[OFF-TOPIC] gpg-agent, sshd and/or SELinux (was Re: Get the private portion of subkeys)

e the troubles mentioned at [1]. > > Your subkeys are all stored on a smartcard. The primary key is online. > This is as intended. If you remove the the primary private key > (.key) You should see a '#' mark for the primary key. > > > My private master key is symlin

Re: Get the private portion of subkeys

Hi Alexander, thank you for giving me background information. It really helped, this sentenc was particularly helpful: Alexander Kulbartsch writes: > When you call "gpg --list-packets sec.asc" > I assume you see something like "gnu-divert-to-card, ..." under your >

Re: Get the private portion of subkeys

564ECC > sec.asc you could only export your private [C] key. It is impossible to extract them from the from the smartcard. When you call "gpg --list-packets sec.asc" I assume you see something like "gnu-divert-to-card, ..." under your subkeys, but not under your primary

Re: Get the private portion of subkeys

Thank you both for your answers. I would like to understand why restoring the backup doesn't restore my subkeys. On a fresh ~/.gnupg, I did: $ gpg --list-packets /media/mystick/key gpg: keybox '/home/cassou/.gnupg/pubring.kbx' created # off=0 ctb=94 tag=5 hlen=2 plen=13

Re: Get the private portion of subkeys

Hi Damien! On 28.03.24 08:26, Damien Cassou via Gnupg-users wrote: As you can see, there is a '>' character before each subkey but not before the master key. Someone on the web has a similar setup but doesn't have the '>' before his subkeys [1]. The &qu

Re: Get the private portion of subkeys

On Thu, 28 Mar 2024 08:26, Damien Cassou said: > Is that a problem? Am I missing something important? It seems this > causes me the troubles mentioned at [1]. Your subkeys are all stored on a smartcard. The primary key is online. This is as intended. If you remove the the primary priva

Get the private portion of subkeys

Hi, I have a usb smart card containing my subkeys and my master key is stored offline on a usb disk. When I list my secret keys while the usb disk is plugged in, I get: sec ed25519/0xF72C652AE7564ECC 2018-07-09 [C] [expires: 2027-12-21] Key fingerprint = 8E64 FBE5 45A3 94F5 D35C

Re: Subkeys renewing/expiring strategy

On 5 Jan 2023, at 13:42, Ingo Klöcker wrote: > > GitLab keeps the verification state if a > key is removed, but I added the updated key including the expired subkey. That > was a bad idea because GitLab invalidated all commits signed with the expired > subkey. It is disappointing to see that maj

Re: Subkeys renewing/expiring strategy

On Dienstag, 11. Oktober 2022 19:44:19 CET Ingo Klöcker wrote: > I'm going to experiment with 1-year-validity of the signing subkeys of my > commit signing key. Since I use this key exclusively for commit signing, I > can simply replace it with a completely different key if I

Re: Expiration date of subkeys (retroactive)

On 1 Jan 2023, at 03:49, gnupg-us...@aschoettler.com wrote: > > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting the > expiry date. > How can I retroactively edi

Re: Expiration date of subkeys (retroactive)

On Sonntag, 1. Januar 2023 03:54:21 CET gnupg-us...@aschoettler.com wrote: > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting > the expiry date. > How can I retroactive

Expiration date of subkeys (retroactive)

I have several GnuPG keys which I edited with KGpg. https://apps.kde.org/de/kgpg/ Unfortunately, the subkeys were not taken into account when setting the expiry date. How can I retroactively edit my expired keys and expire the subkeys? Important: I don't want to change the exi

Re: Subkeys renewing/expiring strategy

Am Donnerstag 13 Oktober 2022 15:42:04 schrieb Teemu Likonen: > * 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote: > > Since I was struggling to choose a strategy for expiring/renewing my > > subkeys [...] > > We should ask why do you want to expire (and rotate) your sub

Re: Subkeys renewing/expiring strategy

or services may see expired > signatures as invalid, even though they are valid and I just superseded > them with newer subkeys. > I can think of two choices: either resign all your past commits every time > your subkey expires, I don't think that's an option (at least n

Re: Subkeys renewing/expiring strategy

* 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote: > Since I was struggling to choose a strategy for expiring/renewing my > subkeys [...] We should ask why do you want to expire (and rotate) your subkeys? Maybe you have good reasons but I'll remind of the basic question: why

Re: Subkeys renewing/expiring strategy

tice if you want) to have many expired subkeys in your keyring or constantly bumping the expiry date of one of your subkeys (without creating new ones every time)? > Encryption and authentication subkeys are useless for a commit > signing key, but you may of course use your key also for other

Re: Subkeys renewing/expiring strategy

On Dienstag, 11. Oktober 2022 17:23:49 CEST nect via Gnupg-users wrote: > I started using gpg relatively recently (1 year or so), mainly for > signing git commits, and I am far from mastering it. > > Since I was struggling to choose a strategy for expiring/renewing my > subkey

Subkeys renewing/expiring strategy

Hello, I started using gpg relatively recently (1 year or so), mainly for signing git commits, and I am far from mastering it. Since I was struggling to choose a strategy for expiring/renewing my subkeys (more details below) I decided to seek expert advice (hopefully this is the right place

Re: Presentation. Migration to subkeys

Diez via Gnupg-users wrote: Is it possible "extract" Sign usage from master key an put it into a subkey with the same ID and fingerprint? I'm think no. This email is to verify that, indeed, it is not possible. If I understand correctly, "same ID and fingerprint" would mean that it is *exac

Presentation. Migration to subkeys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello all, I'm new at this list. I'm using OpenPGP with GPG since some years ago, I'm using as "usual way": a pair of keys copying from one device to other. I'm interested in subkeys and offline master key, I'

Question with Subkeys and Yubikeys

subkeys are generated on the yubikey and then signed by the primary yubikey? Also, unrelated question, but I could not find much information on this; on the Yubico website, it says if you call generate on the smartcard >When prompted, specify if you want to make an off-card backup of y

Re: GPG agent forwarding multiple yubikeys with distinct public keys/subkeys over SSH

On Wed, 23 Jun 2021 11:38, Christian Chavez said: > I would like to be able to connect multiple yubikeys representing multiple > opengpg pub/priv key-pairs/identities to the same _client_, and make use of > _both_ on a remote I've SSH'ed to (using one of the yubikeys), without Use gnupg 2.3 and t

GPG agent forwarding multiple yubikeys with distinct public keys/subkeys over SSH

Hi! # Background Ref: https://lists.gnupg.org/pipermail/gnupg-users/2021-June/065212.html, I'm now in a situation where I've got a GPG pub/priv (not subkeys) key-pair used for work-purposes, and one for personal/private purposes (read: separate identities). Each GPG pub/priv key-pair

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

On 2020-12-22T13:31:42+0100 Christian Chavez via Gnupg-users wrote 2.8K bytes: I'm currently helping my workplace test out Yubikeys - to see how/if they could help us with our software development. One expected benefit is to allow developers cryptographically sign Git commits/tags (e.g). I

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

On 22 Dec 2020, at 16:16, Christian Chavez wrote: > Thanks for your reply - but I'm unfortunately lost as to your (what I surmise > is your implied) hypothetical use-case? It is a very common requirement that you find in gov. procurement documents/requirements of cryptographic technology tha

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Nvm, apologies for the spam. I retract my question now after having conferred with a third-party. I understand now your hypothetical scenario - thanks! Does anyone else have any thoughts on the reduced complexity of juggling multiple (sub?)keys vs the security implications of not separating Authe

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Hi Dirk-Willem! Thanks for your reply - but I'm unfortunately lost as to your (what I surmise is your implied) hypothetical use-case? Ref: On Tue, Dec 22, 2020 at 2:56 PM Dirk-Willem van Gulik wrote: > Keep in mind that in some workplaces the building of that trust explicitly > includes the need

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

On 22 Dec 2020, at 13:31, Christian Chavez via Gnupg-users wrote: > My question is based on this awesome answer by Thomas Pornin: > https://security.stackexchange.com/a/43591 > ; > In a work-environment, what benefits does one gain by having separat

Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Hi! I'm currently helping my workplace test out Yubikeys - to see how/if they could help us with our software development. One expected benefit is to allow developers cryptographically sign Git commits/tags (e.g). My question is based on this awesome answer by Thomas Pornin: https://security.stac

Re: Subkeys export to Security Token fails: Secret key available.

> Am 8. August 2020 02:05:44 MESZ schrieb "Ángel": > You had some "full" keys (public+private part). Then "moved" them to > the > Yubikey, so the private part was now in the yubikey, and locally you > left just a stub saying "go look at yubikey #1234 for this key". >

Re: Subkeys export to Security Token fails: Secret key available.

I have a backup of any key. Am 8. August 2020 02:05:44 MESZ schrieb "Ángel" : >On 2020-08-07 at 08:33 +0200, Thomas Schneider wrote: >> All subkeys are marked as Stub which is correct because the keys have >> been exported before. >> However now the keys don

Re: Subkeys export to Security Token fails: Secret key available.

On 2020-08-07 at 08:33 +0200, Thomas Schneider wrote: > All subkeys are marked as Stub which is correct because the keys have > been exported before. > However now the keys don't exist anymore on the keycard. > > Can you please advise how to fix this issue? > > THX

Subkeys export to Security Token fails: Secret key available.

alidity: unbekannt ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: A Card number:0006 ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: S Card number:0006 ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: E Card number:0006 All subkeys are marked as Stub whi

Manipulating primary key and subkeys at once with key *...

Hello, possibly there is a bug present if manipulating a GnuPG key with subkeys attached!? Example: We want to expire validity of primary key and all subkeys. C:>gpg --edit-key 7BF4 gpg> expire This command modifies the date for primary key only, subkeys are NOT affected. BUT:

Re: How do I delete secret subkeys correctly?

> I think you might be misinterpreting the result > you say you are dealing with revoked subkeys. > Unless you specify "--list-options show-unusable-subkeys", > you might not see those in the keylistings even though they are there. You're right! > The gpg binary

Re: How do I delete secret subkeys correctly?

> I was trying to figure out how to do it through the user interface, and > it's pretty clunky, with some scary failure modes. I've opened > https://dev.gnupg.org/T4457 about it. Thank you! > I know that with the version of GnuPG that you're using right now, you > can delete the secret key by le

Re: How do I delete secret subkeys correctly?

On Wed 2019-04-10 17:28:54 +0200, Peter Lebbing wrote: > On 10/04/2019 17:24, Peter Lebbing wrote: >> gpg> delkey > > Sorry, my fatigued head was being silly. That's for deleting the public > part, not the secret part. I don't think I know the way to delete the > secret part when you just want to d

Re: How do I delete secret subkeys correctly?

On 11/04/2019 16:06, Matheus Afonso Martins Moreira wrote: > Public key list confirmed deletion of the subkeys from my public key > but the secret key list still included all my revoked subkeys. Could you provide an example? I find this rather surprising, that -K would ever list more t

Re: How do I delete secret subkeys correctly?

The --edit-key command did work this time. That's weird. I tried this with my original keys and my experience matches what Peter described. When I tried to delkey my original subkeys, gpg deleted the public key packets, leaving the secret keys intact. Public key list confirmed deletion o

Re: How do I delete secret subkeys correctly?

On Wed, Apr 10, 2019, at 5:06 PM, Matheus Afonso Martins Moreira wrote: > I had some revoked subkeys that I was not going to use anymore. > I thought it would be a good idea to delete their secret keys, > so I used the gpg --delete-secret-keys command to do it. > I ended up

Re: How do I delete secret subkeys correctly?

On 10/04/2019 17:24, Peter Lebbing wrote: > gpg> delkey Sorry, my fatigued head was being silly. That's for deleting the public part, not the secret part. I don't think I know the way to delete the secret part when you just want to delete some subkey. Sorry, Peter. -- I use the GNU Privacy Gua

Re: How do I delete secret subkeys correctly?

On 10/04/2019 15:25, Matheus Afonso Martins Moreira wrote: > If not, what is the correct way to do this? $ gpg --edit-key [KEYID] gpg> key N gpg> delkey Where N is the number of the subkey you want to delete; they are numbered 1 for the first one listed and so on. It will indicate with a "*" next

How do I delete secret subkeys correctly?

I had some revoked subkeys that I was not going to use anymore. I thought it would be a good idea to delete their secret keys, so I used the gpg --delete-secret-keys command to do it. I ended up accidentally deleting all my keys instead, including my primary key. I'm trying to learn fr

Re: Identifying one of multiple authentication subkeys

Hi All, I am using the following command gpg --batch --passphrase-fd n and it stops popup which asks for the passphrase. but when I run this command on window server 12 it's not working its always show popup for the passphrase. can someone please help me how can I stop popup on window server 12.

Re: Identifying one of multiple authentication subkeys

On 26/03/2019 09:16, Werner Koch wrote: > This lists all keys allowed for ssh with its keygrip (1234. and the > corresponding ssh fingerprint (SHA256:PTJI). Details as usual by using > 'help keyinfo'. Right, yes, the comment lines in sshcontrol are also really helpful for keys in sshcontrol. I s

Re: Identifying one of multiple authentication subkeys

On Mon, 25 Mar 2019 16:02, pe...@digitalbrains.com said: > But something more user friendly to match SSH fingerprint and keygrip > could be beneficial. I'm not sure what that would look like and neither You can build a script based on this: $ gpg-connect-agent 'keyinfo --ssh-list --ssh-fpr' /b

Re: Identifying one of multiple authentication subkeys

On 25/03/2019 15:45, Werner Koch wrote: > That is on purpose: gpg-agent stores the key permanently and thus it > makes no sense to add and remove it regularly. It might also be "slightly annoying" to remove key material which is also in use for other purposes :-). You remove an SSH key, and sudden

Re: Identifying one of multiple authentication subkeys

On Sat, 23 Mar 2019 16:19, pe...@digitalbrains.com said: > because ssh-add -d doesn't work with gpg-agent. Well, not with the > version in Debian stretch anyway, I reserve the right to be ignorant That is on purpose: gpg-agent stores the key permanently and thus it makes no sense to add and remov

Re: Identifying one of multiple authentication subkeys

On 23/03/2019 13:39, Brian Exelbierd wrote: > How did you import this key? If your OpenSSH private key is .ssh/id_ed25519, and you are running gpg-agent as your SSH agent, it's a matter of: $ ssh-add ~/.ssh/id_ed25519 Any comment on the private key that was already there (presumably through ssh-

Re: Identifying one of multiple authentication subkeys

Hi Peter, Your help has been amazing and very useful. I was re-reading this answer and I noticed the comments below: On Sat, Mar 16, 2019, at 11:12 AM, Peter Lebbing wrote: > (By the way, as you can see in the ssh-keygen output, my key actually > has a comment field in the gpg-agent. It was im

Re: Identifying one of multiple authentication subkeys

On 17/03/2019 13:17, Brian Exelbierd wrote: > Having done no code examination, I feel like this is where the > identity information for subkeys comes into play. I presume the SSH > request would pass the value of the identity file to the gpg-agent. > This is probably 100% wrong though

Re: Identifying one of multiple authentication subkeys

hes. But I can reproduce > this problem. > > I don't know a satisfactory solution to this. Having done no code examination, I feel like this is where the identity information for subkeys comes into play. I presume the SSH request would pass the value of the identity file to the g

Re: Identifying one of multiple authentication subkeys

On 17/03/2019 12:45, Brian Exelbierd wrote: > There is no longer an identityfile to use in the .ssh/config file > which means all auth keys are tried with all hosts. I have multiple > auth keys and the hosts give up after 2 or 3 failures. How can I get > the right key served to the right host sin

Re: Identifying one of multiple authentication subkeys

t command without the grep will list it all. This worked and will allow me to associate the keygrips with the old identify file names for my own bookkeeping/sanity. This way as a project terminates, so can its key. > (By the way, as you can see in the ssh-keygen output, my key actually > has a

Re: Identifying one of multiple authentication subkeys

Hi, On 16/03/2019 14:22, Dirk Gottschalk wrote: > In the output from --export-ssh-key is also a comment field. This > fieldd, in my case shows: openpgp:0xF852DAEE Yes, but it is only added by the --export-ssh-key command and has a fixed form. Instead, for my keys, which by the way are not part of

Re: Identifying one of multiple authentication subkeys

Hi. Am Samstag, den 16.03.2019, 11:11 +0100 schrieb Peter Lebbing: > (By the way, as you can see in the ssh-keygen output, my key actually > has a comment field in the gpg-agent. It was imported from an on-disk > OpenSSH file, that's where it came from. I don't know a way to have a > comment field

Re: Identifying one of multiple authentication subkeys

On 16/03/2019 11:11, Wolfgang Traylor wrote: > $ gpg2 --export-ssh-key Actually, if you want a specific subkey, you need to append a ! to the key ID (probably need to quote it as well for the shell, \! ). Otherwise, GnuPG will use key selection rules to take the latest authentication subkey from

Re: Identifying one of multiple authentication subkeys

ere it came from. I don't know a way to have a comment field for a key generated with gpg, although I could probably hack it in in the private key store. Let's not do that.) HTH, Peter. PS: I see no reason why you shouldn't have multiple auth subkeys, unlike John Doe. -- I use

Re: Identifying one of multiple authentication subkeys

> I am unsure how to identify which subkey is which SSH key. You can export your GPG subkey for SSH and compare with the `ssh-add -L` output: $ gpg2 --export-ssh-key This gives you the SSH-formatted subkey which will match one of your lines from `ssh-add -L`. Note that the comments (anything af

Re: Identifying one of multiple authentication subkeys

On 3/15/2019 11:28 PM, Brian Exelbierd wrote: > Hi, > > I would like to eliminate my SSH keys and consolidate my existing keys into > my gpg key. I can do this by either importing my existing keys (easier) or > creating new authentication subkeys. > > Either way, I am u

Identifying one of multiple authentication subkeys

Hi, I would like to eliminate my SSH keys and consolidate my existing keys into my gpg key. I can do this by either importing my existing keys (easier) or creating new authentication subkeys. Either way, I am unsure how to identify which subkey is which SSH key. I created a test key, below

Re: Exporting/ importing changes expiration date of subkeys...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 15 November 2018 at 10:57:19 AM, in , gnupgpacker wrote:- > Indeed, but better link: > https://www.gpg4win.org/links.html Better in that it works. Worse in that it is longer. (-; - -- Best regards MFPA

Exporting/ importing changes expiration date of subkeys...

Hello, > MFPA > I see https://www.gpg4win.org/links.htm has a link to gpgrelay. > Some of the links on that page are marked "outdated", but > not this one. Indeed, but better link: https://www.gpg4win.org/links.html ;) Regards! ___ Gnupg-users mail

Re: Exporting/ importing changes expiration date of subkeys...

On Wed, 14 Nov 2018 16:45, 2017-r3sgs86x8e-lists-gro...@riseup.net said: > http://sites.inka.de/tesla/gpgrelay.html. A possible working link is > https://sourceforge.net/projects/gpgrelay/. Thanks, I fixed it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesges

Re: Exporting/ importing changes expiration date of subkeys...

On Wed 2018-11-14 15:45:34 +, MFPA wrote: > The broken link is at https://gnupg.org/software/swlist.html#sec-1-23. > The link that returns the 403 error is > http://sites.inka.de/tesla/gpgrelay.html. A possible working link is > https://sourceforge.net/projects/gpgrelay/. thanks, i've reported

Re: Exporting/ importing changes expiration date of subkeys...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 14 November 2018 at 9:52:56 AM, in , Daniel Kahn Gillmor wrote:- > Can you please point to the specific URL where there > is a broken link? The broken link is at https://gnupg.org/software/swlist.html#sec-1-23. The link that retu

Re: Exporting/ importing changes expiration date of subkeys...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 14 November 2018 at 9:58:37 AM, in , Daniel Kahn Gillmor wrote:- > all the more reason to move away from it then. > security software that > deals with complex data structures passed around the > public internet > needs to be activ

Re: Exporting/ importing changes expiration date of subkeys...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 13 November 2018 at 8:15:46 AM, in , gnupgpacker wrote:- > Keys with this structure are created with GPGkeys > (part of GPGshell for > Windows v3.78) For reference, I have attached an image of the GPGkeys key generation window with

Re: Exporting/ importing changes expiration date of subkeys...

On Wed 2018-11-14 08:43:19 +0100, gnupgpacker wrote: > Did try it several times, but no response. Development seems to be stopped > since 2005... > https://sourceforge.net/projects/gpgrelay/files/ all the more reason to move away from it then. security software that deals with complex data struc

Re: Exporting/ importing changes expiration date of subkeys...

Hi MFPA-- On Wed 2018-11-14 09:40:35 +, MFPA wrote: > Taking the opportunity to point out the software list on gnupg.org's > GPGrelay link returns a 403 "You don't have permission to access..." > error. (For me at least, YMMV.) Can you please point to the specific URL where there is a broken

Re: Exporting/ importing changes expiration date of subkeys...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 13 November 2018 at 10:50:47 PM, in , Daniel Kahn Gillmor wrote:- > GPGrelay should really upgrade to the modern GnuPG > suite. Taking the opportunity to point out the software list on gnupg.org's GPGrelay link returns a 403 "You

Exporting/ importing changes expiration date of subkeys...

Hello, > well, you said that they imported correctly into other programs, right? > so maybe the issue is at the intersection of r2mail2 and classic GnuPG. Yes, same opinion... > This sounds like a bug in gnupgpack, but i don't see a good way > to report bugs at the URL above. In "Impressum" a

Re: Exporting/ importing changes expiration date of subkeys...

s and >> failures), could you give the following information clearly: >> * Are you exporting secret keys? >>or exporting public keys? > RSA-4096 keypair secret + public > (1 main key C, 3 subkeys for S/A/E) > >> * where were the secret keys originally created?

Exporting/ importing changes expiration date of subkeys...

keys? >or exporting public keys? RSA-4096 keypair secret + public (1 main key C, 3 subkeys for S/A/E) > * where were the secret keys originally created? (on what program does >the original export happen?) GPGkeys with GnuPG-1.4.23(Win7) > * which program is doing the import? R2

Re: Exporting/ importing changes expiration date of subkeys...

ed back into the original program? > Importing those keys are working faultless with: > Flipdog CryptoPlugin/ Android-8.1: > https://i.imgur.com/TmR3oiz.png > and > OpenKeychain/ Android-8.1 too: > https://i.imgur.com/vYa1pUl.png > Expiration dates of key and 3 subkeys ar

Exporting/ importing changes expiration date of subkeys...

CryptoPlugin/ Android-8.1: https://i.imgur.com/TmR3oiz.png and OpenKeychain/ Android-8.1 too: https://i.imgur.com/vYa1pUl.png Expiration dates of key and 3 subkeys are correct set to 31.12.2019! Only importing with R2mail2/ Android-8.1 causes described expiration error. In my opinion it depends on key stru

Re: Exporting/ importing changes expiration date of subkeys...

Hi there-- On Mon 2018-11-12 11:04:09 +0100, gnupgpac...@on.yourweb.de wrote: > there occurs an issue while exporting/ importing keypair from > Windows-7/GPG-1.423 to Android-8.1/R2mail2. 1.423 is not a valid GnuPG version, so i assume you meant GnuPG 1.4.23. the "classic" version of GnuPG (the

Exporting/ importing changes expiration date of subkeys...

Hello, there occurs an issue while exporting/ importing keypair from Windows-7/GPG-1.423 to Android-8.1/R2mail2. Private/public key contains one main key and three subkeys, all valid til 31.12.2019: pub xDDDC C sub x5B9E A sub x493D S sub x2BE6 E But if exporting and importing whole key, subkey

Re: Subkeys

Hi Roland, I don't know if you have some specific questions but the Debian wiki page about Subkeys is nice: https://wiki.debian.org/Subkeys tl;dr version is primary/subkey setup lets you have your primary key completely offline and use subkeys for daily work. If something bad happens to a s

Subkeys

Dear GnuPG As a user of GPG4Win, is there any explanation in the compendium about the meaning and use of subkeys (I cannot find anything about that matter in the The Gpg4win Compendium 3.0.0) Best regards, -- Roland Siemons 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys

Second unexplained pinentry when generating subkeys with GPGME

When generating a new GPG master key and some subkeys with GPGME I noticed some odd behavior. I get a second passphrase pinentry when generating the first subkey and I don't know why. I initially thought it was for creating the automatic revocation certificate, as it doesn't seem to h

Re: Generating NIST/Brainpool subkeys with GPGME

On Mon, 2 Jul 2018 18:03, tookm...@gmail.com said: > Should I file a bug against GPGME? GPG? Not really sure where the > problem is here. Against gpg. I won't assign it a high priority, though. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedank

Re: Generating NIST/Brainpool subkeys with GPGME

On 07/02/2018 02:37 AM, Werner Koch wrote: > On Fri, 29 Jun 2018 22:07, tookm...@gmail.com said: >> It appears that one cannot currently generate NIST or Brainpool subkeys >> with GPGME. Using GPG itself works fine with --expert, so am I missing >> an option or is this si

Re: Generating NIST/Brainpool subkeys with GPGME

On Fri, 29 Jun 2018 22:07, tookm...@gmail.com said: > It appears that one cannot currently generate NIST or Brainpool subkeys > with GPGME. Using GPG itself works fine with --expert, so am I missing > an option or is this simply not possible yet? That is likely a bug. However there i

Generating NIST/Brainpool subkeys with GPGME

It appears that one cannot currently generate NIST or Brainpool subkeys with GPGME. Using GPG itself works fine with --expert, so am I missing an option or is this simply not possible yet? I've attached a simple test program and the output I get on my machine is below: ./eccsubkeys rsa1024

Re: v1.4.22: re--importing --export'ed key from --export-secret-subkeys dir cannot --encrypt

A nice Monday afternoon i wish, i have a post scriptum. Steffen Nurpmeso wrote in <20180604134413.sljyg%stef...@sdaoden.eu>: |Last saturday i search/stumbled over an interesting Debian page |(Subkey.html) which describes how to generate a dedicated siging |subkeys, and how to create a n

v1.4.22: re--importing --export'ed key from --export-secret-subkeys dir cannot --encrypt

Hello. Last saturday i search/stumbled over an interesting Debian page (Subkey.html) which describes how to generate a dedicated siging subkeys, and how to create a new key pool via --export-secret-subkeys which does not contain (all parts of) the real private key, so that the secret key can be

Re: GPGME export secret subkeys

ation I cannot find an equivalent to "gpg >> --export-secret-subkeys". Have I missed something, or does such >> functionality not yet exist? > > GPGME does not support all features of gpg; that is to avoid creating a > too baroque API. If you need this you can resort

Re: GPGME export secret subkeys

On Wed, 30 May 2018 17:22, tookm...@gmail.com said: > GPGME has export and import functions that work well as alternatives to > "gpg --import" and "gpg --export". However, looking through the > documentation I cannot find an equivalent to "gpg > --export-sec

GPGME export secret subkeys

GPGME has export and import functions that work well as alternatives to "gpg --import" and "gpg --export". However, looking through the documentation I cannot find an equivalent to "gpg --export-secret-subkeys". Have I missed something, or does such functionality

Re: Semantics of WOT and Subkeys

Hi, On 04/19/2018 03:12 AM, Evan Klitzke wrote: Later Alice learns about subkeys, so she creates a new signing subkey for signing her mail/git commits/whatever. How does this work when Bob sees the new subkey? For most purposes, the use of subkeys is "transparent" from the user&#

Semantics of WOT and Subkeys

I am trying to understand the semantics of how GnuPG's WOT model interacts with subkeys. This is a pretty basic question, so feel free to direct me to existing resources if there are any; there must be something written on this topic already, but I failed to find anything. Suppose Alic

Re: Extending validity of main- and subkeys in one step possible?

On Thu, 30 Nov 2017 11:19, gnupgpac...@on.yourweb.de said: > Sorry, it doesn't work for GPG v1.4.22... That is quite possible. Won't be changed. Please use 2.2. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpfvBsYwoUga.pgp Description: PGP signat

RE: Extending validity of main- and subkeys in one step possible?

Sorry, it doesn't work for GPG v1.4.22... Key set is called, then gpg> key * => Changing date with 'expire' is not working for all (sub)keys. gpg> key 1 => working Any additional hint? Thx + regards, Chris >> is there any possibility to extend key's validity of *all* keys in a >> keyset >> in

Re: Extending validity of main- and subkeys in one step possible?

On Tue, 28 Nov 2017 11:27, gnupgpac...@on.yourweb.de said: > is there any possibility to extend key's validity of *all* keys in a keyset > in *one* step? key * selects all keys. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpYYus0vMvHA.pgp Descri

Extending validity of main- and subkeys in one step possible?

Hello, is there any possibility to extend key's validity of *all* keys in a keyset in *one* step? So 2017-12-31 should be changed to 2019-12-31 for all subkeys... Otherwise it would be necessary to choose every subkey with key 1, key 2 and so on, than 'expire', than passphras

Re: export secret subkeys

It is my understanding that --export-secret-subkeys outputs a *dummy* (not the actual key) for the private part of the primary key, hence the output of --list-packets. The “gpg” man page says “The second form of the command [i.e.: --export-secret-subkeys] has the special property to render the

Re: export secret subkeys

> On 17 Aug 2017, at 16:06, Peter Lebbing wrote: > > On 17/08/17 15:39, Dirk-Willem van Gulik wrote: >> # off=0 ctb=95 tag=5 hlen=3 plen=533 >> :secret key packet: >> version 4, algo 1, created 1502976628, expires 0 >> pkey[0]: [4096 bits] >> pkey[1]: [17 bits] >> gnu-dummy S

Re: export secret subkeys

On 17/08/17 15:39, Dirk-Willem van Gulik wrote: > # off=0 ctb=95 tag=5 hlen=3 plen=533 > :secret key packet: > version 4, algo 1, created 1502976628, expires 0 > pkey[0]: [4096 bits] > pkey[1]: [17 bits] > gnu-dummy S2K, algo: 0, simple checksum, hash: 0 > protect IV:

Re: export secret subkeys

On 08/17/2017 03:39 PM, Dirk-Willem van Gulik wrote: This had me believe that export-secret-subkeys would just export a subkey. Instead the output of --list-packets (and the file size) suggests that both the master and the subkey are exported. Seemingly, yes. But actually, when using --export

  1   2   3   4   5   6   >