keysearch fails
Hello, I can not manage to get a keysearch via dirmngr to work; when I use: $ gpg2 --keyserver pool.sks-keyservers.net --debug 1024 --search x...@freebsd.org gpg: reading options from '/home/guru/.gnupg/gpg.conf' gpg: enabled debug flags: ipc gpg: DBG: chan_3 <- # Home: /home/guru/.gnupg gpg: DBG: chan_3 <- # Config: /home/guru/.gnupg/dirmngr.conf gpg: DBG: chan_3 <- OK Dirmngr 2.1.6 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pool.sks-keyservers.net gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KS_SEARCH -- x...@freebsd.org gpg: DBG: chan_3 <- [eof] gpg: error searching keyserver: End of file gpg: búsqueda del servidor de claves fallida: End of file gpg: DBG: chan_3 -> BYE gpg: secmem usage: 0/32768 bytes in 0 blocks In /var/log/message I see: Dec 23 09:15:09 c720-r285885-amd64 kernel: pid 2809 (dirmngr), uid 1001: exited on signal 6 which perhaps is normal (soemhow the spawned proc must be killed); but a TCPDUMP only shows a lot of PTR requests, see below. No real traffic is to be seen to no server. What I do miss here? matthias 09:15:57.465887 IP 10.42.0.152.26961 > 10.42.0.1.53: 57200+ A? pool.sks-keyservers.net. (41) 09:15:57.698231 IP 10.42.0.1.53 > 10.42.0.152.26961: 57200 10/0/0 A 176.9.51.79, A 193.224.163.43, A 207.237.164.231, A 193.17.17.6, A 85.93.13.183, A 104.236.44.212, A 46.229.47.139, A 223.252.21.101, A 192.71.151.126, A 144.76.120.109 (201) 09:15:57.698443 IP 10.42.0.152.15292 > 10.42.0.1.53: 44337+ ? pool.sks-keyservers.net. (41) 09:15:58.136982 IP 10.42.0.1.53 > 10.42.0.152.15292: 44337 10/0/0 2604:a880:800:10::60d:b001, 2a03:4000:6:202e::1, 2a01:7a0:1::6, 2001:470:1f09:1d75::80, 2a01:4f8:a0:4024::2:0, 2a01:4f8:150:7142::2, 2001:41d0:2:a8b4::10, 2a02:168:4a01::37, 2604:a880:800:10::688:e001, 2001:6f8:124e::1 (321) 09:15:58.138270 IP 10.42.0.152.57903 > 10.42.0.1.53: 3651+ PTR? 212.44.236.104.in-addr.arpa. (45) 09:15:58.139749 IP 10.42.0.1.53 > 10.42.0.152.57903: 3651 1/0/0 PTR openpgp.us. (69) 09:15:58.140405 IP 10.42.0.152.49791 > 10.42.0.1.53: 29976+ PTR? 126.151.71.192.in-addr.arpa. (45) 09:15:58.142479 IP 10.42.0.1.53 > 10.42.0.152.49791: 29976 1/0/0 PTR mimir.alderwick.co.uk. (80) 09:15:58.142854 IP 10.42.0.152.20861 > 10.42.0.1.53: 61059+ PTR? 101.21.252.223.in-addr.arpa. (45) 09:15:58.144671 IP 10.42.0.1.53 > 10.42.0.152.20861: 61059 1/0/0 PTR svcs4.riverwillow.net.au. (83) 09:15:58.145031 IP 10.42.0.152.51574 > 10.42.0.1.53: 21456+ PTR? 139.47.229.46.in-addr.arpa. (44) 09:15:58.146670 IP 10.42.0.1.53 > 10.42.0.152.51574: 21456 1/0/0 PTR jarvis.alpha-labs.net. (79) 09:15:58.147016 IP 10.42.0.152.24483 > 10.42.0.1.53: 11392+ PTR? 79.51.9.176.in-addr.arpa. (42) 09:15:58.149302 IP 10.42.0.1.53 > 10.42.0.152.24483: 11392 1/0/0 PTR alita.karotte.org. (73) 09:15:58.149639 IP 10.42.0.152.45716 > 10.42.0.1.53: 51515+ PTR? 183.13.93.85.in-addr.arpa. (43) 09:15:58.150581 IP 10.42.0.1.53 > 10.42.0.152.45716: 51515 1/0/0 PTR host10.slyinvestment.com. (81) 09:15:58.151058 IP 10.42.0.152.31608 > 10.42.0.1.53: 34134+ PTR? 6.17.17.193.in-addr.arpa. (42) 09:15:58.153963 IP 10.42.0.1.53 > 10.42.0.152.31608: 34134 1/0/0 PTR key.ip6.li. (66) 09:15:58.154314 IP 10.42.0.152.37867 > 10.42.0.1.53: 56496+ PTR? 231.164.237.207.in-addr.arpa. (46) 09:15:58.156621 IP 10.42.0.1.53 > 10.42.0.152.37867: 56496 1/0/0 PTR keys.sflc.info. (74) 09:15:58.156959 IP 10.42.0.152.20412 > 10.42.0.1.53: 34648+ PTR? 43.163.224.193.in-addr.arpa. (45) 09:15:58.158943 IP 10.42.0.1.53 > 10.42.0.152.20412: 34648 1/0/0 PTR hufu.ki.iif.hu. (73) 09:15:58.159277 IP 10.42.0.152.46457 > 10.42.0.1.53: 32569+ PTR? 109.120.76.144.in-addr.arpa. (45) 09:15:58.161678 IP 10.42.0.1.53 > 10.42.0.152.46457: 32569 1/0/0 PTR encrypt.to. (69) 09:15:58.162290 IP 10.42.0.152.58716 > 10.42.0.1.53: 61479+ PTR? 0.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.4.2.0.4.0.a.0.0.8.f.4.0.1.0.a.2.ip6.arpa. (90) 09:15:58.163688 IP 10.42.0.1.53 > 10.42.0.152.58716: 61479 1/0/0 PTR a.keyserver.pki.scientia.net. (132) 09:15:58.164128 IP 10.42.0.152.32231 > 10.42.0.1.53: 26254+ PTR? 1.0.0.e.8.8.6.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.8.0.0.8.8.a.4.0.6.2.ip6.arpa. (90) 09:15:58.166679 IP 10.42.0.1.53 > 10.42.0.152.32231: 26254 0/0/0 (90) 09:15:58.167037 IP 10.42.0.152.15342 > 10.42.0.1.53: 14504+ PTR? 7.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.a.4.8.6.1.0.2.0.a.2.ip6.arpa. (90) 09:15:58.168514 IP 10.42.0.1.53 > 10.42.0.152.15342: 14504 1/0/0 PTR pgpkeys.urown.net. (121) 09:15:58.168872 IP 10.42.0.152.49875 > 10.42.0.1.53: 39926+ PTR? 0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.b.8.a.2.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. (90) 09:15:58.170820 IP 10.42.0.1.53 > 10.42.0.152.49875: 39926 NXDomain 0/0/0 (90) 09:15:58.171163 IP 10.42.0.152.32030 > 10.42.0.1.53: 45608+ PTR? 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.4.1.7.0.5.1.0.8.f.4.0.1.0.a.2.ip6.arpa. (90) 09:15:58.173415 IP 10.42.0.1.53 > 10.42.0.152.32030: 45608 1/0/0 PTR alita.karotte.org.
Problems with ESTEID and gpgsm
How can I solve them? jaap@jaap:~$ gpgsm --help gpgsm (GnuPG) 2.0.26 libgcrypt 1.6.3 libksba 1.3.2-unknown ... jaap@jaap:~$ jaap@jaap:~$ /usr/bin/gpgsm -s txt.txt gpgsm: enabled debug flags: x509 assuan gpgsm: no key usage specified - assuming all usages gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 39 C0 56 38 84 B2 C1 01 B2 0C 59 ED 40 27 B5 01 93 FF F7 72 gpgsm: no running gpg-agent - starting one gpg-agent[22381]: enabled debug flags: assuan gpgsm: DBG: connection to agent established gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 31 F0 60 FB CE A5 21 00 E5 68 D2 6C 98 FD ED 9A 12 B1 60 15 gpgsm: certificate is not usable for signing gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 23 59 EB D7 45 0D 9A 7F F3 25 FD 94 27 7E CC 32 D2 DD 22 53 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= C5 BD 3D 02 E5 E7 6D D2 75 40 C6 62 D0 B7 47 7C 16 92 67 39 gpgsm: no default signer found gpgsm: error creating signature: General error secmem usage: 0/16384 bytes in 0 blocks jaap@jaap:~$ jaap@jaap:~$ /usr/bin/gpgsm --learn-card gpgsm: enabled debug flags: x509 assuan gpgsm: no running gpg-agent - starting one gpg-agent[22386]: enabled debug flags: assuan gpgsm: DBG: connection to agent established gnupg-pkcs11-scd[22387.3394275072]: version: 0.7.3 gnupg-pkcs11-scd[22387.3394275072]: config: debug=1, verbose=1 gnupg-pkcs11-scd[22387.3394275072]: config: pin_cache=-1 gnupg-pkcs11-scd[22387.3394275072]: config: provider: name=esteid, library=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so, allow_protected=1, cert_is_private=1, private_mask=0001 gnupg-pkcs11-scd[22387.3394275072]: run_mode: 2 gnupg-pkcs11-scd[22387.3394275072]: crypto: openssl gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider entry version='1.11', pid=22387, reference='esteid', provider_location='/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so', allow_protected_auth=1, mask_private_mode=0001, cert_is_private=1 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Adding provider 'esteid'-'/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider Provider 'esteid' manufacturerID 'OpenSC (www.opensc-project.org)' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_slotevent_notify entry gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_slotevent_notify return gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Provider 'esteid' added rv=0-'CKR_OK' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider return rv=0-'CKR_OK' gnupg-pkcs11-scd[22387.3394275072]: Listening to socket '/tmp/gnupg-pkcs11-scd.xWcx6d/agent.S' gnupg-pkcs11-scd[22387]: chan_6 -> OK PKCS#11 smart-card server for GnuPG ready gnupg-pkcs11-scd[22387]: chan_6 <- GETINFO socket_name gnupg-pkcs11-scd[22387]: chan_6 -> D /tmp/gnupg-pkcs11-scd.xWcx6d/agent.S gnupg-pkcs11-scd[22387]: chan_6 -> OK gnupg-pkcs11-scd[22387]: chan_6 <- SERIALNO gnupg-pkcs11-scd[22387]: chan_6 -> S SERIALNO D27600012401 0 gnupg-pkcs11-scd[22387]: chan_6 -> OK gnupg-pkcs11-scd[22387]: chan_6 <- LEARN --force gnupg-pkcs11-scd[22387]: chan_6 -> S SERIALNO D27600012401 0 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_certificate_enumCertificateIds entry method=1, mask_prompt=0003, p_cert_id_issuers_list=0x7ffc1c633f48, p_cert_id_end_list=0x7ffc1c633f40 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSlotList entry provider=0xd1f5e0, token_present=1, pSlotList=0x7ffc1c633e00, pulCount=0x7ffc1c633e08 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=2 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0x7ffc1c633e18 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0x7ffc1c633d70 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=0xd3f600 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_getTokenId return rv=0-'CKR_OK', *p_token_id=0xd3f600 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSessionByTokenId entry token_id=0xd3f600, p_session=0x7ffc1c633e10 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Creating a new session gnupg-pkcs11-scd[22387.339
Re: keysearch fails
El día Wednesday, December 23, 2015 a las 09:23:12AM +0100, Matthias Apitz escribió: > Hello, > > I can not manage to get a keysearch via dirmngr to work; when I use: > > $ gpg2 --keyserver pool.sks-keyservers.net --debug 1024 --search > x...@freebsd.org > gpg: reading options from '/home/guru/.gnupg/gpg.conf' > gpg: enabled debug flags: ipc > gpg: DBG: chan_3 <- # Home: /home/guru/.gnupg > gpg: DBG: chan_3 <- # Config: /home/guru/.gnupg/dirmngr.conf > gpg: DBG: chan_3 <- OK Dirmngr 2.1.6 at your service > gpg: DBG: connection to the dirmngr established > gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pool.sks-keyservers.net > gpg: DBG: chan_3 <- OK > gpg: DBG: chan_3 -> KS_SEARCH -- x...@freebsd.org > gpg: DBG: chan_3 <- [eof] > gpg: error searching keyserver: End of file > gpg: búsqueda del servidor de claves fallida: End of file > gpg: DBG: chan_3 -> BYE > gpg: secmem usage: 0/32768 bytes in 0 blocks Seems to be a known bug: $ dirmngr # Home: ~/.gnupg # Config: /home/guru/.gnupg/dirmngr.conf OK Dirmngr 2.1.6 at your service KEYSERVER hkps://hkps.pool.sks-keyservers.net OK KS_SEARCH matt...@freebsd.org Assertion failed: (a >= 0 && a < hosttable_size), function sort_hostpool, file ks-engine-hkp.c, line 179. Abort trap (core dumped) https://bugs.gnupg.org/gnupg/issue2107 -- Matthias Apitz, ✉ g...@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045 «(über die DDR)... Und allein dieser Mangel (an Sozialismus) und nichts anderes führte zum Tod. Und wer da nicht trauert, hat kein Herz, und wer da nicht neu anpackt, hat auch keins verdient.» «(sobre la RDA)... Y solo esta escasez (de socialismo) y no otra cosa, le llevó a la muerte. Y quien no está de luto, no tiene corazón, y quien no se lanza a luchar de nuevo, no se merece corazón.», junge Welt del 3 de octubre 2015, p. 11 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keysearch fails
On Wed, 23 Dec 2015 09:23, g...@unixarea.de said: > gpg: DBG: chan_3 <- OK Dirmngr 2.1.6 at your service Please first update to gnupg 2.1.10. > Dec 23 09:15:09 c720-r285885-amd64 kernel: pid 2809 (dirmngr), uid 1001: > exited on signal 6 Which probably is SIGABRT which in in turn may indicate that an assert() failed. If this probelm persists with 2.1.10 please rn dirmngr uner a debugger: gdb --args dirmngr -v server Then "run" and enter the commands KEYSERVER --clear hkp://pool.sks-keyservers.net and KS_SEARCH -- x...@freebsd.org On the signal you should get back to the debugger prompt and so you can print a stack backtrace. If it it indeed an assert you may run dirmngr w/o a debugger and the assert will print the diagnositcs to stderr which you should be able to see. > which perhaps is normal (soemhow the spawned proc must be killed); but a No, dirmngr is started on-the-fly as a daemon. To stop it you either use "pkill dirmngr" or "gpgconf --kill dirmngr". > TCPDUMP only shows a lot of PTR requests, see below. No real traffic is > to be seen to no server. It is resolving the the pool addreses to select one of the servers. With 2.1.10 there are two different resolver libraries in use, entering getinfo dnsinfo on the "dirmngr --server" prompt shows you which one is used. To play with dirmngr it is often easier to use gpg-connect-agent --dimngr -v which enables you to use readline and some other goodies. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with ESTEID and gpgsm
On Wed, 23 Dec 2015 00:00, mailingli...@vanwingerde.net said: > gnupg-pkcs11-scd[22387.3394275072]: version: 0.7.3 You are using some modified version of GnuPG's scdaemon. Please ask the author of that version for help. The parts of GnuPG all belong together and it is in general not a good idea to exchange one of the coomponents. The APIs used between the GnuPG componentes are not stable between versions. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems with ESTEID and gpgsm
How can I solve them? jaap@jaap:~$ gpgsm --help gpgsm (GnuPG) 2.0.26 libgcrypt 1.6.3 libksba 1.3.2-unknown ... jaap@jaap:~$ jaap@jaap:~$ /usr/bin/gpgsm -s txt.txt gpgsm: enabled debug flags: x509 assuan gpgsm: no key usage specified - assuming all usages gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 39 C0 56 38 84 B2 C1 01 B2 0C 59 ED 40 27 B5 01 93 FF F7 72 gpgsm: no running gpg-agent - starting one gpg-agent[22381]: enabled debug flags: assuan gpgsm: DBG: connection to agent established gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 31 F0 60 FB CE A5 21 00 E5 68 D2 6C 98 FD ED 9A 12 B1 60 15 gpgsm: certificate is not usable for signing gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 23 59 EB D7 45 0D 9A 7F F3 25 FD 94 27 7E CC 32 D2 DD 22 53 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= C5 BD 3D 02 E5 E7 6D D2 75 40 C6 62 D0 B7 47 7C 16 92 67 39 gpgsm: no default signer found gpgsm: error creating signature: General error secmem usage: 0/16384 bytes in 0 blocks jaap@jaap:~$ jaap@jaap:~$ /usr/bin/gpgsm --learn-card gpgsm: enabled debug flags: x509 assuan gpgsm: no running gpg-agent - starting one gpg-agent[22386]: enabled debug flags: assuan gpgsm: DBG: connection to agent established gnupg-pkcs11-scd[22387.3394275072]: version: 0.7.3 gnupg-pkcs11-scd[22387.3394275072]: config: debug=1, verbose=1 gnupg-pkcs11-scd[22387.3394275072]: config: pin_cache=-1 gnupg-pkcs11-scd[22387.3394275072]: config: provider: name=esteid, library=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so, allow_protected=1, cert_is_private=1, private_mask=0001 gnupg-pkcs11-scd[22387.3394275072]: run_mode: 2 gnupg-pkcs11-scd[22387.3394275072]: crypto: openssl gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider entry version='1.11', pid=22387, reference='esteid', provider_location='/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so', allow_protected_auth=1, mask_private_mode=0001, cert_is_private=1 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Adding provider 'esteid'-'/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider Provider 'esteid' manufacturerID 'OpenSC (www.opensc-project.org)' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_slotevent_notify entry gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_slotevent_notify return gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Provider 'esteid' added rv=0-'CKR_OK' gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_addProvider return rv=0-'CKR_OK' gnupg-pkcs11-scd[22387.3394275072]: Listening to socket '/tmp/gnupg-pkcs11-scd.xWcx6d/agent.S' gnupg-pkcs11-scd[22387]: chan_6 -> OK PKCS#11 smart-card server for GnuPG ready gnupg-pkcs11-scd[22387]: chan_6 <- GETINFO socket_name gnupg-pkcs11-scd[22387]: chan_6 -> D /tmp/gnupg-pkcs11-scd.xWcx6d/agent.S gnupg-pkcs11-scd[22387]: chan_6 -> OK gnupg-pkcs11-scd[22387]: chan_6 <- SERIALNO gnupg-pkcs11-scd[22387]: chan_6 -> S SERIALNO D27600012401 0 gnupg-pkcs11-scd[22387]: chan_6 -> OK gnupg-pkcs11-scd[22387]: chan_6 <- LEARN --force gnupg-pkcs11-scd[22387]: chan_6 -> S SERIALNO D27600012401 0 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: pkcs11h_certificate_enumCertificateIds entry method=1, mask_prompt=0003, p_cert_id_issuers_list=0x7ffc1c633f48, p_cert_id_end_list=0x7ffc1c633f40 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSlotList entry provider=0xd1f5e0, token_present=1, pSlotList=0x7ffc1c633e00, pulCount=0x7ffc1c633e08 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=2 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0x7ffc1c633e18 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0x7ffc1c633d70 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=0xd3f600 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_token_getTokenId return rv=0-'CKR_OK', *p_token_id=0xd3f600 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: _pkcs11h_session_getSessionByTokenId entry token_id=0xd3f600, p_session=0x7ffc1c633e10 gnupg-pkcs11-scd[22387.3394275072]: PKCS#11: Creating a new session gnupg-pkcs11-scd[22387.339
signing mails with MUA mutt fails
Hello, To sign mails one configure in the MUA the command in the following form: gpg2 --batch --output - --passphrase-fd 0 --armor --sign --detach-sign --textmode -u %a %f where %a is the actual user and %f the mail attachment to be signed; it does not work and I digged into this; this works as it should: $ gpg2 --output - --armor --sign --detach-sign -u guru msg.asc Please enter the passphrase to unlock the OpenPGP secret key: "Matthias Apitz (GnuPGv2) " 2048-bit DSA key, ID FFEE762B922A6CBB, created 2015-12-22. Passphrase: -BEGIN PGP SIGNATURE- iF4EABEIAAYFAlZ63U8ACgkQ/+52K5IqbLuC+wD/RnSo6soMzg0wxTdAFEbD2ykB Yc15kIv7SPBXDoKohvcA/jUN2FNNEhlrrh5B/gAldFyYsJ7ruD5ktPa3b/DfpEP3 =DXMS -END PGP SIGNATURE- while this gives an error: $ killall gpg-agent $ echo | gpg2 --batch --output - --passphrase-fd 0 --armor --sign --detach-sign --textmode -u guru msg.asc gpg: signing failed: gpg: signing failed: Invalid IPC response gpg: signing failed: Invalid IPC response running with --debug gives some kind of error in the communication with the agent: $ killall gpg-agent $ echo | gpg2 --debug 1024 --batch --output - --passphrase-fd 0 --armor --sign --detach-sign --textmode -u guru msg.asc gpg: reading options from '/home/guru/.gnupg/gpg.conf' gpg: enabled debug flags: ipc gpg: DBG: chan_7 <- OK Pleased to meet you gpg: DBG: connection to agent established gpg: DBG: chan_7 -> RESET gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION ttytype=rxvt gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION display=:0 gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION xauthority=/tmp/kde-guru/xauth-1001-_0 gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/dbus-O4oooGN9t0,guid=4cf4542b4bf772f2892b2ac3567aaf2d gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION allow-pinentry-notify gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> OPTION agent-awareness=2.1.0 gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> AGENT_ID gpg: DBG: chan_7 <- ERR 67109139 Unknown IPC command gpg: DBG: chan_7 -> HAVEKEY EF8AE0E0D3D7EBBFA6A0230CD105E0DFC04D9DE1 8FB0DD8249EC4A24E2A73B4721098FCDE815FEBB gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> RESET gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> SIGKEY EF8AE0E0D3D7EBBFA6A0230CD105E0DFC04D9DE1 gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Matthias+Apitz+(GnuPGv2)+%22%0A2048-bit+DSA+key,+ID+FFEE762B922A6CBB,%0Acreated+2015-12-22.%0A gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> SETHASH 8 B0E553EDE7C732CA26D96C45C32E6143AB642BF28E03217400C893CCB0F14B62 gpg: DBG: chan_7 <- OK gpg: DBG: chan_7 -> PKSIGN gpg: DBG: chan_7 <- INQUIRE PINENTRY_LAUNCHED 4886 gpg: DBG: chan_7 -> END gpg: DBG: chan_7 <- ERR 83886340 Invalid IPC response gpg: signing failed: Invalid IPC response gpg: signing failed: Invalid IPC response gpg: secmem usage: 1568/32768 bytes in 3 blocks What do I miss or do wrong? matthias -- Matthias Apitz, ✉ g...@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing mails with MUA mutt fails
On Wed, 23 Dec 2015 18:54, g...@unixarea.de said:
> To sign mails one configure in the MUA the command in the following
> form:
You should put
set crypt_use_gpgme
into your ~/.muttrc to use the modern (ie. from ~2003) version of Mutt's
crypto layer. it works much better that the bunch of configured commands.
> gpg2 --batch --output - --passphrase-fd 0 --armor --sign --detach-sign
> --textmode -u %a %f
--passphrase-fd 0
does not work with gpg2 (since 2.1) because the gpg-agent is responsible
for the private keys and the passphrase to protect them. If you are
using an xterm the GUI Pinentry pops up from the background (controlled
by the existence of the DISPLAY envvar). If you are using a plain tty,
either the curses pinentry or the dump tty only pinentry can be used.
The curses pinentry is used part of the GUI pinentry and used if DISPLAY
is not set. Take care to set the GPG_TTY envvar (man gpg-agent).
If you really need it with 2.1 you may also use the loopback mode which
allows to gpg2 for ask for a passphrase in a similar but not indentical
way gpg1 and pgp did. Put
allow-loopback-pinentry
into ~/.gnupg/gpg-agent.conf and restart the agent. Add
--pinentry-mode=loopback
to the gpg command line.
> running with --debug gives some kind of error in the communication with
> the agent:
>
> $ killall gpg-agent
> gpg: DBG: chan_7 -> AGENT_ID
> gpg: DBG: chan_7 <- ERR 67109139 Unknown IPC command
That error is expected: it is a test for the former GNOME gpg-agent
replacement.
> gpg: DBG: chan_7 <- ERR 83886340 Invalid IPC response
> gpg: signing failed: Invalid IPC response
Something is wrong with your pinentry. To debug this you add
--8<---cut here---start->8---
log-file /foo/bar/gpg-agent.log
verbose
debug-pinentry
debug ipc
--8<---cut here---end--->8---
into gpg-agent.conf ("debug ipc" Is the same as "debug 1024")
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg: BAD signature from
Downloaded armory-bin.tar.gz from arch AUR On Armory site they gave public key text in ASCII format. I saved it to armory_key.txt I imported this public key from armory_key.txt file to my key ring. gpg --list-keys pub rsa4096/98832223 2012-02-28 uid [ unknown] Alan C. Reiner (Offline Signing Key) uid [ unknown] Alan C. Reiner (Armory Signing Key) uid [ unknown] Alan C. Reiner (Armory Signing Key) sub rsa4096/DE6B2D74 2012-02-28 t The also gave signature in ascii and I saved that to armory_sig.txt gpg --verify armory_sig.txt armory-bin.tar.gz gpg: Signature made Sun Jun 7 20:46:36 2015 CDT using RSA key ID 98832223 gpg: BAD signature from "Alan C. Reiner (Offline Signing Key) " [unknown] The key ID 98832223 match whats on their site 0x98832223, and whats on my keyring, but Can you explain what the third line means why (BAD signature)? I am pretty much new to all this stuff! -- View this message in context: http://gnupg.10057.n7.nabble.com/gpg-BAD-signature-from-tp45427.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing mails with MUA mutt fails
El día Wednesday, December 23, 2015 a las 08:40:24PM +0100, Werner Koch escribió: > On Wed, 23 Dec 2015 18:54, g...@unixarea.de said: > > > To sign mails one configure in the MUA the command in the following > > form: > > You should put > > set crypt_use_gpgme Thanks for that hint! I have had to re-compile the mutt port (on FreeBSD) to get this option to work, but it now works nicely. matthias -- Matthias Apitz, ✉ g...@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045 pgpHmOKHGj8L1.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: BAD signature from
On Wed, Dec 23, 2015 at 1:14 PM, stevehendo34 wrote: > Downloaded armory-bin.tar.gz from arch AUR > > On Armory site they gave public key text in ASCII format. > I saved it to armory_key.txt > I imported this public key from armory_key.txt file to my key ring. > gpg --list-keys > pub rsa4096/98832223 2012-02-28 > uid [ unknown] Alan C. Reiner (Offline Signing Key) > > uid [ unknown] Alan C. Reiner (Armory Signing Key) > > uid [ unknown] Alan C. Reiner (Armory Signing Key) > > sub rsa4096/DE6B2D74 2012-02-28 > t > > The also gave signature in ascii and I saved that to armory_sig.txt > gpg --verify armory_sig.txt armory-bin.tar.gz > gpg: Signature made Sun Jun 7 20:46:36 2015 CDT using RSA key ID 98832223 > gpg: BAD signature from "Alan C. Reiner (Offline Signing Key) > " [unknown] > > The key ID 98832223 match whats on their site 0x98832223, and whats on my > keyring, but > Can you explain what the third line means why (BAD signature)? > > I am pretty much new to all this stuff! Hi Steve, Welcome! The error means that the data you downloaded doesn't match the data that was originally signed by the author. It's possible this could be due to an error by the signer, a transmission error over the internet, or intentional tampering. Cheers! -Pete -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
New GnuPG FTP mirror: mirror.se.partyvan.eu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi gnupg-users. I noticed the FTP Mirrors page [1] is outdated. Many mirrors are dead, some have not existed for perhaps years. The fair amount of confusion that came from that page made me initially delay with the decision to host a new mirror - I wasn't sure where to start. Sunet announced to decommission last year, although it still seems to be available and syncing. ftp.jyu.fi may have been merged with ftp.funet.fi, although I couldn't find GnuPG to be hosted on Funet's FTP server. This led me to believe there is no active GnuPG mirror available in Sweden/Finland, so I have setup one for GnuPG on our mirror server in Stockholm, Sweden. This mirror server is connected to a 1 Gbps connection at AS42708 Portlane AB. - - ftp: n/a - - http: http://mirror.se.partyvan.eu/pub/ftp.gnupg.org/gcrypt/ - - https: https://mirror.se.partyvan.eu/pub/ftp.gnupg.org/gcrypt/ - - onion: http://tpvj6abq225m5pcf.onion/pub/ftp.gnupg.org/gcrypt/ - - rsync: rsync://mirror.se.partyvan.eu/pub/ftp.gnupg.org/gcrypt/ I've setup syncing to happen from ftp.gnupg.org over rsync daily at 12:00.[2] This happened to be the closest available rsync server right now, excluding ftp.sunet.se which's future seems uncertain. If interested, I can setup syncing to happen more frequently too, e.g. twice or four times a day. [1]: https://www.gnupg.org/download/mirrors.html [2]: https://partyvan.eu/transparency/config/cron/tabs/rsync - -- Juuso Lapinlampi Partyvan -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWe2ZIAAoJEJiZcbKmt69LwiQP/RO/FC/SBgpUbq6K5gpkpekw YiGqU1jRPleUEJNPjR+8mwWCdYjY6hFZ6bB47BsUjlDnttUIEZzQsP4sc2UW3neU JdXJgZ7LEJ9UDH98X9VO272W9zHBO68RlaB16QTOT/6Vc4SzlEyz540tzwx+7IU6 SiquT/wKiBkUstgusTstX/Kh+MZ9Tr2MJWffzJKCCH8+NHUm8cJbjshFKSLmjjLA r7h1Uyqim9bSwEo2Epco0edyDtaqg5ON+dN7rV9cmnNtMQhvfKc9kTLRovQiFX23 3wDDYJnnaxphIrg5QjZOTGHtKbeOIxQXe52gje51ikr67P9742M+bBjnLOtXjlC8 7ad7dp4/sMhO9btV8i26UCt1BgZG5RLRdhCtbYfF4QNUvlrVrb3m3ZKcwwlYD/wb OhBwX/ejTEtRg7MCLGNQmuVc2UKrgaaCQ4itT06S49yEGZ0QnbblADGBciw1+vnV cNHoL5npPQIlM7jatO32VpdHb5FsoCye4bs3t9/nIoyEGpAYrLDA/AFRffXCAXNl FAGTRbGkkeU1mqzfTVfIt4Ia5rUCMjSnYwlekzzDgFZaP49QymZ9ScOqXfubxoLX SPRCFpDawg3nMvng/kX7e+P8P0PyP/bxSW4dzyRi99D2IzfzoSPRON4M43uSJAYl ZMkZ6xBoU2svrqKUsiq1 =HRNJ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
