-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Gerd--
On Tue 2017-02-21 09:34:17 -0500, Gerd v. Egidy wrote:
> I'd like to announce a program I wrote to backup GnuPG and SSH keys as
> qrcodes on paper:
>
> paperbackup.py
> https://github.com/intra2net/paperbackup
>
> This is designed as
On Tue 2017-02-21 16:27:55 -0500, Will Dixon (Clemsonopoly94) wrote:
> So I am having an issue signing documents with gpg2.1. Every time I try and
> sign something, I get:
>
> λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg
> gpg: using "0xEC933DA229123788" as default secret key for
Hello, again,
David Gray wrote:
> dave@dave-VirtualBox:~/.gnupg/crls.d$ dirmngr --debug-all --fetch-crl
> http://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl
Reading the code of dirmngr, I think that --fetch-crl (or dirmngr-client
--load-crl)
So I am having an issue signing documents with gpg2.1. Every time I try and
sign something, I get:
λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg
gpg: using "0xEC933DA229123788" as default secret key for signing
gpg: signing failed: No secret key
gpg: signing failed: No secret key
I am trying to setup a signed apt repository. When I run reprepro, it is
failing with error
$ reprepro includedeb xenial /tmp/mod-pagespeed-stable_current_amd64.deb
Exporting indices...
gpgme gave error Pinentry:32849: No such file or directory
ERROR: Could not finish exporting 'xenial'!
I
Thanks, Peter!
According to the documentation the trusted certainty need to be in a folder
named "trusted-certs" in the home directory. I don't believe I've copied them
there manually, so if it hasn't happened automatically that could very well be
the issue. I'm at work but once I get home
Hi,
I'd like to announce a program I wrote to backup GnuPG and SSH keys as
qrcodes on paper:
paperbackup.py
https://github.com/intra2net/paperbackup
This is designed as fallback if all your regular backups failed to restore or
were lost.
Usage is like this:
gpg2 --armor --export "User
On 21/02/17 15:23, Peter Lebbing wrote:
> On 21/02/17 16:19, Andrew Gallagher wrote:
>> And this is the main reason I started running my own keyserver - by
>> refreshing your monkeysphere-host keyring, you are leaking to the
>> keyserver which user credentials have login access to your system. :-)
On 21/02/17 13:20, David Gray wrote:
> I'm no expert, but when I look at the debug info (attached to
> original email), it appears that gpgsm is able to get the crl that my
> cert points to but it may be having trouble parsing it.
Reading that part made me think it couldn't find the issuer of the
On 21/02/17 16:19, Andrew Gallagher wrote:
> And this is the main reason I started running my own keyserver - by
> refreshing your monkeysphere-host keyring, you are leaking to the
> keyserver which user credentials have login access to your system. :-)
But if an attacker can cut off your SSH
On 21/02/17 15:58, Kristian Fiskerstrand wrote:
> Keep in mind, the keyring in the scope of monkeysphere is normally one
> keyblock :) But yeah, the crontab frequency will depend a bit on system.
Not for multi-user systems with many accounts; it would only be the case
for personal servers. Is a
On 21/02/17 15:17, Peter Lebbing wrote:
> On 21/02/17 15:58, Kristian Fiskerstrand wrote:
>> Keep in mind, the keyring in the scope of monkeysphere is normally one
>> keyblock :) But yeah, the crontab frequency will depend a bit on system.
>
> Not for multi-user systems with many accounts; it
On 02/21/2017 03:15 PM, Peter Lebbing wrote:
> If Kristian Fiskerstrand says it's okay for SSH servers to refresh their
> keyring every 20 or 30 minutes from the public keyserver netowrk, then I
> guess it really is :-). I had estimated it as inappropriate.
Keep in mind, the keyring in the scope
Thank you for your response! I do have the trustlist.txt file on both
computers - it was automatically populated with the root cert by pin entry when
I imported my certificate on both machines, and it includes the "relax" keyword
on both computers. There are 3 cents total in my hierarchy -
On 21 Feb 2017, at 13:37, Kristian Fiskerstrand
wrote:
>> On 02/21/2017 02:21 PM, Peter Lebbing wrote:
>> Revoking the old A key and creating a new one needs to happen on the
>> system you have the primary key on, so you need to subsequently roll out
On 21/02/17 14:37, Kristian Fiskerstrand wrote:
> Who said anything about creating a new one in this part of the process?
Since I assumed you were siting behind a trusted machine with your
primary key installed when you revoke, it made no sense to me to just
revoke the key and not create a new
On 02/21/2017 02:21 PM, Peter Lebbing wrote:
> Revoking the old A key and creating a new one needs to happen on the
> system you have the primary key on, so you need to subsequently roll out
Who said anything about creating a new one in this part of the process?
each device has separate A subkeys
On 20/02/17 22:51, Kristian Fiskerstrand wrote:
> Revocation of the specific subkey is automatically picked up by all
> systems due to automatic refresh of the public key on regular intervals,
> without losing access to the system from non-compromised devices.
Revoking the old A key and creating
Hi,
I wrote:
> > Note that gpg-agent makes sure that the tick happens on the full
> > second
>
> Noted. Though those `-tt' times from strace above have it creeping
> forward, off the second?
I wonder if aiming for dead on the second is a good idea. If everything
did that then there might
19 matches
Mail list logo