On Mon, 4 Sep 2023 19:45, Alexander Leidinger said:
> If I specify --pinentry-mode loopback it works. Shouldn't this also
> work without this option? If yes, what's wrong or how to debug this
Sure, this shall work. You may want to add
--8<---cut
On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:
> Signing /dev/null feels like more of a hack then an actual solution to
> keeping the key unlocked until portage finishes. Therefore I would
> like to ask you if you have any better ideas to do this?
Don't use a passphrase or better use remote
On Thu, 24 Aug 2023 06:07, Stuart Longland said:
> No, you need `openssl` for that.
Actually you can do that as well with GnuPG.
gpgsm --gen-key
creates either a CSR or a self-signed cert. You can build a CA with it.
This requires a parameter file. For example create a file
On Sat, 5 Aug 2023 12:10, Felix E. Klee said:
> I also tried killing root’s gpg-agent, to avoid conflicts with that of
> the user, but that didn’t help either.
Right a second scdaemon might have grabbed the device. If you don't
need it as root put into root's gpg-agent.conf "disable-scdaemon".
On Mon, 10 Jul 2023 10:48, Juanjo said:
> There are other setting managed via "ykman" not provided by "gpg-card" :
> * The number of PIN retry attempts: ykman openpgp access set-retries
> * The touch policy: ykman openpgp keys set-touch
Easy to add; do you want to file a feature request over at
On Fri, 7 Jul 2023 14:22, Juanjo said:
> This works fine with a single Yubikey, but we wanted to have more than
> one connected at the same time in order to batch-configure them and
> even to try to use multiple SSH key authentication in specific target
Most of the time I am using several
On Fri, 7 Jul 2023 11:19, Juanjo said:
> I'm using "gpg (GnuPG) 2.3.3" on AlmaLinux 9 and it works fine with a
> single "YubiKey 5 USB (5.4.3) [CCID]".
You should get a recent version. Even Fedora comes with 2.4.0
> So, is there a way to select a specific Yubikey for the "gpg --card-edit"
>
On Fri, 7 Jul 2023 10:59, Bernd Naumann said:
> For a test setup / proof of concent / lab, I'm looking for a pretty
> simple keyserver implementation.
Use an LDAP server; this is the most flexible and best supported way to
store keys.
https://www.gnupg.org/blog/20201018-gnupg-and-ldap.html
>
igned by one or more
of these four keys:
rsa3072 2017-03-17 [expires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing
On Thu, 15 Jun 2023 09:08, Alexander Leidinger said:
> The Windows PC I used with the AusweisApp was connected via cable and
> it worked. The WLAN and the cable network are in the same /24 range in
WLAN and Ethernet should never share the same network. This is
something such a service should
On Tue, 13 Jun 2023 08:46, Alexander Leidinger said:
> DKIM doesn't specify an automatic removal of a sinature. So I
> postulate there is no DKIM related tool which does this (only
formail -I DKIM-Signature
BTW, the whole DKIM thing does not protect the body of a mail because
for example the
Hi!
When posting mails to lists.gnupg.org the mails are received at our
standard MX and are then forwarded to a the Mailman box
(lists.gnupg.org). Over there we do some minimal spam detection and
then pass it to mailman. Mailman changes From to have the list address.
lists.gnupg.org does not
On Mon, 5 Jun 2023 14:49, broussard marc said:
> => does pgp can tell when the key is becoming soon expired?
That is easy on Unix:
$ gpg --list-keys --with-colons \
| awk -F: -v days=60 \
'BEGIN { from=systime(); to=from+(days*86400)};\
$1=="pub" && $7 > from && $7 < to {
xpires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
Hi!
thanks for the report.
> My guess is that the fingerprint is resolved to the ADSK of the first
> key with key usage R instead of the original subkey with key usage
Sounds right. Depends on the structure of the keyring.
Need to develop a fix. See https://dev.gnupg.org/T6504
On Sat, 20 May 2023 11:20, Mike Schleif said:
> How can we "import" our existing keyring into newer GPG?
You actually don't need to do anything. gpg auto-migrates the private
keys. If everything works then for you, you may delete the secring.gpg
which is not anymore used (but better take a
Hi!
On Fri, 19 May 2023 17:38, Robert Irelan said:
> This is the command line that seems to hang with 2.4.1:
>
> ```
> /opt/local/bin/gpg2 --no-tty --status-fd 1 --yes
> --enable-progress-filter --command-fd 0 --output
> /var/folders/gc/73c5zcp918z9dssx8k1sybh0gn/T/epg-output2zVC4K
>
On Tue, 16 May 2023 01:19, LuKaRo said:
> '/run/user/1000/gnupg/S.gpg-agent.ssh'
> debug2: get_agent_identities: ssh_agent_bind_hostkey: agent refused
> operation
You should log the other side of the things: Put
log-file /whatever/you/want
verbose
debug ipc
into ~/.gnupg/gpg-agent.conf and
On Wed, 10 May 2023 14:43, Dim Xr said:
> I'm far from a security expert, that's why I needed a more
> higher level solution for this. But definitely I'll give it a shot.
Use DMCrypt under Linux or Veracrypt etc. Disk encryption is a
complicated matter and you definitley should have some
On Tue, 9 May 2023 17:48, Dim Xr said:
> same size? Is there any way to have FPE (Format Preserving Encryption) via
> GPGME?
No. GPGME uses the OpenPGP and S/MIME protocols (gpg and gpgsm) and is
not suitable for your task. You need to use a low level crypto library
for that (e.g. Libgcrypt)
Hi!
> rndgetentropy.c:98:48: error: use of undeclared identifier 'GRND_RANDOM'
> ret = getrandom (buffer, nbytes, GRND_RANDOM);
> OS : macOS 13.3.1 (a) / Command Line Tools for Xcode 14.3
> Platform : Darwin (x86_64-apple-darwin22.4.0)
There is a glitch in 1.10 which
On Thu, 4 May 2023 09:43, Ineiev said:
> This is another issue ADK might handle differently---if gpg skipped
> validation of the donor keys (where ADK subkeys come from),
The ADSK shall work very similar to --encrypt-to - that is it is only
used if there is already an encryption key. That is
On Sun, 30 Apr 2023 13:58, Andrew Gallagher said:
> The danger of an “ignore ADK” option is that it gives a false sense of
And not to forget the other important use case: Add an ADK for your own
second device so that you are able to decrypt also on that device -
without the need to keep the
On Mon, 1 May 2023 13:10, Todd Zullinger said:
> Sorry it interrupted your weekend. Thanks for the new
Actually it was Friday evening and I left the office a bit earlier than
usual.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service.
On Fri, 28 Apr 2023 16:57, Johan Wevers said:
> So you finally caved in to the backdoor demands.
In business it is quite common to share subkeys with others. Thus the
ADSK makes it only more explicit and flexible. See the blog entry.
> What I'm missing (maybe I just didn't found it?) is an
On Fri, 28 Apr 2023 11:21, Todd Zullinger said:
> It seems neither of these files have not made it to the
> server yet:
Sorry for that. I have used a new build machine and obviously forgot
one of the last steps. Most of the release process is scripted but the
final upload needs to be done
igning Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 202
On Sun, 16 Apr 2023 10:12, Mike Schleif said:
>> > gpg (GnuPG) 2.0.22
That version reached end-of-life more than 5 years ago. Don't use it.
>> $ gpg --version --no-copyright
--no-copyright - There is no such option. What you meant was
--no-greeting.
Salam-Shalom,
Werner
--
The
On Sun, 9 Apr 2023 19:13, John Scott said:
> You're a genius! I actually had a hard time getting Scute 1.7.0 to
> compile, so I built it from Git instead and everything worked
> flawlessly! I was even able to sign a PDF :)
FWIW, we are even working on Poppler to integrate GnuPG without the need
d patch and
run gpg-preset-passphrase with the option --restricted to address the
other cache.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
From ab35d756d86438db124fa68aa633fe528ff8be50 Mon Sep 17 00:00:00 2001
Fr
On Wed, 22 Mar 2023 16:16, xeyrion--- said:
> Forwarding normal socket (instead of extra socket) makes the prompt go
> away. Is there a way to preset passphrase for extra socket as well?
The caching behavior does not depend on the connection type. Thus this
should not be an issue. I assume you
On Wed, 1 Mar 2023 21:24, Michael Richardson said:
> Combined with SSH access to the machine, and the passphrase/pin popup shows
> up in the wrong place.
Talking about ssh: Yes, you need to make sure that gpg-agent has been
launched. But once that has been done ssh works nicely.
The major
Hi!
I spent some time looking into this. The CRL is issued by a certificate
CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz Service GmbH,C=DE
However that certificate is not available: I only found the previous one:
ldapsearch -H ldap://ldap.dgnservice.de:389 -b 'O=DGN
On Thu, 23 Feb 2023 18:37, Alexander Grahn said:
> Thank your for your reply. Does it mean that the problem is to be solved on
> the
> GnuPG end?
I can't tell because I do not have a valid DGN certificate anymore.
Feel free so send me yours by PM - makes debugging easier.
Salam-Shalom,
On Thu, 23 Feb 2023 11:22, Alexander Grahn said:
> Should an ldap host answer on ping requests in general? Because the one in
Pinging arbitrary servers does often work because too many admins tend
to block ICMP echo. An LDAP server is commonly behind some load
balancer and thus a ping won't help
On Wed, 22 Feb 2023 09:16, Bernhard Reiter said:
> gpg -v --locate-keys --auto-key-locate clear,nodefault,wkd i...@univention.de
BTW, using
gpg -v --locate-external-keys i...@univention.de
is easier to remember.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth
On Wed, 1 Feb 2023 16:51, Martin said:
> It just seemed like a contradiction to me if a key for security
> reasons should be downloaded from a website with an insufficient
> certificate ;-)
That is not really a matter. X.509 certificates as well as PGP keys are
self-contained. All OpenPGP
On Fri, 20 Jan 2023 15:07, Yorick van Pelt said:
> yubikey if it is not inserted, but can't figure out how to make it try the
> yubikey before the password-protected key.
>
> How can I best restore the old behavior?
Unfortunately there is no way to do this right now. The tentative plan
is to
On Mon, 16 Jan 2023 07:56, Troy said:
> The problem is that there's already a gpg-agent running at the remote
> (I think started by systemd or the X server), which I don't want to
> disturb. For my ssh connection, I try to create a new Unix domain
Don't run the gpg-agent for your account. I
On Mon, 16 Jan 2023 16:47, Christoph Klassen said:
> For some reason in that test gpg didn't output anything or at least
> the PowerShell didn't show anything.
Powershell and stdout and stderr are a bit problematic. I can't
remember the details so I usually stick to cmd.exe or run tools
On Mon, 16 Jan 2023 07:55, Jan Girlich said:
> Is the call to "gpgme_check_version" maybe done implicitly by the
> Python bindings?
Yes. See gpgme/lang/python/src/core.py
# check_version also makes sure that several subsystems are properly
# initialized, and it must be run at least once
On Sun, 15 Jan 2023 10:52, Christoph Klassen said:
> When I was testing the decryption I also tried "gpg --decrypt
> test_file.gpg" (without output file) with the 10 GB file and it took 8
> minutes and 47 seconds. I was wondering why it took longer when GnuPG
> didn't need to create an output
On Tue, 3 Jan 2023 17:19, mortimer.hob...@gmail.com said:
> Is it possible to install the GpG3Win addon for Outlook without
> re-installing the whole Gpg4Win system?
You need to update the entire Gpg4win. For security reasons you should
do this asap.
Salam-Shalom,
Werner
--
The
On Sun, 1 Jan 2023 15:51, Ingo Klöcker said:
> If you really must know the exact second then use the option --with-colons
> when listing the keys. The timestamps are given as seconds since Unix epoch.
> You can use the `date` command to convert this number to your local time.
Or use use
On Fri, 30 Dec 2022 19:48, Kosuke Kaizuka said:
> keyring /path/to/pubring.db (does not work)
>
> "keyring" does not work any more with "use-keyboxd"?
That is correct. The keyboxd uses a fixed location for its database and
there may only be one. keyring has no effect as long as use-keyboxd is
On Wed, 21 Dec 2022 18:58, Ingo Klöcker said:
> I suppose this is intended behavior (because data is often text and you don't
> want to get that in hex). You may want to use `gpg-connect-agent --hex`.
Yes, that is indeed intended. D(data) lines may return arbitrary data
with only a few values
also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa3072 2017-03-17 [expires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030
On Thu, 15 Dec 2022 09:17, Bernhard Reiter said:
> Which IETF OpenPGP working group members are you referring to?
That should be obvious with just a little research.
> What of their actions will be a problem for OpenPG from our point of view?
Instead of finalizing the draft started in 2015,
On Sat, 10 Dec 2022 22:21, Karel van Gruiten said:
> I am only a user, but I wonder why they stick to the 2.2-series and do
Probably because there is an interest conflict between the GnuPG
maintainers in Debian and those who want to turn OpenPGP into something
very different (i.e. new IETF
On Fri, 9 Dec 2022 08:40, Christoph Klassen said:
> does anyone here know which is the maximal size of a file that can be
> encrypted by GnuPG?
Depends on the shell and operating system. On any non-legacy system you
may read and write files larger than 4 GiB. If you pipe the data in and
out
On Thu, 1 Dec 2022 14:45, Andreas Heinlein said:
> 1. If I follow the guidelines for creating the directory
> /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions
> 2750. So there ist no chance for the apache user to be able to read
That does not look right. You should have o+rx
On Fri, 4 Nov 2022 19:03, Angel de Vicente said:
> Any ideas as to what might cause this?
No. But you may want to add
debug-pinentry
to gpg-agent/conf
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
On Fri, 11 Nov 2022 10:58, Andrea Lenarduzzi said:
> Thank you
> gpg-connect-agent 'scd getinfo reader_list' /byeD
> 058F:9540:X:0%0A076B:3031:X:0%0AOK
Unencoding the above list:
058F:9540:X:0
076B:3031:X:0
Thus you have two reader and you need to either use
--8<---cut
On Thu, 10 Nov 2022 11:57, Andrea Lenarduzzi said:
> disabled-ccid-driver
I hope that is a c=P error. The option is called "disable-ccid-driver"
and not "disabled-..."
> reader-port 32768
That is a very unlikley reader port sepcification you need to use the
strings as shown by PC/SC. If you
Hi!
On Wed, 9 Nov 2022 18:10, Andrea Lenarduzzi said:
> Hi, I've a lot of problems to use gpg with OmniKey AG OMNIKEY 3x21
> and Alcor Micro Corp. AU9540. gpg: selecting card failed
Better get a solid reader and not those Windows reader which delegate
parts of their duties in their Windows
Hello!
For the first time we published an AppImage of GnuPG along with
Kleopatra as its GUI. An AppImage may be used on any Linux version
without the need to build new libraries and to remove the GnuPG already
installed on the system. It comes with the latest libraries and is
useful to try out
On Tue, 18 Oct 2022 08:59, Alessandro Vesely said:
> Debian fix kept the old version number 1.5.0-3, though:
FWIW: Debian thus misses
* Allow an OCSP server not to return the sent nonce. [rK24992a4a7a]
* Limited support for the Authenticated-Enveloped-Data content type.
[rK81fdcd680c12]
e owners. Current releases are signed by one or more
of these four keys:
rsa3072 2017-03-17 [expires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 26
__
SECURITY ADVISORY FOR LIBKSBA/GNUPG
(CVE-2022-3515)
g10 Code GmbH
__
On Sat, 15 Oct 2022 12:50, Robert J. Hansen said:
> Because GnuPG 2.x already starts the daemon. It should be running by
> the time you finish logging into your system.
Further the gpg-agent is responsible to compute the iteration count for
our KDF. That takes at least 100ms and thus either a
On Wed, 5 Oct 2022 00:21, s7r said:
> Question is: keys can be generated unattended just fine, except I did
> not find a clear way to pass an Expire date param to the encryption
> subkey only, and not the primary key as well. The requirement is that
Use
gpg --quick-gen-key --batch
Hi Phil,
To clarify: Why do you put keys intended only for signing into the WKD?
The only purpose of the WKD is to discover keys used to encrypt outgoing
data/mail. To verify a signature the WKD does not really help because
there is no way to look up the key by fingerprint. Well, one of the
On Mon, 26 Sep 2022 00:30, Ángel said:
> You would need to recompile gpg with that change / convince the OpenBSD
Please don't do that. Actually you would have to recompile Libgcrypt.
But don't do that (recompile with changes to the random code).
> My recommendation: create the /dev nodes
On Wed, 21 Sep 2022 07:06, Fourhundred Thecat said:
> Why am I prompted for passphrase?
So that --list-packets can show you the encrypted content with all the
inetresting packets. Hit cancel and you are done.
Please note that the output of --list-packets is strictly for debugging
purposes and
On Tue, 20 Sep 2022 16:56, Louis Holbrook said:
> I am using /usr/bin/pinentry-tty for password input, which in the
> interactive mode lets me paste a password from the terminal.
Please use pinentry-curses or, if you run in an xterm, better one of the
GUI pinentries. The pinentry-tty is a very
On Sat, 27 Aug 2022 16:17, Tony Lee said:
> Count User Time (s)
> 1024 0.237
For backward compatibility reasons with 1.4 the default count value is
used in this case. The default value is computed by gpg-agent and
depends on your machine (cf. gpg-agent's
On Fri, 19 Aug 2022 14:48, kho said:
> 4. Another approach is that I could for example have created just 3
> subkeys (not 6) and copied all 3 to smartcard1 and again to smartcard2.
> I thought that having those subkeys separately is ideal, specially in a
> occasion were smartcard2 is stolen. Then
On Thu, 11 Aug 2022 17:25, Sosthène Guédon | Nitrokey said:
> That makes sense to me. However why offer curves not supported by the
> hardware?
Because we can't now what curves a certain smartcard supports. The
announcement of the car capabilities is a relative new and optional
OpenPGP card
On Thu, 11 Aug 2022 14:58, Sosthène Guédon | Nitrokey said:
> I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are
> currently developing.
You should better use the stable branch (2.3) instead of the LTS.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the
Hi!
Please share your GnUPG version and the type of smartcard you are using
with us. A 9 year old commit is not very helpful.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
signature.asc
Description: PGP
On Sun, 7 Aug 2022 12:46, andrew--- said:
> It looks like GPG4Win as well as "simple" installer are 32bit-only,
> which is somewhat unexpected in 2022. Is there a reason for this?
Windows 64-bit-only installations are pretty rare and thus the 32-bit
GnuPG suite is not a problem.
> Such
On Thu, 4 Aug 2022 21:27, folkert said:
> How can I, programmatically, prevent gpg-agent to cache a passphrase?
> Or clear its cache?
Put
max-cache-ttl 0
into gpg-agent.conf
To fluish the cache run
gpgconf --reload gpg-agent
>err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1");
>
>
Hi!
This is a quick announcement that a new GnuPG release for 2.2 is
available. We will also preprare a 2.3 release in the next days but due
to summer holidays things are a bit delayed.
See also https://dev.gnupg.org/T5949
Shalom-Salam,
Werner
Noteworthy changes in version 2.2.36
On Fri, 24 Jun 2022 20:47, Minas Argyrou said:
>> scdaemon[x]: detected reader 'ACS ACR38U 0' scdaemon[x]:
Never got them to run properly. Just stay way from this reader type.
> I was never able to get the SC-HSM to work with GnuPG, even though it is
> supposedly supported. This is
On Fri, 17 Jun 2022 12:23, artur.brzozowski said:
> I've been trying to get gpg-agent running under supervision using
> FreeBSD's native daemon(8) [1]
Please don't do that. The --supervised option has been deprecated
recently because it conflicts with GnuPG's internal management of daemon
On Tue, 14 Jun 2022 08:38, Torsten Bronger said:
> Hallöchen!
>
> Werner Koch writes:
>
>> please let us known your GnuPG versions and your OS.
>
> gpgsm (GnuPG) 2.2.27
Please update to 2.2.35 which
* gpgsm: Fix parsing of certain PKCS#12 files. [T5793]
See htt
Hi!
please let us known your GnuPG versions and your OS.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
signature.asc
Description: PGP signature
___
Gnupg-users
On Thu, 9 Jun 2022 08:11, Jan Eden said:
> Now I corrected the mistake, and all is well.
I don't think this is your mistake. We need to do something about it.
Tracked at https://dev.gnupg.org/T6023
BTW, to ignore local keys and update from WKD (or whatever has been
configured) you can use
On Fri, 3 Jun 2022 18:05, Frank said:
> And I am currently eyeing at the 'ELF visibility' check in the
> configure script.
That is pretty old code from 2007. I do not remember any details; it is
possible that this is based on Uli Drepper's original paper. it was
originally implemented for
On Mon, 30 May 2022 19:52, Matt Borja said:
> - Related to this approach: Is the passphrase on a private key not
> sufficient encryption strength to store the private key in a secure
> cloud
> vault for archival purposes; or could it not be paired with a
The currently used
On Sun, 29 May 2022 13:07, Johan Wevers said:
> Why do they do that? BTW, when I search for brainpool I only find
> definitions and RFC's, I seem unable to find why they are needed (or why
> they would be peferred) over other curves.
That is mostly a political issue: In Europe the use of NIST
On Wed, 25 May 2022 22:58, Dirk Gottschalk said:
> $ gpg --with-colons --list-config curve
> cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;secp25
> 6k1
This should read
20-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
On Tue, 19 Apr 2022 15:52, Vishal Rana said:
> Digital signature verification is failing. Getting "*Bad signature*" error.
> How to debug this??
gpg --debug hashing --verify ..
Creates files with the actual hashed data - compare them to thoe create
by the signing process.
> But observation
[expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
02F3 8
On Fri, 8 Apr 2022 14:07, Vishal Rana said:
> But my received signed image is some unreadable "--detach-sign" file .
> How I am able to make a received signed image to * gcry_sexp_t *please
> suggest*.*
See gnupg/g10/parse-packet.c
and gnupg/g10/pkglue.c
and please do yourself a favor and
On Thu, 7 Apr 2022 15:26, Vishal Rana said:
> Please suggest to me how to proceed.
Most GnuPG tools feature a debug option
--debug mpi
--debug crypto
which shows you lots of debug info. For example the raw RSA parameters.
Use "--debug help" to see all debug classes. But always remember that
On Tue, 5 Apr 2022 16:57, Matthias Apitz said:
> an OpenPGP card could be used to unlock a ciphered LUKS partition during
> boot of the L5 mobile device, see this posting at the end:
No idea, I don't use LUKS but g13 ;-)
> Werner, what about your L5?
It is gathering dust in one of my drawers
6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
N
Hi!
Just for the records
> Oh, I didn't know, I was advised yesterday on another irc channel
> (#debian-facile) to change my key server:
>
> "They were ('keys.gnupg.net' and others) all flooded with fake keys
> mid-2019
You can't talk about fake key on a keyserver. That is not the task of a
On Wed, 16 Mar 2022 16:22, Schultschik, Sven said:
> There must be a possibility to proper kill the pinentry
gpg-agent closes the pinentry or kills it on timeout. You need to
properly restore your tty in case the used curses version does not act
correctly or the pinentry died.
Salam-Shalom,
On Wed, 16 Mar 2022 09:26, Daniel Kilimnik said:
> mode. With --pinentry-mode loopback --passphrase-fd 0 activated. It asks
> for my current passphrase, but then exits with a success.
--passphrase-fd works only if a password is request but not if two
passwords are quested (the old one and the
> I'm using the Cancel methods on ctrl+c but the terminal is anyway messed up.
> Would it be worth a bug report?
No. The pinentry is background process and there is no portable way to
save and restore the screen. Thus your application may want to do
something like this after a gpgme operation:
On Fri, 18 Feb 2022 11:34, Gao Xiaohui said:
> Hi developers, thanks for your reply. But I tried the method you gave:
> use "chcp 65001", and still display abnormal characters. Is there any
> other solution to solve it? If it is a bug, please fix it. Grateful.
You need to install/configure a
On Sat, 19 Feb 2022 15:52, Robert J. Hansen said:
> As part of an iterated key derivation function, SHA-1 is still believed safe.
> There's no reason to shy away from it, or AES128.
FWIW: SHA-1 is also used has part of the OpenPGP MDC construction. This
is something alike a MAC and there are
On Fri, 18 Feb 2022 13:08, Daniel Colquitt said:
> Is the suggestion the gpg does not respect these flags when applying
> symmetric encryption to keys?
gpg does not encrypt private keys. This is done by gpg-agent. The
method how the keys are protected internally are out of scope for
OpenPGP.
On Wed, 16 Feb 2022 18:03, raf said:
> But maybe it is dead. I don't really need it. My only interest was that
Yes, it is dead. Except for a minority of users, it is impossible to
easily add new resource records. However, putting new files on a
webserver is easy.
FWIW, you can build your keys
se Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021
On Mon, 31 Jan 2022 01:09, Ángel said:
> Nothing in the email you receive is actually required. You could have a
> Fully-Encrypted-Email-Messages, which on SMTP looked like:
>
> MAIL FROM:<...>
> RCPT TO:
> DATA
>
>
> .
> QUIT
>
>
> No plaintext at all. (Well, some Received: headers would be
On Sun, 30 Jan 2022 04:25, Ángel said:
> Could you elaborate? I am surely missing something.
Unfortunately I can't tell you any details because the paper has not yet
been published. The attack is not easy to mount but it is not entirely
academic. It affects the standard for sending private
101 - 200 of 3672 matches
Mail list logo