Test Mail

2017-01-04 Thread Roger 
Test mail to mailing list testing GNUPG signing, appearance and hopefully 
conforming to mailing list standards.

-- 
Roger
http://rogerx.freeshell.org/


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: exported subkey usage?

2017-01-04 Thread Daniel Kahn Gillmor 
On Wed 2017-01-04 16:29:50 -0500, Lou Wynn wrote:
> What is going on here? Does GPG2 use some special way to mark the usage
> of a subkey? How can I make it interchangeable with other programs?

the "public key algorithm" is "RSA (Encrypt or Sign)".  The usage info is
stored in the "key flags" subpackets in self-signatures (over uids for
the primary key, and binding signatures for the subkeys).  Please see:

  https://tools.ietf.org/html/rfc4880#section-5.2.3.21
  https://tools.ietf.org/html/rfc4880#section-9.1

the "public key algorithm" values 2 (RSA Encrypt-only) and 3 (RSA
sign-only) are deprecated.

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

exported subkey usage?

2017-01-04 Thread Lou Wynn 
Hi,

I created a master key and two subkeys with one subkey being signing and
the other encryption. I then exported the two subkeys only.

However, when I used pgpdump to inspect packet types, both subkeys are
been marked as "RSA Encrypt or Sign (pub 1)." When I used another
program whose backend is BouncyCastle's PGP engine, the program cannot
tell which subkey is for what.

I deleted the key in my keyring and used GPG2 to import the two subkeys
back. To my surprise, they are correctly marked as [S] and [E].

What is going on here? Does GPG2 use some special way to mark the usage
of a subkey? How can I make it interchangeable with other programs?

I've attached the master key and the two subkeys to this letter so that
you can inspect them (I made up other info just for testing, so don't
worry about it). The OneMasterTwoSubkey has the master key with two
subkeys, and the other only has the subkeys. The passphrase is "1".


-- 
Thanks,
Lou



OneMasterTwoSubkey
Description: Binary data


TwoSubkeyOnly
Description: Binary data
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

2017-01-04 Thread gnupg-users . dirk 
Hi Peter,

thanks for you reply but it is now not working at all. Even if my reader
- Ominkey 3121 is listed in you link.

o.k. I removed pcscd and changed the scdaemon.conf to this:
card-timeout 5
#disable-ccid
debug-level basic
log-file /home/dirk/scdaemon.log
debug-ccid-driver

scdaemon Log

2017-01-04 21:08:31 scdaemon[3398] listening on socket
'/run/user/1000/gnupg/S.scdaemon'
2017-01-04 21:08:31 scdaemon[3398] handler for fd -1 started
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: using CCID reader 0
(ID=076B:3022:X:0)
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: idVendor: 076B 
idProduct: 3022  bcdDevice: 0204
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: ChipCard Interface
Descriptor:
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bLength54
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bDescriptorType33
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bcdCCID  1.00
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
nMaxSlotIndex   0
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bVoltageSupport 7  ?
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwProtocols 3  T=0 T=1
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwDefaultClock   4800
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwMaxiumumClock  8000
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bNumClockSupported  4
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwDataRate  10752 bps
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwMaxDataRate  412903 bps
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bNumDataRatesSupp.106
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwMaxIFSD 492
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:   dwSyncProtocols 
0007  2-wire 3-wire I2C
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:   dwMechanical

2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:   dwFeatures  
000407B2
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Auto
configuration based on ATR (assumes auto voltage)
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Auto clock change
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Auto baud rate
change
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Auto PPS made
by CCID
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: CCID can set
ICC in clock stop mode
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: NAD value other
than 0x00 accepted
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Auto IFSD exchange
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver: Short and
extended APDU level exchange
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
dwMaxCCIDMsgLen   502
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bClassGetResponseecho
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bClassEnvelope   echo
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
wlcdLayout   none
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bPINSupport 0
2017-01-04 21:08:31 scdaemon[3398] DBG: ccid-driver:  
bMaxCCIDBusySlots   1
2017-01-04 21:08:36 scdaemon[3398] DBG: ccid-driver: usb_bulk_write
error: LIBUSB_ERROR_TIMEOUT
2017-01-04 21:08:36 scdaemon[3398] reader slot 0: using ccid driver
2017-01-04 21:08:36 scdaemon[3398] DBG: chan_5 -> OK GNU Privacy Guard's
Smartcard server ready
2017-01-04 21:08:41 scdaemon[3398] DBG: ccid-driver: usb_bulk_write
error: LIBUSB_ERROR_TIMEOUT
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 <- GETINFO socket_name
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 -> D
/run/user/1000/gnupg/S.scdaemon
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 -> OK
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 <- OPTION event-signal=12
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 -> OK
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 <- GETINFO version
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 -> D 2.1.15
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 -> OK
2017-01-04 21:08:41 scdaemon[3398] DBG: chan_5 <- SERIALNO openpgp
2017-01-04 21:08:46 scdaemon[3398] DBG: ccid-driver: usb_bulk_write
error: LIBUSB_ERROR_TIMEOUT
2017-01-04 21:08:46 scdaemon[3398] DBG: Removal of a card: 0
2017-01-04 21:08:46 scdaemon[3398] DBG: chan_5 -> ERR 100696144 No such
device 


On 04.01.2017 18:51, Peter Lebbing wrote:
> I think you should be able to use this card reader without pcscd, using the
> internal CCID driver of GnuPG[1]. Just stop and disable pcscd, hopefully GnuPG
> will find the reader and use it right away. That might solve your problem. I 
> use
> GnuPG's internal CCID driver, and it is completely resilient against both
> pulling the card as well as unplugging the reader.
>
> HTH,
>
> Peter.
>
> [1] https://www.gnupg.org/howtos/card-howto/en/ch02s02.html
>



___
Gnupg-users mailing list

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

2017-01-04 Thread Peter Lebbing 
I think you should be able to use this card reader without pcscd, using the
internal CCID driver of GnuPG[1]. Just stop and disable pcscd, hopefully GnuPG
will find the reader and use it right away. That might solve your problem. I use
GnuPG's internal CCID driver, and it is completely resilient against both
pulling the card as well as unplugging the reader.

HTH,

Peter.

[1] https://www.gnupg.org/howtos/card-howto/en/ch02s02.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

2017-01-04 Thread gnupg-users . dirk 
Hello all,

I recently changed to the GnuPG Smartcard which in general works fine
for eMail and for SSH authentication (on Ubuntu 16.10).
The only problem I encountered was that when I pull the card from the
reader and reinsert it the gpg-agent will not recover.

I have to kill him gpgconf --kill gpg-agent.

I checked the logs for gpg-agent, scdaemon and pcscd.
The only suspicious I found was this in the pcscd output.

#normal operation

00500755 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 14
00500775 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 14
00500746 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 14
00500754 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 14

#remove card

00481042 eventhandler.c:357:EHStatusHandlerThread() Card Removed From
OMNIKEY AG 3121 USB 00 00
00019695 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 14


#insert card

03660811 ifdhandler.c:1146:IFDHPowerICC() action: PowerUp,
usb:076b/3022:libudev:0:/dev/bus/usb/001/008 (lun: 0)
0032199 eventhandler.c:405:EHStatusHandlerThread() powerState:
POWER_STATE_POWERED
0025 eventhandler.c:422:EHStatusHandlerThread() Card inserted into
OMNIKEY AG 3121 USB 00 00
0013 Card ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00
90 00 0C

#query card

02063947 winscard_msg_srv.c:253:ProcessEventsServer() Common channel
packet arrival
0025 winscard_msg_srv.c:265:ProcessEventsServer()
ProcessCommonChannelRequest detects: 15
0007 pcscdaemon.c:134:SVCServiceRunLoop() A new context thread
creation is requested: 15
0093 winscard_svc.c:331:ContextThread() Authorized PC/SC client
0018 winscard_svc.c:335:ContextThread() Thread is started:
dwClientID=15, threadContext @0x9d5560
0019 winscard_svc.c:353:ContextThread() Received command:
CMD_VERSION from client 15
0009 winscard_svc.c:365:ContextThread() Client is protocol version 4:3
0006 winscard_svc.c:385:ContextThread() CMD_VERSION rv=0x0 for client 15
0083 winscard_svc.c:353:ContextThread() Received command:
ESTABLISH_CONTEXT from client 15
0014 winscard.c:215:SCardEstablishContext() Establishing Context:
0x5FFCC3AF
0005 winscard_svc.c:446:ContextThread() ESTABLISH_CONTEXT rv=0x0 for
client 15
0059 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 15
0037 winscard_svc.c:353:ContextThread() Received command:
CMD_GET_READERS_STATE from client 15
0269 winscard_svc.c:353:ContextThread() Received command: CONNECT
from client 15
0035 winscard_svc.c:484:ContextThread() Authorized client for
'OMNIKEY AG 3121 USB 00 00'
0006 winscard.c:257:SCardConnect() Attempting Connect to OMNIKEY AG
3121 USB 00 00 using protocol: 3
0006 readerfactory.c:768:RFReaderInfo() RefReader() count was: 1

# Suspicious ?

0005 winscard.c:284:SCardConnect() Error Reader Exclusive

0004 winscard.c:512:SCardConnect() UnrefReader() count was: 2
0006 winscard_svc.c:498:ContextThread() CONNECT rv=0x801B for
client 15
02935987 ifdhandler.c:1146:IFDHPowerICC() action: PowerDown,
usb:076b/3022:libudev:0:/dev/bus/usb/001/008 (lun: 0)
0474 eventhandler.c:481:EHStatusHandlerThread() powerState:
POWER_STATE_UNPOWERED


I can not figure out what is the problem. Neiter I found anything in the
documentation / google . Is this  common ? 

Does anyone have an ideas where this problem comes from ?
Maybe it is just that I'm doing something wrong.
Happy to provide more information if needed.

thanks and best regards

Dirk




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Meaning of "text user ID's"?

2017-01-04 Thread Kristian Fiskerstrand 
On 01/04/2017 03:00 PM, Peter Lebbing wrote:
> On 04/01/17 14:56, Kristian Fiskerstrand wrote:
>> What gives you the indication that the UAT is about to be signed?
> 
> First and foremost, that it was actually signed when I agreed. I deleted the
> signature afterwards.
> 
> Secondly, I just posted again with a bit more readable text :-). You can 
> clearly
> see it is proposing to do it.
> 

Gotcha :)


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Nil desperandum
Never give up



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Meaning of "text user ID's"?

2017-01-04 Thread Peter Lebbing 
On 04/01/17 14:56, Kristian Fiskerstrand wrote:
> What gives you the indication that the UAT is about to be signed?

First and foremost, that it was actually signed when I agreed. I deleted the
signature afterwards.

Secondly, I just posted again with a bit more readable text :-). You can clearly
see it is proposing to do it.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Meaning of "text user ID's"?

2017-01-04 Thread Peter Lebbing 
(Ah, isn't that nice, Enigmail reformats the message when I do a signature.
Manually restored some sanity)

I'm signing keys after a keysigning party, using GnuPG 2.1.16. Issuing
--edit-key sign, I'm asked:

"Really sign all text user IDs? (y/N)"

Now here's what I see (anonymized):

> gpg (GnuPG) 2.1.16; Copyright (C) 2016 Free Software Foundation, Inc. This
> is free software: you are free to change and redistribute it. There is NO
> WARRANTY, to the extent permitted by law.
>
>
> pub  rsa4096/ created: 2015-10-11  expires: never  usage: SC
> sub  rsa4096/ created: 2015-10-11  expires: never  usage: E
> sub  rsa4096/ created: 2015-10-15  expires: never  usage: S
> [ unknown] (1). Bob Alisson 
> [ unknown] (2)  Bob Alisson 
> [ unknown] (3)  Bob Alisson 
> [ unknown] (4)  Bob Alisson 
> [ unknown] (5)  [jpeg image of size 8148]
>
> Really sign all text user IDs? (y/N) y
>
> pub  rsa4096/
>  created: 2015-10-11  expires: never usage: SC
>  Primary key fingerprint: [...]
>
>  Bob Alisson 
>  Bob Alisson 
>  Bob Alisson  
>  Bob Alisson 
>  [jpeg image of size 8148]
>
> Are you sure that you want to sign this key with your key "Peter Lebbing
> " (AC46EFE6DE500B3E)

So how come that the jpeg image is about to be signed as well? What does "TEXT
user ID" mean? I would have expected only the other UID's to be signed. Is this
a bug in my head or in the code?

Cheers,

Peter.

PS: Alice is Bob's forebear.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Meaning of "text user ID's"?

2017-01-04 Thread Kristian Fiskerstrand 
On 01/04/2017 02:53 PM, Peter Lebbing wrote:
> So how come that the jpeg image is about to be signed as well? What does "TEXT
> user ID" mean? I would have expected only the other UID's to be signed. Is 
> this
> a bug in my head or in the code?

What gives you the indication that the UAT is about to be signed? (can
try it and not save/delete public key without publishing to see actual
result)

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Cogito ergo sum
I think, therefore I am



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Meaning of "text user ID's"?

2017-01-04 Thread Peter Lebbing 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm signing keys after a keysigning party, using GnuPG 2.1.16. Issuing
- --edit-key sign, I'm asked:

"Really sign all text user IDs? (y/N)"

Now here's what I see (anonymized):

> gpg (GnuPG) 2.1.16; Copyright (C) 2016 Free Software Foundation, Inc. This
> is free software: you are free to change and redistribute it. There is NO
> WARRANTY, to the extent permitted by law.
> 
> 
> pub  rsa4096/ created: 2015-10-11  expires: never
> usage: SC sub  rsa4096/ created: 2015-10-11  expires: never
> usage: E sub  rsa4096/ created: 2015-10-15  expires: never
> usage: S [ unknown] (1). Bob Alisson  [ unknown] (2)  Bob
> Alisson  [ unknown] (3)  Bob Alisson
>  [ unknown] (4)  Bob Alisson
>  [ unknown] (5)  [jpeg image of size 8148]
> 
> Really sign all text user IDs? (y/N) y
> 
> pub  rsa4096/ created: 2015-10-11  expires: never
> usage: SC Primary key fingerprint: [...]
> 
> Bob Alisson  Bob Alisson  Bob Alisson
>  Bob Alisson  [jpeg image of
> size 8148]
> 
> Are you sure that you want to sign this key with your key "Peter Lebbing
> " (AC46EFE6DE500B3E)

So how come that the jpeg image is about to be signed as well? What does "TEXT
user ID" mean? I would have expected only the other UID's to be signed. Is this
a bug in my head or in the code?

Cheers,

Peter.

PS: Alice is Bob's forebear.

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEZQCNwiCq4qJXTWzVlp4Bj95s3KEFAlhs/l8ACgkQlp4Bj95s
3KGoegf+LnnLUUmT6sYfXI4k1N/6EvRI9oU/7D2oTLEDAsVbPu/9AWSanSjy4703
02C2d68pk4gNognO7VYnou0o6isn8ryogrG0YvcgN3jNVeUcNBN0QJkvxVGM8sHK
KEvTUYk3YxO98Zce5QiYIGGgzqp8Df97ZNR/6c25zrEbSv2TBVLAOkiEYkKdmRlB
lON7CwYB2b/NuMVTABdKdOmizAzWUKDaCcFQQrqncShkBWHOv6q9uGApNxDGY/ZJ
Mfnan4Uqx4mfvsSQgdHOx5qZ7LVq+1O/jzySr5JMo8CUu59Y8r27fnyQ8z964Jzm
OwWMI4gXEHrYOsQk93R0IZDBza+Hbw==
=Vl/k
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users