2021年2月1日 · The steps depend on your specific environment, but checking (or creating) the pinentry-program option in ~/.gnupg/gpg-agent.conf is a good place to start. In my case (on OS X with Homebrew-installed gpg and pinentry-mac ) I had …

Is it possible to make OpenSSL and GnuPG (for key generation for instance) use the output of that TRNG as source of randomness? Even better: make these tools making a "mix" of their original randomness source (/dev/random I suppose) and the TRNG source? I can't fully trust this TRNG (especially because the drivers for it aren't open-sourced).

2020年4月14日 · GnuPG is an ancient design that wasn't designed from the ground up to do authenticated encryption properly. This is, for example, one of the causes of the Efail vulnerabilities . GnuPG will output the whole plaintext for forged messages to stdout before checking its message digest code.

2015年6月1日 · But be aware, that GnuPG will automatically add 3DES, SHA1, uncompressed and those are the minimum set of algorithms all implementations must or should support. If you don't choose any compression algorithm, also ZIP will be added to the list.

2015年4月18日 · TL;DR: For GnuPG 1.0 and 2.0, default is Cast5, for GnuPG 2.1 it is AES-128. Recipient's Preferences. Per default, GnuPG will read the recipient's algorithm preferences and take the first algorithm in that list it supports (in other words, it takes the most-preferred supported algorithm the recipient asks for).

GnuPG version 2.1 uses AES (128 bit key) as the default, so if you have that version you don't need to tweak the default at all. Older versions default to CAST5, but if they support AES it is worthwhile to override that default. (Neglecting to do so shouldn't be a cause for alarm, however.)

2018年3月15日 · I've recently bought two Yubikeys Neo which I'd like to use primarily for encryption and authentification by using the smartcard feature with GnuPG. I've read a few how-to on the subject (most notably here and here ) and I've managed to generate and export to the Yubikey a keyring with the 3 subkeys for signing, encrypting and authenticating.

2024年4月30日 · The GnuPG Manual states that: This [sshcontrol] file is deprecated in favor of the "Use-for-ssh" attribute in the key files. What is now the correct way to configure gpg / gpg-agent to ...

2013年10月9日 · OpenPGP (the format that GnuPG implements) primarily supports RSA, ElGamal and DSA; ElGamal is encrypt-only, while DSA is sign-only. RSA can do both; however, there was a time when RSA was still patented, and since that time some PGP implementations have taken the habit of defaulting to ElGamal+DSA, hence necessarily two key pairs.

Options 5, 6 and 12 are only available if you create a subkey with gnupg --edit-key and then addkey. The options are: (5) Elgamal (encrypt only) (6) RSA (encrypt only) (12) ECC (encrypt only) So subkeys can be pure encryption keys without the signing capability.