AW: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 05/09/18 10:45, Fiedler Roman wrote: > > * Decrypt and verify with gpg1 on receiver side: > > > > /usr/bin/gpg1 --no-options --homedir Receiver --no-default-keyring -- > keyring Sender/SenderKey.pub --l

AW: Both correct and surprising non-interactive gen-key (was: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled")

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > Gesendet: Mittwoch, 5. September 2018 15:21 > An: Fiedler Roman ; gnupg-users@gnupg.org > Betreff: Both correct and surprising non-interactive gen-key (was: How to fix > "ERROR key_generate 3355453" / "GEN

AW: Hiding signature identification (was: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled")

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 05/09/18 11:27, Fiedler Roman wrote: > > Sorry, but you are completely off here. > > If there are six people I am actually interested in, and I know all > their public keys, How will you know them? I will no

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Wed, 5 Sep 2018 10:45, roman.fied...@ait.ac.at said: > > > No, this is a signed AND encrypted message. Can gpgv only be > > used to verify signatures on signed-only but not signed AND > > encrypted messages, maybe due to encrypt AFTER sign

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Tue, 4 Sep 2018 18:31, roman.fied...@ait.ac.at said: > > > At which byte offset should I find the signer key fingerprint? > > That is an encrypted message and thus can you seen the the signature. That is good, one more issue not having to care

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > ... > $ gpgv --keyring ./key.gpg data.gpg > > > Splitting up the message gives me > > > > 01-001.pk_enc > > 02-018.encrypted_mdc > > This is an encrypted message. gpgv can't do anything with it. No, this is a signed AND encrypted

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 04/09/18 18:31, Fiedler Roman wrote: > > /usr/bin/gpgv --status-fd 2 --homedir /proc/self/fd/nonexistent --keyring > sign.pub /proc/self/fd/0 > > You missed my point. You are not including a slash in the key

AW: AW: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Tue, 4 Sep 2018 10:08, roman.fied...@ait.ac.at said: > > > [GNUPG:] UNEXPECTED 0 > > The signature is corrupted in that it has a packet which is expected > only in a key. Or the provided key has a data signature packet etc. I hope not :-) If any

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 04/09/18 15:22, Peter Lebbing wrote: > > I don't understand, could you give commands, expected behaviour and > > actual output? > > To clarify, I thought you were giving an example of "starting gpgv > without any keyring at all",

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 04/09/18 09:52, Fiedler Roman wrote: > > Maybe the current hammer documentation should be updated, to remove > > the "--use-as-hammer" options? Or at least declare, that they shall not > >

AW: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Mon, 3 Sep 2018 19:25, pe...@digitalbrains.com said: > > > It could be that recently an option was added to check a signature by a > > certificate in a file, but in general you need to import a certificate > > No, that is nlot the case. We only

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 03/09/18 18:56, Fiedler Roman wrote: > > With gpg1 a similar command should have verified, that the signature > > is exactly from the single public key stored in "key.pub". > > This has never been a s

AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Hello List, Just for the records: a gnupg2 "ERROR key_generate 33554531" is fixed by sending " %no-protection" via the command-fd. It seems that a password-less key was generated with gpg1 just by not setting a password. With gnupg2 this command is needed. @Devs: It would be really nice to

How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Hello list, I am attempting to upgrade software to use gpg2 instead of gpg. After fixing the usual "Inappropriate ioctl for device" and "Sorry, we are in batchmode - can't get input" messages and applying all the gpg_agent security workarounds, I am now stuck at this sequence: The key

AW: Breaking changes

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > Ralph Seichter > > This thread really has me pulling my hair--what's left of it. Some core > aspects from where I am standing: > > 1. GPG is maintained by volunteers. If you have any complaint about how > this maintenance

AW: Breaking changes

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Lessee... > https://en.wikipedia.org/wiki/GNU_Privacy_Guard > already give an end-of-life date for 2.0, but none for 1.4. > And since Ubuntu 16.04 includes 1.4, there are likely > to still be a few vocal 1.4 users out

AW: AW: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On 22/05/18 10:44, Fiedler Roman wrote: > > Such a tool might then e.g. be used on a MitM message reencryption > > gateway: the old machines still send messages with old > >

AW: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

Hello list, I failed to decide, which message would be the best to reply to, so I took one with a title, rational humanists could be proud of. Ignoring the title, many of the messages had valid arguments for both sides. From my point of view the main difference seems to be, what is believed to

AW: AW: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > On Thu 2018-05-17 15:37:55 +, Fiedler Roman wrote: > > Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > > >> See sources.list(5) and > >> https://wiki.debian.org/DebianRe

AW: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > On Thu 2018-05-17 08:45:18 +, Fiedler Roman wrote: > > As gnupg starts getting more and more problematic regarding some > > functions (see the discussions on command line/unattended use), Ubuntu > &g

AW: Efail or OpenPGP is safer than S/MIME

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On 17 May 2018, at 11:50, Patrick Brunschwig > wrote: > > > >> On 17.05.18 10:07, Werner Koch wrote: > >> On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > >> > >>> Within 12 hours after the

AW: Users GnuPG aims for?

Just a foreword: sorry for not acknowledging all the good proposals you make - many of them I can fully second - and all the good changes you apply, I really appreciate them. I just do not reply to all of them ... > Von: Werner Koch [mailto:w...@gnupg.org] > > On Thu, 17 May 2018 10:45,

AW: Users GnuPG aims for?

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Am Donnerstag 17 Mai 2018 10:45:18 schrieb Fiedler Roman: > > As gnupg starts getting more and more problematic regarding some > functions > > (see the discussions on command line/unattended u

AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said: > > > In my opinion it is hard to find such a "one size fits all" > > solution. Like Werner's example: disabling decryption streaming > > The goal of the MDC is to assure that the message has

AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Am Mittwoch 16 Mai 2018 15:46:05 schrieb Martin: > > I think a fundamental discussion is necessary with the question: Who > > should / will use GnuPG in the future? > > Note that during one contract in 2016 we came up

AW: AW: AW: Efail or OpenPGP is safer than S/MIME

> Von: Andrew Gallagher [mailto:andr...@andrewg.com] > > > On 16 May 2018, at 13:44, Fiedler Roman <roman.fied...@ait.ac.at> > wrote: > > > > I am not sure, if gpg could support > > implementation/testing/life-cycle-efforts > to establish all those parame

AW: AW: Efail or OpenPGP is safer than S/MIME

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said: > > > The status line format should be designed to support those variants to > > allow a "logical consistency check" of the communication with GnuPG > > There is a > > DECRYPTION_FAILED > > and

AW: Efail or OpenPGP is safer than S/MIME

> Von: MFPA [mailto:2017-r3sgs86x8e-lists-gro...@riseup.net] > > Hi > > On Monday 14 May 2018 at 1:33:03 PM, in > <mid:2ece9d9eef1f524185270138ae23265955b7a...@s0msmail112.arc. > local>, > Fiedler Roman wrote:- > > > This would also prevent many other program

AW: Efail or OpenPGP is safer than S/MIME

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On 14/05/18 12:25, Robert J. Hansen wrote: > > The problem is that gpg doesn't say anything. I would expect a > > DECRYPTION_FAILED message here: > > So perhaps the solution is to throw a big warning and prompt when an

PGP-compatible USB-crypto-token with biometry support

0550-2950 roman.fied...@ait.ac.at | https://www.ait.ac.at View my researcher profile: https://www.ait.ac.at/profile/detail/Fiedler-Roman/ FN: 115980 i HG Wien | UID: ATU14703506 www.ait.ac.at/Email-Disclaimer smime.p7s Description: S/MIME cryptographic signa

AW: Why do Key Fingerprints include Creation Timestamp?

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On Tue 2018-01-30 21:35:57 -0500, FuzzyDrawrings via Gnupg-users wrote: > > Wouldn't it make more sense to hash only the public-key's MPI > > value(s)? That way if an implementation's code fails to generate a > > unique

Re: Extraction of decryption session key without copying complete encrypted file

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Mon, 28 Aug 2017 12:00, pe...@digitalbrains.com said: > > > The gpg process communicates its TTY to the agent so the pinentry > knows > > where to pop up. This is a feature, not a bug. But when you > deliberately > > want to pop it up elsewhere...

Re: Extraction of decryption session key without copying complete encrypted file

> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 25/08/17 18:40, Fiedler Roman wrote: > > Idea: > > 1) Extract all GPG preambles of files to be decrypted to a single file > > (working) > > 2) Batch decrypt all preambles from the input file on the tru

AW: Extraction of decryption session key without copying complete encrypted file

> From: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 25/08/17 16:08, Fiedler Roman wrote: > > I tried to use the agent support that way. One reason for low adoption > > might > > be, that using the provided documentation, it is just not possible to get >

Re: Extraction of decryption session key without copying complete encrypted file

Addendum: agent-use > From: Werner Koch [mailto:w...@gnupg.org] > > On Fri, 4 Aug 2017 14:36, roman.fied...@ait.ac.at said: > > Ah, that's great - and actually the first nice gpg-agent feature apart > > from > > gpg-agent being little annoying when running it on RAM-disks in early > > boot. >

AW: Extraction of decryption session key without copying complete encrypted file

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On 04/08/17 14:39, Matthias Apitz wrote: > > But this implies that everyone with priv access on the remote host > could > > abuse your secret key on your localhost, especially when a GnuPG-card > is > > used and you

AW: Extraction of decryption session key without copying complete encrypted file

> Von: Matthias Apitz [mailto:g...@unixarea.de] > > El día viernes, agosto 04, 2017 a las 01:59:57p. m. +0200, Werner Koch > escribió: > > > On Wed, 2 Aug 2017 15:52, roman.fied...@ait.ac.at said: > > > > > How to decrypt large files, e.g. gpg-encrypted backups, without > copying them to the

AW: Extraction of decryption session key without copying complete encrypted file

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Wed, 2 Aug 2017 15:52, roman.fied...@ait.ac.at said: > > > How to decrypt large files, e.g. gpg-encrypted backups, without > copying them to the machine with the GPG private key? > > With GnuPG 2.1 this is easy: You use ssh's socket forwarding

AW: gnupg or gpg-agent options for parallelism and memory usage

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Hi, > > This is a simple question really. I've been working on some automation > in which many GPG secrets are decrypted in parallel and rendered in > templates. Routinely, when our system attempts to decrypt hundreds of

Extraction of decryption session key without copying complete encrypted file

Information Management Center for Digital Safety & Security AIT Austrian Institute of Technology GmbH Reininghausstraße 13/1 | 8020 Graz | Austria T +43 50550-2957 | M +43 664 8561599 | F +43 50550-2950 roman.fied...@ait.ac.at | https://www.ait.ac.at View my researcher profile: https://www.ait.ac.at/

Decrypting multiple encrypted blocks on one stream using GPG

Hello List, I'm trying to use gnupg to solve a usecase similar to the one depicted in [1], but the workaround from [1] is not suitable, because: * Each file I have is larger than the machine holding the keys * The keys cannot be moved * The streams will take hours/days to decrypt so no