On Tue 2016-08-02 06:14:24 -0400, Werner Koch wrote:
> On Mon, 25 Jul 2016 16:44, fgun...@fastmail.fm said:
>
>> - page url is https://www.gnupg.org/download/cvs_access.html , while
>> it's certainly not "cvs" now. Or was "vcs" meant?
>
> It is CVS because in 1997 we not even had Subversion. Ch
On Wed 2016-08-03 02:25:11 -0400, Chew Meek wrote:
> The firefox browser didn't ask where to download the certificate, it just
> put it somewhere! Seems to me a bit difficult task to find it on my
> computer.
Try clicking the ↓ icon (downward-pointing arrow) to the left of the
firefox address bar
On Wed 2016-08-03 20:37:00 -0400, taltman wrote:
> 1. Create a new GPG keyring specific for my identity with my employer
> 2. Cross-sign my existing personal GPG key with the employer-specific
> GPG key
> 3. Do proper key hygiene things (backups, revocation certs, etc.) on
> employer-specific key
On Wed 2016-07-27 09:46:19 -0400, John Buehrer wrote:
> $ printf "5\n" | gpg2 --batch --edit-key 67A92459607354C7 trust quit
> ...
> Please decide how far you trust this user to correctly verify other
> users' keys
> (by looking at passports, checking fingerprints from different s
On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote:
> We are pleased to announce the availability of a new stable SKS
> release: Version 1.1.6.
great, thanks!
> Note when upgrading from earlier versions of SKS
>
> The default values for pagesize settings changed
Thanks for the clarifications, Kristian!
followup below about bitbucket:
On Mon 2016-08-08 10:16:38 -0400, Kristian Fiskerstrand wrote:
>> https://bitbucket.org/skskeyserver/sks-keyserver/downloads
>>
>> has some very strange text in it:
>>
>>
>> sks-1.1.6.tgz
>>
On Mon 2016-08-08 15:18:40 -0400, Dominik George wrote:
> I was thinking about moving from rsa4096 to ed25519.
>
> I really do not want to lose all the signatures on my key.
>
> What I could do is add the ed25519 signature and encryption keys to my
> existing rsa key as subkeys, but I guess this w
On Mon 2016-08-08 18:29:02 -0400, Cannon wrote:
> This is a hypothetical scenario.
> Lets say if I have a keypair.
> The master key is set to SC (signing and certification) which are the
> default settings. The master key pair is only used on airgap with safe
> data transfer between airgap and netw
On Mon 2016-09-05 06:43:30 -0400, A.L.E.C wrote:
> A few users have (different) problems with importing secret keys
> generated by OpenPGP.js. For me it works. Could anyone explain why gpg
> exits with code 2 and what exactly these errors mean?
>
> (gnupg 2.0.28 in this case)
> ERROR: gpg: key FF0A
Hi Antony--
On Thu 2016-09-08 00:44:34 +0200, Antony Prince wrote:
> I know this has got to be something simple. When invoking gpg2 normally
> to decrypt, I get:
>
> gpg: encrypted with 4096-bit RSA key, ID 0E98CD22ADB13E99, created 2015-05-06
> "Antony Prince "
> gpg: public key decryption
On Sun 2016-09-11 23:50:15 +0200, Ingo Klöcker wrote:
> On Sunday 11 September 2016 21:17:31 Moritz Klammler wrote:
>> Today, I've posted a signed message (OpenPGP MIME) to a public
>> mailing list I'm subscribed to. When it was delivered back to me,
>> the signature was broken. I investigated th
On Mon 2016-09-12 06:04:19 +0200, Le Roy Francis wrote:
> Hi, I was wondering if by any chances, there is, in addition to the
> Javascript port of gpgme (OpenPGP.js), a Node.js module to interact
> with smart card?
You might consider writing a patch or extension to OpenPGP.js that knows
how to tal
Thanks for the very thorough walk-through, Robert.
Perhaps GnuPG ought to produce some kind of interchangeable backup
automatically on its own that it can re-consume, so this kind of
involved process isn't necessary.
A couple notes below:
On Wed 2016-09-14 15:01:47 -0400, Robert J. Hansen wrote:
On Thu 2016-09-15 15:32:32 -0400, MFPA wrote:
> And if they are accidentally sent to a keyserver, does the keyserver
> strip them because they are marked as non-exportable?
It should but the current sks keyservers do not do this right, and an
attempt to fix this has been stalled for years:
http
On Sun 2016-10-02 13:48:01 -0400, Michael A. Yetto wrote:
> I thought what might be meant is what I have always referred to as a
> slam lock. That is, a locking mechanism that stays locked after opening
> from the inside and locks itself after closing from the outside.
as a native en_US-speaker, I
On Tue 2016-10-04 08:03:06 -0400, Andre Heinecke wrote:
> Using GnuPG 2.1.15 I'm trying to SSH into a remote machine with OpenSSH 6.7
> as
> described under:
>
> https://wiki.gnupg.org/AgentForwarding
>
> The problem is that the remote system uses systemd so /var/run/user/
> exits and GnuPG wil
Hi Andre--
On Tue 2016-10-04 14:49:00 -0400, Andre Heinecke wrote:
> On Tuesday 04 October 2016 11:26:59 Daniel Kahn Gillmor wrote:
>> > But if I am not logged in or there is no gnupg process running. systemd
>> > autodeletes /var/run/user//gnupg this causes the remot
On Wed 2016-10-05 03:42:21 -0400, Werner Koch wrote:
> On Tue, 4 Oct 2016 20:49, aheine...@intevation.de said:
>
>> My current workaround is to connect first and start dirmngr on the remote
>> machine (to get the socketdir created and used). And then connect with ssh
>> socket forwarding. This i
On Tue 2016-10-11 09:35:37 -0400, Peter Lebbing wrote:
> On 11/10/16 13:46, John Lane wrote:
>> I have Monkeysphere on my radar but I haven't got around to trying
>> it out. I had hoped for a gpg solution without resorting to third
>> party...
>
> I think I vaguely remember Monkeysphere supporting
On Tue 2016-10-11 19:29:48 -0400, Nicholas Strauss wrote:
>
> Trying to install thunderbird with gpg2 on ubuntu.
>
> got this working with
>
> /usr/local/bin/pinentry --> /usr/bin/pinentry
>
> and
>
> /usr/bin/pinentry --> /etc/alternatives/pinentry.
>
> Look good?
It's not clear what this means.
On Wed 2016-10-12 11:52:19 -0400, John Lane wrote:
> This is just an observation. I thought that perhaps, if I had an
> extracted private key, that I could use "ssh-add" to add it and remove
> the need to manually edit "sshcontrol". I tried:
>
> $ ssh-add alice.key
> Identity added: alice.key (alic
On Wed 2016-10-12 21:27:38 -0400, Nicholas Strauss wrote:
> Hi dkg,
>
> $ md5sum pinentry-gnome3
> cf267ac78545eb9c3744b962082d4110 pinentry-gnome3
> Look good?
sorry, i'm confused, and i don't have the context for this, or why
you're asking me in particular on the gnupg-users mailing list. Can
On Fri 2016-10-14 19:16:45 -0400, Andrew Gallagher wrote:
> my understanding is that a copy of some public key information (such
> as expiry dates) is kept in the corresponding secret key store, and
> this will be updated when the public key is edited.
This is exactly correct. see:
https://tools
On Mon 2016-10-17 06:31:16 -0400, Martin T wrote:
> I am aware that one can update all the keys in local-keyring from a
> keyserver using "gpg --refresh-keys". Are there any disadvantages to
> simply put this command into user crontab and execute for example once
> a day?
The only disadvantages a
On Sat 2016-10-15 11:34:14 -0400, John Lane wrote:
>>
>> Then, the command "updatestartuptty" can fix the situation.
>>
>
> I tried this and it worked, in a su/sudo I had to do this:
>
> $ script -q -c '(gpg-connect-agent updatestartuptty /bye; ssh-add
> alice.subkey)'
so the use of script h
Hi Kevin--
On Wed 2016-10-19 12:45:42 -0400, Kevin Gallagher wrote:
> I've been seeing this error lately both with one of my local GPG
> keyrings, and with apt.
>
> gpg: [don't know]: invalid packet (ctb=2d)
> gpg: keydb_get_keyblock failed: Value not found
> gpg: [don't know]: invalid
On Wed 2016-10-19 12:16:23 -0400, g...@noffin.com wrote:
> When I run the command:
>
> gpg --list-secret-keys
>
> /home/repo-owner/.gnupg/secring.gpg
> ---
> sec 2048R/X 2014-10-30 [expires: 2016-10-29]
>
[...]
> gpg --edit-key X
> gpg (GnuPG) 1.
On Tue 2016-10-25 19:18:40 -0400, Bonthu, Janardhan wrote:
> .Net WCF service development issues with GPG.
>
> I am using GPG for Encryption and Decryption of the message, however,
> I could not decrypt the message in WCF service hosted in IIS. But I
> can decrypt using the same code in console ap
Hi Martin--
On Wed 2016-10-26 16:21:48 -0400, Martin T wrote:
> let's say that Alice from company A and Bob from company B need to
> exchange some private data with each other. Alice and Bob need to
> encrypt data just that one time, they do not belong to web-of-trust,
> but both company A and co
Hi all--
I just noticed (from interactions on IRC) that the web-based manual page
for GnuPG isn't clear about which version of GnuPG it documents:
https://www.gnupg.org/documentation/manpage.html
I believe it's either from the "classic" or "stable" branch, but it
doesn't say so explicitly.
On Fri 2016-10-28 15:09:55 -0400, Werner Koch wrote:
> On Fri, 28 Oct 2016 18:40, d...@fifthhorseman.net said:
>
>> How is the web-based manpage maintained? Can we update it to contain
>> relevant information like the above option deprecation?
>
> Not really maintained. Can you please open an iss
On Fri 2016-11-04 20:58:10 -0400, Wols Lists wrote:
> Basically, I'm very frustrated that gpg is losing random emails of mine.
> The problem is I am NOT using it by default, but every now and then it
> will "grab" a message I send. I then can only access it by typing in my
> pass-phrase. (And, iir
On Wed 2016-11-09 05:14:30 -0600, Peter Lebbing wrote:
> On 08/11/16 20:24, Tim Chase wrote:
>> When using a GUI program like Claws Mail, I'd
>> like to use the graphical pinentry, but I'd prefer to default to the
>> terminal pinentry for everything else.
>
> One step in the right direction is unse
On Sun 2016-11-13 21:20:49 +0900, gnupg.theg...@spamgourmet.com wrote:
> So now I have a gnupg where I can't change my password, allthough I
> /changed/ it, it just doesn't work and where I can't disable
> pinentry...
What platform are you using? What version of GnuPG? do you have
multiple versi
On Mon 2016-11-14 13:42:00 -0500, gnupg.theg...@spamgourmet.com wrote:
>> What platform are you using? What version of GnuPG? do you have
>> multiple versions of gpg installed ? (e.g. "gpg" and "gpg2")?
>
> My machine is a debian/jessie linux.
>
> % dpkg -l \*gpg\* | egrep '^ii'
> ii gpgsm
On Thu 2016-11-17 13:45:25 -0500, Arthur Ulfeldt wrote:
> PS: the bug is that gpg will only use the newest signing key, rather than
> the newest signing key that is available now.
I believe this bug is tracked upstream at
https://bugs.gnupg.org/gnupg/issue1983 -- it would be great if someone
want
On Thu 2016-11-17 16:28:28 -0500, Robert J. Hansen wrote:
>> What is the best way to use my keys and settings I've already configured
> on
>> my old OS? Do I back things up, or make a copy from the config. file?
>
> Good question: there really isn't a good, standardized way to do this.
> There are
On Tue 2016-11-22 11:20:26 -0500, Carola Grunwald wrote:
> They don't have direct access to any key. Nevertheless by using someone
> else's cached passphrase with 2.1 and its all-embracing keyring they may
> succeed in decoding data not meant for them.
fwiw, the same concerns hold for a shared gpg
On Wed 2016-11-23 03:46:57 -0500, Carola Grunwald wrote:
> With GnuPG 1.4 I had no agent. And, in case it is, I've no idea why with
> 2.x such a passphrase cache with all its risks has to be mandatory.
in 2.0, the agent is a passphrase cache. in 2.1, the agent is a proper
cryptographic agent, whi
On Thu 2016-12-01 21:12:50 -0500, Bertram Scharpf wrote:
> I want to make evidence that I created a document _before_ a certain
> point of time.
One approach i've seen recommended is to create a
cryptographically-strong digest of the signed document in question and
then post it to a public, append
On Sat 2016-12-10 11:30:53 +0100, Ondřej Střeštík wrote:
> Today i appeard i can not import new public keys every time when i try gpg
> --import i will
>
> gpg: error writing keyring '/home/user/.gnupg/pubring.kbx': Unexpected
> error
> gpg: key 4D3DE5CC4DAC4561: public key "[User ID not found]" i
On Sat 2016-12-10 11:30:53 +0100, Ondřej Střeštík wrote:
> Today i appeard i can not import new public keys every time when i try gpg
> --import i will
>
> gpg: error writing keyring '/home/user/.gnupg/pubring.kbx': Unexpected
> error
> gpg: key 4D3DE5CC4DAC4561: public key "[User ID not found]" i
On Sat 2016-12-31 14:59:48 -0500, Robert J. Hansen wrote:
>> I'm now at the point where I need to restore files
>> from a zip archive, and part of that means ensuring I have the correct
>> POSIX permissions on each file.
>
> I'm going with 0x0644 (-rw-r--r--) on the .conf files, 0x0755
> (-rwxr-xr-
On Mon 2017-01-02 13:27:35 -0500, Lou Wynn wrote:
> I tried to export an encryption subkey only with GPG2, but importing the
> subkey also lists the primary key. The man page of
> --export-secret-subkeys reads:
>
>The second form of the command has the special property to render the
>secret
On Wed 2017-01-04 16:29:50 -0500, Lou Wynn wrote:
> What is going on here? Does GPG2 use some special way to mark the usage
> of a subkey? How can I make it interchangeable with other programs?
the "public key algorithm" is "RSA (Encrypt or Sign)". The usage info is
stored in the "key flags" subp
On Thu 2017-01-12 06:14:06 -0500, Ali Hassan Hamed Al Ajmi (eChannels) wrote:
> Hi,
>
> We are using GPG4win as files encryption tool which utilize "GnuPG"
> crypto engine. One of our requirements is to have certificate signed
> by our internal CA. since we have Microsoft CA, we need to create
> ce
On Tue 2017-01-31 08:13:52 -0500, Marko Bauhardt wrote:
> what is the effect when delete a UID via `revuid` from a given key.
revuid does not delete a User ID, it revokes a user ID. On a typical
OpenPGP certificate, a revoked User ID is still present, but it is
marked clearly and verifiably as h
On Tue 2017-01-31 07:05:45 -0500, Ali Hassan Hamed Al Ajmi (eChannels) wrote:
> Thanks for your response,
>
> I have successfully created the CSR and send it to internal CA
> (Microsoft CA) team. They sent me the certificate. I have used
> Kleopatra UI to import the created certificate after save
On Fri 2017-02-03 18:28:03 -0500, MyCraigs List wrote:
> Also, let's say the key associated with the email address (not a paper
> backup) gets corrupted or I delete it or render the key unuseable- can
> the paper backup of the key be used to type the key back in?
Sure, but it would likely be a pai
On Sat 2017-02-04 01:33:56 -0500, sivmu wrote:
> When using --revc-key or the gpa frontend, I noticed that the
> target public keys are still downloded using unencrypted http. While the
> trnasmitted information is generally public, it doesmake things pretty
> easy for an adversary to collect meta
On Sat 2017-02-04 15:14:50 -0500, sivmu wrote:
> I suppose this config did not change after upgrading from 2.1.17.
> Just tested it on 2.1.18 using arch and it still uses http on my setup.
it's not a config change -- it's a defaults change.
in the old arrangement, if you didn't specify a keyserve
On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
> Step two: Encrypt using gpg --throw-keyids.
>
> This is easy on the sender's end, but whether this feature can be
> used as a matter of course depends on how it impacts the
> experience of the recipient.
Agreed that the recipient's
On Mon 2017-02-13 11:54:04 -0500, Lukas Pitschl | GPGTools wrote:
>> Am 13.02.2017 um 17:34 schrieb Daniel Kahn Gillmor :
>>
>> On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
>>> Step two: Encrypt using gpg --throw-keyids.
>>>
>>>
On Mon 2017-02-13 18:35:17 -0500, Bjarni Runar Einarsson wrote:
> Sounds like a nice optimization... but option bloat is a thing too.
for an API, there's nothing wrong with explicitly specifying the thing
that people should *want* to be doing as a separate interface.
GnuPG has some level of diffi
On Tue 2017-02-14 05:28:07 -0500, Justus Winter wrote:
> I don't. I strongly believe that adding command line switches should be
> the absolute last resort.
I'm open to other suggestions about how to achieve this behavior.
GnuPG's general stance appears to be that the only way to interact with
t
On Tue 2017-02-14 15:08:25 -0500, Werner Koch wrote:
> I don't think that --throw-keyid is a useful thing for use of gpg
> in mails - it does not really help in this use case because that meta
> data is easier available by other means.
I absolutely agree with this assessment, and i also agree with
Hi all--
sorry for the late followup on this thread:
On Mon 2017-01-16 14:16:28 -0500, Werner Koch wrote:
> On Sun, 15 Jan 2017 00:39, gn...@jelmail.com said:
>> Just experimenting in a sandbox homedir, I noticed that the homedir path
>> needs to be below a certain size.
>
> That is because on mo
On Wed 2017-02-15 12:12:23 -0500, Daniel Kahn Gillmor wrote:
> Why does this need to be created manually? Why not try to create it if
> possible the first time there's a chance to use it, no matter what?
[…]
> What does GnuPG gain from having a known failure mode that requires
On Wed 2017-02-15 11:54:51 -0500, Teemu Likonen wrote:
> That makes things very simple, in a way. I use "trust-model direct" and
> do some checking in web pages or check consistent use of signatures. If
> the key seems ok I'll "--edit-key", type "trust" and assign marginal or
> full trust for that
On Wed 2017-02-15 07:48:57 -0500, ankostis wrote (about "MyMail-crypt
for Gmail"):
> I'm wondering whether this open-source Chrome-extension for GPG on GMail[1]
> is to be trusted; I mean, not to call home with my secret-key and passphrase.
I've never heard of it. Mailvelope is what i've heard pe
On Thu 2017-02-16 04:12:36 -0500, Justus Winter wrote:
> That is still wrong. The length of the path of the socket is not
> limited in any way, the length of the path passed to connect is.
this is a clever approach to *connect* to such a socket, on some
systems.
But if you ever use getsockname (
On Thu 2017-02-16 11:51:07 -0500, Werner Koch wrote:
> So that the /var/run/user/ directory is not cluttered with many
> directories. Setting a different GNUPGHOME is an exception and thus it
> is fine to require an explicit creation. Remember that not /var/run
> does not need to be a temporary d
On Fri 2017-02-17 08:59:52 -0500, Ralph Corderoy wrote:
> There's a few relevant patches by Daniel Kahn Gillmor, e.g. cancelling
> the socket check if inotify(7) can be used.
> https://lists.gnupg.org/pipermail/gnupg-devel/2016-November/032012.html
We're shipping these patche
On Fri 2017-02-17 04:42:14 -0500, Justus Winter wrote:
> Well, I tested it on all systems I had access to at that time. I could
> have written a small test program, and asked people to run it on systems
> we don't have access to. But we never got to that point :(
That would be a way to advance t
On Tue 2017-02-21 16:27:55 -0500, Will Dixon (Clemsonopoly94) wrote:
> So I am having an issue signing documents with gpg2.1. Every time I try and
> sign something, I get:
>
> λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg
> gpg: using "0xEC933DA229123788" as default secret key for s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Gerd--
On Tue 2017-02-21 09:34:17 -0500, Gerd v. Egidy wrote:
> I'd like to announce a program I wrote to backup GnuPG and SSH keys as
> qrcodes on paper:
>
> paperbackup.py
> https://github.com/intra2net/paperbackup
>
> This is designed as fal
On Wed 2017-02-22 08:12:31 -0500, Peter Lebbing wrote:
> I just found out that the following two commands are equivalent:
>
>> $ gpg2 -o full.gpg --export-secret-keys ac46efe6de500b3e
>> $ gpg2 -o minimal.gpg --export-options export-minimal --export-secret-keys
>> ac46efe6de500b3e
I just confirme
On Thu 2017-02-23 03:54:12 -0500, Thomas Jarosch wrote:
> In the interest of humanity and the cause of science, I've just tried again
> with a throwaway key :) This time it worked just fine. The "only" thing
> that's
> changed is that I've upgraded from Fedora 22 to Fedora 25 since I last tried.
[ not on-topic for this thread, hence the subject change ]
On Thu 2017-02-23 05:00:54 -0500, Gerd v. Egidy wrote:
>> The certificate (aka public key) includes all signatures, all the data
>> on the keyserver. It's data you don't really need to back up since it is
>> public, and it can be huge. My
On Sat 2017-02-25 09:09:20 -0500, MFPA wrote:
> On Friday 24 February 2017 at 3:15:23 PM, in
> , ved...@nym.hush.com wrote:-
>
>> Even for v3 keys, which were not SHA1 hashed, the only way to
>> generate a new key with the same fingerprint, would be to allow the
>> key size to vary (usually to a b
On Fri 2017-02-24 12:37:34 -0500, Phil Pennock wrote:
> There are various claims going around about how GnuPG should be
> disabling SHA1 now;
[ ... ]
To be fair, we should have been *deprecating* SHA1 many years ago (since
Wang et al in 2005). we're late. if we'd been deprecating it for years
On Sat 2017-02-25 07:23:39 -0500, Michal Novotny wrote:
> I have got a trustdb that gives the following output on --check-trustdb:
>
> gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found
> gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found
> gpg: marginals
On Thu 2017-03-09 13:44:19 -0500, Long Si wrote:
> Before migrating to a new system, I exported my GPG secret keys and
> then imported them.
what version of gpg did you have on the old system? what version on the
new system?
the steps you took sound reasonable to me, as long as the new system h
On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote:
> On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said:
>
>> So long as you understand GnuPG will not make any changes that break RFC
>> conformance... and dropping SHA1/3DES breaks RFC conformance.
>
> Well, it is possible to use
>
> --weak-di
On Mon 2017-03-20 06:57:18 -0400, Pankaj Kumar. Chaurasia wrote:
> Does anyone know how to import a public key for a server account.
>
> I tried below one, but it is not working:
>
> Gpg2 -import -u NT\MSSQLAgent e:\MyPub.gpg
Usually --import needs two leading hyphens, not one.
it's not clear to
On Fri 2017-03-17 17:39:38 -0400, si...@web.de wrote:
> When gpg -recv-key ID is used with the line
> hkps://hkps.pool.sks-keyservers.net enabled in dirmngr.conf, it failes
> with an error message saying dirmngr not found.
What version of gpg? what version of dirmngr?
can you please paste the ex
On 08/22/2013 09:56 AM, Robert J. Hansen wrote:
> GnuPG extends this with support for Camellia-128, Camellia-192 and
> Camellia-256. I don't know the reasoning for introducing Camellia, but
> I'm sure there's a solid basis for it.
Camellia in OpenPGP is now a published part of the spec, complete
Hi Matt--
On 09/05/2013 09:35 PM, Matt D wrote:
> i was sent a .asc file as an attachment.
It sounds like you may have been sent a PGP/MIME-signed message. The
message i'm sending now is PGP/MIME-signed. These kinds of messages
show up in some Mail User Agents that don't know about PGP/MIME as
On 09/10/2013 09:12 AM, Adam Gold wrote:
> My gpg.conf contains the following lines:
>
> default-preference-list SHA512 SHA256 SHA384 SHA224 SHA1 AES256 AES192 AES
> CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
> personal-digest-preferences SHA512 SHA256 SHA384 SHA224 SHA1
the lines above look like th
On 09/10/2013 12:47 PM, AdamC wrote:
> I have keys that I have used (sparingly) since 2004. This is a 1024
> keysize. That keypair has a few signatures through key signing.
>
> What is the best approach to upgrading keys to 4096? Is it just create a
> new keypair and then go to lots of key signing
On 09/10/2013 03:01 PM, Philipp Klaus Krause wrote:
> GPG supports the feature of having multiple UIDs per key.
> However this requires special care of anyone signing such a key.
> AFAIK, there is no really user-friendly, and definitely no
> newbie-friendly way to do so.
Please try out monkeysign
On 09/10/2013 02:23 PM, Adam Gold wrote:
> To enable gpg support in mutt I copied /usr/share/doc/mutt/examples/gpg.rc to
> ~/.mutt and then added 'source ~/.mutt/gpg.rc' to the mutt config file. I
> also added to the config a number of lines as per here:
> http://pastebin.com/t17HcrCS
>
> If
I'm trying to programmatically look at the notations in all the
self-sigs in an OpenPGP certificate.
But:
gpg --fingerprint --fingerprint --fixed-list-mode --list-options show-notations
--with-colons --check-sigs "$fpr"
does not show me the notations.
if i omit --with-colons, then i get the n
On 09/11/2013 11:56 AM, Hauke Laging wrote:
> Am Mi 11.09.2013, 10:07:30 schrieb Daniel Kahn Gillmor:
>
>> Should i be able to see the notations when using --with-colons somehow?
>
> show-sig-subpackets is your friend.
Thanks, that does produce a tremendous amount of info, a
On 09/11/2013 05:42 PM, Philip Jägenstedt wrote:
> My public key has the default capabilities sign and certify. I've seen
> that some people have only the certify capability in order to be able to
> keep the main key offline most of the time.
>
> Is it technically possible to change the capabiliti
On 09/11/2013 11:43 PM, Newton Hammet wrote:
> Shouldn't I be seeing 1 or more ECC choices?
GnuPG 2.1 (still currently in beta, afaict) is the first version to
include ECC support for OpenPGP. the 2.0.x branch does not include ECC
for OpenPGP.
Regards,
--dkg
signature.asc
Description
but with this patch it is at
least possible.
--dkg
commit 28de238a44205cb7ede822da2aac509f472386b5
Author: Daniel Kahn Gillmor
Date: Thu Sep 12 18:29:52 2013 -0400
enable the creation of non-exportable self-sigs
This supports (only via --expert mode at the moment) the u
On 09/13/2013 10:17 AM, David Shaw wrote:
> On Sep 13, 2013, at 1:22 AM, Daniel Kahn Gillmor
> wrote:
>
>> GnuPG is currently not able to create a non-exportable self-sig. If you
>> try to do this, it gives an error:
>>
>> WARNING: the signature will not be ma
On 09/13/2013 09:49 AM, Peter Lebbing wrote:
> On 2013-09-13 14:24, Nicholas Cole wrote:
>> The correct way would be to have keyservers
>> honour the no-modify flag, or perhaps have some notation on the ID
>> that prevents uploading to a public keyserver. I myself would favour
>> the latter approa
On 09/13/2013 08:24 AM, Nicholas Cole wrote:
> I don't think this is sensible. What is the point of a UID that
> cannot be used by someone else? If the UID is shared with anyone else
> (even privately), it must have a self-signature, and so that signature
> must be exportable.
It is possible
On 09/13/2013 11:35 AM, Nicholas Cole wrote:
> Well. Why not trust your circle of contacts (because anyone using this
> scheme must be in a small circle) not to upload the keys to
> keyservers?
>
> Perhaps if there is enough demand gpg could even have a "Never send
> these keys to keyservers" opti
On 09/16/2013 06:02 PM, Philipp Klaus Krause wrote:
> Unfortunately, tools for signing keys with multiple UIDs IMO are not
> user-friendly enough, tpically due to the following:
>
> 1) They require the user to be familiar with the command-line,
> 2) They require the user to run a unixoid OS,
> 3)
On 09/17/2013 09:56 AM, Philip Jägenstedt wrote:
> Going with the GnuPG built-on model, it seems like I can get the "n
> people would need to be deceived" effect by (in a temporary keyring)
> assigning marginal trust to all keys in the world and
> --marginals-needed n, without requiring the paths
On 09/17/2013 02:21 PM, kwadronaut wrote:
> Up until now, I always see signatures on a key ordered in chronological
> fashion, with GnuPG, sks' web interface and enigmail. It's always in a
> format with day, month and year (sometimes year-month-day or another
> format of that data). Now I'm curious
On 09/18/2013 04:14 PM, Philip Jägenstedt wrote:
> Yeah, that sounds like a useful approach. If I assume that the Wayback
> Machine isn't part of a conspiracy against me, then I could use it to
> check what signing keys were listed on gnupg.org in the past:
>
> http://web.archive.org/web/200706101
On 09/18/2013 10:35 PM, Doug Barton wrote:
> The issue for me is the "cleanliness" and accuracy of my local key ring
> (as I pointed out in a previous message in this thread). I don't like
> what either CAFF or Pius do; leave signatures that I consider "bogus" on
> my local copy of the key, or rely
On 09/22/2013 01:10 PM, Oliver Verlinden wrote:
> some days ago I had the idea of a pgp compatible mailing list.
> I know there is a mailman extension which supports pgp encrypted messages out
> there, but I wanted ta have a small, fast and easy to configure solution.
Very cool to see that you've
On 09/21/2013 11:56 AM, Ralf Ramsauer wrote:
> Both, signature and encryption key get their own ID's. How are these
> ID's generated? Randomly?
the key IDs are the low-order bits of the fingerprints. the
fingerprints are an SHA-1 digest of the creation date of the key plus
the public elements of
On 09/24/2013 03:36 AM, Jörg Deckert wrote:
>> You are right. Sorry, there is no standard solution for this. It
>> depends on how a CA handles encryption keys. Set up your own CA and you
>> do not need a CSR.
>
> I have my own CA (XCA / openssl). I think I have 2 options:
> - transfer the key
On 10/05/2013 10:09 PM, mirimir wrote:
> On 10/05/2013 08:56 AM, Werner Koch wrote:
>
>> We are pleased to announce the availability of a new stable GnuPG-1
>> release: Version 1.4.15. This is a *security fix* release and all users
>> are advised to updated to this version. See below for the imp
101 - 200 of 930 matches
Mail list logo
