On 02/25/2015 02:01 AM, Smith, Cathy wrote:
Can someone tell the how to disable pinentry? I'd like to be able to run gpg
--edit-key, or to open a password encrypted file without a GUI.
You could use a console-only pinentry, such as pinentry-curses or
pinentry-tty. Add the following line in y
Oops, I realised I made a mistake.
On 24/02/15 19:49, Peter Lebbing wrote:
>> - [Optional] If string-to-key usage octet was 255 or 254, a
>>string-to-key specifier. The length of the string-to-key
>>specifier is implied by its type, as described above.
>
> specifier 110
> ha
On 25/02/15 06:49, NdK wrote:
> Use a smartcard and generate on-card a new key that replaces the expired
> one.
While I agree this could be a neat setup for OP, it might be overkill or even
impractical given the signing speed of a smartcard. I don't know what volume of
signatures will be issued.
Hi,
Still not working :(
Got no idea why...
#gpg -r 6349E5E0 -e test.txt
Abort
I've deleted my ~.gnupg directory and generate another key
# gpg --list-keys
/root/.gnupg/pubring.gpg
pub 4096R/F2E7CBA5 2015-02-25 [expires: 2015-04-26]
uid [ultimate] FreeBSD
sub
Damien
Adding this line didn't work:
pinentry-program /usr/bin/pinentry-tty
The message was invalid option
gpg: /home/foo/.gunpg/gpg.conf:242: invalid option
The CentOS6 and RHEL6 distributions don't provide a /usr/bin/pinentry-tty.
One of my goals of this is to be able to
Hi Cathy,
We use /usr/libexec/gpg-preset-passphrase to set our passphrase.
/usr/libexec/gpg-preset-passphrase -cP "$passphrase" $keygrip
You would need to add this to your .gpg-agent.conf:
allow-preset-passphrase
you will need to get the KEYGRIP. The easiest way I found is:
gpg2 --finger
I think we should easily be able to create subkeys on our day-to-day machine,
while maintaining an air-gapped master, without transferring secret material
back and forth. This seems possible [1][2] using gpgsplit and possibly some hand
editing of hex files. By operating an offline master setup, we
Rob
Thanks. I got an error when trying to do this. I created the gpg-agent.conf
file in my home directory and added the directive:
[cathy@foo ~]$ cat gpg-agent.conf
allow-preset-passphrase
[cathy@foo ~]$
[cathy@foo ~]$ /usr/libexec/gpg-preset-passphrase -cP"cry123" "4611 E023 7B7A
31FE 13
Hey Cathy,
You need gpg-agent running with this setup.
Per the error message, it can not connect to a running gpg-agent to enter the
passphrase.
Your gpg-agent.conf also needs to be with your other gpg configs under .gnupg.
-Rob
-Original Message-
From: Smith, Cathy [mailto:cathy.sm..
Rob
I'm not familiar with running gpg-agent. I've started with the man page.I
don't see a process running.
Cathy
---
Cathy L. Smith
IT Engineer
Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy
Phone: 509.375.2687
Fax: 509.375.2330
On 02/26/2015 03:22 AM, Matthew Monaco wrote:
> I think we should easily be able to create subkeys on our day-to-day machine,
I'd understand your point. IIUC, you don't want to export "secret"
from an air-gapped machine by any chance.
The practice of having air-gapped master key is because of ri
Rob
Apparently gpg-agent doesn't start automatically by default on CentOS6. I've
read some different recommendations for how to configure that. Do you have any
recommendations?
Thanks
Cathy
---
Cathy L. Smith
IT Engineer
Pacific Northwest National Laboratory
Operated by Battelle for the
Hi, Cathy,
Am 25.02.2015 um 17:51 schrieb Smith, Cathy:
>
> One of my goals of this is to be able to set a passphrase on a key in batch
processing. Perhaps, there is another way to accomplish that?
>
>
I am not sure if that's the solution to your problem, but according to the
*Unattended Key G
13 matches
Mail list logo
