On Mon, Mar 21, 2016 at 06:39:33PM -0400, Robert J. Hansen wrote:
> Edgar reached out to me earlier, and I directed him here to this list in
> the hopes that someone with more clue than me would be able to help.
>
> Edgar, I'm not particularly up on GPG for OS X. However:
>
> > So, I went to the
On Mon, 21 Mar 2016 21:05, viktordic...@gmail.com said:
> key and not present in the folder). I guess these are expired subkeys
> which I somehow deleted from my keyring, but why would the private keys
Or keys used by SSh or X.509.
Use gpg-connect-agent and then:
> help keyinfo
# KEYINFO [-
Hi Dashamir,
On Monday 21 March 2016 at 16:49:41, Dashamir Hoxha wrote:
> Hi Bernhard, thanks for having a look at it.
you are welcome! I appreciate all efforts to make GnuPG more accessible,
this is why I am taking a little bit of time to write up some feedback.
> On Mon, Mar 21, 2016 at 3:05
On Thursday 17 March 2016 at 10:40:27, Damien Goutte-Gattat wrote:
> If I may, I wrote two blog posts on this subject:
>
> * http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html
> (for GnuPG 2.0)
>
> * http://www.incenp.org/notes/2015/gnupg-for-ssh-authentication.html
> (for GnuPG 2.1
> Just like Peter wrote I think that a user would usually not
> encounter all bells and wistles.
I think it's rather a bit more extreme than that. I think if a user has
to fire GnuPG up from the command line *for anything*, something's gone
terribly wrong and we're in danger of losing a user.
No
Thanks, I found it myself but since the sender of a mail to the list
does not get a copy of it, I could not simply reply. If I use
'--list-options show-unusable-subkeys', I see the missing keys, they are
simply expired. Sorry to disrupt.
Regards,
Viktor
signature.asc
Description: OpenPGP digita
On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter
wrote:
>
> Any cross plattform approach would work. Python has the advantage
> that the source code can be changed by an editor an immedeately run
> and that it works fairly well cross-plattform.
>
> What is even more important is that you should us
On Tue, Mar 22, 2016 at 10:46 AM, Robert J. Hansen
wrote:
>
> I don't think the EasyGnuPG authors have thought through their target
> market. It targets users who are comfortable enough to say "oh, I
> should use the terminal for this!", but not comfortable enough to read a
> manpage. It's targe
> And then, it is not difficult to build a GUI app on top of a
> command-line tool that works properly. I cannot do it, but somebody
> maybe can do it easily.
Oh, it's *hard*. Look at how long it took Enigmail to get into a state
where it wasn't painful to use -- and there are still, today, parts
And besides, it's much easier to build a GUI app in front of a C API
than a command line application.
On Tue, Mar 22, 2016 at 11:35 AM, Robert J. Hansen wrote:
>> And then, it is not difficult to build a GUI app on top of a
>> command-line tool that works properly. I cannot do it, but somebody
>>
> This is an important point (using the API), because trying to use `gpg`
> in scripts is terribly difficult. I don't understand why `gpg` does not
> follow the unix philosophy of being easily used in scripts and
> cooperating easily with other commands.
GnuPG is, believe it or not, a lot more lik
On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni <
paolo.bolzoni.br...@gmail.com> wrote:
> And besides, it's much easier to build a GUI app in front of a C API
> than a command line application.
By no means I want to prevent anybody from starting to build a GUI app...
I totally agree, Dashamir I really think you should focus on what you
think is hard in gnupg? And why?
Are you sure a new program (and not a simple patch) is the best answer?
At the moment you are showing us strange defaults, an implementation
that can break at any time, and I am not really sure h
My real question is: what do you think in gpg is not easy enough?
On Tue, Mar 22, 2016 at 11:53 AM, Dashamir Hoxha wrote:
> On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni
> wrote:
>>
>> And besides, it's much easier to build a GUI app in front of a C API
>> than a command line application.
>
>
On Tue, 22 Mar 2016 11:20, dashoho...@gmail.com said:
> scripts is terribly difficult. I don't understand why `gpg` does not follow
> the unix philosophy of being easily used in scripts and cooperating easily
> with other commands.
It actually does. There are just two things which differ:
- g
Hello,
Apologies if this is an excessively newbie question, but is there any
reasonably automated way to do verification via the web-of-trust when
you don't have all the intermediate steps in the keyring already?
All the pathfinders I've seen have been full-on HTML websites, is there
anything out
On Mon, Mar 21, 2016 at 11:31:56PM -0400, Robert J. Hansen wrote:
> > There are two other possible explanations: MacPorts (see macports.org)
> > and Home Brew.
>
> And Fink, and... etc. However, I'm omitting the ... let's call them
> "comprehensive" solutions that allow you to install all manner
> On 22 Mar 2016, at 10:40, Paolo Bolzoni wrote:
>
> And besides, it's much easier to build a GUI app in front of a C API
> than a command line application.
This is undeniably true. Unfortunately you first need to learn the API, which
can be a barrier to someone who knows the command line inte
On Tue, 22 Mar 2016 10:12:36 +0100
Viktor Dick wrote:
Hello Viktor,
>Thanks, I found it myself but since the sender of a mail to the list
>does not get a copy of it,
It's a gmail-ism; Most people get their list messages sent back to
them, but not gmail users. It's a 'feature' google seem to b
On Mon, Mar 21, 2016 at 03:05:05PM +0100, Bernhard Reiter wrote:
> Hi Dashamir,
>
> On Friday 18 March 2016 at 09:49:16, Dashamir Hoxha wrote:
> > I am writting some shell scripts for making GnuPG more accessible and
> > easier to use:
> > - https://github.com/dashohoxha/egpg
>
> I like the goal
On Mon, Mar 21, 2016 at 06:38:31PM +0100, Peter Lebbing wrote:
> On 21/03/16 16:49, Dashamir Hoxha wrote:
> > Yes, but the overall number of commands and options supported
> > is 10 times smaller than those of gpg2. Tutorials about egpg are also
> > much shorter.
>
> These things can simply be sol
On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote:
> You know what might, though, if someone were to take up the old GPA
> project perhaps ... maybe port it to GTK 3 or implement a Qt version.
We have just cleanup and simplified the structure of Kleopatra,
so that is making steps into the d
On Tue, Mar 22, 2016 at 11:20:40AM +0100, Dashamir Hoxha wrote:
> On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter
> wrote:
> >
> > Any cross plattform approach would work. Python has the advantage
> > that the source code can be changed by an editor an immedeately run
> > and that it works fairly
I guess we should start from the desired use case.
We want a GUI for what? Encrypting? Signing? Managing the web of
trust? SSH login? Everything?
On Tue, Mar 22, 2016 at 3:45 PM, Bernhard Reiter wrote:
> On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote:
>> You know what might, though, if
On Tue, 22 Mar 2016 15:41, b...@adversary.org said:
> provides a socket interface with which you can interact with portions
> of the GPGME functions, including most of the most common functions.
FWIW: We even consider to extend gpgme-tool to be a Native Messaging
Server for Browsers.
Salam-Shal
On Tue, Mar 22, 2016 at 03:45:09PM +0100, Bernhard Reiter wrote:
> On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote:
> > You know what might, though, if someone were to take up the old GPA
> > project perhaps ... maybe port it to GTK 3 or implement a Qt version.
>
> We have just cleanup an
On Tue, Mar 22, 2016 at 3:53 PM, Paolo Bolzoni <
paolo.bolzoni.br...@gmail.com> wrote:
> I guess we should start from the desired use case.
> We want a GUI for what? Encrypting? Signing? Managing the web of
> trust? SSH login? Everything?
I think that deciding the desired use case(s) is importan
One idea I've been tossing about: import the whole dump. I read that gpg
2.1 uses a new efficient key database called keybox. It would be
interesting to see if it could handle that much data, and if so, gpg could
do the WoT calculations directly.
On Tue, Mar 22, 2016, 9:33 AM Lachlan Gunn wrote:
On Tue, Mar 22, 2016 at 04:29:42PM +0100, Werner Koch wrote:
> On Tue, 22 Mar 2016 15:41, b...@adversary.org said:
>
> > provides a socket interface with which you can interact with
> > portions of the GPGME functions, including most of the most common
> > functions.
>
> FWIW: We even consider to
On 22/03/16 13:21, Lachlan Gunn wrote:
> All the pathfinders I've seen have been full-on HTML websites, is there
> anything out there more suitable for scripting?
This doesn't help you one iota. The simple reason: trust is not
transitive. If you want key A, which is 4 hops away from you, to become
On 22/03/16 17:11, Peter Lebbing wrote:
>
> That trust is not transitive is not some quirk of the web of trust: it
> is fundamental. I might trust Carl, and Carl might trust Jenny, but if I
> don't know Jenny, I would not trust her, despite the fact that I trust
> someone who trusts her. Trust is
On 22/03/16 19:14, Andrew Gallagher wrote:
> All this is true. But this does not help *me* one iota.
It sounds to me like you're not looking for the Web of Trust, which is indeed
very limited in its options. Instead, you are probably looking for something
more like TOFU, in the sense that this dev
On 22/03/16 19:14, Andrew Gallagher wrote:
> Real world example. I wanted to install the latest copy of Apache for
> windows. It is signed by one William A Rowe Jr. I do not know William A
> Rowe Jr, nor do I know any of the people who have signed his key, nor am
> I ever likely to meet them, let a
On 22/03/16 18:30, Peter Lebbing wrote:
> On 22/03/16 19:14, Andrew Gallagher wrote:
>> All this is true. But this does not help *me* one iota.
>
> It sounds to me like you're not looking for the Web of Trust, which is indeed
> very limited in its options. Instead, you are probably looking for som
On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch wrote:
> On Tue, 22 Mar 2016 15:41, b...@adversary.org said:
>
> > provides a socket interface with which you can interact with portions
> > of the GPGME functions, including most of the most common functions.
>
> FWIW: We even consider to extend gpgme
On Tue, Mar 22, 2016 at 2:55 PM, Andrew Gallagher
wrote:
>
> For that we need to be encouraging hackers and tinkerers to experiment
> with novel interfaces; and this is best done by giving them the software
> equivalent of Lego rather than Meccano.
>
I find the Lego analogy very suitable. This is
On Tue, Mar 22, 2016 at 2:28 PM, Werner Koch wrote:
>
> There are two simple things you need to remember when using gpg in a
> script:
>
> 1. --batch to avoid all interaction.
>
> 2. --with-colons to get a well defined output format. That format is
> not good for humans, though.
>
> Wel
On Tue, Mar 22, 2016 at 10:54 AM, Paolo Bolzoni <
paolo.bolzoni.br...@gmail.com> wrote:
> I totally agree, Dashamir I really think you should focus on what you
> think is hard in gnupg? And why?
> Are you sure a new program (and not a simple patch) is the best answer?
>
> At the moment you are sho
On Tue, Mar 22, 2016 at 3:41 PM, Ben McGinnes wrote:
>
> You might try experimenting with gpgme-tool then, it's one of the
> undocumented/self-documented extras which comes with GPGME. It
> provides a socket interface with which you can interact with portions
> of the GPGME functions, including m
First of all, let me say that I regret that I didn't start my mail with feedback
on your project on a positive note. I think it's good that people spend effort
trying to make things more usable, and I applaud you for it. It would have been
a lot nicer of me to start out with that. There's no excuse
On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing
wrote:
>
> Your one month expiry thing is not well thought through. Not only will the
> owner
> need to re-sign and redistribute every damn month, but all his contacts
> will
> pretty much always need tor refresh the key before they can use it, /eve
Sorry to butt in here but in my first post to the list I mentioned that
I was attempting to use FreePascal/Lazarus to interface with GPG via the
command line but whilst I had managed to get it working with OpenSSL
attempting the same methodology on GPG resulted in a 'hang'.
Now I realise I am a no
On 22/03/16 23:10, Dashamir Hoxha wrote:
> You got this wrong. It does not enforce 1 month expiry. Right after
> creating the key you can change its expiry to 10y, if you wish. But if
> you say nothing, after 1m you will have to renew it (if you still
> remember the passphrase). This is like a safe
On 22/03/16 15:31, Ben McGinnes wrote:
> What, you mean like "gpg2 --use-embedded-filename"?
No, I meant what it already does, I had it wrong in my head and should
have tried it. I mean that it would be nice if the following were
equivalent:
$ gpg2 -r de500b3e -e file.ext
$ gpg2 -o file.ext.gpg -
On 22 Mar 2016, at 22:10, Dashamir Hoxha wrote:
>> On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing
>> wrote:
>> And why is your primary key capable of encryption? One of the reasons for
>> subkeys is so you don't have to use the same key material for both encryption
>> and signing, since this o
On Tue, Mar 22, 2016 at 11:25 PM, Peter Lebbing
wrote:
>
> > What is wrong with that? As long as there is a subkey for encryption,
> > gpg will use the subkey for encryption, even if the primary key is
> > capable of encryption.
>
> That is not up to you! It's up to your peers, or your attackers.
Hi,
I’ve implemented initial support for AES-GCM in OpenPGP.js using the IETF draft
for authenticated encryption:
https://tools.ietf.org/html/draft-ford-openpgp-format-00
I’ve created a pull request on GitHub for the implementation. The specification
leaves quite a bit of wiggle room and I’ve
On 22.03.2016 23:10, Dashamir Hoxha wrote:
> You got this wrong. It does not enforce 1 month expiry. Right after
> creating the key you can change its expiry to 10y, if you wish. But if
> you say nothing, after 1m you will have to renew it (if you still
> remember the passphrase). This is like a sa
48 matches
Mail list logo
