if you're > compromised---that nothing else matters, and the distinction between a > compromise as you described with or without access to the key(s) is > irrelevant. You seem to think that your bomb shelter surrounded by five hundred meters of radioactive fused glass is somehow a win. After all, your keys are safe, right? Preserve the security of your endpoint system. Nothing else will do. From rjh at sixdemonbag.org Mon Apr 10 05:33:59 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 9 Apr 2017 23:33:59 -0400 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: References: Message-ID: <4f3649c9-923b-fbeb-bf49-fadbd35ca77c@sixdemonbag.org> > There's been some discussion both on and off this list about the fact > that people don't use GnuPG (even with Enigmail) because it's 'too > hard'. I have friends that are reasonably intelligent who just can't > figure it out and, for the life of me, I just don't see why. Better grab your reading glasses. :) Academic computer science literature is full of papers researching this subject. John Clizbe and I (speaking of, John's been gone for some time; I hope he returns soon) keep a curated list of some good ones. ===== Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006. Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In _Proceedings of the SIGCHI Conference on Human Factors in Computing Systems_ (Montreal, Quebec, Canada, April 22 - 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600. DOI= http://doi.acm.org/10.1145/1054972.1055069 Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E., and Miller, R. C. 2005. How to make secure email easier to use. In _Proceedings of the SIGCHI Conference on Human Factors in Computing Systems_ (Portland, Oregon, USA, April 02 - 07, 2005). CHI '05. ACM, New York, NY, 701-710. DOI= http://doi.acm.org/10.1145/1054972.1055069 Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J. Hyland. Why Johnny Still Can?t Encrypt: Evaluating the Usability of Email Encryption Software. Poster session, 2006 _Symposium On Usable Privacy and Security_, Pittsburgh, PA, July 2006. http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf Alma Whitten and J.D. Tygar. Why Johnny Can?t Encrypt: A Usability Evaluation of PGP 5.0. In _Proceedings of the 8th USENIX Security Symposium_, Washington, DC, August 1999. http://bit.ly/OaEeTD Views, reactions and impact of digitally-signed mail in e-commerce. Garfinkel, Schiller, Nordlander, Margrave and Miller. Originally published somewhere in _Lecture Notes in Computer Science_, but I got mine from: http://groups.csail.mit.edu/uid/projects/secure-email/fc_smime.pdf Usability of Security: A Case Study. Alma Whitten and J. D. Tygar. Carnegie Mellon University Computer Science technical report CMU-CS-98-155, December 1998. http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA361032 From rsmckown at gmail.com Mon Apr 10 06:56:09 2017 From: rsmckown at gmail.com (Steve McKown) Date: Sun, 9 Apr 2017 22:56:09 -0600 Subject: Passphrase cache w/Yubikey varies: sign vs auth In-Reply-To: <87mvbpt1rf.fsf@iwagami.gniibe.org> References: <88da28c6-9961-a652-6afb-9a65068066d1@gmail.com> <87mvbpt1rf.fsf@iwagami.gniibe.org> Message-ID: On 04/09/2017 08:49 PM, NIIBE Yutaka wrote: > Steve McKown wrote: >> Can someone explain why ssh after sign asks for the passphrase again, >> and what I might be able to do to avoid this condition? It's not a big >> deal, but I do wonder if it suggests a misconfiguration on my part. > > It is not misconfiguration. It is expected behavior. > > Please note that there is no passphrase cache on host side for > smartcard. It is the OpenPGP card which has the "authenticated" status. > Once it gets authenticated by PIN, a user can ask crypto operations. > > And there are two different authenticated statuses for a user. We call > them CHV1 and CHV2, where CHV means Card Holder Verification. One for > signing (CHV1) and another for others (= decryption and authentication, > CHV2). > > For OpenPGP card itself, CHV1 and CHV2 are independent (for v2 and > later). > > By using GnuPG, they are not independent. When a user authenticate for > CHV2, CHV1 is also authenticated automatically (provided the flag of the > card for "Signature PIN" is "not forced"). When a user authenticate for > CHV1, CHV2 is not affected. > > I agree this is a bit confusing. I don't know why it is so. Perhaps, > we had some compatibility issue with older OpenPGP card. > > I don't think we have an easy way to avoid being asked PIN for SSH after > signing. > Thanks for the clear and informative answer. Much appreciated! From dkg at fifthhorseman.net Mon Apr 10 08:37:37 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 10 Apr 2017 02:37:37 -0400 Subject: Display a gpg signature as a string of zeros and ones? In-Reply-To: <1807747869.3318315.1491584105660@mail.yahoo.com> References: <136219181.2496500.1491500363318.ref@mail.yahoo.com> <136219181.2496500.1491500363318@mail.yahoo.com> <87zifsgpys.fsf@alice.fifthhorseman.net> <1807747869.3318315.1491584105660@mail.yahoo.com> Message-ID: <87shlgbwem.fsf@fifthhorseman.net> On Fri 2017-04-07 16:55:05 +0000, joao baleza wrote: > Sorry. I was not clear enough. I will try to explain better.? As > far has I understand, a 2048 key gpg RSA digital signature has > 2048 bits. But the binary gpg signature file has more than 2048 > bits because the file has some extra data besides the signature > itself. My question is: is there any way to display a gpg > signature with no extra data, just the signature itself, as a > string of zeros and ones? My confusion stems from the fact that you seem to be asking both about "display" and about size compression. you can't actually display any of the ones or zeros without converting them to some form that humans can understand, which typically means expanding them significantly (e.g. looking at the data in hex or base64 encoding). So if you're talking about minimizing size of an OpenPGP signature, you want to avoid ASCII-armoring the signature. this will still be more than 2048 bits because the OpenPGP signature format has some framing structure around it. If you remove that framing structure, the bitstring you have left won't be safe to interpret because it will look like arbitrary noise that happens to be a useful input to some particular algorithm. To put it another way: an OpenPGP signature is more than just a mathematical/cryptographic object. it's also a protocol object, and the protocol details take up space too. Does this make more sense? --dkg From rjh at sixdemonbag.org Mon Apr 10 09:11:14 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 10 Apr 2017 03:11:14 -0400 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: <9f6b6382-9971-cadb-edcc-e93cab1149bd@gnome.org> References: <9f6b6382-9971-cadb-edcc-e93cab1149bd@gnome.org> Message-ID: <4b0e4c75-d885-0c8a-88d4-62aa1a1b9bb0@sixdemonbag.org> > What you *aren't* hearing is: [good points snipped] Shirley Gaw's 2006 paper addresses these factors dead-on. http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf It's worth reading. A major additional factor Gaw found inhibiting adoption was the fear of being seen as paranoid. The following excerpt talks about various employees (all under pseudonyms) at an environmental-action NGO which participated in a variety of illegal direct action campaigns. You'd think these people would view paranoia as a good thing, but the reality was quite different. A couple of passages are _underlined_ to reflect italics in the original text. ===== "Many of the employees interviewed at [this NGO] had limits to their willingness to be more secure. In fact, moving beyond that limit was seen as abnormal or paranoid. While Woodward was especially vigilant, even the technical support staff admitted he might be excessively protective. Was the effort justified? Was it reasonable precaution? Abe explained how someone could 'go overboard' when he described how a representative of the PGP Corporation visited [the NGO]. Instead of a typical password authentication, the representative took off his necklace and used a removable flash drive that held his private key. The demonstration discouraged Abe: 'It was too over-the-top and definitely too complicated... it was like a movie.' He saw the presenter as paranoid. He went on to say: 'Yeah, I admire him because he comes in and puts his passphrase ... every single day, three times a day, so that's very dedicated to his stuff. He must either be very scared or very motivated.' He was not sure whether this vigilance was justified. In fact, he associated it with being fearful, perhaps irrationally fearful. Abe reiterated this when asked to speculate on why a colleague sent every e-mail message encrypted. He figured this man has an automated system for encrypting e-mail 'or he's nuts.' When Sandra was asked why she said her e-mail communications were not anything people were 'dying to get their hands on,' she explained: 'I'm not paranoid enough to think the CIA is monitoring my emails or anything to that effect.' Not only was encrypting messages excessive for someone who had no secrets, it was _paranoid_ _behavior_ to assume anyone would be interested in eavesdropping on her communications. Jenny also thought it was abnormal to encrypt non-secret information. When the interviewer abstractly explained that people in security suggest all users encrypt all messages, Jenny was baffled: 'So you're saying that ... people should just--even _normal_ people? That you're sending e-mail to ... your mom, like "hey, things are going ...", that you should encrypt your e-mail? That people should do all that?' Jenny emphasizes 'normal people.' _Normal_ _people_ wouldn't encrypt normal messages." From mirimir at riseup.net Mon Apr 10 09:57:18 2017 From: mirimir at riseup.net (Mirimir) Date: Mon, 10 Apr 2017 01:57:18 -0600 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: <4b0e4c75-d885-0c8a-88d4-62aa1a1b9bb0@sixdemonbag.org> References: <9f6b6382-9971-cadb-edcc-e93cab1149bd@gnome.org> <4b0e4c75-d885-0c8a-88d4-62aa1a1b9bb0@sixdemonbag.org> Message-ID: <5816fe7b-dc97-f95c-e9ef-5e9d61a9ac5f@riseup.net> On 04/10/2017 01:11 AM, Robert J. Hansen wrote: >> What you *aren't* hearing is: > > [good points snipped] > > Shirley Gaw's 2006 paper addresses these factors dead-on. > http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf > > It's worth reading. A major additional factor Gaw found inhibiting > adoption was the fear of being seen as paranoid. Attorneys have told me that they don't encrypt because opponents would be sanctioned if they used intercepted information. "How would you know?" didn't lead to a useful conversation. From rainer at hoerbe.at Mon Apr 10 12:01:34 2017 From: rainer at hoerbe.at (Rainer Hoerbe) Date: Mon, 10 Apr 2017 12:01:34 +0200 Subject: What could make GnuPG + Enigmail "easier"? In-Reply-To: <4b0e4c75-d885-0c8a-88d4-62aa1a1b9bb0@sixdemonbag.org> References: <9f6b6382-9971-cadb-edcc-e93cab1149bd@gnome.org> <4b0e4c75-d885-0c8a-88d4-62aa1a1b9bb0@sixdemonbag.org> Message-ID: <6760929A-F625-4F6C-9754-B705E2DCCDBE@hoerbe.at> I think that we could reach a better mutual understanding when we put the arguments into context. Context A: non-technical users, such as Jenny, who encrypt mail with sensitive content, or sign a message. Context B: IT-experts with typical use cases of SW-signature or SSH-login. I think that many arguments on this thread make a lot of sense in their respective contexts. - Rainer > Am 10.04.2017 um 09:11 schrieb Robert J. Hansen : > >> What you *aren't* hearing is: > > [good points snipped] > > Shirley Gaw's 2006 paper addresses these factors dead-on. > http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf > > It's worth reading. A major additional factor Gaw found inhibiting > adoption was the fear of being seen as paranoid. The following excerpt > talks about various employees (all under pseudonyms) at an > environmental-action NGO which participated in a variety of illegal > direct action campaigns. You'd think these people would view paranoia > as a good thing, but the reality was quite different. > > A couple of passages are _underlined_ to reflect italics in the original > text. > > ===== > > "Many of the employees interviewed at [this NGO] had limits to their > willingness to be more secure. In fact, moving beyond that limit was > seen as abnormal or paranoid. While Woodward was especially vigilant, > even the technical support staff admitted he might be excessively > protective. Was the effort justified? Was it reasonable precaution? > > Abe explained how someone could 'go overboard' when he described how a > representative of the PGP Corporation visited [the NGO]. Instead of a > typical password authentication, the representative took off his > necklace and used a removable flash drive that held his private key. The > demonstration discouraged Abe: > > 'It was too over-the-top and definitely too complicated... it was like a > movie.' > > He saw the presenter as paranoid. He went on to say: > > 'Yeah, I admire him because he comes in and puts his passphrase ... > every single day, three times a day, so that's very dedicated to his > stuff. He must either be very scared or very motivated.' > > He was not sure whether this vigilance was justified. In fact, he > associated it with being fearful, perhaps irrationally fearful. > > Abe reiterated this when asked to speculate on why a colleague sent > every e-mail message encrypted. He figured this man has an automated > system for encrypting e-mail 'or he's nuts.' > > When Sandra was asked why she said her e-mail communications were not > anything people were 'dying to get their hands on,' she explained: > > 'I'm not paranoid enough to think the CIA is monitoring my emails or > anything to that effect.' > > Not only was encrypting messages excessive for someone who had no > secrets, it was _paranoid_ _behavior_ to assume anyone would be > interested in eavesdropping on her communications. > > Jenny also thought it was abnormal to encrypt non-secret information. > When the interviewer abstractly explained that people in security > suggest all users encrypt all messages, Jenny was baffled: > > 'So you're saying that ... people should just--even _normal_ people? > That you're sending e-mail to ... your mom, like "hey, things are going > ...", that you should encrypt your e-mail? That people should do all > that?' > > Jenny emphasizes 'normal people.' _Normal_ _people_ wouldn't encrypt > normal messages." > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From nonsense at graumannschaft.org Mon Apr 10 10:46:57 2017 From: nonsense at graumannschaft.org (Johannes Graumann) Date: Mon, 10 Apr 2017 10:46:57 +0200 Subject: Extending Expiration dates of gnupg keys with the private key residing on a smart card Message-ID: <1491814017.1975.15.camel@graumannschaft.org> Hello, This is a retake of a stackexchange.com question, wheree so far noone chimed in ... http://stackoverflow.com/q/43296285/2103880 I had setup a working smart card setup, where the local key ring solely contained public subkeys and secret keys resided on a smart card. Conservatively I set the expiration date to 1 year. The setup worked nicely and as the keys approached there expiration date, I proceeded as follows to attempt to extend their expiration date: 1) Kill running gpg-agent: pkill gpg-agent 2) Import offline master key (backup): gpg --import .master.key 3) Edit expiry of subkeys (pubkey): gpg --expert --edit-key - toggle keys 1, 2, 3 (sign, encrypt, authentication) - expire: 1y - save 4) Remove secret master keys: gpg --delete-secret-keys As a result the keys remain unavailable (expired?) to all means I intent to use them with (kmail/kgpg/kleopatra, evolution/seahorse, etc.). Where did I go wrong and how may I recover? Thanks for any pointers. Sincerely, Joh From mtg at gnu.org Mon Apr 10 18:59:27 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Mon, 10 Apr 2017 12:59:27 -0400 Subject: Smart card References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> Message-ID: <87a87omc5s.fsf@gnu.org> On Sun, Apr 09, 2017 at 23:25:06 -0400, Robert J. Hansen wrote: >> My point is that if you base your entire threat model and practices on >> the fact that some attacker somewhere is going to succeed in a targeted >> attack against you, then you may as well give up on security period. > > If your threat model includes Tier-1 actors, you're gonna get Mossaded. > > You. Cannot. Win. Yes, exactly---if. I'm not arguing against that. It's the "if" part. The article left no space inbetween for a threat model between "organized criminals, don't click on herbal Viagra ads" and "Mossad, magical amulets". The original conversation into which you pasted that quote wasn't talking about Mossad (unless I missed something). -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From duane at nofroth.com Mon Apr 10 19:28:10 2017 From: duane at nofroth.com (Duane Whitty) Date: Mon, 10 Apr 2017 14:28:10 -0300 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> Message-ID: <345510a9-300c-ce27-cdce-a3dc0f345a2b@nofroth.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 17-04-10 12:25 AM, Robert J. Hansen wrote: >> I think this is being confounded by adjoining two >> conversations---that smartcards provide additional security given >> a compromised system, and the satirical quote your provided. I >> was referring in this case to the latter. > > If you send or receive sensitive communications from a compromised > endpoint, you're screwed. The smartcard will not save you. It > can't. > > When I hear people talk about how the smartcard will keep their > keys safe even after a system compromise, I hear that as being like > a survivalist talking about how great it is his tiny bomb shelter > will keep his seeds safe after a direct hit from a nuclear bomb. > Great, I'm very happy for you, but you're giving *terrible* advice > to people who are worried about the bomb dropping. Even > encouraging them to move somewhere that's not a high-priority > target for a nuclear strike, as impractical as that advice is, is > better. > >> My point is that if you base your entire threat model and >> practices on the fact that some attacker somewhere is going to >> succeed in a targeted attack against you, then you may as well >> give up on security period. > > If your threat model includes Tier-1 actors, you're gonna get > Mossaded. > > You. Cannot. Win. > > Therefore, any threat model that assumes you're the target of > Tier-1 interest is inherently -- I'll say it again -- screwed. > Once you become a target of Tier-1 interest it's all over. > > Don't come to their attention. And don't mislead newbies by making > them think they can win against Tier-1s, either. > >> You seem to be suggesting that key safety isn't even a concern if >> you're compromised---that nothing else matters, and the >> distinction between a compromise as you described with or without >> access to the key(s) is irrelevant. > > You seem to think that your bomb shelter surrounded by five > hundred meters of radioactive fused glass is somehow a win. After > all, your keys are safe, right? > > Preserve the security of your endpoint system. Nothing else will > do. > > _______________________________________________ Gnupg-users mailing > list Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > <> What if it's your business that's the target of tier 1 Western Intelligence actors who are interested in collecting intelligence on said target so as to bestow competitive advantage to your competitors for whatever the reason may be? My explicit assumptions for such a situation is that they don't want their target to know they are under surveillance and as result they aren't going to be knee-capping the target's employees to get their desired information. Business premises and data at rest and in transit is fair game as is the use of malware, root kits, warrantless wiretaps, etc. Perhaps the situation is that you're a Canadian jet engine manufacturer that has come up with a prototype for super efficient mach 2 capable engines for commercial aircraft :-D Of course you want to make sure that you and your engineers and other employees with access to sensitive data employ whatever measures you can to avoid a data compromise. :-D Obviously I'm trying to lighten the mood a little and still explore what the possibility is, if any, of protecting data from the prying eyes of tier 1 actors who might not think that what you have is important enough to kill or injure you for but that they would try very hard to get by employing other efforts. I'm not saying having a smart card reader and a pin pad here is going to be the magic amulet to protect your interests. <> Best Regards, Duane - -- Duane Whitty -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJY68CqAAoJEOJfpr8UVxtkPOIH/jpUNl8F1UCzfMUq1MGSK3Dk eapTNjg4iX8slRTqrLLc/JNmjoqHQjYgVTMLd5suwse+JIt/diaKwThTgxUov6Wc k5xRtlFILb7XMJNveEL6kK919Sgwm0I/AHIaIffNjIAXIoItfJ3yeZrqW5a0vD6+ AZHylpvtohXnGgEMN6TcNUm+D4VoBTRHz6G4BoxuUuV9iXWveVPaDDuion+swpDn o3EbHcqaJI53bRwDH1+2adJqCxHssc1Ph2q7ySH8ZKxUIwCYilGw5HBMoDUdRtoC 4nVFmv8xbVZcGNB1ZEdt0HWZzMc1H2fb+nTvRYjc3vjAzMBaXosbgzaj9orUnZE= =qDYH -----END PGP SIGNATURE----- From luis.marsano at gmail.com Sun Apr 9 22:37:26 2017 From: luis.marsano at gmail.com (luis.marsano at gmail.com) Date: Sun, 9 Apr 2017 16:37:26 -0400 Subject: gpgsm batch: cryptic error Message-ID: <58ea9b88.8f5d240a.b8537.0223@mx.google.com> Love gnupg. Recently discovered it can create X.509 certificates. However, I?m running into difficulties. >gpgsm --generate-key --batch cert.gpgsm gpgsm: line 2: error getting signing key by keygrip '(null)': IPC parameter error gpgsm: error creating certificate request: IPC parameter error >type cert.gpgsm %dry-run Key-Type: RSA Key-Usage: sign, cert Name-DN: CN=test Serial: random Issuer-DN: CN=marsano authority Expire-Date: 20500101T000000 Signing-Key: &67A48B009F82A4975C4CAD7C3AB2304116B448EC >gpgsm -K "&67A48B009F82A4975C4CAD7C3AB2304116B448EC" C:\Users\luism\AppData\Roaming\gnupg\pubring.kbx ------------------------------------------------ ID: 0x5172A795 S/N: 58E78DCE286D204B2E66F9F6 Issuer: /CN=marsano authority Subject: /CN=marsano authority validity: 2017-04-07 13:02:06 through 2027-04-05 13:02:06 key type: 2048 bit RSA key usage: certSign crlSign chain length: unlimited fingerprint: 6C:3C:2D:46:F6:1C:77:B5:FE:1B:05:09:90:40:6B:D0:51:72:A7:95 >gpgsm --version gpgsm (GnuPG) 2.1.20 [?] >gpgconf --check-programs gpg:OpenPGP:C%3a\Program Files (x86)\GnuPG\bin\gpg.exe:1:1: gpg-agent:Private Keys:C%3a\Program Files (x86)\GnuPG\bin\gpg-agent.exe:1:1: scdaemon:Smartcards:C%3a\Program Files (x86)\GnuPG\bin\scdaemon.exe:1:1: gpgsm:S/MIME:C%3a\Program Files (x86)\GnuPG\bin\gpgsm.exe:1:1: dirmngr:Network:C%3a\Program Files (x86)\GnuPG\bin\dirmngr.exe:1:1: pinentry:Passphrase Entry:C%3a\Program Files (x86)\GnuPG\bin\pinentry-basic.exe:1:1: >systeminfo Host Name: LMM-NOTEBOOK OS Name: Microsoft Windows 10 Education OS Version: 10.0.14393 N/A Build 14393 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free Registered Owner: luis.marsano at gmail.com Registered Organization: Microsoft Product ID: 00328-00206-31599-AA213 Original Install Date: 8/5/2016, 6:56:44 AM System Boot Time: 4/8/2017, 6:58:39 PM System Manufacturer: Hewlett-Packard System Model: HP ENVY dv6 Notebook PC System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~1200 Mhz [?] This is the current GnuPG installed recently from the simple installer. I can?t seem to generate a certificate. Any idea about this problem? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From haha915104 at gmail.com Mon Apr 10 11:47:42 2017 From: haha915104 at gmail.com (Gaston) Date: Mon, 10 Apr 2017 17:47:42 +0800 Subject: How Can I Uninstall GnuPG-2.1.20 from my MacOS Message-ID: Hi All, Cloud you tell me how to uninstall it? I can not find any instructions in the FAQ. OS: MacOS 12.2.4 GnuPG: 2.1.20 (downloaded from https://sourceforge.net/p/gpgosx/docu/Download/) Thank you, Gaston -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Apr 11 01:22:56 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 10 Apr 2017 19:22:56 -0400 Subject: I never quite got my answer, In-Reply-To: <499fa72d-8130-a61b-37a7-57b163741072@posteo.de> References: <499fa72d-8130-a61b-37a7-57b163741072@posteo.de> Message-ID: > I will try phrasing it differently though, is it possible to make the > ecc keys with sha512 and aes256? Yes. Add these two lines to your gpg.conf file: cert-digest SHA512 default-preference-list AES256 SHA512 SHA256 BZIP2 ZIP ZLIB Then generate your new ECC certificate. From calmstorm at posteo.de Tue Apr 11 03:47:51 2017 From: calmstorm at posteo.de (zap) Date: Mon, 10 Apr 2017 21:47:51 -0400 Subject: where do you find gpg.conf on debian 8 or 9? Message-ID: I ask this because, I cannot find gpg.conf at all in the normal location... /home/$user/.gnupg being the normal location usually... anyone know how to fix said problem/where it would be hidden on debian? Cannot change gpg keys to maximum security unless I know where that is... From rjh at sixdemonbag.org Tue Apr 11 03:54:23 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 10 Apr 2017 21:54:23 -0400 Subject: where do you find gpg.conf on debian 8 or 9? In-Reply-To: References: Message-ID: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> > I ask this because, I cannot find gpg.conf at all in the normal location... It's not an error if it doesn't exist. A lot of people get by just fine without one. But yes, $HOME/.gnupg is the customary location. If you don't have one, create a new text file in that directory. From mtg at gnu.org Tue Apr 11 05:20:43 2017 From: mtg at gnu.org (Mike Gerwitz) Date: Mon, 10 Apr 2017 23:20:43 -0400 Subject: Smart card In-Reply-To: <345510a9-300c-ce27-cdce-a3dc0f345a2b@nofroth.com> (Duane Whitty's message of "Mon, 10 Apr 2017 14:28:10 -0300") References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <345510a9-300c-ce27-cdce-a3dc0f345a2b@nofroth.com> Message-ID: <87r30ziq9g.fsf@gnu.org> Duane: On Mon, Apr 10, 2017 at 14:28:10 -0300, Duane Whitty wrote: > Obviously I'm trying to lighten the mood a little and still explore > what the possibility is, if any, of protecting data from the prying > eyes of tier 1 actors who might not think that what you have is > important enough to kill or injure you for but that they would try > very hard to get by employing other efforts. I'm not saying having a > smart card reader and a pin pad here is going to be the magic amulet > to protect your interests. It's not that it's impossible to do. But in most cases, because of all of the software, hardware, and wetware used, the attack surface is enormous. If an organization did all of its sensitive computation in a Faraday cage in an underground bunker under constant surveillance, where any operation on any sensitive data requires N people present through a secret sharing scheme, are you going to be better off? Sure. But still not immune to various types of espionage. And there are limits to what is practical. But that's different than the security of an individual, which is what we've been talking about. Corporations can afford to build secure rooms; hire ex-government security officials and other security/crypto experts; build their own hardware; etc. But the more people you involve, the more people you have to trust too. I do not believe that being the target of Mossad or the NSA or GHCQ or other intelligence agency means that a sufficiently well-funded and well-researched corporation is doomed to total compromise. I haven't been given reason to believe that through all the leaks we've seen. These intelligence agencies have immense resources, but certain practices and procedures introduce bottlenecks that increase the cost/risk of an attack possibly to the point that it's not worth carrying out. That's also a driver behind a lot of the legislation/laws we see under the guise of protection against terrorism and "going dark"---if you can't beat 'em, make them let you in. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: From patrick at enigmail.net Tue Apr 11 08:13:58 2017 From: patrick at enigmail.net (Patrick Brunschwig) Date: Tue, 11 Apr 2017 08:13:58 +0200 Subject: How Can I Uninstall GnuPG-2.1.20 from my MacOS In-Reply-To: References: Message-ID: <3b96a49e-ae62-3bcf-218f-3cb16cb7ded3@enigmail.net> On 10.04.17 11:47, Gaston wrote: > Hi All, > > Cloud you tell me how to uninstall it? I can not find any instructions > in the FAQ. > > OS: MacOS 12.2.4 > GnuPG: 2.1.20 (downloaded from > https://sourceforge.net/p/gpgosx/docu/Download/) Open a Termina an execute the following line: sudo rm -rf /usr/local/gnupg-2.1 -Patrick From rjh at sixdemonbag.org Tue Apr 11 13:21:59 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 11 Apr 2017 07:21:59 -0400 Subject: Smart card In-Reply-To: <345510a9-300c-ce27-cdce-a3dc0f345a2b@nofroth.com> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <345510a9-300c-ce27-cdce-a3dc0f345a2b@nofroth.com> Message-ID: > What if it's your business that's the target of tier 1 Western > Intelligence actors who are interested in collecting intelligence on > said target so as to bestow competitive advantage to your competitors > for whatever the reason may be? I'm going to give two answers here, one human-readable and one which will require a fairly high level of technical knowledge. ===== You haven't heard me talk about intelligence agencies for a simple reason: the capabilities of private sector groups match or exceed those of nation-states. For instance, Google's been defending their networks against sophisticated Chinese attacks for so long that it wouldn't surprise me one bit if Google had an in-house team capable of playing the game with anyone. That said: effective defense is built upon knowledge. Knowledge informs your threat model and helps guide your responses. Extremely serious attackers will be single-mindedly obsessed with denying you this knowledge. That's part of what makes defending against them so difficult: if you don't know you're under attack, you're extremely ill-equipped to defend. I am not especially worried about so-called "advanced persistent threats". When I hear someone say their IDS is going off hundreds of times a day with IP addresses resolving to China, I yawn. That's not an advanced threat. (Persistent, maybe. Not advanced.) An advanced threat is one that doesn't set off the IDS, one you don't see coming, one you don't get the opportunity to stage active measures against. ===== Now for the technically challenging stuff: Lockheed Martin wrote a *fantastic* whitepaper on defending against advanced threats. "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains". Read it. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf My explicit assumptions for such a > situation is that they don't want their target to know they are under > surveillance and as result they aren't going to be knee-capping the > target's employees to get their desired information. Business > premises and data at rest and in transit is fair game as is the use of > malware, root kits, warrantless wiretaps, etc. > > Perhaps the situation is that you're a Canadian jet engine > manufacturer that has come up with a prototype for super efficient > mach 2 capable engines for commercial aircraft :-D Of course you want > to make sure that you and your engineers and other employees with > access to sensitive data employ whatever measures you can to avoid a > data compromise. :-D > > Obviously I'm trying to lighten the mood a little and still explore > what the possibility is, if any, of protecting data from the prying > eyes of tier 1 actors who might not think that what you have is > important enough to kill or injure you for but that they would try > very hard to get by employing other efforts. I'm not saying having a > smart card reader and a pin pad here is going to be the magic amulet > to protect your interests. > > <> > > Best Regards, > Duane > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From justus at g10code.com Tue Apr 11 13:14:13 2017 From: justus at g10code.com (Justus Winter) Date: Tue, 11 Apr 2017 13:14:13 +0200 Subject: GPA bug report In-Reply-To: <83ac9859-0676-0581-a51e-59d9045665ec@sixdemonbag.org> References: <83ac9859-0676-0581-a51e-59d9045665ec@sixdemonbag.org> Message-ID: <87inmbb3i2.fsf@europa.jade-hamburg.de> "Robert J. Hansen" writes: > (Apologies for the HTML mail; it seems to be the best way to submit a > screenshot, though.) Werner filters out all mail containing html, so this will not reach him. Why not simply attach the image to a plain/text mail? Or even better, report a bug at https://dev.gnupg.org. > The last two subkeys on this list are elliptical curves, not RSA. GPA > is mis-reporting them. Odd. Justus -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: From calmstorm at posteo.de Tue Apr 11 15:47:30 2017 From: calmstorm at posteo.de (zap) Date: Tue, 11 Apr 2017 09:47:30 -0400 Subject: where do you find gpg.conf on debian 8 or 9? In-Reply-To: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> References: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> Message-ID: It worked! Thanks for your help. On 04/10/2017 09:54 PM, Robert J. Hansen wrote: >> I ask this because, I cannot find gpg.conf at all in the normal location... > It's not an error if it doesn't exist. A lot of people get by just fine > without one. But yes, $HOME/.gnupg is the customary location. > > If you don't have one, create a new text file in that directory. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From calmstorm at posteo.de Tue Apr 11 15:48:17 2017 From: calmstorm at posteo.de (zap) Date: Tue, 11 Apr 2017 09:48:17 -0400 Subject: where do you find gpg.conf on debian 8 or 9? In-Reply-To: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> References: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> Message-ID: <3f69c2f5-1f56-7b74-cd2d-19de3e2cc422@posteo.de> thank you for your help it worked. Although I did have to use gpg2 --edit-key then my id, but yeah. On 04/10/2017 09:54 PM, Robert J. Hansen wrote: >> I ask this because, I cannot find gpg.conf at all in the normal location... > It's not an error if it doesn't exist. A lot of people get by just fine > without one. But yes, $HOME/.gnupg is the customary location. > > If you don't have one, create a new text file in that directory. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From calmstorm at posteo.de Tue Apr 11 20:20:44 2017 From: calmstorm at posteo.de (zap) Date: Tue, 11 Apr 2017 14:20:44 -0400 Subject: where do you find gpg.conf on debian 8 or 9? In-Reply-To: <3f69c2f5-1f56-7b74-cd2d-19de3e2cc422@posteo.de> References: <98bfec83-9c90-9de6-1319-e2dc53e61bc2@sixdemonbag.org> <3f69c2f5-1f56-7b74-cd2d-19de3e2cc422@posteo.de> Message-ID: <70e178ad-27e0-2264-b550-aecd526b17e7@posteo.de> My bad, somehow I double posted... On 04/11/2017 09:48 AM, zap wrote: > thank you for your help it worked. > > Although I did have to use gpg2 --edit-key then my id, > > but yeah. > > On 04/10/2017 09:54 PM, Robert J. Hansen wrote: >>> I ask this because, I cannot find gpg.conf at all in the normal location... >> It's not an error if it doesn't exist. A lot of people get by just fine >> without one. But yes, $HOME/.gnupg is the customary location. >> >> If you don't have one, create a new text file in that directory. >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From g.sosna at auckland.ac.nz Wed Apr 12 04:50:36 2017 From: g.sosna at auckland.ac.nz (Greg Sosna) Date: Wed, 12 Apr 2017 02:50:36 +0000 Subject: BAD signature - potential timezone problem Message-ID: I've received two files from the same sender who uses OpenPGPBlackbox, they assure me that they are both encrypted the same way with the same parameters, just at different times. The sender is located in Sydney, NSW, Australia and I am located in Auckland, New Zealand. The files are generated at 10pm and 4am Sydney time. Both of the files decrypt correctly using GnuPG 2.1.18 but the one generated at 10pm receives bad signature, while the one at 4am receives good signature irrelevant of what time I try to decrypt them. The times of the signing that GPG reports are correct (in American date format). My question is whether there is anything else I can do to troubleshoot this issue to get to the bottom of the problem ? .\GnuPG\bin\gpg.exe --verbose -o output_4am.txt --decrypt decryptedfile_4am.gpg gpg: public key is ... gpg: public key is ... gpg: using subkey ... instead of primary key ... gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20 "GPG key TEST" gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20 "GPG key TEST" gpg: CAST5 encrypted data gpg: Note: sender requested "for-your-eyes-only" gpg: Signature made 04/12/17 06:06:36 New Zealand Standard Time gpg: using RSA key ... gpg: using pgp trust model gpg: Good signature from "..." [full] gpg: textmode signature, digest algorithm SHA1, key algorithm rsa2048 .\GnuPG\bin\gpg.exe --verbose -o output_10pm.txt --decrypt decryptedfile_10pm.gpg gpg: public key is ... gpg: public key is ... gpg: using subkey ... instead of primary key ... gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20 "GPG key TEST" gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20 "GPG key TEST" gpg: CAST5 encrypted data gpg: Note: sender requested "for-your-eyes-only" gpg: Signature made 04/12/17 00:02:13 New Zealand Standard Time gpg: using RSA key ... gpg: using pgp trust model gpg: BAD signature from "..." [full] gpg: textmode signature, digest algorithm SHA1, key algorithm rsa2048 regards, Greg Sosna -------------- next part -------------- An HTML attachment was scrubbed... URL: From joaobeleza at yahoo.com Wed Apr 12 10:34:44 2017 From: joaobeleza at yahoo.com (joao baleza) Date: Wed, 12 Apr 2017 08:34:44 +0000 (UTC) Subject: Display a gpg signature as a string of zeros and ones? In-Reply-To: <87shlgbwem.fsf@fifthhorseman.net> References: <136219181.2496500.1491500363318.ref@mail.yahoo.com> <136219181.2496500.1491500363318@mail.yahoo.com> <87zifsgpys.fsf@alice.fifthhorseman.net> <1807747869.3318315.1491584105660@mail.yahoo.com> <87shlgbwem.fsf@fifthhorseman.net> Message-ID: <350455598.231305.1491986084512@mail.yahoo.com> This makes totally sense.I will proceed with the complete gpg signature.Thanks for your help.jbs Em Segunda-feira, 10 de Abril de 2017 7:38, Daniel Kahn Gillmor escreveu: On Fri 2017-04-07 16:55:05 +0000, joao baleza wrote: > Sorry. I was not clear enough. I will try to explain better.? As > far has I understand, a 2048 key gpg RSA digital signature has > 2048 bits. But the binary gpg signature file has more than 2048 > bits because the file has some extra data besides the signature > itself. My question is: is there any way to display a gpg > signature with no extra data, just the signature itself, as a > string of zeros and ones? My confusion stems from the fact that you seem to be asking both about "display" and about size compression. you can't actually display any of the ones or zeros without converting them to some form that humans can understand, which typically means expanding them significantly (e.g. looking at the data in hex or base64 encoding). So if you're talking about minimizing size of an OpenPGP signature, you want to avoid ASCII-armoring the signature.? this will still be more than 2048 bits because the OpenPGP signature format has some framing structure around it.? If you remove that framing structure, the bitstring you have left won't be safe to interpret because it will look like arbitrary noise that happens to be a useful input to some particular algorithm. To put it another way: an OpenPGP signature is more than just a mathematical/cryptographic object.? it's also a protocol object, and the protocol details take up space too. Does this make more sense? ? ? ? ? --dkg -------------- next part -------------- An HTML attachment was scrubbed... URL: From dsaklad at gnu.org Wed Apr 12 13:18:20 2017 From: dsaklad at gnu.org (Don Saklad) Date: Wed, 12 Apr 2017 07:18:20 -0400 Subject: Folks, complete novices unfamiliar with a message turns up with that signature gobbledygook. Message-ID: <5i8tn53mdf.fsf@fencepost.gnu.org> For folks, complete novices unfamiliar a message turns up with that signature gobbledygook. What could be their very next step for figuring out how to use the information? From derektye75 at gmail.com Wed Apr 12 13:45:09 2017 From: derektye75 at gmail.com (Derek Tye) Date: Wed, 12 Apr 2017 13:45:09 +0200 Subject: Cannot encrypt to reenabled key after migration Message-ID: Hey folks, I have a keypair that was created with gpg 1.4.20 and currently is disabled. I installed gpg 2.1.20 and tried to enable this key, but get the following error: \>gpg --edit-key testkey gpg (GnuPG) 2.1.20; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from '.../gnupgHome/secring.gpg' to gpg-agent gpg: key C4EE06ABF10675C4: secret key imported gpg: migration succeeded gpg: checking the trustdb gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... ^C When I repeat the edit-key command it works ok. Then I want to encrypt something to this key, but get the same error message: \>gpg --encrypt -r testkey gpg: checking the trustdb gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... ^C \>gpg --encrypt -r testkey gpg: checking the trustdb gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... ^C \>gpg --encrypt -r testkey gpg: checking the trustdb gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file 'Z:/Anwendungsdaten/gnupgHome/pubring.gpg' to become accessible ... ^C As you can see it never works, until I use list-key or list-public-key command. After this I am able to encrypt to this key. (I am using Windows 8.1 64.) Anybody had/has this problem too? Regards Derek -------------- next part -------------- An HTML attachment was scrubbed... URL: From 2014-667rhzu3dc-lists-groups at riseup.net Wed Apr 12 16:21:38 2017 From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA) Date: Wed, 12 Apr 2017 15:21:38 +0100 Subject: Cannot encrypt to reenabled key after migration In-Reply-To: References: Message-ID: <5910007042.20170412152138@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wednesday 12 April 2017 at 12:45:09 PM, in , Derek Tye wrote:- > gpg: waiting for file '.../gnupgHome/pubring.gpg' to > become accessible ... I have encountered a problem with 2.1.20 writing to my public keyring. I was using the pre-compiled binaries on Windows 10. When editing/refreshing keys, or running gpg --check-trustdb, at the end of the operation the command window gradually fills up with repeated lines of:- gpg: waiting for file 'C:/[path]/gnupg/pubring.kbx' to become accessible ... These lines keep coming until I close the command window, or CTRL C then RETURN, or terminate "GnuPG's OpenPGP tool (32 bit)" in Task Manager. Oddly, creating new keys does not seem to trigger this. (Or else the problem is intermittent.) The problem went away when I switched back to GnuPG 2.1.19. - -- Best regards MFPA Keep them dry and don't feed them after midnight -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWO439F8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4 5C8pAQD7LfN2DrFXaJHJdxmpzM9sBcr2Pi6SOgvT7lJxkUVy2AD/fbKlrk+gDlCf d08/GjB62q3FYY/i6vPKTx21bFm5fAiJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr fHTOsx8l8AUCWO439F8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3 Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8FcMCACl1XxPWIFDz0BaAgDIdLRtjWU2 tIOz5iVAi1UUNLZYdrX3Gwb5lBjGViJlTo6I/fO3TQPWgZf9VynnHYhFXB4I0aOs zlH/WvpRfOzVTN9cBWciFdyF8U1VIgSyjyQNXEzlxHgh4jiYFUnZ04UaSM9NLU0i dErHpNq6aB2TLcvxmfRqoh7BvBDX9I038CI5sv00sldt5hbt1x8Vq8p49JxoA/iD 7UN9pVRQC4mtIeo7ZrTG8ATWYLoZ70lW047OozEiHzEpFgH3id4I1h/wiFb1be5c pUt5m1gp7PTw4EkThOLCX8uPJjMflEECd+rYxV/JSKxaNq3SfmLSJpIq9DRT =yvI/ -----END PGP SIGNATURE----- From gpg at mdsresource.net Wed Apr 12 17:35:43 2017 From: gpg at mdsresource.net (helices) Date: Wed, 12 Apr 2017 10:35:43 -0500 Subject: How can I change the passphrase on our secret keys? Message-ID: How can I change the passphrase on our secret keys? I've searched Google and gnupg.org to no avail. What am I missing? Versions: gpg (GnuPG) 2.0.14 gpg (GnuPG) 2.0.22 -------------- next part -------------- An HTML attachment was scrubbed... URL: From alaricd at pengdows.com Wed Apr 12 17:51:55 2017 From: alaricd at pengdows.com (Alaric L. Dailey) Date: Wed, 12 Apr 2017 15:51:55 +0000 (UTC) Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: Message-ID: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> http://blog.chapagain.com.np/gpg-how-to-change-edit-private-key-passphrase/ From: "helices" To: gnupg-users at gnupg.org Sent: Wednesday, April 12, 2017 10:35:43 AM Subject: How can I change the passphrase on our secret keys? How can I change the passphrase on our secret keys? I've searched Google and [ http://gnupg.org/ | gnupg.org ] to no avail. What am I missing? Versions: gpg (GnuPG) 2.0.14 gpg (GnuPG) 2.0.22 _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From gpg at mdsresource.net Wed Apr 12 18:02:04 2017 From: gpg at mdsresource.net (helices) Date: Wed, 12 Apr 2017 11:02:04 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> Message-ID: Yes, I saw that. On one host, that works. On other, I get following error: gpg> passwd Key is protected. You need a passphrase to unlock the secret key for user: "Sempris " 4096-bit RSA key, ID 80167A71, created 2016-03-18 gpg: cancelled by user Can't edit this key: Operation cancelled What am I missing? On Wed, Apr 12, 2017 at 10:51 AM, Alaric L. Dailey wrote: > http://blog.chapagain.com.np/gpg-how-to-change-edit- > private-key-passphrase/ > > ------------------------------ > *From: *"helices" > *To: *gnupg-users at gnupg.org > *Sent: *Wednesday, April 12, 2017 10:35:43 AM > *Subject: *How can I change the passphrase on our secret keys? > > How can I change the passphrase on our secret keys? > > I've searched Google and gnupg.org to no avail. > > What am I missing? > > Versions: > gpg (GnuPG) 2.0.14 > gpg (GnuPG) 2.0.22 > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wsenn1 at twu.edu Wed Apr 12 18:06:50 2017 From: wsenn1 at twu.edu (Senn, William) Date: Wed, 12 Apr 2017 11:06:50 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> Message-ID: <3188263c-65ac-417c-9792-9cde95b57487@twu.edu> You have to know the original secret key in order to make changes. If you have lost access to your original passphrase, you are completely out of luck. Will On 4/12/2017 11:02 AM, helices wrote: > Yes, I saw that. On one host, that works. > > On other, I get following error: > gpg> passwd > Key is protected. > > You need a passphrase to unlock the secret key for > user: "Sempris " > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > gpg: cancelled by user > Can't edit this key: Operation cancelled > > > What am I missing? > > > On Wed, Apr 12, 2017 at 10:51 AM, Alaric L. Dailey > > wrote: > > http://blog.chapagain.com.np/gpg-how-to-change-edit-private-key-passphrase/ > > > ------------------------------------------------------------------------ > *From: *"helices" > > *To: *gnupg-users at gnupg.org > *Sent: *Wednesday, April 12, 2017 10:35:43 AM > *Subject: *How can I change the passphrase on our secret keys? > > How can I change the passphrase on our secret keys? > > I've searched Google and gnupg.org to no avail. > > What am I missing? > > Versions: > gpg (GnuPG) 2.0.14 > gpg (GnuPG) 2.0.22 > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From gpg at mdsresource.net Wed Apr 12 18:14:44 2017 From: gpg at mdsresource.net (helices) Date: Wed, 12 Apr 2017 11:14:44 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: <3188263c-65ac-417c-9792-9cde95b57487@twu.edu> References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> <3188263c-65ac-417c-9792-9cde95b57487@twu.edu> Message-ID: Will, Yes, I do have the passphrase. My problem here is that gpg NEVER challenges me for the passphrase! On Wed, Apr 12, 2017 at 11:06 AM, Senn, William wrote: > You have to know the original secret key in order to make changes. If you > have lost access to your original passphrase, you are completely out of > luck. > > Will > > > On 4/12/2017 11:02 AM, helices wrote: > > Yes, I saw that. On one host, that works. > > On other, I get following error: > gpg> passwd > Key is protected. > > You need a passphrase to unlock the secret key for > user: "Sempris " > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > gpg: cancelled by user > Can't edit this key: Operation cancelled > > > What am I missing? > > > On Wed, Apr 12, 2017 at 10:51 AM, Alaric L. Dailey > wrote: > >> http://blog.chapagain.com.np/gpg-how-to-change-edit-private- >> key-passphrase/ >> >> ------------------------------ >> *From: *"helices" >> *To: *gnupg-users at gnupg.org >> *Sent: *Wednesday, April 12, 2017 10:35:43 AM >> *Subject: *How can I change the passphrase on our secret keys? >> >> How can I change the passphrase on our secret keys? >> >> I've searched Google and gnupg.org to no avail. >> >> What am I missing? >> >> Versions: >> gpg (GnuPG) 2.0.14 >> gpg (GnuPG) 2.0.22 >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > > > > _______________________________________________ > Gnupg-users mailing listGnupg-users at gnupg.orghttp://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wsenn1 at twu.edu Wed Apr 12 18:20:34 2017 From: wsenn1 at twu.edu (Senn, William) Date: Wed, 12 Apr 2017 11:20:34 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> <3188263c-65ac-417c-9792-9cde95b57487@twu.edu> Message-ID: <5877efa6-10c9-7ac5-9840-d9e94e59e87b@twu.edu> Well, this is above my paygrade then. I've had this problem on my mac when I've had stray pieces of gpg strewn all over /usr/local because I brew installed one too many instances of gpg. The solution in my case was to remove all traces of gpg, gpg-agent, etc. and then reinstall a consistent version and rebooting (maybe killall gpg-agent would work too). Good luck. Will On 4/12/2017 11:14 AM, helices wrote: > Will, > > Yes, I do have the passphrase. > > My problem here is that gpg NEVER challenges me for the passphrase! > > > > On Wed, Apr 12, 2017 at 11:06 AM, Senn, William > wrote: > > You have to know the original secret key in order to make changes. > If you have lost access to your original passphrase, you are > completely out of luck. > > Will > > > On 4/12/2017 11:02 AM, helices wrote: >> Yes, I saw that. On one host, that works. >> >> On other, I get following error: >> gpg> passwd >> Key is protected. >> >> You need a passphrase to unlock the secret key for >> user: "Sempris >> " >> 4096-bit RSA key, ID 80167A71, created 2016-03-18 >> >> gpg: cancelled by user >> Can't edit this key: Operation cancelled >> >> >> What am I missing? >> >> >> On Wed, Apr 12, 2017 at 10:51 AM, Alaric L. Dailey >> > wrote: >> >> http://blog.chapagain.com.np/gpg-how-to-change-edit-private-key-passphrase/ >> >> >> ------------------------------------------------------------------------ >> *From: *"helices" > > >> *To: *gnupg-users at gnupg.org >> *Sent: *Wednesday, April 12, 2017 10:35:43 AM >> *Subject: *How can I change the passphrase on our secret keys? >> >> How can I change the passphrase on our secret keys? >> >> I've searched Google and gnupg.org to no >> avail. >> >> What am I missing? >> >> Versions: >> gpg (GnuPG) 2.0.14 >> gpg (GnuPG) 2.0.22 >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> >> >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > _______________________________________________ Gnupg-users > mailing list Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From antony at blazrsoft.com Wed Apr 12 22:42:57 2017 From: antony at blazrsoft.com (Antony Prince) Date: Wed, 12 Apr 2017 16:42:57 -0400 Subject: Question on Putty and gpg-agent Message-ID: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> My old key is expiring at the beginning of next month, so I've generated a new set of keys. Dropped down to 2048 from 4096 RSA since 4096 seemed a bit of overkill and have the master key in a single location. That's a different discussion. Anyway, using my new Authentication key on Linux with SSH seems to be going okay. A few issues with ssh-agent being present, etc. All that seems to be working okay now. The issue I'm having is using Putty and gnupg on Windows. The versions are: OS: Windows 7 SP1 x64 Putty: 0.63 C:\Users\antony>gpg --version gpg (GnuPG) 2.1.20 libgcrypt 1.7.6 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Users/antony/AppData/Roaming/gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 C:\Users\antony>gpg-connect-agent > GETINFO version D 2.1.20 OK > bye OK closing connection The following options are in "C:\Users\antony\AppData\Roaming\gnupg\gpg-agent.conf": default-cache-ttl 300 max-cache-ttl 3000 enable-putty-support disable-scdaemon daemon I have the keygrip listed in sshcontrol (the file was not created on its own, I created it manually). When I try to connect to the server with putty using the "Attempt authentication using Pageant" option, I just get "Disconnected: No supported authentication methods available. (server sent: publickey)". I was of the understanding that gpg-agent would act as a replacement for Pageant in this mode. I have the public key in the ~/.ssh/authorized_keys file and can log in successfully using ssh and gpg-agent on Linux. Before I added "disable-scdaemon", gpg-agent would complain that it couldn't find the key on the card (I've never had one). Since adding that option, that error has gone away, but it still does not work and gpg-agent doesn't provide any helpful output. The keygrip named file exists in private-keys-v1.d, so the key is there. Any help in further troubleshooting the issue would be greatly appreciated. I'm sorry if this has been answered before. I looked through the archives and googled around a bit, but couldn't find anything to point me in the right direction. -- Regards, Antony -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature URL: From jerry at seibercom.net Thu Apr 13 13:06:32 2017 From: jerry at seibercom.net (Jerry) Date: Thu, 13 Apr 2017 07:06:32 -0400 Subject: Question on Putty and gpg-agent In-Reply-To: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> References: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> Message-ID: <20170413070632.00006c2b@seibercom.net> On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated: >My old key is expiring at the beginning of next month, so I've >generated a new set of keys. Dropped down to 2048 from 4096 RSA since >4096 seemed a bit of overkill and have the master key in a single >location. That's a different discussion. Anyway, using my new >Authentication key on Linux with SSH seems to be going okay. A few >issues with ssh-agent being present, etc. All that seems to be working >okay now. The issue I'm having is using Putty and gnupg on Windows. >The versions are: > >OS: Windows 7 SP1 x64 >Putty: 0.63 > >C:\Users\antony>gpg --version >gpg (GnuPG) 2.1.20 >libgcrypt 1.7.6 >Copyright (C) 2017 Free Software Foundation, Inc. >License GPLv3+: GNU GPL version 3 or later > >This is free software: you are free to change and redistribute it. >There is NO WARRANTY, to the extent permitted by law. > >Home: C:/Users/antony/AppData/Roaming/gnupg >Supported algorithms: >Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA >Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > CAMELLIA128, CAMELLIA192, CAMELLIA256 >Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >Compression: Uncompressed, ZIP, ZLIB, BZIP2 > >C:\Users\antony>gpg-connect-agent >> GETINFO version >D 2.1.20 >OK >> bye >OK closing connection > >The following options are in >"C:\Users\antony\AppData\Roaming\gnupg\gpg-agent.conf": > >default-cache-ttl 300 >max-cache-ttl 3000 >enable-putty-support >disable-scdaemon >daemon > >I have the keygrip listed in sshcontrol (the file was not created on >its own, I created it manually). > >When I try to connect to the server with putty using the "Attempt >authentication using Pageant" option, I just get "Disconnected: No >supported authentication methods available. (server sent: publickey)". >I was of the understanding that gpg-agent would act as a replacement >for Pageant in this mode. > >I have the public key in the ~/.ssh/authorized_keys file and can log in >successfully using ssh and gpg-agent on Linux. Before I added >"disable-scdaemon", gpg-agent would complain that it couldn't find the >key on the card (I've never had one). Since adding that option, that >error has gone away, but it still does not work and gpg-agent doesn't >provide any helpful output. The keygrip named file exists in >private-keys-v1.d, so the key is there. Any help in further >troubleshooting the issue would be greatly appreciated. I'm sorry if >this has been answered before. I looked through the archives and >googled around a bit, but couldn't find anything to point me in the >right direction. That is a very old version of Putty. Latest news 2017-02-21 PuTTY 0.68 released, containing ECC, a 64-bit build, and security fixes PuTTY 0.68, released today, supports elliptic-curve cryptography for host keys, user authentication keys, and key exchange. Also, for the first time, it comes in a 64-bit Windows version. 0.68 also contains some security fixes: a vulnerability in agent forwarding is fixed, and Windows DLL hijacking should no longer be possible. -- Jerry From derektye75 at gmail.com Thu Apr 13 15:13:06 2017 From: derektye75 at gmail.com (Derek Tye) Date: Thu, 13 Apr 2017 15:13:06 +0200 Subject: Cannot encrypt to reenabled key after migration In-Reply-To: <5910007042.20170412152138@riseup.net> References: <5910007042.20170412152138@riseup.net> Message-ID: 2017-04-12 16:21 GMT+02:00 MFPA <2014-667rhzu3dc-lists-groups at riseup.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > > On Wednesday 12 April 2017 at 12:45:09 PM, in > , > Derek Tye wrote:- > > > > gpg: waiting for file '.../gnupgHome/pubring.gpg' to > > become accessible ... > > I have encountered a problem with 2.1.20 writing to my public keyring. > I was using the pre-compiled binaries on Windows 10. > > When editing/refreshing keys, or running gpg --check-trustdb, at the > end of the operation the command window gradually fills up with > repeated lines of:- > > gpg: waiting for file 'C:/[path]/gnupg/pubring.kbx' to become > accessible ... > > These lines keep coming until I close the command window, or CTRL C > then RETURN, or terminate "GnuPG's OpenPGP tool (32 bit)" in Task > Manager. > > Oddly, creating new keys does not seem to trigger this. (Or else the > problem is intermittent.) > > The problem went away when I switched back to GnuPG 2.1.19. > Thank you for the hint. The message went way with 2.1.19. Regards Derek -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglist at darac.org.uk Thu Apr 13 15:25:38 2017 From: mailinglist at darac.org.uk (Darac Marjal) Date: Thu, 13 Apr 2017 14:25:38 +0100 Subject: Folks, complete novices unfamiliar with a message turns up with that signature gobbledygook. In-Reply-To: <5i8tn53mdf.fsf@fencepost.gnu.org> References: <5i8tn53mdf.fsf@fencepost.gnu.org> Message-ID: <20170413132538.htgfic7doigdzer7@darac.org.uk> On Wed, Apr 12, 2017 at 07:18:20AM -0400, Don Saklad wrote: >For folks, complete novices unfamiliar a message turns up with that >signature gobbledygook. What could be their very next step for figuring >out how to use the information? I would suggest their very next step is to search, using their preferred search engine, for a distinctive phrase from the "gobbledygook". One phrase that the user may notice is common to the messages is: "BEGIN PGP SIGNED MESSAGE". If I enter that into a search engine, I get several results, including a number of sites purporting to be tutorials or introductions or howtos for either "PGP" or "The GNU Privacy Guard". With luck, one or other of those will enlighten the user. > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users -- For more information, please reread. From antony at blazrsoft.com Thu Apr 13 19:40:04 2017 From: antony at blazrsoft.com (Antony Prince) Date: Thu, 13 Apr 2017 13:40:04 -0400 Subject: Question on Putty and gpg-agent In-Reply-To: <20170413070632.00006c2b@seibercom.net> References: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> <20170413070632.00006c2b@seibercom.net> Message-ID: On 4/13/2017 7:06 AM, Jerry wrote: > On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated: > ... >> >> OS: Windows 7 SP1 x64 >> Putty: 0.63 >> ... >> When I try to connect to the server with putty using the "Attempt >> authentication using Pageant" option, I just get "Disconnected: No >> supported authentication methods available. (server sent: publickey)". >> I was of the understanding that gpg-agent would act as a replacement >> for Pageant in this mode. >> ... > > That is a very old version of Putty. > I realized that immediately after sending the mail to the list. I upgraded to 0.68 and tried again with the same results. From what I can tell, the agent is receiving the request for the key, but not serving it. Before I disabled scdaemon, gpg-agent would complain that it couldn't find the key on the card meaning that the agent was receiving the request. Why it isn't serving the key is the question, I believe. -- Antony -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature URL: From antony at blazrsoft.com Fri Apr 14 22:52:25 2017 From: antony at blazrsoft.com (Antony Prince) Date: Fri, 14 Apr 2017 16:52:25 -0400 Subject: Question on Putty and gpg-agent In-Reply-To: References: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> <20170413070632.00006c2b@seibercom.net> Message-ID: <3a377ba5-4b6c-bd91-a6da-04bc272f7df3@blazrsoft.com> On 4/13/2017 1:40 PM, Antony Prince wrote: > On 4/13/2017 7:06 AM, Jerry wrote: >> On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated: >> ... >>> When I try to connect to the server with putty using the "Attempt >>> authentication using Pageant" option, I just get "Disconnected: No >>> supported authentication methods available. (server sent: publickey)". >>> I was of the understanding that gpg-agent would act as a replacement >>> for Pageant in this mode. >>> > > ... > >> >> That is a very old version of Putty. >> > > I realized that immediately after sending the mail to the list. I > upgraded to 0.68 and tried again with the same results. From what I can > tell, the agent is receiving the request for the key, but not serving > it. Before I disabled scdaemon, gpg-agent would complain that it > couldn't find the key on the card meaning that the agent was receiving > the request. Why it isn't serving the key is the question, I believe. > Well, I can confirm that the agent is receiving the request, but I can't figure out why it isn't sending a response that PUTTY likes. I started gpg-agent using "gpg-agent -vv --daemon --enable-putty-support --debug-level guru". The following is what I get in the console when attempting to connect to a server with putty: gpg-agent[5436]: DBG: ssh map file 'PageantRequest00001bac' gpg-agent[5436]: DBG: ssh map handle 0x0000014c gpg-agent[5436]: DBG: my sid: 'S-1-5-21-1798341051-2053502947-23644474 9-1000' gpg-agent[5436]: DBG: ssh map file sid: 'S-1-5-21-1798341051-2053502947-23644474 9-1000' gpg-agent[5436]: DBG: ssh IPC buffer at 0x003d0000 gpg-agent[5436]: ssh request handler for request_identities (11) started gpg-agent[5436]: ssh request handler for request_identities (11) ready gpg-agent[5436]: sending ssh response of length 5 gpg-agent[5436]: DBG: chan_0x0000014c -> OK Pleased to meet you gpg-agent[5436]: DBG: chan_0x0000014c <- GETINFO pid gpg-agent[5436]: DBG: chan_0x0000014c -> D 5436 gpg-agent[5436]: DBG: chan_0x0000014c -> OK gpg-agent[5436]: socket is still served by this server gpg-agent[5436]: DBG: chan_0x0000014c <- BYE gpg-agent[5436]: DBG: chan_0x0000014c -> OK closing connection Everything seems to be configured as it should be as far as I can tell, but I can't figure it out. If nobody has any ideas, I'll drop the thread here. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature URL: From dark.starr1812 at gmail.com Fri Apr 14 20:47:48 2017 From: dark.starr1812 at gmail.com (Christoph J) Date: Fri, 14 Apr 2017 11:47:48 -0700 Subject: Subkey Generation / SmartCard Message-ID: I am trying to batch provision yubikeys. Using the --batch, I can generate the initial key, but I am unable to add more than a single subkey. Is there a way to batch provision subkeys, specifying the usage (signing, encryption, auth) without having to go into --edit-key / interactive mode? On the same topic, is there a way to do 'keytocard', again without having to do --edit-key --> toggle --> keytocard interactively? Any insight on this would be most helpful. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From steven345 at use.startmail.com Sat Apr 15 04:52:17 2017 From: steven345 at use.startmail.com (steven345 at use.startmail.com) Date: Fri, 14 Apr 2017 22:52:17 -0400 Subject: Help with decrypting email from command line Message-ID: Hi all, I have sent and received encrypted emails before and decrypted them successfully. However I have received a few emails from someone that I cannot decrypt using my normal gpg2 commands. Normally I receive encrypted attachments, but these new encrypted data are inline to the email body. However I use an email hosting service that if you provide your keypair, they can encrypt/decrypt emails for you, and it works like a charm every time on these emails: they successfully decrypt these emails using the same keys and passphrase I use on the command line. I've tried many different options and I have no clue why I cannot decrypt these emails on the command line. I copy and paste the armored email contents into a file then simply decrypt it. But with these emails I get "Bad session key" every single time. Since my email hoster can decrypt all of these emails, clearly the encrypted data, keys, and passphrase are good. I use the same keypair to encrypt and decrypt other data no problem, so I'm guessing the sender used some other encryption program/protocol my gpg2 doesn't support but my email hoster does?? The email header Content-Type shows multipart/encrypted; boundary="=_MailMate_B366C6F9-8EA1-4E58-BE07-33C7D5454060_="; protocol="application/pgp-encrypted" cat -v shows no weird characters in anything I've copy-pasted from the body of the email. It's a standard email: -----BEGIN PGP MESSAGE----- etc............. -----END PGP MESSAGE----- Any help would be greatly appreciated. Some info: #~ $ gpg2 -d -v -v wed gpg: armor: BEGIN PGP MESSAGE # off=0 ctb=8c tag=3 hlen=2 plen=13 :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 76D51E30746E495F, count 65536 (96) gpg: CAST5 encrypted data # off=15 ctb=c9 tag=9 hlen=2 plen=0 partial new-ctb :encrypted data packet: length: unknown gpg: encrypted with 1 passphrase gpg: decryption failed: Bad session key #~ $ gpg2 --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 I then upgraded: #~ $ gpg2 --version gpg (GnuPG) 2.1.18 libgcrypt 1.7.6-beta Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/user/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 #~ $ gpg2 -d -v -v wed gpg: armor: BEGIN PGP MESSAGE # off=0 ctb=8c tag=3 hlen=2 plen=13 :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 76D51E30746E495F, count 65536 (96) gpg: CAST5 encrypted data gpg: no running gpg-agent - starting '/usr/bin/gpg-agent' gpg: waiting for the agent to come up ... (5s) gpg: connection to agent established gpg: pinentry launched (7500 unknown 0.9.7 ? ? ?) # off=15 ctb=c9 tag=9 hlen=2 plen=0 partial new-ctb :encrypted data packet: length: unknown gpg: encrypted with 1 passphrase gpg: pinentry launched (7515 unknown 0.9.7 ? ? ?) gpg: decryption failed: Bad session key From davidgueguen2000 at yahoo.fr Sat Apr 15 09:25:48 2017 From: davidgueguen2000 at yahoo.fr (David Gueguen) Date: Sat, 15 Apr 2017 09:25:48 +0200 Subject: Subkey Generation / SmartCard In-Reply-To: References: Message-ID: Hello Christoph, with new gpg version version (>2.15) you can more easily generates sub keys * Herafter are add subkeys to main keyring $key_id each with RSA1024 and 1 for Sign, 1 for Encrypt, 1 for Auth echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback --batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase '' $key_id rsa1024 sign 1y echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback --batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase '' $key_id rsa1024 encrypt 1y echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback --batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase '' $key_id rsa1024 auth 1y the " echo $var_pass_poem | " trick allow you to enter the pass poem as variable and then to not have any keyboard interaction * Here is the automated keytocard (with keyboard interaction) check that the exported keys are the good ones ... local cmd="key 2\nkeytocard\n1\ny\nkey 2\nkey 3\nkeytocard\n2\ny\nkey 3\nkey 4\nkeytocard\n3\ny\nsave\nY\n" echo -e $cmd | gpg2 --no-verbose --command-fd 0 --status-fd 2 --edit-key $key_id * btw: here is how I generate main keyring: echo " Key-Type: $var_key_type Key-Usage: sign cert Key-Length: $var_key_lenght Subkey-Type: $var_key_type Subkey-Usage: encrypt Subkey-Length: $var_key_lenght Name-Real: $var_name Name-Comment: $var_comment Name-Email: $var_mail Keyserver: $var_web_path Expire-Date: $var_expiracy Passphrase: $var_pass_poem Preferences: $var_pref " > gen_key_script # creating SC and E keys gpg2 --batch --full-gen-key gen_key_script I am also trying to make gpg card ready to go in a automated way https://github.com/bourinus/gpg_SmartCard_generation Hope this helps, Best rgds, david On 14/04/2017 20:47, Christoph J wrote: > I am trying to batch provision yubikeys. > > Using the --batch, I can generate the initial key, but I am unable to > add more than a single subkey. > > Is there a way to batch provision subkeys, specifying the usage > (signing, encryption, auth) without havi ng to go into --edit-key / > interactive mode? > > On the same topic, is there a way to do 'keytocard', again without > having to do --edit-key --> toggle --> keytocard interactively? > > Any insight on this would be most helpful. Thanks! > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From gpg at mdsresource.net Mon Apr 17 20:17:27 2017 From: gpg at mdsresource.net (helices) Date: Mon, 17 Apr 2017 13:17:27 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> Message-ID: What am I missing? Why am I getting this error? Please, advise. Thank you. On Wed, Apr 12, 2017 at 11:02 AM, helices wrote: > Yes, I saw that. On one host, that works. > > On other, I get following error: > gpg> passwd > Key is protected. > > You need a passphrase to unlock the secret key for > user: "Sempris " > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > gpg: cancelled by user > Can't edit this key: Operation cancelled > > > What am I missing? > > > On Wed, Apr 12, 2017 at 10:51 AM, Alaric L. Dailey > wrote: > >> http://blog.chapagain.com.np/gpg-how-to-change-edit-private- >> key-passphrase/ >> >> ------------------------------ >> *From: *"helices" >> *To: *gnupg-users at gnupg.org >> *Sent: *Wednesday, April 12, 2017 10:35:43 AM >> *Subject: *How can I change the passphrase on our secret keys? >> >> How can I change the passphrase on our secret keys? >> >> I've searched Google and gnupg.org to no avail. >> >> What am I missing? >> >> Versions: >> gpg (GnuPG) 2.0.14 >> gpg (GnuPG) 2.0.22 >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Mon Apr 17 20:37:50 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 17 Apr 2017 14:37:50 -0400 Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> Message-ID: <87bmruani9.fsf@fifthhorseman.net> On Wed 2017-04-12 11:02:04 -0500, helices wrote: > Yes, I saw that. On one host, that works. > > On other, I get following error: > gpg> passwd > Key is protected. > > You need a passphrase to unlock the secret key for > user: "Sempris " > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > gpg: cancelled by user > Can't edit this key: Operation cancelled We need more info about the host where this failed to help you :) * What operating system? (and what version of the OS?) * What version of gpg? * What version of pinentry are you expecting to use? * If you do the following command from the shell, do you see a pinentry show up anywhere? printf "option ttyname $(tty)\ngetpin\n" | pinentry Regards, --dkg From gpg at mdsresource.net Mon Apr 17 20:50:18 2017 From: gpg at mdsresource.net (helices) Date: Mon, 17 Apr 2017 13:50:18 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: <87bmruani9.fsf@fifthhorseman.net> References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> <87bmruani9.fsf@fifthhorseman.net> Message-ID: Version info from previous post: CentOS release 6.8 (Final) gpg (GnuPG) 2.0.14 CentOS Linux release 7.3.1611 (Core) gpg (GnuPG) 2.0.22 We are NOT using pinentry. On Mon, Apr 17, 2017 at 1:37 PM, Daniel Kahn Gillmor wrote: > On Wed 2017-04-12 11:02:04 -0500, helices wrote: > > Yes, I saw that. On one host, that works. > > > > On other, I get following error: > > gpg> passwd > > Key is protected. > > > > You need a passphrase to unlock the secret key for > > user: "Sempris " > > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > > > gpg: cancelled by user > > Can't edit this key: Operation cancelled > > We need more info about the host where this failed to help you :) > > * What operating system? (and what version of the OS?) > > * What version of gpg? > > * What version of pinentry are you expecting to use? > > * If you do the following command from the shell, do you see a pinentry > show up anywhere? > > printf "option ttyname $(tty)\ngetpin\n" | pinentry > > Regards, > > --dkg > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wsenn1 at twu.edu Mon Apr 17 20:56:49 2017 From: wsenn1 at twu.edu (William Senn) Date: Mon, 17 Apr 2017 13:56:49 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> <87bmruani9.fsf@fifthhorseman.net> Message-ID: <0346A0B5-4D6C-455A-8E83-FBC2E93D3737@twu.edu> Same vein, what version of gpg-agent? -- Sent from my iPhone Will Senn, PhD Assistant Professor of Community Informatics School of Library and Information Studies Texas Woman's University Stoddard Hall, Room 408 P.O. Box 425438 Denton, TX 76204-5438 Phone: 615-603-5354 Email: wsenn1 at twu.edu > On Apr 17, 2017, at 1:50 PM, helices wrote: > > Version info from previous post: > > CentOS release 6.8 (Final) > gpg (GnuPG) 2.0.14 > > CentOS Linux release 7.3.1611 (Core) > gpg (GnuPG) 2.0.22 > > > We are NOT using pinentry. > > >> On Mon, Apr 17, 2017 at 1:37 PM, Daniel Kahn Gillmor wrote: >> On Wed 2017-04-12 11:02:04 -0500, helices wrote: >> > Yes, I saw that. On one host, that works. >> > >> > On other, I get following error: >> > gpg> passwd >> > Key is protected. >> > >> > You need a passphrase to unlock the secret key for >> > user: "Sempris " >> > 4096-bit RSA key, ID 80167A71, created 2016-03-18 >> > >> > gpg: cancelled by user >> > Can't edit this key: Operation cancelled >> >> We need more info about the host where this failed to help you :) >> >> * What operating system? (and what version of the OS?) >> >> * What version of gpg? >> >> * What version of pinentry are you expecting to use? >> >> * If you do the following command from the shell, do you see a pinentry >> show up anywhere? >> >> printf "option ttyname $(tty)\ngetpin\n" | pinentry >> >> Regards, >> >> --dkg > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From gpg at mdsresource.net Mon Apr 17 21:00:48 2017 From: gpg at mdsresource.net (helices) Date: Mon, 17 Apr 2017 14:00:48 -0500 Subject: How can I change the passphrase on our secret keys? In-Reply-To: <0346A0B5-4D6C-455A-8E83-FBC2E93D3737@twu.edu> References: <955008236.1665.1492012315355.JavaMail.zimbra@pengdows.com> <87bmruani9.fsf@fifthhorseman.net> <0346A0B5-4D6C-455A-8E83-FBC2E93D3737@twu.edu> Message-ID: gpg-agent (GnuPG) 2.0.14 gpg-agent (GnuPG) 2.0.22 On Mon, Apr 17, 2017 at 1:56 PM, William Senn wrote: > Same vein, what version of gpg-agent? > > -- > Sent from my iPhone > > Will Senn, PhD > Assistant Professor of Community Informatics > School of Library and Information Studies > Texas Woman's University > Stoddard Hall, Room 408 > P.O. Box 425438 > Denton, TX 76204-5438 > > Phone: 615-603-5354 <615-604-5354> > Email: wsenn1 at twu.edu > > On Apr 17, 2017, at 1:50 PM, helices wrote: > > Version info from previous post: > > CentOS release 6.8 (Final) > gpg (GnuPG) 2.0.14 > > CentOS Linux release 7.3.1611 (Core) > gpg (GnuPG) 2.0.22 > > > We are NOT using pinentry. > > > On Mon, Apr 17, 2017 at 1:37 PM, Daniel Kahn Gillmor < > dkg at fifthhorseman.net> wrote: > >> On Wed 2017-04-12 11:02:04 -0500, helices wrote: >> > Yes, I saw that. On one host, that works. >> > >> > On other, I get following error: >> > gpg> passwd >> > Key is protected. >> > >> > You need a passphrase to unlock the secret key for >> > user: "Sempris " >> > 4096-bit RSA key, ID 80167A71, created 2016-03-18 >> > >> > gpg: cancelled by user >> > Can't edit this key: Operation cancelled >> >> We need more info about the host where this failed to help you :) >> >> * What operating system? (and what version of the OS?) >> >> * What version of gpg? >> >> * What version of pinentry are you expecting to use? >> >> * If you do the following command from the shell, do you see a pinentry >> show up anywhere? >> >> printf "option ttyname $(tty)\ngetpin\n" | pinentry >> >> Regards, >> >> --dkg >> > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dani at 00dani.me Tue Apr 18 11:42:19 2017 From: dani at 00dani.me (Danielle McLean) Date: Tue, 18 Apr 2017 19:42:19 +1000 Subject: Prefer a currently available signing subkey? Message-ID: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> Hi, I've set up two smartcards - a YubiKey NEO and a YubiKey 4, specifically - with different subkeys of the same master key: sec# rsa4096/ACA7BABE 2017-04-03 [C] # in cold storage ssb> rsa4096/FF12EEC5 2017-04-04 [S] # on 4 ssb> rsa4096/136A2F3E 2017-04-04 [A] # on 4 ssb> rsa2048/3C6058F1 2017-04-05 [S] # on NEO ssb> rsa2048/336B08C1 2017-04-05 [E] # on 4 and NEO ssb> rsa2048/4F33D648 2017-04-05 [A] # on NEO However with the YubiKey 4 connected, GnuPG still attempts to sign data using 3C6058F1, which isn't currently available, rather than FF12EEC5, which is. I'm aware I can manually select the subkey with -u FF12EEC5!, but I can't easily sneak that switch in when I commit with Git, and I still want to be able to sign with 3C6058F1 when the NEO is actually connected. So: Is there a way to reconfigure GnuPG so that it uses the currently available subkey for signing, rather than always preferring the newest one even when it's *not* available? Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From mschoch at gmail.com Tue Apr 18 16:47:53 2017 From: mschoch at gmail.com (Martin S.) Date: Tue, 18 Apr 2017 16:47:53 +0200 Subject: Registry entries Message-ID: <1284525378.20170418164753@gmail.com> Hello list When I install the Windows the recent version of GnuPG gnupg-w32-2.1.20.exe which registry entries are made and where exactly with which value? Thanks. -- Best regards, Martin mailto:mschoch at gmail.com From arthur at ulfeldt.com Tue Apr 18 17:41:08 2017 From: arthur at ulfeldt.com (Arthur Ulfeldt) Date: Tue, 18 Apr 2017 15:41:08 +0000 Subject: Prefer a currently available signing subkey? In-Reply-To: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> Message-ID: I had exactly the same problem, and there is an open bug about this (wanna fix it?) I forgot the number. I tried to solve it first by creating three copies of the master key. One that knew about both signing keys, and one independent copy that knew about each of the signing keys. So I could switch signing keys by switching which copy of the master key I had in the current .gnupg directory. This was very much too cumbersome. Then I expired one of the keys and put the same signing key on both cards. Juggling them got old fast. On Tue, Apr 18, 2017, 2:47 AM Danielle McLean via Gnupg-users < gnupg-users at gnupg.org> wrote: > Hi, I've set up two smartcards - a YubiKey NEO and a YubiKey 4, > specifically - with different subkeys of the same master key: > > sec# rsa4096/ACA7BABE 2017-04-03 [C] # in cold storage > ssb> rsa4096/FF12EEC5 2017-04-04 [S] # on 4 > ssb> rsa4096/136A2F3E 2017-04-04 [A] # on 4 > ssb> rsa2048/3C6058F1 2017-04-05 [S] # on NEO > ssb> rsa2048/336B08C1 2017-04-05 [E] # on 4 and NEO > ssb> rsa2048/4F33D648 2017-04-05 [A] # on NEO > > However with the YubiKey 4 connected, GnuPG still attempts to sign data > using 3C6058F1, which isn't currently available, rather than FF12EEC5, > which is. I'm aware I can manually select the subkey with -u FF12EEC5!, > but I can't easily sneak that switch in when I commit with Git, and I > still want to be able to sign with 3C6058F1 when the NEO is actually > connected. > > So: Is there a way to reconfigure GnuPG so that it uses the currently > available subkey for signing, rather than always preferring the newest > one even when it's *not* available? > > Thanks! > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Apr 18 20:46:26 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 18 Apr 2017 14:46:26 -0400 Subject: Registry entries In-Reply-To: <1284525378.20170418164753@gmail.com> References: <1284525378.20170418164753@gmail.com> Message-ID: <07aac4d9-fa30-aad4-24cf-e20fb8b1af10@sixdemonbag.org> HKLM\SOFTWARE\GnuPG (Default), (value not set) Install directory, [whatever dir you installed it to] Both are REG_SZs. If you're installing it on x64, you can expect to see this in HKLM\SOFTWARE\WOW6432Node\GnuPG, just as any other 32-bit code would. From Fredrik.Oberg at regionostergotland.se Wed Apr 19 11:10:37 2017 From: Fredrik.Oberg at regionostergotland.se (=?utf-8?B?w5ZiZXJnIEZyZWRyaWs=?=) Date: Wed, 19 Apr 2017 09:10:37 +0000 Subject: Error decrypting after upgrading gpg (Windows) Message-ID: Hi, After upgrading from 1.2.2. to 2.0.30 we have problems decrypting files from our partner C:\Temp\GnuPGtemp>gpg --version gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3) libgcrypt 1.6.6 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Users/UsrFoo/AppData/Roaming/gnupg Supported algorithms: Pubkey: RSA, RSA, RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Decrypting with C:\Temp\GnuPGtemp>gpg -vv -o 401611390.170302.txt -d 401611390.170302 results in this: ---- :pubkey enc packet: version 3, algo 16, keyid [keyid] data: [2048 bits] data: [2048 bits] gpg: public key is [subkey] gpg: using subkey [subkey] instead of primary key [primarykey] You need a passphrase to unlock the secret key for user: "[my organization]" gpg: using subkey [subkey] instead of primary key [primarykey] 2048-bit ELG key, ID [subkey], created 2009-09-16 (main key ID [primarykey]) gpg: public key encrypted data: good DEK :encrypted data packet: length: unknown gpg: encrypted with 2048-bit ELG key, ID [subkey], created 2009-09-16 "[my organization]" gpg: 3DES encrypted data :literal data packet: mode ? (A0), created 2927189294, name="\xb7\x0adR\xde\xd6\xed\x09A&\x11\x0do_\x14\xf2\x0b\xab%\xfa\x96\xdd\xf7\xcd1\x82\xc d\xed\x0c\x89F,_z\xcd_\xd9\xb0\xbaaZ\x9e\x9f`\xaf\xc8\xcb\x9b", raw data: 2369445039 bytes gpg: original file name='? o_????%?????1?????F,_z?_???aZ??`????' gpg: problem reading source (2369443780 bytes remaining) gpg: handle plaintext failed: No such file or directory gpg: decryption okay gpg: WARNING: message was not integrity protected --- The decrypted file contains just jibberish. If I decrypt the same file with the ancient gpg 1.2.2 everything works fine. Our partner tells us they encrypt the file with gpg version 1.2.1 using the command gpg -e -c 3DES -r [our key] Nothing has changed there since 2011. Any ideas why it is fine to decrypt using 1.2.2 but not using 2.0.13? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Wed Apr 19 17:46:58 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 19 Apr 2017 11:46:58 -0400 Subject: Prefer a currently available signing subkey? In-Reply-To: References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> Message-ID: <87tw5k7631.fsf@fifthhorseman.net> On Tue 2017-04-18 15:41:08 +0000, Arthur Ulfeldt wrote: > I had exactly the same problem, and there is an open bug about this (wanna > fix it?) I forgot the number. The open report is https://dev.gnupg.org/T1983 I've just moved this to priority "high" since it seems to continue to affect people. --dkg From dkg at fifthhorseman.net Wed Apr 19 18:20:23 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 19 Apr 2017 12:20:23 -0400 Subject: Cannot encrypt to reenabled key after migration In-Reply-To: <5910007042.20170412152138@riseup.net> References: <5910007042.20170412152138@riseup.net> Message-ID: <87inm074jc.fsf@fifthhorseman.net> Hi MFPA-- On Wed 2017-04-12 15:21:38 +0100, MFPA wrote: > I have encountered a problem with 2.1.20 writing to my public keyring. > I was using the pre-compiled binaries on Windows 10. > > When editing/refreshing keys, or running gpg --check-trustdb, at the > end of the operation the command window gradually fills up with > repeated lines of:- > > gpg: waiting for file 'C:/[path]/gnupg/pubring.kbx' to become > accessible ... > > These lines keep coming until I close the command window, or CTRL C > then RETURN, or terminate "GnuPG's OpenPGP tool (32 bit)" in Task > Manager. > > Oddly, creating new keys does not seem to trigger this. (Or else the > problem is intermittent.) > > The problem went away when I switched back to GnuPG 2.1.19. I've just opened a bug report about this at https://dev.gnupg.org/T3097 --dkg From andy at andystubbs.com Wed Apr 19 21:00:29 2017 From: andy at andystubbs.com (Andrew Stubbs) Date: Wed, 19 Apr 2017 20:00:29 +0100 Subject: Prefer a currently available signing subkey? In-Reply-To: <87tw5k7631.fsf@fifthhorseman.net> References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> <87tw5k7631.fsf@fifthhorseman.net> Message-ID: Yes, this affects me too - sorry for the "me too" email! It has actually prevented me from registering my key on keybase.io (if that's a "thing") --- I suppose I could go through the rigmarole of building the Faraday cage, getting the offline key out and revoking the offending signing keys, as if it wasn't fiddly and generally inconvenient enough already... but I really would like to have different signing and authentication keys on each smart card I use, even if the encryption key is the same. And of course the latest key I created is actually my "weakest" key (for an experiment with a Yubikey NEO). Sigh. I wish it would make a decision more along the lines of "of the keys I have available, I'll pick the newest or 'strongest'", rather than "I don't care what keys I have available, I just want the newest". Sadly I don't think I have even the skills to find where this decision is made in the code, let alone change it. I really hope it gets some attention soon though! Thankyou for bumping the priority. Apart from that bugbear, love the software. Andy On 19 April 2017 at 16:46, Daniel Kahn Gillmor wrote: > On Tue 2017-04-18 15:41:08 +0000, Arthur Ulfeldt wrote: > > I had exactly the same problem, and there is an open bug about this > (wanna > > fix it?) I forgot the number. > > The open report is https://dev.gnupg.org/T1983 > > I've just moved this to priority "high" since it seems to continue to > affect people. > > --dkg > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fredrik at jonson.org Wed Apr 19 15:49:20 2017 From: fredrik at jonson.org (Fredrik Jonson) Date: Wed, 19 Apr 2017 15:49:20 +0200 Subject: Bad passphrase with gpg 2.1 - works fine with gpg 1.4 Message-ID: <20170419134920.GA24065@jonson.org> Hi all, After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as gpg1 does accept that very same passphrase. What am I doing wrong? Before upgrading, on Ubuntu 16.04, I'm fairly certain that I used gpg 1.4.x, and that is what i used to generate my gpg key. The only difference i can see is that gpg1 prompts for my passphrase as input directly in the terminal, while gpg2 prompts using a GUI dialog instead. Is that Gnome keyring, or gpg-agent, or something else? Could it be locale related, I'm using a swedish locale/keyboard layout. In an attempt to narrow the scope of possible causes, I've tried to instruct gpg2 to not use-agent, but failed. Gpg2 still prompts me using a GUI dialog, rather than interactively in the terminal. Can I, from the command line, tell gpg2 not to use agent and always prompt me for the passphrase in the terminal rather than via Gnome or gpg-agent? As far as I understand there is no upgrade action required when migrating from gpg1 to gpg2, correct? Is gpg2 in general compatible with gpg1? Can I use gpg2 while some of my recipients keep using gpg1? Or is that a bad idea for some reason? My ~/.gnupg/gpg.conf contains: personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed use-agent keyid-format long with-fingerprint -- Fredrik Jonson From dani at 00dani.me Thu Apr 20 02:47:10 2017 From: dani at 00dani.me (Danielle McLean) Date: Thu, 20 Apr 2017 10:47:10 +1000 Subject: Prefer a currently available signing subkey? In-Reply-To: References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> <87tw5k7631.fsf@fifthhorseman.net> Message-ID: On 4/20/17 5:00 AM, Andrew Stubbs via Gnupg-users wrote: > even if the encryption key is the same. Oh, this brings up a related issue, actually! GnuPG doesn't cope very well if you put the same subkey on *multiple* smartcards - it remembers the first smartcard it saw that contained the subkey and always asks for that smartcard to be reinserted, even if you've later done gpg --card-status with another smartcard that contains the same key. You can get it to forget the first card by deleting the subkey's ~/.gnupg/private-keys-v1.d/$KEYGRIP.key file, but that's terribly fiddly and potentially dangerous. (Before figuring out that those files are named by keygrip, I was just deleting ~/.gnupg/private-keys-v1.d entirely, which would've be extremely bad once I'd gotten actual private keys into my keyring!) I would assume this issue occurs with all kinds of subkeys, although it only particularly hurts for encryption subkeys - since unlike the other key usages, it only really makes sense to have one "live" encryption subkey and so it's the most likely subkey to be shared across several cards. To remedy this, GnuPG should either track multiple smartcards for each key - and do something like "please insert any of the following smartcards: " - or simply overwrite the card-no when you insert a second smartcard containing the same key. The latter probably involves fewer changes. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From juanmi.3000 at gmail.com Thu Apr 20 02:36:16 2017 From: juanmi.3000 at gmail.com (=?UTF-8?Q?Juan_Miguel_Navarro_Mart=c3=adnez?=) Date: Thu, 20 Apr 2017 02:36:16 +0200 Subject: Prefer a currently available signing subkey? In-Reply-To: <87tw5k7631.fsf@fifthhorseman.net> References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> <87tw5k7631.fsf@fifthhorseman.net> Message-ID: <09c44797-7ff1-b959-bf18-bf2a46b02214@gmail.com> On 2017-04-19 at 17:46, Daniel Kahn Gillmor wrote: > The open report is https://dev.gnupg.org/T1983 Is it possible that is a duplicate of this report too? https://dev.gnupg.org/T1967 Both are about a capable subkey not being used on GnuPG Modern branch because it prefers a subkey with its missing secret part. Plus there was a patch which seemed to work for 2.1.18. It would be nice for that bug or regression from 1.4/2.0 due to the change of secret keyring to finally be fixed or, if it was not a bug, a feature to be added, as the only workarounds are: - Using `-u $SubkeyFingerprint!` which works if you only use GnuPG CLI. Git, Enigmail or other tools are a no-go. - Using `default-key $SubkeyFingerprint!` which is a pain if you have two master keys. - Delete the subkey public parts for the missing subkeys which is boring to do after each `gpg --refresh`. - Forget about having multiple subkeys with the same capabilities cause that's a no-go if you don't like the previous workarounds. -- Juan Miguel Navarro Mart?nez GPG Keyfingerprint: 5A91 90D4 CF27 9D52 D62A BC58 88E2 947F 9BC6 B3CF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From mschoch at gmail.com Thu Apr 20 10:02:22 2017 From: mschoch at gmail.com (Martin S.) Date: Thu, 20 Apr 2017 10:02:22 +0200 Subject: Cannot encrypt to reenabled key after migration In-Reply-To: References: Message-ID: <196697981.20170420100222@gmail.com> An HTML attachment was scrubbed... URL: From ptauk at us.ibm.com Thu Apr 20 21:17:06 2017 From: ptauk at us.ibm.com (Paul Taukatch) Date: Thu, 20 Apr 2017 15:17:06 -0400 Subject: GPG Signature Verification Message-ID: Hello and thank you for taking the time to help out! I am developing my own implementation of the PGP specification and have a question regarding the signature generation/verification for Transferable Public Keys that maybe one of you could help shed some light on. Currently I create a single primary RSA key and userID and bind the two with a certification self-signature (0x13). When importing this certificate into GPG I get a a signature verification failure which prevents the certificate from importing. I've read through the rfc4880, 5.2.4 - Computing Signatures section quite thoroughly and believe I am generating the signature properly - Signing the Hash context of the primary key + user ID + signature data (V4). One thing I notice in the debug info is that the first several few bytes of the rsa_verify data and rsa_verify cmp do not match. DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ DBG: ffffffffffffffffffffff0030 31300d06096086480165030402010500042007 \ DBG: 3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7 DBG: rsa_verify cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ DBG: ffffffffffffffffffffffffff0030 2f300b0609608648016503040201042007 \ DBG: 3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7 Does anyone know exactly what this verify data is comprised of? I notice that the hash of the (Primary Key + UserID + Signature Data hash context) = 073D952C71B2D7C2C945C60F828F087E1D517774F84FE30825F18709659466E7 which seems to match for both the verify data and cmp. I've attached my public key and debug log but please let me know if there is any other information that might be helpful. (See attached file: exportZPGPTest.bin)(See attached file: debug.txt) Thanks Again! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: exportZPGPTest.bin Type: application/octet-stream Size: 489 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: debug.txt URL: From kristian.fiskerstrand at sumptuouscapital.com Fri Apr 21 09:16:19 2017 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Fri, 21 Apr 2017 09:16:19 +0200 Subject: GPG Signature Verification In-Reply-To: References: Message-ID: On 04/20/2017 09:17 PM, Paul Taukatch wrote: > I've attached my public key and debug log but please let me know if there > is any other information that might be helpful. The first reference that springs to mind is [RFC4880] Section 5.2.4. Computing Signatures References: [RFC4880] https://tools.ietf.org/rfc/rfc4880.txt -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "By three methods we may learn wisdom: First, by reflection, which is noblest; Second, by imitation, which is easiest; and third by experience, which is the bitterest." (Confucius) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From kristian.fiskerstrand at sumptuouscapital.com Fri Apr 21 12:27:29 2017 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Fri, 21 Apr 2017 12:27:29 +0200 Subject: GPG Signature Verification In-Reply-To: References: Message-ID: <346c31c2-723c-2706-325e-e4f44158b56f@sumptuouscapital.com> On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote: > On 04/20/2017 09:17 PM, Paul Taukatch wrote: >> I've attached my public key and debug log but please let me know if there >> is any other information that might be helpful. > > The first reference that springs to mind is [RFC4880] Section 5.2.4. > Computing Signatures Of course you already mentioned this in your initial email :) Looks correct to me. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "If your kids are giving you a headache, follow the directions on the aspirin bottle, especially the part that says "keep away from children." (Neil McElroy) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From john at johnbyrnes.info Fri Apr 21 04:08:54 2017 From: john at johnbyrnes.info (John Byrnes) Date: Thu, 20 Apr 2017 21:08:54 -0500 Subject: Smart card In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> Message-ID: <20170421020854.jb5qc3tj6yj7xkyh@xps13.local> > Once you assume that your opponent is specifically targeting you with > malware capable of sophisticated memory forensics, you're screwed. > Pinning your hopes on a smartcard is the worst kind of crypto-fetishism. > You can't proudly hold it up and say "ah ha, but *now* I am safe from > Tier-1 actors!" It doesn't work that way. For the most part, my opponent is forgetful me who formats his drive before backing up his .emacs and .gnupg directories. Having the keys on a smart card is way less annoying than trying to recover that yet again. :-) From listofactor at mail.ru Sat Apr 22 09:34:53 2017 From: listofactor at mail.ru (listo factor) Date: Sat, 22 Apr 2017 07:34:53 +0000 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> Message-ID: <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> On 04/10/2017 03:25 AM, Robert J. Hansen - rjh at sixdemonbag.org wrote: > > Preserve the security of your endpoint system. Nothing else will do. > The year is 2017 and this is simply no longer a practical strategy: "...Our position is that the general purpose operating system is fundamentally inadequate for trusted operations. One can have a general purpose system or a trusted system, but one can't get both in a single package. So one needs two..." Quoted from an almost 10 year old paper "Choose the Red Pill and the Blue Pill" by Ben Laurie and Abe Singer. Full paper pdf can be found on the 'net. It's more than worth reading the whole text. Smart card is not the device authors discuss in that paper, but it is a small, evolutionary step toward it. It is the best that many users who agree with the quoted sentence have at their disposal at the moment. It might not prevent all imaginable attacks, but it could prevent enough of those to make it worth deploying. Use of smart card is an operational complication, and it does present a "barrier to entry". Consequently, the promotion of it's use is frowned upon primarily by those that are more interested in spreading the use of gpg for philosophical and political reasons among those that don't have any real adversaries, rather than in the protection - however imperfect - of those that have real need for communication security. From peter at digitalbrains.com Sat Apr 22 13:12:53 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 22 Apr 2017 13:12:53 +0200 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> Message-ID: On 22/04/17 09:34, listo factor via Gnupg-users wrote: > Consequently, the promotion of it's > use is frowned upon primarily by those that are more interested > in spreading the use of gpg for philosophical and political > reasons among those that don't have any real adversaries, I completely disagree with this assessment. It is a completely wrong portrayal of the motives of people who warn about putting all your money on a smartcard. > rather > than in the protection - however imperfect - of those that have > real need for communication security. So what real protection does it offer? If somebody has full access to your general purpose PC, they can read your encrypted communication and fake your signatures. Maybe faking signatures is something that would leave a trail and will be noticed eventually, but what good does that do you when your oppresive regime has just rounded up all your collaborators and has them before a firing squad?! The only thing they cannot do is make a copy of your key to use it elsewhere; they are bound to your hacked PC for usage. I think there are plenty threat models where the fact that they can read your encrypted messages is far worse. And they can do that willy-nilly, by cleverly using your smartcard for their own use while caching and providing the session keys you are trying to decrypt. You don't even have to decrypt the document they're interested in yourself, and no external push button will save you. Just decrypt a document twice, and the second time, the attacker can use your smartcard for their own good while providing the session key they logged the first time for your decryption. It feels like you are saying "if you have a real need for communication security, a smartcard will make you more secure"; saying that much at the least. And it is completely and utterly dependant on the threat model. You accuse others of not caring about people with real threats, yet your careless vague statements might encourage those people to place inappropriate trust in their smartcard setup. I think you are the one who is doing them a disservice, not people like Robert J Hansen who warn that smartcards can't magically make you safe when your computer is compromised. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sat Apr 22 19:01:12 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 22 Apr 2017 13:01:12 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> Message-ID: <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> > Smart card is not the device authors discuss in that paper, but it is > a small, evolutionary step toward it. Not really. What's the trusted device in the system? It's still the desktop PC. A compromise there leads to so many different and catastrophic attacks that it needs to be called a game-over. > It is the best that many users who agree with the quoted sentence > have at their disposal at the moment. It might not prevent all > imaginable attacks, but it could prevent enough of those to make it > worth deploying. No. The game-over condition without a smartcard is, "my computer gets compromised by an attacker." The game-over condition with a smartcard is, "my computer gets compromised by an attacker." There are *some* use cases where smart cards lead to better risk mitigation. But as a general rule, no, smart cards are not ready for prime time. From rjh at sixdemonbag.org Sat Apr 22 19:06:02 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 22 Apr 2017 13:06:02 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> Message-ID: <32631514-0e24-ced9-3c59-9058e1729777@sixdemonbag.org> [lots of good stuff I completely agree with snipped] > not people like Robert J Hansen I only use my full name and middle initial to prevent confusion with Robert "rsnake" Hansen. He and I both spoke at Black Hat a few years ago, we're both in the computer security field, and so on. "Robert J. Hansen" is pretty unambiguously me; "Robert Hansen" is usually him. But in person or outside of professional contexts, it's just Rob. :) From wsenn1 at twu.edu Sun Apr 23 11:16:36 2017 From: wsenn1 at twu.edu (Will Senn) Date: Sun, 23 Apr 2017 04:16:36 -0500 Subject: gpg card options Message-ID: <8069642b-84fa-628b-3fce-5db9b1dfe4e0@twu.edu> Is it advisable to set options on a smart card such as Name of cardholder, Sex, URL of public key, and Language prefs? It just seems like information like that is extraneous. Thoughts? Thanks, Will From listofactor at mail.ru Sun Apr 23 10:32:14 2017 From: listofactor at mail.ru (listo factor) Date: Sun, 23 Apr 2017 08:32:14 +0000 Subject: yes, Virginia... In-Reply-To: References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> Message-ID: <80434f33-3c1b-626e-5dac-99f236814724@mail.ru> On 04/22/2017 11:12 AM, Peter Lebbing wrote: > It feels like you are saying "if you have a real need for > communication security, a smartcard will make you more secure"; No, this is not what I'm saying... When asked, I simply repeat that I completely agree with the above quoted "Laurie/Singer proposition". For those that agree, the practical (but not effortless) options are: a) Simulate their "Nebuchadnezzar device" on an air-gapped general purpose computer with a general-purpose OS, equipped with crypto software, that never connects to the Internet. b) Set up their primary general purpose computer as a dual boot machine, with the trusted OS that does not include access to the network hardware, that can read the data extents of the connected OS, and that is regularly refreshed from a verified static system image. c) Smart card can be, in some marginal instances, only "better than nothing". Tea-spoon better. I also tell them that using encrypted mail on an Internet connected general purpose OS computer is good for practice and "fun factor", but not much else. Finally, I completely agree that it would be irresponsible to say to those with real need for communication security, that simply using a Smartcard will increase their general security level. However, vague statements to the effect that "yes, Virginia, you can preserve the security of your endpoint system" are not any better. From rjh at sixdemonbag.org Sun Apr 23 13:25:56 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 23 Apr 2017 07:25:56 -0400 Subject: yes, Virginia... In-Reply-To: <80434f33-3c1b-626e-5dac-99f236814724@mail.ru> References: <217d214a-83aa-a8a5-b331-a36927b8fd2f@twu.edu> <20170408081636.vlykxzcgr2jyuv3e@grep.be> <5df25680-60a8-4a6e-f667-3d52143f8b05@sixdemonbag.org> <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <80434f33-3c1b-626e-5dac-99f236814724@mail.ru> Message-ID: > I also tell them that using encrypted mail on an Internet connected > general purpose OS computer is good for practice and "fun factor", > but not much else. This is the kind of "advice" we can do without. Whether encrypted email is of use to someone depends entirely on their threat model. Years ago, my best friend was engaged to be married. He and his fianc?e (now wife) were discussing wedding and honeymoon plans via email, up until she walked into the IT department at work and found the sysadmin reading her email aloud to someone else for purposes of gossip and entertainment. Emily was horrified; Doug was red with rage. Do you mean to tell me OpenPGP on internet-connected computers wouldn't have been useful to them? Some people have major nation-state agencies, multinational corporations, or organized crime syndicates as enemies. These people have extreme needs and need to take extreme measures. But most people have much different needs. There are very few one-size-fits-all answers in communications security. There are slightly more, but still few, one-size-fits-most. What you are doing is peddling a one-size-fits-some as a universal recommendation. What I'm worried about is that people whose security could be vastly improved by simple and painless measures will listen to this gospel you're preaching, decide clearly there's too much work involved, and give up altogether! From w at uter.be Sun Apr 23 17:00:13 2017 From: w at uter.be (Wouter Verhelst) Date: Sun, 23 Apr 2017 17:00:13 +0200 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> References: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> Message-ID: <20170423150013.xcvvjgmkwkvjr6us@grep.be> On Sat, Apr 22, 2017 at 01:01:12PM -0400, Robert J. Hansen wrote: > The game-over condition without a smartcard is, "my computer gets > compromised by an attacker." No, that is *one of* the game-over conditions; it is not *the* game-over condition. Without a smartcard, there are other game-over conditions; e.g., if you've created a backup of your home directory, that backup contains a copy of your private key, and the attacker somehow manages to get hold of your passphrase, then that is *also* a game-over condition. The same is not true for smartcard keys. This is also just one example; there are others. Also, the *level* of compromise need not be the same. With non-smartcard keys, an attacker does not need to continuously compromise the victim's computer; just getting access to the private key and the corresponding passphrase *once* is enough. This can not be said for non-smartcard keys. Yes, it is correct to state that smartcard keys are not a panacea; there are still various possible options which an attacker has, even with smartcard keys, to be able to break the system and read all encrypted data. However, it is incorrect to state that therefore the security of a smartcard is the same as that of a key on a hard disk drive. There are a few possible attacks that the use of a smartcard mitigates, and therefore a smartcard key *is* more secure than a non-smartcard key, and it *does* improve security. It just doesn't mitigate *every* possible attack. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From dani at 00dani.me Sun Apr 23 17:26:54 2017 From: dani at 00dani.me (Danielle McLean) Date: Mon, 24 Apr 2017 01:26:54 +1000 Subject: gpg card options In-Reply-To: <8069642b-84fa-628b-3fce-5db9b1dfe4e0@twu.edu> References: <8069642b-84fa-628b-3fce-5db9b1dfe4e0@twu.edu> Message-ID: On 4/23/17 7:16 PM, Will Senn wrote: > Is it advisable to set options on a smart card such as Name of > cardholder, Sex, URL of public key, and Language prefs? It just seems > like information like that is extraneous. Thoughts? Setting the URL of your public key is certainly useful. To use the private keys on your smartcard, the associated public key must be in your keyring. If you've set a URL for your public key, then on any computer you can simply use the 'fetch' command in --card-edit to retrieve the public part and make your keys usable. The other info is mostly unnecessary. It's not used by GnuPG, and the most relevant part (the cardholder's name) can be discovered just as easily by fetching the public key anyway! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Apr 24 02:42:45 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 23 Apr 2017 20:42:45 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <20170423150013.xcvvjgmkwkvjr6us@grep.be> References: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> Message-ID: <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> > No, that is *one of* the game-over conditions; it is not *the* game-over > condition. [a lot of stuff I agree with snipped] Please re-read the thread. You'll see you're agreeing with Peter Lebbing and me. We've consistently maintained smart cards are useful in a number of use cases and threat models -- but they do not rise to the level listo is ascribing to them. > There are a > few possible attacks that the use of a smartcard mitigates, and > therefore a smartcard key *is* more secure than a non-smartcard key No. It's more secure *only if those attacks are within your threat profile*. Wearing a parachute gives me additional security against, say, aircraft disasters. But if I don't fly anywhere, it's just an inconvenience which offers me no additional security. From listofactor at mail.ru Mon Apr 24 09:50:15 2017 From: listofactor at mail.ru (listo factor) Date: Mon, 24 Apr 2017 07:50:15 +0000 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> References: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> Message-ID: On 04/24/2017 12:42 AM, Robert J. Hansen wrote: > -- but [smartcards] do not rise to the level listo is > ascribing to them... The central argument I've been making in this thread is not the promotion of smartcards, it is something best summarized by the quote from the Laurie-Singer paper: "...the general purpose operating system is fundamentally inadequate for trusted operations." The problem has grown immensely since that paper was written, so that today *it affects the average gpg user*. The use of smartcards is to me only a welcome sign that a growing segment of gpg users appears to agree with that proposition. They should be helped and advised how to better tackle the problem, instead of being told that the problem exists only for those that face some arcane class of adversaries with mythical powers. From rjh at sixdemonbag.org Mon Apr 24 13:23:23 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Apr 2017 07:23:23 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: References: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> Message-ID: <6a195dda-b7e7-5def-1b9b-11e2a49d42ed@sixdemonbag.org> > The use of smartcards is to me only a welcome sign that a > growing segment of gpg users appears to agree with that > proposition. The overwhelming majority of GnuPG users do not know enough about information security to have an opinion worth listening to. More than that, they shouldn't need to. GnuPG is meant to be a tool for regular users. It fails at this pretty badly for a variety of reasons, not all of which are within its control, but that's always been the goal. If we expect GnuPG users to be experts in information security, then we've utterly and completely failed. A consequence of this is there will always be fads and fashions running through the community, things that many users embrace because "it's more secure" when the reality is it's nothing of the sort. Look at how many people think 3DES is obsolete, for instance, or that anything less than AES256 is risky. One fad in particular -- using symmetric algorithms of comparable strength to your asymmetric key -- has been going on for more than 25 years. Phil Z made this recommendation back in the days when he thought Bass-o-Matic was secure, and it was bogus even then, too. No, this won't give you a "balanced system". (Phil Z was apparently badly misunderstanding a "balanced network" -- a property of Feistel ciphers.) Smartcards are that same thing today. They can be, *in some situations*, a good tool. They are not a *generally recommended* tool. > They should be helped and advised how to better > tackle the problem This is exactly what we've been doing. Except "the problem" was not, in Mr. Senn's case, so much "how do I use a smartcard with GnuPG?" as it was showing him the real question was, "will using a smartcard with GnuPG help me?" And that's a hard question, and an interesting one, and it deserves to be seriously addressed. Ultimately he decided he'd like to learn more about them just because, and that's a perfectly valid use case! From rjh at sixdemonbag.org Mon Apr 24 13:33:58 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Apr 2017 07:33:58 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <6a195dda-b7e7-5def-1b9b-11e2a49d42ed@sixdemonbag.org> References: <06577700-9111-ef10-da65-aacaf5ab6882@sixdemonbag.org> <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> <6a195dda-b7e7-5def-1b9b-11e2a49d42ed@sixdemonbag.org> Message-ID: <0196f3dc-b5f4-ca22-9344-9357aa9080d3@sixdemonbag.org> > Look at how many people think 3DES is obsolete, for instance, or that > anything less than AES256 is risky. My bad: I used "obsolete" when I should've said "insecure". I fully agree 3DES is obsolete; it's the "3DES is insecure" which is, IMO, unsupported and faddish. (The best attack on 3DES requires more RAM than exists in the entire world, by several orders of magnitude.) From ineiev at gnu.org Mon Apr 24 13:04:49 2017 From: ineiev at gnu.org (Ineiev) Date: Mon, 24 Apr 2017 07:04:49 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: References: <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> Message-ID: <20170424110448.GL3854@gnu.org> On Mon, Apr 24, 2017 at 07:50:15AM +0000, listo factor via Gnupg-users wrote: > "...the general purpose > operating system is fundamentally inadequate for trusted > operations." ... > The use of smartcards is to me only a welcome sign that a > growing segment of gpg users appears to agree with that > proposition. They may have different reasons to use smartcards. for isntance, I considered using them because it seemed more convenient to enter a 6 digits long PIN than a 40+ characters long passphrase --- rather than because I thought it would be inherently more secure. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Digital signature URL: From ptauk at us.ibm.com Mon Apr 24 17:22:45 2017 From: ptauk at us.ibm.com (Paul Taukatch) Date: Mon, 24 Apr 2017 11:22:45 -0400 Subject: GPG Signature Verification In-Reply-To: <346c31c2-723c-2706-325e-e4f44158b56f@sumptuouscapital.com> References: <346c31c2-723c-2706-325e-e4f44158b56f@sumptuouscapital.com> Message-ID: Appreciate the feedback but I have indeed reread the RFC specification quite thoroughly and still can't seem to figure out the issue. Don't mean to spam the mailing list but is there any chance someone might have a bit more insight into this. Quite stumped! Thanks, Paul Taukatch Advanced Technologies Team / zOS Cloud Crypto From: Kristian Fiskerstrand To: Paul Taukatch/Poughkeepsie/IBM at IBMUS, gnupg-users at gnupg.org Date: 04/21/2017 06:29 AM Subject: Re: GPG Signature Verification On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote: > On 04/20/2017 09:17 PM, Paul Taukatch wrote: >> I've attached my public key and debug log but please let me know if there >> is any other information that might be helpful. > > The first reference that springs to mind is [RFC4880] Section 5.2.4. > Computing Signatures Of course you already mentioned this in your initial email :) Looks correct to me. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "If your kids are giving you a headache, follow the directions on the aspirin bottle, especially the part that says "keep away from children." (Neil McElroy) [attachment "signature.asc" deleted by Paul Taukatch/Poughkeepsie/IBM] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From w at uter.be Mon Apr 24 18:33:42 2017 From: w at uter.be (Wouter Verhelst) Date: Mon, 24 Apr 2017 18:33:42 +0200 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> References: <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> Message-ID: <20170424163342.4jcukspdxch4w7ud@grep.be> On Sun, Apr 23, 2017 at 08:42:45PM -0400, Robert J. Hansen wrote: > > There are a > > few possible attacks that the use of a smartcard mitigates, and > > therefore a smartcard key *is* more secure than a non-smartcard key > > No. It's more secure *only if those attacks are within your threat > profile*. It is objectively more secure. Whether that extra security is relevant to your threat profile is a different question; e.g., you may also have threats that you are not aware of. Like almost everything in security, this is a trade-off. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From peter at digitalbrains.com Mon Apr 24 19:23:29 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 24 Apr 2017 19:23:29 +0200 Subject: GPG Signature Verification In-Reply-To: References: Message-ID: On 20/04/17 21:17, Paul Taukatch wrote: > Does anyone know exactly what this verify data is comprised of? "data" seems to be correct: it is an EMSA-PKCS1-v1_5 encoded RSA SHA-256 signature. As RFC 3447 states: EM = 0x00 || 0x01 || PS || 0x00 || T. PS is a string of binary 1's to fill up the remaining space in the RSA message, and T is a constant DER-encoding of SHA-256 followed by the actual signature. The constant portion is in both RFC 3447 and RFC 4880: The full hash prefixes for these are as follows: [...] SHA256: 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 The part of "cmp" that would correspond to the constant part of the DER encoding I do not recognise. My guess is that you did not instruct the library you're using to generate the signature to create an EMSA-PKCS1-v1_5 encoding, and that's why it is generating an RSA message that differs in construction. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Apr 24 23:49:00 2017 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Apr 2017 17:49:00 -0400 Subject: "general purpose OS is fundamentally inadequate for trusted operations" In-Reply-To: <20170424163342.4jcukspdxch4w7ud@grep.be> References: <871st1wjdt.fsf@gnu.org> <9a463edc-a553-4347-339e-a19b80576aab@sixdemonbag.org> <87tw5xq9fs.fsf@gnu.org> <506d345d-b477-d7e6-4937-069464436c6d@mail.ru> <7b316577-3df4-838b-d9f4-5d0f035a99ff@sixdemonbag.org> <20170423150013.xcvvjgmkwkvjr6us@grep.be> <23cd9ca1-4779-824b-17a8-65e53153a842@sixdemonbag.org> <20170424163342.4jcukspdxch4w7ud@grep.be> Message-ID: > It is objectively more secure. No. Security is inherently subjective. A risk that one person is willing to bear, another is not; a risk one person deems catastrophic, another deems insignificant. From peter at digitalbrains.com Wed Apr 26 12:23:49 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 26 Apr 2017 12:23:49 +0200 Subject: GPG Signature Verification In-Reply-To: References: Message-ID: On 24/04/17 19:23, Peter Lebbing wrote: > The part of "cmp" that would correspond to the constant part of the DER > encoding I do not recognise. It is still proper ASN.1, but it encodes a slightly different structure. I wondered whether it was DER encoded or BER encoded, because I read that BER was valid for old PKCS#1 v1.5 structures. DER is a subset of BER. If the Python ASN.1 module pyasn1 rejects malformed DER encoding then it is proper DER; or would pyasn1 be liberal in what it accepts? Anyway, the two ASN.1 encoded objects are slightly different: $ python [...] >>> import pyasn1.codec.der.decoder >>> sha256der = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20' + chr(0)*32 >>> unknown_enc=b'\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x04\x20'+chr(0)*32 >>> pyasn1.codec.der.decoder.decode(sha256der) (Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, ObjectIdentifier(2.16.840.1.101.3.4.2.1)).setComponentByPosition(1, Null(''))).setComponentByPosition(1, OctetString(hexValue='0000000000000000000000000000000000000000000000000000000000000000')), '') >>> pyasn1.codec.der.decoder.decode(unknown_enc) (Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, ObjectIdentifier(2.16.840.1.101.3.4.2.1))).setComponentByPosition(1, OctetString(hexValue='0000000000000000000000000000000000000000000000000000000000000000')), '') There's an extra setComponentByPosition(1, Null('')) in the properly encoded ASN.1. It would appear that the library you're using *is* trying to generate a PKCS#1 v1.5 message, but that it ends up with a slightly different DER encoding than what is defined for OpenPGP. You will have to find a way to generate a EMSA-PKCS1-v1_5 structure that is compatible to RFC 4880 (and RFC 3447 PKCS #1 Version 2.1). I don't know much about ASN.1, so I can't really say anything useful about the results of the experiment above. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Thu Apr 27 06:28:06 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Apr 2017 21:28:06 -0700 Subject: Prefer a currently available signing subkey? In-Reply-To: <09c44797-7ff1-b959-bf18-bf2a46b02214@gmail.com> References: <0292cef9-24c5-3ca0-527d-fca5b9015063@00dani.me> <87tw5k7631.fsf@fifthhorseman.net> <09c44797-7ff1-b959-bf18-bf2a46b02214@gmail.com> Message-ID: <87mvb279ux.fsf@fifthhorseman.net> On Thu 2017-04-20 02:36:16 +0200, Juan Miguel Navarro Mart?nez wrote: > On 2017-04-19 at 17:46, Daniel Kahn Gillmor wrote: >> The open report is https://dev.gnupg.org/T1983 > > Is it possible that is a duplicate of this report too? > https://dev.gnupg.org/T1967 > > Both are about a capable subkey not being used on GnuPG Modern branch > because it prefers a subkey with its missing secret part. Plus there was > a patch which seemed to work for 2.1.18. I agree that these seem related, though T1983 has smartcard-specific concerns. I've tested the patch for T1967 in a non-smartcard situation, but haven't tested it with a smartcard yet. I'd be happy to hear the results of such a test, if anyone has a smartcard handy for testing. --dkg From dkg at fifthhorseman.net Thu Apr 27 07:37:56 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Apr 2017 22:37:56 -0700 Subject: Bad passphrase with gpg 2.1 - works fine with gpg 1.4 In-Reply-To: <20170419134920.GA24065@jonson.org> References: <20170419134920.GA24065@jonson.org> Message-ID: <87k26676mj.fsf@fifthhorseman.net> Hi Fredrik-- On Wed 2017-04-19 15:49:20 +0200, Fredrik Jonson wrote: > After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More > precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as > gpg1 does accept that very same passphrase. What am I doing wrong? gpg 1.4.x and 2.1.x use different secret keyrings. the first time that 2.1.x runs, it tries to import secret key material from the 1.4.x keyring, but it's possible that this happened before the previous key generation. You can encourage 2.1.x to try that migration again with: rm ~/.gnupg/.gpg-v21-migrated gpg2 --list-secret-keys > In an attempt to narrow the scope of possible causes, I've tried to > instruct gpg2 to not use-agent, but failed. modern GnuPG (v2.1) is designed to only use the agent. on this branch, gpg itself never handles secret key material at all. > Gpg2 still prompts me using a GUI dialog, rather than interactively in > the terminal. Can I, from the command line, tell gpg2 not to use agent > and always prompt me for the passphrase in the terminal rather than > via Gnome or gpg-agent? I'm not sure that this is related to your other question. but if you really prefer to only be prompted in the terminal, you can change the version of pinentry that you have installed to pinentry-curses or pinentry-tty. If you're using this from a graphical environment though, i do not recommend making this change. Stick with the graphical passphrase prompt! > Is gpg2 in general compatible with gpg1? Can I use gpg2 while some of my > recipients keep using gpg1? Or is that a bad idea for some reason? you can use gpg 2.1.x while your correspondents use gpg 1.4.x. but trying to use 2.1.x yourself while also using 1.4.x (the "co-installed case") doesn't work very well in my experience, since there are different secret keyrings, and in practice there can be different public keyrings as well (2.1.x prefers ~/.gnupg/pubring.kbx, but 1.4.x only knows about ~/.gnupg/pubring.gpg). --dkg From ptauk at us.ibm.com Thu Apr 27 17:30:33 2017 From: ptauk at us.ibm.com (Paul Taukatch) Date: Thu, 27 Apr 2017 11:30:33 -0400 Subject: GPG Signature Verification In-Reply-To: References: Message-ID: This was exactly the issue! I was originally using the bouncy castle ASN1Encodable library to generate the encoded hash value which for some reason does not seem to produce the value defined/expected by the PGP. Instead I now just use ASN1 full hash prefixes defined in the RFC directly and the issue was resolved. Very much appreciated Peter! Thanks, Paul Taukatch Advanced Technologies Team / zOS Cloud Crypto From: Peter Lebbing To: Paul Taukatch/Poughkeepsie/IBM at IBMUS, gnupg-users at gnupg.org Date: 04/26/2017 06:24 AM Subject: Re: GPG Signature Verification On 24/04/17 19:23, Peter Lebbing wrote: > The part of "cmp" that would correspond to the constant part of the DER > encoding I do not recognise. It is still proper ASN.1, but it encodes a slightly different structure. I wondered whether it was DER encoded or BER encoded, because I read that BER was valid for old PKCS#1 v1.5 structures. DER is a subset of BER. If the Python ASN.1 module pyasn1 rejects malformed DER encoding then it is proper DER; or would pyasn1 be liberal in what it accepts? Anyway, the two ASN.1 encoded objects are slightly different: $ python [...] >>> import pyasn1.codec.der.decoder >>> sha256der = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02 \x01\x05\x00\x04\x20' + chr(0)*32 >>> unknown_enc=b'\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02 \x01\x04\x20'+chr(0)*32 >>> pyasn1.codec.der.decoder.decode(sha256der) (Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, ObjectIdentifier(2.16.840.1.101.3.4.2.1)).setComponentByPosition(1, Null (''))).setComponentByPosition(1, OctetString (hexValue='0000000000000000000000000000000000000000000000000000000000000000')), '') >>> pyasn1.codec.der.decoder.decode(unknown_enc) (Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, ObjectIdentifier(2.16.840.1.101.3.4.2.1))).setComponentByPosition(1, OctetString (hexValue='0000000000000000000000000000000000000000000000000000000000000000')), '') There's an extra setComponentByPosition(1, Null('')) in the properly encoded ASN.1. It would appear that the library you're using *is* trying to generate a PKCS#1 v1.5 message, but that it ends up with a slightly different DER encoding than what is defined for OpenPGP. You will have to find a way to generate a EMSA-PKCS1-v1_5 structure that is compatible to RFC 4880 (and RFC 3447 PKCS #1 Version 2.1). I don't know much about ASN.1, so I can't really say anything useful about the results of the experiment above. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at [attachment "signature.asc" deleted by Paul Taukatch/Poughkeepsie/IBM] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From rexk99 at gmail.com Sun Apr 30 06:03:14 2017 From: rexk99 at gmail.com (Rex Kneisley) Date: Sat, 29 Apr 2017 21:03:14 -0700 Subject: Trouble installing Version 2.1 on Debian Jessie Message-ID: Hello All, I'm trying to install version 2.1 the "Debian way". According to dkg's web-log entry titled "GnuPG 2.1.0 in debian experimental" I should use experimental. so I added the experimental repository: # Experimental repository - main, contrib and non-free branches deb http://http.us.debian.org/debian experimental main non-free contrib deb-src http://http.us.debian.org/debian experimental main non-free contrib Created an apt preferences file /etc/apt/preferences.d/my_preferences with: Package: * Pin: release a=stable Pin-Priority: 700 Package: * Pin: release a=testing Pin-Priority: 650 Package: * Pin: release a=experimental Pin-Priority: 625 Package: * Pin: release a=unstable Pin-Priority: 600 ran: sudo apt-get update checked priorities with: rexk at debian-pc:~$ sudo apt-cache policy gnupg gnupg: Installed: 1.4.18-7+deb8u3 Candidate: 1.4.18-7+deb8u3 Version table: 2.1.20-3 0 625 http://http.us.debian.org/debian/ experimental/main amd64 Packages 2.1.18-6 0 650 http://http.us.debian.org/debian/ testing/main amd64 Packages 600 http://http.us.debian.org/debian/ unstable/main amd64 Packages *** 1.4.18-7+deb8u3 0 700 http://ftp.us.debian.org/debian/ jessie/main amd64 Packages 100 /var/lib/dpkg/status 1.4.18-7+deb8u2 0 700 http://security.debian.org/ jessie/updates/main amd64 Packages and finally ran the commands: cp -aT .gnupg .gnupg.bak sudo apt install -t experimental gnupg2 gnupg-agent dirmngr gpgsm gpgv2 scdaemon which produced the following results: Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: dirmngr : Depends: libassuan0 (>= 2.4.0) but 2.1.2-2 is to be installed Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be installed Depends: libgnutls30 (>= 3.5.6) but it is not going to be installed Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be installed Recommends: gnupg (= 2.1.20-3) but 1.4.18-7+deb8u3 is to be installed gnupg-agent : Depends: libassuan0 (>= 2.3.0) but 2.1.2-2 is to be installed Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be installed gnupg2 : Depends: gnupg (>= 2.1.20-3) but 1.4.18-7+deb8u3 is to be installed gpgsm : Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be installed Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be installed gpgv2 : Depends: gpgv (>= 2.1.20-3) but 1.4.18-7+deb8u3 is to be installed scdaemon : Depends: libassuan0 (>= 2.2.0) but 2.1.2-2 is to be installed Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be installed Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be installed E: Unable to correct problems, you have held broken packages. Was I missing a step? Any help would be appreciated. -- Sincerely, Rex Kneisley -------------- next part -------------- An HTML attachment was scrubbed... URL: From dank at kegel.com Sun Apr 30 06:14:15 2017 From: dank at kegel.com (Dan Kegel) Date: Sat, 29 Apr 2017 21:14:15 -0700 Subject: Unattended use of gpg across a wide range of gpg versions, Ubuntu edition. --debug-quick-random taking evasive action. Message-ID: tl;dr: anyone know what's up with --debug-quick-random? Also, handy script for unattended key generation across many versions of gpg. Hi all. This topic has been beaten to death on many forums and in many bug reports, but here's a user report from the field that sums up what works. It's mostly just stitching together known workarounds, plus one little mystery with --debug-quick-random in gpg 2.1.15 (the one on Ubuntu 17.04). I'll list the problems, then at the bottom show the full solution I'm using. I'm writing a test script that uses gpg, so I reviewed https://www.gnupg.org/documentation/manuals/gnupg/Unattended-Usage-of-GPG.html but it doesn't quite handle all the situations I ran into. This kind of test script has to satisfy requirements like: - work on current OS as well as last few LTS releases - use the OS's default gpg - work in both interactive and headless situations - leave the user's normal environment unchanged - work even in deeply nested directories That means I can't follow some of the advice in the manual (e.g. "use GPGME" or "use --quick-addkey"). For the purposes of testing, let's say I want to generate a key with the command gpg --gen-key for use with apt on an Ubuntu 17.04 desktop, as well as in freshly installed headless older systems. (For instance, containers created with the commands lxc-create -n ubu1204 -t download -- --dist ubuntu --release precise --arch amd64 lxc-create -n ubu1404 -t download -- --dist ubuntu --release trusty --arch amd64 lxc-create -n ubu1604 -t download -- --dist ubuntu --release xenial --arch amd64 lxc-create -n ubu1704 -t download -- --dist ubuntu --release zesty --arch amd64 ) Easy, right? Challenges and solutions I ran into, rearranged in a less embarassing order than I ran into them: 0. Googling for solutions to problems finds stale or incomplete info from random people Solution: RTFM. Really. Go find *the manual* for gpg and read it. 1. Running a test script that creates keys affects user's keyring Solution: follow https://www.gnupg.org/documentation/manuals/gnupg/Ephemeral-home-directories.html i.e. create a directory for the test, and set GNUPGHOME to the absolute path to that dir Works on all systems 2. 'gpg --gen-key' prompts user for key parameters, and aborts if /dev/tty can't be opened (e.g. with noninteractive ssh ) Solution: follow https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html i.e. create a file foo.dat containing the responses, e.g. Key-Type: 1 Key-Length: 2048 Subkey-Type: 1 Subkey-Length: 2048 Name-Real: My Real Name Name-Email: foo at example.com Expire-Date: 30 and change the command to 'gpg --batch --gen-key foo.dat' Works on ubuntu 16.04 and below 3. On ubuntu 16.04, which straddles gpg and gpg2, the command 'gpg --export | gpg2 --import -' appears to be required to get apt to notice a key you've generated with gpg, but 'gpg2 --import' aborts with gpg: can't connect to the agent: Invalid value passed to IPC gpg: error getting the KEK: No agent running Solution: 'sudo apt-get install gnupg-agent', then use "gpg-agent --daemon -- gpgcommand..." to create a transient gpg-agent just for the duration of the gpg command. This works on Ubuntu 12.04 through 16.04. 4. also on ubuntu 17.04, the previous fix isn't quite enough. gpg-agent fails with gpg-agent[1631]: command 'GENKEY' failed: Inappropriate ioctl for device gpg: agent_genkey failed: Inappropriate ioctl for device which sounds like https://dev.gnupg.org/T2680 Evidently it wants a tty, which isn't going to be possible. Solution: echo allow-loopback-pinentry > $GNUPGHOME/gpg-agent.conf and add --pinentry-mode loopback to the gpg command. This requires ubuntu 17.04 and up; you can't use it with ubuntu 12.04 through 16.04. 5. gpg hangs with message Not enough random bytes available. Please do some other work... Solutions: a) stuff the system rng somewhat securely; e.g. on Ubuntu, 'sudo apt-get install haveged' b) tell gpg to use an insecure RNG, e.g. if gpg --quick-random --version >/dev/null 2>&1 ; then echo quick-random >> "$GNUPGHOME"/gpg.conf elif gpg --debug-quick-random --version >/dev/null 2>&1 ; then echo debug-quick-random >> "$GNUPGHOME"/gpg.conf fi Either works on all tested ubuntu versions up to ubuntu 16.04. 6. On Ubuntu 17.04, gpg (2.1.15) takes several minutes to run, complaining gpg-agent[6385]: can't connect my own socket: IPC connect call failed gpg-agent[6385]: this process is useless - shutting down even with --debug-quick-random in gpg.conf (or gpg-agent.conf). Oddly, the same two workarounds fix this, more or less: a) stuff the system rng somewhat securely; e.g. on Ubuntu, 'sudo apt-get install haveged' b) tell gpg-agent to use an insecure RNG; only way is to pass --debug-quick-random option on gpg-agent's commandline! Neither conf file will do anymore. That socket error is very odd, and so is the fact that tweaking the rng in these two ways makes it go away. Bug? Feature? 7. When running tests in directories with long names, gpg aborts with socket name '/some/long/path is too long Solution: GNUPGHOME must be shorter than UNIX_PATH_MAX, which can be as short as 94 bytes on some systems. (Fixed in latest gpg, but you have to work around it for older ones.) 8. gpg might write to the tty at some point Solution: as documented, add --no-tty options on all gpg calls or in conf file Here's a consensus script for unattended key generation demonstrating most of the workarounds. --- snip --- #!/bin/sh set -x set -e # Check to see if gpg requires agent & supports loopback prompt if gpg --version | head -n 1 | grep ' 2\.' then gpg_use_loopback=true else gpg_use_loopback=false fi # Check to see if ubuntu 16.04-specific workaround needed for apt if test -x /usr/bin/gpg2 then gpg_copy_to_gpg2_needed=true else gpg_copy_to_gpg2_needed=false fi # Avoid 'socket name too long' error with older gpg GNUPGHOME=/tmp/gpg-isolation-demo-unique-and-obscure-path export GNUPGHOME rm -rf $GNUPGHOME mkdir -m700 $GNUPGHOME # 1st half of workaround to allow bypassing pinentry prompts; insecure-ish if $gpg_use_loopback then echo allow-loopback-pinentry > $GNUPGHOME/gpg-agent.conf fi # Never send output to tty echo no-tty >> $GNUPGHOME/gpg.conf # Never ask questions echo batch >> $GNUPGHOME/gpg.conf # Work around lack of entropy; we don't need it for this test. Insecure. QUICK="" if gpg --quick-random --version >/dev/null 2>&1 ; then echo quick-random >> "$GNUPGHOME"/gpg.conf elif gpg --debug-quick-random --version >/dev/null 2>&1 ; then echo debug-quick-random >> "$GNUPGHOME"/gpg.conf QUICK=--debug-quick-random fi keyemail=foo at example.com cat > gpg.in.tmp <<_EOF_ Key-Type: 1 Key-Length: 2048 Subkey-Type: 1 Subkey-Length: 2048 Name-Real: My Real Name Name-Email: $keyemail Expire-Date: 30 _EOF_ if $gpg_use_loopback then time gpg-agent $QUICK --daemon -- \ gpg --pinentry-mode loopback --passphrase '' --gen-key gpg.in.tmp else gpg --passphrase '' --gen-key gpg.in.tmp < /dev/null # Extra step only needed for ubuntu 16.04's apt? if $gpg_copy_to_gpg2_needed then gpg --passphrase '' --armor --export-secret-keys $keyemail \ | gpg-agent --daemon gpg2 --passphrase "" --import - fi fi --- snip --- From tlikonen at iki.fi Sun Apr 30 08:14:54 2017 From: tlikonen at iki.fi (Teemu Likonen) Date: Sun, 30 Apr 2017 09:14:54 +0300 Subject: Trouble installing Version 2.1 on Debian Jessie In-Reply-To: (Rex Kneisley's message of "Sat, 29 Apr 2017 21:03:14 -0700") References: Message-ID: <87d1bu5sm9.fsf@iki.fi> Rex Kneisley [2017-04-29 21:03:14-07] wrote: > I'm trying to install version 2.1 the "Debian way". > sudo apt install -t experimental gnupg2 gnupg-agent dirmngr gpgsm > gpgv2 scdaemon > The following packages have unmet dependencies: I suggest using "testing" instead of "experimental" because testing is the direct upgrade path from stable. Actually I'm not brave enough to try even that (i.e., mixing stable and testing) but I'll give a direct answer to your question anyway. So, in your problem the package manager prefers the stable (jessie) repository and tries to load some libraries from there. However, your experimental gnupg packages require versions that are not in the stable. Possible solutions: - Add those unmet dependencies to your "apt install -t experimental" command line. - Use "aptitude" command and its dependency solver interactively. It suggests different solutions. Choose the one that suggest loading all necessary packages from the experimental repository. -- /// Teemu Likonen - .-.. // // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 /// -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 454 bytes Desc: not available URL: From w at uter.be Sun Apr 30 11:45:12 2017 From: w at uter.be (Wouter Verhelst) Date: Sun, 30 Apr 2017 11:45:12 +0200 Subject: Trouble installing Version 2.1 on Debian Jessie In-Reply-To: References: Message-ID: <20170430094512.eqx3piwyu2zka6lb@grep.be> On Sat, Apr 29, 2017 at 09:03:14PM -0700, Rex Kneisley wrote: > Hello All, > > I'm trying to install version 2.1 the "Debian way".. > > According to dkg's web-log entry titled "GnuPG 2.1.0 in debian experimental" > > I should use experimental. This is no longer the case; GnuPG 2.1 is in Debian unstable (and has been for a while). Just installing that from unstable, however, will have bad side effects for other software on your system, so I recommend against it (see also https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian) Instead, it's better to run a backport. First, remove the experimental repositories, and add a deb-src line for testing to your sources.list. Then, run: apt-get build-dep gnupg apt-get -b source gnupg This will take a while. If all goes well, and there are no dependencies needed from unstable (I haven't checked), you'll end up with gnupg packages that you can install on your jessie machine. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 From calmstorm at posteo.de Sun Apr 30 13:00:02 2017 From: calmstorm at posteo.de (zap) Date: Sun, 30 Apr 2017 07:00:02 -0400 Subject: Trouble installing Version 2.1 on Debian Jessie In-Reply-To: References: Message-ID: You should use debian stretch if you want 2.1 but I also say that you should install lxde first if you use the rc2 installer which is what I used. because mate install causes wifi to be nonexistant if you install that first. If you install stretch that is... and yes, stretch is extremely stable for me. but I Would reinstall from scratch after saving your important files to something. On 04/30/2017 12:03 AM, Rex Kneisley wrote: > Hello All, > > I'm trying to install version 2.1 the "Debian way". > > According to dkg's web-log entry titled "GnuPG 2.1.0 in debian > experimental" > > I should use experimental. > > so I added the experimental repository: > # Experimental repository - main, contrib and non-free branches > deb http://http.us.debian.org/debian experimental main non-free contrib > deb-src http://http.us.debian.org/debian experimental main non-free > contrib > > Created an apt preferences file > /etc/apt/preferences.d/my_preferences > with: > Package: * > Pin: release a=stable > Pin-Priority: 700 > > Package: * > Pin: release a=testing > Pin-Priority: 650 > > Package: * > Pin: release a=experimental > Pin-Priority: 625 > > > Package: * > Pin: release a=unstable > Pin-Priority: 600 > > ran: > sudo apt-get update > checked priorities with: > rexk at debian-pc:~$ sudo apt-cache policy gnupg > gnupg: > Installed: 1.4.18-7+deb8u3 > Candidate: 1.4.18-7+deb8u3 > Version table: > 2.1.20-3 0 > 625 http://http.us.debian.org/debian/ experimental/main amd64 > Packages > 2.1.18-6 0 > 650 http://http.us.debian.org/debian/ testing/main amd64 Packages > 600 http://http.us.debian.org/debian/ unstable/main amd64 Packages > *** 1.4.18-7+deb8u3 0 > 700 http://ftp.us.debian.org/debian/ jessie/main amd64 Packages > 100 /var/lib/dpkg/status > 1.4.18-7+deb8u2 0 > 700 http://security.debian.org/ jessie/updates/main amd64 Packages > > and finally ran the commands: > cp -aT .gnupg .gnupg.bak > sudo apt install -t experimental gnupg2 gnupg-agent dirmngr gpgsm gpgv2 scdaemon > > which produced the following results: > Reading package lists... Done > Building dependency tree > Reading state information... Done > Some packages could not be installed. This may mean that you have > requested an impossible situation or if you are using the unstable > distribution that some required packages have not yet been created > or been moved out of Incoming. > The following information may help to resolve the situation: > > The following packages have unmet dependencies: > dirmngr : Depends: libassuan0 (>= 2.4.0) but 2.1.2-2 is to be installed > Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be > installed > Depends: libgnutls30 (>= 3.5.6) but it is not going to be > installed > Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be > installed > Recommends: gnupg (= 2.1.20-3) but 1.4.18-7+deb8u3 is to be > installed > gnupg-agent : Depends: libassuan0 (>= 2.3.0) but 2.1.2-2 is to be > installed > Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is > to be installed > gnupg2 : Depends: gnupg (>= 2.1.20-3) but 1.4.18-7+deb8u3 is to be > installed > gpgsm : Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to be > installed > Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be > installed > gpgv2 : Depends: gpgv (>= 2.1.20-3) but 1.4.18-7+deb8u3 is to be > installed > scdaemon : Depends: libassuan0 (>= 2.2.0) but 2.1.2-2 is to be installed > Depends: libgcrypt20 (>= 1.7.0) but 1.6.3-2+deb8u2 is to > be installed > Depends: libksba8 (>= 1.3.4) but 1.3.2-1+deb8u1 is to be > installed > E: Unable to correct problems, you have held broken packages. > > Was I missing a step? > > Any help would be appreciated. > > > -- > Sincerely, > > > Rex Kneisley > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From dank at kegel.com Sun Apr 30 18:08:38 2017 From: dank at kegel.com (Dan Kegel) Date: Sun, 30 Apr 2017 09:08:38 -0700 Subject: Unattended use of gpg across a wide range of gpg versions, Ubuntu edition. --debug-quick-random taking evasive action. In-Reply-To: References: Message-ID: addendum: demo of how to delete a key unattended with gpg2 Documented in earlier thread, http://marc.info/?l=gnupg-users&m=146287358008663&w=2 -- snip -- #!/bin/sh # Script to demonstrate unattended creation, export, and deletion of a secret key with gpg 2.x set -ex cat > test-script.sh << "_EOF_" set -e set -x passphrase="" gpg --batch --passphrase "$passphrase" --quick-gen-key 'test user ' gpg --batch --passphrase "$passphrase" --pinentry-mode loopback --export-secret-key --armor 'test user ' > key.dat # 1st fingerprint is for the primary, 2nd is for the secondary? fingerprint=$(gpg -k --with-colons test at example.org | awk -F: '/^fpr:/ {print $10}' | head -n 1) gpg --batch --passphrase "$passphrase" --pinentry-mode loopback --yes --delete-secret-and-public-key $fingerprint _EOF_ chmod +x test-script.sh rm -rf /tmp/gpgtest-* export GNUPGHOME=$(mktemp -d /tmp/gpgtest-XXXXXXX.tmp) echo "allow-loopback-pinentry" > $GNUPGHOME/gpg-agent.conf gpg-agent --daemon ./test-script.sh rm -rf $GNUPGHOME -- snip -- On Sat, Apr 29, 2017 at 9:14 PM, Dan Kegel wrote: > tl;dr: anyone know what's up with --debug-quick-random? Also, handy > script for unattended key generation across many versions of gpg. > > Hi all. This topic has been beaten to death on many forums and in many > bug reports, but here's a user report from the field that sums up what > works. It's mostly just stitching together known workarounds, plus > one little mystery > with --debug-quick-random in gpg 2.1.15 (the one on Ubuntu 17.04). > I'll list the problems, then at the bottom show the full solution I'm using. > > I'm writing a test script that uses gpg, so I reviewed > https://www.gnupg.org/documentation/manuals/gnupg/Unattended-Usage-of-GPG.html > but it doesn't quite handle all the situations I ran into. > This kind of test script has to satisfy requirements like: > - work on current OS as well as last few LTS releases > - use the OS's default gpg > - work in both interactive and headless situations > - leave the user's normal environment unchanged > - work even in deeply nested directories > That means I can't follow some of the advice in the manual (e.g. "use > GPGME" or "use --quick-addkey"). > > For the purposes of testing, let's say I want to generate a key with the command > gpg --gen-key > for use with apt on an Ubuntu 17.04 desktop, as well as in freshly > installed headless older systems. > (For instance, containers created with the commands > lxc-create -n ubu1204 -t download -- --dist ubuntu --release precise > --arch amd64 > lxc-create -n ubu1404 -t download -- --dist ubuntu --release trusty > --arch amd64 > lxc-create -n ubu1604 -t download -- --dist ubuntu --release xenial > --arch amd64 > lxc-create -n ubu1704 -t download -- --dist ubuntu --release zesty > --arch amd64 ) > Easy, right? > > Challenges and solutions I ran into, rearranged in a less embarassing > order than I ran into them: > > 0. Googling for solutions to problems finds stale or incomplete info > from random people > Solution: RTFM. Really. Go find *the manual* for gpg and read it. > > 1. Running a test script that creates keys affects user's keyring > Solution: follow > https://www.gnupg.org/documentation/manuals/gnupg/Ephemeral-home-directories.html > i.e. create a directory for the test, and set GNUPGHOME to the > absolute path to that dir > Works on all systems > > 2. 'gpg --gen-key' prompts user for key parameters, and aborts if > /dev/tty can't be opened (e.g. with noninteractive ssh ) > Solution: follow > https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html > i.e. create a file foo.dat containing the responses, e.g. > Key-Type: 1 > Key-Length: 2048 > Subkey-Type: 1 > Subkey-Length: 2048 > Name-Real: My Real Name > Name-Email: foo at example.com > Expire-Date: 30 > and change the command to 'gpg --batch --gen-key foo.dat' > Works on ubuntu 16.04 and below > > 3. On ubuntu 16.04, which straddles gpg and gpg2, the command > 'gpg --export | gpg2 --import -' > appears to be required to get apt to notice a key you've generated > with gpg, but 'gpg2 --import' aborts with > gpg: can't connect to the agent: Invalid value passed to IPC > gpg: error getting the KEK: No agent running > > Solution: 'sudo apt-get install gnupg-agent', then > use "gpg-agent --daemon -- gpgcommand..." to create a transient > gpg-agent just for the duration of the gpg command. > This works on Ubuntu 12.04 through 16.04. > > 4. also on ubuntu 17.04, the previous fix isn't quite enough. > gpg-agent fails with > gpg-agent[1631]: command 'GENKEY' failed: Inappropriate ioctl for > device > gpg: agent_genkey failed: Inappropriate ioctl for device > which sounds like https://dev.gnupg.org/T2680 > Evidently it wants a tty, which isn't going to be possible. > Solution: > echo allow-loopback-pinentry > $GNUPGHOME/gpg-agent.conf > and add --pinentry-mode loopback to the gpg command. > This requires ubuntu 17.04 and up; you can't use it with ubuntu 12.04 > through 16.04. > > 5. gpg hangs with message > Not enough random bytes available. Please do some other work... > Solutions: > a) stuff the system rng somewhat securely; e.g. on Ubuntu, 'sudo > apt-get install haveged' > b) tell gpg to use an insecure RNG, e.g. > if gpg --quick-random --version >/dev/null 2>&1 ; then > echo quick-random >> "$GNUPGHOME"/gpg.conf > elif gpg --debug-quick-random --version >/dev/null 2>&1 ; then > echo debug-quick-random >> "$GNUPGHOME"/gpg.conf > fi > Either works on all tested ubuntu versions up to ubuntu 16.04. > > 6. On Ubuntu 17.04, gpg (2.1.15) takes several minutes to run, complaining > gpg-agent[6385]: can't connect my own socket: IPC connect call failed > gpg-agent[6385]: this process is useless - shutting down > even with --debug-quick-random in gpg.conf (or gpg-agent.conf). > Oddly, the same two workarounds fix this, more or less: > a) stuff the system rng somewhat securely; e.g. on Ubuntu, 'sudo > apt-get install haveged' > b) tell gpg-agent to use an insecure RNG; only way is to pass > --debug-quick-random option on gpg-agent's commandline! > Neither conf file will do anymore. That socket error is very odd, and > so is the fact > that tweaking the rng in these two ways makes it go away. Bug? Feature? > > 7. When running tests in directories with long names, gpg aborts with > socket name '/some/long/path is too long > Solution: GNUPGHOME must be shorter than UNIX_PATH_MAX, which can be > as short as 94 bytes on some systems. > (Fixed in latest gpg, but you have to work around it for older ones.) > > 8. gpg might write to the tty at some point > Solution: as documented, add --no-tty options on all gpg calls or in conf file > > Here's a consensus script for unattended key generation demonstrating > most of the workarounds. > --- snip --- > #!/bin/sh > set -x > set -e > > # Check to see if gpg requires agent & supports loopback prompt > if gpg --version | head -n 1 | grep ' 2\.' > then > gpg_use_loopback=true > else > gpg_use_loopback=false > fi > > # Check to see if ubuntu 16.04-specific workaround needed for apt > if test -x /usr/bin/gpg2 > then > gpg_copy_to_gpg2_needed=true > else > gpg_copy_to_gpg2_needed=false > fi > > # Avoid 'socket name too long' error with older gpg > GNUPGHOME=/tmp/gpg-isolation-demo-unique-and-obscure-path > export GNUPGHOME > rm -rf $GNUPGHOME > mkdir -m700 $GNUPGHOME > > # 1st half of workaround to allow bypassing pinentry prompts; insecure-ish > if $gpg_use_loopback > then > echo allow-loopback-pinentry > $GNUPGHOME/gpg-agent.conf > fi > > # Never send output to tty > echo no-tty >> $GNUPGHOME/gpg.conf > # Never ask questions > echo batch >> $GNUPGHOME/gpg.conf > > # Work around lack of entropy; we don't need it for this test. Insecure. > QUICK="" > if gpg --quick-random --version >/dev/null 2>&1 ; then > echo quick-random >> "$GNUPGHOME"/gpg.conf > elif gpg --debug-quick-random --version >/dev/null 2>&1 ; then > echo debug-quick-random >> "$GNUPGHOME"/gpg.conf > QUICK=--debug-quick-random > fi > > keyemail=foo at example.com > cat > gpg.in.tmp <<_EOF_ > Key-Type: 1 > Key-Length: 2048 > Subkey-Type: 1 > Subkey-Length: 2048 > Name-Real: My Real Name > Name-Email: $keyemail > Expire-Date: 30 > _EOF_ > > if $gpg_use_loopback > then > time gpg-agent $QUICK --daemon -- \ > gpg --pinentry-mode loopback --passphrase '' --gen-key gpg.in.tmp > else > gpg --passphrase '' --gen-key gpg.in.tmp < /dev/null > > # Extra step only needed for ubuntu 16.04's apt? > if $gpg_copy_to_gpg2_needed > then > gpg --passphrase '' --armor --export-secret-keys $keyemail \ > | gpg-agent --daemon gpg2 --passphrase "" --import - > fi > fi > --- snip --- From peter at digitalbrains.com Sun Apr 30 20:04:24 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 30 Apr 2017 20:04:24 +0200 Subject: Trouble installing Version 2.1 on Debian Jessie In-Reply-To: References: Message-ID: <29508c81-fd60-38be-fb3e-4f2ce18ff877@digitalbrains.com> On 30/04/17 06:03, Rex Kneisley wrote: > I should use experimental. As others said, I'd use the packages from stretch/testing, as they have already percolated down that far. > Created an apt preferences file > /etc/apt/preferences.d/my_preferences > [...] > sudo apt install -t experimental gnupg2 gnupg-agent dirmngr gpgsm gpgv2 scdaemon Perhaps your pinning in apt-preferences is interfering with the -t option, because I think the -t option should promote dependencies to be downloaded from the specified suite as well. (Do you mean "apt-get" instead of "apt", by the way?) What I do when I seem to get the wrong results regarding dependencies, is just select all the specific versions of dependencies I want manually with aptitude's visual mode. It helps tremendously to set the following option in aptitude: Options -> Preferences -> "The display format for the status line": %d %t That way it shows what suite a package version belongs to in the status line. The config file version of this is: $ cat ~/.aptitude/config [...] aptitude::UI::Package-Status-Format "%d %t"; The available versions of a package are right at the bottom of the package information in aptitude. Anyway, if you install GnuPG 2.1 from stretch/sid/experimental, it will *replace* your GnuPG 1.4. But packages using GnuPG 1.4 in Debian jessie do not expect this to be the case, and might malfunction. Another option is to install my backport of GnuPG 2.1 which comes in the place of GnuPG 2.0 instead. I've put it on GitLab here: get My README.md is a bit alarming, I know, but I don't want to be responsible for goofs. I tried my best, and to the best of my knowledge it is in fine shape. I use it myself. You could look at the differences compared to the Git repository at: to check it for yourself (my tag dbbp/2.1.19-3-dbbp8+1 is based on debian/2.1.19-3 from upstream; this similarity will generally be the case). [1] As you can see, I'm a bit behind, but not much. It is your decision to use it or not. I'm just providing it as a way for people to avoid the chore of doing the changes themselves. The changes that there are can be reviewed quickly. (It's a pity the quilt patch files are so chatty in their irrelevant differences.) Anyway. While this means that packages depending on 1.4 can keep using it, it also means you'll have both 1.4 and 2.1 installed. Try to avoid actually using both versions for yourself. The keystores can go out of sync and confuse you. So if a system package (like apt itself or some system daemon) uses GnuPG 1.4, that's fine. But if your e-mail plugin uses GnuPG 1.4, you'll probably get confused. HTH, Peter. [1] If you've got the git repository locally: $ git diff debian/2.1.9-3 dbbp/2.1.19-3-dbbp8+1 Furthermore, note both tags are signed: $ git tag -v debian/2.1.19-3 dbbp/2.1.19-3-dbbp8+1 object 372c9126144cb0e80613a317f46479a872f93b0a type commit tag debian/2.1.19-3 tagger Daniel Kahn Gillmor 1490114759 -0400 gnupg2 Debian release 2.1.19-3 gpg: Signature made Tue 21 Mar 2017 17:45:59 CET gpg: using RSA key 38276051EA477FA3E49539321498ADC6C1923237 gpg: issuer "dkg at fifthhorseman.net" gpg: Good signature from "Daniel Kahn Gillmor " [full] gpg: aka "Daniel Kahn Gillmor " [full] gpg: aka "Daniel Kahn Gillmor " [full] gpg: aka "[jpeg image of size 3515]" [never] gpg: aka "Daniel Kahn Gillmor " [full] [...] object 4d66ca8885602e78b96a14f5e2a7fcb7f9bdead9 type commit tag dbbp/2.1.19-3-dbbp8+1 tagger Peter Lebbing 1493556629 +0200 gnupg2 jessie backport 2.1.19-3~dbbp8+1 gpg: Signature made Sun 30 Apr 2017 14:50:48 CEST gpg: using RSA key 65008DC220AAE2A2574D6CD5969E018FDE6CDCA1 gpg: issuer "peter at digitalbrains.com" gpg: Good signature from "Peter Lebbing " [ultimate] However, it remains for you to establish trust in these signatures, otherwise it's like "someone on the internet said it, so it must be true". -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Apr 30 20:32:21 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 30 Apr 2017 20:32:21 +0200 Subject: Extending Expiration dates of gnupg keys with the private key residing on a smart card In-Reply-To: <1491814017.1975.15.camel@graumannschaft.org> References: <1491814017.1975.15.camel@graumannschaft.org> Message-ID: <8fe6af95-b1f3-b6e3-6e97-5a62ca2d6441@digitalbrains.com> Hi, On 10/04/17 10:46, Johannes Graumann wrote: > 2) Import offline master key (backup): > gpg --import .master.key - Which version of GnuPG is this? GnuPG 1.4 will not ever update the secret part of a key, so you'll have to delete the existing copy first. Be very careful! You're deleting a copy of your secret key, make sure you know what you're doing. I believe this also went for 2.0 and only 2.1 can update secret keys, but I'm not sure and can't check from the passenger seat of the car I'm in :-D. - Note that you are negating a large part of an offline master key by bringing it online. Usually, you'd use a different computer to do master key operations on, a computer that doesn't have an internet connection. If you're worried about your computer being hacked, note it usually won't suddenly automatically become un-hacked later, it'll just stay hacked until reinstalled. But there is no single correct answer to this. > 3) Edit expiry of subkeys (pubkey): > gpg --expert --edit-key You shouldn't need to specify --expert to extend expiries. > - toggle keys 1, 2, 3 (sign, encrypt, authentication) > - expire: 1y > - save > > 4) Remove secret master keys: > gpg --delete-secret-keys This has just removed all your private keys belonging to this certificate, primary *and* subkeys. > As a result the keys remain unavailable (expired?) to all means I > intent to use them with (kmail/kgpg/kleopatra, evolution/seahorse, > etc.). ... You /did/ just delete all keys :-). You'll need to restore your private key from backup, and follow the instructions you used earlier to create a subkey-only keyring. By the way, it helps if you post the output of the commands, because we can't see if they appear to have worked correctly. I mean the console ones; I wouldn't start with all the effort of taking screenshots and cropping them and uploading them to the web... HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Apr 30 20:34:40 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 30 Apr 2017 20:34:40 +0200 Subject: Extending Expiration dates of gnupg keys with the private key residing on a smart card In-Reply-To: <1491814017.1975.15.camel@graumannschaft.org> References: <1491814017.1975.15.camel@graumannschaft.org> Message-ID: <6b5b17cd-95bc-836c-6dd2-ea2473d84ba4@digitalbrains.com> I saw one detail after I pressed Send. This appears to be a persistent flaw in my e-mail writing. On 10/04/17 10:46, Johannes Graumann wrote: > 3) Edit expiry of subkeys (pubkey): > gpg --expert --edit-key > - toggle keys 1, 2, 3 (sign, encrypt, authentication) > - expire: 1y > - save I think keys 1, 2 and 3 are all subkeys; NOT your primary. To extend the primary, don't issue a "key" command before "expire". Only after that extend the subkeys. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Apr 30 20:41:38 2017 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 30 Apr 2017 20:41:38 +0200 Subject: Question on Putty and gpg-agent In-Reply-To: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> References: <43389bbb-e09d-a045-f61a-2cae27576761@blazrsoft.com> Message-ID: On 12/04/17 22:42, Antony Prince wrote: > Before I added > "disable-scdaemon", gpg-agent would complain that it couldn't find the > key on the card (I've never had one). Since adding that option, that > error has gone away, but it still does not work and gpg-agent doesn't > provide any helpful output. I don't think you're telling gpg-agent "that key is not on a card". You're telling it "you can't work with cards". Consequently, the little guy or girl living in the code of gpg-agent goes "Hmmm, this is a key on a card. I can't work with a card. I can't work with this key." I think you were hoping it would think "let's look elsewhere", but it likely will not do so. It is a decidedly different behaviour than gpg-agent on Linux. There, it will check if a smartcard is currently connected and if so, offer such a key for authentication. For SSH, it will *never ask* to insert a card! It'll just skip it outright. So it seems gpg-agent is doing entirely different things on Windows. Does it even support on-disk authentication keys or is it smartcard-only? I don't know, I haven't used Windows for anything other than games for very long. I did read the release notes when Putty support was introduced, and it only discussed smartcard keys, but that isn't conclusive proof it only supports smartcard keys. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From zdm at softvisio.net Sun Apr 30 13:15:07 2017 From: zdm at softvisio.net (zdm at softvisio.net) Date: Sun, 30 Apr 2017 14:15:07 +0300 Subject: How to export private ed25519 subkey to the SSH format Message-ID: Hi, I want to use gpg as my primary keyring to store all keys. But sometimes I need to get private key in SSH format to use directly with SSH. For example - deployment keys, to access private projects on github via git from docker containers. Is it currently possible to get private key in SSH format? From dkg at fifthhorseman.net Sun Apr 30 18:01:13 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 30 Apr 2017 12:01:13 -0400 Subject: Trouble installing Version 2.1 on Debian Jessie In-Reply-To: <20170430094512.eqx3piwyu2zka6lb@grep.be> References: <20170430094512.eqx3piwyu2zka6lb@grep.be> Message-ID: <87poft3mwm.fsf@fifthhorseman.net> On Sun 2017-04-30 11:45:12 +0200, Wouter Verhelst wrote: > This is no longer the case; GnuPG 2.1 is in Debian unstable (and has > been for a while). > > Just installing that from unstable, however, will have bad side effects > for other software on your system, so I recommend against it (see also > https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian) I agree with Wouter here. > Instead, it's better to run a backport. First, remove the experimental > repositories, and add a deb-src line for testing to your sources.list. > Then, run: > > apt-get build-dep gnupg > apt-get -b source gnupg > > This will take a while. If all goes well, and there are no dependencies > needed from unstable (I haven't checked), you'll end up with gnupg > packages that you can install on your jessie machine. There are actually several different backports needed to make this work, and it's non-trivial, which is why i haven't gone ahead with the full backport myself yet -- my focus is currently on upstream and on stretch itself. I agree with the other poster in this thread that if you want GnuPG 2.1 on debian, you should really be using stretch itself today. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From business at graumannschaft.org Sun Apr 30 22:04:44 2017 From: business at graumannschaft.org (Johannes Graumann) Date: Sun, 30 Apr 2017 22:04:44 +0200 Subject: Fedora: Smart Card Reader access as root, but not a normal user ... Message-ID: <1493582684.13569.10.camel@graumannschaft.org> I have a smart card reader attached to a fedora 25 box. 'gpg2 --card status' works fine for root, but NOT for a normal user. Writing a udev rule is the first thing that comes to mind, but there's no group 'plugdev' too add to and 'tag+="uaccess"' doesn't seem to work either. What do I have to do to get this to work? Thanks for any hints. Sincerely, Joh