On Fri, 25 Oct 2019 12:23, Jay Sulzberger said:
> Is the following correct:
>
> When I use gpg to just encrypt or decrypt a file already on my
> computer/OS's file system, then gpg does not open any formal
> channels of communication going outside my computer/OS.
No. By default gpg may go
On Tue, 22 Oct 2019 12:27, Fuse Hiroaki said:
> https://github.com/gpg/libgcrypt/commit/915570db198f2cf15db5c034096a444a8a79476e#diff-c55728a8e1162a431e4754734d27a041
I don't known what you found on github, which seems to be an inofficial
mirror of GnuPG (and I do not want to check that specific
s.
Salam-Shalom,
Werner
ps.
Here is our test data set. The second string is the exepcted result, if
it is NULL we can't extract a mail address from the string:
{ "Werner Koch ", "w...@gnupg.org" },
{ "", "w...@gnupg.org" },
{
On Wed, 16 Oct 2019 10:46, Martijn Brinkers said:
> I actually spend a lot of time investigating the impact of EFAIL on
> S/MIME and it's my opinion that the real impact has been overblown. In
> all my experiments, and I can tell you I have done a lot of them, I have
> not been able to force a
On Tue, 15 Oct 2019 09:06, Bjarni Runar Einarsson said:
> Would the GnuPG issue tracker be a good place to file "bug
> reports" against the spec, to work towards clarifications?
That is okay for bug reports, but often it is more important to get the
opinions from more people than those who
On Tue, 15 Oct 2019 09:14, Chip Senkbeil said:
> Is there some separate setting for GPG agent to discard its cache
> earlier than the ttl/max ttl settings? I've checked the GPG agent
You can follow the cache operations by adding
log-file /some/log/file
debug cache
to gpg-agent.conf and
On Tue, 15 Oct 2019 15:17, Robert J. Hansen said:
> * Every reference to the SKS keyserver network now points to
> keys.openpgp.org. Reason: the SKS attacks a few months ago.
I have to object against this change. The SKS server network is still
useful and definitely more useful than an
On Mon, 14 Oct 2019 20:43, Kristian Fiskerstrand said:
> was suggested by Kristian and Andre: talking to SCDaemon (scd) with IPC.
> Details need to be discussed, but it would be an optional solution, that
Given that TB already has smartcard support it would be easy if the new
code just makes use
On Mon, 14 Oct 2019 10:54, Phillip Susi said:
>> encryption protocol is S/MIME and the last time I checked S/MIME (well,
>> CMS for the nitpickers) does not supoport any kind of authenticated
>> encryption. In contarst OpenPGP provides this nearly for 2 decades.
>
> What do you mean? S/MIME
On Sun, 13 Oct 2019 18:27, Binarus said:
> keys' IDs were formally wrong so that key servers didn't accept the
> keys. The easiest possible solution was to re-generate these keys using
For the records: Not /keyservers/ but one specific keyserver which runs
on a not yet matured enough code base
On Sat, 12 Oct 2019 12:43, Chris Narkiewicz said:
> Do you know why they resited OpenPGP adoption it so much?
iirc, they said that they want to support only one protocol and settled
for S/MIME. This still did not explain why they rejected our proposal
to clean up their S/MIME code and implement
On Fri, 11 Oct 2019 21:48, qwrd said:
> Storing private keys on a smartcard is a noteworthy security
> enhancement, and I would like to see smartcard support being available
> in Thunderbird. Either via GnuPG or some other mechanism.
Take a Yubikey or an OpenPGP smartcard, install Scute (pcks#11
On Sat, 12 Oct 2019 02:23, Robert J. Hansen said:
> on Enigmail was very real. It was created by an ambiguity in how GnuPG
> returns error states: just because GnuPG says "decryption OK" doesn't
Nope. They did not read the documentation and did not checked error
codes. We suggest for a reason
On Fri, 11 Oct 2019 20:18, Philipp Klaus Krause said:
> They don't want users to require to install gpg first. And they don't
> want to ship gpg with Windows installers, since it isn't MPL.
The latter is just plain bullshit. There are even many proprietary
products which bundle gpg or other GPL
On Wed, 9 Oct 2019 15:42, Fta said:
> I have installed Gnup in me windows 7, but I can not se and run the
> command gpg2
On some systems (mainly older Linux distributions), the current gpg is
still installed under the name gpg2. On Windows we are using the name
gpg.exe now for many years.
On Sat, 5 Oct 2019 12:30, Robert J. Hansen said:
> *absolutely no way* integrated into the email message. That had to wait
> until the PGP/MIME RFCs -- that was when OpenPGP became an email protocol.
MIME types for PGP inline were used on Unix soon after the introduction
of MIME in 1992 at
On Mon, 7 Oct 2019 10:15, john doe said:
> In the above link, only the cli version of the 1.4 release is available.
> I got it from (1).
Nope. That is always the current 2.2.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
On Sat, 5 Oct 2019 21:21, vedaal said:
> and then a separate option of
> "Export Secret Keys"
The OP explictly suggested to make the exporting of the secret key not
too easy so that users don't accidently send out their secret keys.
Shalom-Salam,
Werner
--
Die Gedanken sind frei.
On Mon, 30 Sep 2019 10:58, Roland Siemons said:
> 4/ Here is my proposal:
> 4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not Enigmail,
Enigmail folks won't like that suggestion. Users need to install a
second tool which behaves different (because Enigmail implements parts
of
On Sat, 5 Oct 2019 12:15, Stefan Claas said:
> installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
> learning resource and then show them as modern alternative Mailvelope
And don't forget to point them to all the HOWTOS and RFCs required to to
use and admin a MUA, sendmail,
On Fri, 4 Oct 2019 21:28, Stefan Claas said:
> Well, I was wrong. It seems that the U.S. ESIGN Act is pretty relaxed
> and does not need such strong requirements like in the EU.
The EU neither. Even the Qualifizierte Elektronische Signatur,
introduced in Germany ages ago, is not anymore a
On Sun, 29 Sep 2019 10:27, g...@unixarea.de said:
> Hello,
>
> While doing a backup of my $HOME it turned out (what I never saw
> before), that some file were changed in GNUPGHOME:
>
> -rw--- 1 guru wheel157316 21 sept. 10:07 .gnupg-ccid/pubring.kbx
> -rw--- 1 guru wheel155467
On Wed, 25 Sep 2019 16:35, r...@sixdemonbag.org said:
> Wikipedia is not a very good reference for low-level technical details.
> Ed25519 is shorthand for "EdDSA on a specific curve": it is silent on
> the subject of hash algorithms, although you can specify one as
> "Ed25519-SHA-512" or
On Mon, 23 Sep 2019 02:36, gnupg-users@gnupg.org said:
> configure:3554: error: C compiler cannot create executables
configure does an early test to see whether your C compiler works. This
is done to detect crippled compilers delivered on some systems. Seems
not the case here, though.
>
On Tue, 17 Sep 2019 17:35, look@my.amazin.horse said:
> convention or otherwise. The spec is factually wrong and misleading for
> implementors in this aspect, and should be updated to reflect reality.
The specs are not wrong if you would read them:
| the name and email address of the key
On Tue, 17 Sep 2019 15:08, gnupg-users@gnupg.org said:
> See also dkg's thoughts on the matter on the openpgp-wg mailing list, to align
> the specification with reality:
OpenPGP has never defined what goes into the User ID except for the
encoding which should be UTF-8. Anything else does not
On Tue, 17 Sep 2019 14:57, li...@binarus.de said:
> to use only key IDs consisting solely of the actual mail address
> hereafter (with or without the angle brackets - I can live with both
That is actually what I suggest for quite some time. The extra stuff is
not required and may lead only to
On Tue, 17 Sep 2019 15:12, daniel.boss...@dabo.ch said:
> On the key servers are many old keys lying around which aren't valid anymore.
Old keys are still useful to verify signatures. This is even true for
expired keys. The user then needs to decide what to do with the
verification result.
On Tue, 17 Sep 2019 11:09, m...@halfdog.net said:
> Therefore some exports (or copies of old secring.gpg) just do
> no include the public key, otherwise import would be trivial.
Nope. It is not possible to create an OpenPGP secret keyblok without
the public key parts.
> As the key causing me
On Tue, 17 Sep 2019 09:12, li...@binarus.de said:
> I am asking myself why Enigmail doesn't. I am not sure (and can't test
> at the moment) how GnuPG would behave if given a problematic name when
> generating a key; I hope it would give a warning or would add the
gpg generates such a key just
On Tue, 17 Sep 2019 06:51, m...@halfdog.net said:
> Regenerating private keys is mathematically trivial but tool-wise
> a little tricky. It seems that quite some people were troubled
What's wrong with
gpg --import backup-of-private-key.gpg
the private key include the entire public key.
On Mon, 16 Sep 2019 23:49, gnupg-users@gnupg.org said:
> speak, with a specially crafted software, when using an online computer
> with a SmardCard? I have read that the secret key can not been copied from
> the card, but what about the 'bits and pieces' in memory when decrypting?
Side-channel
On Mon, 16 Sep 2019 15:41, io...@ionic.de said:
> * On 9/15/19 3:56 PM, Werner Koch wrote:
>> The trust packets are for internal use of gpg and are never exported.
>
> But... that's the whole point. gpg 1.4 seems to export them, while gpg
> 2.x does not.
I just checked the co
On Mon, 16 Sep 2019 10:11, io...@ionic.de said:
> which also means that requests to URLs like http://keys.gnupg.net will
> sometimes
> redirect a user to that location.
That is not correct. For quite some time that address is a hardwired to
avoid problems DNS problems
On Fri, 13 Sep 2019 21:28, io...@ionic.de said:
> Either way, my best guess is that GPG 2.2+ drops the trust packets
> because the trust is not explicitly set (i.e., default value) - as an
The trust packets are for internal use of gpg and are never exported.
These packets are one of the reasons
On Tue, 10 Sep 2019 18:58, gnupg-users@gnupg.org said:
> Well, Werner and other prominent ML members are on keybase, so
I am not. I once tested it and thus there may still be an account or
whatever. And I do not know what Stellar or Lumen are in this context.
But no need to explain it.
1-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048 2014-10-29 [expire
On Tue, 27 Aug 2019 00:18, gnupg-users@gnupg.org said:
> (1) If a file is signed but the signature is incorrect, 'gpg2 -d'
> returns a non-zero status code, so the remote script knows not to
Right but as stated somewhere in the docs, you should never ever rely on
the status code fomr the binary.
On Wed, 21 Aug 2019 12:03, pe...@digitalbrains.com said:
> So what ilf probably needs is something that can read the private keybox
> format. That's where my advice falls short: I can't help with that.
That is right. You need a new tool for John to do that. The format is
descriped in
On Thu, 15 Aug 2019 00:02, gnupg-users@gnupg.org said:
> But at least then we will want to add cryptography to see which
> selfsigs are truly legitimate, right?
That would be the first and most important step to get the keyservers
back for the WoT
Shalom-Salam,
Werner
--
Die Gedanken
On Wed, 14 Aug 2019 15:45, r...@sixdemonbag.org said:
> developed *more than twenty years ago* it was decided to support
> arbitrary numbers of third-party signatures. GnuPG faithfully
At least OpenPGP has this:
5.2.3.17. Key Server Preferences
(N octets of flags)
This is a list of
On Tue, 13 Aug 2019 09:54, gnupg-users@gnupg.org said:
> The bug, however, is in the program that chokes on poisoned keys!
Nope. This is a long standing DoS protection by limiting the total
length of a keyblock. The diagnostics were a bit misleading, though.
The time it took to process all
On Thu, 8 Aug 2019 17:22, gnupg-users@gnupg.org said:
> maybe interesting for some community members, living in Germany.
We learned about that last week and are trying to figure out what is
going on. It is likely an internal coordination or content admin
problem at the BSI. We do not know
On Sat, 20 Jul 2019 10:07, persm...@hardenedlinux.org said:
> Does GnuPG support OAEP for RSA (PKCS#1 v2 and RFC 2437), RSA-PSS (RFC
gpg does not support this because OpenPGP requires pkcs-1.5. There are
no plans to change this because there is not real world issue with
pcsc-15. when using in
On Thu, 1 Aug 2019 20:46, da...@gbenet.com said:
> Do you have any ideas why am getting multiple lines of:
> gpg: skipped packet of type 12 in keybox
You gpg version is older than 2.1.20 but you used a newer version
on that keybox too.
Shalom-Salam,
Werner
--
Die Gedanken sind frei.
On Thu, 1 Aug 2019 09:27, gnupg-users@gnupg.org said:
> We're already in uncharted waters with the inevitable abuse of SKS, we
> need to figure out how to stabilize the ecosystem.
Most businesses do not use public keyservers at all but use their
internal PKI.
> If the PGP implementation of
On Fri, 26 Jul 2019 15:57, gnupg-users@gnupg.org said:
> Where can I find information on what commands are supported by
> S.gpg-agent and S.gpg-agent.extra socket? I am looking for some
> information which clearly differentiates these two sockets.
Here is an overview on the allowed commands for
On Mon, 29 Jul 2019 09:43, gnupg-users@gnupg.org said:
> it that way", i think. Perhaps Werner can provide more background on
> why GnuPG is generally resistant to holding OpenPGP certificates that
> have no User ID at all in its local keyring.
The user ID is important because the accompanying
On Sat, 20 Jul 2019 11:57, gnupg-users@gnupg.org said:
> additional paramemter like --add-me for --lsign would make sense, for
--quick-sign-key fpr [names]
--quick-lsign-key fpr [names]
Directly sign a key from the passphrase without any
further
On Wed, 17 Jul 2019 23:41, i...@zeromail.org said:
> But the keybox file didn't get any smaller:
Good catch. In gpg we have not implenteted the compression run:
/* FIXME: Do a compress run if needed and no other
user is currently using the keybox. */
However, in gpgsm this is
On Tue, 16 Jul 2019 17:18, gnupgpac...@on.yourweb.de said:
> how to put "--sender email at address" to gpg.conf file if using several
> different email addresses from sender?
You can't it is the task of the MUA (cf. gpgme_set_sender).
> Is it possible to put "--sender" option to public key
On Mon, 15 Jul 2019 18:03, gnupg-users@gnupg.org said:
> So if I have two email addresses/user IDs m...@my.org and m...@my.org
> associated with the same key, I cannot just export the key and publish
> it, right? I have to somehow publish two different ‘stripped’ public
Sight. GnuPG handles
On Wed, 10 Jul 2019 21:47, johan...@zarl-zierl.at said:
> ...except it isn't installed by default. Will this be part of gpg-wks-client?
Ooops. I meant gpg-wks-client. There is no gpg-wks-tool.
> won't be installed to libexec), it would still be beneficial to describe the
> actual file
On Tue, 9 Jul 2019 23:33, johan...@zarl-zierl.at said:
> Now that I have done it once, I think the setup without /usr/lib/gnupg/gpg-
> wks-client isn't that complicated either:
Please use gpg-wks-tool instead; it is much easier and less error prone.
> b. Manually, using gpg: gpg --homedir
On Wed, 10 Jul 2019 11:59, andr...@andrewg.com said:
> In this instance, I wonder if the apostrophe hasn't screwed something up
> - are apostrophes valid in the MIME boundary charset?
I use that for ages and believe this is all valid. But new Emacs
versions sometimes chnage the spooky list and
On Wed, 10 Jul 2019 10:53, gnupg-users@gnupg.org said:
> If you convince Mutt community that WKD is a good idea I can prepare
> the patch for you. As far as I remember it's very minimal and I'd be
Actually I started to work on Mutt (not NeoMutt, though) but had to give
up due to time
On Wed, 10 Jul 2019 10:23, patr...@enigmail.net said:
> Is it sufficient to run "gpg --delete-keys 0x...", and wait for quite a
> while, or does it require other measures?
--edit-key and then use "clean" to remove them. And well, install
2.2.17 to avoid future trouble.
Shalom-Salam,
On Tue, 9 Jul 2019 15:50, gnupg-users@gnupg.org said:
> setting it up and the feedback has been overwhelmingly positive. The
> only thing I needed was basically the local-part hash and actually
> that's what I built the checker for, to generate the URL in an easy
I think things are even easier
On Tue, 9 Jul 2019 10:10, gnupg-users@gnupg.org said:
> However, if gpg doesn't support a way of adding that subpacket, then
> creating easy-to-copy-and-paste commands for users to use to approve
> signatures becomes difficult.
The problem I see is that the keyservers need to check the validity
nloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 20
On Mon, 8 Jul 2019 18:45, gnupg-users@gnupg.org said:
> Is there a way to create a "Third-Party Confirmation signature"[1]
> using the gnupg command line interface?
No. You need to add code for this which also requires that you have a
way to specify another signature packet.
Are you
On Mon, 8 Jul 2019 16:17, gnupg-users@gnupg.org said:
> false negatives. It only supports the 'direct' method, where the key
> has to be hosted on `example.org` instead of `openpgpkey.example.org`.
BTW, the openpgpkey subdomain method was accidently not available in
2.2. This will be fixed
Hi!
Due to the SKS keyserver problems we are planning a new release for the
next week. That release will have some changes related to keyserver.
See below for details.
In general we do not provide release candidates because experience
showed that they are more or less ignored. However, this
On Wed, 3 Jul 2019 17:08, stef...@sdaoden.eu said:
> I (still user of GPG1, it is only your newer key which this cannot
Just don't use it unless you need to decrypt very old mails. In
particular not with keyservers or cards. The next maintenance release
will anyway remove all keyserver and
On Wed, 3 Jul 2019 15:42, pe...@digitalbrains.com said:
> --keyserver-options self-sigs-only,import-minimal
>
> as I propose, why would it take longer than 0.2 s?
Indeed, we could change the code for import-minimal so that it first
does the same what self-sigs-only does. Then it should be very
On Wed, 3 Jul 2019 13:50, pe...@digitalbrains.com said:
> Is there a good use-case for the former? If the latter also filtered out
Yes, as I wrote: 0.2s compared to 50s.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP
On Wed, 3 Jul 2019 12:58, pe...@digitalbrains.com said:
> reached its intended goal: dirmngr said "re-reading config". It just
> didn't have an effect for some odd reason. For people thinking about
Check that you do not have a keyserver entry in your gpg.conf or
Enigmail is calling gpg with
On Wed, 3 Jul 2019 12:29, pe...@digitalbrains.com said:
> Ah, based on a new message I just read the penny dropped. self-sigs-only
> can be made a default because it only applies to keyservers.
> import-minimal cannot be made a default because it affects all other
Not quite. When importing
On Wed, 3 Jul 2019 10:38, tliko...@iki.fi said:
>> import-clean does this:
>>
>>After import, compact (remove all signatures except the
>>self-signature)
>
> ...here you and the manual say that "first import [to local keyring]
> then clean".
>
> So there are conflicting messages. Which
On Wed, 3 Jul 2019 05:06, r...@sixdemonbag.org said:
> As I understand it the current list of targeted keys is myself, dkg,
> Werner, Patrick, and Kristian. It is clear the attacker's goal is to
I am not yet affected except for these few thousand old xmas fun
signatures.
> Werner will no
On Tue, 2 Jul 2019 15:40, konstan...@linuxfoundation.org said:
> When this happens, a maintainer who tries to verify a signed pull
> request will have the operation fail, so they need to have a way to
> force-refresh the developer's key. I would say this is the #1 workflow
Agreed. A signature
On Wed, 3 Jul 2019 12:35, gnupg-users@gnupg.org said:
> problem but I have read RJH's article). It sounds like SKS servers can
> handle these poisoned keys but GPG can't. That suggests that maybe GPG's
I think here is a misunderstanding. Sure, processing 150k signatures
takes quite some time
On Tue, 2 Jul 2019 11:00, d...@fifthhorseman.net said:
> It sounds like you are saying that the order of operations --
> import-then-clean vs. clean-then-import is part of the API spec that
> GnuPG is committed to.
No. What I say is that if we want to clean the keys from bogus
signatures we
On Tue, 2 Jul 2019 20:41, an...@pgp.16bits.net said:
> attachments that you need to extract, then open with a special program
> to decrypt.
> (In fact, many people _currently_ use OpenPGP in that stony age way)
From my experience many people use ZIP or PDF encryption here and not
OpenPGP. But
On Tue, 2 Jul 2019 16:03, gnupg-users@gnupg.org said:
> With "big boys" I meaned the German Government, German BSI and Facebook.
I, or well my company g10 Code GmbH, has currently no contracts with the
German government or the BSI. We had projects with the BSI but no
funding whatsoever. These
On Tue, 2 Jul 2019 13:47, look@my.amazin.horse said:
> Huh, that's interesting. I was not aware of this issue, and wish you had
> reached
> out to me, or to supp...@keys.openpgp.org, or filed an issue on Hagrid.
I assumed that newly launched server software with the goal to take over
all
On Tue, 2 Jul 2019 10:01, gnupg-users@gnupg.org said:
> No such issues on keys.openpgp.org, gpg --send-key and the new updated
> key is immediately available with no time outs or delays.
Unless you are on Windows where the server can't be accessed because it
uses a pretty limited set of TLS
On Tue, 2 Jul 2019 10:23, gnupg-users@gnupg.org said:
> Why not make "import-clean" and "import-minimal" strip key signatures
> before importing a key? That would make "import-minimal" behave like
Because that contradicts what import-clean is supposed to do:
After import, compact (remove all
On Mon, 1 Jul 2019 23:47, r...@sixdemonbag.org said:
> for development. My donation capped at $500. For several of those
> years, I was one of the largest individual contributors to GnuPG.
Right, your donation encouraged me to keep on working on this set of
tool which is used at many more
On Mon, 1 Jul 2019 22:58, h...@alyssa.is said:
> For example, why isn't ask-cert-level a default? I'm guessing it's just
> because at some point it didn't exist, and the developers didn't want to
Because we have good defaults and options to chnage them in the config.
We do not want to expose
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
> - subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we have a
problem unless we do a regular refresh similar to what should be done
On Mon, 1 Jul 2019 15:13, gnupg-users@gnupg.org said:
> distribution keys in Gentoo. However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
Actually gpg updates expired keys via WKD. However, to not break things
and not to go out
On Mon, 1 Jul 2019 14:55, andr...@andrewg.com said:
> Yes, which is why we've informally had "let the owner choose whether to
> publish her incoming certifications" as best practice for a long time.
Actually gpg has always set the /Key Server Preferences/ to
First octet: 0x80 = No-modify
On Tue, 25 Jun 2019 17:54, gnupg-users@gnupg.org said:
>> Theres simply one point: "If you do not want your email to be public, don't
>> upload your key to a server."
>
> What if I upload your key to a server though? Keep in mind this is not just
> a "nice to have", it is a legal requirement.
On Fri, 21 Jun 2019 16:39, g...@unixarea.de said:
> Thanks for the explanation. But why GNUPGHOME is not also used for the
> place where the sockets should be created when X11/KDE is up?
That seems to be deep in the innards of KDE's X startup or Wayland or
Systemd configuration. I try to avoid
On Fri, 21 Jun 2019 18:42, gnupg-users@gnupg.org said:
> Even though I have had GPG and YubiKey running a few times on CentOS7
Which GnuPG version does it come with: "gpg --version". Does it install
gpg under the name gpg2 and provides the legacy GnuPG 1.4 under the name
gpg ?
>
On Fri, 21 Jun 2019 12:03, gnupg-users@gnupg.org said:
> here is a article (only in german) from Heise:
By the very same guy who showed in the past that he has no clue about
keyservers and their goals and ignored all comments gathered about this
before writing an article [1].
That new thing now
On Fri, 21 Jun 2019 11:20, g...@unixarea.de said:
> What I do not understand is, why this value without the KDE5 environment
> is
>
> $ gpgconf --list-dirs agent-ssh-socket
> /home/guru/.gnupg-ccid/S.gpg-agent.ssh
That is because you have a
GNUPGHOME=/home/guru/.gnupg-ccid
and
Hi!
On Wed, 12 Jun 2019 10:08, hassan.mostaf...@gmail.com said:
> # include
>
> # define AM_PATH_LIBGCRYPT
What purpose has this macro? Did you mized something up with a
configure macro. Anyway, it is not a problem.
> /* intialization success check */
>
> gcry_error_t e1 = gcry_control
all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch
On Wed, 22 May 2019 00:21, gnupg-users@gnupg.org said:
> work without requring removal/re-insertion of the card, but presumably
> such a change has security implications or the original developers
> would not have used PCSC_SHARE_EXCLUSIVE. So... I don't know if such a
> change is advisable. Any
On Tue, 30 Apr 2019 06:55, david.mi...@gmail.com said:
> We’re considering rolling out GnuPG at work for developers to sign git
> commits.
> How can we prevent developers from choosing a trivial password?
You can't but it is not a problem. The passphrase is used to protect
the private key in
On Thu, 4 Apr 2019 14:16, jennifer.m...@pacificorp.com said:
> I got a yubikey 5 working with Gnupg agent by writing the key direct
> to the card on CentOS 7. Then I was tasked with writing documentation
FWIW, GnuPG 2.3 will have full support for Yubikey 4 and 5 which
includes support for the
On Thu, 28 Mar 2019 18:08, telegr...@gmx.net said:
> is it possible to configure gpg-agent to cache the passphrase
> for different OpenPGP keys for a different length of time? if
No, that is currently not possible.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werne
les for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
On Mon, 25 Mar 2019 16:02, pe...@digitalbrains.com said:
> But something more user friendly to match SSH fingerprint and keygrip
> could be beneficial. I'm not sure what that would look like and neither
You can build a script based on this:
$ gpg-connect-agent 'keyinfo --ssh-list --ssh-fpr'
On Fri, 22 Mar 2019 23:46, ggroenh...@ggf-controls.de said:
> with gpg2 symmetric encrypted file. I allways get
> "gpg: packet(3) with unknown version 7".
That is garbled data because a version 7 of the session key packet (tag
3) is not defined. Please check the error messages again or provide
On Sat, 23 Mar 2019 16:19, pe...@digitalbrains.com said:
> because ssh-add -d doesn't work with gpg-agent. Well, not with the
> version in Debian stretch anyway, I reserve the right to be ignorant
That is on purpose: gpg-agent stores the key permanently and thus it
makes no sense to add and
On Tue, 19 Mar 2019 12:42, gnupg-users@gnupg.org said:
> I do understand why someone decided to delegate keys.gnupg.net to someone
> else, but is that healthy for GnuPG?
gnupg.{net,com,org,de} and gpg4win.{org,de} are all owned by my company
g10 Code GmbH. whois unfortunately does not show that
501 - 600 of 3672 matches
Mail list logo