On Mon 2024-09-09 15:13:07 +0200, Werner Koch via Gnupg-users wrote:
> Advertisement for other applications, like a Python wrapper around a
> long standing command line API (going all the way back to pgp 2), is
> thus off-topic.
Jakob specifically asked how he could use GnuPG while relying on the
On Tue 2024-08-27 17:37:03 +0200, Jakob Bohm via Gnupg-users wrote:
> Another, related, feature would be the ability to run the gnupg tools in
> a mode that doesn't talk to any part of the environment, neither the
> gnupg config dir, nor the various helper programs (directory, password
> prompt
On Fri 2024-09-06 14:00:53 +0200, Werner Koch wrote:
> See
> GpgOL: Add filenames for PGP/MIME parts
> https://dev.gnupg.org/T4258
>
> on how to solve that. Complaints about strange attachments dropped to
> nearly zero after we deployed that change 5 years ago.
This is a great idea, and certainl
On Wed 2024-09-04 14:05:28 +0100, Andrew Gallagher via Gnupg-users wrote:
> As I mentioned already in an (accidental) off-list message to the OP,
> I have one regular correspondent who sees my signatures as broken if I
> send email from my laptop, because some as yet unknown MTA on the path
> betw
On Tue 2024-08-06 14:01:36 -0400, Daniel Kahn Gillmor via Gnupg-users wrote:
> Or, if you really want the "sop verify" and "sop inline-verify"
> interface to support some sensible "at least N signatures" semantic, feel
> free to open a suggestion in the sop
On Mon 2024-08-05 20:08:43 +0200, Björn Persson wrote:
> It's true that requiring verification of all the signatures is not
> always desirable. Allowing all but one to fail is not always right
> either. Deciding how many correct signatures should be required is
> nontrivial. I doubt any general ver
Hi Todd--
On Mon 2024-07-29 15:47:09 -0400, Todd Zullinger via Gnupg-users wrote:
> Particularly, using sopv-gpgv would introduce more
> dependencies to the buildroot (the python stack,
> specifically) which is unlikely to be something folks like
> Fedora want, after spending time to minimize the
Hi Todd--
On Fri 2024-07-26 09:54:32 -0400, Todd Zullinger via Gnupg-users wrote:
> A reasonably common use case for gpgv is to verify
> signatures on release artifacts by distribution packaging
> tools. Being able to use the upstream provided key
> material, which is typically armored, would mak
Hey GnuPG folks--
I've written `sopv-gpgv`, which implements the verification-only subset
of the Stateless OpenPGP CLI, using gpgv as a backend.
If you're an implementer who needs a minimalist, verification-only
OpenPGP command-line tool, and you'd prefer to use a stable, normalized
interface whi
On Fri 2024-03-01 17:06:09 +0100, Ingo Klöcker wrote:
> On Donnerstag, 29. Februar 2024 21:21:42 CET Daniel Kahn Gillmor wrote:
>> human-readable names for certificates. But i don't see how to use that
>> safely while dealing with GnuPG's risky implementation choices here.
>
> Allowing recipients
On Wed 2021-07-07 19:57:14 +0200, Werner Koch wrote:
> You need to check for the canonical form anway and thus it is easier to
> directly sort it. In case of signature subpackets (if that is one of
> your concerns), this if of course not possible and thus this would
> require that the specs requir
On Tue 2021-07-06 23:20:23 +0100, Andrew Gallagher wrote:
> That's an interesting idea, and it has merit in itself, but from a
> keyserver point of view I think a more general solution is to explode
> TPKs into atomic components, sync them separately, and reconstruct the
> TPK on demand at query
On Mon 2021-06-28 18:42:02 +0100, Andrew Gallagher via Gnupg-users wrote:
> It’s not clear, but it may be due to a lack of canonical ordering of
> packets.
There are no published specifications for how to canonically order
OpenPGP packets, but i sketched a proposal here:
https://dev.gnupg.org
On Thu 2021-06-03 09:43:02 +0900, NIIBE Yutaka wrote:
> ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
>> I'm getting this error/warning even when I just decrypt an encrypted
>> file using plain gpg.
>
> If you keep using ~/.gnupg/pubring.gpg, I think this is the cause of
> your problem.
>
> In this case, see this comment i
On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists tha
On Fri 2021-03-19 08:29:12 +0100, Werner Koch via Gnupg-users wrote:
> You may also skip the menu thing and use
>
> gpg --quick-gen-key b...@example.com future-default
I agree with Werner's recommendation of using --quick-gen-key and
future-default.
If you're going to provide an e-mail address-
On Fri 2021-01-29 01:20:55 +0100, Ángel wrote:
> Oh, nice. I had only located
> https://gitlab.com/openpgp-wg/webkey-directory which stops at -08. This
> one has been further updated.
yep, see the thread starting at
https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062844.html
and conclu
On Wed 2021-01-27 22:49:13 +0100, André Colomb wrote:
> By the way, is there something like a repository to send and discuss
> pull requests against the WKD draft document? Or is it just
> hand-crafted text edited by the submitter based on suggestions?
I think you can find a git repo that contain
On Fri 2021-01-22 22:59:36 +, Andrew Gallagher via Gnupg-users wrote:
> On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote:
>> this is a non-backward-compatible change to the format, so i think
>> that's probably not a great outcome.
>
> I can&#
On Tue 2021-01-19 13:08:19 +0100, Werner Koch via Gnupg-users wrote:
> On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
>
>> When you look up the openpgpkey.example.org domain, you are revealing
>> to anyone snooping DNS traffic that you are using OpenPGP and are
>> looking for a key related to ex
On Thu 2021-01-21 18:49:19 +0100, Neal H. Walfield wrote:
> Please don't do this. This is the format of a TPK:
>
> https://tools.ietf.org/html/rfc4880#section-11.1
>
> It doesn't allow arbitrary packets to follow it, as far as I can see.
fair enough. It also doesn't allow arbitrary trailing NUL
(my messages might not be arriving at @gnupg.org addresses right now
because their mailserver appears to be rejecting my mailserver claiming
(incorrectly, afaict) that the reverse DNS is not configured --
hopefully it will be resolved soon; feel free to re-forward this message
to the list if it doe
On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
> The "make a CNAME of your openpgpkeys subdomain to
> wkd.keys.openpgp.org" couldn't work with https certificate validation,
> thouth (or are they requesting a certificate on-the-fly?)
In fact, i believe that keys.openpgp.org *is* requesting and reta
On Sun 2020-10-11 09:59:12 +0200, Stefan Claas wrote:
> Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
>> Yes, but why should she want to be able to do that? She could
>> decrypt the message and, if it turns out that the message is not
>> signed, discard the message.
>
> It would allow Alice (i
On Wed 2020-05-27 20:42:45 +, halfdog wrote:
> I just noticed that gpgv2 packaged for Debian does not include
> the "gpgsplit" and "pgpdump" tools any more.
pgpdump was never part of GnuPG, it ships in its own package.
The gnupg-utils package contains /usr/bin/gpgsplit.
For more detailed exa
On Mon 2019-12-16 13:39:10 +0100, Andreas Ronnquist wrote:
> Changing to pinentry-gtk3 also removes the problem, and that is an
> acceptable solution for me, so I have no hurry in getting fixes to the
> gtk-2 version.
just to clarify, i think you're talking about pinentry-gnome3, not
gtk3. Right?
On Tue 2019-10-22 21:28:53 -0400, Daniel Kahn Gillmor via Gnupg-users wrote:
> On Thu 2019-10-17 11:08:46 +, Bjarni Runar Einarsson wrote:
>> Daniel Kahn Gillmor wrote:
>>> I'd be happy to set up such a tracker at (say)
>>> https://gitlab.com/openpgp-wg/w
On Tue 2019-10-22 06:48:44 +0200, David Hebbeker wrote:
> On Wed, 2019-10-16 at 20:26 +0200, David Hebbeker wrote:
>> On Wed, 2019-10-16 at 14:19 +0200, Werner Koch wrote:
>> > On Tue, 15 Oct 2019 22:23, David Hebbeker said:
>> > > The manual [1] says that GnuPG can automatically retrieve keys
>> >
On Thu 2019-10-17 11:08:46 +, Bjarni Runar Einarsson wrote:
> Daniel Kahn Gillmor wrote:
>> I'd be happy to set up such a tracker at (say)
>> https://gitlab.com/openpgp-wg/web-key-directory/issues if folks
>> are OK with it.
>>
>> Werner, does that sound OK to you?
>
> This sounds good to me,
On Tue 2019-10-15 23:01:33 +0200, Werner Koch via Gnupg-users wrote:
> On Tue, 15 Oct 2019 09:06, Bjarni Runar Einarsson said:
>
>> Would the GnuPG issue tracker be a good place to file "bug
>> reports" against the spec, to work towards clarifications?
>
> That is okay for bug reports, but often it
On Tue 2019-10-15 22:57:16 +0200, Werner Koch via Gnupg-users wrote:
> If your system has a method to run a script
> on suspend or lid closing it may already do just that. I consider this
> a good idea but we can't do that by default in GnuPG because systems
> differ to much on how to detect a lid
Hi Tomasz--
On Sat 2019-08-17 18:45:24 +0200, Tomasz Buchert wrote:
> what would be the most "canonical" way to store arbitrary, signed data
> along the gpg key? And then: what is the programmatic way of extracting
> said data?
>
> My specific usecase is putting a signify [1] public key inside my
On Thu 2019-08-01 13:37:26 +0200, Werner Koch wrote:
> The user ID is important because the accompanying self-signature conveys
> important information about the keyblock. For example expiration date
> and preferences. It is true that this can also be conveyed with
> direct-key-signatures (a self
Hi MFPA--
On Sun 2019-07-28 14:12:45 +0100, MFPA via Gnupg-users wrote:
> I have the option "allow-non-selfsigned-uid" in my gpg.conf.
A bit of background first, since the documentation around
allow-non-selfsigned-uid appears to be confusing/mistaken.
the manual says:
--allow-non-selfsig
On Thu 2019-07-25 14:00:08 -0400, Kynn Jones via Gnupg-users wrote:
> The GnuPG documentation refers to an "INTEROPERABILITY WITH
> OTHER OPENPGP PROGRAMS section", but when I search for this
> title, I find only references to it, not the actual section.
>
> Does any one know where that section is?
On Tue 2019-07-02 12:24:42 +0200, Werner Koch via Gnupg-users wrote:
> On Tue, 2 Jul 2019 10:23, gnupg-users@gnupg.org said:
>
>> Why not make "import-clean" and "import-minimal" strip key signatures
>> before importing a key? That would make "import-minimal" behave like
>
> Because that contradic
On Sun 2019-06-30 00:33:22 +0100, Andrew Gallagher wrote:
> Indeed, c) was exactly the killer use case I had in mind.
so, how do we get there?
> On the other hand, b) is also quite useful in the short to medium
> term, until all mail providers decide to support WKD etc.
WKD is mighty nice, but i
On Fri 2019-06-28 11:09:36 +0200, Michael Kesper wrote:
> On 28.06.19 10:23, Daniel Kahn Gillmor wrote:
>> On Fri 2019-06-28 10:04:44 +0200, Michael Kesper wrote:
>>> On 23.06.19 12:21, Matthias Apitz wrote:
I'm used to use 'startx' and ~/.xinitrc to bring up Xorg+KDE:
>>>
>>> This makes your
On Fri 2019-06-28 10:04:44 +0200, Michael Kesper wrote:
> On 23.06.19 12:21, Matthias Apitz wrote:
>> I'm used to use 'startx' and ~/.xinitrc to bring up Xorg+KDE:
>
> This makes your setup depend on a suid binary.
Can you give more details? I know that some older systems did rely on X
or startx
On Wed 2019-06-26 07:47:11 +0200, Matthias Apitz wrote:
> Thanks for all the helping hands and hints about systemd(8), but FreeBSD
> normally does not run/use this. AFAIK, there is not even an official
> port of it in the FreeBSD's ports collection.
That's correct, systemd depends on the Linux ker
On Tue 2019-06-25 23:03:18 -0400, Phil Pennock wrote:
> With GnuPG 2.2.16 :
>
> % ls -ldh ~/.gnupg/pubring.kbx
> -rw-r--r-- 1 pdp pdp 241M Jun 22 22:16 /home/pdp/.gnupg/pubring.kbx
> % time gpg --list-keys >/dev/null
> [...]
> gpg --list-keys > /dev/null 1473.99s user 1965.72s system 99% cpu 57:1
On Tue 2019-06-25 12:02:13 -0700, James Moe via Gnupg-users wrote:
> On 25/06/2019 8.30 AM, Daniel Kahn Gillmor wrote:
>
>> Is it possible that your pubring.gpg is corrupt?
>
> As it happens, yes.
> The size of pubring.gpg was 20MB; the backup copy was 1.3MB. After
> restoring from backup, gpg2
On Tue 2019-06-25 17:41:12 +0200, Dirk Gottschalk via Gnupg-users wrote:
> Am Dienstag, den 25.06.2019, 16:30 +0200 schrieb Vincent Breitmoser:
>> Have you considered the option to have keys cross-sign third party
>> signatures for publication? It's a very slight switch in tooling if
>> we assume a
On Sun 2019-06-23 15:00:40 -0700, James Moe via Gnupg-users wrote:
> On 23/06/2019 11.53 AM, James Moe via Gnupg-users wrote:
>
>> gnupg does appear in the update log
>>
> Sigh. Typo.
> gnupg does NOT appear in the update log. Nor does libscrypt.
Without having access to your pubring.gpg, it's
On Sun 2019-06-09 19:17:10 +0200, Wiktor Kwapisiewicz via Gnupg-users wrote:
> Hi Markus,
>
> On 09.06.2019 14:16, Markus Reichelt wrote:
>>> in a similar fashion to what --quick-* commands already do for other actions
>>> (e.g. --quick-add-uid).
>>
>> --set-notation maybe?
>
> Yes, but as far a
On Sat 2019-06-01 12:14:00 +0200, Uwe Brauer wrote:
> In any case I finally solveed the issue by just importing all available
> cer into gpgsm and it worked, by mistake was to assume that gpgsm uses
> the ones which are installed system wide.
I agree that gpgsm integration with the system keyring
On Tue 2019-06-18 04:03:45 -0400, vijai kumar via Gnupg-users wrote:
> I am using gpg inside a docker container. By default, there is no
> /run/user/ in the container so gpg defaults to ~/.gnupg as socket
> directory. Is there a provision to change the socket directory later?
> Now, I would like to
On Tue 2019-06-25 13:07:03 +0200, Dirk Gottschalk via Gnupg-users wrote:
> This is my $HOME/.config/systemd/user/gpg-agent.service:
If you're using gpg-agent as a systemd user service, please use the
systemd unit files (.service and .socket definitions) that ship with
GnuPG itself.
There are a nu
On Sat 2019-06-22 09:41:46 +0200, Wolfgang Traylor via Gnupg-users wrote:
> On Debian: Prepare GnuPG
>
>
> SSH support is not given by GnuPG 1. The `gpg` executable must be version 2.0
> or higher.
> On Debian system, `gpg` is still the old version by default. We change th
On Fri 2019-06-21 15:26:17 +0100, Andrew Gallagher wrote:
> On 21/06/2019 14:32, Werner Koch via Gnupg-users wrote:
>> That new thing now is the n-th repetition of the same game: Replacing
>> PGP by a centralized approach, or well many centralized approaches, in
>> an attempt to repeat the story of
50 matches
Mail list logo
