Collaborate Disseminate
Last week the schedule for our weekly security column collided with the Independence Day holiday. The upside is that we get a two-for-one deal this week, as we’re covering two weeks worth of news, and there is a lot to cover!
[Petko Petrov], a security researcher in Bulgaria, was arrested …read more
I would like to understand the difference between:
OpenPGP symmetric encryption
and
AES-256 using Winzip/7-zip?
I mean if you encrypt a file with an OpenPGP program like GnuPG, using AES-256 symmetric encryption. And do t… Continue reading Difference between OpenPGP symmetric encryption and AES-256?
gpg version: 2.2.16 (as part of Gpg4win 3.1.9).
Is this supposed to happen: Every export of my private key partially differs from every other export as follows: 2 middle chunks of the main block, and the last 4 characters be… Continue reading gpg: Every private key export (of the same key-pair) is different
Two researchers are being singled out in what are called PGP poisoning or flood attacks that render the authentication tool unusable for victims. Continue reading PGP Ecosystem Targeted in ‘Poisoning’ Attacks
Somebody out there has taken a big dislike to Robert J. Hansen (‘rjh’) and Daniel Kahn Gillmor (‘dkg’), two well-regarded experts in the specialised world of OpenPGP email encryption. Continue reading OpenPGP experts targeted by long-feared ‘poisoning’ attack
I am new to OpenPGP and SmartCards but I cannot find how to do a fairly straight-forward task.
I am trying to sign a file with a private key stored on a YubiKey device.
Here is my session:
$ gpg –card-status
Reader ………..: Yub… Continue reading Creating pointers to keys on SmartCard
A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.
The affected e… Continue reading Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
I know PIV and OpenPGP are separate standards and independent applications in the YubiKey, but for newcomers like me they look very similar with their signing, encryption and authentication keys, use cases, etc.
After settin… Continue reading Should I use the same OpenPGP keys in certificates used to provision the YubiKey PIV slots?
I tried to use gpg –delete-secret-keys to delete some revoked subkeys but ended up accidentally deleting my primary key instead.
I was able to reproduce my mistake with the following commands:
$ gpg –batch –passphrase ” –quick-gener… Continue reading How do I delete secret subkeys correctly?
When under an unprivileged user:
$ gpg –card-status
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device
With sudo or under a root user:
$ sudo gpg –card-status
Reader …………. Continue reading GnuPG can see a card under root user, but not under normal user