Re: gpg-agent 2.1 persistent socket between sessions
Ok great enabling lingering works, i don't know why but on previous Ubuntu version lingering is not enabled but the /run/user/PID folder was not cleaned... Thanks ! - Original Message - From: "Kostis Anagnostopoulos" To: "Laurent Lavaud" Cc: "GNUPG-Users" Sent: Wednesday, October 25, 2017 11:21:34 PM Subject: Re: gpg-agent 2.1 persistent socket between sessions On 25 October 2017 at 12:27, Laurent Lavaud wrote: > Hello, > > I would like to know what is the correct way to get a gpg-agent 2.1 > persistent socket between session ? > > I have some cronjob that must use a key stored in the agent. > > Actually the first time a gpg-agent is launch, it create a socket in > /run/user/PID/gnupg/ but when i logout this folder is cleaned by systemd and > then if i come back i can't reconnect to the running gpg-agent because the > socket has disapear... Have you tried to tell `systemd` to "linger" your user account? https://askubuntu.com/a/859583/251379 Best, Kostis > > This problem appears since i uprade to Ubuntu 17.10, it seems before systemd > don't clean the /run/user/PID folder so the socket persist between session. > I don't think it is an Ubuntu bug, it seems to be a normal behavior that > systemd clean this folder so how i could get a persistent socket for my > gpg-agent ? > > thanks in advance for your help. > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg 2.2.x devuan jessie no TOFU TLS
cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a working devuan jessie 2.2.x install and care to explain ? many thank yous -- -- GnuPG v2.2.1 has been configured as follows: Revision: 355ca9e (13660) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar:yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: /usr/bin/pinentry Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support:yes LDAP support:yes TLS support: no TOFU support:no Tor support: yes checking for SQLITE3... no configure: WARNING: *** *** Building without SQLite support - TOFU disabled *** *** *** checking for encfs... /usr/bin/encfs checking for fusermount... /bin/fusermount checking for openpty in -lutil... yes checking for shred... /usr/bin/shred checking for npth-config... /usr/local/bin/npth-config checking for NPTH - version >= 1.2... yes (1.5) checking NPTH API version... okay checking for ntbtls-config... no checking for NTBTLS - version >= 0.1.0... no checking for LIBGNUTLS... no configure: WARNING: *** *** Building without NTBTLS and GNUTLS - no TLS access to keyservers. *** *** ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Verify that the file is from who I expect it to be from
Hi all maybe I'm missing something, but how do I verify not only that an encrypted file is signed, but that it is signed by the party I expect to have signed it? In other words, if two parties can supply a file with the same name I want to make sure that when I think I'm dealing with a file from party A, it is actually signed by party A. At the the moment, when I decrypt the file, it seems to simply be checking that the signature is valid. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
> maybe I'm missing something, but how do I verify not only that an > encrypted file is signed, but that it is signed by the party I expect to > have signed it? Look for output like: = Signature made 10/26/17 22:01:37 Eastern Daylight Time using RSA key CC11BE7CBBED77B120F37B011DCBDC01B44427C7 Good signature from "Robert J. Hansen " [ultimate] aka "Robert J. Hansen " [ultimate] aka "Robert J. Hansen " = See that line reading "Good signature"? That's what you're looking for. Hope this helps. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg 2.2.x devuan jessie no TOFU TLS
Forwarded Message Subject: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 01:00:36 +1100 From: Fulano Diego Perez To: GnuPG Users , d...@lists.dyne.org cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a working devuan jessie 2.2.x install and care to explain ? many thank yous -- -- GnuPG v2.2.1 has been configured as follows: Revision: 355ca9e (13660) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar:yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: /usr/bin/pinentry Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support:yes LDAP support:yes TLS support: no TOFU support:no Tor support: yes checking for SQLITE3... no configure: WARNING: *** *** Building without SQLite support - TOFU disabled *** *** *** checking for encfs... /usr/bin/encfs checking for fusermount... /bin/fusermount checking for openpty in -lutil... yes checking for shred... /usr/bin/shred checking for npth-config... /usr/local/bin/npth-config checking for NPTH - version >= 1.2... yes (1.5) checking NPTH API version... okay checking for ntbtls-config... no checking for NTBTLS - version >= 0.1.0... no checking for LIBGNUTLS... no configure: WARNING: *** *** Building without NTBTLS and GNUTLS - no TLS access to keyservers. *** *** ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
You need to verify the key that signed it. A valid signature means nothing. A malicious actor could sign any message or days with a valid, verifiable key and send it to you. The heart of the matter is the key that signed it. Gnupg tells you which key signed the data, usually by long key ID IIRC. You have to make sure the key that signed the data is the key that you expect, basically. If you need something more in-depth, there are many more qualified individuals to assist on the list. On October 26, 2017 7:52:33 PM EDT, Dan Horne wrote: >Hi all > >maybe I'm missing something, but how do I verify not only that an >encrypted >file is signed, but that it is signed by the party I expect to have >signed >it? In other words, if two parties can supply a file with the same name >I >want to make sure that when I think I'm dealing with a file from party >A, >it is actually signed by party A. At the the moment, when I decrypt the >file, it seems to simply be checking that the signature is valid. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
Thanks - I get the line saying "good signature" i n my message, but are you saying that I have to grep the output for the message and the email address of the encryptor? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
Yes - that's what my OP meant - Verifying the key. But I'm hoping to avoid greping the output. What I'd love to do is provide the key I want verified and for GnuPG to confirm e.g. something like the following would be fab: gpg2 --verify-sign On 27 October 2017 at 15:08, Antony Prince wrote: > You need to verify the key that signed it. A valid signature means > nothing. A malicious actor could sign any message or days with a valid, > verifiable key and send it to you. The heart of the matter is the key that > signed it. Gnupg tells you which key signed the data, usually by long key > ID IIRC. You have to make sure the key that signed the data is the key that > you expect, basically. If you need something more in-depth, there are many > more qualified individuals to assist on the list. > > On October 26, 2017 7:52:33 PM EDT, Dan Horne > wrote: >> >> Hi all >> >> maybe I'm missing something, but how do I verify not only that an >> encrypted file is signed, but that it is signed by the party I expect to >> have signed it? In other words, if two parties can supply a file with the >> same name I want to make sure that when I think I'm dealing with a file >> from party A, it is actually signed by party A. At the the moment, when I >> decrypt the file, it seems to simply be checking that the signature is >> valid. >> >> >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
On 10/26/2017 11:01 PM, Dan Horne wrote: > Yes - that's what my OP meant - Verifying the key. But I'm hoping to > avoid greping the output. What I'd love to do is provide the key I want > verified and for GnuPG to confirm e.g. something like the following > would be fab: > > gpg2 --verify-sign Maybe use gpgv2 instead and put only that one key in the trustedkeys.gpg or trustedkeys.kbx file? -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.2.x devuan jessie no TOFU TLS
On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: > cannot work this out > > installed sqlite3 and gnutls available packages and -dev packages what versions of these packages did you install? can you provide more explicit details? the debian packages build fine on stretch and later, but i'm reluctant to try to backport them to jessie myself these days. Such a port would introduce too many platform-level incompatibilities. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
