/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2
/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2
/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2
://www.seichter.de/pgp/gpgosx-signing.asc .
pub ed25519/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4
/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2
= EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2. This enables installing both
stable and LTS releases of GnuPG for OS X
* Matthias Apitz:
> Can I use GnuPG (and passwordstore, the latter is only a shell
> script) on Mac? The shell looks nearly like a normal Linux system
https://sourceforge.net/projects/gpgosx/ should do the trick. I use it
on all my Macs (High Sierra and newer versions), and it integrates with
/gpgosx-signing.asc .
pub ed25519/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
Important:
GnuPG 2.3.x is installed in /usr/local/gnupg-2.3 instead
-signing.asc .
pub ed25519/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F
uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)
Important:
Starting with this release, GnuPG 2.3.x is installed in /usr/local/gnupg-2.3
* Andrew Gallagher:
> As of 2130Z today this key still had not reached pgpkeys.eu, so I have
> just uploaded it there by hand; most other syncing servers should have
> it within the hour.
Thanks, Andrew. For possible future key uploads, I'll keep in mind that
pgp.mit.edu is not the most viable
* Patrick Brunschwig:
> Many thanks to Ralph for takin over so quickly!
Thank you for faithfully taking care of GnuPG for OS X for many years,
even though in the end you did not own a Mac anymore. I hope you will
continue your excellent work on Enigmail.
-Ralph
* Werner Koch via Gnupg-users:
> This is a quick announcement that a new GnuPG release for 2.2 is
> available.
GnuPG for OS X / macOS version 2.2.36 is now available via the URL
https://sourceforge.net/projects/gpgosx/files/ .
This is the first relase since Patrick Brunschwig passed stewardship
* mailinglisten:
> Has the tarball been signed with two keys?
According to the output you posted there are two signatures from two
separate keys, made on two different days.
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
* Stefan Vasilev via Gnupg-users:
> How would you solve this task?
With Alice having to rely on cryptography she can do in her head?
Some shift cipher and carrier pigeons. :-)
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
* Bernhard Reiter:
> Just wondering if there is a standard for sharing email drafts ...
https://tools.ietf.org/html/rfc6154 defines optional attributes for
"special-use" mailboxes. That applies to IMAP only, of course, but it
may be sufficient, depending on a user's client/server combination.
* Johan Wevers:
> Do you have examples of this for security related subjects?
I try not to rely on Wikipedia, in particular when searching for
sensitive subjects. Besides, if that was unclear, I mentioned Wikipedia
as a general example of the good concept of a Wiki colliding with
humanity, not
* Ayoub Misherghi via Gnupg-users:
> How about collective and cooperative effort in a wiki, or cloud
> funding pledges or donations? Those who contribute (money or effort)
> get privilege of some kind.
>From what I observed over the years, a majority of Wikis only really
work within closely knit
* Fourhundred Thecat:
> Looks like you have no real arguments, and keep repeating same stuff
> all over again.
*You* accusing *me* of not having real arguments is just precious. :-)
> I see no benefit for anybody in continuing this discussion.
At last, we can agree on something.
-Ralph
* Fourhundred Thecat:
>> Show us a body of your work which proves you have the necessary
>> skills to critique the GnuPG authors' work. Until you do, your
>> "judgment" is moot.
>
> An idea should be considered on its own merit.
What "idea" would that be, exactly?
> You should counter my
* Fourhundred Thecat:
> I am basing my judgment on universal principles, that apply not only
> to gpg or other software, but design of any systems in general.
Universal principles, oh my. In other words, you don't know nearly
enough about the finer points of GnuPG design goals, don't know much
* Fourhundred Thecat:
>> Whining about a design detail of free software? Get a grip.
>
> There are more examples of bad design.
Are there now? GnuPG is software that has evolved since its introduction
in 1997. Can you show me any meaningful software of yours that has been
evolving over 23 years
* Fourhundred Thecat:
> I am protesting the fact, that gpg can no longer be used without the
> agent.
Whining about a design detail of free software? Get a grip.
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
> I just checked the BSI's list of certified products[1].
Sorry, I forgot to include the URL:
[1]
https://www.bsi.bund.de/DE/Themen/Sicherheitsberatung/ZugelasseneProdukte/Liste_Produkte/Liste_Produkte_node.html
___
Gnupg-users mailing list
* karel-v:
> With the approaching release of Thunderbird 78 Gpg4Win and Enigmail
> won't be available any longer and the new OpenPGP-implementation of
> Thunderbird won't be certified to the best of my knowledge.
I just checked the BSI's list of certified products[1]. Gpg4Win and
Gpg4KDE are
* Stefan Claas via Gnupg-users:
> I would like to contact the admin of the GnuPG Mailing List,
> for a proposal, but could not find the contact email address.
Mailman 2.1, which is the software managing this mailing list, adds a
footer to every message. The link in that footer should get you
* Stefan Claas:
> It should be noted that a fixed-width font would not help in this case,
> because with my proposal we are talking about a line-length paramter.
Making lines shorter to fit a vertical smartphone display? Or wider for
horizontal displays? For whatever functional purpose? The key
* Stefan Claas:
> I am aware of fixed-with fonts, but modern messengers or social media
> do not use them.
I deliberately don't use "social" media, nor do I care about it. Also,
if a modern messenger (whatever you may label as such) is not supporting
fixed-width fonts, that's the messenger's
* Stefan Claas via Gnupg-users:
> The reason why I ask, I often see postings on social
> media sites and the output there looks horrible, IMHO.
Fixed-width fun should do the trick. Besides, the ASCII armor format is
meant to facilitate transporting key data in email, not to look pretty.
* John Stevenson:
> This file would be used by Emacs to talk to GitHub via its API.
While "used by Emacs" is quite unspecific and I possibly misunderstand
your requirements, it suggests searching for "emacs gpg". Doing so
returns many hits for Easy PG, so that might be a good place to start.
* Mark:
> Is there anyway to revoke an OLD LOST PGP key? I no longer have either
> the public or private keys but can find the KeyID.
As you guessed, it is not possible, because you require the private key
in order to create a revocation. That's why it is recommended to create
revocations (and
* Steve McKown via Gnupg-users:
> I currently only manage one GnuPG identity, and its private key
> material is stored on a smart card (Yubikey). So I think I'm only
> caring about other's keys, trust relationships, and the like.
If you can limit yourself to modifying files on only one computer
* oxy via Gnupg-users:
> Can i force gpg to prompt for passwd inline?
> (i mean, inside the terminal)
The following might help:
export GPG_TTY="$(tty)"
If you are not using BASH, change this to your shell's required syntax.
-Ralph
___
Gnupg-users
* Werner Koch:
> I will look into this today so that a possible fix can go into 2.2.18.
Thanks a lot, Werner.
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
* Ralph Seichter:
> https://seichter.de/aegi6bee9eShu/gpg-agent.log
Gentle bump, because I posted this a week ago. Did you have a chance to
examine the log, Werner?
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.
* Werner Koch:
> You forgot to _add_
>
> debug-pinentry
> debug ipc
> verbose
>
> to gpg-agent.conf.
Here's the gpg-agent.conf I used:
default-cache-ttl
max-cache-ttl
no-allow-mark-trusted
enable-ssh-support
pinentry-program /home/xyz/bin/pinentry-wrapper
debug-pinentry
* Werner Koch:
> INSIDE_EMACS support is in GnUPG since 2.1.5 (4 years ago). It seems
> that for whatever reasons Emacs does not pass that envvar on.
Perhaps I need to build Emacs "by hand" to get full control over all
options, instead of relying on the existing Gentoo ebuild. Not that I
want to
* Filipp Gunbin via Gnupg-users:
> I see this in NEWS for Emacs 27.1 (unreleased master).
>
> --8<---cut here---start->8---
> *** 'epa-pinentry-mode' is renamed to 'epg-pinentry-mode'.
> It now applies to epg functions as well as epa functions.
I tried both
* Werner Koch via Gnupg-users:
> ${TMPDIR-/tmp}/emacs$(id -u)/pinentry
The socket exists and the permissions look OK (read/write access for my
Linux user).
> If you insert a pinentry wrapper, can you see the INSIDE_EMACS envvar?
I just tried the following wrapper script:
#!/usr/bin/env bash
* raf via Gnupg-users:
> Wherever it needs to be to get added to the gpg command line when
> invoked from within emacs.
As far as I can tell, that's what epa-pinentry-mode is used for (which I
tried unsuccessfully, as stated in my OP). I think I have tried every
EasyPG trick and workaround that
* Filipp Gunbin via Gnupg-users:
> I have 2.2.17 and it works with empty gpg-agent.conf and just this
> line in .emacs:
> (setq epg-pinentry-mode 'loopback)
I use the same GnuPG version, but the Emacs variable setting you
suggested makes no difference for me. That's Emacs version 26.3,
which I
* raf via Gnupg-users:
> Does "--pinentry-mode loopback" make any difference?
Where exactly do you suggest I add this option?
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I asked about the following on the Notmuch mailing list first, and
Daniel Kahn Gillmor offered some advice, but the issue is not yet
resolved. I'm hoping for additional input from the GnuPG community.
I use Dovecot with a Maildir-based message store, allowing me to access
my mail using various
* Andrew Gallagher:
> Can one of the admins please unsubscribe or mute this recipient? It’s
> getting silly now. Thanks.
Hooray for email killfiles. ;-) But yeah, unsubscribing would be nice.
-Ralph
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
* gnupgpac...@on.yourweb.de:
> Why doesn't Let's Encrypt offer this service?
S/MIME certificates have been repeatedly discussed and rejected in the
LE community, pretty much since LE's inception. There even used to be a
related FAQ entry.
One reason is that LE's self declared goal is to provide
* Steffen Nurpmeso:
> > * Steffen Nurpmeso:
> > > I think it is common that S/MIME and SSL certificates are delivered
> > > via PKCS12, including the private key. You then seem to extract the
> > > individual things [...]
> >
> > Nope, that is the wrong way round. [...]
>
> Ok, but that is
* Steffen Nurpmeso:
> I think it is common that S/MIME and SSL certificates are delivered
> via PKCS12, including the private key. You then seem to extract the
> individual things [...]
Nope, that is the wrong way round. The correct sequence to obtain an
S/MIME certificate is as follows:
1.
* Uwe Brauer via Gnupg-users:
> I just obtained a pfx file which I could import, but does somebody
> know whether there is a security breach, the way this certificate was
> generated?
Any process in which I do not create my private key, or in which a third
party asks me to provide them with my
* Andre Klärner:
> is there a way to properly shared the entire keyring and trust
> settings between two machines?
What "properly" means is quite subjective.
My own .gnupg directories are under Git control. Imagine two computers,
let's call them alpha and bravo, in my local network, which both
* da...@gbenet.com:
> putting this code on Github whist demonstrating a point - was foolish
No, it was not. Foolish would be to pretend the conceptual flaw does not
exist, cover your ears with your hands and go "la la la".
> To say that this was in practice and common knowledge for years - it's
* da...@gbenet.com:
> People say "Oh your settings are wrong" But the FAIL to give the RIGHT
> SETTINGS!! And then go waffling on
People don't fail you. Your entitlement issues do. Falsely stating
software X cannot do Y when you are not using it right, expecting
answers on a
* da...@gbenet.com:
> Enigmail will only work with ONE Key.
> It does not recognise any other key than the first key that was
> created.
I use multiple keys with Enigmail and Thunderbird, and I have done so
for years.
> You don't think perhaps can not think - your not too smart as to offer
>
* da...@gbenet.com:
> I have three email accounts with their own keys - Enigmail does not
> support this - you have to have one key and that's it.
Nonsense! One can not only configure one PGP key per account (of which
there can be many), one can even configure one key per identity. Each
TB
* da...@gbenet.com:
> Your Thoughts :)
I think the article is five years old, has not aged well (e.g. MUA
integration has improved), and that nothing better than PGP has come
along in the meantime.
Next. ;-)
-Ralph
___
Gnupg-users mailing list
* Chris Narkiewicz via Gnupg-users:
> What should I ideally do with that signature?
Export the signed key and send it back to the owner. As was mentioned
here before, and I agree, it is not for you to decide whether the key
(with or without your signature) is published on a key server.
-Ralph
* Stefan Claas:
> Well, mail in a "forum" like a Usenet group is there a prefered delivery
> method, thanks to mail2news gateways. [...]
a) We're moving ever further off topic in terms of GnuPG.
b) Once again, the OP wrote about "an anonymous PGP messaging board". I
happen to have created and
* Aleksandar Lazic:
> Am 06-03-2019 17:57, schrieb Ralph Seichter:
>
>> I don't see benefits over what can already be done using the
>> Tor Network as a foundation.
>
> Is Tor really as anonymous as is was in the past?
I don't know what you mean by that question.
* Farhan Khan via Gnupg-users:
> Obviously this would not be the next big method of communication, but
> an interesting niche idea and it seems easy to produce a proof-of-concept.
Not meaning to rain on your parade, but after mulling over your idea, I
don't see benefits over what can already be
* Michael A. Yetto:
> When you sent mail to what did you use
> as the Subject?
I used "subscribe" and "unsubscribe" as subjects for my (un)subscription
attempts, as shown in the List-Subscribe and List-Unsubscribe headers.
I also tried to unsubscribe using the URL provided in the headers, in
I have written to the list owners but did not receive a reply yet, and I
also wonder if anybody else has experienced this:
I tried to subscribe with n...@dom.ain and unsubscribe with o...@dom.ain
by sending email to gnupg-users-requ...@gnupg.org from each of this
addresses. Firstly, I find it
* Andrew Luke Nesbit:
> Enigmail and GPGTools are orthogonal components re: Thunderbird.
> Enigmail is something like the interface to the underlying GPG
> implementation.
Enigmail needs any one PGP/GPG binary. GPG Suite includes a binary that
is based on the official GnuPG sources. Other
* Nicholas Papadonis:
> I'm considering using the Mac Mail.app, however am interested if
> Thunderbird is better integrated from a security standpoint.
Apple's on-board Mail requires a plugin to encrypt/decrypt messages.
While GPG Suite (https://gpgtools.org) provides said plugin, it is no
This thread really has me pulling my hair--what's left of it. Some core
aspects from where I am standing:
1. GPG is maintained by volunteers. If you have any complaint about how
this maintenance is progressing, get off your behind and be a volunteer
yourself, or failing that, provide an
On 22.05.18 03:42, Mark Rousell wrote:
> Preventing users from encrypting new data using legacy encryption does
> NOT need to mean that other users have to be prevented from (quite
> legitimately) accessing archived data using legacy encryption with
> maintained software.
Who said "have to be
On 21.05.18 07:20, Robert J. Hansen wrote:
> We should keep the 1.4 source code available, but wash our hands of it
> and say it will receive *no* future fixes, not even for security
> issues -- and we need to stand on that when people start screaming.
I agree. In my experience, this
On 18.05.18 15:40, Matthias Mansfeld wrote:
> Jürgen Schmidt is a dedicated OpenPGP hater. Be warned and/or just
> ignore this comment.
>
> https://heise.de/-4051354
Fortunately not everybody at Heise is clueless and/or a PGP hater:
https://heise.de/-4050153
-Ralph
On 21.09.17 22:37, Stefan Claas wrote:
> If i would be a programmer of software like GnuPG, my software would
> not allow to receive unwanted signatures on my pub key, nor would it
> allow that someone else can fake a sig on someone else's pub key with
> my key-id.
If you can solve the design
On 21.09.17 22:13, Robert J. Hansen wrote:
> About 25 years ago I first saw the suggestion that signatures from
> unvalidated certificates should simply not be visible to the end-user
> [...]
Yeah, that would be one way to make these sigs less obvious. Of course
it does not solve the underlying
On 21.09.17 22:11, Stefan Claas wrote:
> > You can only ever be certain of a signature if you have personally
> > verified the signing key and the signer's identity.
>
> Well, call me a stupid Mac dummie, but how in the world could GnuPG
> users , living in different areas verify that?
They
On 21.09.17 20:49, Stefan Claas wrote:
> How could customers, not pros like all you guys here on the list,
> could verify that we both are the persons the keys/signatures are
> claiming?
Legal identification is required. Since you are German, you can use
On 15.09.2017 10:52, Robert J. Hansen wrote:
> Often, the best way to begin learning how to do something is to go out
> and do it.
While I have nothing against (rapid) prototyping in general, it is not
the advisable method for each and every project or person. I prefer
spending time designing
On 07.11.16 22:52, Schlacta, Christ wrote:
> Top posting is easier for some, bottom posting for others.
It is not about what is "easier for some", but I am not going to spend
more time discussing Netiquette with you. We have been doing things in
a certain way in mailing lists - since the 1980s -
On 07.11.16 21:59, Schlacta, Christ wrote:
> What's annoying is when you're subscribed to a list and receiving
> posts, but for some reason when you try to post, it says you're not
> subscribed and getting moderated.
Used the wrong address to post? Anyway, speaking of annoying things:
On 07.11.16 19:06, Werner Koch wrote:
> Our mailing list admins are moderating posts from non-subscribed
> posters. For many years they are doing this without getting much
> attention - time for a big KUDOS to them.
That's quite unusual. Thanks to the list admins for their work. Still,
I
> (Note I'm not subscribed, please cc me on replies)
If you are not subscribed, how did you post on this mailing list?
> Why on earth - HOW on earth - is it encrypting messages without
> needing my key?
GPG does not initiate encryption, your MUA (Thunderbird) does. Also, GPG
does not require
On 12.09.2016 21:15, Anthony Papillion wrote:
> Assuming everyone is willing and comfortable with using GnuPG, is there
> any compelling reason (aside from easy setup and use) to use S/MIME?
The main reason I can think of is the fact that there are mail clients
that don't support PGP without
On 28.02.2015 00:48, Hugo Osvaldo Barrera wrote:
Please, stop spreading the iMessage falacy, it's system offers privacy
only from *some* parties, but not from everyone.
I invite you to read my message again. I used iMessage as an example for
usability (as did c't editor Jürgen Schmidt), not
It looks like we agree on most aspects, but to get back to the original
question of this thread: From what I have seen since the nineties (I do
remember donating money for Philip Zimmermann), PGP is great for users
with a solid foundation in cryptography, but it is too complicated for
avarage
Your positions to this ct approach?
The c't magazine is mostly well respected in Germany and the editors
have some valid points; the latest articles are by no means mindless
rants or PGP-bashing. The thought of letting PGP die as an e-mail
encryption mechanism for the masses (the non-tech-savvy
to fix pth-config by removing the
superfluous -L/usr/lib.
I'll attach a small patch for the configure script of GnuPG 2.0.1
which works for me.
--
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter
*** /tmp/gnupg-2.0.1-orig/configure Tue Nov 28 17:05:22 2006
--- configure
Dipl. Inform. Ralph Seichter
Making all in agent
make[2]: Entering directory `gnupg-2.0.0/agent'
gcc -I/usr/local/libgpg-error-1.4/include -g -O2 -Wall -Wno-pointer-sign -o
gpg-agent gpg_agent-gpg-agent.o gpg_agent-command.o gpg_agent-command-ssh.o
gpg_agent-call-pinentry.o gpg_agent-cache.o
Werner Koch wrote:
Please try 2.0.1 which I released this evening.
I tried, but unfortunately version 2.0.1 won't compile either.
--
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter
gcc -I/usr/local/libgpg-error-1.4/include -g -O2 -Wall -Wno-pointer-sign -o
gpg-agent
81 matches
Mail list logo
