Hi!
On Sun, 30 Jan 2022 14:37, Felix E. Klee said:
> $ echo scd getinfo reader_list | gpg-connect-agent --decode
> OK
scdaemon does not see any reader. That might simply due to another
process which uses the reader (the yubikey tools). Using
debug cardio
verbose
log-file
On Thu, 27 Jan 2022 08:25, Teemu Likonen said:
> outside your normal computers I suggest using the export format: "gpg
> --export-secret-keys".
Note that there is an attack on the private key export format. Thus my
recommendation not to rely on this unless you can make sure that the
exported
On Sun, 23 Jan 2022 21:12, Arjun said:
> I have GPG_TTY=$(tty) set in my .bashrc. However, when I ssh in
>
> ssh remote
By default ssh does not allow X forwarding. You need to use an extra
option to ssh to allow X programs on the remote to work on your (local)
X-server.
A quick test is to
On Tue, 18 Jan 2022 15:59, Bernd Graf said:
> How can I require `gpg --verify` to only accept keys from my keyring
> with a certain trust level and fail otherwise (rc!=0)
Use gpgv instead of gpg.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Tue, 18 Jan 2022 09:50, Johan Wevers said:
> Well, a bit more respect for backwards compatibility would help a lot by
> that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just
1.4 should be able to decrypt all 2.6 generated data.
Shalom-Salam,
Werner
--
Die Gedanken
> Just to confirm, my scdaemon.conf file should look like this:
>
> debug-level ipc,app,cardio
Replace that by
debug ipc,app,cardio
and remove debug-level lines. (The debug-leve thing is IMHO not very
useful since we got those dedicated selectors. We should eventually
remove the debug
On Thu, 6 Jan 2022 15:33, Anze Jensterle said:
> checked multiple times). Only deleting the old intermediates instead of the
> root helped. Do you also check all the intermediate paths?
Sure. My former answer was simply wrong.
For details please see https://dev.gnupg.org/T5639 which was fixed
On Fri, 7 Jan 2022 16:23, Marko Božiković said:
> My scdaemon.conf has a single line:
>
> card-timeout 1
Please remove this at least for testing.
> log-file
> debug-level basic
> verbose
Please change the
debug-level ...
to
debug ipc,app,cardio
Actually you should have seen a debug
On Sun, 9 Jan 2022 10:25, Robert Flosbach said:
> For future reference and people having the same issue: gpg2.3
> introduced a new packet type 20 which provides authenticated
> encryption with associated data (AEAD) [1]. A key generated with
> gpg2.3 supports this encryption type and encryption
On Thu, 6 Jan 2022 12:02, Anze Jensterle said:
> Any idea why? I suspect it has to do with old intermediates being
> crosssigned as well.
If you don't have the current LE root certificate the old certification
path is tried.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen
Hi!
instead of working around the problem, I strongly suggest to update
gpg4win to 4.0 or at least install gnupg 2.2.33 on top of an older
gpg4win. This fixes the problem without a need to tweak the root cert
store.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
Hi!
small but important correction:
> Chiasmus: the proprietary GreenBone software from /cryptovision GmbH/
Of course I meant GreenShield and not Greenbone. The latter is a
company which provides free software network security scanners. See
https://www.greenbone.net/en/
Shalom-Salam,
6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
02F3 8DFF 731F F97C B039 A1DA
> I have attached logs of the wrong and correct behavior I observed
> (debug-level guru, debug-all).
Yes, this is an obvious bug. We have not yet seen it because on Unix we
prefer to use the CCID driver using a different code path and further
with 2.3 there is not much need to specify a port.
On Wed, 29 Dec 2021 14:55, Anze Jensterle said:
> I just updated my Windows PC to 2.3. I used the "reader-port" option in
Do you mean gnupg 2.3.4 for Windows or the gpg4win 4.0 ?
> I have attached logs of the wrong and correct behavior I observed
> (debug-level guru, debug-all).
Thanks. We
On Wed, 29 Dec 2021 21:33, Andrew Gallagher said:
> OK, so you definitely need to solve the root certificate issue.
This has been fixed with gnupg 2.2.32 - please get an update. The
workaround is to delete the old LE certificate from your Root CA store.
Salam-Shalom,
Werner
--
Die
On Sun, 26 Dec 2021 09:20, Uwe Brauer said:
> gpgsm (GnuPG) 2.1.11
Please get a decent version. The LTS branch is currently at 2.2.33.
Your version is 5 years old!
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP
On Wed, 22 Dec 2021 14:47, Benoît said:
> I got 3x OpenPGP Smart Card v3.3 and I am unable to generate Curve25519
> on the card nor importing a cv/ev25519 to it.
Whether this is supported depends on the type of the card. The Gnuk and
newer Yubikeys support curve25519 but the Zeitcontrol card
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key
long term keys of
their respective owners. Current releases are signed by one or more
of these keys:
rsa3072 2017-03-17 [expires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A
On Tue, 9 Nov 2021 15:28, Keine Eile said:
> I have a revoked private key in my key ring, which I replaced with new
> one. I really do not want to discard this old key, for what I think
> good reasons. Is there a way to let gpg ignore this key or suppress
> this this¹ notification?
You can
On Mon, 8 Nov 2021 20:30, Christoph Klassen said:
> repos). The solution was to run first dpkg --purge --force-all
> libgcrypt20 (couldn't remove it the normal way because of some
Not a good idea. That may break things. It is better to install
libgcrypt and the other libs to /user/local/lib
On Fri, 29 Oct 2021 16:24, Kazunori Kobayashi said:
> On modern Linux, we can change the maximum number of file descriptors
> per process in some ways. This feature is a well-known way for long
> time operation without reboot in cases such as server machines.
That is a known problem we recently
On Sat, 6 Nov 2021 12:09, Matthias Apitz said:
> This message is typed on a BT keyboard connected to the L5 and sent
> from mutt on the L5 via SMTP and Wifi to the list while sitting
> in the sun in a beergarden.
Alright. I eventually need to figure out how to turn my Cosmo
Communicator into a
On Fri, 5 Nov 2021 17:30, Matthias Apitz said:
> But, it does not work locally on the L5 in its "terminal app", the
> "pass" command in the terminal raises an error about no secret provided.
You did the
gpg-connect-agent updatestartuptty /bye
thing to tell gpg-agent where it shall pop up the
Hi Matthias,
On Thu, 4 Nov 2021 09:40, Matthias Apitz said:
> I got mine in early October after exactly 4 years waiting. I do not
Same here. I actually met with Todd back then and my colleague Gniibe
write the driver for their planned card reader. Then we had that long
delay.
it is good
On Wed, 3 Nov 2021 18:55, Matthias Apitz said:
> card, and available without any laptop or USB dongel, just in my phone -- a
> big progress. Thanks to Purism to bring this with the L5 to the Linux world!
You mean the Librem5 has indeed a second slot for a smartcard? I
recently received mine
On Sat, 30 Oct 2021 00:20, Damien Goutte-Gattat said:
> Private key only. I believe the purely “mathematical” components of
> the public key can be derived from it (though I may be wrong here),
That is right. Since some releases we also record the creation date of
the key so that we can easily
On Sat, 30 Oct 2021 15:50, Matthias Apitz said:
> I just withdraw the USB dongle after the operation. I was thinking that
> the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked
> state of the OpenPGP card, which it does not. How could I do this?
No, it does not because it is
On Tue, 26 Oct 2021 18:21, Robert J. Hansen said:
> That's true, and is correct. If you're passing a passphrase via the
> command line, that passphrase becomes visible to anyone with the
> privileges to get a list of processes and arguments. At that point the
> passphrase really isn't providing
e long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
K
B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (
On Sat, 4 Sep 2021 12:11, Borden said:
> According to gpg --card-status, I have an OpenPGP card v. 2.1 made by
> LogoEmail (that's not from whom I bought it, so I'm not sure if the
Note that re-configuring a card is only possible with certain cards; it
is an optional feature of the
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
The keys are available at https://gnupg
On Mon, 6 Sep 2021 19:25, meator said:
> Ok, thanks!
Sorry for that. This is a sponsered VM and sometimes we run into OOM
problems. We like to keep these repos on this different machine so that we
can conitnue to collaborate even if other servers fail, or vice versa.
Salam-Shalom,
Werner
On Sun, 5 Sep 2021 18:45, meator meator said:
> Hello, what's up with https://git.gnupg.org/? Is there some
> maintenance happening?
The OOM kicked in and killed the TLS frontend. Its up again.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Thu, 26 Aug 2021 16:23, Klaus Ethgen said:
> It seems that I have the problem all time I use the QT pinentry. The
> gtk2 pinentry seems to be fine and with the switch to QT one, the
Did you tried pinentry 1.2.0 which we released last week?
FWIW, I am using xfce and had some problem with
ne or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre
Hi!
On Wed, 25 Aug 2021 21:36, Thomas Cage said:
> I have installed the new 2.3.2 version which supports "decryption w/o
> public key but with correct card inserted" with commit 50293ec2eb.
The description is a bit too brief. What we do is to lookup the key on
a configured LDAP server. This
keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-
On Thu, 19 Aug 2021 17:14, Jonas Tobias Hopusch said:
> It's good to see one of you respond to my mail. I was worried that maybe the
> mailinglist broke both the SPF and DKIM checks and prevented it from being
Sorry, for taking long to reply.
> It's been a few months since I generated the key
Hi!
On Sat, 31 Jul 2021 23:05, Jonas Tobias Hopusch said:
> Does anyone know what may have gone wrong? Is there any additional
> information I
> can provide to help with tracking down what I presume to be a bug?
It took me a while to track this down. If you look closely at the
listing:
pub
Hi!
On Fri, 6 Aug 2021 18:36, Joey Berkovitz said:
> I was looking through the Smartcard commands and found that while most
> commands related to attribute changes output an SC_OP_SUCCESS, except for
> the name change command which doesn't output a success message on the
> status-fd.
Probably
On Tue, 27 Jul 2021 11:12, root said:
> I am new to GnuPG and this is a great tool in programming. I am not sure how
> to
> use gpg commands directly in C/C++ codes though. I thought gpgme is
> providing the
> interface to use gpg ?
Yes, please use GPGME or the GPGME C++ bindings
On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said:
> Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
> doesn't permit distributing email addresses without consent. The key
It is not a privacy policy but a serious misconception much like what
keyserver.com and PGP
On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:
> If you built gnupg from its default configuration, it does not
> automatically look in /etc/ssl/certs for CA certificates. You may want
On Unix and unless gnupg was build with --with-default-trust-store-file
the following collections of
On Fri, 23 Jul 2021 20:00, Jonathan Kaczynski said:
> I'm trying to understand the scenario in which we see the log message,
> "gpg: used key is not marked for encryption use." I haven't been able to
> find any mentions of the phrase on the web, so I turned to the source code.
This is a warning
On Thu, 8 Jul 2021 16:48, NIIBE Yutaka said:
> So, I think that Omnikey CardMan 3121 can work in the use case with
> OpenPGP card if it's key is RSA 1024.
Exactly, I used to use Omnikey readers too but I had to gave up due to
this problem. On Windows Omnikey's driver uses proprietary escape
On Wed, 7 Jul 2021 08:30, Daniel Kahn Gillmor said:
> Without a canonical form, we simply can't make such a proposal.
You need to check for the canonical form anway and thus it is easier to
directly sort it. In case of signature subpackets (if that is one of
your concerns), this if of course
On Tue, 6 Jul 2021 15:59, Daniel Kahn Gillmor said:
> There are no published specifications for how to canonically order
> OpenPGP packets, but i sketched a proposal here:
There has never been a need for such an ordering except for what the
specs require. Introducing a specific order will make
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
rsa2048 2011-01-12 [expires: 2021-12-3
On Tue, 29 Jun 2021 15:31, Стефан Васильев said:
> I don't understand why the BSI is looking for Post Quantum Cryptography
> support with OpenPGP for Thunderbird and not for the promoted gpg4win,
I can't tell you that. I do not have anymore information than you.
From reading the tender it is
On Tue, 29 Jun 2021 09:59, Schultschik, Sven said:
> I looked now for days at the code and didn't saw this trivial fault. The
> Nullpoint check for the outstream was missing.
valgrind is your best friend in such cases.
> But a null point check for gpgme wouldn't be a bad idea. This way it
On Fri, 25 Jun 2021 15:26, Marco said:
> Failed to set input file with error: 117440567 --> Invalid value
Sorry. I missed that we did not implement that (because it is actually
a legacy compatibility function). Thus I can't offer you any function
which takes a file name. You need to open the
On Fri, 25 Jun 2021 09:39, Marco said:
> err = gpgme_data_new_from_file(, input.string().c_str(), 1);
The 1 means copy the data to an internal buffer. Use 0 here to stream
the data.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
On Wed, 23 Jun 2021 17:55, Matthew Richardson said:
> provide enough inforation to extract the signature? Does it vary depending
> upon whether the signature is ASCII armored?
Actually gpgsplit can be used to slit an OpenPGP message. In theory it
is possible to convert an encrypted and signed
On Thu, 24 Jun 2021 09:41, john doe said:
> The executable is in the subdirectory 'bin' as 'gpg.exe'.
Which is usuallay part of the PATH.
> A better idea is to use a file that contains the passthrase if you need
> to automate d/encryption or to use the agent.
An even better idea is not to use
On Thu, 24 Jun 2021 02:21, Brandon Anderson said:
> First, if you are working on a new revision of the OpenPGP card,
> please let me know if I can reasonably do anything to help. While I
Thanks for your offer. However, it is mainly a spec and hardware thing
and the software part is minor.
If
On Wed, 23 Jun 2021 11:38, Christian Chavez said:
> I would like to be able to connect multiple yubikeys representing multiple
> opengpg pub/priv key-pairs/identities to the same _client_, and make use of
> _both_ on a remote I've SSH'ed to (using one of the yubikeys), without
Use gnupg 2.3 and
On Tue, 22 Jun 2021 21:53, Brandon Anderson said:
> concerned, you could use three. The probability that one card out of
> ten will have a failure in a decade is far higher than the chance that
You should also be concerned that malware bricks your (backup) card.
You can only avoid that by using
On Mon, 21 Jun 2021 23:47, Brandon Anderson said:
> the PIV functions only support 2048 RSA and NIST curves. The only card
That's per PIV specs.
> What would it take to add support for retirement key slots into the
> GPG smartcard specification? If retirement slots were added to the
> smartcard
On Sun, 20 Jun 2021 18:57, mailinglisten--- said:
> is there any educated guess, when some safe curve (25519?) will find
> their ways into openPGP smart cards?
Yubikeys and the Gnuk token support 25519 for a long time now. For the
Zeitcontrol card, I can't give a concrete timeline.
On Wed, 16 Jun 2021 21:18, Ajax said:
>> $ build-aux/getswdb.sh
>
> Which gave :
> ... No such file or directory
$ tar tjvf gnupg-2.2.28.tar.bz2 | grep getswdb.sh
-rwxr-xr-x 1000/1000 4831 2021-05-21 07:35
gnupg-2.2.28/build-aux/getswdb.sh
Shalom-Salam,
Werner
--
Die Gedanken sind
On Wed, 16 Jun 2021 16:29, Ajax said:
> With gnuupg-2.3.1
>
> make -f build-aux/speedo.mk native
>
> gives "download of swdb.lst failed"
Checkout build-aux/getswdb.sh which does the work.
For example
--8<---cut here---start->8---
$ build-aux/getswdb.sh
gpgv:
4 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid [ full ] Werner Koch (dist signing 2020)
sig!3528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020)
sig! 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig)
sig! 63113AE866587D0
signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2
On Fri, 4 Jun 2021 10:08, Mark said:
> I saw this in the key from Microsoft and was wondering how the was done.
> Was it automated and done at the time of creation or ??
The Kleopatra GUI tool exports keys using this format.
In fact the header lines in the armor can easily be stripped or added
On Fri, 4 Jun 2021 09:33, Ingo Klöcker said:
> Try the following:
> a) Terminate all running background processes/daemons of gpg
> gpgconf --kill all
Before you do that also terminate Kleopatra or other frontends. They
might call gpg regualry and thus trigger an autostart of the daemons.
On Fri, 28 May 2021 17:11, Bernhard Reiter said:
> If this is a serious mail, please note that many of us cannot see the
> contents
This was obviously spam which slipped through. Check out the the
address list which included "noreply" addresses. I already set the
moderation flag on this
On Tue, 25 May 2021 21:51, Andreas Mattheiss said:
> I then put "disable-ccid" into scmdaemon.conf, and things started
> working again - I have pcscd running anyway. The system is not running
pcscd grabbed the device and thus scdameon can't open it. We don't have
a fallback to PC/SC anymore
On Sun, 25 Apr 2021 16:41, William Holmes said:
> I encrypted the file with '--hidden-recipient'.
> After decryption failed, gpg-agent was killed.
Right, I was able to valgrind the bug. We will have a solution soon.
> pub ed25519/0xFB3157F958F70A96 2021-04-25 [SC]
Better don't use the
On Sun, 25 Apr 2021 23:12, Shawn K. Quinn said:
> Now, for me, that begs the question: what does the internal random pool
> offer that simply using /dev/random (or better yet a quality HWRNG) does
> not?
It speeds up the initial seeding of gpg and gpg-agent's the internal
RNGs if the system's
On Sun, 25 Apr 2021 22:07, Kirill Elagin said:
> into `$HOME/.gnupg/scdaemon.conf`. I did not really try any other
> options, my understanding is that `debug-ccid-driver` (twice!) is what
Nope, that is todebug the low-level ccid driver. The best way to debug
the APDUs is
verbose
debug
all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koc
On Sun, 11 Apr 2021 20:32, karel-v_g--- said:
> Just out of curiosity one question: why did you "only" add curve x448
Because 25519 and 448 are the IETF standard curves. More curves are a
hassle for interoperability.
> from the SafeCurves project and not also E-521? For NIST and Brainpool
>
Hi!
can we please stop this thread?
This is a technical and privacy oriented mailing list and not a medium
to discuss the pros and cons of a certain person. There are a enough
other places for such chitchat.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Fri, 9 Apr 2021 05:44, Luc Dore said:
> anymore. I have this popup at startup about Kleopatra running as an admin:
You should never ever run programs as Admin on Windows (or as root under
Unix) if there is no need for it. For an application GUI tool there is
a never such a need - install
On Fri, 9 Apr 2021 16:47, Stefan Vasilev said:
> for a privacy project I am working on I need the ability to use GnuPG 1.4.x
No you don't need 1.4 - it is obsolete and maionatined only to decrypt
existing data.
> for Windows and would like to know how many UIDs Alice and Bob can
There is some
On Thu, 8 Apr 2021 07:37, murphy said:
> It is with great anticipation that I fire up a raspberry pi 4 to compile
> the newest version of GnuPG 2.3.0 using speedo. However I ran into:
>
> GnuPG version in swdb.lst is less than this version!
> This version: 2.3.0
> SWDB version: 2.2.27
Sorry
On Thu, 8 Apr 2021 11:19, Robert J. Hansen said:
> Werner, are you still set on org-mode as the native format, or has
> Markdown+Pandoc matured enough to also be acceptable?
Yes, pretty please. The FAQ is part of the website which gets
automatically build from org-mode. However, if you want
On Thu, 8 Apr 2021 13:51, Marco Ricci said:
> See above. You probably also want --batch as well.
Definitely. It might also be a good idea to use a dedicated homedir (or
user) for GnuPG or lacking this to add --no-options and give all args on
the command line.
Shalom-Salam,
Werner
--
e also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expi
On Sat, 3 Apr 2021 12:28, karel-v_g--- said:
> For me GPA always display only the old short Key-ID.
> How / where can I change that? I have not found any option in the GUI
You can't. Have a look at the fingerprint in the line above; in general
you should use the fingerprint. BTW, the keyid
Hi!
I ponder with the idea of shutting down the ML for a few days around
next year's April 1 to keep discussions a bit more serious. But well,
if you want to have some fun, please make it a bit more clear in your
proposals.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen
On Mon, 29 Mar 2021 22:52, Ingo Klöcker said:
> This may or may not work with a recent version of gpg 2.2 already because
> quite a few things were backported to the 2.2 series.
No, this has not been backported because it was a larger structural
change.
Shalom-Salam,
Werner
--
Die
On Tue, 23 Mar 2021 14:34, Bernhard Reiter said:
> restructured.) So yes, RMS had some influence over GnuPG. I don't think I've
He has not more influence on GnuPG than on GNOME, which he claims to be
the GNU desktop. GnuPG still shows the FSF copyright on Unix e as an
appreciation for all the
On Sat, 20 Mar 2021 19:06, Frank said:
> I am trying to compile gnupg-2.2.27 and it fails with "syntax error"
> on g10/t-keydb.c.
> I was yet unable to gather more informations, what is going wrong.
> No line, statement or anything else is given.
Please run
make V=1
there should be really
On Mon, 22 Mar 2021 17:43, jsmith9810--- said:
> I try to import this key manually (--import), gpg throws a "weak
> encryption key" error and refuses to import it. ...which I find
Can you please paste the exact error message and the output of
"gpgconf --show-versions"?
Shalom-Salam,
Werner
On Fri, 19 Mar 2021 03:33, Robert J. Hansen said:
> Last I checked, Thunderbird 78 did not support ed25519+cv25519
> keys. That's not a niche implementation.
I did extensive test with Ribose to make sure that RNP (the crypto
engine now used by TB) is compatible with GnuPG. Thus I wonder why TB
On Thu, 18 Mar 2021 19:34, David Mehler said:
> in the output there's ECC output should I go with an ECC-style key or
> RSA? As regards RSA keysize I typically use 4096.
The next default is ECC (ed25519+cv25519) which is supported by most
OpenPGP implementations. Only if you have a need to
On Thu, 18 Mar 2021 13:57, Nick Cripps said:
> I'm trying to encrypt and sign a large file. It takes a while to do this,
> and I then do other things while this is happening. It then completes and
> presumably asks me for my key passphrase, but I miss this and it times out,
I know this problem
On Fri, 19 Mar 2021 01:50, Ángel said:
> The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
> as the default size for rsa
Actually 7 months:
Noteworthy changes in version 2.2.22 (2020-08-27)
-
* gpg: Change the default key
On Thu, 18 Mar 2021 00:06, David Mehler said:
> My existing GPG certificate is going to expire in less than a month.
> I'd like to know current best practices for obtaining a new one? In
Do you really want a new one? Usually it is easier to prolong your key.
By default a new key has an expire
On Wed, 17 Mar 2021 16:31, Andreas K. Huettel said:
> 2021-03-17 16:15:37 scdaemon[4932] Prüfung des CHV1 fehlgeschlagen:
> Ungültiger
> [Not being familiar with the details, I dont know if I can post the full log
> here or if it contains sensitive data.]
At that debug level it is okay.
On Tue, 16 Mar 2021 23:25, Andreas K. Huettel said:
> 3) then, sign something: pinentry window pops up, pin is not accepted ("wrong
> beep")
We need a log from the scdaemon. Put
--8<---cut here---start->8---
log-file /somewhere/scd.log
verbose
debug
On Tue, 16 Mar 2021 20:34, Klaus Ethgen said:
> I believe, it is the "no-allow-external-cache" option.
Right, but I am not sure about the macOS pinentry; in particular if it
is closely based on the standard pinentry code base or does its own
thing. Any pointer to that pinentry?
Salam-Shalom,
Hi!
I am not sure whether you already di this: Use a script like
--8<---cut here---start->8---
#!/bin/sh
MYPINENTRY="/foo/bar/pinentry-gtk-2"
locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -d "$@"
On Fri, 5 Mar 2021 10:16, Klaus Ethgen said:
> While this setup work well on my Devuan machine, I have some troubles on
> the Gentoo one, that I don't get solved.
I am also using Devuan without problems. Did you used
touch /var/lib/elogind/USERNAME
to avoid elogin stealing the socket
On Mon, 1 Mar 2021 06:36, jsmith9810--- said:
> I'm still curious as to why though, since RFC4880 strongly recommends
> use of the new format
> packets. If not the default behavior, at least the --rfc4880 option
It SHOULD do this but I see no reason for this. For the sake of
interoperability
On Tue, 2 Mar 2021 10:35, Romain Lebrun Thauront said:
> So, is there a way to have BOTH gpg-agent managing ssh, and GTK
> pinentry prompts for unlocking keys ?
I use this for more than a decade. You have to use
gpg-connect-agent updatestartuptty /bye
if you switch your xserver; that is if
201 - 300 of 3672 matches
Mail list logo