Re: Adding new uid to causes bad signature

On 1 May 2024, at 10:08, Rens Rikkerink via Gnupg-users wrote: > > Lately I've been trying to add a new uid to my public key, I have > however so far been unsuccessful in doing so. Every time I try to do > so, I then immediately get "1 bad signature" which wasn't present > beforehand. It's

Re: x488 vs all other : keyid flip

On 17 Apr 2024, at 15:43, Christian Sommer wrote: > > You are right Andrew! > > I indeed choose to preset the "with-fingerprint" option in my > gpg.conf. By removing it, listing my keys give back the full 64 > character long fingerprint of my X448 key. Good to hear! I think the best solution

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 12:54, Christian Sommer via Gnupg-users wrote: > > when explicitly telling GnuPG to display x448 fingerprints (gpg > --fingerprint) it just spits out the "abbreviated hex format" by takes > the first 50 bytes and sweeping the rest under the rug! Not very nice. Hi, Christian.

Re: x488 vs all other : keyid flip

On 3 Apr 2024, at 10:32, Werner Koch wrote: > > On Tue, 2 Apr 2024 18:53, Andrew Gallagher said: > >> technical challenge since no modern software supports them, and gnupg1 >> doesn’t implement --list-packets :-) But I have to admit they do > > Sure it has

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 15:24, Werner Koch wrote: > > On Tue, 2 Apr 2024 12:39, Andrew Gallagher said: > >> Are you saying that this is *not* a novel failure mode? Because we’ve > > No. We had v2, v3 and v4 keyes in all kind of combinations in the past > (even as p

Re: x488 vs all other : keyid flip

On 2 Apr 2024, at 11:58, Werner Koch wrote: > > On Fri, 29 Mar 2024 13:00, Andrew Gallagher said: > >> V5 subkeys of v4 primary keys would appear to introduce a novel >> failure mode. It should be noted that in crypto-refresh, adding a > > Nope. Are you saying

Re: x488 vs all other : keyid flip

On 28 Mar 2024, at 09:47, Werner Koch via Gnupg-users wrote: > > x448 keys are created as version 5 keys and version 5 keys come with a > 32 byte fingerprint (v4 has 20 bytes). ... > Here is an example: > > pub ed25519 2016-02-02 [SC] > FD8FEC4F8595AB1B6F60D43FC2CED0800E50ACF1 > uid

Re: Finding all files encrypted with a certain key

Apologies to the `file` authors, it’s a BSD utility, not GNU. A On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users wrote: > > Signed PGP part > On 24 Oct 2023, at 04:38, Felix E. Klee wrote: >> >> For the purpose of re-encryption with a new key, I’d like

Re: Finding all files encrypted with a certain key

On 24 Oct 2023, at 04:38, Felix E. Klee wrote: > > For the purpose of re-encryption with a new key, I’d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory

Re: Sirs:

On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users wrote: > > How do I hide the fact that the key is 32764 on the keyserver? You can’t. That’s like trying to publish a book written in Chinese without letting anyone know that it is written in Chinese. A

Re: Sirs:

On 25 Aug 2023, at 19:09, Andrew Gallagher wrote: > > On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users > wrote: >> >> How do I hide the fact that the key is 32764 on the keyserver? > > You can’t. That’s like trying to publish a book written in Chinese wit

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 17 Jul 2023, at 18:36, Michael Richardson wrote: > > Andrew Gallagher wrote: >>> Juanjo via Gnupg-users wrote: >>> >>> "Keys stored on YubiKey are non-exportable (as opposed to file-based >>> keys that are stored on disk) and are convenient

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 15 Jul 2023, at 20:36, Michael Richardson wrote: > > Juanjo via Gnupg-users wrote: > >> This may be a good starting point: >> https://github.com/drduh/YubiKey-Guide > > "Keys stored on YubiKey are non-exportable (as opposed to file-based keys > that are stored on disk) and are convenient

Re: Looking for keyserver software without any validation or fancy features

(resending because the previous mail went out HTML-only, apologies) Hi, Bernd. > hagrid and huckeypuck are total overkill, (Disclaimer: I’m one of the hockeypuck contributors) If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at

Re: Looking for keyserver software without any validation or fancy features

Hi, Bernd. hagrid and huckeypuck are total overkill,(Disclaimer: I’m one of the hockeypuck contributors)If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuckYou will need a non-empty keydump to

Re: get OpenPGP pubkeys authenticated using German personal ID

On 3 Jun 2023, at 01:56, Jacob Bachmeyer wrote: > > Alexander Leidinger via Gnupg-users wrote: >> [...] >> >> I don't remember if there was a challenge/response or not. As I still have >> the email with the signed key, I can tell that the signature can arrive via >> a TLS encrypted SMTP

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 15:50, Johan Wevers via Gnupg-users wrote: > > On 2023-05-31 16:55, Bernhard Reiter wrote: > >> Governikus provides the online service for authenticating your OpenPGP key on >> behalf of the German Federal Office for Information Security (BSI). This >> online service compares

Re: get OpenPGP pubkeys authenticated using German personal ID

On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users wrote: > > Quoting Bernhard Reiter > (from Wed, 31 May 2023 16:55:05 +0200): > >> Obviously they cannot authenticate the email address >> so once I have a common name, we get collisions? > > The

Re: "gpg: no valid OpenPGP data found" error when importing public key from sks

Hi, Guillermo. You don’t say what sort of keys these are. V4? V5? Elliptic curve? Some recent kinds of keys may not be compatible with SKS. Have you compared with hockeypuck to see if it serves them any differently? Thanks, Andrew. > On 12 May 2023, at 21:08, Guillermo Montoya Naranjo via

Re: out-of-key UIDs [was: ADK's]

On 5 May 2023, at 17:55, Ineiev wrote: > > On Thu, May 04, 2023 at 11:01:36AM +0100, Andrew Gallagher wrote: >>> I tried something like this with my MUA, I believe that doesn't work: >>> it first looks for appropriate keys, probably using --list-keys; >>> in fact

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 10:43, Ineiev wrote: > > On Thu, May 04, 2023 at 09:52:54AM +0100, Andrew Gallagher wrote: >> >> andrewg@serenity % gpg --group >> fn...@test.eu=BD9D4DEE7B2FF1CBEF2EE0C4E0ACD3E0CBE7874A -r fn...@test.eu -e < >> /etc/shells > s

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 06:46, Ineiev wrote: > > On Mon, May 01, 2023 at 03:16:12PM +0100, Andrew Gallagher wrote: >> On 1 May 2023, at 12:40, Ineiev via Gnupg-users >> wrote: >>> now, I generate a key >>> for y...@guan.edu locally and add 0123456789ABCDEF as

Re: ADK's

On 2 May 2023, at 02:18, Michael Richardson wrote: > > It's the initial investigation of an irregularity where there could be a > problem. These examples are becoming increasingly contrived. If you are investigating fraud by someone who can read all your company emails, don’t discuss it over

Re: ADK's

On 1 May 2023, at 12:40, Ineiev via Gnupg-users wrote: > now, I generate a key > for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, > will GnuPG complain if the only encryption-capable subkey is ADK? Or you could just use an alias…? A

Re: ADK's

On 30 Apr 2023, at 14:42, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote: >> Whether this is done voluntarily or under duress from their employer is an >> opsec issue, not a comsec one. > > If it is an ex-emp

Re: ADK's

On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote: > >> It does not make any sense so have such an option. If a user wants to >> allow colleagues or an archive system to decrypt her mails that is her >> decision. > >

Re: ADK's (was: [Announce] GnuPG 2.4.1 released)

On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 1:15, ckeader via Gnupg-users wrote: > >> Can't call it that as long as it's under user control (every long option of >> the software has an equivalent config file option. You don't add such a key >> via config

Re: Flooding attack against synchronising keyservers

recovering your system, please get in touch. Thanks, A > On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users > wrote: > > Signed PGP part > Hi, everyone. > > The synchronising keyserver network has been under an intermittent flooding > attack for the past five days, r

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second

Re: Optimal workflow with GPG signatures from multiple parties

On 04/03/2023 17:18, Ave Milia via Gnupg-users wrote: What are some available solutions? How would you suggest to organize the keys? Maybe, there should be some signing server in-place, that the developers sends an artifact to? I built something similar for $WORK. You lock down the signing

Re: Unable to sign public key

On 31 Jan 2023, at 19:52, Joel via Gnupg-users wrote: > > Hello! > > I am trying to sign a public key, but I get an error saying, `gpg: signing > failed: No secret key`. However, a normal signing on a file works perfectly > fine. I suspect it could be something because I have a yubikey and it

Re: Ecrypt group email addresses

On 26 Jan 2023, at 22:40, Alex wrote: > > Clients that have their own OpenPGP implementation, like Mozilla > Thunderbird, likely don't support groups. Thunderbird does support encryption to groups, but you have to manually edit a JSON configuration file:

Re: Subkeys renewing/expiring strategy

On 5 Jan 2023, at 13:42, Ingo Klöcker wrote: > > GitLab keeps the verification state if a > key is removed, but I added the updated key including the expired subkey. That > was a bad idea because GitLab invalidated all commits signed with the expired > subkey. It is disappointing to see that

Re: Reminder: use plaintext mails only on ML

Dezember 2022 19:54:39 schrieb Andrew Gallagher via Gnupg-users: I’ve been Argh, that will teach me not to reply to list emails from my phone. Sorry, everyone. :-( A ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman

Re: Expiration date of subkeys (retroactive)

On 1 Jan 2023, at 03:49, gnupg-us...@aschoettler.com wrote: > > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting the > expiry date. > How can I retroactively edit my expired keys and

Re: Card-Reader

I’ve been using this ACS reader for years with no problems. It appears to be no longer available but there is a successor model that may suit your purposes ACR38T-D1cardomatic.deAndrew GallagherOn 17 Dec 2022, at 18:36, Klaus Ethgen wrote:Hi,I destroyed my card reader from gemalto and need a new

Re: Mastodon account, good server?

On 1 Dec 2022, at 16:42, Bernhard Reiter wrote: > > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this

Re: macos IKEv2 auth with yubikey

On 28/11/2022 06:29, Martin Brook via Gnupg-users wrote: 2. I've achieved IKEv2 vpn auth with yubikey on windows. It seems windows can interact with Yubikey perfectly but not on macos. Hi, Martin. How did you get this to work on Windows? Which IKE software are you using on each platform? A

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 17:17, kho wrote: > > Thanks for this fast, complete and clear answer. > > I am going to see if I can still pick up somewhere or just remove all I > did and start all over by following your steps. Just a note of caution: since it is quite an involved process I would

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 13:48, kho via Gnupg-users wrote: > > 5. What is at the end the best way to setup 2 smartcards that can be > used in encryption, signing and decryption? And additionally both > smartscard should work, I have 2 smartcards for redundancy. If you want the two smartcards to be

Re: OT: Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 19:31, john doe via Gnupg-users > wrote: > > Why did you published the key to the sks key servers? > > I guess my question is about the reasoning behind using sks key server > instead of WKD or Hagrid. WKD publication can only be done by (or with the cooperation of) the

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users > wrote: > > Andrew, do the sks keyservers work today? > > I was able to find the key by going to > > https://keyserver.ubuntu.com/ > > and putting > > EC6C2905F0F93C0373946CA10642427A5FF780BE > > into the search box. Do you mean

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'  

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'  

Re: GnuPG 2.2.36 released

> On 7 Jul 2022, at 04:47, Ralph Seichter via Gnupg-users > wrote: > > 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 > key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been > uploaded to pgp.mit.edu today, but the site is once again very sluggish > and it

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 12:20, Jan Eden wrote: > I had configured hkp://keys.gnupg.net in gpg.conf (no separate > dirmngr.conf). Switching to keys.openpgp.org had the desired effect: keys.gnupg.net has not existed for a few years now, but for backwards compatibility gnupg silently maps it to the hardcoded

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 11:50, Jan Eden wrote: > jan ~ % gpg --refresh-key 0xFB73E21AF1163937 > gpg: refreshing 1 key from hkp://pgp.surf.nl > gpg: key FB73E21AF1163937: "Andrew Gallagher " not > changed > gpg: Total number processed: 1 > gpg: unchanged: 1

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 07:11, Jan Eden wrote: > PS. The key used to sign your message seems to be expired. That could be because you already had my key in your keyring and it wasn't recently (i.e. in the last 18 months) refreshed. What does it say if you incant the following? ``` gpg --refresh-key

Re: gpg auto-locate-key selects expired/revoked key

On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users wrote: > > - Which WKD server hosts my expired/revoked key such that it takes precedence > over my own WKD server at domain.com ? > - Why does gpg select an expired/revoked key over a valid key? I suspect the issue is that

Re: TB weirdness

this happened to me when I specifically ticked "Attach my public key" in TB's composer - it also attached the revocation cert for an ancient key that I still have in my keyring but never used for anything. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital

Re: Questions re auto-key-locate

, the decision is that our key (signed with our prior-year key) is on our website and FTP (also via https) site, and we do not assert that it's available on the keyservers. OK, but again I'm curious about the reasoning... -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature

Re: How to solve this garbled code?

very much. I suspect this is because you're using a non-Unicode codepage in the windows command terminal. What happens if you type: chcp 65001 and try again? -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg

Re: Questions re auto-key-locate

 > On 15 Feb 2022, at 21:46, Dan Mahoney (Gushi) via Gnupg-users > wrote: > > Since the debacle a few years ago with the SKS keyserver denial-of-service > attack, the keyservers are kind of a non-starter. Why so? Keyservers are still around, and the ones that survived the apocalypse are

Re: lost id on keyserver

there and then imported it into a different keyring, it wouldn't have come with the userID unless you went through their email verification procedure first. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users

Re: "Are You Now or Have You Ever Been..."

nly really useful against adversaries who believe in due process... -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Preventing public key upload to key-servers

> On 31 Jan 2022, at 21:39, jonkomer wrote: > > There is significant difference between a one-time > "third-party" correspondent misusing his knowledge of > the relationship after it has been dissolved, from > that same knowledge being published in perpetuity via > a simple, automated Internet

Re: First Amendment and Marines?

I go away for the weekend, and my mailbox catches fire... ;-) On 29/01/2022 16:38, jonkomer via Gnupg-users wrote: > (a) Unfortunately, OpenPG email encryption is incompatible > with GDPR and should not be used by those that either want > or need to be GDPR compliant. This is not so; the use of

Re: Preventing public key upload to key-servers

On 28/01/2022 20:02, jonkomer via Gnupg-users wrote: >> A. G. via : >> The short answer is "no", or at best "not yet"... > > Thank you very much for the response and comprehensive > comments. > > In this case, the mail domain owner is actually the one > that needs this level of control: he

Re: Preventing public key upload to key-servers

On 29/01/2022 01:55, Johan Wevers via Gnupg-users wrote: > There are known technical issues: the HKP keyserver does not allow keys > to be removed, GDPR or not. When the keyserer operator operates outside > of the EU I don't think that is a legal problem. This is incorrect. All three of the

Re: Preventing public key upload to key-servers

On 29/01/2022 03:51, Shawn K. Quinn via Gnupg-users wrote: > If the server is physically in the US, administered by someone residing > in the US, is the EU really expecting US courts to enforce EU > laws/directives like the GDPR on a US citizen? The short answer is no, of course not. The

Re: First Amendment and Marines?

On 30/01/2022 10:12, Klaus Ethgen wrote: > > When it comes to keyservers, with the same argument you could state that > bitcoin is illegal. (No information in the key chain can be removed. And > there is even child porn inside that key chain that could never ever > again be removed!) > > There

Re: Preventing public key upload to key-servers

On 26/01/2022 22:03, jonkomer via Gnupg-users wrote: > Is there anything that a public key owner can do, to actually > *ensure* that, if some careless or malicious correspondent > ignores the comment ("Please do not upload...") and attempts > to upload his or her (otherwise fully functional)

Re: GnuPG - signed Telefax communication

On 14/01/2022 18:22, Стефан Васильев wrote: >> Good question. My thought was that Telefax is still used, among > lawyers, doctors, business folks etc., and brand-new Fax machines > can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue

Re: GnuPG - signed Telefax communication

On 14/01/2022 17:54, Стефан Васильев wrote: > > The idea is to use a Telefax machine for endpoint security, with > an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? > I thought about that too, but in case the document would be several > pages

Re: GnuPG - signed Telefax communication

On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: > The --begin etc. markers should be used to detect where > the OCR scanned document begins and ends to have later > a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the

Re: Gnupg-users Digest, Vol 220, Issue 11

> On 10 Jan 2022, at 20:33, Chris Taylor > wrote: > > Hello, > > Please unsubscribe me from this list. Please follow the instructions that you quoted in the email you just sent: >> To subscribe or unsubscribe via the World Wide Web, visit >>

Re: one ecc key-pair for both encryption and signature?

n the points of each curve that preserves their mathematical structure. This means that you could in principle convert a key from one curve to the other, but it would be a more complex function than just copying the raw bit string. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digi

Re: one ecc key-pair for both encryption and signature?

st practice to keep the encryption-capable subkey distinct. And if you present people with the option to do a suboptimal thing, a significant fraction of them will choose that option by accident - so usually best not to offer it in the first place. -- Andrew Gallagher OpenPGP_signature Descript

Re: Gpg4win LetsEncrypt issue

> On 4 Jan 2022, at 12:15, Alex Nadtoka wrote: > > yes thanks, tried disabling it but error was still there. So I deleted DST > Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate > found > And > error searching keyserver: "No inquire callback in IPC" > > Not

Re: Gpg4win LetsEncrypt issue

On Fri, 2021-12-31 at 23:23 +0200, Alex Nadtoka wrote: > Ok, thanks. Where on the client end i can remove it? This blog appears to do it correctly (to the best of my knowledge) and as its worked example uses the very same CA certificate that we have just been discussing:  

Re: [Announce] A New Future for GnuPG

On Mon, 2022-01-03 at 11:31 -0500, Robert J. Hansen via Gnupg-users wrote: > Werner, this is amazing news. Thank you for sharing it! Indeed, many congratulations! > I did spend about six months doing a clean-room implementation of > RFC2440 in PHP3.  It was a vile experience and one I don't

Re: Gpg4win LetsEncrypt issue

> On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > Even if I remove root certificate from the server it will be added again on > renewal. It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише:

Re: Gpg4win LetsEncrypt issue

On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that

Re: issue with gpg4win

> On 25 Dec 2021, at 11:24, Alex Nadtoka wrote: > >  > Hi Andrew, yes I have changed the real name of my mailbox and the server) > Thanks for the reply. > My Client Machine is Windows . If you can tell me how to do that I would > appreciate it. Thanks again for the update) > Finally got

Re: issue with gpg4win

> 2021-12-23 11:27:30 gpg[12864] DBG: connection to the dirmngr established > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> GETINFO version > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- D 2.3.4 > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- OK > 2021-12-23 11:27:30

Re: issue with gpg4win

On Thu, 2021-12-23 at 12:37 +0200, Alex Nadtoka via Gnupg-users wrote: > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> KEYSERVER -- > clear hkps://gpg.example.com/ This doesn't look like a real keyserver. Did you redact this, or is this really what is currently configured in

Re: fingerprint associated public key does not match displayed public key

> On 18 Dec 2021, at 02:25, Robert J. Hansen via Gnupg-users > wrote: > > As the FAQ says, "The good news is the internet is a treasure trove of > information. The bad news is that the internet is a festering sewer of > misinformation, conspiracy theories, and half-informed speculations all

Re: Why are 64-bit libraries not included in GnuPG but Gpg4win?

> On 4 Dec 2021, at 04:14, Sven Richter via Gnupg-users > wrote: > > Thunderbird expects to be able to manage all public keys regardless. Even > with this setup of mine, it only pulls the private keys from GnuPG. You may be interested in the Sequoia Octopus, which is a drop in replacement

Re: User id's without person's name, only email

not even be meaningful to the end user, depending on the context. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: User id's without person's name, only email

s confusion about what exactly is being verified by the cryptographic toolchain. If an MUA's address book is not sufficiently user-friendly, then that's a user interface shortcoming that can't be fixed by introducing RFC-822 "Real Names", which were highly questionable long before emai

Re: User id's without person's name, only email

On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote: > Am I seeing a starting trend here? Do some people think that it is > better practice to have only have email address as user id? What > might be their reason? Or maybe it's not a trend and doesn't mean > anything. I got curious anyway. Add

Re: OpenPGP card and gpg-agent TTL

On 04/11/2021 08:40, Matthias Apitz wrote: I bought the OpenPGP card from Purism for USD 15, I don't know if the small format exist here in Germany. Not Germany, but Cryptoshop in Vienna sells them: https://en.cryptoshop.com/products/smartcards/open-pgp-smartcard-v2-id-000.html -- Andrew

Re: WKD, wildcard DNS resolution (Re: Error when trying to locate key via WKD)

On 28/10/2021 12:25, Bernhard Reiter wrote: Am Donnerstag 28 Oktober 2021 12:07:52 schrieb Andrew Gallagher via Gnupg-users: The megathread from hell starts here :-) https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064567.html That is not gnupg-_devel_ (where I was searching

Re: Error when trying to locate key via WKD

of searching, I probably missed something.) The megathread from hell starts here :-) https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064567.html But the most concise summary is probably this: https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064575.html -- Andrew Gallagher

Re: WKD docs on the wiki, restructuring. Feedback on forUsers page

On 30/09/2021 13:17, ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: Hmm, this is odd. I setup WKD as detailed on thehttps://wiki.gnupg.org/WKDHosting (using the openpgpkey subdomain), currently only for one address on my domain (s...@chiraag.me). Opening the file directly in a web browser does work,

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

n the Mozilla certificate library. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

On 29/07/2021 17:33, Rainer Fiebig wrote: Thanks. File exists but has a different checksum: /etc/ssl/certs> sha256sum DST_Root_CA_X3.pem 4b3ecda4db3f417f23f5dfa84eb4d59d6cc2959446ebaf89c7df5866d31e9980 DST_Root_CA_X3.pem Ah, I wonder is the expiry date different. Can you incant the following

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

ng checksum? ``` andrewg@whippet:~$ sha256sum /etc/ssl/certs/DST_Root_CA_X3.pem 139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99 /etc/ssl/certs/DST_Root_CA_X3.pem ``` Also, is your system clock correct? (long shot, but always worth asking when debugging TLS cert iss

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

ou connect to other keyservers that also use LetsEncrypt? For example, pgpkeys.eu uses the same intermediate certificate (LetsEncrypt R3) as keys.openpgp.org. What OS are you using? Do you have the latest version of ca-certificates (or equivalent) installed? -- Andrew Gallagher OpenPGP_signature

Re: Multiple Yubikeys/Smartcards and Thunderbird email client

> On 15 Jul 2021, at 12:54, john doe via Gnupg-users > wrote: > > Is this still relevent with the built-in gpg stuff of TB? Very much so. Thunderbird’s native Open PGP support is quite basic, and anything to do with smartcards still has to be delegated to an external gnupg process. A

Re: Call me crazy, but ...

> On 14 Jul 2021, at 23:52, Стефан Васильев via Gnupg-users > wrote: > > It would tell me as 3rd party that for WoT puposes, if this is still used, > Alice and her good friend Bob were able to sign their pub keys remotely, > based on a free of charge verification method. That’s what ordinary

Re: Call me crazy, but ...

> On 14 Jul 2021, at 19:49, Стефан Васильев wrote: > > Andrew Gallagher wrote: >>>> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users >>>> wrote: >>> Viktor wrote: >>>> It's the same as putting any other public information in p

Re: Call me crazy, but ...

> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users > wrote: > > Viktor wrote: > >> It's the same as putting any other public information in public key >> certificate. You can put first and last name, email address and even >> photo of another person. > > But this information can be

Re: recommendation for key servers

On 06/07/2021 20:59, Daniel Kahn Gillmor wrote: On Mon 2021-06-28 18:42:02 +0100, Andrew Gallagher via Gnupg-users wrote: It’s not clear, but it may be due to a lack of canonical ordering of packets. There are no published specifications for how to canonically order OpenPGP packets, but i

Re: recommendation for key servers

> On 28 Jun 2021, at 18:02, Стефан Васильев via Gnupg-users > wrote: > > When looking at the stats, why are there IMHO such high numbers > (daily) on updated pub keys, compared to submitted ones? It’s not clear, but it may be due to a lack of canonical ordering of packets. Say Alice and Bob

Re: Long Term Content Protection

> On 26 Jun 2021, at 08:26, LisToFacTor via Gnupg-users > wrote: > > Once a message reaches > the recipient's operational environment, it should be decrypted, > and its further protection is best addressed as part and parcel > of the protection of that complete environment. But this is not

Re: gpg: keyserver receive failed: No name - for gpg --keyserver hkp://pool.sks-keyservers.net

puck is generally more reliable than SKS due to limitations in SKS's design. Due to the fragmented nature of the keyserver ecosystem at the moment, you may want to try all of the above. And as mentioned in an earlier reply, you should probably also search WKD. -- Andrew Gallagher OpenPGP

Re: Long Term Key Management With Hardware Tokens

not negate all the advantages of secure hardware. It depends on the threat model of course, but *most* people are much more likely to have their laptop compromised remotely than have their safe cracked and the paper backup stolen. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital

  1   2   3   4   5   >