Hi,
when using --verify combined with --status-fd [or --status-file], how
can one notice in scripts, that processing the one signature is done and
that further status-fd messages belong to the next message?
I mean, sometimes it shows SIG_ID, but not in case of ERRSIG.
So is there some line / sep
Doug Barton:
> On 3/19/15 10:39 AM, Patrick Schleizer wrote:
>> Hi,
>>
>> when using --verify combined with --status-fd [or --status-file], how
>> can one notice in scripts, that processing the one signature is done and
>> that further status-fd messages belong
Werner Koch:
> On Thu, 19 Mar 2015 18:39, patrick-mailingli...@whonix.org said:
>
>> when using --verify combined with --status-fd [or --status-file], how
>> can one notice in scripts, that processing the one signature is done and
>> that further status-fd messages belong to the next message?
>
>
gpg-bash-lib is a gpg file verification bash library, addresses
comprehensive threat model, that covers file name tampering, indefinite
freeze, rollback, endless data attacks, etc.
https://github.com/Whonix/gpg-bash-lib
Why?
Writing bash scripts that do file verification using gpg that really is
Hi,
anyone interested to meet up for key signing in Leipzig, Germany?
Please contact me off list.
Cheers,
Patrick
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
is it possible to update an existing (RSA) gpg key to ECC?
Or would a usual transition process be required?
Cheers,
Patrick
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi!
Suppose a file has been `--clearsign`ed. Then an adversary pretended or
appended extraneous content.
How can such a situation be detected? Any gpg built in way or would one
have to use a third party solution or invent one?
Perhaps code talks more:
https://gist.github.com/adrelanos/defdf9d693
Hi!
When using "gpg --armor --detach-sign some-file-version-c" a file:
some-file-version-c.asc will be created.
But an adversary position to arbitrarily change file names on a mirror
or so could rename it to some-file-version-d and some-file-version-d.asc.
That could trick the verifier into beli
Werner Koch:
> On Mon, 12 Jan 2015 03:19, patrick-mailingli...@whonix.org said:
>
>> Suppose a file has been `--clearsign`ed. Then an adversary pretended or
>> appended extraneous content.
>
> That is what the signature is all about ;-). Use
>
> gpg --verify --output OUT SIGNEDDATA
>
> to wr
Added Hauke, because he seems interested in OpenPGP notations [1] that I
will talk about below.
Robert J. Hansen:
>> Is there a way to make gnupg sign the name of the file as well? So
>> verification would fail if file names were renamed?
>
> Drop version 1.7 of your 'foo' program into a director
Werner Koch:
> On Mon, 12 Jan 2015 19:52, patrick-mailingli...@whonix.org said:
>
>> However, what works for me is this:
>>
>> gpg --output ./out --verify ./sha512sums.asc
>
> We are both wrong. --verify does only a verify and nothing else.
> Running without --verify writes the actual signed dat
In another thread...
Werner Koch
> On Mon, 12 Jan 2015 19:52, patrick-
>> When it exits 0, then this approach is sound, sane and fine?
> You better check the status lines; in particular watch out for
>
> [GNUPG:] VALIDSIG E4B868C8F90C.
>
> or use gpgv.
Are there cases where gpg --verify w
Patrick Schleizer:
> Werner Koch:
>> On Mon, 12 Jan 2015 19:52, patrick-mailingli...@whonix.org said:
>>
>>> However, what works for me is this:
>>>
>>> gpg --output ./out --verify ./sha512sums.asc
>>
>> We are both wrong. --verify does only
Werner Koch:
> On Wed, 14 Jan 2015 14:40, d...@fifthhorseman.net said:
>
>> gpg does use the return code to indicate failure of signature
>> verification.
>
> But recall that success does not mean that the signature is good.
> Check the status output or use gpgv.
Do you mean, for example, the si
Hi!
Is there a shell script or bash library for parsing gpg's --status-fd
output?
I mean, I could code it myself. But why duplicate effort and risk
messing up. Maybe there is some existing or even recommended or even
official library to do this?
(What I mean by parsing is: to get from lines such
Hi,
apparently something like gpg-bash-lib didn't exist.
Created one:
https://github.com/Whonix/gpg-bash-lib
Could you leave some feedback please?
Main code file:
https://github.com/Whonix/gpg-bash-lib/blob/master/usr/lib/gpg-bash-lib/modules.d/50_common
No usage instructions yet, see unit tes
Patrick Schleizer:
> apparently something like gpg-bash-lib didn't exist.
>
> Created one:
> https://github.com/Whonix/gpg-bash-lib
>
> Could you leave some feedback please?
>
> Main code file:
> https://github.com/Whonix/gpg-bash-lib/blob/master/usr/lib/gpg-bash
gpg --keyserver hkp://pgp.mit.edu:11371 --search-keys m...@e-mail.com
gpg --keyserver=hkp://pgp.mit.edu:11371 --search-keys m...@e-mail.com
gpg: no keyserver known (use option --keyserver)
gpg: keyserver search failed: No keyserver available
What am I doing wrong?
__
18 matches
Mail list logo
