Re: "keyserver receive failed: Try again later" on macOS

On 18 Jun 2025, at 17:15, Walt Mankowski wrote: > > Good idea! I renamed my .gnupg directory, killed dirmngr, and then tried to > receive a key: > > % gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys > 7FE79B445728C8EA0042839E45BCE75B840B1F69 > gpg: directory '/Users/waltman/.gnupg' crea

Re: "keyserver receive failed: Try again later" on macOS

On 18 Jun 2025, at 16:15, Walt Mankowski wrote: > > $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys > 77D4D81DC47D68FA9E9E6A7C5DF19E2B67A7B584 > gpg: keyserver receive failed: Try again later > $ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys > 77D4D81DC47D68FA9E9E6A7C5DF19E2B

Re: "keyserver receive failed: Try again later" on macOS

On 17 Jun 2025, at 14:41, Walt Mankowski wrote: > > When I changed the command to > > gpg --keyserver hkp://keyserver.ubuntu.com::11371 --recv-keys > 77D4D81DC47D68FA9E9E6A7C5DF19E2B67A7B584 > > then it retrieved the key as expected. I added the port to gpg.conf and now > everything is fine.

Re: "keyserver receive failed: Try again later" on macOS

On 14 Jun 2025, at 21:36, Walt Mankowski via Gnupg-users wrote: > > Every time I try to import a key, it fails almost immediately with the error > > gpg: keyserver receive failed: Try again later > > I've tried a number of different keyservers and keep getting the same error. > I have an Ubun

Re: Trust assignment fails for key with fingerprint ending in multiple zero blocks

On 13 Jun 2025, at 15:29, To Damon wrote: > >> gpg --list-secret-keys --with-fingerprint > gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: > 51f9e32f62fa6745c5cb09c2412a > gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: > 577e8f3f61625918c9c53c226b335000 > gpg: key 0

Re: Trust assignment fails for key with fingerprint ending in multiple zero blocks

On 5 Jun 2025, at 10:24, To Damon via Gnupg-users wrote: > >> gpg --list-secret-keys --keyid-format=long --with-keygrip > gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: > e32f62fa6745c5cb09c2412a At some point it appears to have converted a v4 fingerprint with N>=32 trailing z

Re: Deterministic signatures digest prefix

On 29 May 2025, at 15:28, Richard Ulrich via Gnupg-users wrote: > > By using faketime, I harmonized the timestamp that is part of the signature. > The > main difference I see at the moment is the "Digest prefix" > Even with lots of searching and reading all sorts of documentation and forum > po

Re: Opengpg smartcard specs for kyber (PQC) algorithm

On 14 May 2025, at 08:03, Simon Josefsson via Gnupg-users wrote: > > It was hard for me > to get anything to work on a Debian-derived distribution because they > ship a GnuPG fork that interacts badly with genuine GnuPG. In what way does it interact badly? Is it worse than just a version mismat

Re: Should you include your email address on key server?

On 14 May 2025, at 09:00, Werner Koch wrote: > > On Tue, 13 May 2025 17:47, Andrew Gallagher said: > >> Note however that many clients cannot import the revocations as >> generated by gpg-wks-client. Because it appends detached signature > > Well, then I would su

Re: Should you include your email address on key server?

On 13 May 2025, at 13:13, Werner Koch via Gnupg-users wrote: > Keyserver can only be useful for distributing revocation certificates > but in many cases this can also be done by the Web Key Directory (in > fact gpg-wks-client appends revocations of old keys to new keys). Note however that many

Re: New Encryption Algorithm - GordianCrypt

Hi, Ben. On 1 Apr 2025, at 14:11, Gordian Crypt via Gnupg-users wrote: > > I am writing to introduce myself and share details about a new encryption > algorithm I have developed—GordianCrypt. With over 10 years of experience in > security and networking, I have dedicated my career to advancin

Re: [mailop] OpenPGP WKD URL

On 14 Feb 2025, at 13:12, Klaus Ethgen wrote: > > Do I get something wrong? That WKS system is used by Gnupg and not by a > Browser...? It’s used by many openpgp clients, some of which do run in the browser. A ___ Gnupg-users mailing list Gnupg-users

Re: Please help verify signature within Dockerfile

On 30 Jan 2025, at 23:15, Josef Wolf wrote: > > I am trying to verify signature of downloaded files when creating a docker > container. This is what I am trying to do within the Dockerfile: Hi, Josef. Perhaps it would be easier to use gpgv? https://www.gnupg.org/documentation/manuals/gnupg/gpg

Re: VHV – Automatische Eingangsbestätigung

On 22 Jan 2025, at 15:33, Matthias Apitz wrote: > > El día miércoles, enero 22, 2025 a las 03:03:27 +0100, Marco Moock escribió: > >> Do you have GPG set up and a keypair? > > Ofc, I have: > > > purism@pureos:~$ touch foo > purism@pureos:~$ gpg -ea foo > You did not specify a user ID. (you ma

Re: Design of a Modern Keyserver Network

Hi, Seth. On 17 Jan 2025, at 22:59, Seth McDonald via Gnupg-users wrote: > > To my understanding, it seems the vast > majority of keyservers (connected via the 'SKS network') were functionally > damaged due to a 2019 'certificate poisoning' attack, and were subsequently > shut down in 2021 due

Re: import of GPG key doesn't work and doesn't give an error message

On 18 Nov 2024, at 11:34, Robert J. Hansen via Gnupg-users wrote: > >> A question to both Robert and Marco: >> Where did you get your gnupg(s) from? > > GnuPG 2.4.6 from Homebrew on Apple Silicon. Thanks, yes that would be consistent with the difference in error messages. A signature.asc D

Re: import of GPG key doesn't work and doesn't give an error message

On 17 Nov 2024, at 09:54, Marco Moock via Gnupg-users wrote: > > Am 17.11.2024 um 09:14:47 Uhr schrieb Andrew Gallagher: > >> A question to both Robert and Marco: >> Where did you get your gnupg(s) from? > > Debian repo, currently experimental. OK, that would

Re: import of GPG key doesn't work and doesn't give an error message

On 17 Nov 2024, at 07:26, Marco Moock via Gnupg-users wrote: > > Am 16.11.2024 um 17:34:31 Uhr schrieb Robert J. Hansen via Gnupg-users: > >> rjh@sarah ~ % gpg --recv-keys >> 0x020898F03962F8B76B42D9F1E805C860F0E3CCB5 --verbose >> gpg: Note: '--verbose' is not considered an option >> gpg: "--v

Re: Concerns regarding T3065 dirmngr: proxy issues with dnslookup causing failure

On 1 Oct 2024, at 12:20, Werner Koch via Gnupg-users wrote: > > BTW, the entire keyserver thing is more or less useless these days > because there is no proper working network of keyservers anymore. This overstates the facts. Keyservers still exist and still work, with some caveats. See https:

Re: Signing Mails with OpenPGP like DKIM [was: gpg like DKIM]

On 5 Sep 2024, at 16:04, Daniel Kahn Gillmor wrote: > > PS for the record, i think there is one major concern about PGP/MIME > multipart/signed: for users of MUAs that don't understand PGP/MIME, > the signature shows up as a mystery attachment. I can't tell you the > number of times that i

Re: Signing (and Encrypting) Mails with gpg like DKIM

On 4 Sep 2024, at 13:41, Jakob Bohm via Gnupg-users wrote: > > As a mail admin I see a lot of buggy 3rd party mail servers built by rather > large companies, but the traditional line mangling so common before MIME > seems a thing of the past, As I mentioned already in an (accidental) off-list m

Re: Signing (and Encrypting) Mails with gpg like DKIM

On 31 Aug 2024, at 23:35, T. S. wrote: > > Hello, > > after looking into DKIM details, I started searching, why the same procedure > cannot be used for gpg? > With gpg a lot of people from get confused, when they receive signed mails > either because of the -BEGIN PGP SIGNED MESSAGE- s

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

On 14 Aug 2024, at 10:29, Matthias Apitz wrote: > > The above page gives as an example entry in the file /etc/pam.d/sudo the > following line: > > "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" > > perhaps to be inserted without the apostrophes. > > The actual file is: >

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

Sorry, it’s pam-ssh-agent-auth: https://linux.die.net/man/8/pam_ssh_agent_auth A > On 12 Aug 2024, at 13:48, Andrew Gallagher wrote: > > You can use pam-auth-ssh-agent with gpg’s ssh-agent emulation. Thisnhas the > advantage that it also works over remote ssh connections (wi

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

You can use pam-auth-ssh-agent with gpg’s ssh-agent emulation. Thisnhas the advantage that it also works over remote ssh connections (with ssh agent forwarding enabled). Andrew Gallagher > On 12 Aug 2024, at 13:27, Matthias Apitz wrote: > >  > I use in my Linux Debian mobile L5

Re: Adding new uid to causes bad signature

On 1 May 2024, at 10:08, Rens Rikkerink via Gnupg-users wrote: > > Lately I've been trying to add a new uid to my public key, I have > however so far been unsuccessful in doing so. Every time I try to do > so, I then immediately get "1 bad signature" which wasn't present > beforehand. It's proba

Re: x488 vs all other : keyid flip

On 17 Apr 2024, at 15:43, Christian Sommer wrote: > > You are right Andrew! > > I indeed choose to preset the "with-fingerprint" option in my > gpg.conf. By removing it, listing my keys give back the full 64 > character long fingerprint of my X448 key. Good to hear! I think the best solution i

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 12:54, Christian Sommer via Gnupg-users wrote: > > when explicitly telling GnuPG to display x448 fingerprints (gpg > --fingerprint) it just spits out the "abbreviated hex format" by takes > the first 50 bytes and sweeping the rest under the rug! Not very nice. Hi, Christian.

Re: x488 vs all other : keyid flip

On 3 Apr 2024, at 10:32, Werner Koch wrote: > > On Tue, 2 Apr 2024 18:53, Andrew Gallagher said: > >> technical challenge since no modern software supports them, and gnupg1 >> doesn’t implement --list-packets :-) But I have to admit they do > > Sure it has the --

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 15:24, Werner Koch wrote: > > On Tue, 2 Apr 2024 12:39, Andrew Gallagher said: > >> Are you saying that this is *not* a novel failure mode? Because we’ve > > No. We had v2, v3 and v4 keyes in all kind of combinations in the past > (even as part of su

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 11:58, Werner Koch wrote: > > On Fri, 29 Mar 2024 13:00, Andrew Gallagher said: > >> V5 subkeys of v4 primary keys would appear to introduce a novel >> failure mode. It should be noted that in crypto-refresh, adding a > > Nope. Are you saying

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 09:47, Werner Koch via Gnupg-users wrote: > > x448 keys are created as version 5 keys and version 5 keys come with a > 32 byte fingerprint (v4 has 20 bytes). ... > Here is an example: > > pub ed25519 2016-02-02 [SC] > FD8FEC4F8595AB1B6F60D43FC2CED0800E50ACF1 > uid

Re: Finding all files encrypted with a certain key

Apologies to the `file` authors, it’s a BSD utility, not GNU. A On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users wrote: > > Signed PGP part > On 24 Oct 2023, at 04:38, Felix E. Klee wrote: >> >> For the purpose of re-encryption with a new key, I’d like to f

Re: Finding all files encrypted with a certain key

On 24 Oct 2023, at 04:38, Felix E. Klee wrote: > > For the purpose of re-encryption with a new key, I’d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tre

Re: Sirs:

On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users wrote: > > How do I hide the fact that the key is 32764 on the keyserver? You can’t. That’s like trying to publish a book written in Chinese without letting anyone know that it is written in Chinese. A ___

Re: Sirs:

On 25 Aug 2023, at 19:09, Andrew Gallagher wrote: > > On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users > wrote: >> >> How do I hide the fact that the key is 32764 on the keyserver? > > You can’t. That’s like trying to publish a book written in Chinese without &g

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 17 Jul 2023, at 18:36, Michael Richardson wrote: > > Andrew Gallagher wrote: >>> Juanjo via Gnupg-users wrote: >>> >>> "Keys stored on YubiKey are non-exportable (as opposed to file-based >>> keys that are stored on disk) and are convenient

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 15 Jul 2023, at 20:36, Michael Richardson wrote: > > Juanjo via Gnupg-users wrote: > >> This may be a good starting point: >> https://github.com/drduh/YubiKey-Guide > > "Keys stored on YubiKey are non-exportable (as opposed to file-based keys > that are stored on disk) and are convenient fo

Re: Looking for keyserver software without any validation or fancy features

(resending because the previous mail went out HTML-only, apologies) Hi, Bernd. > hagrid and huckeypuck are total overkill, (Disclaimer: I’m one of the hockeypuck contributors) If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at ht

Re: Looking for keyserver software without any validation or fancy features

Hi, Bernd. hagrid and huckeypuck are total overkill,(Disclaimer: I’m one of the hockeypuck contributors)If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuckYou will need a non-empty keydump to sta

Re: get OpenPGP pubkeys authenticated using German personal ID

On 3 Jun 2023, at 01:56, Jacob Bachmeyer wrote: > > Alexander Leidinger via Gnupg-users wrote: >> [...] >> >> I don't remember if there was a challenge/response or not. As I still have >> the email with the signed key, I can tell that the signature can arrive via >> a TLS encrypted SMTP channe

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 15:50, Johan Wevers via Gnupg-users wrote: > > On 2023-05-31 16:55, Bernhard Reiter wrote: > >> Governikus provides the online service for authenticating your OpenPGP key on >> behalf of the German Federal Office for Information Security (BSI). This >> online service compares

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users wrote: > > Quoting Bernhard Reiter > (from Wed, 31 May 2023 16:55:05 +0200): > >> Obviously they cannot authenticate the email address >> so once I have a common name, we get collisions? > > The signat

Re: "gpg: no valid OpenPGP data found" error when importing public key from sks

Hi, Guillermo. You don’t say what sort of keys these are. V4? V5? Elliptic curve? Some recent kinds of keys may not be compatible with SKS. Have you compared with hockeypuck to see if it serves them any differently? Thanks, Andrew. > On 12 May 2023, at 21:08, Guillermo Montoya Naranjo via Gnup

Re: out-of-key UIDs [was: ADK's]

On 5 May 2023, at 17:55, Ineiev wrote: > > On Thu, May 04, 2023 at 11:01:36AM +0100, Andrew Gallagher wrote: >>> I tried something like this with my MUA, I believe that doesn't work: >>> it first looks for appropriate keys, probably using --list-keys; >>> in

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 10:43, Ineiev wrote: > > On Thu, May 04, 2023 at 09:52:54AM +0100, Andrew Gallagher wrote: >> >> andrewg@serenity % gpg --group >> fn...@test.eu=BD9D4DEE7B2FF1CBEF2EE0C4E0ACD3E0CBE7874A -r fn...@test.eu -e < >> /etc/shells > shells.gpg >

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 06:46, Ineiev wrote: > > On Mon, May 01, 2023 at 03:16:12PM +0100, Andrew Gallagher wrote: >> On 1 May 2023, at 12:40, Ineiev via Gnupg-users >> wrote: >>> now, I generate a key >>> for y...@guan.edu locally and add 0123456789ABCDEF as an

Re: ADK's

On 2 May 2023, at 02:18, Michael Richardson wrote: > > It's the initial investigation of an irregularity where there could be a > problem. These examples are becoming increasingly contrived. If you are investigating fraud by someone who can read all your company emails, don’t discuss it over

Re: ADK's

On 1 May 2023, at 12:40, Ineiev via Gnupg-users wrote: > now, I generate a key > for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, > will GnuPG complain if the only encryption-capable subkey is ADK? Or you could just use an alias…? A _

Re: ADK's

On 30 Apr 2023, at 14:42, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote: >> Whether this is done voluntarily or under duress from their employer is an >> opsec issue, not a comsec one. > > If it is an ex-emp

Re: ADK's

On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote: > >> It does not make any sense so have such an option. If a user wants to >> allow colleagues or an archive system to decrypt her mails that is her >> decision. > > What

Re: ADK's (was: [Announce] GnuPG 2.4.1 released)

On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 1:15, ckeader via Gnupg-users wrote: > >> Can't call it that as long as it's under user control (every long option of >> the software has an equivalent config file option. You don't add such a key >> via config or

Re: Flooding attack against synchronising keyservers

recovering your system, please get in touch. Thanks, A > On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users > wrote: > > Signed PGP part > Hi, everyone. > > The synchronising keyserver network has been under an intermittent flooding > attack for the past five days, r

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via

Re: Optimal workflow with GPG signatures from multiple parties

On 04/03/2023 17:18, Ave Milia via Gnupg-users wrote: What are some available solutions? How would you suggest to organize the keys? Maybe, there should be some signing server in-place, that the developers sends an artifact to? I built something similar for $WORK. You lock down the signing se

Re: Unable to sign public key

On 31 Jan 2023, at 19:52, Joel via Gnupg-users wrote: > > Hello! > > I am trying to sign a public key, but I get an error saying, `gpg: signing > failed: No secret key`. However, a normal signing on a file works perfectly > fine. I suspect it could be something because I have a yubikey and it

Re: Ecrypt group email addresses

On 26 Jan 2023, at 22:40, Alex wrote: > > Clients that have their own OpenPGP implementation, like Mozilla > Thunderbird, likely don't support groups. Thunderbird does support encryption to groups, but you have to manually edit a JSON configuration file: https://support.mozilla.org/en-US/kb/op

Re: Subkeys renewing/expiring strategy

On 5 Jan 2023, at 13:42, Ingo Klöcker wrote: > > GitLab keeps the verification state if a > key is removed, but I added the updated key including the expired subkey. That > was a bad idea because GitLab invalidated all commits signed with the expired > subkey. It is disappointing to see that maj

Re: Reminder: use plaintext mails only on ML

Dezember 2022 19:54:39 schrieb Andrew Gallagher via Gnupg-users: I’ve been Argh, that will teach me not to reply to list emails from my phone. Sorry, everyone. :-( A ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman

Re: Expiration date of subkeys (retroactive)

On 1 Jan 2023, at 03:49, gnupg-us...@aschoettler.com wrote: > > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting the > expiry date. > How can I retroactively edit my expired keys and expir

Re: Card-Reader

I’ve been using this ACS reader for years with no problems. It appears to be no longer available but there is a successor model that may suit your purposes ACR38T-D1cardomatic.deAndrew GallagherOn 17 Dec 2022, at 18:36, Klaus Ethgen wrote:Hi,I destroyed my card reader from gemalto and need a new

Re: Mastodon account, good server?

On 1 Dec 2022, at 16:42, Bernhard Reiter wrote: > > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this decentral

Re: macos IKEv2 auth with yubikey

On 28/11/2022 06:29, Martin Brook via Gnupg-users wrote: 2. I've achieved IKEv2 vpn auth with yubikey on windows. It seems windows can interact with Yubikey perfectly but not on macos. Hi, Martin. How did you get this to work on Windows? Which IKE software are you using on each platform? A

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 17:17, kho wrote: > > Thanks for this fast, complete and clear answer. > > I am going to see if I can still pick up somewhere or just remove all I > did and start all over by following your steps. Just a note of caution: since it is quite an involved process I would recommend

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 13:48, kho via Gnupg-users wrote: > > 5. What is at the end the best way to setup 2 smartcards that can be > used in encryption, signing and decryption? And additionally both > smartscard should work, I have 2 smartcards for redundancy. If you want the two smartcards to be red

Re: OT: Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 19:31, john doe via Gnupg-users > wrote: > > Why did you published the key to the sks key servers? > > I guess my question is about the reasoning behind using sks key server > instead of WKD or Hagrid. WKD publication can only be done by (or with the cooperation of) the d

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users > wrote: > > Andrew, do the sks keyservers work today? > > I was able to find the key by going to > > https://keyserver.ubuntu.com/ > > and putting > > EC6C2905F0F93C0373946CA10642427A5FF780BE > > into the search box. Do you mean S

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'   gpg:

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'   gpg:

Re: GnuPG 2.2.36 released

> On 7 Jul 2022, at 04:47, Ralph Seichter via Gnupg-users > wrote: > > 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 > key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been > uploaded to pgp.mit.edu today, but the site is once again very sluggish > and it mig

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 12:20, Jan Eden wrote: > I had configured hkp://keys.gnupg.net in gpg.conf (no separate > dirmngr.conf). Switching to keys.openpgp.org had the desired effect: keys.gnupg.net has not existed for a few years now, but for backwards compatibility gnupg silently maps it to the hardcoded d

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 11:50, Jan Eden wrote: > jan ~ % gpg --refresh-key 0xFB73E21AF1163937 > gpg: refreshing 1 key from hkp://pgp.surf.nl > gpg: key FB73E21AF1163937: "Andrew Gallagher " not > changed > gpg: Total number processed: 1 > gpg: unchanged: 1

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 07:11, Jan Eden wrote: > PS. The key used to sign your message seems to be expired. That could be because you already had my key in your keyring and it wasn't recently (i.e. in the last 18 months) refreshed. What does it say if you incant the following? ``` gpg --refresh-key 0xFB73E

Re: gpg auto-locate-key selects expired/revoked key

On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users wrote: > > - Which WKD server hosts my expired/revoked key such that it takes precedence > over my own WKD server at domain.com ? > - Why does gpg select an expired/revoked key over a valid key? I suspect the issue is that yo

Re: TB weirdness

happened to me when I specifically ticked "Attach my public key" in TB's composer - it also attached the revocation cert for an ancient key that I still have in my keyring but never used for anything. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP di

Re: Questions re auto-key-locate

arise. Right now, the decision is that our key (signed with our prior-year key) is on our website and FTP (also via https) site, and we do not assert that it's available on the keyservers. OK, but again I'm curious about the reasoning... -- Andrew Gallagher OpenPGP_signature Des

Re: How to solve this garbled code?

very much. I suspect this is because you're using a non-Unicode codepage in the windows command terminal. What happens if you type: chcp 65001 and try again? -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___

Re: Questions re auto-key-locate

 > On 15 Feb 2022, at 21:46, Dan Mahoney (Gushi) via Gnupg-users > wrote: > > Since the debacle a few years ago with the SKS keyserver denial-of-service > attack, the keyservers are kind of a non-starter. Why so? Keyservers are still around, and the ones that survived the apocalypse are gene

Re: lost id on keyserver

d your key there and then imported it into a different keyring, it wouldn't have come with the userID unless you went through their email verification procedure first. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature

Re: "Are You Now or Have You Ever Been..."

is only really useful against adversaries who believe in due process... -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Preventing public key upload to key-servers

> On 31 Jan 2022, at 21:39, jonkomer wrote: > > There is significant difference between a one-time > "third-party" correspondent misusing his knowledge of > the relationship after it has been dissolved, from > that same knowledge being published in perpetuity via > a simple, automated Internet

Re: First Amendment and Marines?

I go away for the weekend, and my mailbox catches fire... ;-) On 29/01/2022 16:38, jonkomer via Gnupg-users wrote: > (a) Unfortunately, OpenPG email encryption is incompatible > with GDPR and should not be used by those that either want > or need to be GDPR compliant. This is not so; the use of e

Re: Preventing public key upload to key-servers

On 28/01/2022 20:02, jonkomer via Gnupg-users wrote: >> A. G. via : >> The short answer is "no", or at best "not yet"... > > Thank you very much for the response and comprehensive > comments. > > In this case, the mail domain owner is actually the one > that needs this level of control: he insist

Re: Preventing public key upload to key-servers

On 29/01/2022 01:55, Johan Wevers via Gnupg-users wrote: > There are known technical issues: the HKP keyserver does not allow keys > to be removed, GDPR or not. When the keyserer operator operates outside > of the EU I don't think that is a legal problem. This is incorrect. All three of the common

Re: Preventing public key upload to key-servers

On 29/01/2022 03:51, Shawn K. Quinn via Gnupg-users wrote: > If the server is physically in the US, administered by someone residing > in the US, is the EU really expecting US courts to enforce EU > laws/directives like the GDPR on a US citizen? The short answer is no, of course not. The practica

Re: First Amendment and Marines?

On 30/01/2022 10:12, Klaus Ethgen wrote: > > When it comes to keyservers, with the same argument you could state that > bitcoin is illegal. (No information in the key chain can be removed. And > there is even child porn inside that key chain that could never ever > again be removed!) > > There ar

Re: Preventing public key upload to key-servers

On 26/01/2022 22:03, jonkomer via Gnupg-users wrote: > Is there anything that a public key owner can do, to actually > *ensure* that, if some careless or malicious correspondent > ignores the comment ("Please do not upload...") and attempts > to upload his or her (otherwise fully functional) public

Re: GnuPG - signed Telefax communication

On 14/01/2022 18:22, Стефан Васильев wrote: >> Good question. My thought was that Telefax is still used, among > lawyers, doctors, business folks etc., and brand-new Fax machines > can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue li

Re: GnuPG - signed Telefax communication

On 14/01/2022 17:54, Стефан Васильев wrote: > > The idea is to use a Telefax machine for endpoint security, with > an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? > I thought about that too, but in case the document would be several > pages lo

Re: GnuPG - signed Telefax communication

On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: > The --begin etc. markers should be used to detect where > the OCR scanned document begins and ends to have later > a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the o

Re: Gnupg-users Digest, Vol 220, Issue 11

> On 10 Jan 2022, at 20:33, Chris Taylor > wrote: > > Hello, > > Please unsubscribe me from this list. Please follow the instructions that you quoted in the email you just sent: >> To subscribe or unsubscribe via the World Wide Web, visit >>http://lists.gnupg.org/mailman/listinfo/gnupg-

Re: one ecc key-pair for both encryption and signature?

een the points of each curve that preserves their mathematical structure. This means that you could in principle convert a key from one curve to the other, but it would be a more complex function than just copying the raw bit string. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP

Re: one ecc key-pair for both encryption and signature?

ractice to keep the encryption-capable subkey distinct. And if you present people with the option to do a suboptimal thing, a significant fraction of them will choose that option by accident - so usually best not to offer it in the first place. -- Andrew Gallagher OpenPGP_signature Descript

Re: Gpg4win LetsEncrypt issue

> On 4 Jan 2022, at 12:15, Alex Nadtoka wrote: > > yes thanks, tried disabling it but error was still there. So I deleted DST > Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate > found > And > error searching keyserver: "No inquire callback in IPC" > > Not sur

Re: Gpg4win LetsEncrypt issue

On Fri, 2021-12-31 at 23:23 +0200, Alex Nadtoka wrote: > Ok, thanks. Where on the client end i can remove it? This blog appears to do it correctly (to the best of my knowledge) and as its worked example uses the very same CA certificate that we have just been discussing:   https://www.thesslstore

Re: [Announce] A New Future for GnuPG

On Mon, 2022-01-03 at 11:31 -0500, Robert J. Hansen via Gnupg-users wrote: > Werner, this is amazing news. Thank you for sharing it! Indeed, many congratulations! > I did spend about six months doing a clean-room implementation of > RFC2440 in PHP3.  It was a vile experience and one I don't rec

Re: Gpg4win LetsEncrypt issue

> On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > Even if I remove root certificate from the server it will be added again on > renewal. It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible an

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that m

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише:

Re: Gpg4win LetsEncrypt issue

On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that certificat

  1   2   3   4   5   >