Re: question on decryption with missing passcode

On 04/17/2013 05:05 PM, Beith, Linda wrote: > Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg' > Gpg: decrypt_message filed: file open error This message suggests that there is a problem in the filesystem, not a problem with a missing passphrase. Do you have a copy of the file in question? do yo

Re: question on decryption with missing passcode

On 04/17/2013 06:25 PM, Daniel Kahn Gillmor wrote: > On 04/17/2013 05:05 PM, Beith, Linda wrote: >> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg' >> Gpg: decrypt_message filed: file open error > > > This message suggests that there is a problem in the fi

Re: Confusion with signature digest type.

On 04/26/2013 11:47 AM, Robert J. Hansen wrote: > For my own lookout, I don't see that this practice would give me very > much. If SHA-1 falls victim to preimage attacks I don't think this recommendation was made to defend against preimage attacks. Avoiding the use of SHA-1 in certifications i

Re: Confusion with signature digest type.

On 04/28/2013 04:26 AM, Robert J. Hansen wrote: > On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote: >> I don't think this recommendation was made to defend against preimage >> attacks. Avoiding the use of SHA-1 in certifications in general is a >> step towards defend

Re: Web of Trust in Practical Usage

Peter Lebbing's thoughtful consideration of the issues in this thread was spot-on, imho. Thanks, Peter! On 04/29/2013 12:29 AM, Quinn Wood wrote: > My question in simpler terms could probably be summed up "How can one find > the most popular- most signed- key (matching some query such as name or

Re: Confusion with signature digest type.

On 05/02/2013 12:03 AM, Robert J. Hansen wrote: >> Eve manages to inject data into your collection that makes the >> data collection have the same digest as a particularly weird User ID >> when bound to your primary key (i'm handwaving past the details of the >> OpenPGP boilerplate involved in a s

Re: Confusion with signature digest type.

On 05/02/2013 12:51 AM, Robert J. Hansen wrote: > On 5/2/2013 12:48 AM, Robert J. Hansen wrote: >> She cares what the collision is: it has to be a valid OpenPGP signature >> sequence. > > Erf, did I really write that? > > s/signature/User ID > > The point being the User ID isn't allowed to be co

Re: Web of Trust in Practical Usage

On 05/03/2013 06:15 PM, Quinn Wood wrote: > On 5/1/13, Daniel Kahn Gillmor wrote: >> what specifically are you trying to do in the bigger picture? maybe >> folks here can give you some suggestions if we can see what you're >> trying to accomplish in the abstract? >

Re: Web of Trust in Practical Usage

On 05/09/2013 12:49 PM, Gregor Zattler wrote: > There are no ownertrust paths but the pathfinder shows me how > many disjunct paths are possible from my key to the other key. > > An attacker would have to introduce fake signatures in every of > the disjunct paths. This is trivial to do. I suspe

Re: certificat for a key pair

On 05/29/2013 02:12 AM, edgard devaux wrote: > using Gnupg with linux debian 7.0 and gnome; i created a key pair. > my e-mail client asks me a certificat for personal to sign , and an > other certificat for the key. what e-mail client? what version? does the e-mail client support OpenPGP nati

Re: [OT] Why are you using the GPG / PGP keys?

On 05/29/2013 01:28 PM, Johan Wevers wrote: [re: startssl] > Further they deliver the private key to you, so they have access to it. is this really the case? There is no way to supply them with a certreq without the secret key material? I would find that really surprising, and it should be bet

Re: How difficult is it to break the OpenPGP 40 character long fingerprint?

On 06/03/2013 08:04 AM, Melvin Carvalho wrote: > Bitcoin is essentially a ledger where you have an array of fingerprints > (160 bit hashes of a public key) and a value (number of coins in wallet). i thought that bitcoin didn't hash the public keys at all, but rather used the full elliptic curve p

Re: Recommendations for handling (multiple) user IDs - personal and company ones

On 06/07/2013 06:54 PM, Hauke Laging wrote: > In addition to what Doug has said: I recommend to have one UID without email > address. Just your name and a comment (like "everyday key on smartcard with > offline main key; see policy URL". fwiw, some people might not be comfortable certifying a U

Re: Recommendations for handling (multiple) user IDs - personal and company ones

On 06/08/2013 03:21 PM, Hauke Laging wrote: > Crypto is NOT about comfort but about security. The point is: Does a > certification make sense? Most certifications I see do not. People simply won't use tools that they aren't comfortable with. This is a delicate tradeoff, but if you're willing to

Re: charset weirdness with non-ascii User IDs

On Tue 2012-07-24 13:41:20 -0400, Daniel Kahn Gillmor wrote: > i'm seeing some strange behavior with the keyservers on GNU/Linux > systems that don't have a UTF-8 locale, or when LANG is set to something > non-UTF8: > > 0 dkg@pip:~$ LANG=C gpg --keyserver keys.mayfirst.

Re: charset weirdness with non-ascii User IDs

On 07/12/2013 03:10 AM, John Clizbe wrote: > Do both searches work correctly on the keyserver web interface? Yes, they do. they also both work fine if i use my standard locale (en_US.UTF-8), and don't set LANG=C. I think this is only an issue when searching for non-ASCII User IDs (i.e. User IDs

Re: encrypting multiple files into a single output file

Hi Ira-- On 07/16/2013 11:08 AM, ira.kirsch...@sungard.com wrote: > With PGP you can do something like: > pgp -e -r -o --archive > > This will create a single "output file name" with the entire "filelist" each > individually encrypted. I don't have PGP, so i still don't know what the r

Re: encrypting multiple files into a single output file

On 07/16/2013 10:49 AM, ira.kirsch...@sungard.com wrote: > We are converting from using PGP to using GnuPG and we are trying to make it > seamless to our customers. Using PGP, when we had multiple files to deliver, > we could have each file encrypted and placed into a PGP archive. The client >

Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?

On 07/24/2013 05:52 AM, Einar Ryeng wrote: > I'd just stick to three different keys if I were you. Nobody will care that > they have to sign three keys rather than one or two. While i agree with Einar that signing three keys isn't a big difference from signing one key with three user IDs, I will n

Re: "Certify" only master key

On 07/30/2013 07:10 PM, atair wrote: > What is the advantage of having a certify+sign master key? Note that if you have access to the secret key material of the primary key in an OpenPGP certificate (what you're calling the "master key"), there is nothing stopping you from reissuing the certifi

Re: gpg use in Debian popcon

hi Bill-- On 07/31/2013 07:51 AM, Bill Allombert wrote: > I am the maintainer of Debian popularity-contest > thank you! > 1) This creates spurious empty files in /root/.gnupg Maybe you want the --no-options flag? --no-options Shortcut for --options /dev/null. T

Re: Display a gpg signature as a string of zeros and ones?

On Thu 2017-04-06 13:39:23 -0400, joao baleza via Gnupg-users wrote: > Hi there,is there any way to display a gpg signature as a string of > zeros and ones?Thanking in advance,jbs any data can be represented as a string of ones and zeros, but there are many different convention for how to order an

Re: Display a gpg signature as a string of zeros and ones?

On Fri 2017-04-07 16:55:05 +, joao baleza wrote: > Sorry. I was not clear enough. I will try to explain better.  As > far has I understand, a 2048 key gpg RSA digital signature has > 2048 bits. But the binary gpg signature file has more than 2048 > bits because the file has some extra data besi

Re: How can I change the passphrase on our secret keys?

On Wed 2017-04-12 11:02:04 -0500, helices wrote: > Yes, I saw that. On one host, that works. > > On other, I get following error: > gpg> passwd > Key is protected. > > You need a passphrase to unlock the secret key for > user: "Sempris " > 4096-bit RSA key, ID 80167A71, created 2016-03-18 > > gpg:

Re: Prefer a currently available signing subkey?

On Tue 2017-04-18 15:41:08 +, Arthur Ulfeldt wrote: > I had exactly the same problem, and there is an open bug about this (wanna > fix it?) I forgot the number. The open report is https://dev.gnupg.org/T1983 I've just moved this to priority "high" since it seems to continue to affect people.

Re: Cannot encrypt to reenabled key after migration

Hi MFPA-- On Wed 2017-04-12 15:21:38 +0100, MFPA wrote: > I have encountered a problem with 2.1.20 writing to my public keyring. > I was using the pre-compiled binaries on Windows 10. > > When editing/refreshing keys, or running gpg --check-trustdb, at the > end of the operation the command window

Re: Prefer a currently available signing subkey?

On Thu 2017-04-20 02:36:16 +0200, Juan Miguel Navarro Martínez wrote: > On 2017-04-19 at 17:46, Daniel Kahn Gillmor wrote: >> The open report is https://dev.gnupg.org/T1983 > > Is it possible that is a duplicate of this report too? > https://dev.gnupg.org/T1967 > > Both ar

Re: Bad passphrase with gpg 2.1 - works fine with gpg 1.4

Hi Fredrik-- On Wed 2017-04-19 15:49:20 +0200, Fredrik Jonson wrote: > After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More > precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as > gpg1 does accept that very same passphrase. What am I doing wrong? gpg 1.4.x and 2

Re: Trouble installing Version 2.1 on Debian Jessie

On Sun 2017-04-30 11:45:12 +0200, Wouter Verhelst wrote: > This is no longer the case; GnuPG 2.1 is in Debian unstable (and has > been for a while). > > Just installing that from unstable, however, will have bad side effects > for other software on your system, so I recommend against it (see also >

Re: How to export private ed25519 subkey to the SSH format

On Sun 2017-04-30 17:18:11 -0700, Jon Gorrono wrote: > I've used Monkeysphere's openpgp2ssh tool > > https://incenp.org/notes/2014/gnupg-for-ssh-authentication.html > > It's in a bunch of linux repo's and also brew... I don't think that monkeysphere's openpgp2ssh tool handles ed25519 at the moment

Re: gpg hangs when asking for passphrase

Hi Joey-- On Mon 2017-05-08 22:34:35 -0400, Joey Morris wrote: > I've tried several things without figuring out the problem: > > - Verified that gpg-agent is running with `pgrep -u "${USER}" gpg-agent`. > - Restarted gpg-agent with `killall gpg-agent`. > - Verified that the socket reference

Re: gpg hangs when asking for passphrase

On Tue 2017-05-09 09:32:43 -0400, Joey Morris wrote: > > Thanks Peter, I think this is indeed related to the systemd user sessions. > Just > to clarify, did you solve your problem by disabling the systemd units, or did > you end up getting it working with them? > > Checking my apt logs, I upgraded

Re: Error on gnupg-2.1.20 installation

On Wed 2017-05-10 09:51:32 +, Antonino Augusta wrote: > When I try to install the gnupg-2.1.20 package, during the make i receive the > following error message: > > > sysutils.c: In function ‘gnupg_inotify_watch_socket’: > sysutils.c:1163: error: ‘IN_EXCL_UNLINK’ undeclared (first use

Re: undeclared function identified during make - gnupg-2.1.20

Hi Dustin-- On Tue 2017-05-09 17:12:22 +, Rogers, Dustin wrote: > When I attempt to make, I receive this error when the compiler tries to > evaluate sysutils.c, and locate a function called "IN_EXCL_UNLINK" > > gcc -DHAVE_CONFIG_H -I. -I.. -DLOCALEDIR=\"/usr/local/share/locale\" > -DGNUPG_B

debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Hi Joey-- thanks for these details! On Tue 2017-05-09 21:43:47 -0400, Joey Morris wrote: > X11 via startx. I run openbox-session at the end of .xsession. cool, we actually have fairly similar setups -- i'm also running systemd, debian testing/unstable, with dbus-user-session, and libpam-systemd

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

On Wed 2017-05-10 22:17:28 -0400, Joey Morris wrote: > I've been using my .xession setup for a number of years, and actually when > this > issue came up it was the first I'd heard of systemd user services. (I was > aware > of the system-level systemd, just not the user-specific part.) I'll spend

Re: Keyring corruption with GnuPG 2.1.20

On Wed 2017-05-10 14:56:20 +0200, Justus Winter wrote: > unfortunately, GnuPG 2.1.20 has a bug that can lead to keyring > corruptions when updating or deleting keys. [...] > If you are using GnuPG 2.1.20 with the keyring format, a workaround is > to convert your keyring to a keybox. For this, fo

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

On Mon 2017-05-15 19:10:35 -0400, Joey Morris wrote: > Daniel Kahn Gillmor wrote on Wed, May 10, 2017 at > 10:58:21PM -0400: >> On Wed 2017-05-10 22:17:28 -0400, Joey Morris wrote: >> > I have systemd version 222-1 installed, which appears to be wildly out of >> &

Re: Reviving a userid with revoked key

On Fri 2017-05-19 21:58:34 +0200, Kristian Fiskerstrand wrote: > On 05/19/2017 08:36 PM, Marc Curry wrote: >> Maybe a dumb question, but I'm looking for help thinking through how to >> best "revive" an old gpg key's userid after I revoked it a few years ago, >> thinking I wouldn't need to use it, a

Re: GnuPG 2.1.19 output

On Tue 2017-05-30 17:16:10 +0200, Martin Schoch wrote: > What does this output form GnuPG 2.1.19 mean when checking a signed > message? > > gpg: skipped packet of type 12 in keybox > gpg: skipped packet of type 12 in keybox > gpg: skipped packet of type 12 in keybox > gpg: skipped packet of type 1

Re: Obtaining sig2 and sig3 signatures

On Tue 2017-05-30 21:25:24 +0200, Stefan Claas wrote: > Let's assume we would exchange signed emails (PGP/SMIME) would these proofs > be enough for you to warrant a sig2? And for a sig3 an additional video > conference? > > The classical procedure would be to sign a key with a sig3 after seeing > t

Re: scdaemon coredumps

Hi Yuriy-- On Tue 2017-05-30 15:09:18 +0300, Yuriy M. Kaminskiy wrote: > When I tried to rebuild gnupg2 2.1.21-2 debian package from > experimental in pbuilder, I got a number of sigsegv's from scdaemon > while running tests: [...] > (this is on debian jessie, i386, libusb-1.0 1.0.19, and various

Re: scdaemon coredumps

On Wed 2017-05-31 10:02:16 +1000, Ben McGinnes wrote: > It is pretty standard (and IIRC part of the SMTP RFCs) that the > forward and reverse DNS records must match. The PTR record does not > have to match the hostname, but it does have to resolve to a hostname > with an A record pointing back to

Re: scdaemon coredumps

On Wed 2017-05-31 03:32:28 +0300, Yuriy M. Kaminskiy wrote: > On 31.05.2017 01:48, Daniel Kahn Gillmor wrote: > >> On Tue 2017-05-30 15:09:18 +0300, Yuriy M. Kaminskiy wrote: >>> When I tried to rebuild gnupg2 2.1.21-2 debian package from >>> experimental in pbuilde

Re: Obtaining sig2 and sig3 signatures

On Wed 2017-05-31 12:00:25 +0200, Stefan Claas wrote: > Am 31.05.2017 um 03:43 schrieb Phil Pennock: >> It's unfortunate really that the default is to make public attestations, >> telling the world "trust me, this key belongs to this person" instead of >> locally useful data and then, only once som

Re: Errors at ECC key generation in non-interactive mode

Hi Ryru-- On Wed 2017-05-31 18:18:56 +0200, Ryru wrote: > I get these errors while trying to create a new ECC key: > > $ gpg --batch --gen-key Desktop/params-ecc.txt > gpg: key ABCDEFABCDEFABCD marked as ultimately trusted > gpg: error reading rest of packet: Invalid argument > gpg: error reading

Re: Question for app developers, like Enigmail etc. - Identicons

Hi Stefan-- I think you're asking about two sort of different things. on the one hand, you're asserting that the 32-bit keyid isn't sufficient for any sort of cryptographic verification. that's absolutely correct, and enigmail really shouldn't be exposing the 32-bit keyID to humans where it can

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote: >> * in the "distinguishing" model, it's not clear that any of the schemes >>i've seen are actually better for most humans against a dedicated >>attacker who crafts fingerprints to make visual identities that look >>similar. do you

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote: > On 05.06.17 22:26, Daniel Kahn Gillmor wrote: >> what does "bullet-proof" mean, specifically? > > For me it means that the idendicons should be visually easy to read > and cryptographically secure. Sorry that

Re: How to show fingerprint in email header?

On Thu 2017-06-08 22:05:40 +0900, Satoshi Yoshida wrote: > How to show fingerprint in email header? > I found > https://datatracker.ietf.org/doc/draft-josefsson-openpgp-mailnews-header/ > But it is expired. This is probably more of a question for your mail user agent than for GnuPG, since GnuPG do

Re: How to join pubring.kbx and pubring.gpg?

On Fri 2017-06-16 11:32:15 +0200, Damien Goutte-Gattat wrote: > Well, there is the Monkeysphere's pem2openpgp tool [1], but AFAIK it > only works with *private* keys, not public keys. for the record, pem2openpgp works with both public keys and private keys. --dkg ___

Re: Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Hi Rex-- On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote: > root@debian-rig:/home/rexk# wget -qO - > https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add - > gpg: WARNING: nothing exported > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 While it's a comm

Re: Revoking a certificate (--edit-key + revsig)

On Fri 2017-06-16 10:06:38 +0300, Teemu Likonen wrote: > My question is simple (kind of): In what situations would you revoke a > certificate that you have made on someone else's key? (Technically: > --edit-key + revsig.) That action would be me saying "i no longer believe that this key is only co

Re: [HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?

Hi Ryan-- On Fri 2017-06-30 11:54:46 +0800, Ryan Lue wrote: > But for some reason, it just doesn't work with `pinentry-curses`: SSH > (GPG) key authentication fails silently, and the server falls back to > password authentication. (I have made sure to set `$GPG_TTY`, so > `pinentry-curses` works j

Re: Fwd: which program use: gpg or gpgv?

On Tue 2017-07-04 16:40:17 -0400, fuflono--- via Gnupg-users wrote: > Hi, > my Debian8.8 has the programs about gpg: > > -rwxr-xr-x 1 root root1128700 Sep 3 2016 gpg > -rwxr-xr-x 1 root root 913236 Sep 3 2016 gpg2 > -rwxr-xr-x 1 root root 334260 Sep 3 2016 gpg-agent > -r

Re: gpgme - raw RSA operation using GPG public/private keys?

On Fri 2017-07-07 18:01:03 +0200, gnupg-u...@niob.at wrote: > I am looking for a "simple" way to use a GPG public/private RSA key to > do "raw" RSA operations. I have the impression, that gpgme only deals > with "real" OpenPGP data structures, but this does not fit my use case. > This is for an ap

Re: gpg-agent/pinentry: How to verify calling application

On Sat 2017-07-15 16:02:22 +0200, Hartmut Knaack wrote: > on my machine running Linux and a recent KDE/Plasma, pinentry-qt > occasionally starts right after logging in and asks for my passphrase. > Is there any way to track down, which process asks gpg-agent for my private > key? Preferably, I woul

Re: GnuPG and standard output

On Tue 2017-08-01 14:17:37 -0400, Robert J. Hansen wrote: > (If you're wondering why I'd do this, GPGME does not yet have a way to > query key prefs, and I need them for a project.) Thanks for the suggestion, i've recorded it here: https://dev.gnupg.org/T3323 > There's no security reason to dump

Re: fingerprint of key

On Mon 2017-08-14 03:32:08 -0300, Duane Whitty wrote: > I was recently trying to compare the fingerprint of a key I downloaded > to its online stated value. I thought I should be able to accomplish > my goal with "gpg --fingerprint public-key-file.asc". Gpg returned > "gpg: error reading key: No

Re: fingerprint of key

On Mon 2017-08-14 15:09:22 -0400, Todd Zullinger wrote: > $ gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary > pub 4096R/FDB19C98 2016-03-31 Fedora 25 Primary (25) > > Key fingerprint = C437 DCCD 558A 66A3 7D6F 4372 4089 D8F2 FDB1 9C98 > > $ gpg2 --wit

Re: fingerprint of key

On Mon 2017-08-14 13:25:58 -0300, Duane Whitty wrote: > Thanks for your response. So, what you are saying is that the man > page is wrong ;-) I didn't think that was what i was saying, but there have certainly been bugs in the documentation in the past. Is there specific text that you think is w

Re: fingerprint of key

On Mon 2017-08-14 19:03:19 -0300, Duane Whitty wrote: > I did not and still do not want to import the oracle_vbox public key > into my key ring. I am happy to download it and check it each time. I think this is an interesting choice, but i don't understand why you've made it. Can you say more ab

Re: Is it possible to certify (sign) a key using a subkey?

On Thu 2017-08-17 07:42:06 -0500, Mario Castelán Castro wrote: > No, it does not have the certify capability. How can I enable this > capability? I recommend re-considering this approach, because there is likely to be software out there that: (a) doesn't expect to see certifications from subkeys

Re: fingerprint of key

On Mon 2017-08-14 21:50:13 -0300, Duane Whitty wrote: > I perceive keys in my keyring as being ones I trust because of > out-of-band confirmation and used for two-way communications. You're not the only person with this perception. But i'm afraid i think it's a mistake, unfortunately. Actually s

Re: fingerprint of key

On Mon 2017-08-14 22:12:18 -0300, Duane Whitty wrote: > Actually one suggestion, the way options and commands are specified > look the same. It might make things clearer if there was a difference > in the way they are expressed on the command line. Perhaps keep the > "--" for options and enter co

Re: fingerprint of key

On Thu 2017-08-17 22:48:36 -0300, Duane Whitty wrote: > Well, I'm not familiar enough with the arcana to say whether it should > be done away with or not but, I am a big believer in software not > trying to guess what I want. As you said, in version 2.1 GnuPG would > have complained that I hadn't

Re: fingerprint of key

On Thu 2017-08-17 22:39:21 -0300, Duane Whitty wrote: > Sounds like a good approach but for someone who has more public keys > stored than me. I only exchange encrypted email with a very, very > small group of people and I am in regular voice communication with > them. If you're going to manage a

Re: Is it possible to certify (sign) a key using a subkey?

On Thu 2017-08-17 19:47:16 -0500, Mario Castelán Castro wrote: > I have chosen RSA as a “known good” algorithm for the primary key > because if I chose a different curve or algorithm for elliptic key once > I have the required knowledge to make an informed decision it will be > more convenient to c

Re: Edit key in batch mode

Hi Ahmed-- On Sun 2017-08-13 00:45:28 +, أحمد المحمودي wrote: > I have gnupg 1.4 installed on my system. I am trying to edit my key in batch > mode using the following command: > > gpg --edit-key --command-fd 0 --status-fd=2 < scr > > the contents of 'scr' file is: > = > adduid > أحمد ا

Re: Configuring dirmngr

On Tue 2017-09-05 21:58:44 +0100, Mario Figueiredo wrote: > I'm having trouble configuring dirmngr to use a default keyserver. > > The current configuration file at .gnupg/dirmngr.conf contains this > single line: > > keyserver hkp://pgp.mit.edu > > However trying to use --recv-keys always fail

Re: [Feature Request] Multiple level subkey

On Sat 2017-09-09 00:50:56 +0200, lesto fante wrote: > Maybe this is not the right place to discuss about this, please be > kind with a noob. this is the right place, welcome! > My user case is simple; maintain my identity even if my master key is > compromised. Tho achieve that, I think about a

Re: [Feature Request] Multiple level subkey

On Sun 2017-09-10 21:17:33 +0200, lesto fante wrote: > here i want to AUTOMATE, make this thing MORE EASY to use than a > common password approach. I understand that you're trying to make *your* life easier. But the choices you make also have an impact on the people who look at your public keys.

Re: using --keyserver but still getting gpg: no keyserver known (use option --keyserver)

On Mon 2017-09-18 13:50:00 +, Patrick Schleizer wrote: > gpg --keyserver hkp://pgp.mit.edu:11371 --search-keys m...@e-mail.com > > gpg --keyserver=hkp://pgp.mit.edu:11371 --search-keys m...@e-mail.com > > gpg: no keyserver known (use option --keyserver) > gpg: keyserver search failed: No keyser

Re: Automating and integrating GPG

On Mon 2017-09-18 20:45:52 +0200, Grzegorz Kulewski wrote: > I am working on a project (in Python and bash) that requires me to use > GPG in "headless mode" to generate keys and edit OpenPGP smartcard (to > set some properties and transfer some of the generated keys). This > includes transfering a

Re: Houston, we have a problem

On Thu 2017-09-21 22:37:38 +0200, Stefan Claas wrote: > I'm sorry! Let me say one last word. If i would be a programmer of > software like GnuPG, my software would not allow to receive unwanted > signatures on my pub key The way the universe works is that once data is public, other data might refe

Re: automatic conversion from keyring to keybox files?

On Thu 2017-09-21 23:47:14 +0100, MFPA wrote: > Now that the upgrade path for GnuPG 2.0.x users is to 2.2.x versions, > will be there any automatic conversion from keyring to keybox files, > either offered by the installer or available as a command? On debian systems, you can run: migrate-pu

preferring --check-sigs over --list-sigs [was: Re: Houston, we have a problem]

On Wed 2017-09-27 10:10:54 +0100, Andrew Gallagher wrote: > On 26/09/17 20:39, Werner Koch wrote: >> Unfortunately the man pages describes --list-sigs in detail and only in >> the next paragraph --check-sigs is explained in terms of --list-sigs. >> it might be better to merge them into one descript

onwnertrust and trust signature (tsig) interactions [was: Re: preferring --check-sigs over --list-sigs]

On Thu 2017-09-28 15:18:09 +0200, Peter Lebbing wrote: > It is a SHA256 trust signature issued by an RSA key. I think it's odd > they issue a level 1 partial trust signature, but I'd guess they think > they're doing their users a service by making it possible to > automatically assign partial trust

Re: onwnertrust and trust signature (tsig) interactions

On Thu 2017-09-28 20:15:33 +0200, Peter Lebbing wrote: > So even if the person who has my full trust tsigns some key, I would > like to treat that signature as a regular key validating signature, and > wouldn't want it to influence ownertrust assigned to the person holding > that signed key. I und

Re: 1024 key with large sub key

ntroduced in 2014 in git commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5 on STABLE-BRANCH-1-4, which was subsequently ported to master. see also https://bugs.debian.org/739424 and https://dev.gnupg.org/T1732 here's the commit log: commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5 Author: Dan

Re: 1024 key with large sub key

On Mon 2017-10-02 15:04:07 -0400, Robert J. Hansen wrote: > Anyone want to point out what I'm missing? I don't want to sound as if > my mind is made up, but right now it truly seems to me the > --enable-large-rsa option is a misfeature. I agree that there's no good reason to enable it by default.

Re: 1024 key with large sub key

On Mon 2017-10-02 17:38:36 -0400, Robert J. Hansen wrote: >> But in terms of being willing to make changes to the GnuPG option space >> that break backward compatibility for some users in order to improve the >> overall state of GnuPG crypto, removing --enable-large-rsa isn't >> anywhere *close* to

Re: auto-key-retrieve usefulness/annoyance

On Thu 2017-10-05 09:00:18 +0200, Werner Koch wrote: > I have exactly the same problem but I do it anwyat - there is not much > we can do about it. The default timeout for such lookups are 2 seconds. > You can lower this to one second using > > connect-quick-timeout 1 A more user-friendly appro

Re: FAQ and GNU

On Mon 2017-10-09 22:06:17 -0400, Robert J. Hansen wrote: > A request has been made that each instance of "Linux" in the FAQ be > replaced with "GNU/Linux". > > I'm not inclined to make this change. However, in order to make sure > that the FAQ reflects the community's wishes, I'm submitting the >

Re: gnupg on read-only filesystem

On Tue 2017-10-10 10:51:16 +0200, Fourhundred Thecat wrote: > I am using gnupg 2.1.18-6 on Debian Stretch. Stretch currently ships 2.1.18-8~deb9u1. please update ;) > My root partition (/) is mounted read-only and I cannot use gpg as root, > because gpg wants to start gpg-agent and write to /roo

Re: FAQ and GNU

Thanks for going through the specific instances of Linux in the FAQ, Leo. This is what i was asking for when i was wondering whether a concrete diff has been proposed. (where is the FAQ maintained, btw? how is one expected to submit patches?) I agree with all of Leo's conclusions except for the

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Mon 2017-10-09 23:30:22 -0300, Duane Whitty wrote: > After saying all that I recall reading an article by the Washington > Post (if I recall correctly) that they use two computers in their > "safe-drop" system. The link you're looking for is: https://securedrop.org/ their documentation for

Re: FAQ and GNU

On Tue 2017-10-10 18:05:15 +0200, Leo Gaspard wrote: > So we should call FreeBSD “GNU/FreeBSD” instead? Sorry, I could not resist. Debian actually does ship a "port" that uses the FreeBSD kernel and the GNU userland, and it calls it GNU/kFreeBSD. https://www.debian.org/ports/kfreebsd-gnu/ This

Re: FAQ and GNU

On Tue 2017-10-10 19:46:28 +0200, Leo Gaspard wrote: > That said, I wonder whether the sentence with “all GNU/Linux distros > feature a suitable GnuPG tool” would make sense at all, given GnuPG is, > as pointed out by Mike, part of the GNU operating system, which would, > if I understand correctly,

GnuPG on Android [was: Re: FAQ and GNU]

On Wed 2017-10-11 09:15:41 +0200, Neal H. Walfield wrote: > At Wed, 11 Oct 2017 08:26:21 +0200, > Werner Koch wrote: >> On Tue, 10 Oct 2017 20:55, b...@adversary.org said: >> >> > Has anyone managed to get any part of the GPG libs to compile on >> > Android/Linux? As far as I'm aware no one has a

Re: gnupg on read-only filesystem

On Wed 2017-10-11 08:53:59 +0200, Fourhundred Thecat wrote: >> On 2017-10-10 15:48, Daniel Kahn Gillmor wrote: >> >> You could try the following: >> >> export GNUPGHOME=$(mktemp -d) >> gpg -d file.gpg >> rm -rf "$GNUPGHOME" > &

Re: gpg 2.2.x devuan jessie no TOFU TLS

On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: > cannot work this out > > installed sqlite3 and gnutls available packages and -dev packages what versions of these packages did you install? can you provide more explicit details? the debian packages build fine on stretch and later, bu

Re: Upgrading from gpg1 to gpg2: lots of trouble, need help

On Mon 2017-12-18 20:01:02 +1100, gn...@raf.org wrote: > For most of my decryption use cases I can't use a > pinentry program. Instead, I have to start gpg-agent in > advance (despite what its manpage says) with > --allow-preset-passphrase so that I can then use > gpg-preset-passphrase so that when

Re: Upgrading from gpg1 to gpg2: lots of trouble, need help

Hi raf-- Hi On Wed 2017-12-20 14:11:26 +1100, gn...@raf.org wrote: > Daniel Kahn Gillmor wrote: >> On Mon 2017-12-18 20:01:02 +1100, gn...@raf.org wrote: >> > For most of my decryption use cases I can't use a >> > pinentry program. Instead, I have to start gpg-age

Re: How to batch generate ECC key

On Fri 2017-12-29 01:18:27 +0100, Rezart Qelibari für GnuPG wrote: > I want to batch generate a key using an ECC algorithm using the following > command: > > $ cat config.txt | gpg —-batch —generate-key for modern gnupg, i think what you want is: gpg --quick-gen-key 'alice ' ed25519 and

Re: Ascii-armor in paper - question

Hi Egon-- sorry for the delay in responding to you here. On Mon 2017-12-25 14:49:02 +0100, Egon wrote: > I have an encrypted GPG Ascii-armored document which I want to print it > to paper in short form (if it is possible). > Does ascii-armor format redundant or redundancy it true only for GPG >

Re: Modernizing Web-of-trust for Organizations

Hi Lou-- On Tue 2018-01-02 23:02:08 -0800, Lou Wynn wrote: > b. Its employees and business partners do not manually manage their own > keys and trust relationship, and the administrator centrally manages all > certificates and trustworthiness for the organization. backing up a bit here -- what ki

Re: Upgrading from gpg1 to gpg2: lots of trouble, need help

On Thu 2017-12-21 16:19:00 +1100, raf wrote: > Sorry, I thought I already did. The 4th point above does not > work. When the public-facing host connects via ssh to the > key management host, and runs gpg, instead of it successully > connecting to the existing gpg-agent process that I started > minu

Re: Tool: Sherpa: (Re: Import keys from .gnupg folder)

On Mon 2018-01-08 11:35:33 +0100, Bernhard Reiter wrote: > Am Sonntag 07 Januar 2018 17:39:39 schrieb Robert J. Hansen: >> Obligatory drum beating: I wrote a tool, Sherpa, to help ease migration >> between different GnuPG versions. >> >> https://rjhansen.github.io/sherpa/ > > Mentioned in the wiki

Re: Tool: Sherpa: (Re: Import keys from .gnupg folder)

On Tue 2018-01-09 08:36:25 +0100, Bernhard Reiter wrote: > Am Montag 08 Januar 2018 17:38:33 schrieb Daniel Kahn Gillmor: >> debian's GnuPG packaging supplies >> /usr/bin/migrate-pubring-from-classic-gpg which should handle the full >> migration in a safe way and leave t

<    3   4   5   6   7   8   9   10   >