Re: Trying to create auth key on GPF CryptoStick
* Paul Hartman paul.hart...@gmail.com [120102 08:52, mID caeh5t2o4hfyoftki8bm16gxwczhbptmvqz7nqiqbw3ykmh5...@mail.gmail.com]: Hi, I got a GPF CryptoStick 1.2 yesterday and have successfully added my new signing and encrypting subkeys to the card using GPG 2.0.18 and using it without trouble so far for those purposes. However, when I tried to create an authentication key it gives this error twice: gpg: key generation failed: Card error gpg: Key generation failed: Card error To get there, I ran gpg --edit-key my keynum, then addcardkey command, chose Authentication key, 4096 keysize, enter the requested PINs and passphrase, but it results in the error above. It is likely I'm doing something wrong, but am not sure what... if someone has any clues, it is appreciated if you can point me in the right direction. Even v2 cards can't carry 4096 Bit keys. The maximum size is 3072 Bits IIRC. Martin pgp19hPgRpd0d.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What do these warning messages mean
I periodically run the following commands on a FreeBSD-8.2 amd64 machine: /usr/local/bin/gpg2 --keyserver wwwkeys.us.pgp.net --refresh-keys /usr/local/bin/gpg2 --edit-key clean minimize save These commands produce output that has several of the following messages displayed: gpg: subpacket of type 20 has critical bit set gpg: key 60AE908C: removed multiple subkey binding gpg: key 60AE908C: invalid subkey binding The number of such messages varies according to the signature. The majority of signatures have no warnings whatsoever. Then, I occasionally see this message (name intentionally obscured) gpg: key 36E54C93: invalid self-signature on user ID User Name u...@domain.com I don't know what these messages mean and if there is something I am doing incorrectly. Thanks! -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do these warning messages mean
Ladies and gentleman, I will be unplugged from my email until the 17th of January. In the mean time here's a video of a bunny opening your mail http://www.youtube.com/watch?v=LMyaRmTwdKs Your mail will not be forwarded and I will contact you when I come back, alternatively you can contact one of the other administrators or email i...@astalavista.com Merry christmas and a happy new year! Best regards, Sykadul ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trying to create auth key on GPF CryptoStick
On Mon, Jan 2, 2012 at 2:01 AM, Martin Gollowitzer go...@fsfe.org wrote: * Paul Hartman paul.hart...@gmail.com [120102 08:52, mID caeh5t2o4hfyoftki8bm16gxwczhbptmvqz7nqiqbw3ykmh5...@mail.gmail.com]: Hi, I got a GPF CryptoStick 1.2 yesterday and have successfully added my new signing and encrypting subkeys to the card using GPG 2.0.18 and using it without trouble so far for those purposes. However, when I tried to create an authentication key it gives this error twice: gpg: key generation failed: Card error gpg: Key generation failed: Card error To get there, I ran gpg --edit-key my keynum, then addcardkey command, chose Authentication key, 4096 keysize, enter the requested PINs and passphrase, but it results in the error above. It is likely I'm doing something wrong, but am not sure what... if someone has any clues, it is appreciated if you can point me in the right direction. Even v2 cards can't carry 4096 Bit keys. The maximum size is 3072 Bits IIRC. Hi Martin, Crypto-Stick website states that it supported 4096-bit keys when using gnupg 2.0.18, and my signing and encryption subkeys on the card are in fact already 4096 bits, but they were created with gnupg on my PC and then transferred to the card, whereas the auth key creation is happening on the card itself, so maybe it has different limitations in this scenario (card-generated vs PC-generated). As far as I can tell, creation of the auth key outside of the smartcard is not supported. I just tried 3072 bits and it worked. Thanks! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
A usability gap in fingerprint rendering and parsing
Hello list, I was recently trying to encrypt a payload using fingerprints in my keyring to most unambiguously identify a key, when I encountered the following confusion. After giving up trying to find resolution via search engine I played with it a bit more I got it to work, but the head-scratching is, I think, unnecessary. Here's what I did: gpg --list-keys --fingerprint In the output is a line like: Key fingerprint = 560D 1AD1 81D9 81C2 D5D1 005F 10CA 1074 B50F 855E However, one cannot paste that string into gpg --encrypt --recipient, getting the no public key message, as one might expect. One can after removing the spaces, however. Two of the more obvious solution categories include: * Removing the otherwise helpful padding in the spaces between nibbles and decabytes * Expanding --recipient parsing code to accept this format Stepping back a bit, software and users that want to deal in fingerprints might be very different than software and users who want to deal in short ids and email addresses, and it might be nice to have a restricted --recipient option that only supports safe, unambiguous addressing of keys. I think I'm in the latter category. In any case, I think the output of the program should be, in this case, usable as input. Thoughts? -- fdr ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A usability gap in fingerprint rendering and parsing
On 2012-01-03 02:43, Daniel Farina wrote: Thoughts? --with-colons -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A usability gap in fingerprint rendering and parsing
On 2012-01-03 02:52, syka...@astalavista.com wrote: Ladies and gentleman, I will be unplugged from my email until the 17th of January. In the mean time here's a video of a bunny opening your mail http://www.youtube.com/watch?v=LMyaRmTwdKs Your mail will not be forwarded and I will contact you when I come back, alternatively you can contact one of the other administrators or email i...@astalavista.com Merry christmas and a happy new year! Best regards, Sykadul Stop spamming me! (But the video is nice.) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users