search for: keypair

Hello, I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below: $ doveadm mailbox cryptokey list -u email at domain.tld -U Folder Active Public ID yes 7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67 no...

Dear All, I just tried to use 8192bit keypair for Tinc VPN connection. The connection is unable to build up. After reduce the bit of keypair from 8192bit to 4096bit. Everything is resumed to normal. How large of public/private RSA keypair can support for TINC VPN 1.0.22 on Windows platform? Regards, ERIC P Please consider your environmen...

??????? Original Message ??????? On Thursday, July 4, 2019 11:17 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote: > > Is it possible to delete the inactive keypair? if yes how? > > Wouldn?t you then be unable to *unencrypt* previous emails? That's also what I thought but based on my understand and on the documentation of the "mailbox cryptokey generate" doveadm command (https://wiki2.dovecot.org/Plugins/MailCrypt#doveadm_mailbox_cryptokey...

Hello. I am a newcomer to rsync so please forgive me if this question is dumb. I'm still learning rsync and I didn't find anything on this topic elsewhere. Is it possible to run the rsync client on windows with a passworded keypair using Pageant or SSH Accession? When I attempt to run these commands I receive errors. I am trying the following: rsync -e "ssh2 -l myusername -p myport" destserver: Unfortunately, the ssh connection succeeds but the rest of the command does not. It results in the following error: rsyn...

On 3 Jul 2019, at 06:38, mabi via dovecot <dovecot at dovecot.org> wrote: > Is it possible to delete the inactive keypair? if yes how? Wouldn?t you then be unable to encrypt previous emails?

...a_key.priv -pubout this one will print out a public key in the same format as the public key stored in the hosts file, i tested it with some clients, and every private key will generate a pubkey different to the one in the hostfile, but each of these clients do work in my vpn, so the public/private keypairs must match. A second command i found by googling ssh-keygen -y -f rsa_key.priv will output something that ist totally different to the original. openssl rsa -in rsa_key.priv -pubout: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0P8+wFjp+VT/TsDaiDRsTBnpS Qdkd6OvEnyMJtCux1bKed9...

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the mailcrypt plugin use the user's password or...

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id...

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for all local and remote...

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid this, you should probably have > > > protocol imap { > > > ??? passdb { > > > ????? driver = static > > >...

In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that d...

I have published the preview of a "hints and tips" article for the upcoming print edition of Secure Computing Magazine (Australia) on OpenSSH Public/Private Key Fingerprinting, including "BubbleBabble" encoding and the ASCII ?randomart image?, at http://cmlh.id.au/tagged/openssh -- Regards, Christian Heinrich http://cmlh.id.au/contact

...19*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa But that does not help. Also with the same SHA256withRSA algorithm when the code sign the data and send it to server, it results in signature unverified error. debug3: mm_answer_keyverify: publickey 0x56471045da10 signature unverified Things work fine for ECDSA keypair with sha256. I am able to successfully connect using this keypair. My understanding was, as of 7.2 the support for SHA256 with RSA was there ( https://www.openssh.com/txt/release-7.2) Are there any options which I am not aware of? At the moment I am using openssh-7.9p1-233.1.x86_64 on SLES12. Th...

...using openssh with a u2f key, you generate a key via: ssh-keygen -t ecdsa-sk Each time you run it, it gives a different key pair. (Randomly seeming). A differently generated key pair is not valid with the first's public key. All good so far, but you run into a problem if: You generate a keypair (A). You register your public key for (A) on a bunch of ssh servers. You take your fido2 key to a second client machine and try and login to your servers. It kind of defeats the purpose of being able to have a portable keyfob. If there was a way to seed the generation phase manually, then...

...AEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different keypair or -- use an additional 'from="..."' option to split the entry between your test client and the productive clients. > Oddly enough, the same behavior occurs when the embedded key is used > to launch an...

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly seeded random number generator. Please ensure you have updated your OpenSSL packages and regenerate all suspect keypairs. Do not forget to restart tinc. If you ha...

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly seeded random number generator. Please ensure you have updated your OpenSSL packages and regenerate all suspect keypairs. Do not forget to restart tinc. If you ha...

...e specifically I have been investigating working toward a more enterprise-friendly hierichical authentication scheme, but I have quickly realized the magnitude of such a change. I have worked with LDAP/PAM, but there are parts of ssh that are not very interoperable with LDAP, such as pub/priv keypairs. These can be stored in a directory, but it is quite a kludge to do so at this point. Thoughts and comments appreciated. Thanks, Ryan

...Public ID > yes XYZ > root at localhost:/var/vmail# How the possible??? I have put in settings of mail-crypt that keys of user have to be encrypted (mail_crypt_require_encrypted_user_key = yes), but I supply no key! How the dovecot creates main user encrypted public/private EC keypair without key of encryption given? I confirm that element of post for 'newuser' is encrypted, but of course I can no decrypt the mail. I achieve error: > dovecot: imap(newuser...Error: Mailbox INBOX: UID=1: read() > failed...Private key not available: Cannot decrypt key XYZ No we...

It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. To avoid this, you should probably have protocol imap { ??? passdb { ????? driver = static ????? args = userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:pas...