On Wed, 18 Feb 2015 06:24, r...@sixdemonbag.org said:
> I don't have IPv6 routing, period. This raises the question of why
> GnuPG is trying to reach an IPv6 address at all.
Because the resolver tells that there is an record. It seems that
we need to figure out at runtime whether v6 is act
On Wed, 18 Feb 2015 14:18, er...@askerrol.org said:
> #0 0xfedc28a4 in abort () from /lib/libc.so.1
> #1 0xff15367c in get_lock_object (lockhd=0xff16e3b0) at posix-lock.c:111
That is an assert() checking that the used library matches the one used
for building. This is all in libgpg-error - ple
On Wed, 18 Feb 2015 11:54, js-gnupg-us...@webkeks.org said:
> While this is much better from a security point of view, it still means that
> building needs an internet connection. It would be nice to be able to build
> it on an air-gapped machine, which I guess is quite a common use case for
>
On Wed, 18 Feb 2015 12:05, js-gnupg-us...@webkeks.org said:
> I suppose it might be a good idea to have a Qt GUI. That looks native
Although Kleopatra is a KDE application there is not much of KDE in it
and, iirc, Andre once suggested to turn it into a plain Qt application.
Salam-Shalom,
We
On Wed, 18 Feb 2015 12:21, js-gnupg-us...@webkeks.org said:
> And even worse: Why did you decide to hide what is going on by
> prefixing it with a @? This really feels like you are trying to deceit
I also do this often to avoid cluttering the screen. No need to assume
a backdoor. It is for a Ma
On Wed, 18 Feb 2015 11:52, js-gnupg-us...@webkeks.org said:
> I do verify the fingerprint, and they are quite easy to find actually:
>
> https://help.github.com/articles/what-are-github-s-ssh-key-fingerprints/
>
> First Google match for "GitHub SSH fingerprint".
Using a search engine to find impo
aded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
2048R/4F25E3B6 2011-01-12 [e
On Mon, 16 Feb 2015 11:03, bernh...@intevation.de said:
> * What the items in section "What's New in GnuPG-2.1" actually meant,
I should have read "What's New in GnuPG 2.1.2", sorry.
> * "This version fixes a lot of bugs found after the release of 2.1.0"
> which probably should have been "2.1.
On Wed, 18 Feb 2015 12:59, joh...@vulcan.xs4all.nl said:
> The most easy solution in such cases is to try IPv4 first, if that
> doesn't work or is unavailable, try IPv6 if available.
That server has no v4 address. For obvious reasons we use the standard
version first and only then fallback to a
On Sat, 24 Jan 2015 05:05, gni...@fsij.org said:
> DINSIG (DIN V 66291-1) card
> German Geldkarte
> Telesec NKS card
> pkcs#15 card
> SmartCard-HSM card
>
> ... but I think that most are outdated, except the last one.
DINSIG is still German standard (actually a pre-s
On Wed, 18 Feb 2015 20:24, d...@fifthhorseman.net said:
>> as did a few other maintainers. However there was not only not a
>> consensus to do this more generally, there was active opposition to
>> doing it at all.
>
> that's a bummer :(
I guess that is a GPL issue. They don't want any GPLed
On Wed, 18 Feb 2015 20:13, d...@fifthhorseman.net said:
> Reasonable IPv6 stacks should return an ENETUNREACH (Network is
> unreachable) error message when trying to connect() to an address for
> which there is no route, which should already cause dirmngr to failover
The error handler after a con
On Sun, 15 Feb 2015 12:16, aixto...@gmail.com said:
> I took the hint and tried to package gnu/nth but make fails - immediately -
> with this message.
You might find something about this in bugs.gnupg.org. I have not tried
gnupg 2.0.x on AIX for many years thus it is quite possible that you run
On Thu, 19 Feb 2015 18:22, o...@mirix.org said:
> Your Java Card does probably not support PKCS #11. An applet on the card
> might implement it. To make it work, you need a PKCS #11 middleware and
PKCS#11 is an API between two applications. It is not directly related
to smartcards. However, it
ingerprint = C1D3 4B69 219E 4AEE C0BA 1C21 E3FD FF21 8E45 B72B
uid [ unknown] Werner Koch (wheatstone commit signing)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpAGiQ_oUbEz.pgp
Description: PGP signature
___
Gnup
On Thu, 19 Feb 2015 18:16, js-gnupg-us...@webkeks.org said:
> I also like @ to hide useless output, but is downloading *and
> executing* from a remote location really something you should hide?
> Especially if everything else isn't hidden?
Okay, someone please write a noscript extension for the l
On Thu, 19 Feb 2015 12:01, er...@askerrol.org said:
> Thanks. Now to figure out why make check fails but make works without
> error. Are there dependencies besides pth for libgpg-error?
Are you using a recent Pth version? I recall that older Pth versions
had problems when used by programs which a
On Fri, 20 Feb 2015 06:32, ranjin...@tyfone.com said:
> Yes i used Scute. No success with it. I better ask OpenSC mailing list with
> the help asking for the support for handle data objects even if the card
> could store them..
You may want to checkout https://gnupg.org/service.html to find help f
On Thu, 19 Feb 2015 20:29, js-gnupg-us...@webkeks.org said:
> Btw, does this mean that basically Ed25519 keys are stable enough now and
> won't change anymore?
I everything goes wrong, gpg will continue to support them if they don't
make it into an RFC.
Salam-Shalom,
Werner
--
Die Gedan
On Sat, 21 Feb 2015 08:48, ndk.cla...@gmail.com said:
> since there's no on-card crypto involved. Just store the secret in an
> SMS, with the "sender" set to the ID of the protected storage :)
Or use a plain USB stick.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Fri, 20 Feb 2015 10:36, luk...@dressyvagabonds.com said:
> In order to work around the hang, we’re running this call in a separate
> thread now, and if it doesn’t return within a few seconds (5 at the moment),
> it sends a timeout to the scdaemon.
Why not using a simple alarm() based watchdo
On Tue, 24 Feb 2015 00:59, dani...@grinta.net said:
> However, the ordering is not really enforced: this
Right. Options and commands are actuallay interchangeable but that is
an undocumented features. In fact the only difference between a command
and an option is that tehre may only be one comm
On Tue, 24 Feb 2015 15:55, leonard.dal...@taztag.com said:
> I have tried to find a description of this S2K format, but I haven't
> found one. Does anyone know where I can find a description of this
> "experimental" S2K ?
doc/DETAILS shows this
* GNU extensions to the S2K algorithm
S2K mode 1
On Wed, 25 Feb 2015 10:49, pe...@digitalbrains.com said:
> something. It should be:
>
> S2K specifier 110
Well, it is 101. I just updated doc/DETAILS> It now reads:
* GNU extensions to the S2K algorithm
1 octet - S2K Usage: either 254 or 255.
1 octet - S2K Cipher Algo: 0
1 octet - S2
On Thu, 26 Feb 2015 15:57, b...@pagekite.net said:
> As it's rather long, I won't paste the whole thing in here, but I do
Please give me a few days to comment on this. I have some urgent tasks
right now. But as a first hint: automation has never been second class
citizen and has been build into
On Wed, 25 Feb 2015 14:07, michard.anto...@gmail.com said:
> #gpg -r 6349E5E0 -e test.txt
> Abort
You should run it under a gdb to see the reason for the abort. This
should not happen.
$ gdb gpg
gdb> run -r 6349E5E0 -e test.txt
[...]
gdb> bt
Shalom-Salam,
Werner
--
Die Gedanken s
On Fri, 27 Feb 2015 12:34, michard.anto...@gmail.com said:
> #2 0x000801918130 in __stack_chk_fail () from /lib/libc.so.7
> #3 0x000801179e43 in _gcry_cast5_amd64_cfb_dec () from
I would try to build libgcrypt 1.6.3, which I just released, and check
if that problem still exists. There
On Fri, 27 Feb 2015 13:23, gnupg...@seichter.de said:
> have some valid points; the latest articles are by no means mindless
> rants or PGP-bashing. The thought of letting PGP die as an e-mail
The article has two problems:
- It compares an offline system (mail) with online systems (chat
syst
On Fri, 27 Feb 2015 19:37, marcozehe...@mailbox.org said:
> And here’s the other problem the main article in c’t mentions: Those
> keys, although faked, were certified. They were certified by equally
> faked keys which resemble keys that are quite well-known. So unless
Nope. According to the que
On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> that anyone can upload _every_ key to a keyserver is an issue. If
> keyservers would do some sort of verification (e.g. confirmation of
> the email addresses) then this would lead to much more reliable data.
We have such a system. It is call
our keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (Gnu
Hello!
The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.3. This is a security fix release to mitigate two new side
channel attacks.
Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other
On Fri, 27 Feb 2015 21:07, kristian.fiskerstr...@sumptuouscapital.com
said:
> Increasing the information on keyservers like this, in particular in
> the descriptive parts can be considered, would it suffice to be part
> of the standard web interface for keyserver intro, or would it have to
> be ad
On Fri, 27 Feb 2015 21:24, cales...@scientia.net said:
> - Nothing is encrypted (so everyone eavesdropping will know that I just
> downloaded the key for nsa-whistleblow...@wikileaks.org... and five
Which he will anyway see as soon as you send the mail. Iff we have an
anonymous network both pr
On Sat, 28 Feb 2015 03:02, a...@raxys.net said:
> of GnuPG in 2009. According to him, the patch fixes lots of problems
> that might be usable as in attack vectors on GnuPG. It seems however, as
> if this patch was never included into upstream GnuPG. Because of that,
This comes up every once in a
On Sun, 1 Mar 2015 15:32, rp...@kcore.de said:
> is there a command line utility that takes a PGP/MIME encrypted message
> (a plain RFC 2822 text file) and outputs an unencrypted copy? The
Not really. MIME is a structured format and as such it may result in a
bunch of encrypted, non-nencrypted,
On Sun, 1 Mar 2015 03:29, a...@raxys.net said:
> I think the majority of people work for people they don't necessarily
> like that much. I suppose it's related to the unfair distribution of
> wealth in our world. Being funded by Facebook isn't the most reputable
> thing either.
Yeah right, or Go
On Sun, 1 Mar 2015 23:43, js-gnupg-us...@webkeks.org said:
> I don't really agree with that. The goal is that the proof of work for a
> single message takes 4 minutes. At that rate, sending spam really is not
So you can send 360 mail a day. Assuming your 24/7 business make 700
Euro a day each m
On Tue, 3 Mar 2015 12:51, r...@sixdemonbag.org said:
> Admittedly, "the GnuPG dev people" is really a one-element list
> containing Werner. But there are certainly people active in the GnuPG
The web page lists more and several more have write access to
git.gnupg.org. I considered to affend but
On Tue, 3 Mar 2015 14:29, h...@guardianproject.info said:
> It is actually more difficult to wrap GPGME in Java than to have just
> rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad
Sorry, but that is not your problem. The problem on Android seems to be
that it is not easy to
On Wed, 4 Mar 2015 00:57, h...@guardianproject.info said:
> thread at this point. The bizarre Java wrapper of GPGME was not the
> biggest part of the problem of the GnuPG-for-Android port, but it was
> nonetheless a real problem. Sure it is possible to use GPGME with
You mean Stefan's decade o
On Wed, 4 Mar 2015 01:45, r...@sixdemonbag.org said:
> ever hacked on GnuPG has found situations where GPGME isn't a good
> solution, sometimes for architectural reasons and sometimes for API
> reasons and sometimes for language binding reasons and sometimes for
> licensing reasons and... etc.
I
On Wed, 4 Mar 2015 00:50, h...@guardianproject.info said:
> If you are interested, you should read the details. Because you are
> missing some key details here. I believe they log all PGP encrypted
> communication. That would be easy for them to do. I don't know about
> HTTPS.
I don't known
On Wed, 4 Mar 2015 01:43, robe...@broadcom.com said:
> I think Peter and the group already adequately answered this: If GPGME
> is not providing an interface that meets Android requirements, then
> look into how GPGME interfaces to GPG and emulate that interface.
FWIW, EasyPG, the GnuPG interfac
On Tue, 3 Mar 2015 21:29, h...@guardianproject.info said:
> * Android will kill apps when it needs to, app lifecycle is automatically
> managed,
> the app has no control over it, and often zero warning is given
That is the same as with Linux. Ever heard of the OOM killer?
> * Android was not
On Wed, 4 Mar 2015 10:50, r...@sixdemonbag.org said:
>> I don't known for sure about encrypted mail but it is known that
>> https connection information is recorded and stored for future
>> attacks:
>
> Perhaps. Plausible, even, given storage requirements for connection
> information. But stor
On Wed, 4 Mar 2015 10:57, r...@sixdemonbag.org said:
> You're looking at FOSS projects that have successfully used GPGME, but
Sure.
> that doesn't tell you about proprietary projects that have chosen not to
> use GPGME. I've had clients refuse to use GPGME because of the
> licensing, even unde
On Wed, 4 Mar 2015 11:10, pe...@digitalbrains.com said:
>
> [JSON]
>
> [GPGME]
That already exists: gpgme-tool. It creates
output in XML but adding an option for JSON output should be
straightforward.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz
On Tue, 3 Mar 2015 16:23, br...@minton.name said:
> It breaks mailpile because gpg-agent is not session aware. A user could
> be logged in locally, using mailpile, and a remote attacker could access
> the web interface of that locally running mailpile instance, which since
> it is talking to the
On Wed, 4 Mar 2015 20:14, pa...@mlopes.net said:
> It turns out that gnupg and gnupg2 are live and kicking, however the other 2
> projects seem to be dorment for long time without any updates.
Right I have not looked at scrute and poldi for a long time. There
seems to be not enough interest. H
On Fri, 6 Mar 2015 09:12, htd...@fritha.org said:
> In case you're allowed to boot from an external medium, this still won't be
> secure. Because you have no control over the hardware built into the computer,
Does not even need to be hardware: A (remotely) modified firmware might
first boot you
On Mon, 9 Mar 2015 12:37, m.mansf...@mansfeld-elektronik.de said:
> Anybody here from the GnuPG developers involved in that stuff?
Not that I know.
Keep in mind that De-mail system has a serious problem: As soon as you
register an account you are legally forced to check that account timely.
All
On Tue, 10 Mar 2015 08:14, deepak.sax...@safenet-inc.com said:
> I am trying to test file encryption with SafeNet smart cards. (CardOs/ Java
> and other tokens).
> I am getting error message: The card application is not yet supported.
You need to write an application which GnuPG knows about. Th
On Tue, 10 Mar 2015 10:05, aheine...@intevation.de said:
>> Also is there any
>> option to turn hardware acceleration on or off at runtime?
You can globally disable certain hardware features: Create a file
--8<---cut here---start->8---
# We do not want to use
Hi!
Find below the plain text version of
https://gnupg.org/blog/20150310-gnupg-in-february.html
Shalom-Salam,
Werner
1 GnuPG News for February 2015
══
Indeed, very exiting news this month: The financial crisis of The
GnuPG Project is over. Due to an unex
ny
d:\etc\gcrypt\hwf.deny
I have not tested this.
> a way to make gpg display which hardware features are being used when
> encrypting/decrypting (to confirm that the deny file was correctly
> placed and actually had an effect)? Thank you. From: Werner Koch
Not yet. 2.1.3 will have a com
On Tue, 10 Mar 2015 20:33, maricelgregorasc...@yahoo.com said:
> I admit I haven't looked at the AES-NI instruction set, but I've read
> that it could be easy for the CPU to reconstruct the key from a
Possible. It is also easy to detect the instructions used for software
based AES keyscheduling
On Wed, 11 Mar 2015 07:18, xav...@maillard.im said:
> I enabled ssh support in the gpg-agent.conf file as usual and I
> clearly see the socket files for both GNUpg and SSH.
The Unix Domain Socket emulation used by Cygwin is different from the
emulation used by GnuPG on Windows. Recall that Cygwi
On Wed, 11 Mar 2015 15:12, br...@minton.name said:
> git.gnupg.org) don't use that certificate. Have you considered a wildcard
> certificate? I know this has been discussed before, e.g. at
Too expensive ;-). To stop all these complaints I will add a so called
real certificate but first I need
On Wed, 11 Mar 2015 20:39, p...@heypete.com said:
>> One more question: Is there any standardization in output formats
>> between encryption programs and libraries, for example say you encrypt
>> with AES128 in CBC, with the same key (directly or via passphrase), and
>> since the output will have
On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said:
> PuTTY also has its own agent support, which works quite well. I'm not
> sure why it's necessary to reinvent the wheel here. :)
Because that integrates seemless with GnuPG. For example you can use
your OpenPGP card (or other supoorted smar
On Thu, 12 Mar 2015 11:08, p...@heypete.com said:
> I (perhaps incorrectly) interpreted the question as "If GnuPG makes
> backwards-incompatible changes in the future, would it be possible for
> one who knows the encryption algorithm used, key, etc. of a message to
> decrypt that message with othe
On Fri, 13 Mar 2015 00:21, h...@barrera.io said:
> No need for a wildcard one. Just get one free certificate for each subdomain
> from StartSSL.
Definitely not. It far easier to pay 10 Euro a year for one from
Gandi. But that is all not an issue, migrating Roundup to a newer
version is more wor
On Fri, 13 Mar 2015 14:04, mw...@iupui.edu said:
> A CA that charges nothing cannot afford to do much (any?) checking of
> the assertions in my CSR. The resulting signature thus cannot have
> some of the meaning that a more thoroughly investigated CSR can
Given the implicit cross certification o
On Sun, 15 Mar 2015 16:32, st...@mailbox.org said:
> Now, I'll look for information on how RNG in GnuPG exactly works. It *seems*
> that haveged should impact on the gathering of entropy (available) at the
> moment
> of keypair generation on any GNU/Linux PC/laptop equipped with it (specific
You
On Sun, 15 Mar 2015 23:38, st...@mailbox.org said:
> Thanks, Werner. I read that, but I was particularly interested in how to get
> GnuPG work with haveged.
You should feed it into /dev/random or get into the kernel proper. This
way all applications can benefit from it.
> So, I guess it would n
On Tue, 17 Mar 2015 20:44, r...@sixdemonbag.org said:
> Given that 2.1 introduces a lot of new capabilities (mostly with respect
> to ECC), I think now, early on in the 2.1 series, would be a good time
> to discuss changing the defaults for newly-generated certificates.
Let's do a quick check of t
On Wed, 18 Mar 2015 22:52, david.j.woo...@gmail.com said:
> I debugged this issue a few days ago. I've posted a patch for testing and
> hopefully incorporation into a future GnuPG 2.1 build at
It is on my shortlist.
Thanks,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgeset
On Thu, 19 Mar 2015 18:39, patrick-mailingli...@whonix.org said:
> when using --verify combined with --status-fd [or --status-file], how
> can one notice in scripts, that processing the one signature is done and
> that further status-fd messages belong to the next message?
That is unfortunately a
On Thu, 19 Mar 2015 11:19, mue...@cryptobitch.de said:
> Is there anything in this listing that would allow me to quickly copy and
> paste
> (e.g. double click and middle click) in order to further work with the key,
> e.g. edit or encrypt to?
Sorry, I do not understand you. This is a command l
On Fri, 20 Mar 2015 19:41, patrick-mailingli...@whonix.org said:
> Well, I don't speak C, so I can't make head or tail of "what we do in
> gpgme/src/verify.c".
You should still be able to follow the control flow. That is not
different from any pseudo code.
> Is there a complete list of all poss
On Mon, 23 Mar 2015 06:31, ventur...@gmail.com said:
> In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
> keyrings." is the fix for CVE-2015-1606?
The Debian announcement describes this as
The keyring parsing code did not properly reject certain packet types
not belong
commit 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e
Author: Werner Koch
Date: Thu Feb 12 18:52:07 2015 +0100
gpg: Fix a NULL-deref due to empty ring trust packets.
* g10/parse-packet.c (parse_trust): Always allocate a packet.
--
Reported-by: Hanno Böck
Signed-off-by: Werner Koch
(ba
On Mon, 23 Mar 2015 15:34, criv...@merkleinc.com said:
> I am now trying to encrypt a file using the "homedir" option to point
> to the copied keyrings but am getting this error message:
You better run
gpg --version
to see which directory is the default homedir of GnuPG. You your files
to t
On Mon, 23 Mar 2015 17:29, criv...@merkleinc.com said:
> Question though - the gpg.conf file is optional? If I want one I must
> create it?
Yes, it is optional. If you have more than one key it is advisable to
create one and add
--8<---cut here---start-
On Thu, 26 Mar 2015 09:59, m...@confidantmail.org said:
> Is there any reason not to start using them? I have been reluctant to
> bundle version 2.1, because once people start using ECC keys, using
There is no deployed base of ECC capable OpenPGP implementation yet.
Thus ECC is not enabled by def
Shalom-Salam,
Werner
--8<---cut here---start->8---
commit 936416690e6c889505d84fe96983a66983beae5e
Author: Werner Koch
Date: Thu Feb 26 09:38:58 2015 +0100
gpg: Remove left-over debug message.
* g10/armor.c (check_input): Remove log_debug.
On Sat, 28 Mar 2015 19:58, dougb@dougbarton.email said:
> Just out of curiosity, do you have an ETA on a new release?
Nothing really important has changed since mid February except for a fix
in gpgtar - does anyone really use it on non-Windows? (it has been
fixed in gpg4win).
Salam-Shalom,
On Tue, 31 Mar 2015 18:50, mailingl...@krebs.uno said:
> What is the CA fingerprint on FSFE-Smartcard?
$ gpg -k 'C485 A6CD 7EC6 6E9E EC33 65F2 70F2 75E4 C32F 6CA5'
pub dsa1024/70F275E4C32F6CA5 2005-04-10 [expired: 2009-12-31]
uid [ expired] FSFE Fellowship (certification key)
Bac
On Sun, 29 Mar 2015 19:36, pe...@digitalbrains.com said:
> new keybox format. I discovered I needed --import-options import-local-sigs on
> the import command to also import my local signatures, which obviously is very
Thanks. I just updated the web page.
Shalom-Salam,
Werner
--
Die Geda
On Tue, 7 Apr 2015 11:27, gnupgpac...@on.yourweb.de said:
> is there any way to change the expiration date of mainkey AND ALL attached
> subkeys by one action only (and not key-by-key)?
No. Please file a feature requests at bugs.gnupg.org. if you think this
is important.
Shalom-Salam,
Wer
On Wed, 8 Apr 2015 17:50, jose.casti...@gmail.com said:
> share something that led me to this confusion initially. When I was
> considering an email-only UID, I ran up against the issue that in
> gnupg's default mode of operation, a name is required for a UID,
$ gpg --dump-options | grep free
es we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA
On Sun, 12 Apr 2015 00:24, m...@confidantmail.org said:
> However, the libgpg-error-prefix doesn't actually work. You have to use:
> --with-gpg-error-prefix=
Actually both should work. But you are right, this is one of the most
durable bugs in GnuPG and Company.
The gpg-error.m4 macro is the re
attsched.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>From 454f60399c7318fffd3de2afadd58c7a490178bd Mon Sep 17 00:00:00 2001
From: Werner Koch
Date: Mon, 13 Apr 2015 09:57:33 +0200
Subject: [PATCH] common: Do without nested fucntions to support
On Sat, 11 Apr 2015 23:01, ivansun...@gmail.com said:
> Hello!
>
> I'm using OpenPGP card to store my secret keys on it. Now I'm adding a
> new UID to my key by running gpg2 --edit-key. What I've got is this
You need to insert your card to create a new UID.
> gpg: secret key parts are not availab
Hi,
I just uploaded an _experimental_ Windows installer with GnuPG 2.1.3:
ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe (2539k)
ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe.sig
The exe has a SHA-1 checksum of
d5630904b3d68eddc2730a00bfc67d52658cbe7e gnupg-
On Tue, 21 Apr 2015 10:26, bernh...@intevation.de said:
> on the OpenPGP Summit last weekend, people suggested to me
> that we could make the wiki look better.
I'd appreciate if it looks similar to gnupg.org.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgese
On Sat, 18 Apr 2015 21:35, b...@adversary.org said:
> e...@quot.po:54: 'msgid' and 'msgstr' entries do not both end with '\n'
> e...@quot.po:58: 'msgid' and 'msgstr' entries do not both end with '\n'
> but no need to paste them all in); obviously the cause is somewhere
> in those sed or make rule
On Wed, 22 Apr 2015 16:50, h...@guardianproject.info said:
> I was sorry to miss the GnuPG Summit. Now I'm eager to hear any news from it
> :)
Yeah, I should write a few lines about it. However, some interesting
other bugs/features were mentioned and was districted by fixing/adding
them. In t
On Wed, 22 Apr 2015 18:06, andreas.schwier...@cardcontact.de said:
> And contrary to the Yubico position that this is a minor issue, I would
> call the circumvention of the PIN mechanism a major issue. If you loose
> the device, then you loose the key.
You mean anyone can use the key, right. How
On Wed, 22 Apr 2015 20:27, andreas.schwier...@cardcontact.de said:
> Not sure about that. If I loose my card on the street or someone picks
> it from my pocket or my PC, than that is different from a malware attack
Given the rare use of smartcards for non-banking I bet malware is more a
problems.
On Thu, 23 Apr 2015 03:39, gni...@fsij.org said:
> In the git repo, we have an entry of po/e...@quot.po in the .gitignore,
> so, I think that it is not maintained in the repo. When a developer
Right. It was removed in 2004!
I expect that bug reports for a certain version a done using freshly
u
On Thu, 23 Apr 2015 09:34, gni...@fsij.org said:
> If this is correct, I think that following patch fixes the problem.
I agree that this is could be the cause for the problem.
> diff --git a/po/Makefile.in.in b/po/Makefile.in.in
Changing that Makefile is not a good idea because it is a standard
Hi!
find below a text version of
https://gnupg.org/blog/20150426-openpgp-summit.html
1 Notes from the first OpenPGP Summit
═
On April 18/19 a bunch of OpenPGP folks met in Dreieich near Frankfurt
to get to know themselves better and exchange experience i
On Mon, 27 Apr 2015 01:31, b...@pagekite.net said:
> Thanks for the write-up, Werner! :-)
Actually you have been much faster with your report
https://www.mailpile.is/blog/2015-04-20_OpenPGP_Email_Summit.html
>> disappointed that many of the participants favored this closed
>> invitation-only
On Mon, 27 Apr 2015 22:07, dkbry...@gmail.com said:
> gpgsm: no issuer found in certificate
> gpgsm: basic certificate checks failed - not imported
Your root certificate is not valid. An Issuer is required and that
issuer must match the Subject. Also certain other fields are required
for a root
On Tue, 28 Apr 2015 17:02, n...@walfield.org said:
> I've added a checkbox to pinentry that asks: "Cache password with GKR"
> and it is only shown if GKR is present. So it's opt-in.
Good. While you are at it: Please also add a checkbox to not hide the
passphrase in the entry field. Being able
On Tue, 28 Apr 2015 14:32, gborow...@advaoptical.com said:
> Can I somehow convince it to recognise powerpc64-e5500-linux-gnu as
> powerpc64-unknown-linux-gnu?
If both systems use the same ABI config.sub should have returned a
canonicalized versions. If not we can use a new mechanism available i
On Tue, 28 Apr 2015 17:55, gborow...@advaoptical.com said:
> And is there an architecture-independent and ABI-independent way of building
> libgpg-error?
No. I know that this change in libgpg-error is annoying but I decided
for it so to decouple libgpg-error's API from pthreads. By not using
p
1 - 100 of 4174 matches
Mail list logo
