Re: Generating GnuPG S/MINE key pair

2015-04-28 Thread Werner Koch
On Mon, 27 Apr 2015 22:07, dkbry...@gmail.com said: > gpgsm: no issuer found in certificate > gpgsm: basic certificate checks failed - not imported Your root certificate is not valid. An Issuer is required and that issuer must match the Subject. Also certain other fields are required for a root

Building libgpg-error for powerpc64-e5500-linux-gnu

2015-04-28 Thread Grzegorz Borowiak
I'm trying to cross-compile libgpg-error for powerpc64-e5500-linux-gnu and I fail: make[1]: Entering directory '/targ/arch/powerpc64-e5500-linux-gnu/modes/eos/tmp/portage/dev-libs/libgpg-error-1.18/work/libgpg-error-1.18-.default' Making all in m4 make[2]: Entering directory '/targ/arch/powe

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Simon Josefsson
Werner Koch writes: > I appreciated the opportunity to meet the GPG Tools developers, who > are very dedicated to make GnuPG working well on OS X. I stressed the > importance to actively participate on the GnuPG mailing list to keep > information in sync. One example may illustrate this

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Neal H. Walfield
Hi Simon, We've documented the problem at http://wiki.gnupg.org/GnomeKeyring . At Tue, 28 Apr 2015 14:45:22 +0200, Simon Josefsson wrote: > Werner Koch writes: > > > I appreciated the opportunity to meet the GPG Tools developers, who > > are very dedicated to make GnuPG working well on OS X

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Simon Josefsson
"Neal H. Walfield" writes: > Hi Simon, > > We've documented the problem at http://wiki.gnupg.org/GnomeKeyring . Thanks -- another workaround, alas. > The solution is to fix Gnome Keyring :). I've spoken with Stef, the > main developer of GKR, and he confirmed that the only reason GKR MITMs > G

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Robert J. Hansen
> The solution is to fix Gnome Keyring :). I've spoken with Stef, the > main developer of GKR, and he confirmed that the only reason GKR > MITMs GPG Agent is so that it can intercept prompts for the password > to supply any cached value. This doesn't seem like a good reason. It never has. If

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Daniel Kahn Gillmor
On Tue 2015-04-28 10:26:05 -0400, Robert J. Hansen wrote: > This doesn't seem like a good reason. It never has. If I configure > gpg-agent to cache for 20 minutes, but forget to configure > gnome-keyring-daemon, then it's possible that 25 minutes later I'll do > something requiring a passphrase,

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Neal H. Walfield
At Tue, 28 Apr 2015 10:26:05 -0400, Robert J. Hansen wrote: > > The solution is to fix Gnome Keyring :). I've spoken with Stef, the > > main developer of GKR, and he confirmed that the only reason GKR > > MITMs GPG Agent is so that it can intercept prompts for the password > > to supply any cach

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Hans-Christoph Steiner
Werner Koch: > On Mon, 27 Apr 2015 01:31, b...@pagekite.net said: >> Thanks for the write-up, Werner! :-) > > Actually you have been much faster with your report > https://www.mailpile.is/blog/2015-04-20_OpenPGP_Email_Summit.html > >>> disappointed that many of the participants favored this c

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Robert J. Hansen
> Every environment is free to implement its own pinentry, and we've never > discouraged that (indeed, gnupg upstream ships several pinentry > variants). If a pinentry variant chooses to implement its own > passphrase cache, that is up to that pinentry variant, no? I'm not objecting to the idea o

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Werner Koch
On Tue, 28 Apr 2015 17:02, n...@walfield.org said: > I've added a checkbox to pinentry that asks: "Cache password with GKR" > and it is only shown if GKR is present. So it's opt-in. Good. While you are at it: Please also add a checkbox to not hide the passphrase in the entry field. Being able

Re: Building libgpg-error for powerpc64-e5500-linux-gnu

2015-04-28 Thread Werner Koch
On Tue, 28 Apr 2015 14:32, gborow...@advaoptical.com said: > Can I somehow convince it to recognise powerpc64-e5500-linux-gnu as > powerpc64-unknown-linux-gnu? If both systems use the same ABI config.sub should have returned a canonicalized versions. If not we can use a new mechanism available i

Re: Building libgpg-error for powerpc64-e5500-linux-gnu

2015-04-28 Thread Grzegorz Borowiak
Thank you for so quick answer. I will try how it works. I'm almost sure the ABI is the same, but I must check. And is there an architecture-independent and ABI-independent way of building libgpg-error? From: Werner Koch Sent: 28 April 2015 17:48 To: Grz

Re: Generating GnuPG S/MINE key pair

2015-04-28 Thread Dan Bryant
OK... I'm apparently suffering from a bad gpgsm setup. According to the 2011 post (https://lists.gnupg.org/pipermail/gnupg-devel/2011-March/025989.html) the following command, should just work: gpgsm --gen-key | gpgsm --import Not for me... I get gpgsm: problem looking for existing certific

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Daniel Kahn Gillmor
On Tue 2015-04-28 11:36:34 -0400, Robert J. Hansen wrote: > I'm not objecting to the idea of GKD providing its own pinentry: > creating a gkd-pinentry sounds like a good idea. OK, that's good! > I'm objecting to what I read (and possibly misread) as placing GKD hooks > into the *GnuPG-distributed

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Robert J. Hansen
> Well, gnupg currently distributes four different pinentries: Point. I still think if GKD wants to hook into a pinentry, they need to distribute their own pinentry instead of modifying one that GnuPG maintains. Given pinentry-gtk2 is FOSS, it shouldn't be too hard for them to fork it, make thei

Re: Building libgpg-error for powerpc64-e5500-linux-gnu

2015-04-28 Thread Werner Koch
On Tue, 28 Apr 2015 17:55, gborow...@advaoptical.com said: > And is there an architecture-independent and ABI-independent way of building > libgpg-error? No. I know that this change in libgpg-error is annoying but I decided for it so to decouple libgpg-error's API from pthreads. By not using p

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Werner Koch
On Tue, 28 Apr 2015 18:17, d...@fifthhorseman.net said: > :) I'm assuming that Neal is adding this hook to pinentry-gtk2, and not > to the others, but i haven't checked. Yes, with a configure option so the user/distro can decide. I do not want that for my gtk version. Originally I leaned again

Help GnuPG install

2015-04-28 Thread Mercury Rising
I had Gpg keys only on my Mac w/some old keys in the file. I downloaded the latest version OS GPG Tools. I have the Mavericks Flavor of OS X and I noticed too late it was for Mac Yosemity. Nothing works now. I did off load all the keys into a text file. So what works with Maverics that I can use? I

Re: Notes from the first OpenPGP Summit

2015-04-28 Thread Neal H. Walfield
At Tue, 28 Apr 2015 17:38:53 +0200, Werner Koch wrote: > On Tue, 28 Apr 2015 17:02, n...@walfield.org said: > > > I've added a checkbox to pinentry that asks: "Cache password with GKR" > > and it is only shown if GKR is present. So it's opt-in. > > Good. While you are at it: Please also add a c

Re: Help GnuPG install

2015-04-28 Thread Mercury Rising
What is the Best set up of GnuPG on Mac OS X Mavericks ? On Tue, Apr 28, 2015 at 9:44 AM, Mercury Rising wrote: > I had Gpg keys only on my Mac w/some old keys in the file. I downloaded > the latest version OS GPG Tools. I have the Mavericks Flavor o