devuan jessie gpg 2.2.x thunderbird/apparmor/enigmail rules
any suggestions to complete apparmor rules to enable all functionality
for a /usr/local gpg install with thunderbird/gpg/enigmail ?
currently appended rules below to the default thunderbird profile allow
mostly all functionality except i cannot enable the commented out rules
otherwise enigmail does not detect gnupg and fails to start
as soon i comment out, enigmail fails...
i think my previous email with problems with dirmngr could be related
and if those are debugged, could help here
below allows most thunderbird/enigmail functionality except importing
keyserver keys
/etc/apparmor.d/local/usr.bin.thunderbird:
/usr/local/bin/gpg Cx -> gpg,
/usr/local/bin/gpg-error Cx -> gpg,
#/usr/local/bin/dirmngr Cx -> gpg,
/usr/local/bin/gpg-agent Cx -> gpg,
/usr/local/bin/gpgconf Cx -> gpg,
/usr/local/bin/gpg-connect-agent Cx -> gpg,
#/proc/**/fd/ r,
owner @{HOME}/.gnupg/tofu.db rwk,
#owner @{HOME}/.gnupg/tofu.db-journal rwk,
/usr/local/bin/gpg mr,
/usr/local/bin/gpg-error mr,
#/usr/local/bin/dirmngr mr,
/usr/local/bin/gpg-agent mr,
/usr/local/bin/gpgconf mr,
/usr/local/bin/gpg-connect-agent mr,
/usr/lib/gnupg/gpgkeys_* ix,
/usr/local/lib/** mr,
this profile still logs below possible problems:
[51155.130813] audit: type=1400 audit(1509507779.968:128572837):
apparmor="DENIED" operation="mknod" profile="thunderbird//gpg"
name="/home/user/.gnupg/tofu.db-journal" pid=20072 comm="gpg"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[51155.139191] audit: type=1400 audit(1509507779.976:128572838):
apparmor="DENIED" operation="mknod" profile="thunderbird//gpg"
name="/home/user/.gnupg/tofu.db-journal" pid=20072 comm="gpg"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[51161.198110] audit: type=1400 audit(1509507786.040:128572839):
apparmor="DENIED" operation="open" profile="thunderbird//gpg"
name="/proc/20077/fd/" pid=20077 comm="gpg" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
[51161.198390] audit: type=1400 audit(1509507786.040:128572840):
apparmor="DENIED" operation="exec" profile="thunderbird//gpg"
name="/usr/local/bin/dirmngr" pid=20077 comm="gpg" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0
[51177.540706] audit: type=1400 audit(1509507802.392:128572841):
apparmor="DENIED" operation="open" profile="thunderbird//gpg"
name="/proc/20080/fd/" pid=20080 comm="gpg" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
[51177.541002] audit: type=1400 audit(1509507802.392:128572842):
apparmor="DENIED" operation="exec" profile="thunderbird//gpg"
name="/usr/local/bin/dirmngr" pid=20080 comm="gpg" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: permission denied searching keys WAS: [gpg 2.2.x devuan jessie no TOFU TLS]
later: im not sure what to do now most functionality seems ok except for searching/importing keys from keyservers i can see my local pub/pri keyrings Fulano Diego Perez: > > > Werner Koch: >> On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: >> >>> checking for LIBGNUTLS... no >> >> The minimal requirement is GNUTLS 3.0 - please check that you have the >> 3.x -dev package installed. You should also consult config.log to check >> why GNUTLS was not found. >> >> >> Salam-Shalom, >> >>Werner > > installing pkg-config found them ! $ gpg -vvv --keyserver jirk5u4osbsr34t5.onion --search-keys sexypgp gpg: using character set 'utf-8' gpg: error searching keyserver: Operation not permitted gpg: keyserver search failed: Operation not permitted $ gpgconf --check-programs gpg:OpenPGP:/usr/local/bin/gpg:1:1: gpg-agent:Private Keys:/usr/local/bin/gpg-agent:1:1: scdaemon:Smartcards:/usr/local/libexec/scdaemon:1:1: gpgsm:S/MIME:/usr/local/bin/gpgsm:1:1: dirmngr:Network:/usr/local/bin/dirmngr:1:1: pinentry:Passphrase Entry:/usr/local/bin/pinentry:1:1: $ ls -la /usr/local/bin/ drwxrwsr-x 2 root staff4096 Oct 30 17:39 . drwxrwsr-x 11 root staff4096 Oct 28 02:12 .. lrwxrwxrwx 1 root staff 3 Oct 26 00:02 captoinfo -> tic -rwxr-xr-x 1 root staff 90200 Oct 26 00:02 clear -rwxr-xr-x 1 root staff 2407640 Oct 30 17:39 dirmngr -rwxr-xr-x 1 root staff 481760 Oct 30 17:39 dirmngr-client -rwxr-xr-x 1 root staff 34744 Oct 25 23:45 dumpsexp -rwxr-xr-x 1 root staff 4216344 Oct 30 17:39 gpg -rwxr-xr-x 1 root staff 1667432 Oct 30 17:39 gpg-agent -rwxr-xr-x 1 root staff 591960 Oct 30 17:39 gpgconf -rwxr-xr-x 1 root staff 674176 Oct 30 17:39 gpg-connect-agent -rwxr-xr-x 1 root staff 81640 Oct 25 23:11 gpg-error -rwxr-xr-x 1 root staff2201 Oct 25 23:11 gpg-error-config -rwxr-xr-x 1 root staff 92800 Oct 30 17:39 gpgparsemail -rwxr-xr-x 1 root staff 837064 Oct 30 17:39 gpgscm -rwxr-xr-x 1 root staff 2163056 Oct 30 17:39 gpgsm -rwxr-xr-x 1 root staff 671016 Oct 30 17:39 gpgtar -rwxr-xr-x 1 root staff 2053392 Oct 30 17:39 gpgv -rwxr-xr-x 1 root staff 43720 Oct 25 23:45 hmac256 -rwxr-xr-x 1 root staff 234984 Oct 26 00:02 infocmp lrwxrwxrwx 1 root staff 3 Oct 26 00:02 infotocap -> tic -rwxr-xr-x 1 root staff 799952 Oct 30 17:39 kbxutil -rwxr-xr-x 1 root staff2647 Oct 25 23:47 ksba-config -rwxr-xr-x 1 root staff2522 Oct 25 23:48 libassuan-config -rwxr-xr-x 1 root staff4003 Oct 25 23:45 libgcrypt-config -rwxr-xr-x 1 root staff 51256 Oct 25 23:45 mpicalc -rwxr-xr-x 1 root staff6016 Oct 26 00:02 ncurses6-config -rwxr-xr-x 1 root staff3108 Oct 25 22:58 npth-config lrwxrwxrwx 1 root staff 14 Oct 30 17:32 pinentry -> pinentry-gtk-2 -rwxr-xr-x 1 root staff 466328 Oct 30 17:32 pinentry-curses -rwxr-xr-x 1 root staff 556120 Oct 30 17:32 pinentry-gtk-2 lrwxrwxrwx 1 root staff 4 Oct 26 00:02 reset -> tset -rwxr-xr-x 1 root staff 107384 Oct 26 00:02 tabs -rwxr-xr-x 1 root staff 265896 Oct 26 00:02 tic -rwxr-xr-x 1 root staff 161352 Oct 26 00:02 toe -rwxr-xr-x 1 root staff 107872 Oct 26 00:02 tput -rwxr-xr-x 1 root staff 96184 Oct 26 00:02 tset -rwxr-xr-x 1 root staff 41248 Oct 30 17:39 watchgnupg dirmngr.conf: use-tor keyserver hkp://jirk5u4osbsr34t5.onion any advice to proceed ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.2.x devuan jessie no TOFU TLS
Werner Koch: > On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > >> checking for LIBGNUTLS... no > > The minimal requirement is GNUTLS 3.0 - please check that you have the > 3.x -dev package installed. You should also consult config.log to check > why GNUTLS was not found. > > > Salam-Shalom, > >Werner installing pkg-config found them ! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.2.x devuan jessie no TOFU TLS
Forwarded Message Subject: Re: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 17:36:09 +1100 From: Fulano Diego Perez <fulanope...@cryptolab.net> To: GnuPG Users <gnupg-users@gnupg.org>, d...@lists.dyne.org Daniel Kahn Gillmor: > On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: >> cannot work this out >> >> installed sqlite3 and gnutls available packages and -dev packages > > what versions of these packages did you install? can you provide more > explicit details? aside from below i installed latest gnu package dependencies Package: libgnutls28-dev New: yes State: installed Automatically installed: no Multi-Arch: same Version: 3.3.8-6+deb8u7 Priority: optional Section: libdevel Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Architecture: amd64 Uncompressed Size: 2,957 k Depends: libgnutls-deb0-28 (= 3.3.8-6+deb8u7), libgnutlsxx28 (= 3.3.8-6+deb8u7), nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.9), libp11-kit-dev, libgnutls-openssl27 (= 3.3.8-6+deb8u7) Suggests: gnutls-doc, gnutls-bin, guile-gnutls Conflicts: gnutls-dev Replaces: gnutls-dev Provides: gnutls-dev, libgnutls-openssl-dev Description: GNU TLS library - development files Package: libsqlite3-dev New: yes State: installed Automatically installed: no Multi-Arch: same Version: 3.8.7.1-1+deb8u2 Priority: optional Section: libdevel Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Architecture: amd64 Uncompressed Size: 1,542 k Depends: libsqlite3-0 (= 3.8.7.1-1+deb8u2), libc6-dev Suggests: sqlite3-doc Description: SQLite 3 development files > > the debian packages build fine on stretch and later, but i'm reluctant > to try to backport them to jessie myself these days. Such a port would > introduce too many platform-level incompatibilities. > > --dkg > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg 2.2.x devuan jessie no TOFU TLS
Forwarded Message Subject: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 01:00:36 +1100 From: Fulano Diego Perez <fulanope...@cryptolab.net> To: GnuPG Users <gnupg-users@gnupg.org>, d...@lists.dyne.org cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a working devuan jessie 2.2.x install and care to explain ? many thank yous -- -- GnuPG v2.2.1 has been configured as follows: Revision: 355ca9e (13660) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar:yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: /usr/bin/pinentry Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support:yes LDAP support:yes TLS support: no TOFU support:no Tor support: yes checking for SQLITE3... no configure: WARNING: *** *** Building without SQLite support - TOFU disabled *** *** *** checking for encfs... /usr/bin/encfs checking for fusermount... /bin/fusermount checking for openpty in -lutil... yes checking for shred... /usr/bin/shred checking for npth-config... /usr/local/bin/npth-config checking for NPTH - version >= 1.2... yes (1.5) checking NPTH API version... okay checking for ntbtls-config... no checking for NTBTLS - version >= 0.1.0... no checking for LIBGNUTLS... no configure: WARNING: *** *** Building without NTBTLS and GNUTLS - no TLS access to keyservers. *** *** ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg 2.2.x devuan jessie no TOFU TLS
cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a working devuan jessie 2.2.x install and care to explain ? many thank yous -- -- GnuPG v2.2.1 has been configured as follows: Revision: 355ca9e (13660) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar:yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: /usr/bin/pinentry Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support:yes LDAP support:yes TLS support: no TOFU support:no Tor support: yes checking for SQLITE3... no configure: WARNING: *** *** Building without SQLite support - TOFU disabled *** *** *** checking for encfs... /usr/bin/encfs checking for fusermount... /bin/fusermount checking for openpty in -lutil... yes checking for shred... /usr/bin/shred checking for npth-config... /usr/local/bin/npth-config checking for NPTH - version >= 1.2... yes (1.5) checking NPTH API version... okay checking for ntbtls-config... no checking for NTBTLS - version >= 0.1.0... no checking for LIBGNUTLS... no configure: WARNING: *** *** Building without NTBTLS and GNUTLS - no TLS access to keyservers. *** *** ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient
> On Fri, Jun 10, 2016, 3:58 AM Fulano Diego Perez > <<mailto:fulanope...@cryptolab.net>fulanope...@cryptolab.net> wrote: > > will gnupg 2.1.x automatically select the senders' older _non > expired_ RSA/ELG subkeys so the recipient can decrypt/verify > signed/encrypted email ? > > is the converse true for the sender for whatever software > implementation they use (is this wishful thinking?) - in that their > software will not fail after detecting newer incompatible subkeys, > and then proceed to select the recipients' older but valid, > compatible subkeys ? > > in other words at this time can gnupg 2.1.x automatically, > compatibly operate with both RSA and EDDSA/ECDH keys/subkeys ? > > > This is exactly the situation I'm in with my public key, > 0424DC19B678A1A9. > > Here's what gpg2 -K shows: > > sec rsa4096/0424DC19B678A1A9 2014-10-08 [C] [expires: 2016-10-07] > uid [ultimate] Brian Minton > <<mailto:br...@minton.name>br...@minton.name> uid > [ultimate] Brian Minton > <<mailto:bjmg...@gmail.com>bjmg...@gmail.com> uid > [ultimate] Brian Minton > <<mailto:bmin...@blinkenshell.org>bmin...@blinkenshell.org> uid > [ultimate] [jpeg image of size 5202] uid [ultimate] > Brian Minton <<mailto:bmin...@freeshell.de>bmin...@freeshell.de> uid > [ultimate] keybase.io/bjmgeek <http://keybase.io/bjmgeek> > <bjmg...@keybase.io <mailto:bjmg...@keybase.io>> ssb > nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2016-10-11] ssb > ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2016-10-11] ssb > elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2016-10-10] ssb > elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2016-10-08] ssb > elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2016-10-09] ssb > dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2016-10-09] > > For encryption, people encrypting to you will use whatever key their > software can use. If the ECC key is newer, then senders that can use > it will by default, while senders that can't will use your ELG key. > So, keep both secret keys available and you'll be fine. Note that I > have a few extra ELG keys which I keep around just in case I need to > decrypt a file that I encrypted with them. There's nothing wrong > with them, so I haven't revoked them. However, gpg (and probably > other PGP clients will use the newest usable key, so people > encrypting to me with gpg2.1 will use EA49CFDB55D113E9 to encrypt, > and people using gpg 2.0 and earlier will use 28FA8B9659A70692. > > For signing, I like to put both key IDs (in my case, ed25519 and DSA) > in my gnupg conf file, so signing automatically uses both keys. The > trick is to use the key IDs of each subkey with an exclamation point > so gnupg takes that specific key. thanks so much for that tip in the manual of course i missed it > For instance, here are the relevant lines from my > ~/.gnupg/gpg.conf-2 file (side note: if you use both gpg 1 and 2 you > can use that kind of config file name to have different config files > for each version): > > *local-user 37B9507ACFF2016E! local-user 6B8EB3A065CFBAA9!* good call > > The nice thing about this setup is that I don't need to have any > sender- or recipient-specific rules. less headache than per-recipient i agree trade-off for larger signature for me worth it ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: (OT) mathematicians-discover-prime-conspiracy
Doug Barton: > You already got good answers /after/ as to why this happens ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: mathematicians-discover-prime-conspiracy
Forwarded Message Subject: mathematicians-discover-prime-conspiracy Date: Mon, 14 Mar 2016 20:37:59 +1100 From: Fulano Diego Perez <fulanope...@cryptolab.net> To: gnupg-users@gnupg.org https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
mathematicians-discover-prime-conspiracy
https://www.quantamagazine.org/20160313-mathematicians-discover-prime-conspiracy/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.1.10 with libgcrypt 1.7.0-beta300
Fulano Diego Perez: > In my case on Debian, Are you on Debian stretch amd64 ? What are the versions of your dependencies ? We should compare jamon to jamon. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.1.10 with libgcrypt 1.7.0-beta300
NIIBE Yutaka: > On 01/23/2016 10:11 PM, Fulano Diego Perez wrote: >> NIIBE Yutaka: >>> Please note that you need to invoke gpg-agent with LD_LIBRARY_PATH, too. >> >> can explain how you mean to invoke ? > > Well, it seems terminology issue. I mean, to start, to kick the service, > and to run the service. > > In general, there are multiple ways. In my case on Debian, I have a > startup script, /etc/X11/Xsession.d/90gpg-agent, which invokes > gpg-agent. > >> i export library path for gpg2 and shows expected libgcrypt version > > Exporting library path is also needed for gpg-agent. > >> i can clearsign with ed25519 EDDSA subkey > > This can be done with libgcrypt 1.6.4. > >> i have problem testing encryption with cv25519 subkey >> >> >> tried to test with $ fortune | gpg2 --sign --encrypt -u abc --recipient >> 123 --recipient 456 | gpg2 --decrypt >> >> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error >> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error >> gpg: encrypted with 256-bit ECDH key, ID test, created 2016 >> "test" >> gpg: public key decryption failed: Checksum error >> gpg: encrypted with 256-bit ECDH key, ID test, created 2016 >> test2 >> gpg: public key decryption failed: Checksum error >> gpg: decryption failed: No secret key >> >> i have secret key > > I know. The problem is the version of libgcrypt of gpg-agent. > > Public key handling is the role of gpg frontend, while secret key > handling is done by gpg-agent. With no newer libgcrypt, gpg-agent > can't handle CV25519 keys. > >> tried list-packets & -vvv - nothing more on errors > > Yes. > >> maybe this is conflict with persistent gpg-agent and ssh-agent >> they are listed in htop with PID but no RAM use >> >> how can to figure this out ? > > If you can check the process's memory maps of gpg-agent, you can see > the maps to libgcrypt. In my case, I can see the entries in > /proc//maps like: > > b7617000-b76d5000 r-xp 08:01 35743 > /usr/local/lib/libgcrypt.so.20.1.0 > b76d5000-b76d9000 rw-p 000bd000 08:01 35743 > /usr/local/lib/libgcrypt.so.20.1.0 > b76e7000-b76ef000 rw-p 00:00 0 > $ cat /proc/PID-of-local-[gpg-ssh]agent/maps nada $ /builds/gpg21x/bin/gpg-agent --daemon $ cat /proc/PID/maps 55fb967f7000-55fb96849000 r-xp fc:02 2098759 /builds/gpg21x/bin/gpg-agent 55fb96a48000-55fb96a4a000 r--p 00051000 fc:02 2098759 /builds/gpg21x/bin/gpg-agent 55fb96a4a000-55fb96a4b000 rw-p 00053000 fc:02 2098759 /builds/gpg21x/bin/gpg-agent 55fb96a4b000-55fb96a4c000 rw-p 00:00 0 55fb9822-55fb98241000 rw-p 00:00 0 [heap] 7f714b7e4000-7f714b97e000 r-xp fc:02 2229058 /lib/x86_64-linux-gnu/libc-2.21.so 7f714b97e000-7f714bb7e000 ---p 0019a000 fc:02 2229058 /lib/x86_64-linux-gnu/libc-2.21.so 7f714bb7e000-7f714bb82000 r--p 0019a000 fc:02 2229058 /lib/x86_64-linux-gnu/libc-2.21.so 7f714bb82000-7f714bb84000 rw-p 0019e000 fc:02 2229058 /lib/x86_64-linux-gnu/libc-2.21.so 7f714bb84000-7f714bb88000 rw-p 00:00 0 7f714bb88000-7f714bba r-xp fc:02 2229034 /lib/x86_64-linux-gnu/libpthread-2.21.so 7f714bba-7f714bd9f000 ---p 00018000 fc:02 2229034 /lib/x86_64-linux-gnu/libpthread-2.21.so 7f714bd9f000-7f714bda r--p 00017000 fc:02 2229034 /lib/x86_64-linux-gnu/libpthread-2.21.so 7f714bda-7f714bda1000 rw-p 00018000 fc:02 2229034 /lib/x86_64-linux-gnu/libpthread-2.21.so 7f714bda1000-7f714bda5000 rw-p 00:00 0 7f714bda5000-7f714bda8000 r-xp fc:02 271554 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5 7f714bda8000-7f714bfa8000 ---p 3000 fc:02 271554 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5 7f714bfa8000-7f714bfa9000 r--p 3000 fc:02 271554 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5 7f714bfa9000-7f714bfaa000 rw-p 4000 fc:02 271554 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5 7f714bfaa000-7f714bfbc000 r-xp fc:02 269865 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2 7f714bfbc000-7f714c1bb000 ---p 00012000 fc:02 269865 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2 7f714c1bb000-7f714c1bc000 r--p 00011000 fc:02 269865 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2 7f714c1bc000-7f714c1bd000 rw-p 00012000 fc:02 269865 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2 7f714c1bd000-7f714c1cf000 r-xp fc:02 225 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0 7f714c1cf000-7f714c3cf000 ---p 00012000 fc:02 225 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0 7f714c3cf000-7f714c3d r--p 00012000 fc:02 225 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0 7f714c3d-7f714c3d1000 rw-p 00013000 fc:02 225 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0 7f714c3d1000-7f714c4ce000 r-
Re: 2.1.10 with libgcrypt 1.7.0-beta300
NIIBE Yutaka: > On 01/11/2016 11:23 PM, Fulano Diego Perez wrote: >> Can anybody confirm on debian stretch 64 a successful build with >> libgcrypt beta ? > > GnuGP and libgcrypt development version build successfully on my > 32-bit ARMv7l. > >> checking for LIBGCRYPT - version >= 1.6.0... yes (1.7.0-beta300) >> checking LIBGCRYPT API version... okay > > Good, you have the libgcrypt development version installed. > >> i cannot create curve25519 encryption sub keys >> >> gpg: agent_genkey failed: Invalid flag >> gpg: Key generation failed: Invalid flag >> >> but i could create NIST and Brainpool enc sub keys >> >> something's not right... >> >> still using 1.6.4 according to --version > > How do you install the libgcrypt on your system? > > If it's /usr/local/lib, you would need LD_LIBRARY_PATH setting. > > $ export LD_LIBRARY_PATH=/usr/local/lib > > For me, with LD_LIBRARY_PATH, it goes: > > $ gpg2 --version > gpg (GnuPG) 2.1.11-beta67 > libgcrypt 1.7.0-beta298 > NOTE: THIS IS A DEVELOPMENT VERSION! > It is only intended for test purposes and should NOT be > used in a production environment or with production keys! > Copyright (C) 2015 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: ~/.gnupg > Supported algorithms: > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > CAMELLIA128, CAMELLIA192, CAMELLIA256 > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > > Please note that you need to invoke gpg-agent with LD_LIBRARY_PATH, too. can explain how you mean to invoke ? i export library path for gpg2 and shows expected libgcrypt version i can clearsign with ed25519 EDDSA subkey i have problem testing encryption with cv25519 subkey tried to test with $ fortune | gpg2 --sign --encrypt -u abc --recipient 123 --recipient 456 | gpg2 --decrypt gpg: ecdh failed in gcry_cipher_decrypt: Checksum error gpg: ecdh failed in gcry_cipher_decrypt: Checksum error gpg: encrypted with 256-bit ECDH key, ID test, created 2016 "test" gpg: public key decryption failed: Checksum error gpg: encrypted with 256-bit ECDH key, ID test, created 2016 test2 gpg: public key decryption failed: Checksum error gpg: decryption failed: No secret key i have secret key tried list-packets & -vvv - nothing more on errors maybe this is conflict with persistent gpg-agent and ssh-agent they are listed in htop with PID but no RAM use how can to figure this out ? same error is if i run thunderbird from terminal, with LD path i can run enigmail beta and see EDDSA and ECDH subkeys ok can sign EDDSA mail but no encrypt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: compile 2.1.10 no bzip2 ?
NIIBE Yutaka: > It seems for me that you don't have libbz2-dev package installed. > >$ sudo apt-get install libbz2-dev right /etc/apt/sources.list.bk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
compile 2.1.10 no bzip2 ?
Hi, This must be something simple I'm missing but on a debian stretch 64 machine i cannot get gpg 2.1.10 compiled with bzip2 support which prevents me from reading bzip2 compressed files - they can decrypt but: gpg: uncompressing failed: Unknown compression algorithm ./configure --build=x86_64-pc-linux-gnu --prefix=/builds/gnupg21x --enable-large-secmem --with-pinentry-pgm=/usr/bin/pinentry config.log configure:5840: checking whether to enable the BZIP2 compression algorithm configure:5847: result: yes ENABLE_BZIP2_SUPPORT_FALSE='' ENABLE_BZIP2_SUPPORT_TRUE='#' surely don't require --with-bzip2 option ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
compile 2.1.10 with libgcrypt 1.7.0-beta300
Can anybody confirm on debian stretch 64 a successful build with libgcrypt beta ? checking for LIBGCRYPT - version >= 1.6.0... yes (1.7.0-beta300) checking LIBGCRYPT API version... okay i cannot create curve25519 encryption sub keys gpg: agent_genkey failed: Invalid flag gpg: Key generation failed: Invalid flag but i could create NIST and Brainpool enc sub keys something's not right... still using 1.6.4 according to --version any ideas how i could further troubleshoot ? FYI for debian stretch - libgcrypt beta needed manual install of transfig package that includes fig2dev ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
2 pka dns RRs - same email address
i know its not strictly for this list but does anybody have a suggestion for the zone file ? i have 2 TLSA RRs in my zone file, 2 certs, and postfix automatically selects the correct cert based on the RR what would gnupg do if it encountered 2 pka RRs ? would it select the correct finger print automatically ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
