Re: GNU-divert-to-card S2K format

2015-02-26 Thread Werner Koch 
On Wed, 25 Feb 2015 10:49, pe...@digitalbrains.com said:

> something. It should be:
>
> S2K specifier 110

Well, it is 101.  I just updated doc/DETAILS>  It now reads:

* GNU extensions to the S2K algorithm

  1 octet  - S2K Usage: either 254 or 255.
  1 octet  - S2K Cipher Algo: 0
  1 octet  - S2K Specifier: 101
  3 octets - "GNU"
  1 octet  - GNU S2K Extension Number.

  If such a GNU extension is used neither an IV nor any kind of
  checksum is used.  The defined GNU S2K Extension Numbers are:

  - 1 :: Do not store the secret part at all.  No specific data
 follows.

  - 2 :: A stub to access smartcards.  This data follows:
 - One octet with the length of the following serial number.
 - The serial number. Regardless of what the length octet
   indicates no more than 16 octets are stored.

  Note that gpg stores the GNU S2K Extension Number internally as an
  S2K Specifier with an offset of 1000.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't Encrypt in Freebsd 10.1

2015-02-26 Thread Stephan Beck 
Hi, Antoine,


Am 25.02.2015 um 14:07 schrieb Antoine Michard:
> Hi,
> 
> Still not working :(
> Got no idea why...
> 
> #gpg -r 6349E5E0 -e test.txt
> Abort
[...]
> And then try to encryp a file:
> # gpg -r F2E7CBA5 -e test.txt
> Abort
> 
I am not familiar with BSD but this should apply to BSD installations of GnuPG
as well.

Try
gpg -e -r NAME test.txt

where NAME is the user id of the recipient's key.

If you want to encrypt for uid NAME and explicitly hide a given recipient's
keyID when sending the message you may use the -R option.

Well, that's what the man page tells us, IIUC.

HTH

Stephan







signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thoughts on GnuPG and automation

2015-02-26 Thread Bjarni Runar Einarsson 
Hello GnuPG users!

I just published a follow-up to Smári's blog post about the Mailpile
team's frustration while working with GnuPG. The post is here:

   https://www.mailpile.is/blog/2015-02-26_Revisiting_the_GnuPG_discussion.html

As it's rather long, I won't paste the whole thing in here, but I do
welcome any and all feedback. The gist of it is: the GnuPG CLI is not
very well suited for automation and the 2.x design appears to make some
things we want to do almost impossible.

Corrections (if I made any factual errors) will be posted to the web
ASAP, and I'll link back to this thread in the archives so webby people
can see your replies. I hope this qualifies as constructive critism!

As I said on our IRC channel: If we're lucky it'll be a humiliating
"you're just doing it wrong, here is the solution". ;-)

Cheers,
 - Bjarni

-- 
Sent using Mailpile, Free Software from www.mailpile.is___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to send a key to a keyserver?

2015-02-26 Thread Helmut Waitzmann 
Hello,

I tried

gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net --send-keys -- 
72ABFF0923A87CF22D0ED7C4FDEE765D017077F1

and got the message

gpg: sending key FDEE765D017077F1 to hkp server pool.sks-keyservers.net
gpgkeys: HTTP post error 22: The requested URL returned error: 417
gpg: keyserver internal error
gpg: keyserver send failed: Keyserver error

What's wrong here?  Does the problem sit in front of the keyboard?

Any help will be appreciated.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

2015-02-26 Thread Werner Koch 
On Thu, 26 Feb 2015 15:57, b...@pagekite.net said:

> As it's rather long, I won't paste the whole thing in here, but I do

Please give me a few days to comment on this.  I have some urgent tasks
right now.  But as a first hint: automation has never been second class
citizen and has been build into gpg more or less right from the
beginning (0.2.12, spring 1998).

I know of one university in Germany which runs its webmail system using
GnuPG 2 and with pinentry.  This was actually the reasons to add the
PINENTRY_USER_DATA kludge.

Back to release work.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem with PassPhrase in Batch.

2015-02-26 Thread Mark Walter 
I have a pass phrase that contains an exclamation mark (!). I can decrypt fine 
manually, however when I try to put this into a batch file, and pipe the the 
pass phrase to the gpg command to decrypt the file, it doesn't work. Could the 
exclamation mark be causing the problem? Also, is there a way, in a batch file 
to escape this character?

Thanks in advance,


Mark Walter

Business to Business Data Integration Specialist
Certified IBM System i Specialist
Paragon Consulting Services, Inc.
mwal...@paragon-csi.com
717-764-7909 ext. 20

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem with PassPhrase in Batch.

2015-02-26 Thread Mark Walter 
From: Mark Walter
Sent: Thursday, February 26, 2015 1:17 PM
To: 'gnupg-users@gnupg.org'
Subject: Problem with PassPhrase in Batch.


I have a pass phrase that contains an exclamation mark (!). I can decrypt fine 
manually, however when I try to put this into a batch file, and pipe the the 
pass phrase to the gpg command to decrypt the file, it doesn't work. Could the 
exclamation mark be causing the problem? Also, is there a way, in a batch file 
to escape this character?

Thanks in advance,


Mark Walter

Business to Business Data Integration Specialist
Certified IBM System i Specialist
Paragon Consulting Services, Inc.
mwal...@paragon-csi.com
717-764-7909 ext. 20

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Re: Thoughts on GnuPG and automation

2015-02-26 Thread Bjarni Runar Einarsson 
Hey Werner,

Yes, please do take your time.

I'm happy to hear you consider automation an important thing. I assume
that means the current limitations on that front are largely due to a
lack of developer resources - which I don't intend to badger you about,
my project suffers from the same.

Related to that though, I'll add one question to your backlog: does the
GnuPG 2.1 cycle hope to bridge the 2.0/1.4 divide, so 1.4 can retire and
everyone can move to 2.1? If not, why not?

In the meantime, I'll go see if I can find information about this kludge
you speak of.

Take care,
 - Bjarni

-- 
Sent using Mailpile, Free Software from www.mailpile.is___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't Encrypt in Freebsd 10.1

2015-02-26 Thread Juergen Hoessler 
Hi Antoine,
please try it as a normal user, not as root.
Normaly the key-ring-file depends to a real user 
and not to root, who isn't a normal user.
May be it will help you.
  --pit

  Von: Stephan Beck 
 An: gnupg-users@gnupg.org 
 Gesendet: 14:29 Donnerstag, 26.Februar 2015
 Betreff: Re: Can't Encrypt in Freebsd 10.1
   
Hi, Antoine,




Am 25.02.2015 um 14:07 schrieb Antoine Michard:
> Hi,
> 
> Still not working :(
> Got no idea why...
> 
> #gpg -r 6349E5E0 -e test.txt
> Abort
[...]
> And then try to encryp a file:
> # gpg -r F2E7CBA5 -e test.txt
> Abort
> 
I am not familiar with BSD but this should apply to BSD installations of GnuPG
as well.

Try
gpg -e -r NAME test.txt

where NAME is the user id of the recipient's key.

If you want to encrypt for uid NAME and explicitly hide a given recipient's
keyID when sending the message you may use the -R option.

Well, that's what the man page tells us, IIUC.

HTH

Stephan





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


  ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot remove passphrase (gnupg 2.0.26/solaris 10)

2015-02-26 Thread Errol Casey 
I've tried recompiling things, and was able to initially set a key with a
empty passphrase (pressing return twice).

But if I use --edit-key to change passwd, and then try to set it back to
blank...I get the warning, and infinite loop asking for
"y/N" but never accepts either answer...

On Tue, Feb 24, 2015 at 2:12 PM, Errol Casey  wrote:

> When I use gpg2 --edit-key , and then use passwd to
> change/remove
> passphrase by entering a blank passphrase. I get hung in an input loop
>
>lqk
> x Please re-enter this passphrase x
> x x
> x Passphrase  x
> x x
> x x
> mqj
>
>
>
>
>
>
>
>
> You don't want a passphrase - this is probably a *bad* idea!
>
> Do you really
> want to do this? (y/N)
>
> I truss the process (this is on Solaris 10), and I see it receiving the
> "y\r" but it doesn't continue.
>
> I can type N enter, and see 'N\r" also.
>
> So not sure if it is a local issue with tty, compile issue with pinentry,
> or gnupg?
>
> But it accepts my original passphrase, and hitting enter twice and
> selecting yes I want to do it, gets me to this last prompt and it will go
> no further.
>
> Hmmm:
>
> Thinking the compile/linking of pinentry is the cause. I've seen this
> before, but just ran
>
> pinentry --version
> ld.so.1: pinentry-curses: fatal: libiconv.so.2: open failed: No such file
> or directory
> Killed
>
>
> seems I have to modify LD_LIBRARY_PATH to get pinentry to work; but this
> change was made en enviornment when I tried changing passphrase above. Not
> sure where the input problem is being generated.
>
> $ pinentry --version
> pinentry-curses (pinentry) 0.9.0
> $ gpg2 --version
> gpg (GnuPG) 2.0.26
> libgcrypt 1.6.2
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <
> http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA, RSA, ELG, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> --
> Errol Casey
> er...@askerrol.org
>



-- 
Errol Casey
er...@askerrol.org
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't Encrypt in Freebsd 10.1

2015-02-26 Thread Stephan Beck 
Hi pit or Jürgen,

sorry (Antoine), I did not interpret the # as root but just as a way of
commenting, and I checked it again and realized that the order of the options is
not important.

Anyway, is it necessary to copy the whole header of my message to make it stand
out who made a mistake? I think that's a bit childish and impolite. In case you
"configured" your email that way, just change it.


Best regards

Stephan


Am 26.02.2015 um 20:19 schrieb Juergen Hoessler:
> Hi Antoine,
> please try it as a normal user, not as root.
> Normaly the key-ring-file depends to a real user 
> and not to root, who isn't a normal user.
> May be it will help you.
>   --pit
> 
>   Von: Stephan Beck 
>  An: gnupg-users@gnupg.org 
>  Gesendet: 14:29 Donnerstag, 26.Februar 2015
>  Betreff: Re: Can't Encrypt in Freebsd 10.1
>
> Hi, Antoine,
> 
> 
> 
> 
> Am 25.02.2015 um 14:07 schrieb Antoine Michard:
>> Hi,
>>
>> Still not working :(
>> Got no idea why...
>>
>> #gpg -r 6349E5E0 -e test.txt
>> Abort
> [...]
>> And then try to encryp a file:
>> # gpg -r F2E7CBA5 -e test.txt
>> Abort
>>
> I am not familiar with BSD but this should apply to BSD installations of GnuPG
> as well.
> 
> Try
> gpg -e -r NAME test.txt
> 
> where NAME is the user id of the recipient's key.
> 
> If you want to encrypt for uid NAME and explicitly hide a given recipient's
> keyID when sending the message you may use the -R option.
> 
> Well, that's what the man page tells us, IIUC.
> 
> HTH
> 
> Stephan
> 
> 
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
>   
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 








signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with PassPhrase in Batch.

2015-02-26 Thread Xavier Maillard 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Mark,

Mark Walter  writes:

> I have a pass phrase that contains an exclamation mark (!). I can
> decrypt fine manually, however when I try to put this into a batch
> file, and pipe the the pass phrase to the gpg command to decrypt
> the file, it doesn't work. Could the exclamation mark be causing
> the problem? Also, is there a way, in a batch file to escape this
> character?

Do you have any testcase I could try by my side ? I mean, how you
"put this in a batch file" ? I also put an
exclamation mark in my passphrase.

Regards
- -- Xavier.
-BEGIN PGP SIGNATURE-

iQQcBAEBCgAGBQJU8AJZAAoJEN4v/Iaa+lFlkcIf/ilD+vTRhjyW5ZigQ0mP06DW
tEAApUFS6MIg8Hccp8QZm5qmTWUkhjvTD4wnbaCYmGDav5VG8PPokAyNwTJNDO7q
2K/WhSTlamIBnWFXXIZwO7LHl6T96oFmFvWsTUMG9+TaQhuEk4uAmKjAdeeS1J8K
DWtVmWZaH/LEUxy2EFkRXCHxuo0o8W1V8rRSpNJXuGgKnVakBQP+aLJxsHpHqzKD
ubnZkZ1Q/07WGrTzeH+kweyOt91qOmiwRfYXayiP3CS+9zD+1xQ813BoTCltKpBT
KnLWEX6ui/o1X+FTGnFqPxH16vpATMbfTEqKLohE0Eg6asUbDKeTS8nOaogDJ98a
N5tW8lkXEdnt7P/58kQt6BabmZ36G8gAcZyLak+DFOuj/BgNQIrXWW4a2HO6fZDQ
9ilKalWdQqDPJU3wdsCixggr55IZEBDe/PepvlKEcQUl1YfBQ/mfhhRtlssApv81
MgGX3ZqaweOEbSFMj4hkuYRQ4ir/x8g9IBq/VuN4naIJl21O6r6NZZjgnJSvBuXi
IvyJAnlGfuAlRXBTDEzPqf+k8EQma8tLp84ZaOOdROAkg9uIkpMWpFD4QW/thAzY
yjBi6ZZt4TZ7P8j3hVNgWCq1+qMPFH286/+6BqEZ0XdV73R+IAIXUoy+jAQRCUqU
3O81O+H12YOWKgjQKJx3mNU6YXMOEf5KqHJfm6X9JuRysoItaFYlrzaz2Sq0VV0i
lPRvZefA5eSwOU59zTAbMGmIUGxBbTXoPIngV9NC6QWC27RZLsbwlhGcJB3sSzAx
Mtgc0qsgPI4/Mg70qvMZ+9qQs0sA9M+53EAa1RnieI0hmcxdwoaG/ccQ3P+n+Zpj
HZrCPbgQ3GircKoZddiI6xfLpDzopWQLezTZdYIymJFpmZuAZN7T1/xQAGbcSYKB
9BSZMavNniSsGCCr9c5PFpyeGz8B7YpmoqBBTIV50Cdg8S8TipvaigFpFc/Iqe0E
6eQlDMMUqdmtYn0Pk6ct2+90DYMHl7WhP3LH+DqhSeyOuJP7Lx6szdx38jJjE3q0
wBgK92zhTDvH+ipB4kpdK2vAiWnecP9jBHMABG/HpSFyGVSZszWmB+956NC2tCT6
rrUOteCmYlQLNdg6zn7smpR1inLdntmCiCm5LztMGUXupco6XmvcA8nOvMdif1Tv
obXKCXta3oKeUHGJOtmBQyTyCh2+O/0IreJSmFvvbJKg/EXOCmQwMYm483juOKhi
4AZ6CPIj45Upz9woD20LFqx27V7bg6ohZ+amiCAgB1nLv7p8bj7FK6AR52VLUttf
XLqxWdxOXGQlJQsJXECaaC1V0wioa5mGioeTOzx6CKmT3kyK/AEXPgccfrETfYk=
=z+om
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to send a key to a keyserver?

2015-02-26 Thread Xavier Maillard 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Helmut

Helmut Waitzmann  writes:

> gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net --send-keys -- 
> 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1

try without the -- stuff:

gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net --send-keys 
72ABFF0923A87CF22D0ED7C4FDEE765D017077F1

and see how it goes.

- -- Xavier.
-BEGIN PGP SIGNATURE-

iQQcBAEBCgAGBQJU8AaeAAoJEN4v/Iaa+lFl0qEgAKkMLssdiQNkUunotYfSMs1F
ndPLNXOy3GuCyJJ2GGLE0RQv2OafBJ0xHc6WNWQD93CvSTY7GP2x8jIodAyb7Wbr
7Gp6fnmFCs+p8Lg4qjAynRkmiCZOD5yO/JMMAGeaBFkvMEMG+7alMDSso7fPqTJh
TXZqrBviOCHevOruv5GILpswbGjBw+yZ4KwQYMtimwQE2Idv5okaD3eNysJms5Jq
bYG+eSandfC8+yOPtGrxMB1pGWoZEdmWlhSe6rHxO/0jqKywEurFkQahotNMiCV/
+ZiD0r6pClQVfSPbXYOsrqbW2S0NeOhDVthLLSSgw+2FLVwqsgMZ6/xTsFd7gkqg
u727aFSaLnUQD1XM7ml5TZMvbXBP3KUlJf5btqoJWuxbkeZJrLa+ydYWsr3M9iUx
iGso86HTZ7uV4WJUgmybxhuT07XaUwyq8OEIiy2kNo/0WBK43al4RVacIbck9ZLP
tVppW98+P1O0vmJcZb1iUakj2yYY+I5E+D3KSiOkLYd8i8ZcrsB0Pelcl1KXEi2X
BUBMzJqIVcGBjCEKewORXs+NFndp/aYPQzYGvCFu34qnSGBJyKTGI9uZSRljGUTI
QbAvIJB+KGYVoAjPajFPk8taEtN/8iNltMp/odqtSi8JY/JMYMDuz1sct4wxVmpQ
dFjPhLkUKraZ6L+j8giPv8AzB4W8Sg3FVbUD0HZPbr3BcTPMDeozA4iAthoYIb3E
m1NUHDKtRfnFkxBy1iMkhGsoVilUX8Zn03C3QS9py9ToyR7Xka3Clc2nSDE6wWC5
R28ORWk1tqETXjg8ndaIQcaW54+bRjoymUPzpgtvZmBV9+liwfJwwZPsGqklg9tF
MTEqavBVPVOXu4j1bSrCiUQnhLMsXuvSg11Cl3MZuC7REDkOsHZstOXZTiMvhnXB
7ZXWyUn7Xx6PUYYlp/OJkg+2Qr9fRLikNvF9PZ0vuKmPxpbYoG6UJ2NKGvpGOMmr
FjtPyEKJlYQWsdKf6w1PGJ/1+lVNzcwJkMh+Jz/YYVE0yH0cQDV2nINe3gVv+pyf
V6s+zsaBa/RBJCYuA59U4tIDQFbBrbBTZ5IurIlGTIIB6xiG+SUaMW6nnswZQIwm
rZFoK9VQyxKBPoj4OBEOQg2q0t3+hvBnQxI+hffCsx9QOcuN/WdnigEO/Khv2lXM
xrRyZmCp79UJTNDI5TTy/ra+jjfmOVkHVd/o/fAkAVST3l2eRdGDcUXXoofbxcjj
KajRybChjRF0yAPYkIts9FsoD0fLBP3uxrfO23Lzxz7Jwrzv6PaQulG/9rrXLWwU
9k96364Ldf3PaEZ9qIqRXqGx81IbHoxWgQt40BtrX86mZ+K7cMSXTMDTKHcvb7M=
=Yuco
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users