How do I flush a bad symmetric password from gpg-agent?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I run gpg-agent with the ssh option in my .xsession file so that all the child processes inherit the environment. This is needed mostly for the ssh portion of course, since I could update the gpg part of the agent stuff in .bashrc if I wanted to (although I do not do that now). This has been working well for me for a long time. Today I mis-typed a passphrase for a symmetrically encrypted file and was surprised to discover that gpg-agent had stored the bad passphrase and would not let me access the file. I have occasionally in the past mistyped my passphrase for one of my secret keys or an ssh key and gpg-agent just reprompts for a valid one. Looking through the man page I don't see any way to flush the bad password from the agent. Killing and restarting works of course, but then I'm in bad shape on the ssh side. I could restart my window manager session, but that sounds like a microsoft solution, not to mention having to restart apps, etc. So is this a bug in the agent? Is there a way to flush passwords that I'm missing? Another solution? Thanks, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (FreeBSD) iEYEAREDAAYFAkqK8soACgkQyIakK9Wy8PvaZQCcC6XkNNOv//yWrBHuPDrpm2MO bIUAnjmbFAV4qyOEdmQW8eA+mlbfaLKD =uN7K -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
Hi list, this is my first message here. Firstly, thank you Werner Koch and collaborators for such a superb software. More than an enthusiast on cryptography, I am a Brazilian citizen, concerned with the privacy and authenticity "components" involved in information exchange transactions (not only in digital format). Mainly, I'm concerned with the proper degree into which privacy and authenticity can contribute to a fair relationship between society and government. Digressions left aside, I've been using GnuPG for a while both in Linux distros and in Windows XP, without facing big issues. Until now. Let me depict the situation. OS: Windows XP Home SP3. GnuPG version: 1.4.7 I have already generated a GnuPG key pair with ELG-E and DSA and everything was working fine. I was able then to sign files, simply with (e.g.): (1) gpg --clearsign "myfile.txt" by the time I generated a second key pair (again with ELG-E and DSA) to a new, distinct "user-id", this problem took place. Now, I want to sign some stuff with the new local user id's private key, and I try the command (e.g.): (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt" and it prompts me NOT for a passphrase, nor does it even create an empty "asc" file. Instead, it only returns the message: usage: gpg [options] [filename] So far, I can only sign files with (1), using the first private key my GnuPG installation generated, which represents sort of a default-and-only usable "user-id". Is it expected? Am I missing something? Is it possible to sign files with my second "user-id"? Regards, -- Marcio Barbado, Jr. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.7 (MingW32) mQGiBEf7wCkRBACqxVrmFHTHcOWveexwm2kTl+ZcbV7ceRBYfLKxtWI6EjF/leo6 g/KWzy4LxUUesuYUHoPBwPnI329c6PyK8PYvCe+u/y5xx/3308Tu70QPC8A/s23h nVE+oyuBK1gJA35YraN/t5d6U9IgQlv18/Z/HlVIxi7FWSCcxnSIXd2FVwCgxOlx Fq9Hskp8knV+suo64SAIz3cD/j5HFXSwTQdfeSUDd7IZCyx1Ys7A2DE+qdrmITGZ 3lT3etwQhg9y4pz9eLETCY/OwlM80rC38p3kOR1cOohzOzjWqekihwZhgsKQ/tmU C9widY8jyAb36noyKDpvlpeZgnnZHyHeRY/JyElja3QmbRAbw7KQ1/gyo1MnDs43 TEUMBACQ2tueaRcWSLgV9E2bLZsCWfb3ctENJS1edtUyIm5K3fiHPq8c0sikjMfk 8AXpDUxtYuq3fWYFJITzcvUzQ7xOOdcZwpz4iVTaWFi5z5G5hFE8Li9KpBZzNDDt dUSzWTFQQWxg+YOT7D8KlVOhGIukHgP/6NQ+SHtjFnQOAGNGnLQ4TWFyY2lvIEJh cmJhZG8gSnIgKE0uIEIuIEpyLikgPG1hcmNpby5iYXJiYWRvQGdtYWlsLmNvbT6I ZwQTEQIAJwUCR/vAKQIbAwUJEswDAAcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK CRCEiHeSH42A520XAJ44AMyXD9clAjywi0cAj4qlY/aOWQCfStjASaNt8bpYffXm a6HeUYe9vv65AQ0ER/vAKRAEALRZYdVRRWSq2zr7DA49mCXEfdnRm1Q453+2vZrQ TmR055xC8kP+O8fWG6HvdP2E8ZSMBoazi6PWZGTdmta3iB9XhOyIKUYd8sy2F2DF hlXGFT+FZhwIsXdHJC4HyMGI3O6rD8p0wYsKlY0/+EVT5+BlWchms8b28gA8Npr9 MrXjAAMGBACuqjWszoffs2s/UL3T/R5Y4636yEy0AEZh9F8ZtU2Zdlywn/Hppn9+ B5kc4Y9EKaWP1gLCts/lf9d1IiP1TBaOHEYFvAPdh8mig6I71p+WyNxiHvGXsAYC fzdaxMcRx/W3jX14X00JXVV4tjEuKmZ2rNUj48wP9G8WJsiWGgMqF4hPBBgRAgAP BQJH+8ApAhsMBQkSzAMAAAoJEISId5IfjYDnlEUAnAzbvvUe6ejY+EjdeahvtpKd cBqGAKCJeyTb0aOTXiqx28LNr87QAlW/gw== =BYoa -END PGP PUBLIC KEY BLOCK- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have two key pairs: one for my personal e-mail and one for work, so I am in a similar situation as you are. I switch between the two with the "--default-key" option to GPG and give it my key ID as an argument (you can set this in your gpg.conf too). Even after looking at the man page, I'm not entirely clear what "name" the "--local-user" option is after (e.g. is it a name of a local user on the system, or is it the uid name on the key). Regards, Erik M.B.Jr. wrote: > Hi list, > this is my first message here. > > Firstly, thank you Werner Koch and collaborators for such a superb software. > > More than an enthusiast on cryptography, I am a Brazilian citizen, > concerned with the privacy and authenticity "components" involved in > information exchange transactions (not only in digital format). > Mainly, I'm concerned with the proper degree into which privacy and > authenticity can contribute to a fair relationship between society and > government. > > Digressions left aside, I've been using GnuPG for a while both in > Linux distros and in Windows XP, without facing big issues. Until now. > Let me depict the situation. > > OS: Windows XP Home SP3. > GnuPG version: 1.4.7 > > I have already generated a GnuPG key pair with ELG-E and DSA and > everything was working fine. > I was able then to sign files, simply with (e.g.): > > > (1) gpg --clearsign "myfile.txt" > > > by the time I generated a second key pair (again with ELG-E and DSA) > to a new, distinct "user-id", this problem took place. > > Now, I want to sign some stuff with the new local user id's private > key, and I try the command (e.g.): > > > (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt" > > > and it prompts me NOT for a passphrase, nor does it even create an > empty "asc" file. > Instead, it only returns the message: > > usage: gpg [options] [filename] > > So far, I can only sign files with (1), using the first private key my > GnuPG installation generated, which represents sort of a > default-and-only usable "user-id". > > Is it expected? Am I missing something? Is it possible to sign files > with my second "user-id"? > > > Regards, > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkqK+V0ACgkQY21D/n6bGwcN+ACcDG7UONs7lJ9eX7QQcAzzFyvq PBEAnA99VALYcOYiU/P85r8qMuDcLBbN =9/EB -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Erik and Charly, thanks to you, I realized the problem was all about the argument I was giving the "--local-user" option. I was using the uid name (not a system account username) whereas I should have used the key id. Well, now it worked =) On Tue, Aug 18, 2009 at 3:56 PM, Erik Lotspeich wrote: > I have two key pairs: one for my personal e-mail and one for work, so I > am in a similar situation as you are. > > I switch between the two with the "--default-key" option to GPG and give > it my key ID as an argument (you can set this in your gpg.conf too). > > Even after looking at the man page, I'm not entirely clear what "name" > the "--local-user" option is after (e.g. is it a name of a local user on > the system, or is it the uid name on the key). > > Regards, > > Erik > > M.B.Jr. wrote: >> Hi list, >> this is my first message here. >> >> Firstly, thank you Werner Koch and collaborators for such a superb software. >> >> More than an enthusiast on cryptography, I am a Brazilian citizen, >> concerned with the privacy and authenticity "components" involved in >> information exchange transactions (not only in digital format). >> Mainly, I'm concerned with the proper degree into which privacy and >> authenticity can contribute to a fair relationship between society and >> government. >> >> Digressions left aside, I've been using GnuPG for a while both in >> Linux distros and in Windows XP, without facing big issues. Until now. >> Let me depict the situation. >> >> OS: Windows XP Home SP3. >> GnuPG version: 1.4.7 >> >> I have already generated a GnuPG key pair with ELG-E and DSA and >> everything was working fine. >> I was able then to sign files, simply with (e.g.): >> >> >> (1) gpg --clearsign "myfile.txt" >> >> >> by the time I generated a second key pair (again with ELG-E and DSA) >> to a new, distinct "user-id", this problem took place. >> >> Now, I want to sign some stuff with the new local user id's private >> key, and I try the command (e.g.): >> >> >> (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt" >> >> >> and it prompts me NOT for a passphrase, nor does it even create an >> empty "asc" file. >> Instead, it only returns the message: >> >> usage: gpg [options] [filename] >> >> So far, I can only sign files with (1), using the first private key my >> GnuPG installation generated, which represents sort of a >> default-and-only usable "user-id". >> >> Is it expected? Am I missing something? Is it possible to sign files >> with my second "user-id"? >> Thank you very much, - -- Marcio Barbado, Jr. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFKi0NThIh3kh+NgOcRAiYqAJ9EoZhxqXmf/CWurxfBQ3WPdkg0vQCdEE4m OEfsumdFF+sMnxtKNv4n+kA= =g3Xa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
