On Fri, 26 Feb 2021 20:14, jsmith9810--- said:
> I noticed that GnuPG (I'm using v2.2.19) still uses the old format
> OpenPGP packets, when I export my keys, for example.
That is perfectly fine - no need to chnage this.
> Also, is it possible to use a private keyring (secring.gpg) for
>
On Fri, 22 Jan 2021 20:59, Erich Eckner said:
> Thank you for your time! For everyone to benefit from my problem, I'd like
> to suggest to clarify in the documentation, that and how tor will be
I'll change the option description to:
--use-tor
--no-use-tor
The option --use-tor switches
On Tue, 23 Feb 2021 18:47, Doug Richardson said:
> Under MSYS2, gpg --card-status fails with the following when trying to
GnuPG is not intended to be build under MSYS. You need to cross-build
from a real POSIX system using mingw. All other ways to build it are
not supported and are strongly
On Tue, 23 Feb 2021 13:37, Erich Eckner said:
> What am I doing wrong? Or is there something special about this key?
Nothing. It is an interesting case. Let's have a look at key exported
without any options (listing slightly edited):
$ gpg --show-keys --with-sig-check c.pub
pub rsa4096
nentry is 1.1.1, released a few weeks ago.
Shalom-Salam,
Werner
--
g10 Code GmbH https://g10code.com AmtsGer. Wuppertal HRB 14459
Hüttenstr. 61 Geschäftsführung Werner Koch
D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608
signature.asc
Descr
2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa2048 2014-10-29 [expired: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298
On Fri, 12 Feb 2021 11:44, Erich Eckner said:
> $GPG --export --export-filter keep-uid="mbox = $mbox" $fpr
gpg-wks-client does something similar but using "uid =" with a
pre-checked UID in an import filter. It also uses
import-options=import-export to process the keyblock without actually
On Thu, 4 Feb 2021 09:34, n...@copblock.app said:
> I would like to bring up my own keyserver for my company, which would
> contain only those keys which have been signed by one or more authorized
> people.
I would suggest to use LDAP - best OpenLDAP or Active Directory. See
On Thu, 28 Jan 2021 21:35, Daniel Kahn Gillmor said:
> Maybe Werner can clarify what place he'd prefer and we can consolidate
> the issue tracking there.
Please send patches to gnupg-devel or if you need a bug tracker, use
dev.gnupg.org with the wkd tag/project.
Shalom-Salam,
Werner
--
> ahead and copied the very same keys from the backup to the second. But
> trying to actually use does not work, I get an error like: 'please
> insert card: […]' So.
>
> What can I do to make gpg use the card as well (if possible) ?
You see the prompt because gpg knows that you aready used the
of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerpr
Hi!
A severe bug was reported yesterday evening against Libgcrypt 1.9.0
which we released last week. A new version to fix this as weel as a
couple of build problems will be released today.
In the meantime please stop using 1.9.0.
It seems that Fedora 34 and Gentoo are already using 1.9.0 .
On Thu, 28 Jan 2021 00:51, Christopher Mansfield said:
> libgcrypt selftest: kdf (34): Selftest failed
Please see the comments at https://dev.gnupg.org/T4294 which lists
known bugs and fixes. In your case it is T5254 .
We have fixed a couple of bugs this week and even if tehre are still
some
On Fri, 22 Jan 2021 11:00, Phil Pennock said:
> That feed is subscribed to:
>
> https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git;a=rss;f=web/index.org
Interesting. And I thought this repos is something nobody watches - so
sorry for possibly not too polite log comments.
BTW, if you
On Fri, 22 Jan 2021 07:08, Stefan Claas said:
> #deplatforming does not work in a free world!
I told you to behave civilized and not like that guy most US people are
glad not to be anymore represented by him.
I will set you to moderation for two weeks.
Shalom-Salam,
Werner
--
* Free
On Fri, 22 Jan 2021 13:24, Erich Eckner said:
> Box 1: tor (but no DNS endpoint exposed), named listening on 127.0.0.1:53
> (used by /etc/resolv.conf)
In Tor mode we use 8.8.8.8 as DNS Server unless you use
--nameserver ipaddr
In ``Tor mode'' Dirmngr uses a public resolver via Tor to
On Thu, 21 Jan 2021 18:25, Vladimir Nikishkin said:
> But there seems to be no way to subscribe to it via standard Atom/RSS
> feed.
> Is this intentional? Or maybe I just haven't found the links?
I have simply not yet come around to implement it. I got some code but
iirc, I was not sure whether
On Thu, 21 Jan 2021 15:05, Erich Eckner said:
> 2021-01-21 14:41:32 dirmngr[3623955.6] DBG: dns: libdns initialized (tor mode)
> 2021-01-21 14:41:32 dirmngr[3623955.6] DBG: dns:
Your are using Tor for DNS queries, that is the actual DNS server is
8.8.8.8. Tor mode is used if you are running the
On Thu, 21 Jan 2021 10:48, Andrew Gallagher said:
> It is important to remember what PGP is for, and what it is not
> for. It is most definitely NOT for hiding metadata. No system based on
> email can ever do that, so it is safer not to pretend otherwise.
Full Ack.
There are ways to hide meat
On Fri, 22 Jan 2021 05:26, Stefan Claas said:
> I really like how you try to paint a picture of me. But everybody knows
> what kind of character you are.
Stefan: Stop such personal insults. I am pretty sure that there are
quite some folks here who would like to get personal too but don't do
On Wed, 20 Jan 2021 14:46, Erich Eckner said:
> is queried. This resolves to some old address (my DNS configuration
> error), which serves the wrong content. Is it right, that this SRV record
> should be queried? Should I update it or remove it?
Yes, the SRV record is used if there is no
On Tue, 19 Jan 2021 16:31, Stefan Claas said:
> there exists also a direct-method in you current draft, which people like
> to use, when low on budged or which like to avoid, for whatever privacy
If you do some research on the infrastructure of large providers (which
includes talking to them)
On Tue, 19 Jan 2021 17:24, Erich Eckner said:
> error in the subject when doing `gpg - --locate-external-keys
Many -v don't really help here because the actual task is done by the
dirmngr process. Thus to debug this put
log-file /somewhere/dirmngr.log
verbose
debug ipc,network,dns
Hi!
thanks for the report. I opened a ticket for this:
https://dev.gnupg.org/T5257
Please check over there for status updates.
(I accidently mentioned gnupg-users in the annoucement mail and not
gcryypt-devel which would been the right one).
Shalom-Salam,
Werner
--
Die Gedanken sind
our keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Rele
On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
> When you look up the openpgpkey.example.org domain, you are revealing
> to anyone snooping DNS traffic that you are using OpenPGP and are
> looking for a key related to example.org. That's a privacy issue.
No, it isn't. The next thing you do
On Mon, 18 Jan 2021 16:29, Lars Noodén said:
> Yes, but that did not stop the bank's payment web interface from
> requiring the name and address for payments to other countries. For
Okay, I added our address to the SEPA page.
Thanks.
Salam-Shalom,
Werner
--
Die Gedanken sind frei.
Stefan,
It has been mentioned several time here that the use of the openpgpkey
sub-domain is required to allow implementation of the Web Key Directory
in browsers. This is a real world use case and pretty important for web
mailers like protonmail.
I would suggest that you put your energy on a
On Tue, 19 Jan 2021 10:11, raf said:
> And it's discovery that begins with an email address. I
> still can't work out what functionality WKD provides in
> a situation that isn't email-related.
The Web Key Directory maps mail addresses to a key. Mail addresses are
universal identifiers and thus
On Mon, 18 Jan 2021 14:16, Lars Noodén said:
> Euro Payments Area credit transfers [1] ought to have the address [2]
> as the address is required when making payments to other countries
> within the Union.
The idea of SEPA is that the account number is sufficient; even the BIC
is not anymore
On Fri, 15 Jan 2021 15:43, Ayoub Misherghi said:
> a@b:c$ gpg -s -e -b -r Mike data.file
>
> gpg: conflicting commands
You can use the combined method of signing (-s) and encryption (-e) with
a detached signatures (-b).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt
On Thu, 14 Jan 2021 01:47, Ángel said:
> I understand this to mean it as "only use the direct method if the
> required sub-domain does not exist", with the SHOULD meaning that the
> direct method is not required (not sure why, I would have probably used
Right. The subdomain is actually a
On Mon, 11 Jan 2021 09:36, Daniel Pocock said:
> Reiner SCT cyberJack secoder 2
Recycle the hardware for other purposes - it is too hard to make this
crap work. Reiner is notorious for not releasing specs and basing their
stuff on proprietary extensions. Think Nvidea for card readers.
24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa3072 2017-03-
On Wed, 6 Jan 2021 14:14, Dino Edwards said:
> Something changed in the code and it now prompts me for the key
> password before it proceeds. I see the value in this, however this is
Yes, since version 2.1.
The reasons is that the internal store for the private key uses a more
modern way of
On Tue, 5 Jan 2021 17:07, Robert J. Hansen said:
> I'm doing is sharing true things with my buddy?" Whereas in Europe,
> right-to-be-forgotten laws, enforced by the government, are seen as
> wins for privacy, in America they would be (a) blatantly unlawful and
I don't think that the right not
On Tue, 5 Jan 2021 16:46, Stefan Claas said:
> Not sure I understand you correctly, but why are then SKS key servers
> still in operation, which allows third parties to look up who signed
> who's key and with what trust level and GnuPG's WoT support, compared
Because that is the base of the WoT
On Tue, 5 Jan 2021 09:46, Robert J. Hansen said:
> Strangely, the Linux kernel folks still use it a decent amount.
There are indeed use cases for the WoT; in particular if you don't known
your co-worker. However, in commerical or private settings the
communication patterns are different from
On Tue, 5 Jan 2021 07:27, Jean-David Beyer said:
> Building a web of trust is so hopeless, from my point of view, that I
> have abandonned gnupg. I have made keys for myself, obtained enigmail
Virtually nobody uses the WoT. What people use are direct key
signatures. That is you verify a key's
> I merely asked why the official Windows binaries (at least those
> inGPG4Win) are not compiled with the already existing option
> "enable-large-secmem", which would allow keys up to 8192bit in batch
That option has only been introduced to satisfy the needs of a few
nerds and for helping with
On Tue, 29 Dec 2020 15:13, Journeyman said:
> that SCD commands do not require the PIN.
The PIN is passed to the card and processed by the card. Thus the card
decides on whether an operation needs a PIN. Usually the PIN is
required only once and valid until the card is powered down
(e.g.
> This is one of gpg’s little UI idiosyncrasies. '—batch', '—yes'
> etc. must come before actions such as '—encrypt' on the command line.
That is actually classic Unix behaviour (in contrast to GNU's way of
processing options): First the options and then the arguments.
Shalom-Salam,
Werner
On Mon, 21 Dec 2020 18:47, Novak Boškov said:
> So, the two subsequent exports are supposed to give me my private key
> encrypted with two different AES keys (same passphrase + a different salt)?
Right:
First packet of the first export:
# off=0 ctb=95 tag=5 hlen=3 plen=1414
:secret key packet:
On Mon, 21 Dec 2020 17:12, Novak Boškov said:
> First, it looks like multiple exports _do_ result in the exactly same
> export data:
What version of GnuPG are you using? A legacy 1.4 version or, worse,
the unmaintained 2.0 version?
Shalom-Salam,
Werner
--
Die Gedanken sind frei.
signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD
On Fri, 18 Dec 2020 12:54, Annie Yousar said:
> The key is not encrypted with the passphrase, but with a secret key
> derived (by S2K) from the passphrase with the help of a
> salt. Therefore each export gives different export data, despite using
> the same passphrase.
That is because GnuPG
On Tue, 15 Dec 2020 11:13, Felix E. Klee said:
> *Any idea how to get `gpg` back to normal?*
Update to GnuPG 2.2.25
(See the comments at https://dev.gnupg.org/T5052)
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP
Hi!
Let me also add that the private key protection mechanism of OpenPGP
does not work like we would do it these days. Thus my suggestion has
always been: If you need to convey a private key over a public channel
do not rely on the passphrase protection [1] but wrap the backuped key
in a proper
On Thu, 10 Dec 2020 11:07, Casey Marshall said:
>- Authenticated key management. This adds a couple of extra endpoints
>which allow a key owner to replace and delete their key, authenticated by
>signing the armored key in the request. This allows a key owner to still
>update their
On Mon, 7 Dec 2020 23:37, Nicolas Boullis said:
> Hence, I think my card is really dead.
yeah :-(
> I see that the card includes a signature counter (which reads 89), hence
> I understand the card has to write the EEPROM (to update the counter)
Yes, this one reason to write to the EEPROM.
On Tue, 8 Dec 2020 10:03, Patrick Ben Koetter said:
> $ gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel
(gpg: decryption failed: No secret key)
> $ gpg --version
> gpg (GnuPG) 2.2.24
Please update to 2.2.25 because of
* scd: Fix regression in 2.2.24 requiring gpg --card-status
On Sun, 6 Dec 2020 13:43, John Scott said:
>> PIN retry counter : 2 0 3
> It looks like you're trying to decrypt a file and your encryption PIN counter
> is zero. I wonder why it was giving you the strange error message.
No, it is not at zero. Since OpenPGP card specification version 2 we
On Sat, 5 Dec 2020 15:20, Nicolas Boullis said:
> gpg: public key decryption failed: Hardware problem
> gpg: decryption failed: No secret key
To make sure that this is really the card (or reader), I'd like to ask
you to put
--8<---cut here---start->8---
On Sun, 6 Dec 2020 12:12, gnupgpacker said:
> How to identify / correct affected keys?
As usual add --verose to the gpg invocation. This might give some more
information.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description:
On Thu, 3 Dec 2020 07:50, john doe said:
> Is the release workflow documented somewhere so a non-dev could look to
> implement this ?
https://wiki.gnupg.org/AgentForwarding
feel free to extend this page if you have remarks.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen
On Mon, 30 Nov 2020 22:20, Werner Koch said:
> I'll build with the Fedora patches in the next days. If the missing
> curves are really the reason, we can fix that.
Yes, the disabled Brainpool curves lead to the import problem. I'll see
what we can do. See https://dev.gnupg.org/T5162
Hi!
I looked at the Fedora Libgcrypt source and noticed that they ship
libgcrypt with the nistp192 and all brainpool curves removed. I have
not yet build this version but given that one of your keys has brainpool
curves this might be the culprit.
I can understand that they remove nistp192 for
On Mon, 30 Nov 2020 09:25, Robert J. Hansen said:
> I'll send the keyring onto you privately.
Thanks. Unfortunately i was not able to replicate the bug on my Devuan
box. I tried using the same Libgcrypt version but with some libraries
different. Should not matter, though.
> * Libgcrypt 1.8.7
Hi!
On Mon, 30 Nov 2020 04:16, Robert J. Hansen said:
> gpg: kbx: error computing keygrip
> gpg: error writing keyring '/home/rjh/.gnupg/pubring.kbx': General error
The first one is the real error. We can't compute the keygrip for the
public key. If you can build gpg yourself please apply
On Sat, 28 Nov 2020 07:57, john doe said:
> If I look at Debian (1) for example, the checksum file is gpg signed.
> Assuming that I understand correctly, the Debian approach is not a safe
> way to make the checksums available?propagate?
No, that is a safe way.
Having a separate file with
On Sat, 28 Nov 2020 01:00, Karmanyaah Malhotra said:
> instead of just regular bzip2 when compressing files. I'm not sure if
bzip2 is part of the OpenPGP specs and it is very unlikely that we will
ever add another compression algo. In fact adding bzip2 was already a
bad idea.
> compression
On Mon, 23 Nov 2020 09:18, surender singh pawar said:
> 4. from powershell started agent
>
> "$gpgPath\bin\gpg-connect-agent.exe" reloadagent /bye
Why do you do this? The import operation already started the agent. In
any case to explicitly start the agent please use
gpgconf --launch
On Mon, 23 Nov 2020 18:03, gnupgpacker said:
> After further investigation about html mailing with Claws Mail:
> 'Dillo HTML viewer' project has been updated Jun-2015, not available for
> Windows.
Mature software does not always need updates. Nevertheless the plugin
code was recently updated
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
On Sun, 22 Nov 2020 10:02, gnupgpacker said:
> Claws Mail is an useful alternative, but please keep aware it does not
> support html mail, text only!
> https://www.claws-mail.org/manual/de/claws-mail-manual.html#AEN955
Just load one of the HTML viewer plugins. Note that most plugins are an
On Mon, 23 Nov 2020 07:22, cqcallaw said:
> At my job, I frequently send out summary charts and graphs surrounded by text.
> Attachments simply do not work; my audience cannot spend the mental energy to
Proper MUAs display inline images without problems. I recall that even
exmh did this ~25
On Fri, 20 Nov 2020 10:23, Daniel Bossert said:
> How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at
> the moment, but it is not that comfortable to use as Thunderbird.
Checkout Claws-mail which was forked from Sylpheed many years ago. The
OpenPGP and S/MIME integration of
On Fri, 20 Nov 2020 19:13, cqcallaw said:
> change the behavior. Is there some implementation issue with running
> multiple gpg signing operations in parallel?
This is all serialized because the gpg-agent does the actual signing.
There is one gpg-agent per GNUPGHOME. Thus the easiest solution
On Wed, 18 Nov 2020 11:51, Sirisha Gopigiri said:
> But after debugging a little we found that we are running into this
> issue only if we use gpg 2.2.4 version. We tested the same code with
You are really using a 3 year old version which was followed by 20 more
releases. You also missed 2.2.8
On Tue, 17 Nov 2020 02:28, Gao Xiaohui said:
> conf.conf". At present, the "--s2k-count" option can be used in both
> gpg.exe and gpg-agent.exe.Thank you.
In gpg.conf this is used for deriving a passphrase for symmetric
encryption.
In gpg-agent.conf it is used to override the calibrated
tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869
On Sat, 14 Nov 2020 21:28, 22h39 said:
> The problem lies in Pinentry which for some reason can't hande ccid
> pin requests on the contactless interface, after this fix the
Which reader and which ccid driver are you using? I assume that you are
running pcscd, right?
Salam-Shalom,
Werner
On Sat, 14 Nov 2020 11:22, Juergen Bruckner said:
> As far as I know the OpenPGP function of the OpenPGP-Card cannot be
> used via NFC / RFID. You need to use the on card chip and a card
In fact GnuPG does not support secure messaging and thus using the
contactless interface iwould be a security
On Thu, 12 Nov 2020 09:27, A NiceBoy said:
> 1. The solution is also in this report. Just install gpg version 2.0.x,
Don't!
2.0 reached end-of-life 3 years ago - there are no security fixes etc.
You shall not use that version anymore.
> Then you can see the algo changed to AES256 and digest
1b4049695
Author: Werner Koch
Date: Mon Nov 2 13:39:58 2020 +0100
gpg: Do not use weak digest algos if selected by recipient prefs.
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g
On Wed, 21 Oct 2020 18:59, Mike said:
> I had to recover gnupg file from a corrupted os. The contents of the gnupg
> file are encrypted and are not in openpgp data. So when I try to import my
> keys from 'private-keys-v1.d' nothing happens. Output says no openpgp data
> found and 0 items
On Wed, 21 Oct 2020 23:52, Ludovic Courtès said:
> For some reason (perhaps a bug in a previous version of GnuPG I used
> long ago?), my public key ring had come to contain my own public key
> twice, with the same fingerprint and all.
Should not happen because we use on Unix a
On Sat, 10 Oct 2020 03:00, Dieter Frye said:
> I've been using Blowfish on older machines for years now without issue and
> I always wondered if this is one of those things that could possibly
> benefit from an update.
Nope. I used Blowfish back then because it was the only free and modern
On Mon, 27 Jul 2020 03:02, Dmitry Alexandrov said:
> it would really help those, who do not use Emacs (itʼs odd, but there
> are such people!), if there would be single-page version of the manual
> (makeinfo --html --no-split ...) — just like all software on gnu.org
Please use the PDF version
On Sun, 4 Oct 2020 18:28, Werner Koch said:
> On Tue, 23 Jun 2020 14:21, Brian L. Matthews said:
>
>> $ ./configure --prefix=$HOME/gnu
>> $ make
>>
>> successfully. However, on make check I found that it doesn't work if I
>> have a space in PATH. I do
On Tue, 23 Jun 2020 14:21, Brian L. Matthews said:
> $ ./configure --prefix=$HOME/gnu
> $ make
>
> successfully. However, on make check I found that it doesn't work if I
> have a space in PATH. I do because VMWare Fusion adds
Sure. That can't work. You need to quote the envvar:
./configure
On Mon, 28 Sep 2020 23:54, Pankaj Jangid said:
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> sign_and_send_pubkey: signing failed: agent refused operation
Algorithm looks okay. You need to look at the gpg-agent log. Put
log-file /somewhere/gpg-agent.log
verbose
into
On Mon, 21 Sep 2020 12:58, Andrew Engelbrecht said:
> private keys, and were merely left behind. If there is a way to check
> the fingerprint of the keys they belong to, and to import them, that
> would be super helpful. Is there a way to do that?
Unfortunately this is not instantly possible
On Thu, 17 Sep 2020 11:27, Alan Bram said:
> configuration, there was an already-running agent that I had to kill first
> in order to get it to reread the config.
Just for the reecords:
gpgconf --reload gpg-agent
would have been sufficent but "gpgconf --kill gpg-agent: works of course
also.
On Wed, 16 Sep 2020 15:03, Alan Bram said:
> I have been using gnupg for a few years now, with no change in the way I
> invoke it. Recently (I guess my package manager updated to a new version:
> 2.2.23) it started injecting a warning about "insecure passphrase" and
> suggesting that I ought to
On Thu, 10 Sep 2020 10:34, Martin Pätzold said:
> the keys, therefore we had to extend the permissions for the
> "private-keys-v1.d" directory to group access.
I see. Just a hint: You may use the remote socket feature to run
gpg-agent under a different account. It might take a bit of effort to
On Wed, 9 Sep 2020 19:37, Werner Koch said:
> I looked at the history and the reason for the described behaviour is
> documented at https://dev.gnupg.org/T2312. I re-opened that bug.
Fixed in master and 2.2 see the ticket above for the patch.
Salam-Shalom,
Werner
--
Die Gedanke
Hi,
I looked at the history and the reason for the described behaviour is
documented at https://dev.gnupg.org/T2312. I re-opened that bug.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
On Wed, 9 Sep 2020 15:22, Martin Pätzold said:
> And if the setting is not what I need, how can I prevent the
> permissions for "private-keys-v1.d" from changing?
The --preserve-permissions is a gpg option and not one of gpg-agent. In
fact gpg does not known anything about private-keys-v1.d.
On Sun, 6 Sep 2020 01:24, Olav Seyfarth said:
> private_stub.gpg, pubkey.gpg and sk_xxx.gpg.
The pubkey and the sk_KEYID.gpg is all you need but unfortunately there
is no tool support to create a file from it. It would require a little
bit of hacking to do this with the current code base.
The
ys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint =
On Tue, 1 Sep 2020 14:27, Björn Jacke said:
> I talked with Wiktor about the http 1.0 issue in gpg and he also
> mentioned that a number of weird problems that people have reported with
> WKD in the past might be related to gpg talking http 1.0 only.
And what are with those servers which don't
On Mon, 31 Aug 2020 02:48, Ángel said:
> HTTP/1.1 would require support for things that currently may not be
> present, such as chunked transfer encodings, whereas HTTP/1.0 is
That is for the server site but not for the client. IIRC, the only
mandatory request header for a client has is
Hi!
As a workaround please run --gpg --card-status after plugging in a Gnuk
token. We are working on a fix; see https://dev.gnupg.org/T5039
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
On Sun, 30 Aug 2020 00:50, Johan Wevers said:
> Sorry, I see from Vincent's mail that GnuPG already does this but it
> might be the keycard that is causing this.
Right, smartcards are pretty strict in what they accept as input. Thus
you can't use certain keys on a smartcard for different
On Fri, 28 Aug 2020 21:39, mlnl said:
> For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.
Please run this command:
gpg-connect-agent 'scd getinfo version' /bye
and check that the returned version is 2.2.22.
ent releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A
Hi!
it works for me:
$ ~/b/gnupg-2.2/g10/gpg -k \
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub rsa4096 2011-05-16 [C] [expires: 2050-12-31]
On Tue, 11 Aug 2020 14:56, Brian Minton said:
> Why does gpg -k need to write to the tofu db? I should mention that gpg
> is running at 100% cpu in the R state. Before starting the gpg -k
I was not able to replicate it but I must say that I don't have a large
useful tofu.db. AFAICS, gpg
s and should NOT be
gpg: used in a production environment or with production keys!
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid [ultimate] Werner Koch (dist signing 2020)
using my development version of 2.2 but I
301 - 400 of 3672 matches
Mail list logo