Collaborate Disseminate
Academia has had some high profile cases of forged identity; for instance, in the last decade the publisher Springer has had to retract 62 papers for this reason alone.
Usually these aren’t high-effort attacks, just email address spoofing,… Continue reading How best to cryptographically sign scientific papers? [closed]
I created a test key to share with someone for the purpose of debugging a client issue. However, I did not transmit that key to a key server, and it still uses my email. The key server locally that my email client (kmail or evolution) shou… Continue reading Can GnuPg flag as invalid if it receives a key for a uid (the email) where the email is found on a keyserver, but not with that key?
When using gpg –symmetric to encrypt a file/message with a passphrase, is there any cryptographic integrity check to prevent an attacker from modifying the ciphertext? E.g. does gpg (or any other common implementation of OpenPGP) include,… Continue reading Does gpg (or openpgp in general) authenticate symmetrically-encrypted data?
TL;DR: I’m assuming that if GnuPG made it a default then it should be what we use, but it used "bad" defaults in the past so I’m wondering if there are any tradeoffs to this? More specifically: is ECC 25519 sufficiently adopted … Continue reading GnuPG now uses ECC 25519 as default on new key generation – any compatibility issues to worry about?
I set up Thunderbird to use PGP a while ago, so I can sign and decrypt messages now. But I have forgotten my private passphrase for my private key, but since Thunderbird can do it anyway, it has it stored somewhere. How can I get it?
I a… Continue reading How to get PGP key passphrase out of Thunderbird?
Let’s assume that I saved two OpenPGP keys(key1 and key2) on the email mail@mail.com.
What would happen if I try to encrypt a message with the following command:
gpg –encrypt –recipient mail@mail.com
Options:
Message will be encrypted … Continue reading OpenPGP: What happens if I have two keys on the same email and try to encrypt a message with that recipient?
Say I have a file encrypted with GnuPG, in isolation (i.e., I don’t have the relevant keys). Can one then establish the recipients of the encryption? That is:
Name/E-Mail/Comment
Key ID
Or is this information only discernible if you have… Continue reading What metadata is exposed by OpenPGP?
I want to build an email client with default OpenPGP. There is something like "autocrypt" but I think an automated PGP server communication would be better. Why is it that there is no easy app or mail client with an automated Ope… Continue reading Is an automatically use of OpenPGP in an email client a good idea? [closed]
I was curious about setting SHA-3 as the preferred hashing algorithm for GPG but that looks like it is not yet supported and the documentation states this:
SHA-3: SHA-3 is a completely new hash algorithm that makes a clean
break with the … Continue reading Any reason why SHA-3 isn’t yet present in GnuPG?
I’m trying to debug a smartcard with the OpenPGP applet using gpg and scdaemon. In order to enable debugging for scdaemon, I created
~/.gnupg/gpgagent.conf:
disable-scdaemon
and ran:
/usr/lib/gnupg/scdaemon –daemon –debug-level advanced… Continue reading Instruct gpg-agent to use specific scdaemon – Starting scdaemon with debugging enabled