Re: Error importing fetching key from wkd
Konstantin Ryabitsev via Gnupg-users wrote: > FYI, I also provide gnupg22-static and gnupg23-static packages that can be > rebuilt and installed on RHEL 7+ (though I haven't tried on RHEL9): > > https://copr.fedorainfracloud.org/coprs/icon/lfit/packages/ > > They install into /opt and can be used directly as /opt/gnupg22/bin/gpg (and > others). Thanks Konstantin! On EL8/9, I needed to disable the debugsource packages for a sucessful build: %define _debugsource_template %{nil} I only tested builds of gnupg23-static on EL8/9, but the gnupg22-static package looks like it would need the same treatment. Of course, the difference in algorithm support between upstream and EL8/9 is much smaller than it was on EL7. (Here's to seeing the differences disappear entirely.) -- Todd signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
On Tue, May 31, 2022 at 12:17:05PM -0400, Todd Zullinger via Gnupg-users wrote: > Hello again, > > I wrote: > > Dirk Gottschalk via Gnupg-users wrote: > >> A workaround for this is to download the SRPM, remove the > >> line '--disable-brainpool' and rebuild the package. > > > > Ahh, excellent. That's a relatively recent change. It's > > available in the Fedora (and RHEL) libgcrypt-1.10 packages > > which I believe are only in the freshly released Fedora 36 > > and RHEL 9. > > For the future, you can now rebuild the libgcrypt rpm from > Fedora 36 with brainpool support without having to edit the > spec file manually¹. You can pass `--with brainpool` to the > rpmbuild command, e.g.: > > rpmbuild -rb --with brainbpool /path/to/libcgrypt.src.rpm > > Hopefully that makes life just a little easier for folks > using Fedora who want or need brainpool support. FYI, I also provide gnupg22-static and gnupg23-static packages that can be rebuilt and installed on RHEL 7+ (though I haven't tried on RHEL9): https://copr.fedorainfracloud.org/coprs/icon/lfit/packages/ They install into /opt and can be used directly as /opt/gnupg22/bin/gpg (and others). -Konstantin ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
Hello again, I wrote: > Dirk Gottschalk via Gnupg-users wrote: >> A workaround for this is to download the SRPM, remove the >> line '--disable-brainpool' and rebuild the package. > > Ahh, excellent. That's a relatively recent change. It's > available in the Fedora (and RHEL) libgcrypt-1.10 packages > which I believe are only in the freshly released Fedora 36 > and RHEL 9. For the future, you can now rebuild the libgcrypt rpm from Fedora 36 with brainpool support without having to edit the spec file manually¹. You can pass `--with brainpool` to the rpmbuild command, e.g.: rpmbuild -rb --with brainbpool /path/to/libcgrypt.src.rpm Hopefully that makes life just a little easier for folks using Fedora who want or need brainpool support. ¹ https://src.fedoraproject.org/rpms/libgcrypt/c/6571417ff -- Todd signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
On Sun, 29 May 2022 13:07, Johan Wevers said: > Why do they do that? BTW, when I search for brainpool I only find > definitions and RFC's, I seem unable to find why they are needed (or why > they would be peferred) over other curves. That is mostly a political issue: In Europe the use of NIST curves is not allowed due to security concerns. In the US the Brainpool curves are not yet part of the FIPS standard and thus may not be used by the government. However, Curve25519 is also not allowed by FIPS but still included in RedHat's Libgcrypt build. I am not aware of any patent issues with standard Weierstrass curves like NIST-P and Brainpool-P curves. All relevant patents expired a few years ago. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
Hi, Dirk Gottschalk via Gnupg-users wrote: > A workaround for this is to download the SRPM, remove the > line '--disable-brainpool' and rebuild the package. Ahh, excellent. That's a relatively recent change. It's available in the Fedora (and RHEL) libgcrypt-1.10 packages which I believe are only in the freshly released Fedora 36 and RHEL 9. Previous releases contained a 'hobbled' libgcrypt tarball where the brainpool curves were removed entirely. (That's the usual practice for items which cannot be included for legal reasons.) It's good to see things are moving in the right direction, at least. -- Todd signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
Hello Todd. Am Samstag, dem 28.05.2022 um 16:14 -0400 schrieb Todd Zullinger via Gnupg-users: > Hi, > > Werner Koch via Gnupg-users wrote: > > On Wed, 25 May 2022 22:58, Dirk Gottschalk said: [...] > > > Note the Brainpool curves. Seems that Redhat still patches them > > out of > > libgcrypt. > > The question of whether these curves can be kept in Fedora > was brought up on the fedora-legal list some time ago. The > most recent status update¹ from Fedora Project Leader > Matthew Miller on January 28, 2022 says: > > So, these things move slowly, but this _is_ being > worked on. I'll let you know when I can. > > That sounds midly hopeful. With luck, the curves will be > cleared for inclusion (at least eventually, even it not > terribly soon). A workaround for this is to download the SRPM, remove the line '-- disable-brainpool' and rebuild the package. Regards, Dirk -- Dirk Gottschalk GPG key Fingerprint: 7C5B 9D53 EED5 C7B3 A291 D5AA 086B 3660 27E3 5D06 Keyoxide: https://keyoxide.org/7C5B9D53EED5C7B3A291D5AA086B366027E35D06 GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
Hello Werner. Am Samstag, dem 28.05.2022 um 20:29 +0200 schrieb Werner Koch: > On Wed, 25 May 2022 22:58, Dirk Gottschalk said: > > > $ gpg --with-colons --list-config curve > > cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;se > > cp25 > > 6k1 > > This should read > > cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brai > npoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1 > > Note the Brainpool curves. Seems that Redhat still patches them out > of > libgcrypt. Yes, they really do '--disable-brainpool' in the .spec file. Thank you very much for this hint. I did a custom Rebuild of the package after modifying the .spec and now everything woks as expected. Kind regards, Dirk -- Dirk Gottschalk GPG key Fingerprint: 7C5B 9D53 EED5 C7B3 A291 D5AA 086B 3660 27E3 5D06 Keyoxide: https://keyoxide.org/7C5B9D53EED5C7B3A291D5AA086B366027E35D06 GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
On 2022-05-28 20:29, Werner Koch via Gnupg-users wrote: > Note the Brainpool curves. Seems that Redhat still patches them out of > libgcrypt. Why do they do that? BTW, when I search for brainpool I only find definitions and RFC's, I seem unable to find why they are needed (or why they would be peferred) over other curves. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
Hi, Werner Koch via Gnupg-users wrote: > On Wed, 25 May 2022 22:58, Dirk Gottschalk said: > >> $ gpg --with-colons --list-config curve >> cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;secp25 >> 6k1 > > This should read > > cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1 > > Note the Brainpool curves. Seems that Redhat still patches them out of > libgcrypt. The question of whether these curves can be kept in Fedora was brought up on the fedora-legal list some time ago. The most recent status update¹ from Fedora Project Leader Matthew Miller on January 28, 2022 says: So, these things move slowly, but this _is_ being worked on. I'll let you know when I can. That sounds midly hopeful. With luck, the curves will be cleared for inclusion (at least eventually, even it not terribly soon). ¹ https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/message/3ESF4KDVMLQPZX4H2S4L7BP5BHJPMPMB/ -- Todd signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
On Wed, 25 May 2022 22:58, Dirk Gottschalk said: > $ gpg --with-colons --list-config curve > cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;secp25 > 6k1 This should read cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1 Note the Brainpool curves. Seems that Redhat still patches them out of libgcrypt. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users