Re: GnuPG-card works in the Ubuntu smartphone

2017-09-24 Thread Ben McGinnes 
On Sun, Sep 24, 2017 at 05:55:28PM +, Matthias Apitz wrote:
> 
> I'm not on Emacs, but vim. But, with the example you gave and
> looking on some sources in the blog at gnupg.org I think I can do
> it. Groff was more challenging in the past :-)

You can always use the quick and dirty solution: write it in Markdown
and then use pandoc to convert from that to Org-Mode.  It might need a
little tweaking or adjustment afterwards, but probably not much.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG-card works in the Ubuntu smartphone

2017-09-24 Thread Matthias Apitz 
El día domingo, septiembre 24, 2017 a las 05:31:56p. m. +0200, Werner Koch 
escribió:

> On Sun, 24 Sep 2017 10:59, g...@unixarea.de said:
> 
> > I would be happy to write something in this blog, but I never wrote
> > something in 'org-mode' format, any pointer to some guide? I'm attaching
> 
> If you are on Emacs it is already included and part of Emacs help
> system.  It's website is org-mode.org.   The markup is easy:

I'm not on Emacs, but vim. But, with the example you gave and looking on
some sources in the blog at gnupg.org I think I can do it. Groff was
more challenging in the past :-)

I will look for some slot next week. I will have to send it to you as I
don't see a way to create an account in the blog...

matthias



-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signing failed -- "No secret key", even though I have the key

2017-09-24 Thread Kristian Fiskerstrand 
On 09/24/2017 05:34 PM, azarus wrote:
> ssb#  rsa4096 2017-06-23 [SE]
> 
> Can somebody explain what I'm doing wrong? 

A combined sign and encrypt capable subkey would be wrong #1, you likely
want to revoke this one and generate separate subkeys for the various
options.

Aditionally, they are stubs, as indicated by the "#"-sign, so not
available on the computer you're executing the signature operation on.

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Nomina stultorum scribuntur ubique locorum
Fools have the habit of writing their names everywhere



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Signing failed -- "No secret key" even though I have it

2017-09-24 Thread azarus 
Hello GPG users,

I have a problem regarding signing data. Whenever I try clear-signing,
this appears:

gpg: writing to stdout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

hello
gpg: signing failed: No secret key
gpg: [stdin]: clear-sign failed: No secret key

I invoked clearsign like this:

echo "hello" | gpg --sign-with  --clearsign

This is what gpg -K lists:

/home/azarus/.gnupg/pubring.kbx
---
sec   rsa4096 2016-12-20 [SC]
  
uid   [ultimate]  
uid   [ultimate]  
ssb   rsa4096 2016-12-20 [E]
ssb#  rsa4096 2017-06-23 [SE]

Can somebody explain what I'm doing wrong? This was working a couple of
days ago, I even reset my .gnupg directory from a backup, with  no
success.

Thanks for the help!

All the best,

azarus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Signing failed -- "No secret key", even though I have the key

2017-09-24 Thread azarus 
Hello GPG users,

I have a problem regarding signing data. Whenever I try clear-signing,
this appears:

gpg: writing to stdout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

hello
gpg: signing failed: No secret key
gpg: [stdin]: clear-sign failed: No secret key

I invoked clearsign like this:

echo "hello" | gpg --sign-with  --clearsign

This is what gpg -K lists:

/home/azarus/.gnupg/pubring.kbx
---
sec   rsa4096 2016-12-20 [SC]
  
uid   [ultimate]  
uid   [ultimate]  
ssb   rsa4096 2016-12-20 [E]
ssb#  rsa4096 2017-06-23 [SE]

Can somebody explain what I'm doing wrong? This was working a couple of
days ago, I even reset my .gnupg directory from a backup, with  no
success.

Thanks for the help!

All the best,

azarus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG-card works in the Ubuntu smartphone

2017-09-24 Thread Werner Koch 
On Sun, 24 Sep 2017 10:59, g...@unixarea.de said:

> I would be happy to write something in this blog, but I never wrote
> something in 'org-mode' format, any pointer to some guide? I'm attaching

If you are on Emacs it is already included and part of Emacs help
system.  It's website is org-mode.org.   The markup is easy:

--8<---cut here---start->8---
# Without a .org suffix this is useful: -*- org -*-
#+TITLE: Sample Document

* This is a level 1 header

** This is a level 2 header

Here is some text with /italics/ or *bold* or _underscored_.

- First list item
- Second list item
  - Sublist item 1
  - sublist iten 2 

#+begin_src
source code
#+end_src

This is [[https://example.org][an external link]] and there are a lot of
other things one does not need to know to get started.

# IMHO a major annoyance in Markdown the missing of source comments like
# this one in org-mode
--8<---cut here---end--->8---

If you go to a blog article on gnupg.org (or actually any page) you find
a link to the source right down at the bottom of the page.

> below a text version of the write-up. A photo is here:

Shall I do a basic markup and send it to you?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpdujBvRErfq.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG-card works in the Ubuntu smartphone

2017-09-24 Thread Matthias Apitz 
El día domingo, septiembre 24, 2017 a las 08:56:56a. m. +0200, Werner Koch 
escribió:

> On Sat, 23 Sep 2017 10:47, g...@unixarea.de said:
> > I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details
> > here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3
> 
> Cool.
> 
> > I could post a small how-to to some place because due to the nature of
> 
> Would you like to write a blog entry for gnupg.org?  Needs to be done in
> org-mode formaty but I can offer to copyedit it for you.  One or two
> picture would also be nice.

I would be happy to write something in this blog, but I never wrote
something in 'org-mode' format, any pointer to some guide? I'm attaching
below a text version of the write-up. A photo is here:
http://www.unixarea.de/UbuntuPhone-GnuPG-card.jpg
If it should be og better quality, I have to look for some equipment.
For the connection between the USB token and the phone, I used some OTG
(USB On-The-Go) cable. I own as well a small connector receiving on one
end the token and to be plugged in into the phones port, but this
connection is very unstable, with the cable it's fine.

matthias


Using GnuPG-card in the UbuntuPhone BQ E4.5:

phablet@ubuntu-phablet-bq:~$ 
phablet@ubuntu-phablet-bq:~$ sudo chroot myRoot/
...

root@ubuntu-phablet:/# apt-get install pinentry-curses
root@ubuntu-phablet:/# apt-get install pass
root@ubuntu-phablet:/# apt-get install libudev-dev



Installing GnuPG 2.2.1 into the 'myRoot' system 

compile in ~phablet (in myRoot) the following pieces:

libassuan-2.4.3
libgpg-error-1.27
libksba-1.3.5
npth-1.5
libgcrypt-1.8.1
gnupg-2.2.1

always with ./configure && make && sudo make install; the software ends
up below /usr/local (i.e. /home/phablet/myRoot/usr/local when one looks
from outside the chroot'ed phone system);

note: 'gpg2' is /usr/local/bin/gpg


Now from the phone system configure:

$ mkdir ~/.gnupg

$ cat .gnupg/gpg.conf
#
agent-program  /home/phablet/myRoot/usr/local/bin/gpg-agent

$ cat .gnupg/gpg-agent.conf 
pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses
scdaemon-program /home/phablet/myRoot/usr/local/libexec/scdaemon
log-file /home/phablet/gpg-agent.log
log-file /dev/null
debug-level guru

Due to the nature of the installation in the chrooted system we
need small wrapper scripts to set PATH, LD_LIBRARY_PATH, ... and
other stuff;

$ cat ~/gpg.sh
#!/bin/sh
LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH
PATH=/home/phablet/myRoot/usr/local/bin:$PATH  export PATH
GNUPGHOME=/home/phablet/.gnupgexport GNUPGHOME
GPG_TTY=$(tty)export GPG_TTY
/home/phablet/myRoot/usr/local/bin/gpg-agent\
--homedir /home/phablet/.gnupg  \
--daemon\
--pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses
/home/phablet/myRoot/usr/local/bin/gpg-connect-agent /bye
/home/phablet/myRoot/usr/local/bin/gpg $*

run and create for test a keypair (later we want to use the GnuPG-card
for this)

$ ~/gpg.sh --full-generate-key
gpg-agent[2973]: enabled debug flags: mpi crypto memory cache memstat hashing 
ipc
gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
...

This starts the gpg-agent as:

$ ps ax | grep gpg-a
 2974 ?Ss 0:00 /home/phablet/myRoot/usr/local/bin/gpg-agent 
--homedir /home/phablet/.gnupg --daemon --pinentry-program 
/home/phablet/myRoot/usr/bin/pinentry-curses


Now we can use the the 'pass' command we installed in the chroot'es system
with

$ cat pass.sh
#!/bin/sh
LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH
PATH=/home/phablet/myRoot/usr/local/bin:$PATH  export PATH
GNUPGHOME=/home/phablet/.gnupgexport GNUPGHOME
GPG_TTY=$(tty)export GPG_TTY
unset GPG_AGENT_INFO
/home/phablet/myRoot/usr/bin/pass $*


Init the pass storage as:

$ ./pass.sh init Matthias

 
┌┐
 │ Please enter the passphrase to unlock the OpenPGP secret 
key:  │
 │ "Matthias Apitz (test) "  
  │
 │ 2048-bit RSA key, ID 93A6FBF52FA76DB0,   
  │
 │ created 2017-09-22 (main key ID 3FECB79DDDA409E4).   
  │
 │  
  │
 │  
  │
 │ Passphrase: 
***___ │
 │  
  │
 │

Re: GnuPG-card works in the Ubuntu smartphone

2017-09-24 Thread Werner Koch 
On Sat, 23 Sep 2017 10:47, g...@unixarea.de said:
> I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details
> here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3

Cool.

> I could post a small how-to to some place because due to the nature of

Would you like to write a blog entry for gnupg.org?  Needs to be done in
org-mode formaty but I can offer to copyedit it for you.  One or two
picture would also be nice.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp9MSbHlttUb.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users