Re: Keysigning party: after the event challenges

On Sun, Feb 10, 2019 at 03:36:05PM +0100, André Ockers wrote: > Hi Peter, > > Thank you very much. > > > Op 09-02-19 om 12:48 schreef Peter Lebbing: > > Hello André, > > > > On 09/02/2019 09:06, André Ockers wrote: > >> - 171 official keysigning party participants, of who 107 showed up to my > >

Re: Forward gpg-agent to container

On Tue, Jun 05, 2018 at 05:17:10PM -0400, Phil Pennock wrote: > > Shell 1: > $ docker-machine ssh default -R > /var/run/pdp.gnupg:$HOME/.gnupg/S.gpg-agent.extra > [ leave this window open, this is your login on the VM; when this > closes, you stop forwarding GnuPG's socket ] A suggestion: for

Re: Breaking changes

On Tue, May 22, 2018 at 05:47:43AM -0400, Robert J. Hansen wrote: > > Get real. These people are long-time GnuPG users and now you want to > > throw them under the bus because... well, because you prefer it that > > way. > > 1.4 was deprecated the instant 2.0 was released. After much pushback it

Re: Breaking changes

On Wed, May 23, 2018 at 01:22:41AM +0200, Leo Gaspard via Gnupg-users wrote: > On 05/22/2018 11:48 PM, Dennis Clarke wrote: > > On 05/22/2018 05:38 PM, Dan Kegel wrote: > >> Lessee... > >> https://en.wikipedia.org/wiki/GNU_Privacy_Guard > >> already give an end-of-life date for 2.0, but none for 1.

Re: A postmortem on Efail

On Mon, May 21, 2018 at 11:19:18AM -1100, Mirimir wrote: > On 05/21/2018 02:31 AM, Ben McGinnes wrote: >> >> https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions >> >> “What if I keep getting PGP emails? >> >> You can decrypt these emails

Re: A postmortem on Efail

On Wed, May 23, 2018 at 12:15:58AM +0200, Steffen Nurpmeso wrote: > > I only use v1.4, and i will never never never never use anything > newer because that is very large and consists of an immense amount > of components that i really do not need. I receive keys via hkps:// > and sign, verify, enc

Re: A postmortem on Efail

On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: > On 21/05/2018 13:34, Ben McGinnes wrote: > >> I agree with most of the article and largely with the need to break >> compatibility to an ancient flawed design. Particularly since we >> still have a means of

Re: A postmortem on Efail

On Mon, May 21, 2018 at 08:51:17AM -0400, Robert J. Hansen wrote: >> That being the *incredibly* unhelpful and likely actively harmful >> recommendation to remove encryption and decryption functionality from >> vulnerable MUAs. > > I blame the EFF for that more than I blame the Efail developers.

Re: A postmortem on Efail

On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote: > On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: >> >> I do not want to create a conspiracy theory but it's wiggy that >> EFF favors *NO* security ,pgp or s/mime, instead to fix the current >> possibilities and promote signal. > > I read t

Re: A postmortem on Efail

On Sun, May 20, 2018 at 02:26:47AM -0400, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :)

Re: [GPGME] Repeated decrypt fails

On Wed, May 16, 2018 at 10:54:52AM -0400, Randy Trinh wrote: > Hi everyone, > > I'm fairly new to GnuPG and GPGME in general and I'm currently Firstly, kudos for going straight to GPGME instead of wrapping the GPG binary. 👍 > trying to implement a process in which a file is uploaded from a > we

Re: gpg 2.2.5 hangs instead of asking for a passphrase

On Fri, Mar 09, 2018 at 04:55:14PM -0800, Ian Holmes wrote: > Hi, > > I'm using gpg on macOS High Sierra, installed via homebrew. I have a file > that is CAST5 encrypted. When I try to decrypt it using my previous > homebrew version of gpg (gpg 2.0.30, libgcrypt 1.7.6), I type 'gpg > --decrypt myf

Re: [gpgme] generate a wheel of the python bindings

On Wed, Mar 07, 2018 at 12:36:24AM +0900, Matt wrote: > All problems disappeared with latest source. So everything is ok :) > Thank you once again Excellent. Some of the issues you raised (like oddness in test output/behaviour) had already been picked up and fixed, as you no doubt saw. Not reall

Re: GPG is not working because of gpg.conf

On Mon, Mar 05, 2018 at 01:24:28PM +0100, Werner Koch wrote: > > gpg searches for its configurarion file in this order (I use 1.4.23 as > example): > > gpg.conf-1.4.23 > gpg.conf-1.4 > gpg.conf-1 > gpg.conf > > The first existing one is used. This allows to have separate > configuration

Re: [gpgme] generate a wheel of the python bindings

On Sun, Mar 04, 2018 at 02:50:52AM +0900, Matt wrote: > Hi, > > I've been trying to package gpgme python bindings for nixos > (www.nixos.org) since it's a dependency of the mail reader I use > (alot) but I haven't succeeded yet. Okay. With GPGME as a dependency ... Claws or Mutt/Neomutt? > I ma

Re: New employment

On Fri, Mar 02, 2018 at 11:43:26PM -0500, Robert J. Hansen wrote: > I'm taking a new job with IronNet Cybersecurity, Congratulations. :-) > which is run by former Director of the National Security Agency > Keith Alexander. My work will not overlap with GnuPG in any way. Well, that trumps my ne

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Wed, Feb 28, 2018 at 03:02:58PM +0100, Werner Koch wrote: > On Wed, 21 Feb 2018 07:27, b...@adversary.org said: > > >> No, there is no way to configure an extra hack to also test a passphrase > >> for an ssh key. > > > > Wanna bet? > > Oh no, I don't want to promote create solutions of our com

Re: How can we utilize latest GPG from RPM repository?

On Thu, Feb 22, 2018 at 08:09:31AM -0800, Dan Kegel wrote: > > https://www.open-scap.org/download/ shows they provide an > open source tool which is in repositories for four redhat-ish distros and > two debian-ish distros; on Ubuntu, I was able to walk down the > path of using it a bit, looks a bi

Re: How can we utilize latest GPG from RPM repository?

On Wed, Feb 21, 2018 at 07:36:08AM -0800, Dan Kegel wrote: > On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes wrote: >> >> Because these two lines explain *precisely* why you need something >> like RHEL or CentOS (certified systems to go with the auditing) >> *and* up

Re: wotmate: simple grapher for your keyring

On Wed, Feb 21, 2018 at 09:59:01AM -0500, Konstantin Ryabitsev wrote: > Hi, all: > > I've been maintaining the kernel.org web of trust for the past 5+ years, > and I wrote a number of tools to help me visualize trust paths between > fully trusted keys and those belonging to newer developers. > >

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Tue, Feb 13, 2018 at 04:55:19PM +0100, Werner Koch wrote: > On Tue, 13 Feb 2018 15:03, ambre...@gmail.com said: > > > Thanks for the detailed answer. But why not doing it for SSH then? > > I like to see when an ssh key is used the first time. Note that the > maximum caching time for ssh keys

Re: How can we utilize latest GPG from RPM repository?

On Sat, Feb 17, 2018 at 05:06:54PM -0600, helices wrote: > I will probably never understand why wanting to run the most current > version of gnupg on a plethora of servers is controversial. > > Nevertheless, the two (2) greatest reasons are: > >1. PCI DSS v3.2 >2. PCI DSS compliance audit

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Mon, Feb 19, 2018 at 10:45:52AM -0800, Daniel Kahn Gillmor wrote: > > How can GnuPG contribute to fixing this problem? The traditional way > that many other projects have taken is to define their core programmatic > functionality into a library with a strict interface guarantees, and > have ex

Re: Solaris 11 install libgpg-error/libgcrypt make install hangs

On Fri, Feb 09, 2018 at 03:35:13PM +, Anna Kitces and Seth Fishman wrote: > Hi > > I ran ./configure, make, make check and entered make install over an > hour ago That seems a bit long. > the make check was clean Cool. > If I hit ctrl-C, how do I proceed? > > I am installing all the lates

Re: GPG encryption and decryption takes excessive time.

On Mon, Feb 19, 2018 at 01:30:06PM +, Green, Ian wrote: > Hi > Firstly, my knowledge of GPG is very weak and I am not a UNIX administrator, > so my access and knowledge are rather limited. > > I have been asked to set up file encryption / decryption of files > transferred between our SUN OS s

Re: Modernizing Web-of-trust for Organizations

On Fri, Jan 05, 2018 at 08:47:29AM -0800, Lou Wynn wrote: > On 01/04/2018 02:28 PM, Ben McGinnes wrote: > > It seems to me, though, that the idea was to provide a means for the > > company to repudiate an employee's key even if the employee was no > > longer available. &g

Re: Huawei manual about Gnupg

On Thu, Feb 15, 2018 at 10:36:28AM +0800, Genghuang Wang wrote: > Hello, everybody as the Gnupg user Well, Robert made an excellent point in his response and, indeed, it is a point of view I share. However, I felt in need of a laugh, so I at least had a look at this thing and I certainly did get

Re: Modernizing Web-of-trust for Organizations

On Wed, Jan 03, 2018 at 05:34:30PM -0800, Lou Wynn wrote: > > The management of users' private key is a little more complicated. I > use two levels of protection. One level is at the organization. An > organization actually has a fourth key, which I call the guard key, > to encrypt the password of

Re: Modernizing Web-of-trust for Organizations

On Thu, Jan 04, 2018 at 12:40:59AM +, MFPA wrote: > > For example, my ISP [0] says "All staff keys are signed using the > company signing key. This is very much like a traditional company > seal. Only the director has access to this key and it is only used > for signing other keys. If/when a m

Re: GPGME Python bindings

On Thu, Dec 28, 2017 at 05:49:58PM -0500, Leo Famulari wrote: > Hello, > > I'm working on downstream packaging of GPGME and GPGME's Python > language bindings for GNU Guix. [0] Cool. > Because it was easier, we began packaging the GPGME Python bindings > based on the PyPi release [1] of version

Re: FAQ and GNU

On Tue, Oct 10, 2017 at 02:06:17AM +, Robert J. Hansen wrote: > A request has been made that each instance of "Linux" in the FAQ be > replaced with "GNU/Linux". Oh ... say hi to RMS from us. ;) > I'm not inclined to make this change. However, in order to make > sure that the FAQ reflects th

Re: PGP for official documents / eIDAS and ZertES

On Tue, Oct 10, 2017 at 08:40:38AM +, ankostis wrote: > But it doesn't have to be XML! > Besides ETSI, the european organization implementing eIDAS has 3 "standards" > (e.g. [1]): > XADES(XML), PADES (pdf), CADES - the last one doubting if it has any > modern use. > > Why not push them for a n

Re: 1024 key with large sub key

On Thu, Oct 05, 2017 at 07:19:10AM +, Werner Koch wrote: > On Wed, 4 Oct 2017 22:29, r...@sixdemonbag.org said: > >> Twofish became part of the suite of ciphers with PGP 7, and GnuPG >> had to > > Back in 1998/1999 we were keen to have a 128 bit block cipher in > OpenPGP. The PGP folks and

Re: GnuPG-card works in the Ubuntu smartphone

On Sun, Sep 24, 2017 at 05:55:28PM +, Matthias Apitz wrote: > > I'm not on Emacs, but vim. But, with the example you gave and > looking on some sources in the blog at gnupg.org I think I can do > it. Groff was more challenging in the past :-) You can always use the quick and dirty solution: w

Re: Fwd: RE: setting GnuPG card to 'not forces' does not let sign

On Thu, Jun 08, 2017 at 01:18:35PM +0200, Peter Lebbing wrote: > On 08/06/17 12:48, Matthias Apitz wrote: > > Every time I write to gnupg-users@gnupg.org I get this crap from a robot > > or from Sarah about dating. Can someone do anything that he/she/it is not > > triggered. > > Yes, same here. I

Re: Question for app developers, like Enigmail etc. - Identicons

On Sun, Jun 04, 2017 at 10:47:56PM +0200, Stefan Claas wrote: > > I'm not yet familar with the TOFU model, but if it helps to spot a > fake pub key imediately, in addition to the regular trust-model i > see no reason why not. That's pretty much exactly what it does. TOFU stands for Trust On First

Re: Question for app developers, like Enigmail etc. - Identicons

On Sun, Jun 04, 2017 at 08:29:31PM +0200, Kristian Fiskerstrand wrote: > On 06/04/2017 11:21 AM, Stefan Claas wrote: > >> The reason why i ask, i started to use Thunderbird with Enigmail >> and Enigmail shows me always Untrusted Good Signature with a 32bit >> key ID, when i have not carefully verif

Re: Question for app developers, like Enigmail etc. - Identicons

On Sun, Jun 04, 2017 at 11:21:33AM +0200, Stefan Claas wrote: > Hi, > > i like to ask application developers if it's possible to implement, > in the future, identicons like for example Bitmessage has? > > https://github.com/jakobvarmose/go-qidenticon It's possible, but it's highly unlikely that

Re: PGP for official documents / eIDAS and ZertES

On Fri, Jun 02, 2017 at 09:39:51PM +0200, Werner Koch wrote: > On Wed, 31 May 2017 19:34, ankos...@gmail.com said: > > | >>I have some questions related to XML-Dsig: > | > > | >Argghh!! Run away! > | > | A near-universal reaction. > > XML crypto can be summarized as > we-repeat-all-bugs-the-

Re: scdaemon coredumps

On Tue, May 30, 2017 at 09:27:30PM -0400, Daniel Kahn Gillmor wrote: > On Wed 2017-05-31 10:02:16 +1000, Ben McGinnes wrote: >> It is pretty standard (and IIRC part of the SMTP RFCs) that the >> forward and reverse DNS records must match. The PTR record does not >> have to ma

Re: scdaemon coredumps

On Tue, May 30, 2017 at 06:48:04PM -0400, Daniel Kahn Gillmor wrote: > > On Tue 2017-05-30 15:09:18 +0300, Yuriy M. Kaminskiy wrote: >> >>> SMTP error from remote mail server after RCPT >>> TO:: host kerckhoffs.g10code.com >> >>> [217.69.77.222]: 550 Reverse DNS lookup failed for host >> >>> 195.1

Re: Unicode and --with-colons

On Sat, Apr 01, 2017 at 04:57:04AM -0400, Robert J. Hansen wrote: > C:\Users\Robert J. Hansen\Desktop> gpg --fixed-list-mode --with-colons > --list-key 0x3ADBFA6D00A1E6FE > > = > [... trimmed ...] > uid:-1436536488::100E4A12486A5261E374B3B0CA16CF0516F4367C::Ludwig > Hügelschäfer : >

Re: Confusion about a statement in the FAQ

On Sat, Sep 10, 2016 at 07:36:27PM -0400, Robert J. Hansen wrote: > > Hmm, OK that's kind of what I thought. But I'm still a little > > confused. Doesn't the email server have to support it? > > No. > > > Or would the "to" be one of those things not encrypted? > > Headers that are strictly requi

Re: Decryption with suppressed key ID (--throw-keyids) different in 2.1

On Mon, Aug 29, 2016 at 08:01:23AM +0200, Werner Koch wrote: > On Mon, 29 Aug 2016 04:25, c...@nymph.paranoici.org said: > >>>No, this would be a bug. >> >> I get an error 0x02 in return: > > This is a regression in 2.1.14. Workaround is to either set > --default-key or --try-secret-key. Patch

Re: Attacks on encrypted communicxatiopn rising in Europe

On Wed, Aug 24, 2016 at 10:37:35AM -0400, Robert J. Hansen wrote: >> >> P.S. We may be in the Second Crypto Wars, but the genie is out of >> the bottle, so that sense of "oh noes, the governments is >> coming for my cryptoes" just isn't there so much. > > Yeah, which is why I find bot

Re: Attacks on encrypted communicxatiopn rising in Europe

On Wed, Aug 24, 2016 at 08:41:33AM +0200, Werner Koch wrote: > On Tue, 23 Aug 2016 21:37, joh...@vulcan.xs4all.nl said: > > > (German), the German and French government are attacking the right to > > encrypt communication of their serfs. Also because of their violent > > Despite their common decl

Re: SOLVED (was: Re: strange error message, how to delete key 0x00000000)

On Sat, Aug 20, 2016 at 06:05:17PM +0200, Gregor Zattler wrote: > Hi Ben, > * Ben McGinnes [20. Aug. 2016]: >> On Fri, Aug 19, 2016 at 09:16:47PM +0200, Gregor Zattler wrote: >> >> You may have had them in the past and the entry is still in the >> trustdb

Re: strange error message, how to delete key

On Fri, Aug 19, 2016 at 09:16:47PM +0200, Gregor Zattler wrote: > > Thanks for your answer but in my case this seems not to be the > cause: I did a > > gpg --list-public-keys |sed -e "s/ //g"|grep 000 > > and > > gpg --fingerprint --list-public-keys |sed -e "s/ //g"|grep 000 > > and there ar

Re: strange error message, how to delete key

On Thu, Aug 18, 2016 at 11:51:55PM +0200, Gregor Zattler wrote: > Dear gnupg users/developers, > > I get strange errormessages when listing keys, e.g.: > > $ gpg --list-key doesnotexist > gpg: Oops: keyid_from_fingerprint: no pubkey > gpg: Oops: keyid_from_fingerprint: no pubkey > gpg: key 0x

Re: Decryption failed: No secret key found (Please help !)

On Thu, Aug 18, 2016 at 06:22:39AM +, Hariharan Shweta wrote: > Hi Team, > > > > We have setup the entire GnuPG software along with the keys in our > Linux server. We are able to encrypt our message and send it to our > vendor. even our vendor is able to decrypt it at their end. But we > are

Re: gpg.conf recommendations (FAQ improvement) was: GnuPG 1.4.19 - Encryption Questions

On Wed, Aug 17, 2016 at 05:32:03PM +0200, Kristian Fiskerstrand wrote: > On 08/17/2016 05:04 PM, Bernhard Reiter wrote: > > Am Mittwoch, 17. August 2016 16:53:57 schrieb Werner Koch: > >> FWIW, I really wonder why people seem to use the keyid to check keys. > > > > It is not done to check keys, it

Re: Installing gnupg

On Fri, Jun 10, 2016 at 02:44:49PM +0200, Werner Koch wrote: > On Fri, 10 Jun 2016 11:38, b...@adversary.org said: > >> bash-4.3$ port search gnupg2 >> gnupg2 @2.0.29 (mail, security) >> GNU pretty-good-privacy package > > I am a bit disapointed to read this name. GnuPG is the GNU Privacy >

Re: Installing gnupg

On Thu, Jun 09, 2016 at 11:11:13AM -0400, Robert J. Hansen wrote: > > I have OSX El Capitan. > > GPGOSX provides a newer version of GnuPG than GPGTools does: > > https://sourceforge.net/projects/gpgosx/ MacPorts usually stays reasonably up to date: bash-4.3$ port search gnupg2 gnupg2 @2.0.29 (m

Re: GNUPG Issues.

On Thu, May 05, 2016 at 04:39:30AM +, Mrityunjay Kumar03 wrote: > Hi Team, > > On my application server GPG 1.2.1 is being used. Recently the keys > expired on the server. [SNIP] > Could anyone please help. As Robert said, nope, but this made my day ... and here's why ... > Server version

Re: Top-posting

On Thu, Apr 28, 2016 at 11:26:52AM +0200, Matthias Apitz wrote: > El día Thursday, April 28, 2016 a las 11:02:30AM +0200, Paolo Bolzoni > escribió: > >> When you follow an email thread you do not read everything, you >> just read the new email and it makes little difference if it is in >> the top

Re: Verification via the web of trust

On Tue, Mar 22, 2016 at 06:43:20PM +, Andrew Gallagher wrote: > On 22/03/16 18:30, Peter Lebbing wrote: > > On 22/03/16 19:14, Andrew Gallagher wrote: > >> All this is true. But this does not help *me* one iota. > > > > It sounds to me like you're not looking for the Web of Trust, which is >

Re: EasyGnuPG

On Fri, Mar 25, 2016 at 04:37:59AM -0400, Robert J. Hansen wrote: > > And that doesn't even get into the issues involved with selecting a > > format for producing the documentation in. Consider the following: > > Preach it, Brother Ben. :-D > And it's not just about formats, it's also about tar

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 10:56:27PM +, Andrew Gallagher wrote: > > IMHO the only thing to do with E-usage primary keys is revoke them > and start again from scratch. The only reason they are even still > allowed in GPG is for backwards compatibility, right...? Right. Primary keys MUST be C-us

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 10:21:31PM +0100, Peter Lebbing wrote: > On 22/03/16 20:53, Dashamir Hoxha wrote: > > > the docs are like a maze and not clearly structured > > A reasonably fair criticism... writing good documentation is hard, > very hard. In fact, it turned out to be easier to write acad

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 04:29:42PM +0100, Werner Koch wrote: > On Tue, 22 Mar 2016 15:41, b...@adversary.org said: > > > provides a socket interface with which you can interact with > > portions of the GPGME functions, including most of the most common > > functions. > > FWIW: We even consider to

Re: A better interface to the GnuPG-Framework (Re: EasyGnuPG)

On Tue, Mar 22, 2016 at 03:45:09PM +0100, Bernhard Reiter wrote: > On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: > > You know what might, though, if someone were to take up the old GPA > > project perhaps ... maybe port it to GTK 3 or implement a Qt version. > >

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 11:20:40AM +0100, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter > wrote: > > > > Any cross plattform approach would work. Python has the advantage > > that the source code can be changed by an editor an immedeately run > > and that it works fairly

Re: EasyGnuPG

On Mon, Mar 21, 2016 at 06:38:31PM +0100, Peter Lebbing wrote: > On 21/03/16 16:49, Dashamir Hoxha wrote: > > Yes, but the overall number of commands and options supported > > is 10 times smaller than those of gpg2. Tutorials about egpg are also > > much shorter. > > These things can simply be sol

Re: EasyGnuPG

em should be in the gpg.conf file anyway, they normally only need to be set once. Sometimes toggled back and forth (e.g. with --expert), but mostly it's set once and leave it that way (e.g. enable-large-rsa, enable-dsa2, allow-freeform-uid, etc.). Regards, Ben -- | Ben McGinnes

Re: Where is /usr/local/gnupg-2.1?

On Mon, Mar 21, 2016 at 11:31:56PM -0400, Robert J. Hansen wrote: > > There are two other possible explanations: MacPorts (see macports.org) > > and Home Brew. > > And Fink, and... etc. However, I'm omitting the ... let's call them > "comprehensive" solutions that allow you to install all manner

Re: Where is /usr/local/gnupg-2.1?

On Mon, Mar 21, 2016 at 06:39:33PM -0400, Robert J. Hansen wrote: > Edgar reached out to me earlier, and I directed him here to this list in > the hopes that someone with more clue than me would be able to help. > > Edgar, I'm not particularly up on GPG for OS X. However: > > > So, I went to the

Re: OPENPGP URI PROPOSAL

On 22/05/2015 5:21 am, Daniel Kahn Gillmor wrote: > On Thu 2015-05-21 11:59:07 -0400, mofo syne wrote: >> You might see a few copies around. This one is edited and streamlined with >> some advice from Hasimir to help keep this proposal focused. This is >> mirrored in here >>

Re: gpg-agent override to import secret keys in 2.1

On 22/05/2015 5:14 pm, Werner Koch wrote: > On Thu, 21 May 2015 21:52, b...@adversary.org said: > >> Does anyone know whether or not there is an override command >> or option to force -agent to read/import secret keys after the initial >> migration to version 2.1? > > If you want to migrate

Re: [Enigmail] Popescu and keys

On 22/05/2015 5:00 pm, Werner Koch wrote: > On Thu, 21 May 2015 23:58, b...@adversary.org said: > >> Is it possible that a keyserver running the old, buggy PKS code >> (v. 0.9.something) mangled these keys? > > Yes, but that won't explain why the key binding signature is valid. Okay, there's cle

Re: [Enigmail] Popescu and keys

On 22/05/2015 5:37 am, Werner Koch wrote: > > These are all encryption subkeys. The third key is the one from > H. Peter Anvin. I have not found one of the fingerprints given in the > said blog posting: gpg removed it while importing the key. It is a bit > disturbing that the other subkey liste

gpg-agent override to import secret keys in 2.1

Hello, Does anyone know whether or not there is an override command or option to force -agent to read/import secret keys after the initial migration to version 2.1? The basic scenario here is a primary workstation which the initial migration was performed on and a subsequent decommisioning

Re: OPENPGP URI PROPOSAL

On 22/05/2015 1:59 am, mofo syne wrote: > > You might see a few copies around. This one is edited and > streamlined with some advice from Hasimir to help keep this proposal > focused. For the benefit of the rest of the list, Hasimir is my IRC handle on freenode and a few other places. An /ns info

Re: GnuPG 2.1.3 Fails to Compile OS X

On 23/04/2015 11:39 am, NIIBE Yutaka wrote: > On 04/22/2015 04:22 PM, Werner Koch wrote: >> On Sat, 18 Apr 2015 21:35, b...@adversary.org said: >> >>> e...@quot.po:54: 'msgid' and 'msgstr' entries do not both end with '\n' >>> e...@quot.po:58: 'msgid' and 'msgstr' entries do not both end with '\n'

Re: GnuPG 2.1.3 Fails to Compile OS X

On 22/04/2015 5:22 pm, Werner Koch wrote: > On Sat, 18 Apr 2015 21:35, b...@adversary.org said: > >> e...@quot.po:54: 'msgid' and 'msgstr' entries do not both end with '\n' >> e...@quot.po:58: 'msgid' and 'msgstr' entries do not both end with '\n' > >> but no need to paste them all in); obviously

Re: GnuPG 2.1.3 Fails to Compile OS X

On 13/04/2015 5:59 pm, Werner Koch wrote: > On Sun, 12 Apr 2015 00:29, dominyktil...@gmail.com said: > >> = >> t-stringhelp.c:488:3: error: function definition is not allowed here >> { >> ^ > > Oh sorry, I didn't spotted the use of a nes

Re: Making the case for smart cards for the average user

On 8/04/2015 12:04 am, MFPA wrote: > On Tuesday 7 April 2015 at 2:14:55 PM, in > , Daniel Kahn Gillmor > wrote: > >> We know how to structure a proper name-addr and an addr-spec, and >> it's not difficult. If you want an e-mail address to be >> recognizable to automated tools, you should structur

Re: Making the case for smart cards for the average user

On 8/04/2015 12:41 am, MFPA wrote: > >> allowing them to drop the standard format of "name >> " and then they're shocked that doing so might >> produce unintended consequences? > > Don't know about "shocked", but unintended consequences for a > non-standard UID scheme was indeed the issue. > > T

Re: Making the case for smart cards for the average user

On 7/04/2015 10:39 pm, MFPA wrote: > > We are talking at cross-purposes. > > When I look at that UID:- > > Ben McGinnes > > I see angle brackets around the email address, in the usual way. > > I was talking about what happens when the angle brackets are not

Re: Making the case for smart cards for the average user

On 7/04/2015 7:57 pm, Peter Lebbing wrote: > The type of UID that proves problematic when you include the angle > brackets in your search is this: > > $ gpg2 -k c...@example.org > pub 2048R/17C05EBD 2014-08-13 [expires: 2015-04-14] > uid [ unknown] c...@example.org > > $ gpg2 -k "" > gpg:

Re: Making the case for smart cards for the average user

produced. *NOTE*: the 2nd and 3rd UIDs have been removed to make it clearer. Obviously you all know how to see those addresses. bash4-4.3$ gpg -k "ben.mcgin...@pirate.org.au" pub rsa4096/0x321E4E2373590E5D 2012-07-28 uid [ultimate] Ben McGinnes uid [ultimate

Re: gnupg preferences

On 3/04/2015 1:14 am, Robert Deroy wrote: > > Good Morning, > I send you this letter because maybe you can help me about somethings, > i know that my english is not perfect at all.. > > > Is it possible to remake an original gpgconf file ? There should be a sample gpg.conf file installed to a d

Re: Making the case for smart cards for the average user

On 7/04/2015 5:56 am, Peter Lebbing wrote: > On 06/04/15 18:04, Ben McGinnes wrote: >> or enclose all GPG key UIDs in quotation marks in order to mitigate >> that (a feature request for The Bat!). > > I think that would be quite an exploitable bug, passing UIDs to be > par

Re: Making the case for smart cards for the average user

On 18/03/2015 4:38 am, Daniel Kahn Gillmor wrote: > On Mon 2015-03-16 20:55:51 -0400, MFPA wrote: > >> Although I don't really like email addresses in the UIDs of my keys, I >> quite like the simplicity of your "email address only" simplified UID >> format. However, I would urge you to reconsider

Re: One alternative to SMTP for email: Confidant Mail

On 30/03/2015 8:28 am, Mike Ingle wrote: > >> Why should the user need to delete one, rather than just be told >> there were two and the one with such-and-such a fingerprint (or the >> one highlighted) signed this message? If it is just a string in a >> key UID rather than a functional email addres

SOLUTION: GPG 2.1.x not compiling on OS X (any version)

Hello, A while back, when 2.1.0 was released I and many others encountered a most annoying error when compiling or attempting to compile both pinentry and GnuPG itself. It was a linker error where x86_64 architecture was not recognised. Online searches led to similar problems affecting Qt

Re: One alternative to SMTP for email: Confidant Mail

On 24/03/2015 2:27 pm, Mike Ingle wrote: > There has been some discussion on gnupg-users about replacing SMTP for > secure email, and how BitMessage does not scale. > > There is an open source non-SMTP email system called Confidant Mail, > which is based on GnuPG and hash table storage. The protoc

Re: [Announce] The maybe final Beta for GnuPG 2.1

On 9/10/2014 12:48 am, Werner Koch wrote: > On Sun, 5 Oct 2014 09:13, b...@adversary.org said: > >> Now since the configure script for pinentry is about 13,000 lines > > That is generated. The actual configure.ac script is 565 lines. > > I do not understand you remarks about libc++ - is that r

Re: How do I see what algorithm is used for a signature

On 9/10/2014 5:20 pm, Robert J. Hansen wrote: > On 10/9/2014 12:54 AM, Doug Barton wrote: >> I'm sure there is a way to determine what algorithm a signature was >> created with... > > gpg2 --fixed-list-mode --with-colons --list-key [keyID] > > Once you learn how to read that output, you get a *t

Re: [Announce] The maybe final Beta for GnuPG 2.1

On 9/10/2014 12:48 am, Werner Koch wrote: > On Sun, 5 Oct 2014 09:13, b...@adversary.org said: > >> Now since the configure script for pinentry is about 13,000 lines > > That is generated. The actual configure.ac script is 565 lines. > > I do not understand you remarks about libc++ - is that r

Re: [Announce] The maybe final Beta for GnuPG 2.1

On 4/10/2014 12:35 am, Werner Koch wrote: > Hello! > > I just released another *beta* version of GnuPG *2.1*. It has been > released to give you the opportunity to check out new features and to > help fixing bugs. I'm most of the way through a test compile (in /opt/local) on OS X 10.9 (64-bi

Re: a bit OT: pgpdump binaries?

On 9/05/14 6:34 PM, Josef Schneider wrote: > Hi, > > something strange happened in my mail client so the signature of the > last message was invalid! I'm sure we've all had that happen at some point. Anyway, thanks, I'm sure Faramir will appreciate these and I can probably think of a few other p

Re: a bit OT: pgpdump binaries?

On 9/05/14 1:00 PM, Faramir wrote: > Hello, > I hope this is not much off-topic. I was looking for pgpdump > binaries, and the one I have is for version 0.20, I downloaded it on > september 2011. But in the website, the current version is 0.28, > from june 2013. Does somebody know where I can

Re: Managing Subkeys for Professional and Personal UIDs

On 3/05/14 11:32 AM, Robert J. Hansen wrote: > > Seems perfectly reasonable for me for the company to issue a > signature on a purchase order using your *corporate-owned*, > *corporate-controlled* certificate, which was always issued for the > needs of the corporation. > > Just because a certific

Re: Quotes from GPG users

On 6/11/13 2:40 AM, Sam Tuke wrote: >> Feel free to use any of my public comments on the topic, either on my >> blog or on Twitter. > > Those are great resources I hadn't seen before, thanks for the links! > > What do you think about these two? I had a hard time finding quotes > from your article

Re: Quotes from GPG users

On 30/10/13 9:58 PM, Sam Tuke wrote: > Hi all, > > I'm working with Werner to promote GnuPG and raise awareness. To > that end we're collecting quotes from users - endorsements from > people who know and trust GPG, people like you. > > If you want to help us, send your own statement about why GPG

Re: Quotes from GPG users

or those of you who hate URL forwards): http://www.abc.net.au/news/2011-08-19/lnp-candidate-expelled-over-email/2847428 If you make a hashtag for this topic, let me know so I can point my fellow Pirates at it all. We've got some very good people on our social media team. Regards, Ben - --

Re: cant open public keyring file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 5/09/13 3:05 PM, Matt D wrote: > my open pgp wont work. i cant get keys. using ubuntu 12.10. > latest version of gpg. > > OpenPGP Security Info > > Unverified signature > > gpg command line and output: gpg gpg: Signature made Wed 14 Aug > 201

Re: Issue with --sign option

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 18/08/13 1:04 PM, Tiwari, Ashish wrote: > Still not working. > > Saying Inavlid OPtion -sign. Yes, it's supposed to be: --sign --encrypt [the rest of the command] Regards, Ben -BEGIN PGP SIGNATURE- iQGcBAEBCgAGBQJSELw7AAoJEH/y03E1x1U

Re: PGP for zLinux [full info]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 4/03/13 9:17 AM, Werner Koch wrote: > On Sat, 2 Mar 2013 08:16, b...@adversary.org said: > >> list. Since you have already received one "reply to all" from >> Werner, this has already happened. > > I apologize for having being tricked to do a

Re: PGP for zLinux [full info]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2/03/13 3:04 AM, gcal...@br.ibm.com wrote: > Hello, > > I have sent an email earlier requesting information about the best > PGP version to install in a zLinux server. Please don't attempt to post to gnupg-annou...@gnupg.org. While your message

  1   2   3   >