Hello,
Vincent Cozzo wrote:
> So, the first `agent_genkey` call works just fine (`err` code is
> zero), but the subsequent agent_genkey returns `16777220`...
[...]
> So there is very possibly a problem with how I installed the new
> binary. In full disclosure, I tried to "compile" the GnuPG binari
Hello,
"Felix E. Klee" wrote:
> No idea what to do. Guess I’ll fix my modded SPR332 and continue using
> that.
Basically, it's case-by-case thingy when we add new (proprietary)
hardware support around smartcard + card reader. While we have
standardized CCID protocol, actually, it depends on ea
Hello,
Siva Krishna Sayavarapu wrote:
> gpg: signing failed: Inappropriate ioctl for device
I think that this is due to pinentry program (it complains that there's
no suitable device, tty, to ask passphrase).
Well, older GnuPG was more friendly in those situations where a
programmer wants to fee
Hello,
Matthias Apitz wrote:
> This isn't that easy. The pcscd is running (when needed) as:
>
> purism@pureos:~$ ps ax | grep pcscd
>2151 ?Ssl0:00 /usr/sbin/pcscd --foreground --auto-exit
>
> it is launched by a system service:
I see. IIUC, PureOS is Debian based. There should
Hello,
Matthias Apitz wrote:
> It seems that the first time is longer. I will increase the debug-level
> for scdaemon.
Thank you for the information. I think that it's better to debug how
PC/SC goes.
To get full debug log in lower level, you can invoke pcscd manually with
root:
# LIBCCID_
Hello,
I wonder if it taks always 8-9 secs, or it's only for the first time.
Matthias Apitz wrote:
> /tmp/scdaemon-debug.log:
[...]
> 2024-05-15 11:07:58 scdaemon[16983] DBG: chan_7 <- SERIALNO
>
> It takes 8 secs until scdaemon detects the reader, waht does this maen?
>
> 2024-05-15 11:08:06 sc
Hello,
sergio borghese wrote:
> 2023-12-10 16:46:24 gpg-agent[358316] DBG: chan_11 <- ERR 268435731 Unknown
> IPC command
This is no harm. TPM2d doesn't support GETINFO command.
> 2023-12-10 16:46:30 gpg-agent[358316] updating regular key file
> '/home/netresults.wintranet/borghese/gpg2.tmp/pr
Hello,
Your configuration of pinentry-program is:
Caleb Herbert wrote:
> /gnu/store/rfy36kapnhx9djhxdi3a54x5p2n097xv-pinentry-gtk2-1.2.1/bin/pinentry-gtk-2
But what you tested in your command line is:
> /gnu/stor/gnu/store/rfy36kapnhx9djhxdi3a54x5p2n097xv-pinentry-gtk2-1.2.1/bin/pinentry-gtk-2
Hello,
Daniel Cerqueira wrote:
> I want to know a bit, on how authentication and authorization works in
> GnuPG.
Do you mean authentication subkey in GnuPG? It's basically
user-defined; It's up to user how it is used.
Usually, it means use with OpenSSH. For example, I have an
authentication s
Hello,
I'm sorry that I didn't have time yesterday.
"Herbert J. Skuhra" wrote:
> This issue (bug id: T6481) is obviously fixed on master (commit
> 2f872fa68c6576724b9dabee9fb0844266f55d0d):
>
> https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d
Hello,
Frank Lindner wrote:
> For 1.10.2 I now run into the following:
>> start ---<
> /opt/freeware/bin/bash ../libtool --tag=CC --mode=link cc
> -I/opt/freeware/include -qmaxmem=16384 -qlanglvl=extc99 -DSYSV
> -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AI
Matthias Apitz wrote:
> How to fix this?
Here is a commit of mine for GnuPG 2.4:
https://dev.gnupg.org/rG9ae3cfcabec9252c22d67b7a15c36f0a8cf22f0f
--
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-use
Matthias Apitz wrote:
> $ gdb /usr/local/libexec/scdaemon
> ...
> r --debug-all --verbose --verbose --server
> ...
> OK GNU Privacy Guard's Smartcard server ready
> SERIALNO
> [New LWP 101967 of process 2622]
>
> Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault.
> Address not
Hello,
Matthias Apitz wrote:
> After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
> my OpenPGP card with the USB token anymore. In /var/log/messages
> it says:
[...]
> Any hints how to debug this
You can run scdaemon as a foreground process to debug. An example
session is lik
Hello,
Please note that I don't have any experience using scdaemon in a guest
OS of GNU/Linux. So, my answer may be wrong/irrelevant.
"Felix E. Klee" wrote:
> [felix@felix-arch ~]$ sudo gpg --card-status
> Reader ...: SCM Microsystems Inc. SPR 532 [CCID Interface]
> (5127174
Hello,
I learned about Air32F103, another clone of STM32F103. Unfortunately,
there is no reference manual available yet.
Air32F103:
https://wiki.luatos.com/chips/air32f103/index.html
Datasheet (in Chinese) *is* available here:
https://wiki.luatos.com/chips/air32f103/hardware.html
I looked arou
Damien Goutte-Gattat wrote:
> In the specific case of the Gnuk token, the GET CHALLENGE command is
> implemented using the same logic as the one used in NeuG [2]. I have not
> looked in details how NeuG works, but given that it is specifically intended
> as a random number generator, I’d say it’s s
Baptiste Beauplat wrote:
> I noticed that the key size reported by gpg --with-colons for ECC keys
> (ed25519) have changed from 256 to 255.
Thank you for sharing. I didn't know that it is exposed to users.
(I considered it were (only) internal thing in libgcrypt.)
> I was wondering if that's a
Hello,
Thank you for your report.
William Holmes wrote:
> gpg failed after I created a second sign-only Curve 448 key.
Please use --quick-add-key instead, while I'm fixing the bug.
My changes of following commits were not enough.
2b50f942672d9a2c325a818f21f69d3ee69255d3
3635539
Hello,
Derek C Hoffmann via Gnupg-users wrote:
> It looks like scdaemon is crashing when attempting to access a sim card
> slot/sim card itself on my Surface Go.
It is my fault. I added multiple card readers support (for PC/SC) to
GnuPG 2.3, and it causes an issue in your use case. By default,
Hello,
Brandon Anderson wrote:
> So I have purchased an Omnikey 3121 smart card reader for use with my
> GPG smart card version 2.1.
Reading the descriptors:
https://ccid.apdu.fr/ccid/readers/CardMan3121.txt
It says:
02 Short APDU level exchange
This means that the reader cannot han
Hello,
袁建鹏 wrote:
> Caculate the sha256 of a 6MB file need 3 secoands:
> # TIME=%e time ./fwtool check ipq4018.bin
> 3.23
[...]
> the libgcrypt build configure in IPQ4018 (ARM cortext A7 soc):
> conf := --disable-doc --enable-neon-support \
> --with-libgpg-error-prefix=$(APP_BUILD)/libgpg-err
Hello,
ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
> I'm getting this error/warning even when I just decrypt an encrypted
> file using plain gpg.
If you keep using ~/.gnupg/pubring.gpg, I think this is the cause of
your problem.
In this case, see this comment in the bug tracker of GnuPG:
https://dev.gnupg.org
On Sun, 25 Apr 2021 16:41, William Holmes said:
> I encrypted the file with '--hidden-recipient'.
> After decryption failed, gpg-agent was killed.
This is because there is a bug for decryption of anon recipient.
The size of input for decryption should be checked. So far, we only
have Curve25519
Frank wrote:
> Hi Werner,
>
> I assume you are busy with the 2.30 release (congratulations!) but you
> have any more hints how to get more informations on my compile problem?
Since Werner is busy, let me reply, to where I can understand.
IIUC, GnuPG 2.3.0 needs some fix for your environment (x
Frank wrote:
> Hi Werner,
>
> I assume you are busy with the 2.30 release (congratulations!) but you
> have any more hints how to get more informations on my compile problem?
Since Werner is busy, let me reply, to where I can understand.
IIUC, GnuPG needs some fix for your environment (xlc on
Daniel Pocock writes:
> Reiner SCT cyberJack secoder 2
> v2.2.0
> USB: 0c4b:0400
It's good to check the list of CCID readers by libccid:
https://salsa.debian.org/rousseau/CCID/-/tree/master/readers
Since I cannot find the device in this list, I'm afraid it would not
work well.
For some tes
Vincent Pelletier wrote:
> I would like to announce my implementation of a software CCID card
> reader targeting the Linux gadget subsystem, along with a smartcard OS
> and openpgp card application to use with this reader.
Great. (And thanks for the patches for tests of Gnuk. I'll apply
those, s
Francois Gervais via Gnupg-users wrote:
> Would the SIGCONT be the source of my problem?
No, not at all. It's completely normal.
You need to locate the place where it fails.
* * *
FYI, we have a ticket for signing SSH CA by Gnuk Token.
https://dev.gnupg
ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
> I was attempting to figure out what the 'canonical' way of clearing a
> Yubikey's cached PIN is.
Clearing the authentication status is supported in scdaemon (in the
lower level), but there is no good way by command line.
If you don't care about using a kind of develper's to
Hello,
Patrick Brunschwig wrote:
> gpg reports the following error:
>
> gpg: agent_genkey failed: Invalid flag
> gpg: key generation failed: Invalid flag
> [GNUPG:] ERROR key_generate 16777288
> [GNUPG:] KEY_NOT_CREATED
>
> Any idea what could be wrong here?
The error is from libgcrypt. I think
Matthias Apitz wrote:
> On the old system where GnuPG is 2.2.12, the 'gpg2 --card-status' says:
>
> $ gpg2 --card-status
> Reader ...: 04E6:5816:55511725600891:0
> Application ID ...: D2760001240102010005532B
> Version ..: 2.1
> Manufacturer .: ZeitControl
> Serial numb
Andreas Ronnquist wrote:
> I have a problem on Debian unstable (running in Virtualbox), running the
> Xfce desktop -
>
> I have my gpg key on a card (a Librem key, which basically is a
> Nitrokey) when using pinentry to enter the card password, I first have
> to press my mouse on the screen (or a
Dirk-Willem van Gulik wrote:
> During a pretty standard create key; key to card cycle (scripted) - I got an
> error
>
> gpg: OpenPGP card not available: Card removed
>
> just after the ‘save’ in the —edit-key. A subsequent status check gives me:
>
> gpg2 --card-status
> gpg: Open
Hello,
Horst Skatmus wrote:
> The only problem I have is that the gpg-agent always checks for the
> smartcard even when keys are not stored on a smartcard.
When gpg-agent works as ssh-agent, it always checks (possible)
authentication key on smartcard, so that the authenticaiton key (when
availabl
Brennecke, Simon wrote:
> I have a question regarding the interaction of SSH with gpg-agent
> (and possibly also gnuk).
[...]
> So I generated a new ECC key in gnuk, imported the public keys in gpg.
> Added the keygrip everything to "~/.gnupg/sshcontrol"
Just FYI, for smartcard, adding a keygrip i
alejandro Cortez wrote:
> gpg: public key decryption failed: Invalid ID
This means that something goes wrong in your private key file for
your token, I suppose.
> Can anyone help debug this?
You can see more information, by following command line:
$ gpg-connect-agent "KEYINFO --list" /bye
Chris Horry wrote:
> I also created an Authentication subkey for my other PGP Key, the only
> difference being it's not on my Yubkiey but in my regular keyring with
> Kleopatra. This same key works just fine on my Linux boxes when I use it
> for authentication between them but not in Windows. Pu
Madhav Narisetty wrote:
> Can someone let me know the GPG 2.1.0 compatibility Metrix for
> Unix(Solaris/Linux/HP Unix).
> Also, I would require installation binaries and steps on Solaris / Linux
> and HP UX systems.
For GNU/Linux, distributions offer binaries for GnuPG. These days,
GnuPG 2.1.x/2
mlnl wrote:
>> gpg: signing failed: Invalid length
>> gpg: make_keysig_packet failed: Invalid length
>> Key generation failed: Invalid length
>
> tested & confirmed with GnuPG 2.2.10, libgcrypt 1.8.3 Debian Stretch 9.5
Not reproducible here (similar on Debian Stretch).
I tested with no configura
Hello,
john doe wrote:
> I'm willing to confirm that but I'm not sure how I would do that!?
I am considering a patch like following. If you can build GnuPG for
Cygwin, you can try. Or, you can ask Cygwin's package maintainer for
GnuPG.
The patch is: Don't try to look the error code, but fallb
Werner Koch wrote:
> ... on Windows. Actually I developed the fallback on Windows becuase
> there it is easier to install the Tor browser. Anyway, Gniibe probably
> found and fixed the problem in our DNS resolver. I suggest to wait for
> the next release - probably next week.
That's not for Cy
Hello,
Sorry, my explanation was not accurate. In the Tor-mode of dirmngr, it
uses the port 9050 at first. And there is some code to fallback to the
port 9150. It's like:
libdns_switch_port_p (gpg_error_t err)
{
if (tor_mode && gpg_err_code (err) == GPG_ERR_ECONNREFUSED
Hello,
Why not Curve25519, if you use ECC?
Damien Cassou wrote:
> curves and (2) Bernstein’s Curve 25519 is hard to protect against side
> channel attacks when being implemented in embedded devices.
Quite interesting opinion. I wonder what kinds of side channel attacks
are discussed there. We
john doe wrote:
> Now, the next step is to configure dirmngr to do the same!:
>
> dirmngr.conf:
>
> use-tor
> http-proxy socks5://localhost:9150
Only "use-tor" is needed, then, dirmngr connects to localhost:9150 for
Tor.
--
___
Gnupg-users mailing lis
Hello,
Thank you for your report. I think I located the issue of migration.
Phillip Susi wrote:
> I just noticed that I do have a bunch of key files in
> ~/.gnupg/private-keys-v1.d, even though gpg -K does not show them.
>
> Ahah, gpg -K -v shows them... it seems to think they are all expired.
Hello,
While learning Chinese language, I found this service (in Chinese):
http://www.pcbcopy.com/2016/ic_1128/1928.html
IIUC, It's a company in ShenZhen, which offers a service reading out
from protected STM32F103, even if it uses anti-tamper feature with a
battery.
I was aware of similar
Hello,
If I understand correctly, you put:
your primary key to the OPENPGP.1 on card.
your subkey of SEA capability to the OPENPGP.2 on card.
your subkey of A capability to the OPENPGP.3 on card.
In this configuration, the OPENPGP.2 key on card is only for decryption.
Yo
Hello,
Thanks for your report.
Dirk Gottschalk via Gnupg-users wrote:
> gpg outputs the wrhon keygrip with --card-edit --with-keygrip. The
> output is:
[...]
> As you see, it returns the same grip for enc. and auth. key. This is
> wrong and "gpg2 -K --with-keygrip" returns the correct Keygrips.
Dirk Gottschalk via Gnupg-users wrote:
> I asked this Question a while ago, but unfortunately didn't get any
> response. So, I ask again and I'm in hope that somebody here knows any
> Answer to this. I just want to know if the cards do not support it, or
> is somebething wrong with my setup?
Most
Gabriel Augendre wrote:
> Whenever I need to sign a git commit, I need to plug my Yubikey in and
> type the pin code. That works perfectly just after logging into my
> session, but if the computer goes to sleep (that's my guess, not sure
> about that) and I wake it up and try to sign another commi
Matthias Apitz wrote:
> Floss-shop.de sent me a new OpenPGP Card V3.3. It shows the same
> problem, see the log below. What should I do now? Send the USB-reader
> and the card back to them? I'm clueless
All that I can say is:
The reader has features which should work well for OpenPGP card wi
Hello,
It seems that your smartcard is not working at all.
Possibly, bricked.
The log says (I removed the timestamp and process name):
> DBG: ccid-driver: CCID submit transfer (83): 0
> DBG: ccid-driver: PC_to_RDR_IccPowerOn:
> DBG: ccid-driver: dwLength ..: 0
> DBG: ccid-driver: bSl
Matthias Apitz wrote:
> After a power-off reset of my laptop the OpenPGP Card seems to be
> damaged. The pcscd can't read the card anymore. It gives up with:
>
> ...
> 6225 commands.c:244:CmdPowerOn Card absent or mute
> 0052 ifdhandler.c:1213:IFDHPowerICC() PowerUp failed
> 0017 event
Hello,
Werner Koch wrote:
> @gniibe: Do you have any more up to date information on macOS and
> smartcard readers?
If possible, I recommend to use GnuPG's in-stock driver to access
smartcard. It is direct access by libusb, not using PC/SC service.
For GNU/Linux, if you don't have any other use
Hello,
I think that you have some different Pthread library in /usr/local.
Henry wrote:
> /usr/local/include/pthread.h:357:18: error: conflicting types for
^^^
I wonder if you have installed GNU Pth. Please try without Pth.
--
___
Gnupg-u
Hello,
Phil Pennock wrote:
> gpg --with-colons --with-fingerprint --with-subkey-fingerprint
> --with-secret --list-keys
[...]
> $ grep '^open(' strace.foo | sort | uniq -c
> [...]
>3382 open("/home/pdp/.gnupg/pubring.kbx", O_RDONLY) = 10
> 1 open("/home/pdp/.gnupg/pubring.kbx", O_RDO
Seby wrote:
> Basically use gnupg without a keyring or trustdb. And the pass the armored
> pgp public key with each command and operation.
AFAIK, such a usage is not supported by GnuPG.
Well, I would imagine some use cases when we want to avoid any
dependency to specific user's configuration, ke
Matthias Apitz wrote:
> The produced log is:
>
> $ cat ../AppData/Local/VirtualStore/Windows/SysWOW64/scdaemon.log
[...]
> 2017-11-21 08:24:04 scdaemon[3868.2] DBG: enter: apdu_open_reader:
> portstr=(null)
> 2017-11-21 08:24:04 scdaemon[3868.2] detected reader 'Broadcom Corp Contacted
> SmartCa
Seby wrote:
> I am running 2.3.0-beta82. I tried to search for this error and I
> could only find clues that lead to gpg-agent, but # gpg-agent --help
> doesn't allow me to disable it. What is the good approach here?
Please update your installation.
IIUC, you are talking about (old version of) g
Hello,
Ralf wrote:
> I generated keys on a Nitrokey and have chosen the option to make an
> off-card backup of the encryption key:
>
> gpg: NOTE: backup of card key saved to
> `/home/archi/.gnupg/sk_26D728A8F09033F1.gpg'
If you want to know the detail, this means that the encryption key is
gen
David Mandelberg wrote:
> I'm using gpg-agent with Yubikeys configured to require a physical touch
> before performing operations. Is there any way to get gpg-agent to
> display something on screen when it's waiting for me to touch the
> Yubikey? (Otherwise, I sometimes don't realize it's waiti
Philip Jackson wrote:
> I created the scdaemon.conf file as you suggested and then ran a decrypt
> test :
Thank you.
> Perhaps there is something you can see which explains the problem ?
As far as I can see, it looks like no problem of scdaemon, but card
failure.
Here is the decrypt operation
Philip Jackson wrote:
> I have the log file which I attach.
>
> It shows a number of reports of the same error (lines 89,91,97,99,101)
> ERR 83886254 Unknown option , before it asks me for the pin
> (line 111). It says 'confidential data not shown' three times but I only
> entered the pin once.
Stefan Claas wrote:
> I could imagine that no one will do this, because if you have no
> private key for "your" public address (according to your reply),
> you have no control of that address, like spending/ sending
> BTC from this address.
Sorry about my vague description.
As a subkey of 0x00B4
Stefan Claas wrote:
> just wondering if there is an easy way to generate a Bitcoin secret key
> from a GnuPG secp256k1 secret key. If so, how would you do that?
I don't know about secret key conversion.
In the past, I did something for public key:
https://lists.gnupg.org/pipermail/gnupg-de
Hello,
Matthias Apitz wrote:
> The script 'scd-event' is only invoked on card removal (I do just en
> echo of the args):
[...]
> A card insert is only seen *after* some agent requires something, for
> example the SSH client needs access to the secret key on the card;
Right. Scdaemon only watche
Hello,
Thank you for your report.
"Yuriy M. Kaminskiy" wrote:
> When I tried to rebuild gnupg2 2.1.21-2 debian package from
> experimental in pbuilder, I got a number of sigsegv's from scdaemon
> while running tests:
[...]
> Annoyingly, test-suite does not catch this as error, it has not left an
Philip Jocks wrote:
> gpg: error getting version from 'scdaemon': Not supported
> [GNUPG:] CARDCTRL 6
This is due to my badness. I wrongly assumed everyone uses smartcard.
:-)
> Is there anything else we can try?
Here is my fix:
https://dev.gnupg.org/rGa8dd96826f8484c0ae93c954035b95c2a75c80
Dustin Rogers wrote:
> In fact the native support for smart cards does not seem to support
> network attached HSM "virtual tokens" devices at all. It could be
> possible that I need to specify the local port the installed HSM agent
> is running on, but I dont think I will be that lucky.
No, scdae
"Rogers, Dustin" wrote:
> I have recently installed gnupg 2.1.20 from source on a centos6.8 box.
What's the configure option? Did you enable smart card support with
libusb?
> [root@system1 ~]# gpg --card-edit
>
> gpg-agent[5158]: DBG: chan_8 -> OK Pleased to meet you, process 5159
[...]
> gpg-a
Steve McKown wrote:
> Can someone explain why ssh after sign asks for the passphrase again,
> and what I might be able to do to avoid this condition? It's not a big
> deal, but I do wonder if it suggests a misconfiguration on my part.
It is not misconfiguration. It is expected behavior.
Please
NIIBE Yutaka wrote:
> Well, I concluded that it is not worth (for me) to try to integrate U2F
> feature into Gnuk.
While I am open to discussion, my current position is that it is better
for Gnuk not to integrate the U2F feature. I'd rather prefer separate
implementation of U2F
llowing commits.
-
8b6c0bae33bdc36892f4595806665ce61f77dfd2
Author: NIIBE Yutaka
CommitDate: Fri Sep 2 13:41:19 2016 +0900
agent: invoke scdaemon with --homedir.
-
4e41745b3ea3bb8ffc50af6bafeb1de9c928812f
Author: Werner K
Adam Sherman wrote:
> But, scdaemon seems more stubborn, and doesn't respect gpg2's homedir
> option. And trying to start it manually, beforehand, with the --homedir
> option, fails with:
For your information, this is fixed in 2.1. If you will have a chance,
please try version 2.1.
--
NIIBE Yutaka wrote:
> I think that the CCID driver has a bug for TPDU handling for time
> extension from the card.
I confirmed that the problem can be reproducible with Gemelto card
reader (TPDU exchange).
The problem is that OpenPGP card (2.0 or 2.1) needs time out detection
of 43 seco
Szczepan Zalega | Nitrokey wrote:
> Same is occurring on latest GPG 2.1.19. Attached logs taken under Arch
> Linux. Any ideas how to fix it?
I have read the log which you attached on Monday.
I think that the CCID driver has a bug for TPDU handling for time
extension from the card.
This problem
Werner Koch wrote:
> Frankly, I don't really understand the use case for U2F? Why not using
> plain user certificates which is supported by browser and servers for
> ages? Is that because the web frameworks don't have good support for
> this?
Scalability, and some (or the) trust model which sup
Thomas Jarosch wrote:
> regarding limited resources, the Yubikey people did a fine trick:
> There is no per-website data stored on the Yubikey. So the amount
> of websites you can use a single FIDO U2F key for is unlimited.
>
> See "Limited storage on device" for details:
> https://developers.yubi
Hello,
Thanks a lot for your explanation.
Glenn Rempe wrote:
> Well, the attestation key would be checked by the server side process
> right? And that is optional to check (but perhaps not optional to
> send). So you probably would need to ask those that are integrating
> U2F as a server auth me
Hello,
Let me ask a question about U2F. Or, more generally, possibility to
enhance GnuPG for web authentication.
While I maintain scdaemon of GnuPG and develop Gnuk (an OpenPGPcard
implementation), I sometimes am asked about U2F support, these days.
(I think that this is due to Yubikey.)
IIUC,
Hello, again,
David Gray wrote:
> dave@dave-VirtualBox:~/.gnupg/crls.d$ dirmngr --debug-all --fetch-crl
> http://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl
Reading the code of dirmngr, I think that --fetch-crl (or dirmngr-client
--load-crl) doesn't work well for a CRL
Hello,
David Gray wrote:
> At the same time, I'm curious as to why the Ubuntu installation is
> validating the certificate as 'good' while the Windows installation is not -
> is this just because the Ubuntu installation was able to successfully
> validate the certificate in the past (presumably w
Hello,
Thanks a lot for your report in detail, in the style which I can replicate.
I'm afraid you are facing same issue what I encountered in 2011.
CHANGE REFERENCE DATA (OpenPGP card specification 2.0):
https://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
Hello,
Fib Moro wrote:
> I start gpg in "--edit-key" mode.
> Then I select a subkey I want to move to the card by issuing command "key 1".
> After the "keytocard" command it asks me where to store the key for which I
> choose option 1 signature key.
> It then prompts me for the privat key passph
Hello, again,
I found a bug in GnuPG 2.1.18 for factory-reset command handling (it's
not in 2.1.17 or older), I fixed it today.
Then, I tested my OpenPGP card 2.1.
Let us fix a thing one by one. First, the Reset Code handling.
Fib Moro wrote:
> It doesn't even get to the point where it prompt
Hello,
Since I got 2.1 card last week, I will test with it. For time being,
I say something what I know of.
Fib Moro wrote:
> I can then successfully change the PIN as well as AdminPIN.
>
> However, when I try to write a key to the card (gpg --edit-key xxx;
> keytocard) I
> get a message "Erro
Hello,
"Dr. Basil Becker" writes:
> Authentication and signatures work like a charme. I'm only having
> problems concerning the decryption of mails I received.
[...]
> Some messages, however, fail to decrypt:
> bb@melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message-fail.txt
> gpg: armor: BEGIN
Hello,
chris.p...@gmx.de wrote:
> With GnuPG 2, signing, encrypting and decrypting a file works without
> any problems. With 1.4, I can encrypt and sign a file, but I can't
> decrypt it. It's failing with the message:
[...]
>
> gpg: public key decryption failed: general error
> gpg: decryption fai
Hello,
Thank you for your report in detail.
chris.p...@gmx.de wrote:
> The commands gpg --card-status and gpg2 --card-status seem to display
> mainly the same things, the only strange line is "Key Attributes" at
> GPG 1.4:
gpg 1.4 can use gpg-agent by the option use-agent. I think that you
enab
Hello,
Elizabeth Ferdman wrote:
> I'm interning for the PGP Clean Room and am trying to get an OpenPGP
> Card reader. Kernelconcepts is offering a SPR332 which is the successor
> to the 532. According to this page, though,
>
> https://wiki.gnupg.org/CardReader/PinpadInput
I wrote this page, when
Peter Lebbing wrote:
> For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see
> the following:
>
> - Card reader is plugged in but no card or different card present in reader:
>
> I am prompted to insert the correct OpenPGP card. Once I do this and
> okay the prompt, decryption i
Luis Ressel wrote:
> since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning:
> using insecure memory!' (and hence refuses to run, since my config file
> includes 'require-secmem').
>
> Any hints for debugging this issue would the greatly appreciated.
I think that you need to debug
sivmu writes:
> it seems using those specific devices actually decreases
> security, assuming it is easy to manipulate specialised vendors of
> security hardware compared to manipulating electronic hardware in general.
Exactly, that's my point. This is the reason why my approach of Gnuk
and NeuG
On 12/15/2016 08:03 PM, unknown wrote:
> i've made a keypair with a comment in the userID. Is it possible to
> delete this part of the key or do I have completely delete the key and
> make a new one?
> I also uploaded it to the sks keyserver. What effect will it have on the
> keyserver?
Please not
sivmu wrote:
> One question remaining is what is the difference between the openpgp
> smartcard and the USB based tokens.
I think that the OpenPGP card (the physical smartcard) is included in
Nitrokey Pro USB Token. So, it's exactly same from the view point of
smartcard.
When you want to use a
Hello,
I work for my own TRNG implementation. I realized that the point is:
We should collectively control things so that none can control a
sequence of random bytes. --- (*)
Second "control" in (*) includes guessing, predicting, or knowing, not
only manipulating directly/indirectly.
On 10/19/2016 12:40 AM, Stephan Beck wrote:
>> FSIJ Gnuk Token
>> USB ID: 234b:
Ah... This is not a card reader. It is the project of Free Software
Initiative of Japan (FSIJ) since 2010. FSIJ acquired USB vendor ID,
specifically for this project. Please visit:
https://www.fsij.org/cat
Sorry, I didn't have time to reply your call the other day.
I think that Gemalto Shelltoken Card Reader, which is available
at http://shop.kernelconcepts.de/ is good one.
Please note that OpenPGP card requires specific card readers. Its
users usually use RSA-2048, RSA-3072, or RSA-4096. For tho
On 10/13/2016 12:36 AM, John Lane wrote:
> I just wanted to bring this to your attention because I think it is related.
Thank you. Actually, I have a problem like that, everyday (literally).
> I tried from a sudo with the tty ownership corrected but it didn't work.
>
> So I ran an agent with so
1 - 100 of 227 matches
Mail list logo
