Re: 2.1.2: keyserver route failure

On Wed 2015-02-18 06:40:12 -0500, Werner Koch wrote: > On Wed, 18 Feb 2015 06:24, r...@sixdemonbag.org said: > >> I don't have IPv6 routing, period. This raises the question of why >> GnuPG is trying to reach an IPv6 address at all. > > Because the resolver tells that there is an record. It

Re: Please remove MacGPG from gnupg.org due to serious security concerns

On Wed 2015-02-18 11:46:23 -0500, Doug Barton wrote: > On 2/18/15 2:52 AM, Jonathan Schleifer wrote: >> Well, I guess you have to take into account that a lot of downloads >> are from packaging software like pkgsrc, FreeBSD ports, Gentoo >> portage, ArchLinux's makepkg, etc. Usually, these do downl

Re: Whishlist for next-gen card

On Sat 2015-02-21 06:51:15 -0500, Peter Lebbing wrote: > Oh ouch. I suddenly realise something about the canary press-to-decrypt button > (point 6). I've thought of a nasty attack. Maybe it's not such a great canary > for decryption keys... > > So I access mail A, which is encrypted, and my PC is c

Re: Unattended signing

On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote: > I have a sufficient trust in the security of the server where the > automated process runs, but I would like to reduce to a minimum the risks. there are risks with unattended signing in general, related to what messages you allow to get p

Re: Question about group line use in GnuPG

On Sat 2015-02-21 18:33:46 -0500, Anthony Papillion wrote: > I belong to a mailing list (PGPNET, a Yahoo Group) that provides me with > a "group line" for encrypting to a group of keys. In my gpg.conf file, I > put something like: > > group mygr...@domain.com=key1,key2,key > > Then, using Enigmail,

Re: Unattended signing

On Mon 2015-02-23 19:36:25 -0500, Daniele Nicolodi wrote: > On 21/02/15 20:11, Daniel Kahn Gillmor wrote: >> Using a subkey is a reasonable approach, and rotating (and destroying) >> the secret key of the rotated subkey is not a bad idea. > > What do you exactly mean by "

Re: Unattended signing

On Fri 2015-02-27 03:07:39 -0500, MFPA wrote: > On Tuesday 24 February 2015 at 10:16:20 PM, in > , Daniel Kahn Gillmor wrote: > >> That is, only a malicious person who manages to >> compromise that key material can make signatures with >> it. So why are you keepi

Re: Re: Thoughts on GnuPG and automation

On Fri 2015-02-27 07:19:41 -0500, Bjarni Runar Einarsson wrote: > I think you misunderstood my complaint. I don't mind if the agent is a > persistance daemon that provides GPG-related services, that's all well > and good. It's good process separation and I have no problem with that. > > My gripe

strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote: > In practice the Textsecure protocol works well of couyrse because it > uses the phone number. One usually knows that number already from a > contact. Most people I communicatw with often I even recognise by > voice alone - taking over the pho

Re: Decrypting PGP/MIME on the command line

On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote: > On Sun, 1 Mar 2015 15:32, rp...@kcore.de said: > >> is there a command line utility that takes a PGP/MIME encrypted message >> (a plain RFC 2822 text file) and outputs an unencrypted copy? The > > Not really. MIME is a structured format and a

Re: Making the case for smart cards for the average user

On Mon 2015-03-16 20:55:51 -0400, MFPA wrote: > Although I don't really like email addresses in the UIDs of my keys, I > quite like the simplicity of your "email address only" simplified UID > format. However, I would urge you to reconsider your decision to drop > the angle brackets. At least one

Re: Defaults

On Tue 2015-03-17 17:58:47 -0400, Pete Stephenson wrote: > Alas, a lot of Linux distributions are quite slow-moving: it's unlikely > that distributions like Debian and Ubuntu will have GnuPG 2.1.x > available (let alone installed by default) for several years. For debian stable, this is likely to

Re: Defaults

On Tue 2015-03-17 18:37:40 -0400, Robert J. Hansen wrote: >> I agree that defaulting to brainpool-512 right now would be a >> mistake. >> >> Defaulting to RSA 3072 seems reasonable to me, though. > > I think it's best to minimize the number of times we change the > defaults. If we change them too

Re: Defaults

On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote: > Do you mean signatures in general, or key signatures (certifications)? > For key signatures, SHA-1 is still the default for RSA keys Is this correct? I think we should be defaulting to SHA-256 for RSA certifications these days. If

Re: what is the proper way to load gpg-agent with systemd

On Tue 2015-03-17 14:43:02 -0400, Paulo Lopes wrote: > So what I did was to create a user unit file like this on ~/.local/: > > [Unit] > Description=gpg-agent > ConditionFileIsExecutable=/usr/bin/gpg-agent > > [Service] > ExecStart=/usr/bin/gpg-agent --daemon --enable-ssh-support > --scdaemon-progr

Re: Making the case for smart cards for the average user

On Tue 2015-03-17 21:35:46 -0400, Brian Minton wrote: > I thought keyservers strip all punctuation. So becomes > foo example com. This discussion has been about gnupg and its own keyring, not necessarily about keyservers. The bug report i filed referred to local gpg activity, not keyserver activ

Re: What am I doing wrong?

On Wed 2015-03-18 08:18:11 -0400, Mark Walter wrote: > I'm having issues with encrypt and decrypt and I know it's something > I'm doing wrong. I created a key with Kelopatra. Imported it into GNU > Privacy Assistant. It shows up as Fully Valid. > > Next, to test, I created the text file test.txt a

Re: SKS Keyserver, HKPS, and GnuPG 2.1

On Wed 2015-03-18 18:03:11 -0400, Samir Nassar wrote: > On Wednesday, March 18, 2015 10:40:57 PM Kristian Fiskerstrand wrote: >> try renaming /home/snassar/.gnupg/myriapolis.net.crt to >> /home/snassar/.gnupg/myriapolis.net.pem > > Done. It looks to me like you're using the server's certificate a

RE: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

On Fri 2015-03-20 13:43:27 -0400, Bob (Robert) Cavanaugh wrote: > One thought to add to the mix: Phishng attacks by having > unknowledgable users "click on this link" are pretty > successful. Doesn't this proposal open a new threat vector? There are a lot of proposals in this thread, and you didn'

Re: Error Installing gnupg-2.0.27 on Debian Squeeze

Hi Angel-- On Sat 2015-03-21 12:16:08 -0500, Angel Parrales wrote: > Following instructions included in documentation, is not possible to > complete installation, > Last lines pasted below: > > make[3]: Entering directory > `/home/adolfo/Downloads/gnupg-2.0.27/tests/openpgp' > echo '#!/bin/sh' >./

Re: Instructions for converting keyring for 2.1

On Sun 2015-03-29 13:36:02 -0400, Peter Lebbing wrote: > I just followed the instructions on [1] for converting your pubring.gpg to the > new keybox format. I discovered I needed --import-options import-local-sigs on > the import command to also import my local signatures, which obviously is very >

Re: Splitting a GPG private key

Hi Alfredo, On Mon 2015-04-06 11:16:14 -0400, Alfredo Palhares wrote: > While looking for a way to store you passwords and share them across the > company. > > We need to control access inside subdirectories and have a master GPG key that > gets encrypted with all the other ones. > > We would lik

Re: Making the case for smart cards for the average user

On Tue 2015-04-07 08:39:57 -0400, MFPA wrote: > I was talking about what happens when the angle brackets are not > there. > > If I generate a key with the UID of:- > >Test20150407 u...@example.com > > and try to encrypt an email to u...@example.com it fails. The above is neither an RFC 5322 ad

Re: Splitting a GPG private key

On Tue 2015-04-07 09:14:09 -0400, Alfredo Palhares wrote: > [dkg wrote:] >> Do you want to require multiple people to come together to use that >> secret key? or do you want them each to have the ability to use the key >> independently from each other? > > The objective is require multiple people

Re: Notes from the first OpenPGP Summit

On Tue 2015-04-28 10:26:05 -0400, Robert J. Hansen wrote: > This doesn't seem like a good reason. It never has. If I configure > gpg-agent to cache for 20 minutes, but forget to configure > gnome-keyring-daemon, then it's possible that 25 minutes later I'll do > something requiring a passphrase,

Re: Notes from the first OpenPGP Summit

On Tue 2015-04-28 11:36:34 -0400, Robert J. Hansen wrote: > I'm not objecting to the idea of GKD providing its own pinentry: > creating a gkd-pinentry sounds like a good idea. OK, that's good! > I'm objecting to what I read (and possibly misread) as placing GKD hooks > into the *GnuPG-distributed

Re: How to get my GNUPG Elgamal private key exponent?

On Fri 2015-05-01 02:37:03 -0400, Danny Crane wrote: > I have tried googling around. The closest solution I get is: > > private.key contains the private key file. > > $pgpdump -i private.key > > But this only gives me the following: > > ElGamal p > ElGamal g > ElGamal y > Encrypted Elgamal x > som

Re: Multiple Smartcards - Signing

On Thu 2015-04-30 17:49:28 -0400, Matthew Monaco wrote: > Why isn't gpg smarter about selecting only from the /available/ keys > at the time of signing? BTW, I'm using 2.1.3 I think this is the crux of your issue. It sounds like a bug to me. I've opened a bug report about it: https://bugs.gnup

Re: Multiple Smartcards - Signing

On Sun 2015-05-03 06:35:37 -0400, MFPA wrote: > On Saturday 2 May 2015 at 3:36:47 AM, in > , Daniel Kahn Gillmor wrote: > >> https://bugs.gnupg.org/gnupg/issue1967 > > Do you think a notification should be displayed, something like > "Signing subkey 0x01234567 not

Re: What Linux kernel configuration options are required by GPG for --refresh-keys?

On Fri 2015-05-15 07:43:12 -0400, Werner Koch wrote: > On Thu, 14 May 2015 04:41, dbdanie...@gmail.com said: > >> # gpg --homedir /etc/pacman.d/gnupg --refresh-keys >> gpg: refreshing 80 keys from hkp://pool.sks-keyservers.net >> gpg: keyserver refresh failed: Address family not supported by proto

Re: Removing hkp from server

On Fri 2015-05-15 11:48:52 -0400, Camatek Electronics Support Staff wrote: > Made the mistake of having no revocation certs and ended up with a mess. > Lots of duplicates on hkp.gnupg.net. > > Is there an administrative contact to have them removed? Sorry, you probably can't get them removed. I

Re: [Enigmail] Popescu and keys

On Wed 2015-05-20 20:13:32 -0400, Robert J. Hansen wrote: > In the last couple of days a few different people have pointed me to > Mircea Popescu's blog, where he's claimed he's broken ~150 keys that are > in common circulation among the keyservers. At least one of the keys he claimed to have brok

Re: OPENPGP URI PROPOSAL

On Thu 2015-05-21 11:59:07 -0400, mofo syne wrote: > You might see a few copies around. This one is edited and streamlined with > some advice from Hasimir to help keep this proposal focused. This is > mirrored in here >

Re: [Enigmail] Popescu and keys

On Thu 2015-05-21 12:23:20 -0400, Daniel Kahn Gillmor wrote: > Which key does he claim to have broken? If Mircea has broken your > encryption-capable subkey (0xB8A6B74C001892C2) then he might only be > able to decrypt messages sent to you, but not sign them. > > To provide him with

Re: OPENPGP URI PROPOSAL

On Thu 2015-05-21 18:46:52 -0400, Hugo Osvaldo Barrera wrote: > On 2015-05-21 15:21, Daniel Kahn Gillmor wrote: >> The example you give toward the end of the spec (uri handlers in web >> browsers) is an important example for arguing why something like this is >> concretely us

Re: Lower Bound for Primes during GnuPG key generation

On Fri 2015-05-22 11:38:36 -0400, ved...@nym.hush.com wrote: > https://primes.utm.edu/howmany.html (The Prime Number Theorem, Consequence > Two: The nth prime is about n log n ) > > So, to give a trivial example, If the interval of primes chosen is from > 2^2047 to 2^2049, then this interval

Re: Lower Bound for Primes during GnuPG key generation

On Fri 2015-05-22 12:49:22 -0400, ved...@nym.hush.com wrote: > On 5/22/2015 at 12:03 PM, "Daniel Kahn Gillmor" > wrote: [ vedaal wrote: ] >>> does GnuPG automatically reject twin primes ( p, p+2) , and >>> Sophie-Germain primes (p, 2p+1) ? > >> Why sh

Re: Random Seed for Generating PGP Keys

On Tue 2015-05-26 23:08:56 -0400, NIIBE Yutaka wrote: > Lessen was: Wikipedia is(was) not friendly to DIY hardware/software > people to link there useful information. Wikipedia sees itself as not a place to publish original research, and they frown on self-linking to avoid . However, i think NeuG

Re: Trying to install version 2.1.4

On Sun 2015-05-24 06:58:21 -0400, Peter Lebbing wrote: > It might also be that the package maintainers (hi dkg!) might soon put 2.1.4 > into experimental themselves. So it really depends on how far you want to take > this "I need the latest and greatest". Sorry, i'm aware of this but terribly behi

Re: Trying to install version 2.1.4

On Wed 2015-05-27 22:40:44 -0400, Daniel Kahn Gillmor wrote: > On Sun 2015-05-24 06:58:21 -0400, Peter Lebbing wrote: >> It might also be that the package maintainers (hi dkg!) might soon put 2.1.4 >> into experimental themselves. So it really depends on how far you want to >

Re: Trying to install version 2.1.4

On Sat 2015-05-30 05:57:29 -0400, Peter Lebbing wrote: > On 28/05/15 04:40, Daniel Kahn Gillmor wrote: >> Sorry, i'm aware of this but terribly behind on a lot of other >> projects. > > I hope you didn't interpret my message as pressuring you to package the > la

man page refers to "conventional encryption" -- does this mean symmetric?

Hi GnuPG folks-- I just noticed that a couple places in doc/DETAILS and doc/gpg.texi refer to "conventional encryption". Does this mean "symmetric encryption" or something else? More concretely, i'm assuming it refers to "SKESK[0]-prefixed SEIPD[1] packets". Is this correct? In 2015, i'm not s

Re: s2k-cipher-mode default

On Tue 2015-06-02 12:41:40 -0400, Robert J. Hansen wrote: > Right now pretty much everyone is content with RSA-3072, which has an > estimated work factor comparable to AES-128. So if 128-bit crypto is > enough, I don't understand the motivation behind jumping to AES-256. > There needs to be someth

Re: s2k-cipher-mode default

On Tue 2015-06-02 14:26:39 -0400, Robert J. Hansen wrote: >> Even worse, there are standard attacks that find _at least one_ of >> the keys using just 2^78 easy computations, a feasible computation >> today. > > So there's a 10**-88 chance that one of my keys can be broken in 10**53 > computation

Re: s2k-cipher-mode default

On Tue 2015-06-02 17:51:50 -0400, ved...@nym.hush.com wrote: > The s2k default is also the default for symmetrically encrypted messages > (which is fine, as long as people know about it). I mentioned the possible interoperability concern in my first post on this thread. > If a person wants to sym

Re: s2k-cipher-mode default

On Tue 2015-06-02 18:15:21 -0400, NdK wrote: > IIRC, I read (some years ago...) that AES-256 could be *weaker* than > AES-128 because some mathematical structures express some properties > only with the longer keys. I don't have the paper handy ATM, but I > vaguely remember that shocking conclusio

Re: Problem compiling gnupg on Ubuntu 14-04

On Wed 2015-06-03 11:41:37 -0400, Sven Larsson wrote: > It's a problem which has come up before, but I can't find a search > engine for the archives, so I'll have to ask again. > > When making gnupg-2.0.28 I get the following error message: > > ../../g10/gpg2: error while loading shared libraries:

Re: Installing GnuPG 2.1.4 in Debian Experimental

On Sun 2015-06-07 19:04:33 -0400, Rex Kneisley wrote: > root@debian-rig:/home/rexk# apt-get install -t > experimental gnupg2 gnupg-agent dirmngr gpgsm > gpgv2 scdaemon > Reading package lists... Done >

Re: State-of-the-art way to setup a shared security@ email with hardware-backed keys?

Hi Simon-- Thanks for the interesting use case. On Tue 2015-06-09 09:21:08 -0400, Simon Josefsson wrote: > My current idea is to generate a secur...@example.com master PGP key and > keep that offline, and to generate one decryption sub-key, and load that > onto a couple of OpenPGP Card smartcards

Re: Installing GnuPG 2.1.4 in Debian Experimental

On Fri 2015-06-12 23:37:30 -0400, Rex Kneisley wrote: > I blatantly disregarded their warning: “if you are running Debian, it > is strongly suggested to use a package manager like aptitude > or synaptic > to

Re: Adding a subkey notation

On Mon 2015-06-29 11:33:35 -0400, Marko Božiković wrote: > I've looked for a way to add some sort of comments on subkeys - I'd like to > have multiple authentication subkeys and easily distinguish among them. i've done this myself by clearing all the usage flags and using --cert-notation. But se

Re: [Announce] Pinentry 0.9.5 released

On Wed 2015-07-01 19:27:23 -0400, Rex Kneisley wrote: > I have been experimenting with installing GnuPG from scratch and also by > using the Debian packages. is the purpose of these experiments to build skills with software compilation or other system management? > Now I want to install pinentr

Re: High resource usage when verifying a signature

Hi Johannes-- On Sat 2015-07-18 15:57:09 +0200, Johannes Zarl-Zierl wrote: > I've noticed that sometimes gpg2 will take around 1-2 minutes on my desktop > PC > attempting to verify an email signature. what version of gpg2 are you using? > At first, I thought that maybe the increasing prevalenc

Re: [openpgp] Unuploadable Keys

On Tue 2015-07-21 23:36:45 +0200, ved...@nym.hush.com wrote: > There could be a workaround, where the key is uploaded to the keyservers, > but functionally unusable except to individuals whom the key-creator wants to > use it: > > [1] Encrypt part of the public key symmetrically, the same way that

Re: Is there a way to comment a key locally?

On Wed 2015-07-29 07:05:50 -0400, MFPA wrote: > On Wednesday 29 July 2015 at 3:53:47 AM, in , > fmv1...@gmail.com wrote: > >> Is there a way to comment a key locally? > > I think the closest currently available is a non-exportable signature > with brief comment in a signature notation. That's exa

Re: Is there a way to comment a key locally?

On Wed 2015-07-29 19:06:26 -0400, MFPA wrote: > On Wednesday 29 July 2015 at 5:34:52 PM, in > , Daniel Kahn Gillmor wrote: > >> note that this has the side effect of marking every lsigned key+user >> id as valid (since i'm certifying it with my own key). > > Wou

Re: Proposal of OpenPGP Email Validation

Hi all--- On Mon 2015-07-27 01:55:03 -0400, n...@enigmail.net wrote: > In the past months I tried to come up with a concrete proposal. > I discussed it already with some people and > this is what I/we propose so far. Sorry to take a while to respond to this thread. I think a proposal for an e-ma

Re: no valid user IDs after changing key expiration time

On Wed 2015-07-22 13:05:04 -0400, flapflap wrote: > Ludwig Hügelschäfer: >> On 22.07.15 16:36, flapflap wrote: >> >>> Should I be worried by the warning or is this normal behaviour? >> >> You should set ultimate ownertrust on your own key after >> (re-)importing. Then it will become valid again.

Re: Temporary lock files?

On Tue 2015-09-08 12:26:11 -0400, Werner Koch wrote: > On Wed, 12 Aug 2015 19:57, as...@mythicflow.com said: > >> My ~/.gnupg directory is getting filled with files named like >> ".#lk0x7feb6a637540..26914". >> >> Shouldn't these get deleted automagically? > > It used to be common prectise to have

Re: plaintext non-ssl distribution - who things this is a good idea?

On Thu 2015-09-10 18:05:35 -0400, Robert J. Hansen wrote: >> Who else thinks someone should spring for the $10 it would take to >> buy and install an SSL certificate for the principal distribution >> point of gpg and it's signatures on the worlds most popular >> platform? > > There are many better

Re: uploading subkeys

On Mon 2015-09-14 04:07:20 -0400, Marko Bauhardt wrote: > [ Werner wrote: ] >> You may use this notation to force the use of this subkey. However, >> an OpenPGP key(block) always consists of a primary key and optional >> ant number of subkeys. > > Ok. > >> The transfer format does only allow sendi

Re: [HowTo] use gpg2.1 with an onion service

On Fri 2015-09-11 09:25:09 -0400, Malte wrote: > With the upgrade to GnuPG 2.1 my GPG+Tor setup broke. This was due to the > fact > that GnuPG now relies on dirmngr to handle all its networking. Which is good, > because it separates different parts of functionality, but it also cost me > some

Re: unlock keychain with pam authentication

On Tue 2015-09-22 11:13:38 -0400, SGT. Garcia wrote: > been looking for a solution to get gpg dance nicely with pam in the sense that > once a user authenticated in keychain is unlocked. that is to have one central > authentication that lasts for the duration of the user's session. You might be in

Re: unlock keychain with pam authentication

On Sun 2015-09-27 20:14:20 -0400, SGT. Garcia wrote: > i use pass to manage my passwords: > http://www.passwordstore.org/ > > all passwords are encrypted with one single passphrase which is what i would > like to have in *sync* with pam's OK on user's successful authentication. This suggests that

An update on poldi? [was: Re: unlock keychain with pam authentication]

On Sun 2015-09-27 22:04:40 -0400, SGT. Garcia wrote: > On Thu, Sep 24, 2015 at 11:09:28PM -0400, Daniel Kahn Gillmor wrote: >> You might be interested in libpam-poldi: >> >> http://www.g10code.com/p-poldi.html > > i get 'not found' error. google finds me t

Re: unlock keychain with pam authentication

On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote: > i think neither is what i'm asking. the following particular use case should > explain it better. > > on my user's first login into this machine i run 'notmuch new' this calls > mbsync > to sync my email with gmail but in order for mbsync to d

Re: unlock keychain with pam authentication

On Mon 2015-09-28 16:00:38 -0400, SGT. Garcia wrote: > i really want it as the only authentication required that is open password > from > user logs him in and decrypts the passwords. > >> > that would be my email account not my local user account, correct? >> >> The attack i described is an atta

Re: unlock keychain with pam authentication

On Tue 2015-09-29 08:53:32 -0400, Andrew Gallagher wrote: > On 28/09/15 23:16, SGT. Garcia wrote: >> On Mon, Sep 28, 2015 at 04:10:10PM -0400, Daniel Kahn Gillmor wrote: >>> >>> Do you ever import keys that other people >>> send you? or keys you find on

Re: GnuPG User ID expiry

Hi Jens-- On Fri 2015-09-25 00:49:48 -0700, Jens Lechtenboerger wrote: > I tried to generate test keys with expired user IDs (under faked > system time), but I failed, with gpg 1.4 as well as 2.1.8. I tried > to use the options default-sig-expire and default-cert-expire as > well as ask-sig-expi

Re: AW: Seperate Session Key and Encrypted Data

On Thu 2015-10-01 07:52:51 -0700, Christian Loehle wrote: > That's what I would do if I had no other choice. The real downside is > that it doesn't follow a standard(like openpgp) and I will have to write > more code on the client side, compared to a standard openpgp solution. > It just seems like

Re: AW: Seperate Session Key and Encrypted Data

On Fri 2015-10-02 02:39:07 -0400, Werner Koch wrote: > On Thu, 1 Oct 2015 19:29, d...@fifthhorseman.net said: > >> So the only functionality GnuPG is missing to assemble the workflow >> you're describing would be a new GnuPG command named something like >> --generate-pkesk-with-session-key. If th

Re: AW: Seperate Session Key and Encrypted Data

On Fri 2015-10-02 04:10:16 -0400, Christian Loehle wrote: > Thanks for your reply(and all the others of course). Personally I'm > going to use non-pgp AES probably, although I'm not quite content with > that. AES is a cipher for a single block. For files larger than the block size, you'll need t

Re: "invalid option: --agent-program"

On Sat 2015-10-31 00:54:07 +0900, Andrew Gallagher wrote: > I'm using gnupg-agent 2.0.26-6 (jessie) and in the manual page for > gpg-connect-agent it says: > > --agent-program file > Specify the agent program to be started if none is running. > > But when I try it: > > $ gpg

Re: gpg-agent prompt slow to show up

On Fri 2015-11-27 03:43:09 -0500, Charlie Brown wrote: > I'm new to gpg, and I'm trying the agent. > > I noticed that when gpg needs to prompt me for pass phrase, the prompt > shows up about 15 seconds after I issue the command (e.g. gpg > --decrypt or git commit -S). The problem exists with both g

Re: GPA - unsupported certificate

On Mon 2015-12-07 01:24:55 +0100, "da...@gbenet.com" wrote: > The first thing to say is - when installing any Linux distro you need to > ensure that the > distro has installed every software update every security fix first. This is > important when > installing GPA Kleopatra and KGPG. > > Every

Re: Cannot revoke a certificate

On Wed 2015-12-02 18:18:46 -0500, David wrote: > I am trying to revoke a very old certificate that may be compromised. I > generated a revocation certificate using the following gpg command with > no errors. I did get a warning about MD5 being deprecated. > > C:\Users\David> gpg --output kill7827

Re: Different SHA1 Checksum using Microsoft file checksum integrity verifier

Hi Wyatt-- On Sat 2016-01-23 05:58:49 -0500, W Wong wrote: > I downloaded the Gpg4win 2.3.0 (Released: 2015-11-25) > from https://www.gpg4win.org/download.html > > I did a checksum using Microsoft file checksum integrity verifier as > follows: on any modern version of windows, you should be able

Re: SHA-1 vs. SHA-256 checksums (was: Different SHA1 Checksum using Microsoft file checksum integrity verifier)

On Sun 2016-01-24 13:55:38 -0500, Werner Koch wrote: > If you talk to people on how they verify SSH fingerprints (that is even > MD5 for most installations) SSH key fingerprints are a different thing than software distribution checksums because the material digested in ssh originates entirely from

Re: Master Key Best Practice with SmartCard

On Mon 2016-01-25 05:08:31 -0500, Antoine Michard wrote: > So I thinking what is the best to do next: > - Delete my useless first subkey encryption from my keyring and send > update to key server. If you don't want people to encrypt messages to your D693C37C subkey, you should revoke that subkey (

Re: AW: Key generation with GPGME and GnuPG hangs at gpgme_op_genkey

On Tue 2016-01-26 06:02:09 -0500, Sandra Schreiner wrote: [ Robert J. Hansen wrote: ] >> Are you getting periodic messages about "Not enough random bytes >> available. Please do some other work to give the OS a chance to >> collect more entropy! (Need 167 more bytes)" or something like that? > >

Re: A problem in the web of trust model or a gnupg bug?

On Fri 2016-02-19 08:26:12 -0500, Peter Lebbing wrote: > I can't reproduce this. A revocation correctly invalidates any > certifications *both* before or after the moment of revocation. After > all, the time can be faked.[1] > > I tested with no "revocation reason" specified, by the way. But I don'

Re: FAQ maintenance

On Thu 2016-02-25 09:50:57 -0500, Kristian Fiskerstrand wrote: > Well, it depends. Sure, should always use full fingerprint for > certificate validation etc, no question asked. But the internal keyid > and the packet structure use 64 bit keyid as identifier I consider it a bug that GnuPG uses th

Re: Specify UID for --sign-key

Hi Muri-- On Thu 2016-02-25 18:59:53 +0100, Muri Nicanor wrote: > is it possible to specifiy the uid for --sign-key (so i don't have to go > through the gpg --edit dialog)? i tried using > =Name > or just > > as described on [0], but i always get asked if i want to sign all the > uids and then

Re: What are key helpers?

On Thu 2016-02-25 09:21:45 +0100, Josef Carnap wrote: > In the option desription of --exec-path and in some descriptions of > other options as well I can read of "Key helpers". > What kind of program is a key helpers? Are key helpers part of the GnuPG > suite oder are they external programs? the

Re: Remove photos from OpenPGP key in the keyservers

On Tue 2016-03-08 06:54:55 -0500, Marco A.G.Pinto wrote: > I have made the mistake of adding the same photo with different file > sizes using Enigmail and export it to the servers. > > I have already deleted two of the three photos using the CLI, but the > key in the server still has three photos

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Thu 2016-03-17 15:34:08 -0400, Fabian Santiago wrote: >> >> What is your threat model? FWIW, pre-image attacks on SHA-1 are not >> even on the horizon. >> > > Pre-image attack? https://en.wikipedia.org/wiki/Preimage_attack FWIW, the threat model of digest algorithms being published on an HT

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Fri 2016-03-18 03:21:30 -0400, Werner Koch wrote: > Most people are actually not able to check even the SHA-1 checksums > because they are missing a tool to do so (e.g. Windows) and have not the > knowledge to install or compile and audit a shaXsum tool. On any modern Windows installation (sinc

Re: EasyGnuPG

On Tue 2016-03-22 15:11:23 -0400, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch wrote: > >> FWIW: We even consider to extend gpgme-tool to be a Native Messaging >> Server for Browsers. > > In this case, "gpgme-tool" should be packaged on its own, not inside the > package "*l

Re: EasyGnuPG

On Wed 2016-03-23 13:42:11 -0400, Peter Lebbing wrote: > Yes, an on-disk authentication subkey seems really uncommon to me. I would > completely omit an A subkey. the monkeysphere project encourages the creation of on-disk authentication subkeys. While that may be uncommon, i don't think it's "re

Re: problem with make in gpg2

On Mon 2016-05-23 08:34:50 -0400, Acharya, Rohit (Contractor) wrote: > I am getting this error when running the command make. I would appreciate any > help I could get. > > > ../../g10/gpg2 --homedir . --quiet --yes --no-permission-warning --import > ./pubdemo.asc > ld.so.1: gpg2: fatal: relocat

Re: GnuPG - Encryption process issues.

On Tue 2016-05-24 16:09:21 -0400, Carlos Alberto Moreno Torres wrote: > In recent days, Human Resources Department had some issues while using the > Encryption Program GnuPG in payroll activities, this issue caused a delay > since files where encrypted but information was in blank (like if > encry

Re: no passphrase request

On Sun 2016-05-29 14:29:02 -0400, Bob Holtzman wrote: > Running Debian Jessie with mutt 1.5.23 and gnupg 1.4.18-7 (yeah, I know > it's old, but then so am I) > > Trying to send an test message to myself using mutts' compiled-in gpg > support. After selecting an action from the menu, (sign encrypt,

Re: Fw: GnuPG - Encryption process issues.

Hi Carlos-- Please reply in the original thread, to make it easier for people to follow the discussion. I've added some References: headers back in here so some mailers might merge the threads, but this won't work for everyone. Also, when sharing terminal transcripts, sending mail without unnece

Re: secret key not available

On Wed 2016-06-01 11:44:16 -0400, DODDI ANTHONY BALARAJU cs15d008 wrote: > > I'm new to this GPG usage. I dont need any internals. I am running a shell > script in which following line causes error : > > gpg --yes

Re: How to install GnuPG-2.1.12 in Ubuntu?

On Tue 2016-06-07 06:03:55 -0400, Dashamir Hoxha wrote: > Does anybody know how to temporarily install GnuPG-2.1.12 in Ubuntu or > Debian, for testing? In debian testing or unstable, you should use the gnupg package from the experimental repository. regards, --dkg signature.asc Descri

Re: How to convert (ancient) key in "version 2" to more modern "version 4" format?

Hi Bjoern-- On Sat 2016-05-28 18:04:13 -0400, Bjoern Kahl wrote: > Because I have *tons* of mails (and other archived data files) that > have been signed and / or encrypted with such keys and I (I have to > use such a strong word here) *insist* on being able to continue to > read these mails a

Re: gpg-agent and ~/.ssh/config IdentityFile

You're right, this really is a better question for OpenSSH users. On Mon 2016-07-04 09:15:07 -0400, Muri Nicanor wrote: > at the beginning of my ~/.ssh/config. when authenticating to a host i > only want to use the one identity/key i've created for that host instead > of sending all of them to the

Re: Pinentry UI bug

Hi Titus-- On Tue 2016-07-05 17:57:48 -0400, Titus von der Malsburg wrote: > I encrypted a file using symmetric encryption (gpg2 -c file.txt). Then > I tried to decrypt it (in Emacs) which opened a pinentry window. I > accidentally clicked on the check mark labeled “save in password > manager” a

Re: gpg-preset-passphrase not working with 2.1

Hi David-- On Tue 2016-07-12 16:46:53 +0200, David Matthews wrote: > I can't get gpg-preset-passphrase to work with GnuPG 2.1.7. there have been significant changes to GnuPG between 2.1.7 and 2.1.13. can you try upgrading to 2.1.13? --dkg ___ Gnu

Re: Which GPG version?

On Mon 2016-08-01 15:12:21 -0400, Peter Lebbing wrote: > On 01/08/16 19:53, Johan Wevers wrote: >> It does not. If you want to be able to read pgp 2.x encoded archives you'd >> better go for 1.4. > > Incidentally, for this use case I'd personally recommend to use 2.1 for > everything except accessi

  1   2   3   4   5   6   7   8   9   10   >