Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Tadeus Prastowo via Gnupg-users
Hi Phil! On Tue, Nov 2, 2021 at 7:23 PM Phil Pennock via Gnupg-users wrote: [...] > The only key I can find for 91C1262F01EB8D39 claims to have been made in > 2020 and yet is using SHA1 for the self-signature. That is worrying. Thank you very much for showing me the difference between the

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Tadeus Prastowo via Gnupg-users
Hi Ingo! On Tue, Nov 2, 2021 at 6:42 PM Ingo Klöcker wrote: [...] > The signature on the Linux kernel contains the Issuer Fingerprint. The > signature on Emacs doesn't (probably because a very old version of GnuPG is > used to sign Emacs). Thank you very much for giving me a throughout

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Neal H. Walfield
On Tue, 02 Nov 2021 18:35:01 +0100, Phil Pennock via Gnupg-users wrote: > On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote: > > The signature on a Linux kernel can be verified successfully using > > `--auto-key-retrieve', but the signature on an Emacs cannot be > > verified in

Re: What are the file in ~/.gnupg ?

2021-11-02 Thread Werner Koch via Gnupg-users
On Sat, 30 Oct 2021 00:20, Damien Goutte-Gattat said: > Private key only. I believe the purely “mathematical” components of > the public key can be derived from it (though I may be wrong here), That is right. Since some releases we also record the creation date of the key so that we can easily

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Phil Pennock via Gnupg-users
On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote: > The signature on a Linux kernel can be verified successfully using > `--auto-key-retrieve', but the signature on an Emacs cannot be > verified in the same manner because gpg is unable to retrieve the > needed public key

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Ingo Klöcker
On Dienstag, 2. November 2021 16:05:30 CET Tadeus Prastowo via Gnupg-users wrote: > The signature on a Linux kernel can be verified successfully using > `--auto-key-retrieve', but the signature on an Emacs cannot be > verified in the same manner because gpg is unable to retrieve the > needed

Re: OpenPGP card and gpg-agent TTL

2021-11-02 Thread Werner Koch via Gnupg-users
On Sat, 30 Oct 2021 15:50, Matthias Apitz said: > I just withdraw the USB dongle after the operation. I was thinking that > the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked > state of the OpenPGP card, which it does not. How could I do this? No, it does not because it is

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Tadeus Prastowo via Gnupg-users
On Tue, Nov 2, 2021 at 4:05 PM Tadeus Prastowo <0x66726...@gmail.com> wrote: > > Hello, > > The signature on a Linux kernel can be verified successfully using > `--auto-key-retrieve', but the signature on an Emacs cannot be > verified in the same manner because gpg is unable to retrieve the >

--auto-key-retrieve fails for some keys

2021-11-02 Thread Tadeus Prastowo via Gnupg-users
Hello, The signature on a Linux kernel can be verified successfully using `--auto-key-retrieve', but the signature on an Emacs cannot be verified in the same manner because gpg is unable to retrieve the needed public key automatically. The GPG version is 2.2.19 (libgcrypt 1.8.5, if that matters)