Collaborate Disseminate
I am currently trying to implement my own cryptographic IBE scheme within GPG. I understand that rolling one’s own crypto is frowned upon, yet, this is for research purposes only. Is there an easy method of implementation within GPG to add… Continue reading Changing encryption scheme utilized in GNU Privacy Guard (GPG)
Assuming I want to use different mail addresses for different purposes and using either a catch-all configuration (*@example.com) or mail extensions (e.g. me+*@example.com) (where * can be replaced with anything). But for simplicity and be… Continue reading Best practices for GPG user ids and mail extensions / catch-all addresses
For testing purposes, I need a PGP key for a specific uid that has already expired.
Using gpg –full-generate-key only gives me the following options:
Please specify how long the key should be valid.
0 = key does not expire
… Continue reading How to generate an expired key with gpg?
My threat model is that, the adversary has physical access to the machine and root access.
I don’t care about any data on the system other than a couple python scripts that contain sensitive information.
I will be protecting these text fil… Continue reading can these encryption methods for a text file protect against physical access to machine by adversary?
My public key had expired so I tried to edit the expiry date with
gpg –edit-key
It seemed to be too much trouble somehow to modify the correct subkey so I deleted the subkey instead with the intention to add a new one and send it to peop… Continue reading deleted a subkey and can now no longer decrypt
Since, I am new to gpg I wanted to generate a key pair. So I typed gpg –full-gen-key and inputted the following:
root@kali-linux:~# gpg –full-gen-key
gpg (GnuPG) 2.2.35; Copyright (C) 2022 g10 Code GmbH
This is free software: you are fre… Continue reading How to fix import private key in GPG?
Scenario A: Suppose I have an .exe file, the provider offers a sha1 txt file with hash value and this txt file is gpg signed. So I check if the hash value matches the exe file and then download the key either from the keyserver or directly… Continue reading Is it normal, that some companies just sign the txt file which contains the sha value of the program?
When one desires to share their public key openly, besides sharing just the key itself:
How does one verify that the key belongs to who it claims to be owned by?
What is the use case of the key’s fingerprint?
Is there a benefit to create … Continue reading Best practices for verifying authenticity of public key
I know about the trust web in PGP. When you sign a key, everybody that trusts you will trust the person with that key. But what is the point of self-signing a key when anybody else can do that with his own key-pair?
Continue reading Why a public key must be signed with its private pair in PGP
I use gnuPG on a linux machine. A while back I received a pgp key that sender didn’t apply a UID to. While performing a test restore of the keychain I found it errored out at this key.
It doesn’t appear that I can delete this key. Is there… Continue reading Is it posible to remove a public pgp key without a UID (gnuPG)