ttps://www.funtoo.org/Keychain
- a couple of patches that we apply to the Debian packaging:
-
https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/malformed-ssh-key.patch
-
https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/empty-ssh-askpas
er all these complications
and all these newly-devised communication protocols are indeed worth it.
Once again, not saying that the answer is always "no", but, well...
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://peop
On Sat, May 16, 2020 at 04:55:11PM +0300, Peter Pentchev wrote:
> On Sat, May 16, 2020 at 01:36:10AM +0200, Stefan Claas wrote:
> > Peter Pentchev wrote:
> >
> > > On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> >
> > > > You know what,
On Sat, May 16, 2020 at 01:36:10AM +0200, Stefan Claas wrote:
> Peter Pentchev wrote:
>
> > On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
>
> > > You know what, the most interesting thing of this ML for me is that
> > > when people, do a reque
On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> Peter Pentchev wrote:
>
> > On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
>
> > > Mind you, I have only asked that GnuPG should support the import and
> > > processing of UID-l
On Fri, May 15, 2020 at 10:33:12PM +0300, Peter Pentchev wrote:
> On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
> > Robert J. Hansen wrote:
> >
> > > > We now have the situation that either parents or teachers, etc. can
> > > > choose b
uth), his position is that
there is no reason for this violation to exist at all, there is no
reason for UID-less key blocks to exist at all, so GnuPG is quite right
in following the OpenPGP standard and not accepting them.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@debian.org p..
On Fri, May 08, 2020 at 01:27:22PM -0400, Barry Smith wrote:
[formatting fixed, top-posting still considered weird]
> On Thu, May 7, 2020, 11:00 Peter Pentchev wrote:
>
> > On Thu, May 07, 2020 at 07:33:06AM -0400, Barry Smith via Gnupg-users
> > wrote:
> > [forma
rt of even the information that is stored in the keyring,
not to mention the information that is exported as a certificate
(what most people think of when they say "my public key")?
There are user IDs, there are self-signatures, there are
signatures from other parties that let you actually t
hat the Debian package of pinentry needs so that it can
build properly with full support for all the backends. You might
consider installing at least some of them.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP key:http://people.FreeBSD.o
erver from a list). But I can't
> remember the name either, and I couldn't come up with search terms to
> find it with a search engine.
parcimonie?
https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
(although I'm having some trouble connecting to the webserver right n
r months and the owner will
honestly not notice that (the system that the key resides on may not even
have been powered up for months).
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Ke
On Tue, Sep 16, 2014 at 04:01:27PM +0100, Nicholas Cole wrote:
> On Tuesday, 16 September 2014, Peter Pentchev wrote:
>
> > On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> > > Can anyone explain to me why one would want to continue using a key
> > >
42416973C0BB28
:public sub key packet:
:signature packet: algo 1, keyid A642416973C0BB28
[roam@straylight ~/tmp/v/roam/pgp]$
The 15th line of the output is ':public key packet:'.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP
On Thu, Oct 03, 2013 at 02:33:32PM +0300, Peter Pentchev wrote:
> On Wed, Oct 02, 2013 at 09:46:24PM -0700, mightymouse2045 wrote:
> > Hi there,
> >
> > I'm wondering if gpg2 can be used to encrypt a file using a keyfile. The
> > term keyfile is used to refer to
not have to use the standard input for this; some
shells will allow you to open a new file descriptor for reading from a
file:
gpg -d --passphrase-fd 7 somefile.doc.gpg 7< keyfile.txt
Hope this helps!
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.
On Fri, Sep 27, 2013 at 05:33:59PM +0300, Peter Pentchev wrote:
> On Fri, Sep 27, 2013 at 09:58:35AM -0400, Paul Taukatch wrote:
> > Really appreciate the help and the quick response!
> >
> > I just wanted to clarify, where exactly is the public key information
> >
d skey[1] in
the secret key packet are exactly the same as pkey[0] and pkey[1] shown
when you --export | --list-packets (so GnuPG shows you the public key).
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/
ot; and not "OpenPGP
keys" because, unless I am gravely mistaken, both the V3 and V4 key
formats were designed before (okay, V4 was almost at the same time as)
the OpenPGP Alliance was formed.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PG
en you should match the first bytes of the packet itself; it would
probably start with a 04 (version) xx yy zz tt (timestamp), algorithm,
etc.
Hope that helps :)
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP key:http://people.FreeBSD
On Wed, May 01, 2013 at 03:44:09PM +0300, Peter Pentchev wrote:
> On Mon, Apr 29, 2013 at 09:29:58PM +, Henry Hertz Hobbit wrote:
> > On 04/29/2013 02:43 PM, M Russell wrote:
> > > Hello,
> > >
> > > I hope someone might be able to lend me a hand. I am
there any chance that your home directory is remotely mounted using NFS
or some other remote filesystem protocol for which your kernel does not
really support file locking? (I have seen quite some usage of user home
directories exported via NFS in shared environments, e.g. universities)
If it is NFS
ized messages, weird characters that might be mistaken
for parts of messages, etc.
Of course, for writing programs that interface with GnuPG, it's best
to go all the way and use GPGME, but for some simple tasks the output
of --with-colons is exactly right.
I didn't know about --fi
e enough,
although most mailservers will retry in less than an hour), the gnupg.org
server will accept your message and everything will be just fine.
Of course, the gnupg.org mail admins are free to jump in and correct me :)
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p
ut the strength measure it provides is nearly
> > meaningless. It assumes 8 bits of entropy per symbol, which is, as
> > Aaron pointed out, wrong. Suggested readings:
> > https://secure.wikimedia.org/wikipedia/en/wiki/Entropy_%28information_theory%29,
> > https://secure.wiki
packet" lines, get the key IDs and
possibly pass them through another round of "gpg --list-keys --with-colons"
or something.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com
PGP key:http://people.FreeBSD.org/~roam/roam.ke
7.1
(String-to-Key (S2K) Specifier Types) it would seem that the answer to your
question is yes, the S2K count is stored in the secret key packet.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.a
his automatically
and recursively :) (okay, so you fetch the keys that signed this key, now
what about the signatures on them - do you fetch them too? and the sigs
on those again? when do you stop?)
G'luck,
PEter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com
P
possible to force pinentry
> dialogs to allow pasting from the clipboard? Secondly, is it possible to
> force the CLI to use an alternate pinentry (say, pinentry-curses) or some
> other method to populate an existing gpg-agent with a cached passphrase?
G'luck,
Peter
--
Peter Pentchev r
rt explanation ;) The real problem is actually MS
> Outlook and its default settings.
And (as pointed out even on this thread), lately, also GMail and
its default settings.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com
PGP key:http://pe
ryption, so that the information about
the compression algorithm used is contained within the encrypted data.
You may still give it a shot with --list-packets, but don't expect
too much :)
Hope that helps.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.
igs, does shortening
> it the way you have work or does the full option name need to be used?
All the GnuPG command-line commands and options may be abbreviated to
a unique, unambiguous starting part of their names. Try gpg --clearsi
or gpg --cl, for instance :)
G'luck,
Peter
--
Peter Pe
that would mean
the recipient would have to know exactly how to decode it.
G'luck,
Peter
--
Peter Pentchev r...@space.bgr...@ringlet.netr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 455
On Fri, Oct 08, 2010 at 12:24:17AM +0100, Lee Elcocks wrote:
[snip]
> ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o
> "C:\encryptedfiles\%F.pgp"
Erm... on this line, where are you telling GPG to actually encrypt the %F file?
G'luck,
Peter
--
Peter Pentche
mmetric filename") useful to you?
G'luck,
Peter
--
Peter Pentchev r...@space.bgr...@ringlet.netr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
Hey, out there - is it *you* reading
Start from http://code.google.com/p/sks-keyserver/
I don't know if anybody has made an RPM of that; probably somebody has,
but I'm not familiar enough with the various RPM distribution channels
to check :)
G'luck,
Peter
--
Peter Pentchev r...@space.bgr...@ringlet.netr...@fr
e this keyring,
so it's still not perfect.
It's quite possible that there are simpler ways, I just can't think of them
right now :)
G'luck,
Peter
--
Peter Pentchev r...@space.bgr...@ringlet.netr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.a
tter yet, a key ID instead of "Bob" to the -r option;
and you can specify which key to sign with using the -k option if you have
more than one secret key on the GnuPG installation where you're running this.
Hope this helps.
G'luck,
Peter
--
Peter Pentchev r...@space.bg
ryption key - and, in the case discussed, for
each encryption subkey of each recipient's key.
Well, of course, if you're encrypting a single-byte message,
the overhead might be detectable... :)
G'luck,
Peter
--
Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org
" ] &&
expr "x$gpg_agent_pid" : 'x[0-9]*$' > /dev/null; then
if pgrep gpg-agent | fgrep -qw "$gpg_agent_pid" > /dev/null; then
gpg_agent_running='1'
fi
fi
if [ -n "$gpg_agent_running" ]; the
On Wed, Nov 25, 2009 at 01:44:35PM +0200, Peter Pentchev wrote:
> On Tue, Nov 24, 2009 at 12:16:29PM -0500, David Roundy wrote:
> > Hi all,
> >
> > I've been searching and searching, and have failed to find any
> > documentation or tutorial that indicates the prop
en you do that, gpg
will output something like the following to file descriptor 1 (stdout):
[GNUPG:] SIG_ID eLbkcOT0G/i0ugaTvtB5kkRMJc0 2009-11-25 1259148663
[GNUPG:] GOODSIG 651EEFB02527DF13 Peter Pentchev
[GNUPG:] VALIDSIG 2EE7A7A517FC124CF115C354651EEFB02527DF13 2009-11-25
1259148663 0
ect different UID's one after
> another just by pressing the number followed by return/enter and then
> the following UID?
But he still has to issue the same command several times after
selecting each and every UID in turn. "uid *" could indeed be
a useful feature, although
> gpg -u 5E95FE19 -d 00poap/gpg
>
> Can you help me plz.
That should be "gpg -k 5E95FE19 -d 00poap/gpg", not "-u".
Either use -u 'Real Name' or -k keyid; in this case, 5E95FE19
is the key ID, not the user ID attached to this key.
G'luck,
Peter
--
P
such as
the "info" or "pinfo" command-line tools.
If that's not what you mean by "UNIX API documentation for GPG",
you'll have to explain a bit better what you are looking for :)
Hope that helps.
G'luck,
Peter
--
Peter Pentchev r...@ri
aries instead of a single image.
Errr, unless I'm badly mistaken, gpg-agent doesn't come with GnuPG 1.4.x
and to build and use it, you need some of those component libraries.
And, at least for me, gpg-agent is a very, very comfortable and
convenient tool.
G'luck,
Peter
--
e-style shells;
for tcsh, you might need to resort to testing for ($?prompt), indeed.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B6
connect after something happened to the network and
you simply didn't notice? :>
G'luck,
Peter
--
Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B6
ith the --import, --import-secret-keys, and
--import-ownertrust options.
Still, for the present, all keyrings on all versions of GnuPG seem
to be compatible, so, *for the present*, it is easier to just copy
the files over. The whole point is, that's not guaranteed to work
forever :)
G&
ontaining whitespace or special characters! Also, the use of
"echo ... | gpg" makes it susceptible to a "ps awwfux" attack whereby
somebody who runs a "ps" command on the right server at the right time
might see the arguments to the "echo" command in the proces
might want to
take a look at the SKS source to see how things are done.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
I ha
, let's just say "bad" :)
Less: have you actually bothered to check the result of either
"gpg --verify ... | grep -v" or "gpg --decrypt ... | grep -v" ?
In both cases, gpg sends the status information to the standard error
stream, NOT the standard out
ll.
This is also true.
> Try running the "env" command from BPEL and review the results. Pay
> particular attention to the contents of $SHELL, $HOME, and look to see
> if $GNUPGHOME is present and set as expected.
Yep, this is the only way to be sure.
G'luck,
he capability to test if a file exists; granted, I've not looked at
the extensions to the MS-DOS batch file language since sometime
around version 4.0 or so, and my memories are a bit stale.
For the full discussion, take a look at
http://lists.gnupg.org/pipermail/gnupg-users/2008-November/035022.
On Mon, Oct 06, 2008 at 12:35:48PM +0300, Peter Pentchev wrote:
> On Thu, Oct 02, 2008 at 05:01:39PM -0500, Duwaine Robinson wrote:
> > Hi All,
> >
> > Is there a way to get GnuPG to complete encryption, if there is at least
> > one valid public key specified? I am tr
ur programming language's text processing
capabilities to extract the fifth field of the "pub" lines that contain
an "E" character in the twelfth field :) All of them will identify
valid public keys that GnuPG can actually encrypt to (the uppercase 'E'
signif
ogin
> is required to access them... so no doubt, even if gmail doesn't search
> the message's content, google, yahoo, msn, and all other searchers
> surely have indexed them with their robots... unless there is a
> robots.txt file stopping them... but it won't stop any ba
similar on most Linux distributions).
Of course, shar wants to encode the binary data and thus makes the file
a bit bigger than just a binary blob, but this is actually a good thing
in view of all the weird and wonderful (not!) ways that various shells
treat "special", "graphica
ke "find / -print0 | xargs -0 cksum", but that,
of course, assumes that the kernel will gather entropy from the disk.
> There is a good article on entropy gathering on Linux (I'm assuming
> you are running Linux here) at http://lwn.net/Articles/283103/
Aye, this is a goo
ke a shell and pass it this command
with the redirections, or you may fork off a process and reopen its
file descripts 0 and 1, or...), but that's the general idea.
Hope that helps.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PG
d access to the user's account.
True, too, except that an attacker with access to your account really
does have at least seven ways (that pop up in my mind without even
thinking too hard) of replacing the gpg or pinentry or whatever
binaries without you noticing *at once*.
G'luck,
Peter
s user";
every time this user wants to hash a password, the system generates
a random salt value and hashes this particular password, just this once,
with this value.
Hope that helps :)
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP k
ackdoor", not "trapdoor",
when you are speaking about cryptography - because, strictly speaking,
GnuPG *does* implement various trapdoor algorithms, but that is actually
a very, very good thing :)
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][
course,
if the "compressed packet" and "literal data packet" are present, the
decryption was *most probably* successful... but ICBW, and it is much too
late at night for me to actually check the GnuPG source to see if it is
possible for it to display a "literal data packet&
e Vitria execute it instead of the actual gpg
binary. As a result, each time Vitria tries to run GnuPG, you'll get
two files in the /tmp/gpg directory containing the data that gpg sent to
its standard output and its standard error streams, and the exit code.
If this does not help a whole
ng" | gpg --print-md SHA512
>
> is what you're looking for?
...or, certainly, echo -n "some string" if you want just the string
without the terminating newline :) At least on most POSIX-like systems,
that is.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTE
ed gpg-agent (admittedly v1.9.21) correctly invokes pinentry-mac,
> reading the GUI bundle information correctly.
>
> It needs more work to achieve a tidy solution - especially since the
> location of pinentry-mac is fixed and it fails to pass any command line
> arguments.
The above wi
(GnuPG should do that as part of
the key generation anyway), sign it with your own key, and send the
public key to the others. They should generate keys for their web apps
too, sign them with their own (developers') keys, and send them to you.
Then each of you establishes his own trust
the doc/DETAILS file, and see
if the method described there works for you. I just tried it with
GnuPG 1.4.6, and it worked just fine here.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.a
ht not be quite in the feasible range - I'll leave
that for others to judge - but it does seem pretty dramatic to me.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint
ified as either a key ID or an e-mail address
(if it is unique in the public keyring).
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B6
s PKCS#11 module...
Hate to jump into this discussion, but isn't this *exactly* why Werner
always keeps mentioning *shared* libraries? :)
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roa
/dev_docs/instructions.html#win for how to
> install it.
Hate to point out the obvious, but unfortunately, it just might be that
Berend canNOT control whether his coworkers also use OpenOffice or MS
Excel, in which case the problem of a coworker opening a signed
spreadsheet and invalidating the
eBSD port of gnupg-1.4.2.
I've reverted to using 1.4.1 for the present.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4
l vulnerable to dictionary attacks on the password.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
"yields falseho
75 matches
Mail list logo
