On Mon, Nov 21, 2016 at 4:16 AM, Werner Koch wrote:
>
>> configure: error: No pinentry enabled.
>
> You need to install the appropriate development package for the GUI
> platform.
>
>
> Salam-Shalom,
>
>Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Werner was GTK
On Mon, Nov 21, 2016 at 8:15 PM, Stephan Beck wrote:
> Ah, I forgot one thing: you have to add the following to your ~/.bashrc
> file:
> GPG_TTY=$(tty)
> export GPG_TTY
>
> Does it work now?
>
> HTH
>
> Stephan
Stephan I updated the .bashrc file in my home directory, still got the
same error, so
"Robert J. Hansen" wrote:
>> gpg is intended to run on the client, not the server. A mail service
>operator
>> should not hold the private keys of its users, never mind perform
>encryption
>> operations on their behalf. I would question the design of your
>architecture if
>> you feel this is nece
Peter Lebbing wrote:
>On 22/11/16 17:20, Carola Grunwald wrote:
>> They don't have any system account at all. These are users of a
>> messaging system, only allowed to access its POP3, SMTP and NNTP
>> service.
>
>Perhaps 1.4 is the best release for you... you'll miss out on Elliptic
>Curve, but
On Tue 2016-11-22 11:20:26 -0500, Carola Grunwald wrote:
> They don't have direct access to any key. Nevertheless by using someone
> else's cached passphrase with 2.1 and its all-embracing keyring they may
> succeed in decoding data not meant for them.
fwiw, the same concerns hold for a shared gpg
> gpg is intended to run on the client, not the server. A mail service
operator
> should not hold the private keys of its users, never mind perform
encryption
> operations on their behalf. I would question the design of your
architecture if
> you feel this is necessary.
I concur. This post is agr
On 22/11/16 17:20, Carola Grunwald wrote:
> They don't have any system account at all. These are users of a
> messaging system, only allowed to access its POP3, SMTP and NNTP
> service.
Perhaps 1.4 is the best release for you... you'll miss out on Elliptic
Curve, but other than that, it's still a
On 22/11/16 18:17, Carola Grunwald wrote:
> You seriously recommend to run a dedicated gpg-agent instance for each
> of dozens if not hundreds of mail service users?
gpg is intended to run on the client, not the server. A mail service
operator should not hold the private keys of its users, never m
Peter Lebbing wrote:
>On 22/11/16 02:54, Carola Grunwald wrote:
>> - In a multi-user environment the key owning recipient has to be granted
>> access to the private key with some sender being restricted to only use
>> the public key no matter whether there's any chance s/he guesses the
>> correct
Peter Lebbing wrote:
>On 21/11/16 15:20, Carola Grunwald wrote:
>> As for each single decryption task only a defined passphrase is
>> allowed to be used it's essential to have caching, which implicates
>> the risk of unauthorized passphrase usage, strictly deactivated.
>
>Why do you lump these us
On 22/11/16 02:54, Carola Grunwald wrote:
> - In a multi-user environment the key owning recipient has to be granted
> access to the private key with some sender being restricted to only use
> the public key no matter whether there's any chance s/he guesses the
> correct passphrase.
That's what fi
On 21/11/16 15:20, Carola Grunwald wrote:
> As for each single decryption task only a defined passphrase is
> allowed to be used it's essential to have caching, which implicates
> the risk of unauthorized passphrase usage, strictly deactivated.
Why do you lump these users together? At a first glan
Hello!
On 22. 11. 2016 08:06, Werner Koch wrote:
> That is unfortunate because all modern implementations use the
> indirect signing method (using the attribute 1.2.840.113549.1.9.4).
> GPGSM is able to verify the old direct signing method but it can't
> create such an old signature.
This explain
Hi,
Jernej Kos:
> Hello!
>
> Not sure about what you mean with the OpenPGP card not supporting
> signing? I have set gpgsm to use the signing key on the OpenPGP card (in
> key slot 1) for generating X509 certificates and CMS (S/MIME) signatures
> by doing:
>
> gpgsm --learn-card
> gpgsm --ge
On Sun, 20 Nov 2016 20:47, jer...@kos.mx said:
> detached CMS signature. The kernel requires that the CMS does not
> contain any authenticated attributes and it refuses to validate the
> signature otherwise [1].
That is unfortunate because all modern implementations use the
indirect signing metho
Hello!
Not sure about what you mean with the OpenPGP card not supporting
signing? I have set gpgsm to use the signing key on the OpenPGP card (in
key slot 1) for generating X509 certificates and CMS (S/MIME) signatures
by doing:
gpgsm --learn-card
gpgsm --gen-key
And selecting an existing ke
16 matches
Mail list logo
