From oub at mat.ucm.es Thu Aug 4 18:58:57 2022 From: oub at mat.ucm.es (Uwe Brauer) Date: Thu, 04 Aug 2022 18:58:57 +0200 Subject: a bit off topic, how to find encrytped files (ransom attack) Message-ID: <87mtck7xny.fsf@mat.ucm.es> Hi I apologize for this message that can be a bit off topic. (I am on Ubuntu 16.04) How can I find say encrypted files in my home directory? The idea is to use some magic command together with the find command. I know 1. The file command will return for example for a gpg encrypted file file .authinfo.gpg .authinfo.gpg: PGP RSA encrypted 2. However for X509 file I obtain file test.p12 file.p12: data 3. I could use the ent command which measure the entropy, high entropy is an indication of encryption (but jpg have also high entropy). However I should then study the distribution of each letter to be sure. So is there any other way to run find and some other script to find suspicious files? Google is not really helpful Regards Uwe Brauer -- I strongly condemn Putin's war of aggression against the Ukraine. I support to deliver weapons to Ukraine's military. I support the ban of Russia from SWIFT. I support the EU membership of the Ukraine. From tech at eden.one Thu Aug 4 20:20:42 2022 From: tech at eden.one (Jan Eden) Date: Thu, 4 Aug 2022 20:20:42 +0200 Subject: a bit off topic, how to find encrytped files (ransom attack) In-Reply-To: <87mtck7xny.fsf@mat.ucm.es> References: <87mtck7xny.fsf@mat.ucm.es> Message-ID: Hi, I just check for a list of ransomware filename patterns (e.g. *.cryptotorlocker*). Best regards, Jan On 2022-08-04 18:58, Uwe Brauer via Gnupg-users wrote: > > > Hi > > I apologize for this message that can be a bit off topic. > (I am on Ubuntu 16.04) > > How can I find say encrypted files in my home directory? The idea is to > use some magic command together with the find command. > I know > > 1. The file command will return for example for a gpg encrypted file > file .authinfo.gpg > .authinfo.gpg: PGP RSA encrypted > > 2. However for X509 file I obtain > file test.p12 > file.p12: data > > 3. I could use the ent command which measure the entropy, high > entropy is an indication of encryption (but jpg have also high > entropy). However I should then study the distribution of each > letter to be sure. > > So is there any other way to run find and some other script to find > suspicious files? Google is not really helpful > > Regards > > Uwe Brauer > > > > -- > I strongly condemn Putin's war of aggression against the Ukraine. > I support to deliver weapons to Ukraine's military. > I support the ban of Russia from SWIFT. > I support the EU membership of the Ukraine. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From rjh at sixdemonbag.org Thu Aug 4 20:00:32 2022 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 4 Aug 2022 14:00:32 -0400 Subject: a bit off topic, how to find encrytped files (ransom attack) In-Reply-To: <87mtck7xny.fsf@mat.ucm.es> References: <87mtck7xny.fsf@mat.ucm.es> Message-ID: <8804fcd4-5bb1-7181-0948-aaec6d637a94@sixdemonbag.org> > 3. I could use the ent command which measure the entropy, high > entropy is an indication of encryption (but jpg have also high > entropy). However I should then study the distribution of each > letter to be sure. A JPEG *body* has high entropy. The JPEG *header* has very low entropy. That's a relatively good way to spot container files: you look for a low-entropy header followed by high-entropy data. Zip files, tar.bz2 files, JPEG files, MPEG, the rest, they're all detectable this way. However, the output of a straight-up block cipher operating in any modern mode (no ECB!) is going to be totally indistinguishable from a random number generator for any reasonably-sized file. From gnupg at eckner.net Thu Aug 4 21:03:25 2022 From: gnupg at eckner.net (Erich Eckner) Date: Thu, 4 Aug 2022 21:03:25 +0200 (CEST) Subject: a bit off topic, how to find encrytped files (ransom attack) In-Reply-To: References: <87mtck7xny.fsf@mat.ucm.es> Message-ID: <78412958-3937-5a0d-a6f0-22391ea88aa3@eckner.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 4 Aug 2022, Jan Eden via Gnupg-users wrote: > Hi, > > I just check for a list of ransomware filename patterns (e.g. > *.cryptotorlocker*). > > Best regards, > Jan > > On 2022-08-04 18:58, Uwe Brauer via Gnupg-users wrote: >> >> >> Hi >> >> I apologize for this message that can be a bit off topic. >> (I am on Ubuntu 16.04) >> >> How can I find say encrypted files in my home directory? The idea is to >> use some magic command together with the find command. >> I know >> >> 1. The file command will return for example for a gpg encrypted file >> file .authinfo.gpg >> .authinfo.gpg: PGP RSA encrypted >> >> 2. However for X509 file I obtain >> file test.p12 >> file.p12: data >> >> 3. I could use the ent command which measure the entropy, high >> entropy is an indication of encryption (but jpg have also high >> entropy). However I should then study the distribution of each >> letter to be sure. >> >> So is there any other way to run find and some other script to find >> suspicious files? Google is not really helpful >> >> Regards >> >> Uwe Brauer Hi Uwe, my first thought would be to look for compressability (or entropy, as you suggested) of files. Encrypted files should look like good randomness, thus not compressable. I would then eliminate the false positives (which are most likely compressed) by checking their integrity "by protocol" - i.e. "convert this jpeg to an bmp -> is the bmp (much) bigger than the jpeg?" regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmLsF/8ACgkQCu7JB1Xa e1pojA//RuWb76drpfvfQbcXnqkLhHRwMNPNbdwfZKmxJ4MJTBA+LX9t2is7+mTw EY7AwyRIAUjV26eOztarEOC2GngKPoIb39VqEK0ilGTT08es41hbSqueIcP5wrH6 3ALUcBcgcT5Rh3pXQGCRYIxPSYmyVx+KUv2525DXePdPizJFU20KGjc3LXatYz9k KIVaAJnu4+9PcPjFueP0SxrgYOiFkAGCYDqx/NBoNbhzs+5/4s9dIGytJ2CgwZyr DB3CnjCejvJ25vD1LtiHOBmy5GCYuJAoxlimf5bRTalUF/bsZRcW2UYWp04jIz7S HI6fl5ASpwX2jtbZgkwgaqKhVfEU4xw3SrTAx89krZDaKM1MbQD8vE1hAmiBuzeb VygGG1g/s2FZ9kmgHv8TmTOoc9MzDR/aojHcpc4EgcQkRIhRM9GdNYtnUpw8cr0L E3itanqf+8ZH92BCjNmm+N9tB9VBmPjvXuhWIO6yQF4jOjFUyNbm5Mi3/LvJObys 46vXJPO5o1a//MxjKAS4ly9013PsXsoSpVmCrkPK8qwdy2cxaEAM+jMEDGrot2Um kSx0e19BdUgXpvOBPVf0Js+UvN3f6mahCLimyhhBoXgd/ievrWOCTI68GHV+izs6 2dL00klyCzQZl0mveNNhfPJDlCEKh0t5CTpMD+mCd0TnvnKDNxM= =8XRQ -----END PGP SIGNATURE----- From folkert at vanheusden.com Thu Aug 4 21:27:28 2022 From: folkert at vanheusden.com (folkert) Date: Thu, 4 Aug 2022 21:27:28 +0200 Subject: gpg-agent Message-ID: <20220804192728.GG2939933@belle.intranet.vanheusden.com> Hi, How can I, programmatically, prevent gpg-agent to cache a passphrase? Or clear its cache? I tried using: err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1"); but then when I run my program for the second time, it uses a cached item. Using: libgpgme-dev 1.14.0-1+b2 Thanks From kauer at biplane.com.au Fri Aug 5 01:45:38 2022 From: kauer at biplane.com.au (Karl Auer) Date: Fri, 05 Aug 2022 09:45:38 +1000 Subject: a bit off topic, how to find encrytped files (ransom attack) In-Reply-To: <87mtck7xny.fsf@mat.ucm.es> References: <87mtck7xny.fsf@mat.ucm.es> Message-ID: On Thu, 2022-08-04 at 18:58 +0200, Uwe Brauer via Gnupg-users wrote: > How can I find say encrypted files in my home directory? What an interesting exercise! Got me thinking. I'm a total crypto ignoramus, so take all this with a grain of salt... I don't think there is any truly reliable way, but a combination of ent and a relevant expectation might work. For example, if you run ent on a .txt file, you do not expect to see high entropy, so you would throw that file up as suspicious. If you run file on a .jpg file, you expect to see it identified as a JPEG file, so if it is not, you throw it up as suspicious. Then you manually check files that your system has identified as suspicious. Another way to approach it would be to take hashes of all your files and store the hashes securely (read-only!). You can then compare a current hash with the known hash, and if the hash has changed, the file has changed. This is not that good for frequently changing files, but frequently changing files that are suddenly encrypted are probably going to be very obvious. And a third method would be a "canary" or two. Put some tasty-looking files in your home directory, and regularly check them for changes. If they ever unexpectedly change, you know to take action. Anyway - if you come op with a good method, let us know! Regards, K. PS: I remember reading a while ago someone writing that as a technological society advances, its communications become more and more like random noise, because they will tend to be encrypted and compressed. The writer was saying this might be one reason we haven't found life out there - because we can't tell their transmissions apart from random noise :-) -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer at biplane.com.au) http://www.biplane.com.au/kauer GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58 Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170 From wk at gnupg.org Fri Aug 5 10:01:24 2022 From: wk at gnupg.org (Werner Koch) Date: Fri, 05 Aug 2022 10:01:24 +0200 Subject: gpg-agent In-Reply-To: <20220804192728.GG2939933@belle.intranet.vanheusden.com> (folkert's message of "Thu, 4 Aug 2022 21:27:28 +0200") References: <20220804192728.GG2939933@belle.intranet.vanheusden.com> Message-ID: <8735ebi0ff.fsf@wheatstone.g10code.de> On Thu, 4 Aug 2022 21:27, folkert said: > How can I, programmatically, prevent gpg-agent to cache a passphrase? > Or clear its cache? Put max-cache-ttl 0 into gpg-agent.conf To fluish the cache run gpgconf --reload gpg-agent > err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1"); > > but then when I run my program for the second time, it uses a cached > item. If this has been set, the cache should not be used. Note, this is only for this special symmetric password caching (which uses the salt of the S2K) Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From oub at mat.ucm.es Fri Aug 5 17:45:53 2022 From: oub at mat.ucm.es (Uwe Brauer) Date: Fri, 05 Aug 2022 17:45:53 +0200 Subject: a bit off topic, how to find encrytped files (ransom attack) References: <87mtck7xny.fsf@mat.ucm.es> <8804fcd4-5bb1-7181-0948-aaec6d637a94@sixdemonbag.org> Message-ID: <87k07m1yoe.fsf@mat.ucm.es> >>> "RJHvG" == Robert J Hansen via Gnupg-users writes: >> 3. I could use the ent command which measure the entropy, high >> entropy is an indication of encryption (but jpg have also high >> entropy). However I should then study the distribution of each >> letter to be sure. > A JPEG *body* has high entropy. The JPEG *header* has very low > entropy. That's a relatively good way to spot container files: you > look for a low-entropy header followed by high-entropy data. Zip > files, tar.bz2 files, JPEG files, MPEG, the rest, they're all > detectable this way. > However, the output of a straight-up block cipher operating in any > modern mode (no ECB!) is going to be totally indistinguishable from a > random number generator for any reasonably-sized file. I see this can can very sophisticated very quickly, but 1. just for the first very rough analysis what is a convenient command to get a list of files that have high entropy? For example find . -iname '*.*' -follow -print -exec ent {} \; Displays to much information that is hard to follow, so I should filter it somehow like ent test.tex.gpg | Entropy = 7.997062 bits per byte. | that line could be candidate | | Optimum compression would reduce the size of this 64224 byte file by 0 percent | another candidate | | Monte Carlo value for Pi is 3.142376682 (error 0.02 percent) | last candidate | I also run Ent test.tex | Entropy = 5.133812 bits per byte. | candidate | | Optimum compression would reduce the size of this 214555 byte file by 35 percent | candidate | | Monte Carlo value for Pi is 3.999888140 (error 27.32 percent) | candidate | So I am not sure what is the best line, but the question boils down to this, anybody know enough sed or awk or whatsoever to tell me how ot filter the ent output? thanks Uwe Brauer -- I strongly condemn Putin's war of aggression against the Ukraine. I support to deliver weapons to Ukraine's military. I support the ban of Russia from SWIFT. I support the EU membership of the Ukraine. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5673 bytes Desc: not available URL: From jays at panix.com Fri Aug 5 19:28:18 2022 From: jays at panix.com (Jay Sulzberger) Date: Fri, 5 Aug 2022 17:28:18 +0000 () Subject: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ Message-ID: work? Thank you for reading this! I remain, as ever, your fellow student of history and probability, Jay Sulzberger From fa-ml at ariis.it Fri Aug 5 21:39:05 2022 From: fa-ml at ariis.it (Francesco Ariis) Date: Fri, 5 Aug 2022 21:39:05 +0200 Subject: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ In-Reply-To: References: Message-ID: Hello Jay, Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto: > Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ > work? It gets copied in a weird way (i.e. some characters that should be newlines are instead spaces); I am not able to import it. I cannot say whether that is just on my browser of choice or other browsers too ?F From mcr at sandelman.ca Fri Aug 5 21:51:33 2022 From: mcr at sandelman.ca (Michael Richardson) Date: Fri, 05 Aug 2022 15:51:33 -0400 Subject: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ In-Reply-To: References: Message-ID: <26499.1659729093@localhost> The key on that page is line wrapped. If I replace the right spaces with newlines, then it seems to work import okay. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: Mailvelope v4.6.0 Comment: https://www.mailvelope.com xsDNBGLr60kBDAC7/dyy27fxfbaE1Ss13QI9li93YePYFNjLW1JonvNcsmN+ ncuA5u8HZJQFo9ICtytfMIzEwW6JwcTVFY5TvZcjDi/8FtNzpCCFmnzkCZP1 TVXo5xGLV7HC3rzpJSP8n3vcHO7xCPbBsBdzVrzA6QQZCDTniCITBYHdFZYb 7qT9NGD34mPb+gmhzBNxZf8YfJ3jj7H+Bq3dz2laDl/lHg7+TnfvOGwHJuA4 uMMPxWTXhZFZv2toYpuYPgj+pfwG0m4fTQEEjc8BK2xpCl3o0sgg+IhHKtpy J2GF43ee8iBBFMIcZNSKxGo7676QYM8bp9TuBB6qGiNeML08EIB5OLYYFnII AWxHyx5DbSdSYFGEAnaJnH3KWrvPI5/YvlVsa8uiYK3gcyLIJI3VW3PBHvU7 lsH/o0rI6fprTERuaBfkd5xgJlvFFG+VLBOZnTnQ4ap7wXVY5Omje4BACBqW zKuyVtuCyKdP3j3fYaMymdrwomFIAbhlq5LcZATSTdApSSsAEQEAAc0iVFdQ IExvY2tib3ggPGxvY2tib3hAd2FzaHBvc3QuY29tPsLBKwQTAQgAPhYhBOxs KQXw+TwDc5RsoQZCQnpf94C+BQJi6+tJAhsDBQkDw7o3BQsJCAcCBhUKCQgL AgQWAgMBAh4BAheAACEJEAZCQnpf94C+FiEE7GwpBfD5PANzlGyhBkJCel/3 gL5TgQv+P3OalnPOiYz2sTLVninPd8s9guhBKvoR1b2k0oA4iS2g/sONY109 CC4SWlUJVxqaVLFhDi3x5g/tgWOzv51pKGuKZuzlmS456Z0ofIvwbJuHHc9B ypTA7GNqFEp7ylTL3H1BTeYXcWqzTIqAwYrvkDzbfjiRd4nDgfoJffHiHDEw Oun/UFaUK6TpBS5HSzSrthxQxRQ2Gq05pIvA9QWmaN7U1et9eZoy2q76bv6T Ij2yAse/VN6BE4txcbPmFBF9ZLWhDs+gtzpMWeaLqK11tiyGvWZ1j64ncVs3 K7O/NYfnaaYijuKIpF+fvzriiS8yoe8FX3AFOSWYe6hk13GFgceF7AbhiAlD yRSJSsVQyY4yrtuTisSP8m5bQi71VvX1Mw7n9eEwc5XeZ77ndbVOFDBz3Oes OXd7e/RcGBLzfuiIdKJVuMW8T78X34ide60w2/6rik41tebQMaCgcK4dEOu1 JIG4fChEZh09usLcnLxn6PGUqDcAZlrlBWonb2H5zsDNBGLr60kBDACnlsLK mY1Hu15iEWcfU0ieArFf4saw/gTBYcne2uKQRFflmq7i6W7l3aiEqCaezkUZ F3sokng6h1PqE7DW+9uzOWr9rpfiF2+PakFaTLUCbcIYdh/mxItXeAjadAkV tcGVJK0Eb5OtvS0pK39dFIsnhm63t7/G/aFiCiAWRmmvMzsXeKdH+GVXF4Nb KH+q6d9hPuxIBP92wYOeo/630jJTXlqJ0muqM2BYyodb9RqXKYOZcgkTm0Xu XUoHseIPhlrReWzoZtsa16zL1aCgoz5BeqGwrBoE9EatsexexpAJP7Jt7VzZ OJyF4tGXQRkmfkWCwOxnTQWAave1xvdwk3VYB6cHNkN4WaF4TD4Wx+xBadMA OnKV2vOZbNNPMHYsUsLKNy1Lv15FK5nAYN+o26u0AiFFo3lMNBwl9QqLTeRh gvwxMelO9UdrV+bxziGlFMDkyrd62b6qw4evTLI6QzT9f9/51vNfmTpW1E44 IChMQB64hrDJ7TWstSV+4JDje+EAEQEAAcLBEwQYAQgAJhYhBOxsKQXw+TwD c5RsoQZCQnpf94C+BQJi6+tJAhsMBQkDw7o3ACEJEAZCQnpf94C+FiEE7Gwp BfD5PANzlGyhBkJCel/3gL7uXwwAhxceVQGfug5U7ZmKlzBjgCcF4VhlTaFt iGMKP1WJO7jPXkX9qReYWARKpcW2u16crg8fndAeKHgu0t1KRnCJaTnxWUHM qX+zuOX6l4GSdxIvrkv3arqVz48doxNW2ph1u7dV46j3MFTqujjZnkl77rUf aoCnb20YU0dR+1LAPLqf4U9fdndWd0DjwoK6pulALFZfHix1PqDGa05gRcBP NaCPiGhjl3Uv8xlykJuNhnGWVLUb8qDfAnHnbhFqnX9KaucjI/RrXiI42cPA QpL31cVRKNq60qZMQYY/5aYHoXao4+n2Y7D2rEi1XmTmMlpMgW3Sw51eUXKi mRGas2kFtslkDmRsHo+DYLWUZxzBCfKanuf1VLCNftb10zb0jgWjRAVNEOjQ KmrvwxI0qNJGv85oalHXE+P99ao85hByEJbA5YlfQr7Kv65ULG7pOsMdNXWQ U3UuJ/9XuI2Oc2S0TIA4T43Ur2HX1lRkaRMjTSBXRQSppFctaiwe/t+oL01j =53IM -----END PGP PUBLIC KEY BLOCK----- From mcr at sandelman.ca Sat Aug 6 00:13:47 2022 From: mcr at sandelman.ca (Michael Richardson) Date: Fri, 05 Aug 2022 18:13:47 -0400 Subject: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ In-Reply-To: References: Message-ID: <14269.1659737627@localhost> Francesco Ariis wrote: > Hello Jay, > Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto: >> Does the PGP public key at >> https://www.washingtonpost.com/anonymous-news-tips/ work? > It gets copied in a weird way (i.e. some characters that should be > newlines are instead spaces); I am not able to import it. Yeah, the marketing department screwed it up, and should have put
 on it.
It suggests that it has never really been used.




From fa-ml at ariis.it  Sat Aug  6 00:49:10 2022
From: fa-ml at ariis.it (Francesco Ariis)
Date: Sat, 6 Aug 2022 00:49:10 +0200
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <14269.1659737627@localhost>
References: 
  <14269.1659737627@localhost>
Message-ID: 

Il 05 agosto 2022 alle 18:13 Michael Richardson ha scritto:
> Francesco Ariis  wrote:
>     > Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto:
>     >> Does the PGP public key at
>     >> https://www.washingtonpost.com/anonymous-news-tips/ work?
> 
>     > It gets copied in a weird way (i.e. some characters that should be
>     > newlines are instead spaces); I am not able to import it.
> 
> Yeah, the marketing department screwed it up, and should have put 
 on it.
> It suggests that it has never really been used.

That was what I was thinking. It would be interesting to see how long
the key has been there in such a state.

If the answer is ?a long time?, that is quite a field report: it means
signal and whatsapp (!) are more popular options (way more popular
options) than PGP + email for secure communications.


From rjh at sixdemonbag.org  Sat Aug  6 01:26:54 2022
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 05 Aug 2022 19:26:54 -0400
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: 
Message-ID: 

An HTML attachment was scrubbed...
URL: 

From jays at panix.com  Sat Aug  6 14:49:12 2022
From: jays at panix.com (Jay Sulzberger)
Date: Sat, 6 Aug 2022 12:49:12 +0000 ()
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <26499.1659729093@localhost>
References: 
 <26499.1659729093@localhost>
Message-ID: 


On Fri, 5 Aug 2022, Michael Richardson  wrote:

> The key on that page is line wrapped.
> If I replace the right spaces with newlines, then it seems to work import okay.

Michael, thank you very much!  Yes, I was able to import your working version:

   Welcome to the Emacs shell

   ~ $ gpg --list-keys
   /net/u/10/j/jays/.gnupg/pubring.gpg
   -----------------------------------

   < ... blocks suppressed ... />

   pub   rsa4096 2016-10-17 [SC] [expires: 2022-10-02]
         44B661213CE666D65403B4CC44A3475AE1AAA9EB
   uid           [ unknown] Tips for The New York Times 
   sub   rsa4096 2016-10-17 [E] [expires: 2022-10-02]

   pub   rsa4096 2017-01-25 [SCA] [expired: 2022-01-24]
         88D9812ED0747AEAEA1EC219DC816CC4FE3D535C
   uid           [ expired] Lockbox 

   pub   rsa3072 2022-08-04 [SC] [expires: 2024-08-04]
         EC6C2905F0F93C0373946CA10642427A5FF780BE
   uid           [ unknown] TWP Lockbox 
   sub   rsa3072 2022-08-04 [E] [expires: 2024-08-04]

   ~ $

I think the Washington Post has not placed their recent key on the PGP
public keyservers.  Below is quoted from a different machine:

   Welcome to the Emacs shell

   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'
   gpg: keyserver receive failed: No data
   ~ $

oo--JS.



--------- below from Michael Richardson's response ----------


>
> -----Begin PGP PUBLIC KEY BLOCK-----
> Version: Mailvelope v4.6.0
> Comment: https://www.mailvelope.com
>
> xsDNBGLr60kBDAC7/dyy27fxfbaE1Ss13QI9li93YePYFNjLW1JonvNcsmN+
> ncuA5u8HZJQFo9ICtytfMIzEwW6JwcTVFY5TvZcjDi/8FtNzpCCFmnzkCZP1
> TVXo5xGLV7HC3rzpJSP8n3vcHO7xCPbBsBdzVrzA6QQZCDTniCITBYHdFZYb
> 7qT9NGD34mPb+gmhzBNxZf8YfJ3jj7H+Bq3dz2laDl/lHg7+TnfvOGwHJuA4
> uMMPxWTXhZFZv2toYpuYPgj+pfwG0m4fTQEEjc8BK2xpCl3o0sgg+IhHKtpy
> J2GF43ee8iBBFMIcZNSKxGo7676QYM8bp9TuBB6qGiNeML08EIB5OLYYFnII
> AWxHyx5DbSdSYFGEAnaJnH3KWrvPI5/YvlVsa8uiYK3gcyLIJI3VW3PBHvU7
> lsH/o0rI6fprTERuaBfkd5xgJlvFFG+VLBOZnTnQ4ap7wXVY5Omje4BACBqW
> zKuyVtuCyKdP3j3fYaMymdrwomFIAbhlq5LcZATSTdApSSsAEQEAAc0iVFdQ
> IExvY2tib3ggPGxvY2tib3hAd2FzaHBvc3QuY29tPsLBKwQTAQgAPhYhBOxs
> KQXw+TwDc5RsoQZCQnpf94C+BQJi6+tJAhsDBQkDw7o3BQsJCAcCBhUKCQgL
> AgQWAgMBAh4BAheAACEJEAZCQnpf94C+FiEE7GwpBfD5PANzlGyhBkJCel/3
> gL5TgQv+P3OalnPOiYz2sTLVninPd8s9guhBKvoR1b2k0oA4iS2g/sONY109
> CC4SWlUJVxqaVLFhDi3x5g/tgWOzv51pKGuKZuzlmS456Z0ofIvwbJuHHc9B
> ypTA7GNqFEp7ylTL3H1BTeYXcWqzTIqAwYrvkDzbfjiRd4nDgfoJffHiHDEw
> Oun/UFaUK6TpBS5HSzSrthxQxRQ2Gq05pIvA9QWmaN7U1et9eZoy2q76bv6T
> Ij2yAse/VN6BE4txcbPmFBF9ZLWhDs+gtzpMWeaLqK11tiyGvWZ1j64ncVs3
> K7O/NYfnaaYijuKIpF+fvzriiS8yoe8FX3AFOSWYe6hk13GFgceF7AbhiAlD
> yRSJSsVQyY4yrtuTisSP8m5bQi71VvX1Mw7n9eEwc5XeZ77ndbVOFDBz3Oes
> OXd7e/RcGBLzfuiIdKJVuMW8T78X34ide60w2/6rik41tebQMaCgcK4dEOu1
> JIG4fChEZh09usLcnLxn6PGUqDcAZlrlBWonb2H5zsDNBGLr60kBDACnlsLK
> mY1Hu15iEWcfU0ieArFf4saw/gTBYcne2uKQRFflmq7i6W7l3aiEqCaezkUZ
> F3sokng6h1PqE7DW+9uzOWr9rpfiF2+PakFaTLUCbcIYdh/mxItXeAjadAkV
> tcGVJK0Eb5OtvS0pK39dFIsnhm63t7/G/aFiCiAWRmmvMzsXeKdH+GVXF4Nb
> KH+q6d9hPuxIBP92wYOeo/630jJTXlqJ0muqM2BYyodb9RqXKYOZcgkTm0Xu
> XUoHseIPhlrReWzoZtsa16zL1aCgoz5BeqGwrBoE9EatsexexpAJP7Jt7VzZ
> OJyF4tGXQRkmfkWCwOxnTQWAave1xvdwk3VYB6cHNkN4WaF4TD4Wx+xBadMA
> OnKV2vOZbNNPMHYsUsLKNy1Lv15FK5nAYN+o26u0AiFFo3lMNBwl9QqLTeRh
> gvwxMelO9UdrV+bxziGlFMDkyrd62b6qw4evTLI6QzT9f9/51vNfmTpW1E44
> IChMQB64hrDJ7TWstSV+4JDje+EAEQEAAcLBEwQYAQgAJhYhBOxsKQXw+TwD
> c5RsoQZCQnpf94C+BQJi6+tJAhsMBQkDw7o3ACEJEAZCQnpf94C+FiEE7Gwp
> BfD5PANzlGyhBkJCel/3gL7uXwwAhxceVQGfug5U7ZmKlzBjgCcF4VhlTaFt
> iGMKP1WJO7jPXkX9qReYWARKpcW2u16crg8fndAeKHgu0t1KRnCJaTnxWUHM
> qX+zuOX6l4GSdxIvrkv3arqVz48doxNW2ph1u7dV46j3MFTqujjZnkl77rUf
> aoCnb20YU0dR+1LAPLqf4U9fdndWd0DjwoK6pulALFZfHix1PqDGa05gRcBP
> NaCPiGhjl3Uv8xlykJuNhnGWVLUb8qDfAnHnbhFqnX9KaucjI/RrXiI42cPA
> QpL31cVRKNq60qZMQYY/5aYHoXao4+n2Y7D2rEi1XmTmMlpMgW3Sw51eUXKi
> mRGas2kFtslkDmRsHo+DYLWUZxzBCfKanuf1VLCNftb10zb0jgWjRAVNEOjQ
> KmrvwxI0qNJGv85oalHXE+P99ao85hByEJbA5YlfQr7Kv65ULG7pOsMdNXWQ
> U3UuJ/9XuI2Oc2S0TIA4T43Ur2HX1lRkaRMjTSBXRQSppFctaiwe/t+oL01j
> =53IM
> -----END PGP PUBLIC KEY BLOCK-----
>
>


From jays at panix.com  Sat Aug  6 15:00:33 2022
From: jays at panix.com (Jay Sulzberger)
Date: Sat, 6 Aug 2022 13:00:33 +0000 ()
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: 
References: 
 
Message-ID: 


On Fri, 5 Aug 2022, Francesco Ariis  wrote:

> Hello Jay,

Hi, Francesco!

> Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto:
> > Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/
> > work?
> 
> It gets copied in a weird way (i.e. some characters that should be
> newlines are instead spaces); I am not able to import it.
> 
> I cannot say whether that is just on my browser of choice or other
> browsers too
> ???F

Thanks, Francesco!  I tried fetching the key by its fingerprint but
gpg did not succeed in finding a key.  (The fingerprint offered at the
Washington Post page seems to be correct.)  I then grabbed the offered
key, that is, as text.  I also was not able to import the key.  But,
Michael Richardson's restored key I was able to import.

Thanks gnupg-users!

oo--JS.

_______________________________________________
Gnupg-users mailing list Gnupg-users at gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

From andrewg at andrewg.com  Sat Aug  6 18:02:56 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sat, 6 Aug 2022 17:02:56 +0100
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: 
References: 
 <26499.1659729093@localhost>
 
Message-ID: <9f540c8c-3059-a148-4d5e-827d6041120a@andrewg.com>

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote:
> I think the Washington Post has not placed their recent key on the PGP
> public keyservers.? Below is quoted from a different machine:
> 
>  ? Welcome to the Emacs shell
> 
>  ? ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'
>  ? gpg: keyserver receive failed: No data
>  ? ~ $

As this key's availability is in the public interest, and does not 
contain any personal information, I have taken the liberty of submitting 
it to the SKS network.

A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: 

From andrewg at andrewg.com  Sat Aug  6 15:54:59 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sat, 6 Aug 2022 14:54:59 +0100
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: 
References: 
 <26499.1659729093@localhost>
 
Message-ID: 

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote:
> I think the Washington Post has not placed their recent key on the PGP
> public keyservers.? Below is quoted from a different machine:
> 
>  ? Welcome to the Emacs shell
> 
>  ? ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'
>  ? gpg: keyserver receive failed: No data
>  ? ~ $

As this key's availability is in the public interest, and does not 
contain any personal information, I have taken the liberty of submitting 
it to the SKS network.

A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xFB73E21AF1163937_and_old_rev.asc
Type: application/pgp-keys
Size: 62024 bytes
Desc: OpenPGP public key
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: 

From jays at panix.com  Sat Aug  6 21:17:57 2022
From: jays at panix.com (Jay Sulzberger)
Date: Sat, 6 Aug 2022 19:17:57 +0000 ()
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <9f540c8c-3059-a148-4d5e-827d6041120a@andrewg.com>
References: 
 <26499.1659729093@localhost>
 
 <9f540c8c-3059-a148-4d5e-827d6041120a@andrewg.com>
Message-ID: 


On Sat, 6 Aug 2022, Andrew Gallagher  via Gnupg-users wrote:

> On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote:
>> I think the Washington Post has not placed their recent key on the PGP
>> public keyservers.?? Below is quoted from a different machine:
>>
>>  ?? Welcome to the Emacs shell
>>
>>  ?? ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'
>>  ?? gpg: keyserver receive failed: No data
>>  ?? ~ $
>
> As this key's availability is in the public interest, and does not contain 
> any personal information, I have taken the liberty of submitting it to the 
> SKS network.
>
> A

Dear Andrew, thank you!  I myself did not send the key to the
keyservers because I do not know much about the keyservers system.

Heaven forwarding, I will learn more.

I believe that, with some work, things might improve.

Thank you all for your kind help!

oo--JS.

From mcr at sandelman.ca  Sun Aug  7 00:50:16 2022
From: mcr at sandelman.ca (Michael Richardson)
Date: Sat, 06 Aug 2022 18:50:16 -0400
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <14269.1659737627@localhost>
References: 
  <14269.1659737627@localhost>
Message-ID: <23351.1659826216@localhost>


Michael Richardson  wrote:
    > Yeah, the marketing department screwed it up, and should have put 
    > on it.  It suggests that it has never really been used.

I sent an encrypted email to the newspaper, pointing them at this thread, and
the problems they have.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: 

From andrew at lists.savchenko.net  Sun Aug  7 05:16:46 2022
From: andrew at lists.savchenko.net (andrew at lists.savchenko.net)
Date: Sun, 7 Aug 2022 12:46:46 +0930
Subject: Windows x64 binaries, unusable with Thunderbird
Message-ID: <80d2a027-6793-b6d6-8eae-a2476ee7a8cf@savchenko.net>

Hi,

It looks like GPG4Win as well as "simple" installer are 32bit-only,
which is somewhat unexpected in 2022. Is there a reason for this?

Such builds are unusable with the x64 Thunderbird [1], no matter if user
has enabled `mail.openpgp.allow_external_gnupg` preference, replaced
`rnp.dll` with one from Sequoia project [2] or both.

There are reports [3] of using x64 build with success, however I don't 
immediately see anything recent, the latest v2.3.7 is published as 32b:
https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.3.7_20220711.exe


[1] 
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards#Thunderbird_64_bit_on_Windows

[2] https://gitlab.com/sequoia-pgp/sequoia-octopus-librnp

[3] 
https://thunderbird.topicbox.com/groups/e2ee/T4037fdcd031cb6bf-Mf94f05c7e2ded2444db3df9b/decrypting-with-external-gnupg-is-broken


-- 
With regards,
A


From jays at panix.com  Sun Aug  7 18:27:01 2022
From: jays at panix.com (Jay Sulzberger)
Date: Sun, 7 Aug 2022 16:27:01 +0000 ()
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <9f540c8c-3059-a148-4d5e-827d6041120a@andrewg.com>
References: 
 <26499.1659729093@localhost>
 
 <9f540c8c-3059-a148-4d5e-827d6041120a@andrewg.com>
Message-ID: 


On Sat, 6 Aug 2022, Andrew Gallagher via Gnupg-users, Andrew Gallagher , wrote:

> On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote:
>> I think the Washington Post has not placed their recent key on the PGP
>> public keyservers.?? Below is quoted from a different machine:
>>
>>  ?? Welcome to the Emacs shell
>>
>>  ?? ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'
>>  ?? gpg: keyserver receive failed: No data
>>  ?? ~ $
>
> As this key's availability is in the public interest, and does not contain 
> any personal information, I have taken the liberty of submitting it to the 
> SKS network.
>
> A

Andrew, do the sks keyservers work today?

I was able to find the key by going to

https://keyserver.ubuntu.com/

and putting

EC6C2905F0F93C0373946CA10642427A5FF780BE

into the search box.

oo--JS.


From andrewg at andrewg.com  Sun Aug  7 19:59:10 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sun, 7 Aug 2022 18:59:10 +0100
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: 
References: 
Message-ID: <42EA56C4-1FC4-42ED-893E-5B6DF5CDB678@andrewg.com>


> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users  wrote:
> 
> Andrew, do the sks keyservers work today?
> 
> I was able to find the key by going to
> 
> https://keyserver.ubuntu.com/
> 
> and putting
> 
> EC6C2905F0F93C0373946CA10642427A5FF780BE
> 
> into the search box.

Do you mean SKS the software (i.e. github.com/sks-keyserver) or SKS the protocol/network? The answer in both cases is ?yes?, but for different values of ?yes?. ?

What doesn?t work any more is the sks-keyservers.net pool, which had become a nightmare to manage. This has been taken by many to mean that the SKS network itself is down, but this is absolutely not the case.

sks-keyserver still works, but is IMO not suitable for use in production unless you are an expert willing to roll your own load balancing pool and recompile the code to update blacklists (there are still a few such brave souls left). This may change in the future ? the software is maintained but hasn?t had a significant feature bump in some time.

The SKS network also still works, and depending on your choice of metric is probably more stable today than it has ever been. The reasons are twofold: many operators have migrated from sks-keyserver to hockeypuck, and most of the rest have shut down. This means that although there are fewer keyservers now than five years ago, the ones that do exist (including keyserver.ubuntu.com) are generally much more reliable.

Information about the SKS network can be found at https://spider.pgpkeys.eu

A

From johndoe65534 at mail.com  Sun Aug  7 20:30:17 2022
From: johndoe65534 at mail.com (john doe)
Date: Sun, 7 Aug 2022 20:30:17 +0200
Subject: OT: Re: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <42EA56C4-1FC4-42ED-893E-5B6DF5CDB678@andrewg.com>
References: 
 <42EA56C4-1FC4-42ED-893E-5B6DF5CDB678@andrewg.com>
Message-ID: <9f1387f7-deac-fb0c-f09b-d6d60a43cf74@mail.com>

Sorry for hijacking the thread but without the context I'm not sure that
my question would have been understandable.

On 8/7/2022 7:59 PM, Andrew Gallagher via Gnupg-users wrote:
>
>> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users  wrote:
>>
>> Andrew, do the sks keyservers work today?
>>
>> I was able to find the key by going to
>>
>> https://keyserver.ubuntu.com/
>>
>> and putting
>>
>> EC6C2905F0F93C0373946CA10642427A5FF780BE
>>
>> into the search box.
>
> Do you mean SKS the software (i.e. github.com/sks-keyserver) or SKS the protocol/network? The answer in both cases is ?yes?, but for different values of ?yes?. ?
>
> What doesn?t work any more is the sks-keyservers.net pool, which had become a nightmare to manage. This has been taken by many to mean that the SKS network itself is down, but this is absolutely not the case.
>
> sks-keyserver still works, but is IMO not suitable for use in production unless you are an expert willing to roll your own load balancing pool and recompile the code to update blacklists (there are still a few such brave souls left). This may change in the future ? the software is maintained but hasn?t had a significant feature bump in some time.
>
> The SKS network also still works, and depending on your choice of metric is probably more stable today than it has ever been. The reasons are twofold: many operators have migrated from sks-keyserver to hockeypuck, and most of the rest have shut down. This means that although there are fewer keyservers now than five years ago, the ones that do exist (including keyserver.ubuntu.com) are generally much more reliable.
>
> Information about the SKS network can be found at https://spider.pgpkeys.eu
>

Why did you published the key to the sks key servers?

I guess my question is about the reasoning behind using sks key server
instead of WKD or Hagrid.

--
John Doe


From andrewg at andrewg.com  Sun Aug  7 20:44:18 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sun, 7 Aug 2022 19:44:18 +0100
Subject: OT: Re: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <9f1387f7-deac-fb0c-f09b-d6d60a43cf74@mail.com>
References: <9f1387f7-deac-fb0c-f09b-d6d60a43cf74@mail.com>
Message-ID: <93555187-0042-4A87-9FB0-593035397518@andrewg.com>


> On 7 Aug 2022, at 19:31, john doe via Gnupg-users  wrote:
> 
> Why did you published the key to the sks key servers?
> 
> I guess my question is about the reasoning behind using sks key server
> instead of WKD or Hagrid.

WKD publication can only be done by (or with the cooperation of) the domain owner. Publication to keys.openpgp.org should ideally be done by the key owner because they will have to reply to a verification email in order for it to be searchable by email address. If I submitted it there without their knowledge it would only be searchable by fingerprint, which is suboptimal. 

A

From Alekseevvladislav2hy at outlook.com  Mon Aug  8 15:06:59 2022
From: Alekseevvladislav2hy at outlook.com (Vladislav Alekseev)
Date: Mon, 8 Aug 2022 13:06:59 +0000
Subject: Problems when importing previously exported private keys on new linux
 system.
Message-ID: 

Hi there.

I am switching my linux release.
Before I reinstall the system, I use commands below to export my gpg keys.

vvvvvvvvvvvvvvvv
gpg --export-private-keys $key_id > private.key
gpg --armor --export $key_id > public.key
^^^^^^^^^^^^^^^

As expected, a window prompt requesting passwords to decrypt my private key, and both public key and private key file appeared in the explorer.
Then I move keys to my portable drive and reinstall system.

After the installation finished, I started to import keys exported minutes before.
The public key, as expected, imported successfully.
But problems occured when I was trying to import my private key.

vvvvvvvvvvvvvvvv
> gpg --import private.key
gpg: [don't know]: partial length invalid for packet type 63
gpg: read_block: read error: Invalid packet
gpg: import from 'private.key' failed: Invalid keyring
gpg: Total number processed: 0
> file private.key
private.key: data
^^^^^^^^^^^^^^^

So, here is the problem.
Is there any method to restore my private key or revoke it?
Why gpg program can't identify my key file? Is the root cause of it that I didn't add "--armor" parameter when exporting my private key?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From jc.gnupg18a at unser.net  Tue Aug  9 12:30:58 2022
From: jc.gnupg18a at unser.net (Juergen Christoffel)
Date: Tue, 9 Aug 2022 12:30:58 +0200
Subject: a bit off topic, how to find encrytped files (ransom attack)
In-Reply-To: <87k07m1yoe.fsf@mat.ucm.es>
References: <87mtck7xny.fsf@mat.ucm.es>
 <8804fcd4-5bb1-7181-0948-aaec6d637a94@sixdemonbag.org>
 <87k07m1yoe.fsf@mat.ucm.es>
Message-ID: <20220809103058.GA29977@unser.net>

On Fri, Aug 05, 2022 at 05:45:53PM +0200, Uwe Brauer via Gnupg-users wrote:
>    1. just for the first very rough analysis what is a convenient command to get a list of files that have high entropy?

The first step might be to install tripwire and only check files, which
tripwire reports as changed. See "man tripwire" after installing it.

Regarding your attempt to find candidate files:

>find . -iname '*.*' -follow -print -exec ent {} \;

Files don't need to have a dot in their name. But they might have unusual
characters in their names instead. So you might actually want to use

find -type f -print0 | xargs -0 ent

Tip: "man find" and "man xargs" describe what those zeroes mean.

>So I am not sure what is the best line, but the question boils down to
>this, anybody know enough sed or awk or whatsoever to tell me how ot filter the ent output?

Gentle suggestion: you'd need to learn such basic usage yourself, before
you rely on them as a tool. especially when attempting to secure your
systems.

Tips (for example):
https://www.amazon.de/Learning-Perl-Making-Things-Possible/dp/1492094951 or
https://www.amazon.de/Effective-awk-Programming-Universal-Processing/dp/1491904615 

Regards, JC

-- 
  Experience is the worst teacher.  It always gives the test first and the
  instruction afterward.



From wk at gnupg.org  Tue Aug  9 15:52:24 2022
From: wk at gnupg.org (Werner Koch)
Date: Tue, 09 Aug 2022 15:52:24 +0200
Subject: Windows x64 binaries, unusable with Thunderbird
In-Reply-To: <80d2a027-6793-b6d6-8eae-a2476ee7a8cf@savchenko.net> (andrew's
 message of "Sun, 7 Aug 2022 12:46:46 +0930")
References: <80d2a027-6793-b6d6-8eae-a2476ee7a8cf@savchenko.net>
Message-ID: <875yj1plrb.fsf@wheatstone.g10code.de>

On Sun,  7 Aug 2022 12:46, andrew--- said:

> It looks like GPG4Win as well as "simple" installer are 32bit-only,
> which is somewhat unexpected in 2022. Is there a reason for this?

Windows 64-bit-only installations are pretty rare and thus the 32-bit
GnuPG suite is not a problem.  

> Such builds are unusable with the x64 Thunderbird [1], no matter if user

Thunderbird does not use GnuPG and the former Enigmail used
CreateProcess to start gpg et al.  No problem at all.

You may very well build libgpgme as 64-bit DLL or static library.  (we
do this for our Outlook an explorer plugins).  The native messaging with
gpgme-json does not care about 64 or 32 bit because CreateProcess is
used by Thunderbird.

The background why we have no 64 bit version of GnuPG are due to
problems with HANDLEs, sockets, file descriptors and such.  GnuPG uses
some tricks to handle this all.  Instead of migrating these tricks and
assumptions over to a 64 bit world, we are slowing moving towards
internal data structures which allow us to avoid all tricks (i.e. our
own data object (estream_t) conveying meta information, such as whether
we have a socket or a libc file descriptor).


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From jim.robinson at gmail.com  Tue Aug  9 19:29:52 2022
From: jim.robinson at gmail.com (James A. Robinson)
Date: Tue, 9 Aug 2022 10:29:52 -0700
Subject: gpg-agent and socket forwarding
Message-ID: 

Hi folks,

I've got two Fedora 36 machines I use in my office: a laptop that I log
into using the keyboard and monitor and a server that I ssh into from the
laptop.  I have my GnuPG private keys on the laptop, and the public keys on
both the laptop and the server.  Additionally, I've got my laptop
~/.ssh/config set up with a directive:

RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-
agent

and when I ssh into the server using 'ssh -v' I see in the output the
following:

debug1: remote forward success for: listen /run/user/1000/gnupg/S.gpg-agent:-2,
connect /run/user/1000/gnupg/S.gpg-agent:-2

Now at this point I'm under the impression that if gpg were to be called on
the server, and it talks to the socket, it should be triggering my
gpg-agent on my laptop.  This seems to work as long as the gpg-agent on the
server doesn't start up.  If the gpg-agent on the server does start it
complains about no private keys (which makes sense, since the server
doesn't have the private keys).

I've read that systemctl is managing the sockets on Fedora 36, and that I
can prevent gpg-agent from starting on the server by 'mask'ing the handlers
for the sockets.  So, on the server, there are /dev/null links in place:

lrwxrwxrwx. 1 root root 9 Jul 28 10:30
/etc/systemd/user/gpg-agent-browser.socket
-> /dev/null
lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-extra.socket
-> /dev/null
lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.service
-> /dev/null
lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.socket
-> /dev/null
lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-ssh.socket
-> /dev/null
lrwxrwxrwx. 1 root root 9 Aug  8 09:16
/etc/systemd/user/sockets.target.wants/gpg-agent.socket
-> /dev/null

Sometimes I am able to call gpg w/ any problem and other times gpg is
starting up gpg-agent and then failing because of the lack of private keys
on the server machine.  Is there some other thing I should have been doing
to tell systemctl to stop trying to handle the sockets itself?  Should I be
reconfiguring gpg to use different sockets than ones that systemctl is
trying to manage?

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From jim.robinson at gmail.com  Tue Aug  9 19:45:07 2022
From: jim.robinson at gmail.com (James A. Robinson)
Date: Tue, 9 Aug 2022 10:45:07 -0700
Subject: gpg-agent and socket forwarding
In-Reply-To: 
References: 
Message-ID: 

I forgot to mention, another thing in place on the server's sshd
configuration is:

StreamLocalBindUnlink yes

On Tue, Aug 9, 2022 at 10:29 AM James A. Robinson 
wrote:

> Hi folks,
>
> I've got two Fedora 36 machines I use in my office: a laptop that I log
> into using the keyboard and monitor and a server that I ssh into from the
> laptop.  I have my GnuPG private keys on the laptop, and the public keys on
> both the laptop and the server.  Additionally, I've got my laptop
> ~/.ssh/config set up with a directive:
>
> RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-
> agent
>
> and when I ssh into the server using 'ssh -v' I see in the output the
> following:
>
> debug1: remote forward success for: listen /run/user/1000/gnupg/S.gpg-agent:-2,
> connect /run/user/1000/gnupg/S.gpg-agent:-2
>
> Now at this point I'm under the impression that if gpg were to be called
> on the server, and it talks to the socket, it should be triggering my
> gpg-agent on my laptop.  This seems to work as long as the gpg-agent on the
> server doesn't start up.  If the gpg-agent on the server does start it
> complains about no private keys (which makes sense, since the server
> doesn't have the private keys).
>
> I've read that systemctl is managing the sockets on Fedora 36, and that I
> can prevent gpg-agent from starting on the server by 'mask'ing the handlers
> for the sockets.  So, on the server, there are /dev/null links in place:
>
> lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-browser.socket
> -> /dev/null
> lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-extra.socket
> -> /dev/null
> lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.service
> -> /dev/null
> lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.socket
> -> /dev/null
> lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-ssh.socket
> -> /dev/null
> lrwxrwxrwx. 1 root root 9 Aug  8 09:16 /etc/systemd/user/sockets.target.wants/gpg-agent.socket
> -> /dev/null
>
> Sometimes I am able to call gpg w/ any problem and other times gpg is
> starting up gpg-agent and then failing because of the lack of private keys
> on the server machine.  Is there some other thing I should have been doing
> to tell systemctl to stop trying to handle the sockets itself?  Should I be
> reconfiguring gpg to use different sockets than ones that systemctl is
> trying to manage?
>
> Jim
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From andrew at savchenko.net  Mon Aug  8 21:02:31 2022
From: andrew at savchenko.net (Andrew Savchenko)
Date: Tue, 9 Aug 2022 04:32:31 +0930
Subject: Problems when importing previously exported private keys on new
 linux system.
In-Reply-To: 
References: 
Message-ID: <9a211e5e-32a2-54a8-95c9-f07b9d8be12f@savchenko.net>


On 08/08/2022 22:36, Vladislav Alekseev via Gnupg-users wrote:

> So, here is the problem.
> Is there any method to restore my private key or revoke it?
> Why gpg program can't identify my key file? Is the root cause of it that 
> I didn't add "--armor" parameter when exporting my private key?
> Thanks.

Check the key format manually. If ASCII - try `dos2unix`. Sounds like it 
has been transferred between Windows/*nix. If binary, show the output of 
`gpg --list-packets`



-- 
Glory to Ukraine,
A


From angel at pgp.16bits.net  Tue Aug  9 22:18:05 2022
From: angel at pgp.16bits.net (=?ISO-8859-1?Q?=C1ngel?=)
Date: Tue, 09 Aug 2022 22:18:05 +0200
Subject: Problems when importing previously exported private keys on new
 linux system.
In-Reply-To: 
References: 
Message-ID: <1104a93bf12a4d0632b50d3d964cb9e5ba441688.camel@16bits.net>

On 2022-08-08 at 13:06 +0000, Vladislav Alekseev wrote:
> So, here is the problem.
> Is there any method to restore my private key or revoke it?
> Why gpg program can't identify my key file? Is the root cause of it
> that I didn't add "--armor" parameter when exporting my private key?
> Thanks.

The missing --armor shouldn't make a difference here.

What was the gpg version in the old system and which is the version in
the new one? Is it possible that the new system is using an *older*
version of gpg?



From angel at pgp.16bits.net  Tue Aug  9 22:23:21 2022
From: angel at pgp.16bits.net (=?ISO-8859-1?Q?=C1ngel?=)
Date: Tue, 09 Aug 2022 22:23:21 +0200
Subject: a bit off topic, how to find encrytped files (ransom attack)
In-Reply-To: <87mtck7xny.fsf@mat.ucm.es>
References: <87mtck7xny.fsf@mat.ucm.es>
Message-ID: <8846beec7202f27ac7a9a88b8a5881fb2aff353e.camel@16bits.net>

On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> 
> Hi 
> 
> So is there any other way to run find and some other script to find
> suspicious  files? Google is not really helpful
> 
> Regards
> 
> Uwe Brauer 

If you suffer a ransomware attack I would say your problem won't be
*noticing* that. If you didn't, that's a failure by the attackers. They
want you to notice (once they're finished), so that they get paid.
Most often, they will change the extension (.ransom, an email
address...) as well as include a ransom note on every directory.

Once you find what pattern they used, it's simple to find all other
files like that.

Regards



From jays at panix.com  Wed Aug 10 04:31:43 2022
From: jays at panix.com (Jay Sulzberger)
Date: Wed, 10 Aug 2022 02:31:43 +0000 ()
Subject: Does the PGP public key at
 https://www.washingtonpost.com/anonymous-news-tips/
In-Reply-To: <42EA56C4-1FC4-42ED-893E-5B6DF5CDB678@andrewg.com>
References: 
 <42EA56C4-1FC4-42ED-893E-5B6DF5CDB678@andrewg.com>
Message-ID: 


On Sun, 7 Aug 2022, Andrew Gallagher  wrote:

>
>> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users  wrote:
>>
>> Andrew, do the sks keyservers work today?
>>
>> I was able to find the key by going to
>>
>> https://keyserver.ubuntu.com/
>>
>> and putting
>>
>> EC6C2905F0F93C0373946CA10642427A5FF780BE
>>
>> into the search box.
>
> Do you mean SKS the software (i.e. github.com/sks-keyserver) or SKS
> the protocol/network? The answer in both cases is ???yes???, but for
> different values of ???yes???. ????

In the past two days, I have come to understand how little I know
about the design, the practical use, and the statistics of usage, of
gnupg.  I think that learning some more is worth the effort.

>
> What doesn???t work any more is the sks-keyservers.net pool, which had
> become a nightmare to manage. This has been taken by many to mean
> that the SKS network itself is down, but this is absolutely not the
> case.

Ah.

>
> sks-keyserver still works, but is IMO not suitable for use in
> production unless you are an expert willing to roll your own load
> balancing pool and recompile the code to update blacklists (there
> are still a few such brave souls left). This may change in the
> future ??? the software is maintained but hasn???t had a significant
> feature bump in some time.

Ah, oi.

>
> The SKS network also still works, and depending on your choice of
> metric is probably more stable today than it has ever been. The
> reasons are twofold: many operators have migrated from sks-keyserver
> to hockeypuck, and most of the rest have shut down. This means that
> although there are fewer keyservers now than five years ago, the
> ones that do exist (including keyserver.ubuntu.com) are generally
> much more reliable.

Ah, OK.

>
> Information about the SKS network can be found at https://spider.pgpkeys.eu
>
> A

Andrew, thank you much for this useful short introduction to these
obscure things!

oo--JS.

From tech at eden.one  Wed Aug 10 16:25:49 2022
From: tech at eden.one (Jan Eden)
Date: Wed, 10 Aug 2022 16:25:49 +0200
Subject: a bit off topic, how to find encrytped files (ransom attack)
In-Reply-To: <8846beec7202f27ac7a9a88b8a5881fb2aff353e.camel@16bits.net>
References: <87mtck7xny.fsf@mat.ucm.es>
 <8846beec7202f27ac7a9a88b8a5881fb2aff353e.camel@16bits.net>
Message-ID: 


On 2022-08-09 22:23, ?ngel wrote:
> On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> > 
> > Hi 
> > 
> > So is there any other way to run find and some other script to find
> > suspicious  files? Google is not really helpful
> > 
> > Regards
> > 
> > Uwe Brauer 
> 
> If you suffer a ransomware attack I would say your problem won't be
> *noticing* that. If you didn't, that's a failure by the attackers. They
> want you to notice (once they're finished), so that they get paid.
> Most often, they will change the extension (.ransom, an email
> address...) as well as include a ransom note on every directory.
> 
> Once you find what pattern they used, it's simple to find all other
> files like that.

I check for certain filename patterns and/or modified files (comparing
to pre-created hashes) before initiating a backup.

Best regards,
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: 

From joel.rees at gmail.com  Thu Aug 11 02:07:55 2022
From: joel.rees at gmail.com (Joel Rees)
Date: Thu, 11 Aug 2022 09:07:55 +0900
Subject: a bit off topic, how to find encrytped files (ransom attack)
In-Reply-To: <87mtck7xny.fsf@mat.ucm.es>
References: <87mtck7xny.fsf@mat.ucm.es>
Message-ID: 

This whole thread is a bit, well cause to ponder ..., and beef a little ...

On Fri, Aug 5, 2022 at 2:40 AM Uwe Brauer via Gnupg-users
 wrote:
>
> Hi
>
> I apologize for this message that can be a bit off topic.
> (I am on Ubuntu 16.04)

(Running off to see how much longer that's going to be supported.)

> How can I find say encrypted files in my home directory?

You have encrypted files you aren't tracking? That's a good way to
lose data or whatever was in them.

> The idea is to
> use some magic command together with the find command.
> I know

Magic seems to me to be opposed to the purpose of encryption, but I
guess if that's what you want that's what you want.

>     1. The file command will return for example for a gpg encrypted file
>        file .authinfo.gpg
>        .authinfo.gpg: PGP RSA encrypted
>
>     2. However for X509 file I obtain
>        file test.p12
>        file.p12: data
>
>     3. I could use the ent command which measure the entropy, high
>        entropy is an indication of encryption (but jpg have also high
>        entropy). However I should then study the distribution of each
>        letter to be sure.

As has been pointed out, entropy is orthogonal to the question of encryption.

> So is there any other way to run find and some other script to find
> suspicious  files? Google is not really helpful

Suspicious files?

Oh. Okay, you or somebody you know has been sloppy and wants to recover.

As you should note from the responses so far, there is no magic solution.

Figure out what is important on the compromised system and work from there.

It used to be a lot simpler, and I could give you a list of steps to
go through, but these days you have to think about compromised BIOS
and compromised media and I/O controllers and such. And the system
with the symptoms is quite possibly not the only compromised system on
your network.

Which I guess may be why you are hoping for magic.

Still, powering the system down, looking for other compromised systems
on the network, removing the media and taking a raw image, deciding
what's important on the compromised media and what can just be thrown
away, etc.

Deciding what's important is an essential step, because you won't know
how to go looking for it if you don't know what you're looking for.

And everything else just has to be tossed -- physically discarded.

Unless you're willing to play craps, in which case, you might consider
paying the people who (hopefully) know where they hid stuff --
although I'd hope you would first consider contacting your local
police or whoever you trust to be able to help, and volunteer to
cooperate in using your data as a trap to catch the miscreants.

-- 
Joel Rees

http://reiisi.blogspot.jp/p/novels-i-am-writing.html


From tdtemccna at gmail.com  Thu Aug 11 08:45:38 2022
From: tdtemccna at gmail.com (Turritopsis Dohrnii Teo En Ming)
Date: Thu, 11 Aug 2022 14:45:38 +0800
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the
 National Security Agency?
Message-ID: 

Subject: How did Edward Joseph Snowden use GnuPG to uncover the
secrets of the National Security Agency?

Good day from Singapore,

[QUOTE]

Arguing that you don't care about the right to privacy because you
have nothing to hide is no different from saying you don't care about
free speech because you have nothing to say. ? Edward Snowden

Using encryption helps to protect your privacy and the privacy of the
people you communicate with. Encryption makes life difficult for bulk
surveillance systems. GnuPG is one of the tools that Snowden used to
uncover the secrets of the NSA.

[/QUOTE]

How did Edward Joseph Snowden use GnuPG to uncover the secrets of the
National Security Agency?

I am very interested to know. Are there any detailed write-ups?

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
11 Aug 2022 Thursday
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com


From tdtemccna at gmail.com  Thu Aug 11 10:00:08 2022
From: tdtemccna at gmail.com (Turritopsis Dohrnii Teo En Ming)
Date: Thu, 11 Aug 2022 16:00:08 +0800
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of
 the National Security Agency?
In-Reply-To: 
References: 
 
Message-ID: 

On Thu, 11 Aug 2022 at 15:56, Fernando Cassia  wrote:
>
> On 11/08/2022, Turritopsis Dohrnii Teo En Ming via Gnupg-users
>  wrote:
> > Subject: How did Edward Joseph Snowden use GnuPG to uncover the
> > secrets of the National Security Agency?
> >
> > Good day from Singapore,
> >
> > [QUOTE]
> >
> > Arguing that you don't care about the right to privacy because you
> > have nothing to hide is no different from saying you don't care about
> > free speech because you have nothing to say. ? Edward Snowden
> >
> > Using encryption helps to protect your privacy and the privacy of the
> > people you communicate with. Encryption makes life difficult for bulk
> > surveillance systems. GnuPG is one of the tools that Snowden used to
> > uncover the secrets of the NSA.
> >
> > [/QUOTE]
> >
> > How did Edward Joseph Snowden use GnuPG to uncover the secrets of the
> > National Security Agency?
> >
> > I am very interested to know. Are there any detailed write-ups?
>
> Probably this
> https://theintercept.com/2014/10/28/smuggling-snowden-secrets/
>
> Also Snowden is probably a Russian asset by now, but whatver.
> https://observer.com/2016/09/the-real-ed-snowden-is-a-patsy-a-fraud-and-a-kremlin-controlled-pawn/

LOL.

>
> FC

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore


From sosthene at nitrokey.com  Thu Aug 11 09:39:24 2022
From: sosthene at nitrokey.com (=?UTF-8?Q?Sosth=c3=a8ne_Gu=c3=a9don_=7c_Nitrokey?=)
Date: Thu, 11 Aug 2022 09:39:24 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
Message-ID: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>

Hi!

I don't understand why generating a key on a smartcard only offers Curve25519 and P-384 for ECC cryptography unless the --expert flag is used.
P-384 is offered even when the hardware key doesn't support it and other curves which the hardware supports are not offered which is confusing.
Why is the P-256 curve disabled by default? It seems deliberate in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=402aa0f94854bb00475c934be5ca6043a4632126
but I can't find any documentation on why that choice was made.

Thanks,
Sosth?ne

-- 
Sosth?ne Gu?don
Intern

Nitrokey GmbH
https://www.nitrokey.com
Email: sosthene at nitrokey.com

Rheinstr. 10 C, 14513 Teltow, Germany
CEO / CEO: Jan Suhr
Register: AG Potsdam, HRB 32882 P
VAT ID / VAT ID: DE300136599



From fcassia at gmail.com  Thu Aug 11 09:56:19 2022
From: fcassia at gmail.com (Fernando Cassia)
Date: Thu, 11 Aug 2022 04:56:19 -0300
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of
 the National Security Agency?
In-Reply-To: 
References: 
Message-ID: 

On 11/08/2022, Turritopsis Dohrnii Teo En Ming via Gnupg-users
 wrote:
> Subject: How did Edward Joseph Snowden use GnuPG to uncover the
> secrets of the National Security Agency?
>
> Good day from Singapore,
>
> [QUOTE]
>
> Arguing that you don't care about the right to privacy because you
> have nothing to hide is no different from saying you don't care about
> free speech because you have nothing to say. ? Edward Snowden
>
> Using encryption helps to protect your privacy and the privacy of the
> people you communicate with. Encryption makes life difficult for bulk
> surveillance systems. GnuPG is one of the tools that Snowden used to
> uncover the secrets of the NSA.
>
> [/QUOTE]
>
> How did Edward Joseph Snowden use GnuPG to uncover the secrets of the
> National Security Agency?
>
> I am very interested to know. Are there any detailed write-ups?

Probably this
https://theintercept.com/2014/10/28/smuggling-snowden-secrets/

Also Snowden is probably a Russian asset by now, but whatver.
https://observer.com/2016/09/the-real-ed-snowden-is-a-patsy-a-fraud-and-a-kremlin-controlled-pawn/

FC


From wk at gnupg.org  Thu Aug 11 12:32:27 2022
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Aug 2022 12:32:27 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
 (=?utf-8?Q?=22Sosth=C3=A8ne=09Gu=C3=A9don?= | Nitrokey via Gnupg-users"'s
 message of "Thu, 11 Aug 2022 09:39:24 +0200")
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
Message-ID: <87sfm3nk90.fsf@wheatstone.g10code.de>

Hi!

Please share your GnUPG version and the type of smartcard you are using
with us.  A 9 year old commit is not very helpful.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From oub at mat.ucm.es  Thu Aug 11 12:48:48 2022
From: oub at mat.ucm.es (Uwe Brauer)
Date: Thu, 11 Aug 2022 12:48:48 +0200
Subject: a bit off topic, how to find encrytped files (ransom attack)
References: <87mtck7xny.fsf@mat.ucm.es>
 <8804fcd4-5bb1-7181-0948-aaec6d637a94@sixdemonbag.org>
 <87k07m1yoe.fsf@mat.ucm.es> <20220809103058.GA29977@unser.net>
Message-ID: <878rnvt5rj.fsf@mat.ucm.es>

>>> "JC" == Juergen Christoffel  writes:

> On Fri, Aug 05, 2022 at 05:45:53PM +0200, Uwe Brauer via Gnupg-users wrote:
>> 1. just for the first very rough analysis what is a convenient command to get a list of files that have high entropy?

> The first step might be to install tripwire and only check files, which
> tripwire reports as changed. See "man tripwire" after installing it.


Thanks very much!
> Regarding your attempt to find candidate files:

>> find . -iname '*.*' -follow -print -exec ent {} \;

> Files don't need to have a dot in their name. But they might have unusual
> characters in their names instead. So you might actually want to use

> find -type f -print0 | xargs -0 ent


Well thanks again, but this does not work as expected.
I obtain 

,----
| Duplicate file name.
| ent --  Calculate entropy of file.  Call
|         with ent [options] [input-file]
| 
|         Options:   -b   Treat input as a stream of bits
|                    -c   Print occurrence counts
|                    -f   Fold upper to lower case letters
|                    -t   Terse output in CSV format
|                    -u   Print this message
| 
| By John Walker
|    http://www.fourmilab.ch/
|    January 28th, 2008
`----


And adding  and of these suggested options does not help

> Tip: "man find" and "man xargs" describe what those zeroes mean.


I try it.

>> So I am not sure what is the best line, but the question boils down to
>> this, anybody know enough sed or awk or whatsoever to tell me how ot filter the ent output?

> Gentle suggestion: you'd need to learn such basic usage yourself, before
> you rely on them as a tool. especially when attempting to secure your
> systems.

> Tips (for example):
> https://www.amazon.de/Learning-Perl-Making-Things-Possible/dp/1492094951 or
> https://www.amazon.de/Effective-awk-Programming-Universal-Processing/dp/1491904615

Thanks my encounters with perl were well unpleasant.

I might, again, try to understand awk better.

Uwe Brauer 

-- 
I strongly condemn Putin's war of aggression against the Ukraine.
I support to deliver weapons to Ukraine's military. 
I support the ban of Russia from SWIFT.
I support the EU membership of the Ukraine. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5673 bytes
Desc: not available
URL: 

From sosthene at nitrokey.com  Thu Aug 11 14:58:17 2022
From: sosthene at nitrokey.com (=?UTF-8?Q?Sosth=c3=a8ne_Gu=c3=a9don_=7c_Nitrokey?=)
Date: Thu, 11 Aug 2022 14:58:17 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <87sfm3nk90.fsf@wheatstone.g10code.de>
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
 <87sfm3nk90.fsf@wheatstone.g10code.de>
Message-ID: <14409723-42c3-77c8-b8f4-818a94c0499c@nitrokey.com>

Hi!

> Please share your GnUPG version and the type of smartcard you are using
> with us.  A 9 year old commit is not very helpful.

I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are currently developing.

You're right the commit itself isn't very helpful, here are is the code that is relevant in the 2.2 branch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=fee752376d28d7c7704336d681da8be92c4f22bc;hb=491645b50ec97db12520483d347291d660db209c#l2393
See the `expert_only` flag set to 1 for P-256. This was introduced in the commit I mentioned.

Regards,
Sosth?ne

-- 
Sosth?ne Gu?don
Intern

Nitrokey GmbH
https://www.nitrokey.com
Email: sosthene at nitrokey.com

Rheinstr. 10 C, 14513 Teltow, Germany
CEO / CEO: Jan Suhr
Register: AG Potsdam, HRB 32882 P
VAT ID / VAT ID: DE300136599



From rjh at sixdemonbag.org  Thu Aug 11 15:02:45 2022
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 11 Aug 2022 09:02:45 -0400
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of
 the National Security Agency?
In-Reply-To: 
References: 
Message-ID: <5483a273-b2d9-a143-8d24-f936deaa06d6@sixdemonbag.org>

> Subject: How did Edward Joseph Snowden use GnuPG to uncover the
> secrets of the National Security Agency?

Short answer: he didn't.

> GnuPG is one of the tools that Snowden used to
> uncover the secrets of the NSA.

This is incorrect.

According to Glenn Greenwald, he used GnuPG to communicate privately 
with a couple of journalists.  GnuPG played no role in his exfiltrating 
data out of Fort Meade.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: 

From kloecker at kde.org  Thu Aug 11 15:30:04 2022
From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=)
Date: Thu, 11 Aug 2022 15:30:04 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
Message-ID: <4422087.LvFx2qVVIh@daneel>

On Donnerstag, 11. August 2022 09:39:24 CEST Sosth?ne Gu?don | Nitrokey via 
Gnupg-users wrote:
> I don't understand why generating a key on a smartcard only offers
> Curve25519 and P-384 for ECC cryptography unless the --expert flag is used.

You are asking the question the wrong way. Why should P-256 be offered without 
the --expert flag? It's not as if gpg wouldn't allow you to create a P-256 key.

Only experts will be able to make an educated decision between P-256 and 
P-384. It's good to give "normal" people less choice by default because more 
choice will just confuse them even more. Even having to choose between 
Curve25519 and P-384 will be too much already for people who just have been 
told that they should generate an ECC key.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: 

From sosthene at nitrokey.com  Thu Aug 11 17:25:55 2022
From: sosthene at nitrokey.com (=?UTF-8?Q?Sosth=c3=a8ne_Gu=c3=a9don_=7c_Nitrokey?=)
Date: Thu, 11 Aug 2022 17:25:55 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <4422087.LvFx2qVVIh@daneel>
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
 <4422087.LvFx2qVVIh@daneel>
Message-ID: <85d25dc7-7553-6abb-9d4a-fc3572da6156@nitrokey.com>

n 8/11/22 15:30, Ingo Kl?cker wrote
> Only experts will be able to make an educated decision between P-256 and
> P-384. It's good to give "normal" people less choice by default because more
> choice will just confuse them even more. Even having to choose between
> Curve25519 and P-384 will be too much already for people who just have been
> told that they should generate an ECC key.

That makes sense to me. However why offer curves not supported by the hardware?

Regards,
Sosth?ne

-- 
Sosth?ne Gu?don
Intern

Nitrokey GmbH
https://www.nitrokey.com
Email: sosthene at nitrokey.com

Rheinstr. 10 C, 14513 Teltow, Germany
CEO / CEO: Jan Suhr
Register: AG Potsdam, HRB 32882 P
VAT ID / VAT ID: DE300136599



From wk at gnupg.org  Fri Aug 12 09:21:48 2022
From: wk at gnupg.org (Werner Koch)
Date: Fri, 12 Aug 2022 09:21:48 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <14409723-42c3-77c8-b8f4-818a94c0499c@nitrokey.com>
 (=?utf-8?Q?=22Sosth=C3=A8ne=09Gu=C3=A9don?= | Nitrokey via Gnupg-users"'s
 message of "Thu, 11 Aug 2022 14:58:17 +0200")
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
 <87sfm3nk90.fsf@wheatstone.g10code.de>
 <14409723-42c3-77c8-b8f4-818a94c0499c@nitrokey.com>
Message-ID: <878rnuncz7.fsf@wheatstone.g10code.de>

On Thu, 11 Aug 2022 14:58, Sosth?ne Gu?don | Nitrokey said:

> I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are
> currently developing.

You should better use the stable branch (2.3) instead of the LTS.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From wk at gnupg.org  Fri Aug 12 09:21:00 2022
From: wk at gnupg.org (Werner Koch)
Date: Fri, 12 Aug 2022 09:21:00 +0200
Subject: OpenPGP smartcard and P-256 in non expert mode
In-Reply-To: <85d25dc7-7553-6abb-9d4a-fc3572da6156@nitrokey.com>
 (=?utf-8?Q?=22Sosth=C3=A8ne=09Gu=C3=A9don?= | Nitrokey via Gnupg-users"'s
 message of "Thu, 11 Aug 2022 17:25:55 +0200")
References: <07395fda-b7cf-868b-a034-678d95d4f035@nitrokey.com>
 <4422087.LvFx2qVVIh@daneel>
 <85d25dc7-7553-6abb-9d4a-fc3572da6156@nitrokey.com>
Message-ID: <87czd6nd0j.fsf@wheatstone.g10code.de>

On Thu, 11 Aug 2022 17:25, Sosth?ne Gu?don | Nitrokey said:

> That makes sense to me. However why offer curves not supported by the hardware?

Because we can't now what curves a certain smartcard supports.  The
announcement of the car capabilities is a relative new and optional
OpenPGP card feature and GnuPG shall still work with older cards.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From Alekseevvladislav2hy at outlook.com  Sun Aug 14 13:30:07 2022
From: Alekseevvladislav2hy at outlook.com (Vladislav Alekseev)
Date: Sun, 14 Aug 2022 11:30:07 +0000
Subject: Problems when importing previously exported private keys on new linux
 system.
Message-ID: 

Sorry for replying late, this is my first use with mailing list and I didn't notice your email.

Unfortunately, I forgot the gnupg version number on my old linux. But as I created cron tasks to have my system update daily, I think it's up to date with apt. I'll provide other assistance if you want me to.

I've talked the thing with Andrew Savchenko , but I didn't know I should CC to gnupg-users at gnupg.org to make my mails visible to all users.

If you want and permit me to, I will forward all my emails with Andrew here.

When I trying to recover my keys, I found something interesting. (I had shared it with Andrew)
I'm working on Windows these days, and I found something interesting.
I created a new key pair and then export private key both with "-a" parameter and without.
Then when I tried to re-import them, the same error occurred with both key files.
But, when I manually copy content in armored private key file and paste it after "gpg --import" command, it worked as expected.

To sum up, it seems that if I am restoring a key from file, it won't work.
If I copy from a armored file and then paste to shell, it will work as expected.
?I created a linux machine today and all the actions succeeded as expected. I also export my keys and download it to my windows (both armored and not), and succeeded to import, failed to export to file then re-import.

I'll post my keys, environment and version data here once I reach my Windows laptop.

Regards.
V
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From DavidWGordon1011 at outlook.com  Tue Aug 16 00:30:41 2022
From: DavidWGordon1011 at outlook.com (David Gordon)
Date: Mon, 15 Aug 2022 22:30:41 +0000
Subject: GNUPG and Google Cloud
Message-ID: 

Can GnuPG be deployed to GCP to decrypt files? If so, is there a recommended approach?

Thanks,
David

Sent from Mail for Windows

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From cjac at colliertech.org  Tue Aug 16 16:23:04 2022
From: cjac at colliertech.org (C.J. Collier)
Date: Tue, 16 Aug 2022 07:23:04 -0700
Subject: GNUPG and Google Cloud
In-Reply-To: 
References: 
Message-ID: 

Hi there!

Are you looking for a server-less solution or will a Debian instance on GCE
or GKE suffice?

You can "deploy" GNUPG with apt-get.  Decrypting content would require
getting a private key or an agent onto the system.

Can you give more details about what you're looking for?

C.J. in Cloud Support, Seattle
GCP Technical Solutions Engineer


On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users <
gnupg-users at gnupg.org> wrote:

> Can GnuPG be deployed to GCP to decrypt files? If so, is there a
> recommended approach?
>
>
>
> Thanks,
>
> David
>
>
>
> Sent from Mail  for
> Windows
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From DavidWGordon1011 at outlook.com  Tue Aug 16 20:33:41 2022
From: DavidWGordon1011 at outlook.com (David Gordon)
Date: Tue, 16 Aug 2022 18:33:41 +0000
Subject: GNUPG and Google Cloud
In-Reply-To: 
References: 
 
Message-ID: 

CJ,

We were looking for a server-less solution. What we want to do is take data from a legacy mainframe system, encrypt it via PGP, and then via GKE transfer it to Cloud Storage. From there we want to decrypt it via GnuPG, save it in Cloud Storage and then load it into Big Query.

Thanks,
David

From: C.J. Collier 
Sent: Tuesday, August 16, 2022 10:23 AM
To: David Gordon 
Cc: gnupg-users at gnupg.org
Subject: Re: GNUPG and Google Cloud

Hi there!

Are you looking for a server-less solution or will a Debian instance on GCE or GKE suffice?

You can "deploy" GNUPG with apt-get.  Decrypting content would require getting a private key or an agent onto the system.

Can you give more details about what you're looking for?

C.J. in Cloud Support, Seattle
GCP Technical Solutions Engineer


On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users > wrote:
Can GnuPG be deployed to GCP to decrypt files? If so, is there a recommended approach?

Thanks,
David

Sent from Mail for Windows

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From cjac at colliertech.org  Tue Aug 16 22:29:19 2022
From: cjac at colliertech.org (C.J. Collier)
Date: Tue, 16 Aug 2022 13:29:19 -0700
Subject: GNUPG and Google Cloud
In-Reply-To: 
References: 
 
 
Message-ID: 

Hi David,

I would take a look at Secret Manager[1] as a way to store your private key
material confidentially.  Perhaps consider Cloud Run[2] as a mechanism for
execution of arbitrary code, in this case for instance with the
encryption/decryption pipeline using the python runtime and python-gnupg[3]
library.

You might instead find Cloud Pub/Sub[4] and Dataflow[5] to be useful for
streaming the data from your on-prem environment to GCS, and from GCS to
BigQuery.

In short, yes, there are a variety of ways to perform the steps that you're
talking about on GCP.  You should be able to develop a proof of concept on
a small scale while staying within the limits of the free tier[6].  I'm not
quite clear on why you would want to encrypt the data when you will
eventually decrypt it for storage into BigQuery, but yes, it is feasible.

C.J.

[1] https://cloud.google.com/secret-manager
[2] https://cloud.google.com/run
[3] https://pypi.org/project/python-gnupg/
[4] https://cloud.google.com/pubsub
[5] https://cloud.google.com/dataflow
[6] https://cloud.google.com/free

On Tue, Aug 16, 2022 at 11:33 AM David Gordon 
wrote:

> CJ,
>
>
>
> We were looking for a server-less solution. What we want to do is take
> data from a legacy mainframe system, encrypt it via PGP, and then via GKE
> transfer it to Cloud Storage. From there we want to decrypt it via GnuPG,
> save it in Cloud Storage and then load it into Big Query.
>
>
>
> Thanks,
>
> David
>
>
>
> *From:* C.J. Collier 
> *Sent:* Tuesday, August 16, 2022 10:23 AM
> *To:* David Gordon 
> *Cc:* gnupg-users at gnupg.org
> *Subject:* Re: GNUPG and Google Cloud
>
>
>
> Hi there!
>
>
>
> Are you looking for a server-less solution or will a Debian instance on
> GCE or GKE suffice?
>
>
>
> You can "deploy" GNUPG with apt-get.  Decrypting content would require
> getting a private key or an agent onto the system.
>
>
>
> Can you give more details about what you're looking for?
>
>
>
> C.J. in Cloud Support, Seattle
>
> GCP Technical Solutions Engineer
>
>
>
>
>
> On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users <
> gnupg-users at gnupg.org> wrote:
>
> Can GnuPG be deployed to GCP to decrypt files? If so, is there a
> recommended approach?
>
>
>
> Thanks,
>
> David
>
>
>
> Sent from Mail
> 
> for Windows
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From minasargyrou at outlook.com  Wed Aug 17 09:15:33 2022
From: minasargyrou at outlook.com (Minas Argyrou)
Date: Wed, 17 Aug 2022 07:15:33 +0000
Subject: gpa.exe hungs when click on "smartcards" AND scdaemon cannot
 recognise SC-HSM
Message-ID: 

Hello,

I believe I have found the cause of the problem with the GnuPG. When removing 
the AES key from the card, the error about the invalid PrKDF disappeared, 
which I believe is progress.

When I try "scdaemon --server" and then type "learn", I get the following:

scdaemon[xxxxx]: detected reader 'ACS CCID USB Reader 0'
scdaemon[xxxxx]: reader slot 0: not connected
scdaemon[xxxxx]: pcsc_control failed: invalid PC/SC error code (0x1)
scdaemon[xxxxx]: pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
scdaemon[xxxxx]: reader slot 0: active protocol: T1
scdaemon[xxxxx]: slot 0: ATR=xxxxxxxxxxxxxx
scdaemon[xxxxx]: DBG: PrKDF C401: id=xxxxxxxxxxxxxx keyref=0x01 keysize=528 
usage=sign,derive
scdaemon[xxxxx]: DBG: CDF C401: id=xxxxxxxxxxxxxx fid=CE01
scdaemon[xxxxx]: DBG: PrKDF C402: id=xxxxxxxxxxxxxx keyref=0x02 keysize=2048 
usage=decrypt,sign,sign_recover,unwrap
scdaemon[xxxxx]: DBG: CDF C402: id=xxxxxxxxxxxxxx fid=CE02
S READER ACS CCID USB Reader 0
S SERIALNO xxxxxxxxxxxxxx
INQUIRE KNOWNCARDP xxxxxxxxxxxxxx


I then try "gpg --card-edit --expert" and then "admin" and "list"

Reader ...........: ACS CCID USB Reader 0
Application ID ...: xxxxxxxxxxxxxx
Application type .: Unknown


GnuPG is now recognising the private keys and can parse the PrKDF record but 
still cannot use the keys. Any thoughts on this?

Thanks in advance!

Argyrou Minas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6027 bytes
Desc: not available
URL: 

From rhettbohling at gmail.com  Wed Aug 17 18:42:29 2022
From: rhettbohling at gmail.com (Rhett)
Date: Wed, 17 Aug 2022 12:42:29 -0400
Subject: Gnupg-users Digest, Vol 227, Issue 11
In-Reply-To: 
References: 
Message-ID: 

Please Help me get off this
I have tried but not working
Please

On Wed, Aug 17, 2022 at 3:47 AM  wrote:

> Send Gnupg-users mailing list submissions to
>         gnupg-users at gnupg.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
>         gnupg-users-request at gnupg.org
>
> You can reach the person managing the list at
>         gnupg-users-owner at gnupg.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
>
>
> Today's Topics:
>
>    1. Re: GNUPG and Google Cloud (C.J. Collier)
>    2. gpa.exe hungs when click on "smartcards" AND scdaemon cannot
>       recognise SC-HSM (Minas Argyrou)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 16 Aug 2022 13:29:19 -0700
> From: "C.J. Collier" 
> To: David Gordon 
> Cc: "gnupg-users at gnupg.org" 
> Subject: Re: GNUPG and Google Cloud
> Message-ID:
>         <
> CAJj0OuvWzGUfHFCy8LrzW8BiVSrzP7KsxuPPoSVc848kP2OFRA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi David,
>
> I would take a look at Secret Manager[1] as a way to store your private key
> material confidentially.  Perhaps consider Cloud Run[2] as a mechanism for
> execution of arbitrary code, in this case for instance with the
> encryption/decryption pipeline using the python runtime and python-gnupg[3]
> library.
>
> You might instead find Cloud Pub/Sub[4] and Dataflow[5] to be useful for
> streaming the data from your on-prem environment to GCS, and from GCS to
> BigQuery.
>
> In short, yes, there are a variety of ways to perform the steps that you're
> talking about on GCP.  You should be able to develop a proof of concept on
> a small scale while staying within the limits of the free tier[6].  I'm not
> quite clear on why you would want to encrypt the data when you will
> eventually decrypt it for storage into BigQuery, but yes, it is feasible.
>
> C.J.
>
> [1] https://cloud.google.com/secret-manager
> [2] https://cloud.google.com/run
> [3] https://pypi.org/project/python-gnupg/
> [4] https://cloud.google.com/pubsub
> [5] https://cloud.google.com/dataflow
> [6] https://cloud.google.com/free
>
> On Tue, Aug 16, 2022 at 11:33 AM David Gordon <
> DavidWGordon1011 at outlook.com>
> wrote:
>
> > CJ,
> >
> >
> >
> > We were looking for a server-less solution. What we want to do is take
> > data from a legacy mainframe system, encrypt it via PGP, and then via GKE
> > transfer it to Cloud Storage. From there we want to decrypt it via GnuPG,
> > save it in Cloud Storage and then load it into Big Query.
> >
> >
> >
> > Thanks,
> >
> > David
> >
> >
> >
> > *From:* C.J. Collier 
> > *Sent:* Tuesday, August 16, 2022 10:23 AM
> > *To:* David Gordon 
> > *Cc:* gnupg-users at gnupg.org
> > *Subject:* Re: GNUPG and Google Cloud
> >
> >
> >
> > Hi there!
> >
> >
> >
> > Are you looking for a server-less solution or will a Debian instance on
> > GCE or GKE suffice?
> >
> >
> >
> > You can "deploy" GNUPG with apt-get.  Decrypting content would require
> > getting a private key or an agent onto the system.
> >
> >
> >
> > Can you give more details about what you're looking for?
> >
> >
> >
> > C.J. in Cloud Support, Seattle
> >
> > GCP Technical Solutions Engineer
> >
> >
> >
> >
> >
> > On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users <
> > gnupg-users at gnupg.org> wrote:
> >
> > Can GnuPG be deployed to GCP to decrypt files? If so, is there a
> > recommended approach?
> >
> >
> >
> > Thanks,
> >
> > David
> >
> >
> >
> > Sent from Mail
> > <
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A2zN6aWVAIQ7H8Zhq2JiSIZ2cEjDy2yKCQdRIX7T7bA%3D&reserved=0
> >
> > for Windows
> >
> >
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org
> > https://lists.gnupg.org/mailman/listinfo/gnupg-users
> > <
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EnvRhaqhJaDX%2FlpIwBGk3QjuMcIXh5Gcppuypi5kNYw%3D&reserved=0
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220816/1651fc4d/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 17 Aug 2022 07:15:33 +0000
> From: Minas Argyrou 
> To: "gnupg-users at gnupg.org" 
> Cc: Minas Argyrou 
> Subject: gpa.exe hungs when click on "smartcards" AND scdaemon cannot
>         recognise SC-HSM
> Message-ID:
>         <
> AS4P251MB094158964CBA8E7E7339A92DC16A9 at AS4P251MB0941.EURP251.PROD.OUTLOOK.COM
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I believe I have found the cause of the problem with the GnuPG. When
> removing
> the AES key from the card, the error about the invalid PrKDF disappeared,
> which I believe is progress.
>
> When I try "scdaemon --server" and then type "learn", I get the following:
>
> scdaemon[xxxxx]: detected reader 'ACS CCID USB Reader 0'
> scdaemon[xxxxx]: reader slot 0: not connected
> scdaemon[xxxxx]: pcsc_control failed: invalid PC/SC error code (0x1)
> scdaemon[xxxxx]: pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed:
> 65547
> scdaemon[xxxxx]: reader slot 0: active protocol: T1
> scdaemon[xxxxx]: slot 0: ATR=xxxxxxxxxxxxxx
> scdaemon[xxxxx]: DBG: PrKDF C401: id=xxxxxxxxxxxxxx keyref=0x01
> keysize=528
> usage=sign,derive
> scdaemon[xxxxx]: DBG: CDF C401: id=xxxxxxxxxxxxxx fid=CE01
> scdaemon[xxxxx]: DBG: PrKDF C402: id=xxxxxxxxxxxxxx keyref=0x02
> keysize=2048
> usage=decrypt,sign,sign_recover,unwrap
> scdaemon[xxxxx]: DBG: CDF C402: id=xxxxxxxxxxxxxx fid=CE02
> S READER ACS CCID USB Reader 0
> S SERIALNO xxxxxxxxxxxxxx
> INQUIRE KNOWNCARDP xxxxxxxxxxxxxx
>
>
> I then try "gpg --card-edit --expert" and then "admin" and "list"
>
> Reader ...........: ACS CCID USB Reader 0
> Application ID ...: xxxxxxxxxxxxxx
> Application type .: Unknown
>
>
> GnuPG is now recognising the private keys and can parse the PrKDF record
> but
> still cannot use the keys. Any thoughts on this?
>
> Thanks in advance!
>
> Argyrou Minas
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 6027 bytes
> Desc: not available
> URL: <
> https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220817/a617c41d/attachment.bin
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> ------------------------------
>
> End of Gnupg-users Digest, Vol 227, Issue 11
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From DavidWGordon1011 at outlook.com  Wed Aug 17 00:22:11 2022
From: DavidWGordon1011 at outlook.com (David Gordon)
Date: Tue, 16 Aug 2022 22:22:11 +0000
Subject: GNUPG and Google Cloud
In-Reply-To: 
References: 
 
 
 
Message-ID: 

C.J.,

Pub/Sub & Data Flow would require us to have a larger "footprint" on-prem that we wanted. We want to keep our on-prem environment as small as possible. Additionally, most of our data will be transferred using flat files that do not lend themselves to being sent via pub-sub.

For the on-prem encrypting, could I have the GKE container(s), shell out to GnuPG to do the encrypting and then "send" the encrypted file to Cloud Storage? Would I then use Secret Manager or Cloud KMS to store my keys or would there be a way to use Kleopatra?

We need to encrypt the data all stages because it contains PII information and we don't want it un-encrypted at any stage especially when it is being sent to GCP.

Thanks,
David


From: C.J. Collier 
Sent: Tuesday, August 16, 2022 4:29 PM
To: David Gordon 
Cc: gnupg-users at gnupg.org
Subject: Re: GNUPG and Google Cloud

Hi David,

I would take a look at Secret Manager[1] as a way to store your private key material confidentially.  Perhaps consider Cloud Run[2] as a mechanism for execution of arbitrary code, in this case for instance with the encryption/decryption pipeline using the python runtime and python-gnupg[3] library.

You might instead find Cloud Pub/Sub[4] and Dataflow[5] to be useful for streaming the data from your on-prem environment to GCS, and from GCS to BigQuery.

In short, yes, there are a variety of ways to perform the steps that you're talking about on GCP.  You should be able to develop a proof of concept on a small scale while staying within the limits of the free tier[6].  I'm not quite clear on why you would want to encrypt the data when you will eventually decrypt it for storage into BigQuery, but yes, it is feasible.

C.J.

[1] https://cloud.google.com/secret-manager
[2] https://cloud.google.com/run
[3] https://pypi.org/project/python-gnupg/
[4] https://cloud.google.com/pubsub
[5] https://cloud.google.com/dataflow
[6] https://cloud.google.com/free

On Tue, Aug 16, 2022 at 11:33 AM David Gordon > wrote:
CJ,

We were looking for a server-less solution. What we want to do is take data from a legacy mainframe system, encrypt it via PGP, and then via GKE transfer it to Cloud Storage. From there we want to decrypt it via GnuPG, save it in Cloud Storage and then load it into Big Query.

Thanks,
David

From: C.J. Collier >
Sent: Tuesday, August 16, 2022 10:23 AM
To: David Gordon >
Cc: gnupg-users at gnupg.org
Subject: Re: GNUPG and Google Cloud

Hi there!

Are you looking for a server-less solution or will a Debian instance on GCE or GKE suffice?

You can "deploy" GNUPG with apt-get.  Decrypting content would require getting a private key or an agent onto the system.

Can you give more details about what you're looking for?

C.J. in Cloud Support, Seattle
GCP Technical Solutions Engineer


On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users > wrote:
Can GnuPG be deployed to GCP to decrypt files? If so, is there a recommended approach?

Thanks,
David

Sent from Mail for Windows

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From stuartl at longlandclan.id.au  Wed Aug 17 23:56:58 2022
From: stuartl at longlandclan.id.au (Stuart Longland)
Date: Thu, 18 Aug 2022 07:56:58 +1000
Subject: Gnupg-users Digest, Vol 227, Issue 11
In-Reply-To: 
References: 
 
Message-ID: <20220818075658.094a90db@longlandclan.id.au>

On Wed, 17 Aug 2022 12:42:29 -0400
Rhett via Gnupg-users  wrote:

> Please Help me get off this
> I have tried but not working
> Please

On your behalf, I have visited
https://lists.gnupg.org/mailman/options/gnupg-users - entered your
email address and clicked Unsubscribe.

There should be a confirmation email? open that, click Reply, click
Send, and you should be unsubscribed.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.


From skaainet at skynet.be  Fri Aug 19 14:48:06 2022
From: skaainet at skynet.be (kho)
Date: Fri, 19 Aug 2022 14:48:06 +0200
Subject: Question about redundant smartcard setup
Message-ID: 

Hi,

Recently I have been working with GPG and 2 smartcards (Yubikey).
Despite some information here an there on internet, some things are
still not clear to me.

My setup has 1 master key with 6 subkeys, twice 3 keys for different
purposes(A,E,S). So each smartcard will receive 3 keys. It works fine
with Thunderbird and also with other tools: passwordstore (unix pass).

Here some questions about particular situations:

1. In the passwordstore, I encrypted a few passwords, which are in fact
just GPG files that store the passwords. When I want to decrypt them
with the Yubikey, I receive the message: Please insert card with serial
number. But what if I don't have that smartcard2 at hand? And how do I
know that smartcard1 then really works , if it is never asked to insert
smartcard1? I found a way to encrypt with smartcard1 via the option: -r
! . Smartcard1 seems to work fine. But then
the question remains, suppose GPG asks for smartcard2 and smartcard2 is
stolen. I can only provide smartcard1 and GPG asks for smartcard2. What
to do?

2. Then some people suggest to use a different master key, but the goal
was that both smartcards back each other up, in case one is broke. So
that idea is not going to work, correct?

3. Also with different master keys, if I have sent a bunch of e-mails
with smartcard1 and smartcard2. When one of the smartcards is broke , I
will not be able to open those e-mails with the working smartcard?

4. Another approach is that I could for example have created just 3
subkeys (not 6) and copied all 3 to smartcard1 and again to smartcard2.
I thought that having those subkeys separately is ideal, specially in a
occasion were smartcard2 is stolen. Then I revoke the smartcard2 subkeys
and keep on using the smartcard1 until I have ordered a new backup
smartcard. Because some e-mails are sent encrypted (not so many), am I
sure then when I revoke the subkey of smartcard2 that all e-mail will
open with smartcard1?

5. What is at the end the best way to setup 2 smartcards that can be
used in encryption, signing and decryption? And additionally both
smartscard should work, I have 2 smartcards for redundancy.

On internet there are many blogs etc, but they rarely deal with the
complete picture.

Thanks in advance for your help.

All the best!



From wk at gnupg.org  Fri Aug 19 17:21:12 2022
From: wk at gnupg.org (Werner Koch)
Date: Fri, 19 Aug 2022 17:21:12 +0200
Subject: Question about redundant smartcard setup
In-Reply-To:  (kho via
 Gnupg-users's message of "Fri, 19 Aug 2022 14:48:06 +0200")
References: 
Message-ID: <8735dsl0nr.fsf@wheatstone.g10code.de>

On Fri, 19 Aug 2022 14:48, kho said:

> 4. Another approach is that I could for example have created just 3
> subkeys (not 6) and copied all 3 to smartcard1 and again to smartcard2.
> I thought that having those subkeys separately is ideal, specially in a
> occasion were smartcard2 is stolen. Then I revoke the smartcard2 subkeys

No need to.  Save a paper copy of the keys before you remove them from
the disk.  If both cards are broken you can still type the keys in and
create a new smartcard.  Exact procedures depend on your threat model.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From andrewg at andrewg.com  Fri Aug 19 17:25:49 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 19 Aug 2022 16:25:49 +0100
Subject: Question about redundant smartcard setup
In-Reply-To: 
References: 
Message-ID: <12A2792D-ACA6-4D97-A2F4-1BD5D2E6BDCF@andrewg.com>

On 19 Aug 2022, at 13:48, kho via Gnupg-users  wrote:
> 
> 5. What is at the end the best way to setup 2 smartcards that can be
> used in encryption, signing and decryption? And additionally both
> smartscard should work, I have 2 smartcards for redundancy.

If you want the two smartcards to be redundant copies of each other, then they MUST contain exactly the same key material. It is possible to generate multiple signing/authentication subkeys that will be treated the same for practical purposes, since most software will try each valid sig/auth-capable (sub)key in turn during verification. There is no equivalent ability for encryption subkeys, as clients will encrypt to only the most recent valid encryption subkey. If you lose/break the smartcard with the only copy of an encryption subkey then there is no way to recover.

You can save the same key material to multiple smartcards using the gnupg command line interface:

1. Run gnupg and follow the usual process for generating (sub)keys, but ?save? to save and exit before transferring subkeys to the smartcard. This ensures that you have a copy on disk before continuing.

2. Run gnupg again and copy the subkey(s) to the card, but afterwards you should say ?quit? to exit *without* saving (not ?save?). That way the subkeys will not be deleted from disk and you can use them again.

3. Repeat step 2 for the second (third, fourth,?) smartcard. Only choose ?save? to save-and-exit after copying to the last smartcard, however be aware that ?last? in this context really means ?last?. No take-backs.

If you have to generate a new subkey for whatever reason (say you had to revoke the previous one) you must follow a similar save/quit sequence, remembering the order ?run, generate, save, run, copy, quit, run, copy, quit, ? run, copy, save"

To keep open the possibility of provisioning extra cards in the future, you could back up your entire .gnupg directory to a secure offline storage medium (such as an encrypted thumb drive) after generating the keys but before transferring to smartcard(s). Or you could perform the whole process of generating and managing your keys using a secure live system such as Tails with an encrypted persistent partition (remembering to ?quit? after copying even the last time so that there is always a copy on disk). If you do either of these you only need one smartcard, so long as you don?t mind waiting for a replacement smartcard to arrive in the post if your original breaks.

On any given machine, gnupg will only ask for one smartcard. You should therefore consider one smartcard your working copy and one your emergency backup (if you have multiple machines, you could assign different primary cards to each machine). To force gnupg to ask for the other smartcard, you can delete the stub `.key` files under ~/.gnupg/private-keys-v1.d (on Linux/Mac, I forget the Windows equivalent). To work out which files to delete, incant `gpg -K --with-keygrip` and note the ?Keygrip? lines under the three subkeys. Delete the corresponding `.key` files only, then plug in the replacement smartcard and incant `killall gpg-agent; gpg --card-status` (again Linux/Mac only). gnupg should now recognise the replacement card as the primary, and will ask consistently for that one until you repeat the process.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: 

From skaainet at skynet.be  Fri Aug 19 17:59:24 2022
From: skaainet at skynet.be (kho)
Date: Fri, 19 Aug 2022 17:59:24 +0200
Subject: Question about redundant smartcard setup
In-Reply-To: <8735dsl0nr.fsf@wheatstone.g10code.de>
References: 
 <8735dsl0nr.fsf@wheatstone.g10code.de>
Message-ID: 

Of course, you are right. I could store it digitally on a encrypted disk
and even on paper. And like you say they are not really gone. Thanks for
the tip.

On 8/19/22 15:21, Werner Koch wrote:
> On Fri, 19 Aug 2022 14:48, kho said:
>
>> 4. Another approach is that I could for example have created just 3
>> subkeys (not 6) and copied all 3 to smartcard1 and again to smartcard2.
>> I thought that having those subkeys separately is ideal, specially in a
>> occasion were smartcard2 is stolen. Then I revoke the smartcard2 subkeys
> No need to.  Save a paper copy of the keys before you remove them from
> the disk.  If both cards are broken you can still type the keys in and
> create a new smartcard.  Exact procedures depend on your threat model.
>
>
> Salam-Shalom,
>
>    Werner
>


From skaainet at skynet.be  Fri Aug 19 18:17:43 2022
From: skaainet at skynet.be (kho)
Date: Fri, 19 Aug 2022 18:17:43 +0200
Subject: Question about redundant smartcard setup
In-Reply-To: <12A2792D-ACA6-4D97-A2F4-1BD5D2E6BDCF@andrewg.com>
References: 
 <12A2792D-ACA6-4D97-A2F4-1BD5D2E6BDCF@andrewg.com>
Message-ID: <658b7120-c570-cf23-c3e2-7f19a59fe3ec@skynet.be>

Thanks for this fast, complete and clear answer.

I am going to see if I can still pick up somewhere or just remove all I
did and start all over by following your steps.

This is the confirmation I needed! Thanks!

On 8/19/22 15:25, Andrew Gallagher wrote:
> On 19 Aug 2022, at 13:48, kho via Gnupg-users  wrote:
>> 5. What is at the end the best way to setup 2 smartcards that can be
>> used in encryption, signing and decryption? And additionally both
>> smartscard should work, I have 2 smartcards for redundancy.
> If you want the two smartcards to be redundant copies of each other, then they MUST contain exactly the same key material. It is possible to generate multiple signing/authentication subkeys that will be treated the same for practical purposes, since most software will try each valid sig/auth-capable (sub)key in turn during verification. There is no equivalent ability for encryption subkeys, as clients will encrypt to only the most recent valid encryption subkey. If you lose/break the smartcard with the only copy of an encryption subkey then there is no way to recover.
>
> You can save the same key material to multiple smartcards using the gnupg command line interface:
>
> 1. Run gnupg and follow the usual process for generating (sub)keys, but ?save? to save and exit before transferring subkeys to the smartcard. This ensures that you have a copy on disk before continuing.
>
> 2. Run gnupg again and copy the subkey(s) to the card, but afterwards you should say ?quit? to exit *without* saving (not ?save?). That way the subkeys will not be deleted from disk and you can use them again.
>
> 3. Repeat step 2 for the second (third, fourth,?) smartcard. Only choose ?save? to save-and-exit after copying to the last smartcard, however be aware that ?last? in this context really means ?last?. No take-backs.
>
> If you have to generate a new subkey for whatever reason (say you had to revoke the previous one) you must follow a similar save/quit sequence, remembering the order ?run, generate, save, run, copy, quit, run, copy, quit, ? run, copy, save"
>
> To keep open the possibility of provisioning extra cards in the future, you could back up your entire .gnupg directory to a secure offline storage medium (such as an encrypted thumb drive) after generating the keys but before transferring to smartcard(s). Or you could perform the whole process of generating and managing your keys using a secure live system such as Tails with an encrypted persistent partition (remembering to ?quit? after copying even the last time so that there is always a copy on disk). If you do either of these you only need one smartcard, so long as you don?t mind waiting for a replacement smartcard to arrive in the post if your original breaks.
>
> On any given machine, gnupg will only ask for one smartcard. You should therefore consider one smartcard your working copy and one your emergency backup (if you have multiple machines, you could assign different primary cards to each machine). To force gnupg to ask for the other smartcard, you can delete the stub `.key` files under ~/.gnupg/private-keys-v1.d (on Linux/Mac, I forget the Windows equivalent). To work out which files to delete, incant `gpg -K --with-keygrip` and note the ?Keygrip? lines under the three subkeys. Delete the corresponding `.key` files only, then plug in the replacement smartcard and incant `killall gpg-agent; gpg --card-status` (again Linux/Mac only). gnupg should now recognise the replacement card as the primary, and will ask consistently for that one until you repeat the process.
>
> A
>


From andrewg at andrewg.com  Fri Aug 19 18:25:17 2022
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 19 Aug 2022 17:25:17 +0100
Subject: Question about redundant smartcard setup
In-Reply-To: <658b7120-c570-cf23-c3e2-7f19a59fe3ec@skynet.be>
References: 
 <12A2792D-ACA6-4D97-A2F4-1BD5D2E6BDCF@andrewg.com>
 <658b7120-c570-cf23-c3e2-7f19a59fe3ec@skynet.be>
Message-ID: 

On 19 Aug 2022, at 17:17, kho  wrote:
> 
> Thanks for this fast, complete and clear answer.
> 
> I am going to see if I can still pick up somewhere or just remove all I
> did and start all over by following your steps.

Just a note of caution: since it is quite an involved process I would recommend keeping it as simple as possible at first, and trying it out with a test key before doing it in production. So long as you have a (tested!) offline backup you should be safe.

A

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: 

From skaainet at skynet.be  Fri Aug 19 19:59:33 2022
From: skaainet at skynet.be (kho)
Date: Fri, 19 Aug 2022 19:59:33 +0200
Subject: Question about redundant smartcard setup
In-Reply-To: 
References: 
 <12A2792D-ACA6-4D97-A2F4-1BD5D2E6BDCF@andrewg.com>
 <658b7120-c570-cf23-c3e2-7f19a59fe3ec@skynet.be>
 
Message-ID: <462fc6cb-e46c-ba7a-d643-d097c553296f@skynet.be>

Yes, will do that. And the full chain from start to finish with a test
key. Deal.

On 8/19/22 16:25, Andrew Gallagher wrote:
> On 19 Aug 2022, at 17:17, kho  wrote:
>>
>> Thanks for this fast, complete and clear answer.
>>
>> I am going to see if I can still pick up somewhere or just remove all I
>> did and start all over by following your steps.
>
> Just a note of caution: since it is quite an involved process I would
> recommend keeping it as simple as possible at first, and trying it out
> with a test key before doing it in production. So long as you have a
> (tested!) offline backup you should be safe.
>
> A
>


From skaainet at skynet.be  Fri Aug 19 14:41:20 2022
From: skaainet at skynet.be (kho)
Date: Fri, 19 Aug 2022 14:41:20 +0200
Subject: Question about redundant smartcard setup
Message-ID: 

An HTML attachment was scrubbed...
URL: 

From theaetetos at tutanota.com  Mon Aug 22 20:53:03 2022
From: theaetetos at tutanota.com (theaetetos at tutanota.com)
Date: Mon, 22 Aug 2022 20:53:03 +0200 (CEST)
Subject: How to generate non-bad cv25519 encryption key?
Message-ID: 

Hi there!

I am encountering a certain warning regarding my ed25519/cv25519
encryption key.? When I export the freshly generated encryption subkey
and then reimport it, I get the following:

>gpg: Schl?ssel 20628B8C51751C49: "some name "
>nicht ge?ndert
>gpg: warning: lower 3 bits of the secret key are not cleared
>gpg: Um 'secring.gpg' zu migrieren sollte f?r jede Smartcard "gpg
>--card-status" aufgerufen werden.
>gpg: Schl?ssel 20628B8C51751C49: geheimer Schl?ssel importiert

Excuse the German (I'm a learner). Conveniently, the warning is left
untranslated.

The key looks like this - the cv25519 [E] key being the culprit:

gpg2 --list-keys
> /home/patriv/.gnupg/pubring.kbx
> -----------------------------------------------------
> pub?? ed25519 2022-08-22 [C]
>?????? 52777B22E1A9F815C6112F1420628B8C51751C49
> uid??????? [ ultimativ ] some name 
> sub?? ed25519 2022-08-22 [S] [verf?llt: 2023-08-22]
> sub?? ed25519 2022-08-22 [A] [verf?llt: 2023-08-22]
> sub?? cv25519 2022-08-22 [E] [verf?llt: 2023-08-22]


I think this was discussed in GnuPG-bug-id:T5464 [1]. I don't know
what to do in order to generate a correct, unencumbered encryption
key.

[1] https://dev.gnupg.org/T5464


Some more info for the curious attached below,
~Patrizio


[Reproduction steps]

gpg2 --version
>gpg (GnuPG) 2.3.3
>libgcrypt 1.9.4

# Generate keys
gpg2 --expert --full-generate-key
>11, s, q, 1, 0, y, some name, some at email.domain, ENTER, , confirm
gpg2 --expert -edit-key some at email.domain
>addkey, 10, 1, 1y, y, y, 
>addkey, 11, s, a, q, 1, 1y, y, y, 
>addkey, 12, 1, 1y, y, y, 

# Back up keys
gpg2 --export --export-options backup --output pub.gpg some at email.domain
gpg2 --export-secret-keys --export-options backup --output sec.gpg some at email.domain
gpg2 --export-secret-subkeys --export-options backup --output sub.gpg some at email.domain
gpg2 --export-ownertrust > otrust.txt

# Delete keys (because I want to import only the subkeys)
gpg2 --delete-secret-and-public-keys some at email.domain

# Import only the subkeys
gpg2 --import --import-options restore sub.gpg




From kloecker at kde.org  Mon Aug 22 23:07:19 2022
From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=)
Date: Mon, 22 Aug 2022 23:07:19 +0200
Subject: How to generate non-bad cv25519 encryption key?
In-Reply-To: 
References: 
Message-ID: <5855868.lOV4Wx5bFT@daneel>

On Montag, 22. August 2022 20:53:03 CEST theaetetos--- via Gnupg-users wrote:
> I am encountering a certain warning regarding my ed25519/cv25519
> encryption key.  When I export the freshly generated encryption subkey
> and then reimport it, I get the following:
> >gpg: Schl?ssel 20628B8C51751C49: "some name "
> >nicht ge?ndert
> >gpg: warning: lower 3 bits of the secret key are not cleared
[...]
> gpg2 --version
> >
> >gpg (GnuPG) 2.3.3
> >libgcrypt 1.9.4

The solution is easy: Use gpg 2.3.7.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: 

From raja at rsdisk.com  Tue Aug 23 06:57:49 2022
From: raja at rsdisk.com (Raja Saha)
Date: Tue, 23 Aug 2022 10:27:49 +0530
Subject: How to use key for web server
In-Reply-To: <5855868.lOV4Wx5bFT@daneel>
References:  <5855868.lOV4Wx5bFT@daneel>
Message-ID: 

Hello,

How can I implement key-pair communication between apache and client? I
want the user to identify the key they want to use, by email id or
fingerprint. Then all further transactions will be excrypted using the
server-client key pair.?

The sequnce will be;

* User gives info to search key
* Apache uses that info to look up key on gpg key server
* Apache sends next page (eg. log-in) using key-pair encryption
* Client if they can decrypt and view further communication on web-
browser, continues session.

How can I do this on server-side, what browser extention do I need on
client-side?

Thanks for your help.

Sincerely,
Raja



From theaetetos at tutanota.com  Tue Aug 23 10:44:52 2022
From: theaetetos at tutanota.com (theaetetos at tutanota.com)
Date: Tue, 23 Aug 2022 10:44:52 +0200 (CEST)
Subject: How to generate non-bad cv25519 encryption key?
In-Reply-To: <5855868.lOV4Wx5bFT@daneel>
References:  <5855868.lOV4Wx5bFT@daneel>
Message-ID: 

Hi, Ingo.


Aug 22, 2022, 21:07 by kloecker at kde.org:

>> gpg2 --version
>> >
>> >gpg (GnuPG) 2.3.3
>> >libgcrypt 1.9.4
>>
>
> The solution is easy: Use gpg 2.3.7.
>

Are you sure this should suffice? I went back and rebuilt my libgcrypt and GnuPG to the latest stable versions and I still get this warning message whenever I import a generated cv25519 key into GnuPG.

$ gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.10.1

A sample from a minute ago - importing a freshly-generated ed25519/cv25519 into a cleaned .gnupg directory:

$ gpg --import sec_key.asc
gpg: Die "Keybox" `/home/patriv/.gnupg/pubring.kbx' wurde erstellt
gpg: /home/patriv/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schl?ssel 0xA329C3915147EE22: ?ffentlicher Schl?ssel "a at a.a" importiert
gpg: warning: lower 3 bits of the secret key are not cleared
gpg: Schl?ssel 0xA329C3915147EE22: geheimer Schl?ssel importiert
gpg: Anzahl insgesamt bearbeiteter Schl?ssel: 1
gpg:????????????????????????????? importiert: 1
gpg:????????????? gelesene geheime Schl?ssel: 1
gpg:??????????? geheime Schl?ssel importiert: 1


$ gpg --list-keys
/home/patriv/.gnupg/pubring.kbx
-----------------------------------------------------
pub?? ed25519/0xA329C3915147EE22 2022-08-23 [SC] [verf?llt: 2023-08-23]
? Schl.-Fingerabdruck = 7B3D 88CF 8496 94CF 76BF? F0D6 A329 C391 5147 EE22
uid??????????????? [ unbekannt ] a at a.a
sub?? cv25519/0xCD8D3BE3BC5604AA 2022-08-23 [E] [verf?llt: 2023-08-23]

Best regards,
~Patrizio



From kloecker at kde.org  Tue Aug 23 12:18:25 2022
From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=)
Date: Tue, 23 Aug 2022 12:18:25 +0200
Subject: How to generate non-bad cv25519 encryption key?
In-Reply-To: 
References:  <5855868.lOV4Wx5bFT@daneel>
 
Message-ID: <21583078.EfDdHjke4D@daneel>

On Dienstag, 23. August 2022 10:44:52 CEST theaetetos--- via Gnupg-users 
wrote:
> Aug 22, 2022, 21:07 by kloecker at kde.org:
> >> gpg2 --version
> >> 
> >> >gpg (GnuPG) 2.3.3
> >> >libgcrypt 1.9.4
> > 
> > The solution is easy: Use gpg 2.3.7.
> 
> Are you sure this should suffice?

Yes, I'm pretty sure. I followed your steps in a fresh GNUPGHOME and didn't 
see the warning message. I didn't protect the test keys with a passphrase 
though.

I'm using openSUSE Tumbleweed.

$ gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.9.4-unknown

Or have I accidentally used
$ gpg --version
gpg (GnuPG) 2.3.8-beta28
libgcrypt 1.11.0
NOTE: THIS IS A DEVELOPMENT VERSION!
?

I'm not sure. I intended to test with the distro versions.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: 

From theaetetos at tutanota.com  Tue Aug 23 15:06:22 2022
From: theaetetos at tutanota.com (theaetetos at tutanota.com)
Date: Tue, 23 Aug 2022 15:06:22 +0200 (CEST)
Subject: How to generate non-bad cv25519 encryption key?
In-Reply-To: <21583078.EfDdHjke4D@daneel>
References:  <5855868.lOV4Wx5bFT@daneel>
  <21583078.EfDdHjke4D@daneel>
Message-ID: 

Thank you for taking the time to test, Ingo.


Aug 23, 2022, 10:18 by kloecker at kde.org:

> Yes, I'm pretty sure. I followed your steps in a fresh GNUPGHOME and didn't 
> see the warning message. I didn't protect the test keys with a passphrase 
> though.
>
The use of passphrase may be responsible.
I tested it on Fedora 36 and FreeBSD 13.1.
Fedora uses GnuPG 2.3.7 and I built the git master branch on FreeBSD.

$ gpg --version
gpg (GnuPG) 2.3.8-unknown
libgcrypt 1.10.1

In both cases, I get the warning when importing a cv25519 key.
Likewise, when no passphrase is used, there is no warning message.

I haven't tried upgrading libgcrypt to something current; perhaps it could help.

Sincerely,
~Patrizio


From lee4hom at gmail.com  Sat Aug 27 17:17:55 2022
From: lee4hom at gmail.com (Tony Lee)
Date: Sat, 27 Aug 2022 16:17:55 +0100
Subject: Seeking Assurance on Security and Memory Leaks in SuSE GnuPG
Message-ID: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com>

I have recently been seeking assurances on protection of sensitive
data on my SuSE Leap 15.4 system, and protection of passwords.

Issues discussed concern gpg2 2.2.27-150300.3.5.1, and keepassxc
2.7.1-bp154.3.3.1; together with hypothetical queries on Youbikey as
libykpers-1-1 1.19.0-4.19.


Protection of Symmetric passwords (or passphrases) usually involves a
Key Distribution Function (KDF) which "mangles" the User password to
produce the "master key" which is actually used to encrypt sensitive
material. The KDF is deliberately designed to be slow (eg thousands to
millions of AES-256 rounds) and, more recently, also designed to
require substantial memory (eg Argon2). This is to slow brute-force
attack on passphrases (which may have limited entropy to permit
memorability), and (more recently) to limit the use of GPU and/or
ASIC-based brute-force attack.

The KeePass password safe
(https://keepass.info/help/base/security.html) helpfully describes its
security features, such as encryption of whole database, random-salted
adjustable KDF (multiple AES-256, or Argon2; together with timing of
KDF function --- eg 1 second). When running: sensitive data stored
encrypted in secure process memory, and over-writing such memory
before release. Internal viewer/edit available, which avoids putting
data onto disk. Anti-keylogger facilities --- although additional
hardware may be needed to protect against hardware-based keyloggers
located between keyboard and computer.

Uncertainty: Does a Yubikey make a KeePass pasword available through
secure process memory? Can anyone point me to a description?

Having discovered encrypted PDFs are essentially broken
(https://www.kaspersky.com/blog/36c3-pdf-encryption/33827/), I have
been looking more carefully at encrypted archive formats, both for
communication and storage (eg of PDF files), and both during User use
and for 'data at rest' --- which may be vulnerable to hacking.

As a long-time user of GnuPG, with hindsight I am now concerned at
having failed to find any description of GnuPG security aspects
similar to that above for KeePass. Perhaps these security requirements
are so obvious they do not need describing explicitly, but the cynic
in me would like to see something more concrete.

Worryingly, the Enigmail Handbook
(https://www.enigmail.net/documentation/Enigmail_Handbook_1.8_en.pdf
Section 8.2) merely notes `You should be aware ... that your encrypted
mails are as safe as allowed by the computer you use Enigmail on. ...
If your computer is infected with a key logger and a malware that
grants an intruder remote access on your files, all the cryptographic
robustness of OpenPGP and the strongest passphrase won't protect your
messages from being snooped or falsified'. This sounds like a 'Counsel
of Perfection' which is not particularly helpful.

Does anyone know of a clear description of security aspects in GnuPG,
comparable to that above for KeePass?

On 29 Nov 2021, Spectra Secure noted
(https://www.youtube.com/watch?v=j-qBChKG15Y , starting 2:00) that
although gpg has '--s2k' settings that are supposed to change the weak
default (cipher, digest hash, and digest-hash rounds-count) algorithms
from AES-128, SHA-1 and a low count --- for key export --- it will
ignore these setting without even giving a warning. A bug-report has
been in place since 2017, although this has never been fixed. However,
a subsequent comment (from skeeto on reddit) suggested that the
'export' gpg protection differed from that of the keyring, so you
cannot infer a problem with conventional use of the keyring.

OK, so I have been doing a little experimentation. Using the KeePass
KDF timing of AES-KDF, my 2011 12-thread processor i7-3930K CPU at 3.2
GHz (CPUMark 8,247) performs a KDF of 23,400,000 AES-KDF rounds in
1.0~s (and time was proportional to the number of rounds). This is a
highly serial process, so must be performed on a single thread. In
principle, this processor could achieve (say) 12 X 23,400,000 =
280,800,000 AES-256 rounds in 1~s while brute-forcing 12 potential
passwords. The 2021 i7-12700K (CPUMark 34,460: 4.2-fold faster),
costing less than GBP 400, could in principle achieve one billion (one
thousand million) AES-256 rounds per second --- and faster speeds
would be available from multiple processors, GPUs, or ASIC-based
devices.

We now time the encryption of a 28 Byte or 565 kByte plaintext file,
with various 'count' values via:

time gpg2 -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA256   \
--s2k-count 2097152 cleartext_file

with a short 11-character password. In practice, although we are
timing an encryption, for high 'count' values the KDF process will
dominate timing, and the known password details will be irrelevant. We
present only User time, as System time is negligible:

Some results are:
For 28 Byte cleartext:

Count			User Time (s)
    1024		0.237
  131072		0.005
 2097152		0.013
65011712		0.320

For 565 kByte cleartext:

Count			User Time (s)
    1024		0.245
  131072		0.020
 2097152		0.033
65011712		0.341

We see the cleartext length is not greatly significant, especially at
higher count values, but the User Time is nowhere near linear with
count --- which one would expect. For a count of 65,011,712 rounds,
the Time is around 0.33 seconds. On the same machine, 23,400,000
AES-KDF rounds were completed in 1.0~s (with a linear relationship),
implying that at the s2k maximum count of 65,011,712, the gpg code is
a factor of (65,011,712 / 0.33) / (23,400,000 / 1.0) = 8.4 times
faster than the KeePass code, with much smaller factors for lower
count values. This all sounds highly inconsistent and suspicious ---
and the lengthy timing for a count of 1024 is completely unexplained.

It is difficult to avoid the suspicion that the s2k parameters are not
doing what is stated in the info gpg. In particular, it is unclear
whether the gpg KDF is protecting the master key as expected.

This sounds like a bug. Can anyone explain what is happening?

If a Yubikey is used to store the User passphrase for gpg, is it
passed to the gpg code via secured memory which is overwritten before
close-down?

I am hoping someone will be able to help me on these points.


Tony


From skaainet at skynet.be  Sat Aug 27 21:00:35 2022
From: skaainet at skynet.be (kho)
Date: Sat, 27 Aug 2022 21:00:35 +0200
Subject: Seeking Assurance on Security and Memory Leaks in SuSE GnuPG
In-Reply-To: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com>
References: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com>
Message-ID: <21f0ca11-6f0e-0a0d-4395-03fafcf92e6c@skynet.be>

Very interesting question indeed, Tony!

On 8/27/22 15:17, Tony Lee via Gnupg-users wrote:
> I have recently been seeking assurances on protection of sensitive
> data on my SuSE Leap 15.4 system, and protection of passwords.
>
> Issues discussed concern gpg2 2.2.27-150300.3.5.1, and keepassxc
> 2.7.1-bp154.3.3.1; together with hypothetical queries on Youbikey as
> libykpers-1-1 1.19.0-4.19.
>
>
> Protection of Symmetric passwords (or passphrases) usually involves a
> Key Distribution Function (KDF) which "mangles" the User password to
> produce the "master key" which is actually used to encrypt sensitive
> material. The KDF is deliberately designed to be slow (eg thousands to
> millions of AES-256 rounds) and, more recently, also designed to
> require substantial memory (eg Argon2). This is to slow brute-force
> attack on passphrases (which may have limited entropy to permit
> memorability), and (more recently) to limit the use of GPU and/or
> ASIC-based brute-force attack.
>
> The KeePass password safe
> (https://keepass.info/help/base/security.html) helpfully describes its
> security features, such as encryption of whole database, random-salted
> adjustable KDF (multiple AES-256, or Argon2; together with timing of
> KDF function --- eg 1 second). When running: sensitive data stored
> encrypted in secure process memory, and over-writing such memory
> before release. Internal viewer/edit available, which avoids putting
> data onto disk. Anti-keylogger facilities --- although additional
> hardware may be needed to protect against hardware-based keyloggers
> located between keyboard and computer.
>
> Uncertainty: Does a Yubikey make a KeePass pasword available through
> secure process memory? Can anyone point me to a description?
>
> Having discovered encrypted PDFs are essentially broken
> (https://www.kaspersky.com/blog/36c3-pdf-encryption/33827/), I have
> been looking more carefully at encrypted archive formats, both for
> communication and storage (eg of PDF files), and both during User use
> and for 'data at rest' --- which may be vulnerable to hacking.
>
> As a long-time user of GnuPG, with hindsight I am now concerned at
> having failed to find any description of GnuPG security aspects
> similar to that above for KeePass. Perhaps these security requirements
> are so obvious they do not need describing explicitly, but the cynic
> in me would like to see something more concrete.
>
> Worryingly, the Enigmail Handbook
> (https://www.enigmail.net/documentation/Enigmail_Handbook_1.8_en.pdf
> Section 8.2) merely notes `You should be aware ... that your encrypted
> mails are as safe as allowed by the computer you use Enigmail on. ...
> If your computer is infected with a key logger and a malware that
> grants an intruder remote access on your files, all the cryptographic
> robustness of OpenPGP and the strongest passphrase won't protect your
> messages from being snooped or falsified'. This sounds like a 'Counsel
> of Perfection' which is not particularly helpful.
>
> Does anyone know of a clear description of security aspects in GnuPG,
> comparable to that above for KeePass?
>
> On 29 Nov 2021, Spectra Secure noted
> (https://www.youtube.com/watch?v=j-qBChKG15Y , starting 2:00) that
> although gpg has '--s2k' settings that are supposed to change the weak
> default (cipher, digest hash, and digest-hash rounds-count) algorithms
> from AES-128, SHA-1 and a low count --- for key export --- it will
> ignore these setting without even giving a warning. A bug-report has
> been in place since 2017, although this has never been fixed. However,
> a subsequent comment (from skeeto on reddit) suggested that the
> 'export' gpg protection differed from that of the keyring, so you
> cannot infer a problem with conventional use of the keyring.
>
> OK, so I have been doing a little experimentation. Using the KeePass
> KDF timing of AES-KDF, my 2011 12-thread processor i7-3930K CPU at 3.2
> GHz (CPUMark 8,247) performs a KDF of 23,400,000 AES-KDF rounds in
> 1.0~s (and time was proportional to the number of rounds). This is a
> highly serial process, so must be performed on a single thread. In
> principle, this processor could achieve (say) 12 X 23,400,000 =
> 280,800,000 AES-256 rounds in 1~s while brute-forcing 12 potential
> passwords. The 2021 i7-12700K (CPUMark 34,460: 4.2-fold faster),
> costing less than GBP 400, could in principle achieve one billion (one
> thousand million) AES-256 rounds per second --- and faster speeds
> would be available from multiple processors, GPUs, or ASIC-based
> devices.
>
> We now time the encryption of a 28 Byte or 565 kByte plaintext file,
> with various 'count' values via:
>
> time gpg2 -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA256   \
> --s2k-count 2097152 cleartext_file
>
> with a short 11-character password. In practice, although we are
> timing an encryption, for high 'count' values the KDF process will
> dominate timing, and the known password details will be irrelevant. We
> present only User time, as System time is negligible:
>
> Some results are:
> For 28 Byte cleartext:
>
> Count			User Time (s)
>     1024		0.237
>   131072		0.005
>  2097152		0.013
> 65011712		0.320
>
> For 565 kByte cleartext:
>
> Count			User Time (s)
>     1024		0.245
>   131072		0.020
>  2097152		0.033
> 65011712		0.341
>
> We see the cleartext length is not greatly significant, especially at
> higher count values, but the User Time is nowhere near linear with
> count --- which one would expect. For a count of 65,011,712 rounds,
> the Time is around 0.33 seconds. On the same machine, 23,400,000
> AES-KDF rounds were completed in 1.0~s (with a linear relationship),
> implying that at the s2k maximum count of 65,011,712, the gpg code is
> a factor of (65,011,712 / 0.33) / (23,400,000 / 1.0) = 8.4 times
> faster than the KeePass code, with much smaller factors for lower
> count values. This all sounds highly inconsistent and suspicious ---
> and the lengthy timing for a count of 1024 is completely unexplained.
>
> It is difficult to avoid the suspicion that the s2k parameters are not
> doing what is stated in the info gpg. In particular, it is unclear
> whether the gpg KDF is protecting the master key as expected.
>
> This sounds like a bug. Can anyone explain what is happening?
>
> If a Yubikey is used to store the User passphrase for gpg, is it
> passed to the gpg code via secured memory which is overwritten before
> close-down?
>
> I am hoping someone will be able to help me on these points.
>
>
> Tony
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


From wk at gnupg.org  Mon Aug 29 15:17:51 2022
From: wk at gnupg.org (Werner Koch)
Date: Mon, 29 Aug 2022 15:17:51 +0200
Subject: Seeking Assurance on Security and Memory Leaks in SuSE GnuPG
In-Reply-To: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com> (Tony Lee via
 Gnupg-users's message of "Sat, 27 Aug 2022 16:17:55 +0100")
References: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com>
Message-ID: <871qszfatc.fsf@wheatstone.g10code.de>

On Sat, 27 Aug 2022 16:17, Tony Lee said:

> Count			User Time (s)
>     1024		0.237

For backward compatibility reasons with 1.4 the default count value is
used in this case.  The default value is computed by gpg-agent and
depends on your machine (cf. gpg-agent's --s2k-calibration option). See
the first condition in the function below:

  /* Pack an s2k iteration count into the form specified in RFC-4880.
   * If we're in between valid values, round up.  */
  unsigned char
  encode_s2k_iterations (int iterations)
  {
    unsigned char c=0;
    unsigned char result;
    unsigned int count;

    if (iterations <= 1024)
      return 0;  /* Command line arg compatibility.  */

    if (iterations >= 65011712)
      return 255;

    /* Need count to be in the range 16-31 */
    for (count=iterations>>6; count>=32; count>>=1)
      c++;

    result = (c<<4)|(count-16);

    if (S2K_DECODE_COUNT(result) < iterations)
      result++;

    return result;
  }

This mapped value is required by the RFC-4880.  When passing an RFC-4800
encoded value to our KDF function, we decode it first.

> We see the cleartext length is not greatly significant, especially at
> higher count values, but the User Time is nowhere near linear with
> count --- which one would expect. For a count of 65,011,712 rounds,
> the Time is around 0.33 seconds. On the same machine, 23,400,000
> AES-KDF rounds were completed in 1.0~s (with a linear relationship),

You can't compare some AES-KDF to the SHA1 based KDF of OpenPGP.  The
increase in speed you see is due to caching effects on modern CPUs and
the highly optimized SHA1 code in Libgcrypt.  Something a cracker would
have also.

The default of GnuPG is to let the system take about 100ms for the S2K
to make brute forcing the password of the private key harder.  Using any
non-full entropy password for symmetric encryption is a Bad Idea.  With
a full entropy password the S2K iterations don't matter at all.

So either use a a full-entropy password or use public key encryption.

If an attacker got access to your private key (encrypted or
non-encrypted) your are anyway in tilt mode.

> If a Yubikey is used to store the User passphrase for gpg, is it

A Yubikey or any other smartcard does not store the password but stores
the private key and only allows operations with that private after
having unlocked the token.  For this you use a PIN where the hardware of
the token allows only 3 to 10 false trees - thus a small number is
sufficient to avoid brute forcing.



Shalom-Salam,

   Werner

--
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: 

From lee4hom at gmail.com  Tue Aug 30 18:41:19 2022
From: lee4hom at gmail.com (Tony Lee)
Date: Tue, 30 Aug 2022 17:41:19 +0100
Subject: Seeking Assurance on Security and Memory Leaks in SuSE GnuPG
In-Reply-To: <871qszfatc.fsf@wheatstone.g10code.de>
References: <71ff44eb-6527-c791-6274-2d69772905cb@gmail.com>
 <871qszfatc.fsf@wheatstone.g10code.de>
Message-ID: 

First: I am impressed, and honoured, to have had a fast response from
Werner.

I vaguely understand your explanation that the 1024 "Count" value was
interpreted for backward compatibility with 1.4. However, according to
the info gpg, I had followed their instructions in asking for some
specific algorithms and Count values, as:

time gpg2 -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA256   \
--s2k-count Count_Value cleartext_file

... where info gpg notes for --s2k-count n : Specify how many times
the passphrases mangling for symmetric encryption is repeated. This
value may range between 1024 and 65011712 inclusive.

... which seems to imply very clearly that I wished to use AES256
together with SHA256, and that I had specified permissible Count
values. Furthermore, this was symmetric encryption (my recipients were
not keen on installing gpg properly!!), with (several) defined
Count_Values --- for my test purposes. Incidentally, the code complained
about names AES-256 and SHA-256, but not about the names used above.

Thus, I do not really understand why my instruction was ignored to
give "1.4 compatibility".




I am still rather in the dark concerning your code as my C does not
exist: I am more the Algol, Fortran, Pascal, and IDL type (I said I
was a long-time, if occasional, User of GnuPG). I hoped I was using
Count values of 1024, 131072, 2097152, 65011712 --- all of which are
legitimate, although I understand that some may be rounded up. If
you need to change the detailed format, what Count values do these
actually produce?

> You can't compare some AES-KDF to the SHA1 based KDF of OpenPGP.  The
> increase in speed you see is due to caching effects on modern CPUs and
> the highly optimized SHA1 code in Libgcrypt.  Something a cracker
> would have also.

OK, this is another surprise to me. I had imagined the KDF would be
based on an iterated AES cipher, rather than an iterated hash
function, and that if a hash function were used it would be the
requested SHA-256. Hash functions may be more typically used to test
the result of KDF processing, rather than forming the KDF itself. As
you know, both AES-128 and SHA-1 are generally deprecated functions.

In any case, I understand that the AES and SHA families are compact
serial functions that can (I assume) be evaluated within a modern CPU
chip using a single thread. I have been assuming that the "Counts"
relate to iterations within the KDF (as AES-128 and AES-256 have
standard "rounds" counts of 10 and 14), which seems to imply the KDF
processing effort (and thus timing) should be linearly related to the
number of Counts.

Perhaps it is, although my uncertainty of effective "Counts" makes
this unclear. For the maximum 65011712 Count, the difference between
28 Bytes and 565 kBytes was 0.02 s, which may relate to the decryption
process. At 2097152 Count, subtraction of 0.02 from the 565kByte
result produces the 28 Byte result; and for this "decryption
subtracted" result, the 31-fold increase from 2097152 to 65011712
Counts produces a 0.320/0.013 = 24.6-fold time increase --- which may
well be equality within the crudeness of this experiment. Trying to
compare smaller (and unknown effective) Counts may well give results
too crude for credibility.


> The default of GnuPG is to let the system take about 100ms for the S2K
> to make brute forcing the password of the private key harder.  Using any
> non-full entropy password for symmetric encryption is a Bad Idea.  With
> a full entropy password the S2K iterations don't matter at all.
>
> So either use a a full-entropy password or use public key encryption.

OK, my plan was to produce a KDF delay of 100--500ms or so, so in
practice we are in the same ball-park.

By "full entropy" I assume you mean an assessed entropy of 80--120
bits. Although in principle I agree, in practice it is very difficult
to produce such randomness: for example, a lengthy English phrase has
certain regularities that reduce entropy, and this is the basis of
modified brute-force techniques. Remember, we are talking symmetric
encryption here; if this is used for communication, we need to
communicate the passphrase by different means, eg by telephone. My
experience is that it is all too easy to mis-communicate high-entropy
passphrases, with subsequent hassle. I agree public-key encryption is
much better for communication, but I have difficulty persuading others
to install gpg properly! The use of a high-delay KDF reduces the
practical number of brute-force attempts, mitigating the need for
high-entropy passphrases to a small extent. Using a modern KDF such as
Argon2 (memory-hard as well as time-hard) would also mitigate the use
of specialised hardware brute-forcing.

Of course, all the above is detail concerning "data on the move". In
practice, I am also concerned about "data at rest", where a hacker may
be able to access my system --- either while I am using passphrases,
or where they are stored. Symmetric encryption is typically used
to encrypt local files, where it is much more practical to use complex
passphrases as they need to be stored but not communicated. However, I
have no oversight of what has been done within gpg to protect
passphrases locally.

In my earlier comment, I noted that KeePass gave a usefully
encouraging oversight of how areas of memory were secured from other
applications while KeePass is in use, giving a degree of protection
from malware etc. It may well be that such techniques are so
blindingly obviously necessary that there is little point in
explicitly describing them. My own perception is that a similar
oversight on gpg would provide much-needed reassurance to someone like
myself who is in no position to evaluate such information from the
open-source code --- I must leave it to others to support/criticize
any reported oversight. Thus, I reiterate my earlier query: Does such
security oversight exist for gpg, and where do I find it? If not, can
it please be produced. It may well be that the descriptions for
KeePass may well provide a template for gpg, provided it is modified
to reflect truth.

As an additional point, during processes where security-critical
keys/passphrases as passed from (say) KeyPass or Yubikey to gpg, or
gpg decrypts secured information to make it visible, what steps are
taken to secure these critical items against malevolent software, or
unwanted storage on disk which may be vulnerable to subsequent attack?

As I explained, any "Counsel of Perfection" on avoidance of malware is
ultimately somewhat unhelpful. I would hope the gpg software would
provide at least some assistance in this area.


Hoping you can help me here.

 Tony