!GpMMBTUuJduUZAAKXM:matrix.org

OpenPGP/GPG

238 Members
OpenPGP/GnuPG related questions, discussions and  projects | Sharing your public keys | Key Signing (at own risk) | NO NSFW OR OTHER QUESTIONABLE STUFF 58 Servers

Load older messages


SenderMessageTime
23 Oct 2022
@acid-bong:matrix.orgAcid Bong(unless it stores SSH, in which case potential thieves can check your sourcehut/github/gitlab username, but that's overthinking)11:49:56
@finlaydag33k:finlaydag33k.nlAroop RoelofsI use a yubikey (with GPG) for SSH. All I need to do is plugin my Yubikey, open Kleopatra (to start the agent - if I didn't do so yet), type in my pin once and tap it every time I need to re-log or something (like Wiktor has basically). One upside it has for me personally (some may care more about this than others), is that I only really need to care about 1 key. If I have that key with me, I can login on every server I have (portability). Previously (back when I still used software keys like a dummkopf), I ran into scenarios quite often where I forgot to add my key to that one specific server I needed to login to... Also makes it easier to revoke that key from all machines (instead of having to go through a list of keys and revoke just the right one).16:28:06
@finlaydag33k:finlaydag33k.nlAroop Roelofs * I use a yubikey (with GPG) for SSH. All I need to do is plugin my Yubikey, open Kleopatra (to start the agent - if I didn't do so yet), type in my pin once and tap it every time I need to re-log or something (like Wiktor has basically). One upside it has for me personally (some may care more about this than others), is that I only really need to care about 1 key. If I have that key with me, I can login on every server I have (portability). Previously (back when I still used software keys like a dummkopf), I ran into scenarios quite often where I forgot to add my key to that one specific server I needed to login to... Also makes it easier to revoke that key from all machines (instead of having to go through a list of keys and revoke just the right one).16:28:58
@acid-bong:matrix.orgAcid Bongis gpg keygrip a part of the public key? if so, can I track it together with my dotfiles with git?20:24:14
@acid-bong:matrix.orgAcid Bong(it's used at least in sshcontrol file)20:25:46
@wiktor:stratum0.orgWiktorKey grip is calculated from the public key. This is similar to fingerprint but the fingerprint also uses timestamp and is part of the OpenPGP spec while key grip is just a proprietary gnupg thing. 20:58:37
24 Oct 2022
@acid-bong:matrix.orgAcid Bong (probably a GPG-specific thing) what's the difference between exporting GPG_TTY=$(tty) and gpg-connect-agent updatestartuptty /bye? they seem to do the same thing - setting current terminal for pinentry (and therefore belong to .*shrc) 06:13:31
@kaie:mozilla.orgKai (:kaie) joined the room.20:25:43
28 Oct 2022
@golanv:tchncs.de@golanv:tchncs.de joined the room.16:04:07
@golanv:tchncs.de@golanv:tchncs.deI'm using a Yubikey and have two UIDs. I also use subkeys for signing, encryption, and auth. When I attempt to sign emails with the "non-default" UID, clients are unable to verify the signature. Signature verification works fine when using the "default" UID. This isn't an issue when using local keys not on a Yubikey. Any idea if there is a fix for this? Or if it's a common issue?16:10:28
@wiktor:stratum0.orgWiktorAre you sure you fony have two completely different keys with the same non default UID? Check with gpg -K16:54:57
@wiktor:stratum0.orgWiktorOr gpg -K non-default@email.com16:55:16
@wiktor:stratum0.orgWiktorAlso what does it mean they are unable to verify signature? Please share the exact error message. 16:56:05
@golanv:tchncs.de@golanv:tchncs.de Yeah....gpg -K non-default@email.com does show the correct key. Kmail says the "Message was signed with an unknown key 0xFA6F...." (which refers to the correct key. Thunderbird says it's an "Invalid Digital Signature". 17:36:48
@golanv:tchncs.de@golanv:tchncs.deI'm not sure if this is a Yubikey issue....I could re-do the Yubikey bits and see if that corrects it.17:37:08
@heiko:mtrx.hkos.cloudheikoOpenPGP cards like the yubikey don't contain the user ids at all17:54:58
@heiko:mtrx.hkos.cloudheikoThat mapping is done by your pgp software, outside the yubikey17:55:20
@wiktor:stratum0.orgWiktorMaybe you need to re-import your key into Thunderbird?18:30:30
30 Oct 2022
@remusmaeror:matrix.org@remusmaeror:matrix.org left the room.12:00:41
@golanv:tchncs.de@golanv:tchncs.deI sort of figured this out. In Kmail, changing the preferred format from "OpenPGP/MIME" to "Inline OpenPGP (depricated)" for that secondary email address seems to resolve the issue. It looks like it's an Office365 problem. Sending signed emails from secondary email accounts that aren't hosted on Office365 presents no issue. I'm not sure how to adjust other clients to make that work. Anyway, thanks to all for your help!22:00:59
7 Nov 2022
@sss:matrix.dark-alexandr.net@sss:matrix.dark-alexandr.net left the room.21:28:50
30 Oct 2022
@golanv:tchncs.de@golanv:tchncs.de * I sort of figured this out. In Kmail, changing the preferred format from "OpenPGP/MIME" to "Inline OpenPGP (deprecated)" for that secondary email address seems to resolve the issue. It looks like it's an Office365 problem. Sending signed emails from secondary email accounts that aren't hosted on Office365 presents no issue. I'm not sure how to adjust other clients to make that work. Anyway, thanks to all for your help!22:03:32
2 Nov 2022
@rachaelava1024:matrix.orgRachaelAva1024 💁🏻‍♀️ joined the room.05:26:40
9 Nov 2022
@lazee486:matrix.orglazee486 set a profile picture.04:47:55
12 Nov 2022
@deadsoul:fedora.imDeaDSouL joined the room.10:49:23
@dead_soul:matrix.orgDeaDSouL joined the room.22:05:30
13 Nov 2022
@yellowbill-loon:matrix.orgyellowbill-loon joined the room.04:50:28
@cccttt:matrix.orgcyclick joined the room.19:14:35
@cccttt:matrix.orgcyclickAre there any quantum-resistant algo available on GPG?19:15:17
@finlaydag33k:finlaydag33k.nlAroop Roelofs
In reply to @cccttt:matrix.org
Are there any quantum-resistant algo available on GPG?

The only post-quantum ciphers I'm aware off are XSalsa20 and XChacha20, which, after accounting for Grover's algorithm, gives of a post-quantum security of about 128-bits, which is considered plenty for now.
However, the OpenPGP spec (and as such, GPG) doesn't support this algorithm (and probably won't for a while).

So no, no post-quantum security for now.

20:20:29

Show newer messages


Back to Room List