Article in Forbes.

[Eric F]

Perhaps not directly gnupg related, more OS X related. But, with both
GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X
sec. discussion the other week) :)

It's seem like “Gatekeeper” is only using http if I read it correctly.

Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper
http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/

“He found around 150 on his own machine, including hugely popular
software like Microsoft Word and Excel, Apple’s own iCloud Photos and
Dropbox. The list also included Apple’s developer tool *XCODE and email
encryption key management software GPG Keychain, both of which he abused
in his proof of concept attacks*.”


I have no idea how this works, but one question that came in mind was if
a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg
on other platforms?

Anyway, interesting reading. Just wanted to share.

/Eric
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.3 Fails to Compile OS X

[Eric F]

On 4/22/15 21:53 , Ben McGinnes wrote:
> On 22/04/2015 5:22 pm, Werner Koch wrote:
>> > On Sat, 18 Apr 2015 21:35, b...@adversary.org said:
>> > 
>>> >> e...@quot.po:54: 'msgid' and 'msgstr' entries do not both end with '\n'
>>> >> e...@quot.po:58: 'msgid' and 'msgstr' entries do not both end with '\n'
>> > 
>>> >> but no need to paste them all in); obviously the cause is somewhere
>>> >> in those sed or make rules.  I'm just not certain of the right place
>> > 
>> > That script (po/quot.po) did not changed for more than a decade.  I
>> > guess your sed is broken (did you recently update it)?
> Nope, there's only one sed on the system, the default one in /usr/bin
> and that appears to be the semi-standard FreeBSD one compiled for OS X
> Mach.
Yes, sed in OS X is a little bit different. “Sed'ing” an output is fine,
but when to change/write something in a file it's different.Example:

gnu sed:sed -i 's/foo/bar/g' foobar.txt
osx sed:sed -i '' 's/foo/bar/g' foobar.txt

I've updated sed to gnu's sed(-4.2 ) and
it works fine. (+ an updated libiconv).

./configure --prefix=/usr/local --with-libiconv-prefix=/usr/local

(Haven't compiled gnupg though).

HTH

/Eric
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Best way to get fingerprint programatically

[Eric F via Gnupg-users]

On 12/18/19 10:56 , Andrew Gallagher wrote:
> On 18/12/2019 09:32, Werner Koch via Gnupg-users wrote:
>> The  -F:: is an interesting hack but Andrew's or my variant works
>> with all AWK implementations:
>>
>>awk -F: '$1=="fpr" {print $10}' | head -1
> Aha, I forgot about handling multiple results. Note that you don't need
> head if you're already using awk:
>
>   awk -F: '$1=="fpr" {print $10; exit}'
>
> :-D

This was really interesting. Thanks for that tip (all of you). :)
Updated a key the other day, in a more manual way.

What about updating sub-keys…

$ gpg --with-colons -k 0xlongid | awk -F: '$1=="fpr" {print $10}'
0123…
4567…
8901…
2345…

Any convenient way to automate that, or can I just loop it? …something like:

$ for k in $(gpg --with-colons -k 0xlongid | awk -F: '$1=="fpr" {print $10}'); 
do \
> gpg --quick-set-expire ${k} ; done


 · Eric
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users