Re: 2.1.10 with libgcrypt 1.7.0-beta300

[Fulano Diego Perez]

NIIBE Yutaka:
> On 01/11/2016 11:23 PM, Fulano Diego Perez wrote:
>> Can anybody confirm on debian stretch 64 a successful build with
>> libgcrypt beta ?
> 
> GnuGP and libgcrypt development version build successfully on my
> 32-bit ARMv7l.
> 
>> checking for LIBGCRYPT - version >= 1.6.0... yes (1.7.0-beta300)
>> checking LIBGCRYPT API version... okay
> 
> Good, you have the libgcrypt development version installed.
> 
>> i cannot create curve25519 encryption sub keys
>>
>> gpg: agent_genkey failed: Invalid flag
>> gpg: Key generation failed: Invalid flag
>>
>> but i could create NIST and Brainpool enc sub keys
>>
>> something's not right...
>>
>> still using 1.6.4 according to --version
> 
> How do you install the libgcrypt on your system?
> 
> If it's /usr/local/lib, you would need LD_LIBRARY_PATH setting.
> 
> $ export LD_LIBRARY_PATH=/usr/local/lib
> 
> For me, with LD_LIBRARY_PATH, it goes:
> 
> $ gpg2 --version
> gpg (GnuPG) 2.1.11-beta67
> libgcrypt 1.7.0-beta298
> NOTE: THIS IS A DEVELOPMENT VERSION!
> It is only intended for test purposes and should NOT be
> used in a production environment or with production keys!
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 
> Please note that you need to invoke gpg-agent with LD_LIBRARY_PATH, too.

can explain how you mean to invoke ?

i export library path for gpg2 and shows expected libgcrypt version

i can clearsign with ed25519 EDDSA subkey

i have problem testing encryption with cv25519 subkey


tried to test with $ fortune | gpg2 --sign --encrypt -u abc --recipient
123 --recipient 456 | gpg2 --decrypt

gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
gpg: encrypted with 256-bit ECDH key, ID test, created 2016
  "test"
gpg: public key decryption failed: Checksum error
gpg: encrypted with 256-bit ECDH key, ID test, created 2016
  test2
gpg: public key decryption failed: Checksum error
gpg: decryption failed: No secret key

i have secret key


tried list-packets & -vvv - nothing more on errors



maybe this is conflict with persistent gpg-agent and ssh-agent
they are listed in htop with PID but no RAM use

how can to figure this out ?








same error is if i run thunderbird from terminal, with LD path

i can run enigmail beta and see EDDSA and ECDH subkeys ok

can sign EDDSA mail

but no encrypt



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: compile 2.1.10 no bzip2 ?

[Fulano Diego Perez]

NIIBE Yutaka:
> It seems for me that you don't have libbz2-dev package installed.
> 
>$ sudo apt-get install libbz2-dev

right

/etc/apt/sources.list.bk

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to export ASCII armored secret key without passphrase?

[Andrey Utkin]

On 01/20/2016 07:13 PM, Peter Lebbing wrote:
> Is your GnuPG 2.1.10 binary invoked as "gpg", not as "gpg2"? Which OS is this
> and where did you get GnuPG 2.1.10? This might be an issue if you want to
> install GnuPG 1.4 alongside. I believe in Debian, the plan is to name the 2.1
> binary gpg and the 1.4 binary gpg1, but that hasn't been done yet AFAIK.

In Gentoo this is the case. And it also currently doesn't allow to have
two installation at the same time. There's concept of slots, but nobody
has cared enough to implement different slots for it.

-- 
xmpp:andrey.ut...@decent.im



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Different SHA1 Checksum using Microsoft file checksum integrity verifier

[W Wong]

Greeting all:

I downloaded the Gpg4win 2.3.0 (Released: 2015-11-25)

from https://www.gpg4win.org/download.html


I did a checksum using Microsoft file checksum integrity verifier as
follows:

C:\Users\edsw\utility>fciv.exe ..\..\Downloads\gpg4win-2.3.0.exe

//

// File Checksum Integrity Verifier version 2.05.

//

4a88f90a01b0ba8e3eb0073f7b6a4bfb ..\..\downloads\gpg4win-2.3.0.exe


The checksum is different from the one announced on the site


SHA1 checksum (for gpg4win2.3.0.exe):
88d90ee9a1ea3e66b198ea866063140b882444d5


I believe that nothing has been tampered with the version  gpg4win-2.3.0.exe
that I have downloaded. Is there any reason why the Microsoft file checksum
integrity verifier (fciv) will produce a different checksum?


May be the checksum announced on the https://www.gpg4win.org/download.html

has not been updated for a while???


Please comment.  Thanks in advance for your assistance with my query


Best regards,


Wyatt
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Key signing with non-primary UID

[Przemysław Pawełczyk]

Hi!

I would like to sign someone's key with my non-primary UID.
Why? To reflect that given UID is the one I use when contacting owner
of the key I want to sign.
I failed to find how I can do it, though.

Previously, I asked about this on #gnupg IRC channel a few days ago.
aef wrote there:

> your user ID is usually not attached to the certification signature

Later he added:

> afaik, the RFC4880  5.2.3.22. "Signer's User ID" subpacket is not supported 
> by GnuPG

In the end he also wrote:

> stay around, maybe i'm mistaken and someone corrects my words later
> i'm not fully up-to-date on the state. though i'm rather convinced that it's 
> not implemented

The topic has not been brought up later, so now I'm reaching the ML.

I'm using GnuPG 2.1.10. Is it possible nowadays to do what I want in it?

If we can select whether we want to sign particular UID of someone's
key, then I think we should be able to select which our UID will be
used during key signing.

P.S. Please CC me, I'm not on the ML.

-- 
Przemysław 'Przemoc' Pawełczyk
http://przemoc.net/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Different SHA1 Checksum using Microsoft file checksum integrity verifier

[Daniel Kahn Gillmor]

Hi Wyatt--

On Sat 2016-01-23 05:58:49 -0500, W Wong wrote:

> I downloaded the Gpg4win 2.3.0 (Released: 2015-11-25)
> from https://www.gpg4win.org/download.html
>
> I did a checksum using Microsoft file checksum integrity verifier as
> follows:

on any modern version of windows, you should be able to do checksum
verification with certutil.exe using the -hashfile subcommand:

 https://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_hashfile

> C:\Users\edsw\utility>fciv.exe ..\..\Downloads\gpg4win-2.3.0.exe
> //
> // File Checksum Integrity Verifier version 2.05.
> //
> 4a88f90a01b0ba8e3eb0073f7b6a4bfb ..\..\downloads\gpg4win-2.3.0.exe
>
> The checksum is different from the one announced on the site
>
> SHA1 checksum (for gpg4win2.3.0.exe):
> 88d90ee9a1ea3e66b198ea866063140b882444d5


Note that the lengths are different, which suggests that they might be
different digest algorithms entirely. I believe that fciv.exe is
calculating the MD5 checksum, while the download site is using the SHA1
checksum.

Indeed, i see the MD5 sum matching the value you found with fciv.exe,
while the SHA1 sum matches the published data:

0 dkg@alice:~$ gpg2 --print-md MD5 < gpg4win-2.3.0.exe 
4A 88 F9 0A 01 B0 BA 8E  3E B0 07 3F 7B 6A 4B FB
0 dkg@alice:~$ gpg2 --print-md SHA1 < gpg4win-2.3.0.exe 
88D9 0EE9 A1EA 3E66 B198  EA86 6063 140B 8824 44D5
0 dkg@alice:~$

So i think your download is most likely ok (assuming that fciv is doing
what i believe it is).

fwiw, MD5 and SHA1 are both old digest algorithms, and are not as strong
as they should be.  I recommend that anyone using checksums for file
integrity switch to SHA256 as soon as possible.

Also, the OpenPGP signature published at
https://files.gpg4win.org/gpg4win-2.3.0.exe.sig itself uses SHA1
internally.  This is also a bad idea.  signatures published today should
use at least SHA256, as every modern OpenPGP implementation has been
capable of verifying SHA256 signatures for years now.

hth,

--dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Different SHA1 Checksum using Microsoft file checksum integrity verifier

[Tom Browder]

On Sat, Jan 23, 2016 at 4:58 AM, W Wong  wrote:
> I downloaded the Gpg4win 2.3.0 (Released: 2015-11-25)
> from https://www.gpg4win.org/download.html
...
> I did a checksum using Microsoft file checksum integrity verifier as
> follows:
>
> C:\Users\edsw\utility>fciv.exe ..\..\Downloads\gpg4win-2.3.0.exe
>
> //
>
> // File Checksum Integrity Verifier version 2.05.
>
> //
>
> 4a88f90a01b0ba8e3eb0073f7b6a4bfb ..\..\downloads\gpg4win-2.3.0.exe

Wyatt, that checksum is shorter than the one on the site.  Make sure
you use the '-sha1' option.

-Tom

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users