How to view non-default keyrings ?
I've got my default Keyring and some seperated keyrings, which I'd like to view. How can I list the keys in a non-default-keyring ? I don't want to import these keyrings as long as I don't know which key's are in there. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to view non-default keyrings ?
[EMAIL PROTECTED] wrote: > I've got my default Keyring and some > seperated keyrings, which I'd like to view. > > How can I list the keys in a non-default-keyring ? > I don't want to import these keyrings as long as I don't know > which key's are in there. > > Use --keyring on the command line, or without the -- in your config file. A ~/ in will be expanded to $HOME, and if no path details are given it is assumed that the file is in $GNUPGHOME (usually ~/.gnupg/). -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Need to test with a PGP Universal Server user
Does anybody know how I can get my hands on a PGP Universal Server test harness? I would like to test my app with PGP Universal Server, and finding users to test with has been difficult. Any ideas? Michael From: "Michael Conahan" <[EMAIL PROTECTED]> To: gnupg-users@gnupg.org Subject: Need to test with a PGP Universal Server user Date: Mon, 13 Mar 2006 16:48:35 + Hi folks, I need help to test the interoperability of my custom PGP app with other PGP apps. One example is that I like to test my app with a PGP Universal Server user. I'd be interested in testing with other 'not-for-free' PGP products too. Is anybody available for a quick test? If so, please let me know. Thanks, Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card and signing
Hello, as my last mail did not get through, here is a new one (maybe the list-moderators could drop the old one). On Tue, Mar 14, 2006 at 11:42:52PM +0100, Michael Bienia wrote: > On 2006-03-14 08:23:58 +0100, Remco Post wrote: > > Michael Bienia wrote: > > > does signing with the OpenPGP card only work with SHA1 as digest-algo? > > > > > > With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a > > > working signature. Trying RIPEMD160 I get: > > > | gpg: checking created signature failed: bad signature > > > | gpg: signing failed: bad signature > > > | gpg: signing failed: bad signature > > > > > > > From the basiccard website I read that it only supports sha-1, so this > > might be true. I noticed the same just recently. The "OpenPGP Card 1.1" specification mentions that ripemd as digest (page 35). > A friend who uses his OpenPGP card with enigmail under windows can > successfully create a RIPEMD160 signature. > I could also create one if I use gpg with pcscd. I could do even without pcscd. > Can someone explain me, why it works if I use gpg with pcscd and not if > I use gpg alone? What Michael has not mentioned was, that he (as well as i) do use gpg-agent. Using the agent enables openssh to use the key for public-key auth. When using the --use-agent switch (with gpg), the agent will communicate to the openpgp card using scdaemon. To sign a message gpg will send an PKSIGN command along with the Data to sign (e.g. the fingerprint of an message). What is missing is the information about which digest (e.g. sha1 or ripemd160) has been used to create the fingerprint that should be signed by scdaemon. In scd/command.c PKSIGN gets mapped to the function cmd_pksig which sets sha1 as digest when calling app_sign. As this information gets part of the pgp block which contains the signed data a sha1 signature with the ripemd160 hash is created. This obviously ends in a bad signature. Altering the call to app_sign by replacing GCRY_MD_SHA1 with GCRY_MD_RMD160 enables gpg to create valid ripemd160 signatures, but also make it impossible to create sha1 signatures. Maybe gpg and gpg-agent could get altered to pass the digest along with the call to PKSIGN? This would be a real improvement :) Hope that one of the gnupg developers can say something about this. TIA Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
batch mode lack of randomness FreeBSD
I'm sure I have just missed this in the archives, but I cannot see mention of a way to get sufficient randomness when running gpg remotely in a shell account to batch generate key pairs, i.e. gpg --gen-key --batch tmp where tmp is populated according to doc/DETAILS example. Here is what I've done to help randomness. I'm just a user on this system so my options for IRQ mapping to acquire randomness are limited: I've started a child process that continually writes to a disk file during the --gen-key --batch job... I have populated ~/.gnupg/random_seed with 600 bytes from /dev/urandom I have asked the admin to add IRQs to rndcontrol. Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of randomness in /dev/urandom, and none in /dev/random... Stef http://caunter.ca/contact.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
