rg is actually correctly published via
WKD, so i tested with d...@fifthhorseman.net):
130 dkg@alice:/tmp/cdtemp.pipIPp$ gpg -e -r '' foo.txt
gpg: : skipped: No public key
gpg: foo.txt: encryption failed: No public key
2 dkg@alice:/tmp/cdtemp.pipIPp$ gpg -e -r 'd...@fifthhorse
On Tue 2019-10-22 21:28:53 -0400, Daniel Kahn Gillmor via Gnupg-users wrote:
> On Thu 2019-10-17 11:08:46 +, Bjarni Runar Einarsson wrote:
>> Daniel Kahn Gillmor wrote:
>>> I'd be happy to set up such a tracker at (say)
>>> https://gitlab.com/openpgp-wg/w
On Mon 2019-12-16 13:39:10 +0100, Andreas Ronnquist wrote:
> Changing to pinentry-gtk3 also removes the problem, and that is an
> acceptable solution for me, so I have no hurry in getting fixes to the
> gtk-2 version.
just to clarify, i think you're talking about pinentry-gnome3, not
gtk3. Right?
On Wed 2020-05-27 20:42:45 +, halfdog wrote:
> I just noticed that gpgv2 packaged for Debian does not include
> the "gpgsplit" and "pgpdump" tools any more.
pgpdump was never part of GnuPG, it ships in its own package.
The gnupg-utils package contains /usr/bin/gpgsplit.
For more detailed exa
On Sun 2020-10-11 09:59:12 +0200, Stefan Claas wrote:
> Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
>> Yes, but why should she want to be able to do that? She could
>> decrypt the message and, if it turns out that the message is not
>> signed, discard the message.
>
> It would allow Alice (i
On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
> The "make a CNAME of your openpgpkeys subdomain to
> wkd.keys.openpgp.org" couldn't work with https certificate validation,
> thouth (or are they requesting a certificate on-the-fly?)
In fact, i believe that keys.openpgp.org *is* requesting and reta
(my messages might not be arriving at @gnupg.org addresses right now
because their mailserver appears to be rejecting my mailserver claiming
(incorrectly, afaict) that the reverse DNS is not configured --
hopefully it will be resolved soon; feel free to re-forward this message
to the list if it doe
On Thu 2021-01-21 18:49:19 +0100, Neal H. Walfield wrote:
> Please don't do this. This is the format of a TPK:
>
> https://tools.ietf.org/html/rfc4880#section-11.1
>
> It doesn't allow arbitrary packets to follow it, as far as I can see.
fair enough. It also doesn't allow arbitrary trailing NUL
On Tue 2021-01-19 13:08:19 +0100, Werner Koch via Gnupg-users wrote:
> On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
>
>> When you look up the openpgpkey.example.org domain, you are revealing
>> to anyone snooping DNS traffic that you are using OpenPGP and are
>> looking for a key related to ex
On Fri 2021-01-22 22:59:36 +, Andrew Gallagher via Gnupg-users wrote:
> On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote:
>> this is a non-backward-compatible change to the format, so i think
>> that's probably not a great outcome.
>
> I can&#
On Wed 2021-01-27 22:49:13 +0100, André Colomb wrote:
> By the way, is there something like a repository to send and discuss
> pull requests against the WKD draft document? Or is it just
> hand-crafted text edited by the submitter based on suggestions?
I think you can find a git repo that contain
On Fri 2021-01-29 01:20:55 +0100, Ángel wrote:
> Oh, nice. I had only located
> https://gitlab.com/openpgp-wg/webkey-directory which stops at -08. This
> one has been further updated.
yep, see the thread starting at
https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062844.html
and conclu
On Fri 2021-03-19 08:29:12 +0100, Werner Koch via Gnupg-users wrote:
> You may also skip the menu thing and use
>
> gpg --quick-gen-key b...@example.com future-default
I agree with Werner's recommendation of using --quick-gen-key and
future-default.
If you're going to provide an e-mail address-
On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists tha
On Thu 2021-06-03 09:43:02 +0900, NIIBE Yutaka wrote:
> ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
>> I'm getting this error/warning even when I just decrypt an encrypted
>> file using plain gpg.
>
> If you keep using ~/.gnupg/pubring.gpg, I think this is the cause of
> your problem.
>
> In this case, see this comment i
On Mon 2021-06-28 18:42:02 +0100, Andrew Gallagher via Gnupg-users wrote:
> It’s not clear, but it may be due to a lack of canonical ordering of
> packets.
There are no published specifications for how to canonically order
OpenPGP packets, but i sketched a proposal here:
https://dev.gnupg.org
On Tue 2021-07-06 23:20:23 +0100, Andrew Gallagher wrote:
> That's an interesting idea, and it has merit in itself, but from a
> keyserver point of view I think a more general solution is to explode
> TPKs into atomic components, sync them separately, and reconstruct the
> TPK on demand at query
On Wed 2021-07-07 19:57:14 +0200, Werner Koch wrote:
> You need to check for the canonical form anway and thus it is easier to
> directly sort it. In case of signature subpackets (if that is one of
> your concerns), this if of course not possible and thus this would
> require that the specs requir
On Fri 2024-03-01 17:06:09 +0100, Ingo Klöcker wrote:
> On Donnerstag, 29. Februar 2024 21:21:42 CET Daniel Kahn Gillmor wrote:
>> human-readable names for certificates. But i don't see how to use that
>> safely while dealing with GnuPG's risky implementation choices here
Hey GnuPG folks--
I've written `sopv-gpgv`, which implements the verification-only subset
of the Stateless OpenPGP CLI, using gpgv as a backend.
If you're an implementer who needs a minimalist, verification-only
OpenPGP command-line tool, and you'd prefer to use a stable, normalized
interface whi
Hi Todd--
On Fri 2024-07-26 09:54:32 -0400, Todd Zullinger via Gnupg-users wrote:
> A reasonably common use case for gpgv is to verify
> signatures on release artifacts by distribution packaging
> tools. Being able to use the upstream provided key
> material, which is typically armored, would mak
Hi Todd--
On Mon 2024-07-29 15:47:09 -0400, Todd Zullinger via Gnupg-users wrote:
> Particularly, using sopv-gpgv would introduce more
> dependencies to the buildroot (the python stack,
> specifically) which is unlikely to be something folks like
> Fedora want, after spending time to minimize the
On Mon 2024-08-05 20:08:43 +0200, Björn Persson wrote:
> It's true that requiring verification of all the signatures is not
> always desirable. Allowing all but one to fail is not always right
> either. Deciding how many correct signatures should be required is
> nontrivial. I doubt any general ver
On Tue 2024-08-06 14:01:36 -0400, Daniel Kahn Gillmor via Gnupg-users wrote:
> Or, if you really want the "sop verify" and "sop inline-verify"
> interface to support some sensible "at least N signatures" semantic, feel
> free to open a suggestion in the sop
On Wed 2024-09-04 14:05:28 +0100, Andrew Gallagher via Gnupg-users wrote:
> As I mentioned already in an (accidental) off-list message to the OP,
> I have one regular correspondent who sees my signatures as broken if I
> send email from my laptop, because some as yet unknown MTA on the path
> betw
On Fri 2024-09-06 14:00:53 +0200, Werner Koch wrote:
> See
> GpgOL: Add filenames for PGP/MIME parts
> https://dev.gnupg.org/T4258
>
> on how to solve that. Complaints about strange attachments dropped to
> nearly zero after we deployed that change 5 years ago.
This is a great idea, and certainl
On Tue 2024-08-27 17:37:03 +0200, Jakob Bohm via Gnupg-users wrote:
> Another, related, feature would be the ability to run the gnupg tools in
> a mode that doesn't talk to any part of the environment, neither the
> gnupg config dir, nor the various helper programs (directory, password
> prompt
On Mon 2024-09-09 15:13:07 +0200, Werner Koch via Gnupg-users wrote:
> Advertisement for other applications, like a Python wrapper around a
> long standing command line API (going all the way back to pgp 2), is
> thus off-topic.
Jakob specifically asked how he could use GnuPG while relying on the
On Sat 2025-02-08 21:45:52 +0100, Matěj Cepl via Gnupg-users wrote:
> Wait? Why do you need to run pinentry from flatpak app? Isn’t it
> run on the host system?
I think that's the point. pinentry is run from the host system, but the
invocation of gpg (which talks to gpg-agent, which in turn invok
On Mon 2025-02-10 16:26:05 +0100, Werner Koch wrote:
> On Sun, 9 Feb 2025 23:53, Daniel Kahn Gillmor said:
>
>> What if, in a FreeDesktop environment, the overall policy was just:
>>
>> - gpg-agent decides where to display the pinentry, *not* the gpg
>>invoc
901 - 930 of 930 matches
Mail list logo
