Re: Please help verify signature within Dockerfile

On 30 Jan 2025, at 23:15, Josef Wolf wrote: > > I am trying to verify signature of downloaded files when creating a docker > container. This is what I am trying to do within the Dockerfile: Hi, Josef. Perhaps it would be easier to use gpgv? https://www.gnupg.org/documentation/manuals/gnupg/gpg

Re: VHV – Automatische Eingangsbestätigung

On 22 Jan 2025, at 15:33, Matthias Apitz wrote: > > El día miércoles, enero 22, 2025 a las 03:03:27 +0100, Marco Moock escribió: > >> Do you have GPG set up and a keypair? > > Ofc, I have: > > > purism@pureos:~$ touch foo > purism@pureos:~$ gpg -ea foo > You did not specify a user ID. (you ma

Re: Design of a Modern Keyserver Network

Hi, Seth. On 17 Jan 2025, at 22:59, Seth McDonald via Gnupg-users wrote: > > To my understanding, it seems the vast > majority of keyservers (connected via the 'SKS network') were functionally > damaged due to a 2019 'certificate poisoning' attack, and were subsequently > shut down in 2021 due

Re: import of GPG key doesn't work and doesn't give an error message

On 18 Nov 2024, at 11:34, Robert J. Hansen via Gnupg-users wrote: > >> A question to both Robert and Marco: >> Where did you get your gnupg(s) from? > > GnuPG 2.4.6 from Homebrew on Apple Silicon. Thanks, yes that would be consistent with the difference in error messages. A signature.asc D

Re: import of GPG key doesn't work and doesn't give an error message

On 17 Nov 2024, at 09:54, Marco Moock via Gnupg-users wrote: > > Am 17.11.2024 um 09:14:47 Uhr schrieb Andrew Gallagher: > >> A question to both Robert and Marco: >> Where did you get your gnupg(s) from? > > Debian repo, currently experimental. OK, that would explain why Robert gets an error

Re: import of GPG key doesn't work and doesn't give an error message

On 17 Nov 2024, at 07:26, Marco Moock via Gnupg-users wrote: > > Am 16.11.2024 um 17:34:31 Uhr schrieb Robert J. Hansen via Gnupg-users: > >> rjh@sarah ~ % gpg --recv-keys >> 0x020898F03962F8B76B42D9F1E805C860F0E3CCB5 --verbose >> gpg: Note: '--verbose' is not considered an option >> gpg: "--v

Re: Concerns regarding T3065 dirmngr: proxy issues with dnslookup causing failure

On 1 Oct 2024, at 12:20, Werner Koch via Gnupg-users wrote: > > BTW, the entire keyserver thing is more or less useless these days > because there is no proper working network of keyservers anymore. This overstates the facts. Keyservers still exist and still work, with some caveats. See https:

Re: Signing Mails with OpenPGP like DKIM [was: gpg like DKIM]

On 5 Sep 2024, at 16:04, Daniel Kahn Gillmor wrote: > > PS for the record, i think there is one major concern about PGP/MIME > multipart/signed: for users of MUAs that don't understand PGP/MIME, > the signature shows up as a mystery attachment. I can't tell you the > number of times that i

Re: Signing (and Encrypting) Mails with gpg like DKIM

On 4 Sep 2024, at 13:41, Jakob Bohm via Gnupg-users wrote: > > As a mail admin I see a lot of buggy 3rd party mail servers built by rather > large companies, but the traditional line mangling so common before MIME > seems a thing of the past, As I mentioned already in an (accidental) off-list m

Re: Signing (and Encrypting) Mails with gpg like DKIM

On 31 Aug 2024, at 23:35, T. S. wrote: > > Hello, > > after looking into DKIM details, I started searching, why the same procedure > cannot be used for gpg? > With gpg a lot of people from get confused, when they receive signed mails > either because of the -BEGIN PGP SIGNED MESSAGE- s

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

On 14 Aug 2024, at 10:29, Matthias Apitz wrote: > > The above page gives as an example entry in the file /etc/pam.d/sudo the > following line: > > "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" > > perhaps to be inserted without the apostrophes. > > The actual file is: >

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

Sorry, it’s pam-ssh-agent-auth: https://linux.die.net/man/8/pam_ssh_agent_auth A > On 12 Aug 2024, at 13:48, Andrew Gallagher wrote: > > You can use pam-auth-ssh-agent with gpg’s ssh-agent emulation. Thisnhas the > advantage that it also works over remote ssh connections (with ssh agent > f

Re: Using OpenPGP / GnuPG to unlock 'sudo bla bla' or 'sudo -s'

You can use pam-auth-ssh-agent with gpg’s ssh-agent emulation. Thisnhas the advantage that it also works over remote ssh connections (with ssh agent forwarding enabled). Andrew Gallagher > On 12 Aug 2024, at 13:27, Matthias Apitz wrote: > >  > I use in my Linux Debian mobile L5 an internal O

Re: Adding new uid to causes bad signature

On 1 May 2024, at 10:08, Rens Rikkerink via Gnupg-users wrote: > > Lately I've been trying to add a new uid to my public key, I have > however so far been unsuccessful in doing so. Every time I try to do > so, I then immediately get "1 bad signature" which wasn't present > beforehand. It's proba

Re: x488 vs all other : keyid flip

On 17 Apr 2024, at 15:43, Christian Sommer wrote: > > You are right Andrew! > > I indeed choose to preset the "with-fingerprint" option in my > gpg.conf. By removing it, listing my keys give back the full 64 > character long fingerprint of my X448 key. Good to hear! I think the best solution i

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 12:54, Christian Sommer via Gnupg-users wrote: > > when explicitly telling GnuPG to display x448 fingerprints (gpg > --fingerprint) it just spits out the "abbreviated hex format" by takes > the first 50 bytes and sweeping the rest under the rug! Not very nice. Hi, Christian.

Re: x488 vs all other : keyid flip

On 3 Apr 2024, at 10:32, Werner Koch wrote: > > On Tue, 2 Apr 2024 18:53, Andrew Gallagher said: > >> technical challenge since no modern software supports them, and gnupg1 >> doesn’t implement --list-packets :-) But I have to admit they do > > Sure it has the --list-packets command. This com

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 15:24, Werner Koch wrote: > > On Tue, 2 Apr 2024 12:39, Andrew Gallagher said: > >> Are you saying that this is *not* a novel failure mode? Because we’ve > > No. We had v2, v3 and v4 keyes in all kind of combinations in the past > (even as part of subkeys) and back then the

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 11:58, Werner Koch wrote: > > On Fri, 29 Mar 2024 13:00, Andrew Gallagher said: > >> V5 subkeys of v4 primary keys would appear to introduce a novel >> failure mode. It should be noted that in crypto-refresh, adding a > > Nope. Are you saying that this is *not* a novel failur

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 09:47, Werner Koch via Gnupg-users wrote: > > x448 keys are created as version 5 keys and version 5 keys come with a > 32 byte fingerprint (v4 has 20 bytes). ... > Here is an example: > > pub ed25519 2016-02-02 [SC] > FD8FEC4F8595AB1B6F60D43FC2CED0800E50ACF1 > uid

Re: Finding all files encrypted with a certain key

Apologies to the `file` authors, it’s a BSD utility, not GNU. A On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users wrote: > > Signed PGP part > On 24 Oct 2023, at 04:38, Felix E. Klee wrote: >> >> For the purpose of re-encryption with a new key, I’d like to f

Re: Finding all files encrypted with a certain key

On 24 Oct 2023, at 04:38, Felix E. Klee wrote: > > For the purpose of re-encryption with a new key, I’d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tre

Re: Sirs:

On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users wrote: > > How do I hide the fact that the key is 32764 on the keyserver? You can’t. That’s like trying to publish a book written in Chinese without letting anyone know that it is written in Chinese. A ___

Re: Sirs:

On 25 Aug 2023, at 19:09, Andrew Gallagher wrote: > > On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users > wrote: >> >> How do I hide the fact that the key is 32764 on the keyserver? > > You can’t. That’s like trying to publish a book written in Chinese without > letting anyone know that it i

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 17 Jul 2023, at 18:36, Michael Richardson wrote: > > Andrew Gallagher wrote: >>> Juanjo via Gnupg-users wrote: >>> >>> "Keys stored on YubiKey are non-exportable (as opposed to file-based >>> keys that are stored on disk) and are convenient for everyday use. " >>> >>> In my case, I want th

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 15 Jul 2023, at 20:36, Michael Richardson wrote: > > Juanjo via Gnupg-users wrote: > >> This may be a good starting point: >> https://github.com/drduh/YubiKey-Guide > > "Keys stored on YubiKey are non-exportable (as opposed to file-based keys > that are stored on disk) and are convenient fo

Re: Looking for keyserver software without any validation or fancy features

(resending because the previous mail went out HTML-only, apologies) Hi, Bernd. > hagrid and huckeypuck are total overkill, (Disclaimer: I’m one of the hockeypuck contributors) If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at ht

Re: Looking for keyserver software without any validation or fancy features

Hi, Bernd. hagrid and huckeypuck are total overkill,(Disclaimer: I’m one of the hockeypuck contributors)If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuckYou will need a non-empty keydump to sta

Re: get OpenPGP pubkeys authenticated using German personal ID

On 3 Jun 2023, at 01:56, Jacob Bachmeyer wrote: > > Alexander Leidinger via Gnupg-users wrote: >> [...] >> >> I don't remember if there was a challenge/response or not. As I still have >> the email with the signed key, I can tell that the signature can arrive via >> a TLS encrypted SMTP channe

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 15:50, Johan Wevers via Gnupg-users wrote: > > On 2023-05-31 16:55, Bernhard Reiter wrote: > >> Governikus provides the online service for authenticating your OpenPGP key on >> behalf of the German Federal Office for Information Security (BSI). This >> online service compares

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users wrote: > > Quoting Bernhard Reiter > (from Wed, 31 May 2023 16:55:05 +0200): > >> Obviously they cannot authenticate the email address >> so once I have a common name, we get collisions? > > The signat

Re: "gpg: no valid OpenPGP data found" error when importing public key from sks

Hi, Guillermo. You don’t say what sort of keys these are. V4? V5? Elliptic curve? Some recent kinds of keys may not be compatible with SKS. Have you compared with hockeypuck to see if it serves them any differently? Thanks, Andrew. > On 12 May 2023, at 21:08, Guillermo Montoya Naranjo via Gnup

Re: out-of-key UIDs [was: ADK's]

On 5 May 2023, at 17:55, Ineiev wrote: > > On Thu, May 04, 2023 at 11:01:36AM +0100, Andrew Gallagher wrote: >>> I tried something like this with my MUA, I believe that doesn't work: >>> it first looks for appropriate keys, probably using --list-keys; >>> in fact, it insists on choosing a single

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 10:43, Ineiev wrote: > > On Thu, May 04, 2023 at 09:52:54AM +0100, Andrew Gallagher wrote: >> >> andrewg@serenity % gpg --group >> fn...@test.eu=BD9D4DEE7B2FF1CBEF2EE0C4E0ACD3E0CBE7874A -r fn...@test.eu -e < >> /etc/shells > shells.gpg >> gpg: 0x40F9B9601900E974: There is no

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 06:46, Ineiev wrote: > > On Mon, May 01, 2023 at 03:16:12PM +0100, Andrew Gallagher wrote: >> On 1 May 2023, at 12:40, Ineiev via Gnupg-users >> wrote: >>> now, I generate a key >>> for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, >>> will GnuPG complain if t

Re: ADK's

On 2 May 2023, at 02:18, Michael Richardson wrote: > > It's the initial investigation of an irregularity where there could be a > problem. These examples are becoming increasingly contrived. If you are investigating fraud by someone who can read all your company emails, don’t discuss it over

Re: ADK's

On 1 May 2023, at 12:40, Ineiev via Gnupg-users wrote: > now, I generate a key > for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, > will GnuPG complain if the only encryption-capable subkey is ADK? Or you could just use an alias…? A _

Re: ADK's

On 30 Apr 2023, at 14:42, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote: >> Whether this is done voluntarily or under duress from their employer is an >> opsec issue, not a comsec one. > > If it is an ex-emp

Re: ADK's

On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote: > >> It does not make any sense so have such an option. If a user wants to >> allow colleagues or an archive system to decrypt her mails that is her >> decision. > > What

Re: ADK's (was: [Announce] GnuPG 2.4.1 released)

On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 1:15, ckeader via Gnupg-users wrote: > >> Can't call it that as long as it's under user control (every long option of >> the software has an equivalent config file option. You don't add such a key >> via config or

Re: Flooding attack against synchronising keyservers

recovering your system, please get in touch. Thanks, A > On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users > wrote: > > Signed PGP part > Hi, everyone. > > The synchronising keyserver network has been under an intermittent flooding > attack for the past five days, r

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via

Re: Optimal workflow with GPG signatures from multiple parties

On 04/03/2023 17:18, Ave Milia via Gnupg-users wrote: What are some available solutions? How would you suggest to organize the keys? Maybe, there should be some signing server in-place, that the developers sends an artifact to? I built something similar for $WORK. You lock down the signing se

Re: Unable to sign public key

On 31 Jan 2023, at 19:52, Joel via Gnupg-users wrote: > > Hello! > > I am trying to sign a public key, but I get an error saying, `gpg: signing > failed: No secret key`. However, a normal signing on a file works perfectly > fine. I suspect it could be something because I have a yubikey and it

Re: Ecrypt group email addresses

On 26 Jan 2023, at 22:40, Alex wrote: > > Clients that have their own OpenPGP implementation, like Mozilla > Thunderbird, likely don't support groups. Thunderbird does support encryption to groups, but you have to manually edit a JSON configuration file: https://support.mozilla.org/en-US/kb/op

Re: Subkeys renewing/expiring strategy

On 5 Jan 2023, at 13:42, Ingo Klöcker wrote: > > GitLab keeps the verification state if a > key is removed, but I added the updated key including the expired subkey. That > was a bad idea because GitLab invalidated all commits signed with the expired > subkey. It is disappointing to see that maj

Re: Reminder: use plaintext mails only on ML

Dezember 2022 19:54:39 schrieb Andrew Gallagher via Gnupg-users: I’ve been Argh, that will teach me not to reply to list emails from my phone. Sorry, everyone. :-( A ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman

Re: Expiration date of subkeys (retroactive)

On 1 Jan 2023, at 03:49, gnupg-us...@aschoettler.com wrote: > > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting the > expiry date. > How can I retroactively edit my expired keys and expir

Re: Card-Reader

I’ve been using this ACS reader for years with no problems. It appears to be no longer available but there is a successor model that may suit your purposes ACR38T-D1cardomatic.deAndrew GallagherOn 17 Dec 2022, at 18:36, Klaus Ethgen wrote:Hi,I destroyed my card reader from gemalto and need a new

Re: Mastodon account, good server?

On 1 Dec 2022, at 16:42, Bernhard Reiter wrote: > > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this decentral

Re: macos IKEv2 auth with yubikey

On 28/11/2022 06:29, Martin Brook via Gnupg-users wrote: 2. I've achieved IKEv2 vpn auth with yubikey on windows. It seems windows can interact with Yubikey perfectly but not on macos. Hi, Martin. How did you get this to work on Windows? Which IKE software are you using on each platform? A

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 17:17, kho wrote: > > Thanks for this fast, complete and clear answer. > > I am going to see if I can still pick up somewhere or just remove all I > did and start all over by following your steps. Just a note of caution: since it is quite an involved process I would recommend

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 13:48, kho via Gnupg-users wrote: > > 5. What is at the end the best way to setup 2 smartcards that can be > used in encryption, signing and decryption? And additionally both > smartscard should work, I have 2 smartcards for redundancy. If you want the two smartcards to be red

Re: OT: Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 19:31, john doe via Gnupg-users > wrote: > > Why did you published the key to the sks key servers? > > I guess my question is about the reasoning behind using sks key server > instead of WKD or Hagrid. WKD publication can only be done by (or with the cooperation of) the d

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users > wrote: > > Andrew, do the sks keyservers work today? > > I was able to find the key by going to > > https://keyserver.ubuntu.com/ > > and putting > > EC6C2905F0F93C0373946CA10642427A5FF780BE > > into the search box. Do you mean S

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'   gpg:

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'   gpg:

Re: GnuPG 2.2.36 released

> On 7 Jul 2022, at 04:47, Ralph Seichter via Gnupg-users > wrote: > > 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 > key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been > uploaded to pgp.mit.edu today, but the site is once again very sluggish > and it mig

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 12:20, Jan Eden wrote: > I had configured hkp://keys.gnupg.net in gpg.conf (no separate > dirmngr.conf). Switching to keys.openpgp.org had the desired effect: keys.gnupg.net has not existed for a few years now, but for backwards compatibility gnupg silently maps it to the hardcoded d

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 11:50, Jan Eden wrote: > jan ~ % gpg --refresh-key 0xFB73E21AF1163937 > gpg: refreshing 1 key from hkp://pgp.surf.nl > gpg: key FB73E21AF1163937: "Andrew Gallagher " not > changed > gpg: Total number processed: 1 > gpg: unchanged: 1 You're using the pgp.surf.nl keyserve

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 07:11, Jan Eden wrote: > PS. The key used to sign your message seems to be expired. That could be because you already had my key in your keyring and it wasn't recently (i.e. in the last 18 months) refreshed. What does it say if you incant the following? ``` gpg --refresh-key 0xFB73E

Re: gpg auto-locate-key selects expired/revoked key

On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users wrote: > > - Which WKD server hosts my expired/revoked key such that it takes precedence > over my own WKD server at domain.com ? > - Why does gpg select an expired/revoked key over a valid key? I suspect the issue is that yo

Re: TB weirdness

On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote: Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). It turns out the actual behavior is a little different than

Re: Questions re auto-key-locate

On 15/02/2022 23:37, Dan Mahoney wrote: That's a decision I leave up to the people who *make* the key (and the software that it's signing). Sorry, from your previous message it sounded like you were publishing your own software. (and it's no longer the case that you can publish just anyon

Re: How to solve this garbled code?

On 15/02/2022 11:32, Gao Xiaohui via Gnupg-users wrote: Hello, why do such garbled characters appear on the display page of gnupg(inside the red box),The Chinese characters will be displayed abnormally too, similar to this garbled character. what should I do and how to avoid it? Thank you very

Re: Questions re auto-key-locate

 > On 15 Feb 2022, at 21:46, Dan Mahoney (Gushi) via Gnupg-users > wrote: > > Since the debacle a few years ago with the SKS keyserver denial-of-service > attack, the keyservers are kind of a non-starter. Why so? Keyservers are still around, and the ones that survived the apocalypse are gene

Re: lost id on keyserver

On 10/02/2022 13:23, Raja Saha wrote: I created the subkey, output it to a file and imported it to gpg on working dir. Then I sent the key to the keyserver, gpg --send-keys *. After that when I searched the keyserver by my email it, there was no key. When I searched by my key F01D54EDAEB1700

Re: "Are You Now or Have You Ever Been..."

On 31/01/2022 22:29, jonkomer wrote: Confirming it, possibly many years after it has been dissolved. Future is the key-word here. In that context, then-current response of a key-server query on "" could be much more deleterious to John than the evidence given to the tribunal by Jane Doe that she

Re: Preventing public key upload to key-servers

> On 31 Jan 2022, at 21:39, jonkomer wrote: > > There is significant difference between a one-time > "third-party" correspondent misusing his knowledge of > the relationship after it has been dissolved, from > that same knowledge being published in perpetuity via > a simple, automated Internet

Re: First Amendment and Marines?

I go away for the weekend, and my mailbox catches fire... ;-) On 29/01/2022 16:38, jonkomer via Gnupg-users wrote: > (a) Unfortunately, OpenPG email encryption is incompatible > with GDPR and should not be used by those that either want > or need to be GDPR compliant. This is not so; the use of e

Re: Preventing public key upload to key-servers

On 28/01/2022 20:02, jonkomer via Gnupg-users wrote: >> A. G. via : >> The short answer is "no", or at best "not yet"... > > Thank you very much for the response and comprehensive > comments. > > In this case, the mail domain owner is actually the one > that needs this level of control: he insist

Re: Preventing public key upload to key-servers

On 29/01/2022 01:55, Johan Wevers via Gnupg-users wrote: > There are known technical issues: the HKP keyserver does not allow keys > to be removed, GDPR or not. When the keyserer operator operates outside > of the EU I don't think that is a legal problem. This is incorrect. All three of the common

Re: Preventing public key upload to key-servers

On 29/01/2022 03:51, Shawn K. Quinn via Gnupg-users wrote: > If the server is physically in the US, administered by someone residing > in the US, is the EU really expecting US courts to enforce EU > laws/directives like the GDPR on a US citizen? The short answer is no, of course not. The practica

Re: First Amendment and Marines?

On 30/01/2022 10:12, Klaus Ethgen wrote: > > When it comes to keyservers, with the same argument you could state that > bitcoin is illegal. (No information in the key chain can be removed. And > there is even child porn inside that key chain that could never ever > again be removed!) > > There ar

Re: Preventing public key upload to key-servers

On 26/01/2022 22:03, jonkomer via Gnupg-users wrote: > Is there anything that a public key owner can do, to actually > *ensure* that, if some careless or malicious correspondent > ignores the comment ("Please do not upload...") and attempts > to upload his or her (otherwise fully functional) public

Re: GnuPG - signed Telefax communication

On 14/01/2022 18:22, Стефан Васильев wrote: >> Good question. My thought was that Telefax is still used, among > lawyers, doctors, business folks etc., and brand-new Fax machines > can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue li

Re: GnuPG - signed Telefax communication

On 14/01/2022 17:54, Стефан Васильев wrote: > > The idea is to use a Telefax machine for endpoint security, with > an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? > I thought about that too, but in case the document would be several > pages lo

Re: GnuPG - signed Telefax communication

On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: > The --begin etc. markers should be used to detect where > the OCR scanned document begins and ends to have later > a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the o

Re: Gnupg-users Digest, Vol 220, Issue 11

> On 10 Jan 2022, at 20:33, Chris Taylor > wrote: > > Hello, > > Please unsubscribe me from this list. Please follow the instructions that you quoted in the email you just sent: >> To subscribe or unsubscribe via the World Wide Web, visit >>http://lists.gnupg.org/mailman/listinfo/gnupg-

Re: one ecc key-pair for both encryption and signature?

On 07/01/2022 16:55, Bernhard Reiter wrote: > Then RSA should be limited in the same way. (Because there it is possible, so I guess that there is another reason.) I agree, although IIRC such usage is supported for backwards compatibility reasons. | The curve is birationally equivalent to a

Re: one ecc key-pair for both encryption and signature?

On 07/01/2022 14:06, Bernhard Reiter wrote: With 2.2.33 is is not possible to create a single ecc key-pair that can do "sign" and "encrypt". There are circumstances (legal, contractual, operational) where you may need to disclose or share an encryption key, so it is best practice to keep the

Re: Gpg4win LetsEncrypt issue

> On 4 Jan 2022, at 12:15, Alex Nadtoka wrote: > > yes thanks, tried disabling it but error was still there. So I deleted DST > Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate > found > And > error searching keyserver: "No inquire callback in IPC" > > Not sur

Re: Gpg4win LetsEncrypt issue

On Fri, 2021-12-31 at 23:23 +0200, Alex Nadtoka wrote: > Ok, thanks. Where on the client end i can remove it? This blog appears to do it correctly (to the best of my knowledge) and as its worked example uses the very same CA certificate that we have just been discussing:   https://www.thesslstore

Re: [Announce] A New Future for GnuPG

On Mon, 2022-01-03 at 11:31 -0500, Robert J. Hansen via Gnupg-users wrote: > Werner, this is amazing news. Thank you for sharing it! Indeed, many congratulations! > I did spend about six months doing a clean-room implementation of > RFC2440 in PHP3.  It was a vile experience and one I don't rec

Re: Gpg4win LetsEncrypt issue

> On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > Even if I remove root certificate from the server it will be added again on > renewal. It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible an

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that m

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише:

Re: Gpg4win LetsEncrypt issue

On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that certificat

Re: issue with gpg4win

> On 25 Dec 2021, at 11:24, Alex Nadtoka wrote: > >  > Hi Andrew, yes I have changed the real name of my mailbox and the server) > Thanks for the reply. > My Client Machine is Windows . If you can tell me how to do that I would > appreciate it. Thanks again for the update) > Finally got som

Re: issue with gpg4win

> 2021-12-23 11:27:30 gpg[12864] DBG: connection to the dirmngr established > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> GETINFO version > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- D 2.3.4 > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- OK > 2021-12-23 11:27:30 gp

Re: issue with gpg4win

On Thu, 2021-12-23 at 12:37 +0200, Alex Nadtoka via Gnupg-users wrote: > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> KEYSERVER -- > clear hkps://gpg.example.com/ This doesn't look like a real keyserver. Did you redact this, or is this really what is currently configured in dirmngr.conf?

Re: fingerprint associated public key does not match displayed public key

> On 18 Dec 2021, at 02:25, Robert J. Hansen via Gnupg-users > wrote: > > As the FAQ says, "The good news is the internet is a treasure trove of > information. The bad news is that the internet is a festering sewer of > misinformation, conspiracy theories, and half-informed speculations all

Re: Why are 64-bit libraries not included in GnuPG but Gpg4win?

> On 4 Dec 2021, at 04:14, Sven Richter via Gnupg-users > wrote: > > Thunderbird expects to be able to manage all public keys regardless. Even > with this setup of mine, it only pulls the private keys from GnuPG. You may be interested in the Sequoia Octopus, which is a drop in replacement fo

Re: User id's without person's name, only email

On 17/11/2021 18:15, Robert J. Hansen wrote: Mapping a "Real Name" to an email address is a conceptually different thing from mapping an email address to a public key. Except that should we be mapping keys to email addresses in the first place? > When we sign a certificate we make an assertio

Re: User id's without person's name, only email

On 17/11/2021 14:40, Teemu Likonen wrote: 2. Second "address book" is my OpenPGP keyring. It groups persons' names, their email and other key data. If many keys don't have name in their user id it could be inconvenience. Computer programs can find keys but often we need also manu

Re: User id's without person's name, only email

On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote: > Am I seeing a starting trend here? Do some people think that it is > better practice to have only have email address as user id? What > might be their reason? Or maybe it's not a trend and doesn't mean > anything. I got curious anyway. Add y

Re: OpenPGP card and gpg-agent TTL

On 04/11/2021 08:40, Matthias Apitz wrote: I bought the OpenPGP card from Purism for USD 15, I don't know if the small format exist here in Germany. Not Germany, but Cryptoshop in Vienna sells them: https://en.cryptoshop.com/products/smartcards/open-pgp-smartcard-v2-id-000.html -- Andrew Gall

Re: WKD, wildcard DNS resolution (Re: Error when trying to locate key via WKD)

On 28/10/2021 12:25, Bernhard Reiter wrote: Am Donnerstag 28 Oktober 2021 12:07:52 schrieb Andrew Gallagher via Gnupg-users: The megathread from hell starts here :-) https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064567.html That is not gnupg-_devel_ (where I was searching

Re: Error when trying to locate key via WKD

On 28/10/2021 10:44, Bernhard Reiter wrote: Am Mittwoch 27 Oktober 2021 22:54:48 schrieb Ingo Klöcker: The problem with wildcard sub-domains and WKD has been discussed here or on gnupg-devel recently. Ingo, can you provide me a pointer to the gnupg-devel thread? (Did a few minutes of searching

Re: WKD docs on the wiki, restructuring. Feedback on forUsers page

On 30/09/2021 13:17, ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: Hmm, this is odd. I setup WKD as detailed on thehttps://wiki.gnupg.org/WKDHosting (using the openpgpkey subdomain), currently only for one address on my domain (s...@chiraag.me). Opening the file directly in a web browser does work, so

  1   2   >