Re: Create subkey that will expire in 10 hours
On Wed, 3 Apr 2013 18:54, di4...@nottheoilrig.com said: How can I create a new subkey that will expire in just 10 hours? When I'm prompted to specify how long the key should be valid I tried entering 10h or 0.42 but it complained that both are invalid. Enter seconds=36000 for 10 hours. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Create subkey that will expire in 10 hours
Am Do 04.04.2013, 11:12:51 schrieb Werner Koch: How can I create a new subkey that will expire in just 10 hours? Enter seconds6000 for 10 hours. That seems not to be part of the documentation... Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Create subkey that will expire in 10 hours
On 04/04/13 12:37, Hauke Laging wrote: That seems not to be part of the documentation... The doc file DETAILS mentions it for unattended key generation: Expire-Date: iso-date|(number[d|w|m|y]) Set the expiration date for the key (and the subkey). It may either be entered in ISO date format (2000-08-15) or as number of days, weeks, month or years. The special notation seconds=N is also allowed to directly give an Epoch value. Without a letter days are assumed. Note that there is no check done on the overflow of the type used by OpenPGP for timestamps. Thus you better make sure that the given value make sense. Although OpenPGP works with time intervals, GnuPG uses an absolute value internally and thus the last year we can represent is 2105. Although I interpreted it to mean the number of seconds since the epoch. I didn't realise the notation was also valid for interactive key generation, though. Otherwise I would have answered OP, because I found it while looking for the answer to his question. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Create subkey that will expire in 10 hours
On Thu, 4 Apr 2013 12:44, pe...@digitalbrains.com said: of days, weeks, month or years. The special notation seconds=N is also allowed to directly give an Epoch value. Without a letter days are assumed. Note that there is Although I interpreted it to mean the number of seconds since the epoch. You are right, that the docs says seconds since Epoch. However, the ChangeLog from 2005-10-18 says: * keygen.c (parse_expire_string): Allow setting the expire interval using a seconds=n syntax. This is useful for debugging. So this is about an interval meaning time since creation as used by OpenPGP. That actually makes most sense for debugging. It is unfortunate that we use seconds=N in parse_creation_string meaning seconds since Epoch. I will fix the docs. Specifying the Epoch will anyway stop working in 2038 on many systems, thus it is probably not good to allow its use. If a fixed data is required, one may always specify something like 20130404T153012 for both, the creation date and the expire date. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fingerprint of the subkey just created?
How can I get the fingerprint or key id of the subkey I just created? When the process is completed, it lists *all* of the subkeys. How can I reliably identify the one I just created? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fingerprint of the subkey just created?
On 04/04/13 18:01, Jack Bates wrote: How can I get the fingerprint or key id of the subkey I just created? A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to identify/verify a key as a whole, which means the primary key. I tried the following: $ gpg2 --status-fd 0 --edit-key keyid And indeed I get a whole lot more data, but not a key id. It ends in [GNUPG:] KEY_CREATED S However, I then tried again with: $ gpg2 --verbose --verbose --status-fd 0 --edit-key keyid Which was... very verbose, and included: gpg: writing key binding signature gpg: RSA/SHA1 signature from: primary key ID and UID where here gpg: RSA/SHA1 signature from: D8AB7B20 [?] gpg: writing key binding signature gpg: RSA/SHA1 signature from: primary key ID and UID where here gpg: RSA/SHA1 signature from: D8AB7B20 [?] I did this with a test key which I used for a spam experiment, and I don't want to crosspolenate that experiment, so I removed identifiers. But the D8AB7B20 [?] was the short keyid for the subkey. This is for a signing subkey. If I repeat it for an encryption subkey, the key binding signature is unidirectional, since an encryption subkey can't make a key binding signature. So this method only works for signing subkeys. I don't have reason to believe you need the --status-fd, and you could check if one --verbose (or the short form) is enough. I just made supersure I had a lot of output :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Create subkey that will expire in 10 hours
On 04/04/13 02:12 AM, Werner Koch wrote: On Wed, 3 Apr 2013 18:54, di4...@nottheoilrig.com said: How can I create a new subkey that will expire in just 10 hours? When I'm prompted to specify how long the key should be valid I tried entering 10h or 0.42 but it complained that both are invalid. Enter seconds=36000 for 10 hours. Works. Thank you very much for your help. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fingerprint of the subkey just created?
On 04/04/2013 04:19 PM, Peter Lebbing wrote: On 04/04/13 18:01, Jack Bates wrote: How can I get the fingerprint or key id of the subkey I just created? A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to identify/verify a key as a whole, which means the primary key. the fingerprint of a subkey is actually well-defined. I don't know the answer to Jack's original question, but you can find the specification for subkey fingerprints in RFC 4880: https://tools.ietf.org/html/rfc4880#section-12.2 Finally, the Key ID and fingerprint of a subkey are calculated in the same way as for a primary key, including the 0x99 as the first octet (even though this is not a valid packet ID for a public subkey). Jack, gpg will emit the fingerprints for the subkeys if you supply the --fingerprint argument twice. So you might try parsing the output of: gpg --list-keys --with-colons --fingerprint --fingerprint --fixed-list-mode $PGPID the lines that start with sub: indicate the subkey (and include creation timestamps in field 6), and the lines immediately following them that start with fpr: contain the full fingerprint in column 10. If you just keep track of the most recent creation timestamp and remember its fingerprint you could find the most recent subkey. It's probably 2 or 3 lines of awk if you're into that kind of stuff :) hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fingerprint of the subkey just created?
Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on Thu Apr 4 22:56:50 CEST 2013 : gpg will emit the fingerprints for the subkeys if you supply the --fingerprint argument twice. So you might try parsing the output of: gpg --list-keys --with-colons --fingerprint --fingerprint --fixed-list-mode $PGPID - It's even enough to just do: gpg --fingerprint --fingerprint and gnupg will list the keys and subkeys each with their short id followed by a line Key fingerprint with the fingerprint vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
A PC user unfamiliar with any free software would like to send me messages that only we can read. Now what do I do?]
A PC user unfamiliar with any free software would like to send messages that only the two of us can read. Now what do I do? The numbers of steps for it appear to be insurmountable! And I've failed to understand GNUPG myself. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Please fix subscribe at http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
Please fix subscribe at http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce Subscribe didn't work !... interrupted by the warning untrusted. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users