On Wed, 11 Oct 2017 11:00, patr...@enigmail.net said:
> If you import a key more than once in gpg -- which is what you always do
> e.g. if you refresh keys from a keyserver --, it's gpg's task to do the
> right thing (i.e. merge the keys).
I am working on that bug (3446). Those who can test GnuP
On Fri, 13 Oct 2017 10:04, andreas.glae...@irregulaire.info said:
> suspect the hashing-algorithm is too slow, it may be due to
> double-hashing. Evolution for example is configurable in this respect,
Nope. Unless you have GiB large messages this won't be noticeable - such
large messages create
On Mon, 6 Nov 2017 11:46, whi...@posteo.net said:
> Why not display exactly what GnuPG reports concerning a signature? Leave
> it up to the user to make his own value judgments.
That is what I was about to reply ;-).
In fact we have spend weeks of work to come of with a useful
representation of
On Thu, 9 Nov 2017 19:10, d...@fifthhorseman.net said:
>> That is what I was about to reply ;-).
>
> What kind of value judgements do you expect the user to make? Most
I explained this below and pointed to the current state of the
discussion as described in the wiki.
Salam-Shalom,
Werner
On Fri, 10 Nov 2017 16:24, d...@fifthhorseman.net said:
> reply to this thread earlier -- i had read you as agreeing with Whitey
> when i read the thread offline and didn't have access to the wiki links
I see. What I meant was that I "would have written the same" but long
lasting discussions con
On Fri, 20 Apr 2018 05:16, a...@pep-security.net said:
> C:\>gpgconf --query-swdb
> usage: gpgconf --query-swdb NAME [VERSION]
Use
gpgconf --query-swdb gnupg
> C:\>gpg-connect-agent --dirmngr 'loadswdb --force' /bye
Windows does not support ' as quote. Thus use
gpg-connect-agent --dirm
On Mon, 14 May 2018 13:47, r...@sixdemonbag.org said:
> Short version: Mailpile isn't impressed, either, and is a little annoyed
> they were mistakenly listed as being vulnerable.
Yes, all green in the table for Mailpile. GgpOL (Gpg4win's Outlook
plugin) is also claimed to be vulnerable but the
On Tue, 15 May 2018 22:55, patr...@enigmail.net said:
> there is no reason to deactivate Enigmail, especially as S/MIME in
> Thunderbird is affected by the same issues -- and S/MIME cannot be
> deactivated.
You can temporally remove your X.509 private key.
Shalom-Salam,
Werner
--
# Pleas
Hi!
I just implemented a robust detection for a missing MDC in GPGME. This
works with all GnuPG versions since 2.0.19 (March 2012) and is future
proof. It is based on the DECRYPTION_INFO status which GPGME already
parses. Code speaks more than words:
--8<---cut here---s
On Sun, 27 May 2018 20:12, d...@fifthhorseman.net said:
>> 1. creating the Autocrypt header: the key is specified to contain
>> exactly one UID one public/signing key and one encryption key. There is
>> no function in GnuPG to extract this from a key. Users that have many
>> UIDs or many subkeys k
On Sun, 27 May 2018 20:12, d...@fifthhorseman.net said:
> ok, so this might be typically solvable if we can get GnuPG to fix:
>
>https://dev.gnupg.org/T3622
>https://dev.gnupg.org/T3804
(They are about export-minimal). I raised the priority.
>> 2. Using GnuPG, you cannot guarantee that
On Thu, 31 May 2018 20:00, o.e.ek...@gmail.com said:
> I just noticed a gpgv window, so I decided to try above commands.
> gpg-connect-agent seems to hang however.
Chek whether the dirmngr process is already running. If that is the
case kill it and run
gpg-connect-agent --dirmngr --verbose
On Thu, 31 May 2018 21:07, o.e.ek...@gmail.com said:
> With netstat I see that dirmngr.exe connects to https://cvs.gnupg.org:443/
Yeah, that is the canonical name for the IP addressed used for
https://versions.gnupg.org. Dirmngr downloads two files with the
current version numbers asn a signatur
On Tue, 5 Jun 2018 19:52, hamlin.carli...@gmx.com said:
> I've used this key for a *hell* of a long time, and generating a new key
> pair is simply out of the question. I'm looking for new suggestions as
... and maybe others used your private key as well.
A 512 bit DSA key has way too low secur
On Thu, 14 Jun 2018 08:11, patr...@enigmail.net said:
> However, the problem behind is that without --log-file, you get a
> mixture of human-readable and machine-parseable output on stderr. You
Only if you use the same file descriptor for --status-fd as you do for
--logger-fd or use a filename re
On Fri, 5 Oct 2018 17:34, d...@fifthhorseman.net said:
> I ran into this with some older versions of GnuPG (e.g. the
> heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test
Do you happen to know whether this is also the case with current
upstream or with gpg-agent not being ru
On Sat, 27 Oct 2018 11:07, patr...@enigmail.net said:
> it (Enigmail needs to interpret some human-readable messages that GnuPG
> does not issue correctly in the API).
Please let me know which messages these are. Using the human interface
for programs is strongly discouraged because the strings,
On Sat, 27 Oct 2018 17:42, patr...@enigmail.net said:
> but when I find older versions. You obviously can't fix this by creating
> a new release ;-). Things like "missing MDC" messages for CAST5.
I see. I general I think it is better to force the use of a current
versions and not to support old
On Mon, 26 Nov 2018 09:48, patr...@enigmail.net said:
> its focus. In other words, Enigmail does not ask you for your passphrase
> - that's fully controlled by GnuPG.
Not really. For security reasons Windows has strict rules on which
process can put itself into the focus. Enigmail needs to tell
On Mon, 26 Nov 2018 16:30, patr...@enigmail.net said:
> Thanks for the hint - I wasn't aware of that. I'll try to add this to
> Enigmail.
Here is the code we use ingpgme for starting gpg. Actually we do not
start gpg directly but put a wrapper inbetween to be able to select
which handles are con
nd carry that around
instead of your laptop. It is easy to get used to that. All it takes
is to have a key on a token (I suggest a Gnuk or Nitrokey Basic with an
Ed25519 key) and to have these kind of entries
--8<---cut here---start->8---
[user]
On Fri, 20 Sep 2019 17:40, eschwa...@archlinux.org said:
> Any idea what's going on?
I guess this is related to the extra spaces used in emprty lines:
> Hello,$
>=20$
> My name i
(indented by 2 bytes here). The =20 is the QP encoding of a space.
Salam-Shalom,
Werner
--
Die Gedan
On Mon, 28 Oct 2019 12:28, Daniel Kahn Gillmor said:
> one of them. But while GnuPG's errors are implementation errors, SKS is
There was actually only one error: Two limits on the size of a keyblock
which did not match so that only at a later point in processing the too
long key size was detecte
On Tue, 29 Oct 2019 18:18, Daniel Kahn Gillmor said:
>> You can't. Neither can a webbroweser avoid downloading huge images or
>> other stuff from stupid web pages.
>
> i think the idea that there's no defense against malicious input is
> rather defeatist. There are plenty of counterexamples, whe
On Fri, 3 Jan 2020 09:21, Patrick Brunschwig said:
> to deal with handling keys and passphrases. If GNOME decides to hijack
> gpg-agent then that's entirely their decision, and you can't blame GPG
> for working that.
Just let me note that GNOME is not hijacking gpg-agent. They did so in
the pas
On Wed, 26 Aug 2020 22:30, Christian Riechers said:
> There's just no gpgme DLL file in there. But then I'm still not sure
> what exactly I'm supposed to look for.
Actually there are two copies of gpgme installed by Gpg4win:
c:/Program Files (x86)/GnuPG/bin/libgpgme-11.dll
and the second copy
On Sat, 29 Aug 2020 09:09, Christian Riechers said:
> I'm wondering whether there will be a gpg/gpgme 64-bit binary for
> Windows offered for download from gnupg.org at some point.
Andre will include a 64 bit version of gpgme.dll into the next gpg4win
release. We hope to get a release out by nex
On Mon, 31 Aug 2020 15:12, Kai Engert said:
> Do you intend to use a different filename for the the 64-bit version?
No. The 64 bit DLLs live in the "bin_64" directory. You can already
find the gpgol plugin there.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bund
On Sun, 20 Sep 2020 21:08, Juergen Bruckner said:
> password-requests. Could there be a issue with that, that I just use
> subkeys on productive systems?
FWIW, the stub key feature which allows you to keep the primary key
offline is GnuPG specific. The on-wire format used to export a secret
key
On Wed, 2 Jan 2013 19:50, d...@fifthhorseman.net said:
>> GnuPG 2.x, and there is nothing Enigmail could do about it. AFAIR
>> there is an option in gpg-agent.conf to disable blocking the X session.
It is called --no-grab.
> Do any gnupg contributors have suggestions about the "fails to cache m
On Mon, 10 Nov 2014 21:52, d...@fifthhorseman.net said:
> I believe this is two distinct issues, and maybe we want to address them
> both:
>
> * gnupg 2.1.x might want to buffer data before the signature is made,
>and decline to emit anything if the signature fails
There is a lot of bufferin
On Wed, 4 Feb 2015 20:16, bob.hen...@galen.org.uk said:
> Windows 64 bit. I think before you drop support of 1.4 you should wait
> until there is a standalone "official" version GnuPG 2.0 for Windows.
There is an official version for GnuPG 2.0 for Windows for many years.
It is called Gpg4win. A
On Thu, 21 May 2015 18:23, d...@fifthhorseman.net said:
> At least one of the keys he claimed to have broken is a degraded copy of
> one of H. Peter Anvin's actual subkeys, as Hanno Böck pointed out here:
That reminds if of a private discussion I had last autumn. Some guy
downloaded most RSA key
On Mon, 20 Jul 2015 19:33, r...@sixdemonbag.org said:
> So, in the interests of further checking this out, I figured I'd start
> from a fresh slate:
gpg --version ?
gpg2 --version ?
> [rjh@localhost ~]$ killall gpg-agent
> gpg-agent: no process found
[Better use /pkill/ than /killall/ so
On Mon, 15 Feb 2016 17:47, stde...@gmail.com said:
> If I failed (and canceled) the Pinentry (which is highly
> cancel-resistant) and then retried to open a draft message (with the
If you are using GnuPG 2.1 you may use the close-window button in the
frame to cancel Pinentry. This fully-cancel c
Hi!
Enigmail is based on GnuPG which uses the OpenPGP protocol. Thus this
announcement might be interesting for some of you:
The German Unix User Group is pleased to announce the first public
conference on the OpenPGP protocol taking place in Cologne, Germany on
September 8+9, 2016.
OpenPGP.con
On Sun, 10 Jul 2016 09:18, landau...@gmail.com said:
> Ok, then do the keys GnuPG generates for Enigmail come from elliptic
> curves, from integer factorization, or from discreet logarithms? Once the
> size of the prime is chosen (1024 bits, say) does GnuPG always use the same
RSA requires a new
On Mon, 16 Jan 2017 20:28, r...@sixdemonbag.org said:
> GPGME 2017-01-16 14:14:55 <0x0d3f> gpgme-walk_path: 'gpgconf' not found
> in '/usr/bin:/bin:/usr/sbin:/sbin'
Is there another directory which should be included into the default
PATH on macOS? We can't add private directories (that is for
On Tue, 17 Jan 2017 14:52, r...@sixdemonbag.org said:
> Homebrew uses /usr/local, GPGTools uses /usr/local, GPGOSX uses
> /usr/local/gnupg-2.1, hand-installed often goes to $HOME, some people
> use /opt, and so on.
So, this is the standard Unix pattern. We should add /usr/local/bin to
the defaul
39 matches
Mail list logo
