Collaborate Disseminate
Alice updates her OpenPGP key yearly. Bob updates his copy using: gpg2 –refresh-keys
Mallory ensures that Bob uses her keyserver, which offers her own key, which
is sharing the 32-bit “short” Key ID with Alice
is sharing … Continue reading Is gnupg2 –refresh-keys susceptible to any attacks based on fingerprint collisions?
I am writing a decentralized application that lets certain privileged users post messages to other users. These messages should be encrypted so that only the two of them can read it. Messages are posted onto IPFS, so that any… Continue reading Is forward secrecy useful for an application where keeping message history is an integral part?
I am trying to decrypt pgp encrypted files. I had both public and private keys and I created two files like pub.key and sec.key and imported them using
gpg –import pub.key
gpg –import sec.key
and I am trying to decrypt … Continue reading PGP file Decryption with gpg command
I realize (using –clearsign) that GnuPG is using SHA256 as the hashing algorithm for signing, but I would like to be able to see the actual SHA256 hash in the signature somewhere. Is there a way with -vv or –list-packets or perhaps with… Continue reading How to display the SHA256 hash while signing or in signature
As far as I can tell:
It is possible to generate a private keyring (i.e. signing private key, plus associated encryption private key and authentication private key) entirely on an OpenPGP Smartcard (i.e. without ever export… Continue reading OpenPGP SmartCard: generate revocation certificate on-card?
Bob is sending message X to Alice. He encrypts X with Alice’s public key using gpg and sends her encrypted message (ciphertext).
Later Alice claims that Bob made a mistake and the ciphertext was not created with her public key.
We know that the “short” 32 bit OpenPGP key IDs can be easily brute-forced and the recommendation is to use the “long” 64 bit IDs or full 160 bit SHA1 fingerprint. However I am concerned that the “long” key IDs may also be b… Continue reading Are there any known collisions of a "long" (64 bit) OpenPGP key ID?
I was looking to encrypt some text files (containing sensitive data) so I could safely keep them online (e.g. Google drive).
I have found three options:
7-zip, which does AES-256
Encryptpad, which use OpenPGP symmetric enc… Continue reading Help me understand Encryptpad and 7-zip for encryption
Let’s say we have the following:
Bob needs to send data securely to Alice.
Only Bob and Alice are allowed to read/see that data.
Alice is not able/allowed to create keys.
Alice can use any number or type of keys to decrypt data.
Bob can… Continue reading Delivering data securely when the data source is the key maker
I would like to share documents within groups and make sure that the member of each group can only access the documents shared in his/her group. I also want to make sure that non of the parties can cheat in the process of cre… Continue reading How to prevent participants from cheating when establishing an OpenPGP-like structure