Re: gpg2 on a Windows 10 Pro 64 bit machine

2017-02-26 Thread Robert J. Hansen 
> I am not sure what that is referring to. Also, there are numerous keys
> listed as revoked or expired. Is there a anything I can run from the
> command line that will automatically remove all revoked or expired keys?

Kinda-sorta, but yes!

WARNING: this works on my laptop for both GnuPG 2.0 and 2.1.  It may not
work on yours.

Save everything between the "=" marks to a file named "gpgclean.ps1".


=
# gpgclean.ps1 -- cleans expired/revoked keys from GnuPG
# Requires GnuPG 2.0 or later.
#
# Copyright 2017, Rob Hansen
#
# Permission to use, copy, modify, and/or distribute this
# software for any purpose with or without fee is hereby
# granted, provided that the above copyright notice and
# this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
# USE OR PERFORMANCE OF THIS SOFTWARE.



# Use the Windows Registry to find GnuPG's location

## Start by looking for GnuPG 2.1.  If we can't find
## it, fall back to looking for 2.0.

If (Test-Path "HKLM:\Software\WOW6432Node\GnuPG") {
$gpgdir = Join-Path `
-Path (Get-ItemPropertyValue `
-Path "HKLM:\Software\WOW6432Node\GnuPG" `
"Install Directory") `
-ChildPath "bin"
$gpg = Join-Path -Path $gpgdir "gpg.exe"
}
ElseIf (Test-Path "HKLM:\Software\WOW6432Node\GNU\GnuPG") {
$gpgdir = Get-ItemPropertyValue `
-Path "HKLM:\Software\WOW6432Node\Gnu\GnuPG" `
"Install Directory"
$gpg = Join-Path -Path $gpgdir "gpg2.exe"
}

# Create the two Lists we're going to use to store the
# revoked/expired private keys and the revoked/expired
# public keys
$private_keys = New-Object `
-TypeName System.Collections.Generic.List[string]
$public_keys = New-Object `
-TypeName System.Collections.Generic.List[string]

# Many of our "expired" keys will have new, duration-
# extending signatures.  We do a keyring refresh from the
# keyservers to ensure we don't delete anything we don't
# have to.
&$gpg --keyserver pool.sks-keyservers.net `
--refresh

# Get the expired/revoked private and public keys
(&$gpg --keyid-format long `
--fixed-list-mode `
--with-colons --list-key | `
Select-String -Pattern "^pub:(r|e)").ForEach({
$match = [regex]::match($_, "([A-F0-9]{16})")
$keyid = $match.Groups[1].Value
$public_keys.Add($keyid)
}
)

## In GnuPG 2.0, you can't figure out whether a private
## key is expired except by looking at its corresponding
## public key.  In GnuPG 2.1, you can, but the old way
## still works.  This code will therefore work with both.
If ($public_keys.Count -gt 0) {
(&$gpg --keyid-format long `
--fixed-list-mode `
--with-colons --list-secret-key $public_keys | `
Select-String -Pattern "^sec").ForEach({
$match = [regex]::match($_, "([A-F0-9]{16})")
$keyid = $match.Groups[1].Value
$private_keys.Add($keyid)
}
)
}

# If we have revoked/expired private keys, get rid
# of them first.
if ($private_keys.Count -gt 0) {
&$gpg --yes --delete-secret-keys $private_keys
}
# Follow up with revoked/expired public keys
if ($public_keys.Count -gt 0) {
&$gpg --yes --delete-keys $public_keys
}
=


Save that.  Then, in the "Ask me anything" box, type "Windows
PowerShell".  Launch the program that comes up.  You'll see a prompt like:

PS C:\Users\rjh>

Then just type the path to gpgclean.ps1 and hit RETURN.

PS C:\Users\rjh> .\Documents\gpgclean.ps1

It will likely appear to hang for a few minutes.  That's normal.  It's
refreshing your keyring in order to see if any certs have revised
expiration dates.  Once it finishes that, the rest goes quickly.

If there's interest, I'll put a good-looking GUI on this.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg2 on a Windows 10 Pro 64 bit machine

2017-02-26 Thread antony 
On February 26, 2017 5:30:20 AM EST, Jerry  wrote:
>
>gpg: can't handle key algorithm 22
>gpg: can't handle key algorithm 18
>
>I am not sure what that is referring to. Also, there are numerous keys
>listed as revoked or expired. Is there a anything I can run from the
>command line that will automatically remove all revoked or expired
>keys?

Not sure on that one.

>gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3)
>libgcrypt 1.6.6

For your original issue, IIRC, that version of libgcrypt can't handle the 
elliptic curve algorithms that were added in libgcrypt 1.7 and gnupg 2.1. It 
just means that there are keys on your keyring that use these algorithms and 
gnupg doesn't understand them.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg2 on a Windows 10 Pro 64 bit machine

2017-02-26 Thread Jerry 
On a Windows 10 PRO 64 bit machine, when I run the following command:

gpg2.exe --refresh-keys

I receive the following error message:

gpg: can't handle key algorithm 22
gpg: can't handle key algorithm 18

I am not sure what that is referring to. Also, there are numerous keys
listed as revoked or expired. Is there a anything I can run from the
command line that will automatically remove all revoked or expired keys?

This is the gpg2 info.

C:\WINDOWS\system32>gpg2.exe --version
gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3)
libgcrypt 1.6.6
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/Gerard/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7),
AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11),
CAMELLIA192 (S12), CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
  SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)


Thanks

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Announcing paperbackup.py to backup keys as QR codes on paper

2017-02-26 Thread Peter Lebbing 
By the way, don't worry about the license. I just slapped it on there
because you need /something/. (I didn't even look at paperbackup.py's
license, which was dumb, I would have put an MIT license on it otherwise.)

If you're going to use it, I assume you're just going to embed the few
lines of code there are into paperbackup.py. You have my permission to
use the code in posixcksum.py in paperbackup.py *without attribution*.
You don't have to name me, just use it.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users