tities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3
On Mon, 18 Mar 2019 23:09, ml-gnupg-xix@linuxwan.net said:
> keys.gnupg.net is just a CNAME for hkps.pool.sks-keyservers.net. This
> host appears to be the default for GNUpg configs.
FWIW, keys.gnupg.net is a hardcoded alias in dirmngr since 2.2.7 and
thus the CNAME is not used since that
On Wed, 13 Mar 2019 03:03, dkbry...@gmail.com said:
> $ echo hi | gpgsm --sign --armor --default-key 0x64208E9A
> --disable-crl-checks --disable-policy-checks
> gpgsm: error creating signature: No value
Please always add -v or --verbose to the invocation if you run into
problems. This gives
On Mon, 11 Mar 2019 12:43, johndoe65...@mail.com said:
> Just to be clear, you Werner will sign everything that needs to be
> signed for a release with your personal key.
In practise that is the case. However, anyone of our small group can
sign releases and also update the online list of
On Fri, 8 Mar 2019 20:05, johndoe65...@mail.com said:
> What is the best way forward?
> - One signing key accessible on the release system
I'd say depends on the release system. In most cases this is a
networked box and I would hesitate to do this. Using gpg --with a
remote gpg-agent would be
On Fri, 8 Mar 2019 20:21, tliko...@iki.fi said:
> have plans for that, to set the default trust model to "tofu" or
> "tofu+pgp"?
I am still not convinced that the UI as implemented on the command line
is better that what we have now. It looks more complicated than what
one would expect under
On Fri, 8 Mar 2019 22:00, ab...@monksofcool.net said:
> a) We're moving ever further off topic in terms of GnuPG.
FWIW, given the low traffic on gnupg-users, I would consider this still
to on topic.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Sun, 10 Mar 2019 14:51, 2017-r3sgs86x8e-lists-gro...@riseup.net said:
> Is "nerdy" good or bad in this context?
That is really up to you. Often it is fun to be a nerd.
To the OP: I have done keysigning for about 25 years but meanwhile I
don't think that the Web of Trust is a good idea to
On Sun, 10 Mar 2019 15:54, claudio.flore...@gmail.com said:
> After signing a file with my sign subkey I noticed that the private key
> file of the sign subkey was modified. Why? What happens?
To speed up the migration and to not annoy you by asking for your
passphrase for each private key,
On Sat, 9 Mar 2019 17:52, mattia.cod...@poste.it said:
> I noticed that the gpg -d [filename] command works out without asking
> me for the passphrase, so after a brief search i became aware of the
> fact that gpg uses public/private keys encrypting, combined with a
Right public key
On Sun, 24 Feb 2019 10:09, johndoe65...@mail.com said:
> What I understand is that there is no clear convention.
Meanwhile I would suggest to only use the mail address, that is
j...@example.org
and leave out all other parts. There are even mail providers which
demand this for data privacy
On Wed, 6 Mar 2019 21:58, gnupg-users@gnupg.org said:
> 2019-03-06 21:25:50 dirmngr[2855.6] DBG: chan_6 -> OK Dirmngr 2.2.4 at
> your service
Between 2.2.4 and 2.2.10 we fixed a couple of bugs in the DNS resolver.
This should explain why it works on macOS, where you use 2.2.10.
Salam-Shalom,
On Tue, 5 Mar 2019 23:43, gnupg-users@gnupg.org said:
> gpg: error retrieving 'i...@rfechner.de' via DANE: Not found
> gpg: error retrieving 'i...@rfechner.de' via Local: No public key
Okay, you need to look into the actual DNS requests. Please add
--8<---cut
On Tue, 5 Mar 2019 10:05, gpir...@manymore.fr said:
> In the previous version the parameter -passphrase did the trick (although
> not the most secured) but it isn't working anymore.
Given that it is an unattended environment, a passphrase to protect the
private key does not make any sense (in
On Mon, 4 Mar 2019 13:41, gnupg-users@gnupg.org said:
> --auto-key-loacate clear, dane, local --locate-key -v em...@adress.com
Do not put spaces between the a-k-l parameters. "dane' would be
considered as first argeument and gpg tries to do something with that.
There should be a warning.
gpg
On Sun, 3 Mar 2019 21:51, gnupg-users@gnupg.org said:
> $ echo test | gpg -a --sign
> gpg: signing failed: Invalid IPC response
Please run
$ echo test | gpg -a --sign --verbose --debug ipc
to see the communication with the gpg-agent. The rrror message reminds
me of the time when
On Wed, 20 Feb 2019 12:15, am...@riseup.net said:
> (1)
> keyserver-options ca-cert-file=../keyserversCA.pem
I recently asked whether you got a warning regarding this option. Would
you mind to look again at the output and, more important, tell us what
version of gpg you are using (gpg
On Sat, 16 Feb 2019 19:25, mgo...@gentoo.org said:
> of the key with subkey revoked, and use that for the purpose. However,
> I think it would be much more convenient if had an option to generate
> the revocation signature separately.
Can you please enter a feature request at dev.gnupg.org?
On Sun, 17 Feb 2019 20:08, aaj...@gmail.com said:
> GnuPG version in swdb.lst is less than this version!
> This version: 2.2.13
> SWDB version: 2.2.12
Something went wrong uploading the version file. I just repeated it and
it wortks now (try: "build-aux/getswdb.sh").
Thanks for reporting,
> gpg-wks-client: Warning: policy requires 'mailbox-only' - adding user
> id 'wolfgang.tray...@posteo.de'
> Or do I even need my secret primary key?
Right. The primary key is required to create a new user id. gpg tries
to be helpful there but it can't work for high security environments
with
On Thu, 14 Feb 2019 10:52, m...@mailbox.org said:
> you should add it in the man page, because it's a FAQ:
> cert-digest-algo !< SHA512 ing gpg.conf for ECC >= 512-bit
Sorry, I can't parse that. Please also note that --cert-digest-algo
should not be used because it viloates the OpenPGP
On Sat, 9 Feb 2019 11:20, wolfgang.tray...@posteo.de said:
> I am looking for a simple solution just like `gpg --send-keys`, but for WKD.
Locate the gpg-wks-client binary. On Windows it should be found via
$PATH but on Unix it is installed at one of this locations
On Wed, 13 Feb 2019 17:27, am...@riseup.net said:
> keyserver-options ca-cert-file=~/keyserverCA.pem
Didn't you got the warning that this option is obsolete. Certifciates
are configured in dirmngr.conf. In case you are using a 2.0 version of
GnuPG, please note that this branch reached
On Wed, 13 Feb 2019 20:11, vojtas...@gmail.com said:
> and in syslog I have found this
gpg-agent writes to syslog - that's new to me (with the exception of
certain diagnositics from Libgcrypt).
> gpg-agent[pid]: a 256 bit hash is not valid for a 512 bit ECC key
> gpg-agent[pid]:command
2 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048 2014-10-29 [ex
Hi!
On Mon, 11 Feb 2019 14:04, ves...@tana.it said:
> I just saw version -07 today. The advanced method:
>
> WELLKNOWN := https://openpgpkey.example.org/.well-known/example.org/openpgpkey
>
> doesn't seem to make much sense to me. I tried it with posteo.de, and got:
The two parts were
[Please don't cross-post!]
On Tue, 5 Feb 2019 12:47, gnupg-users@gnupg.org said:
> THE DATE PROBLEM. Only the body of the email is signed, not the
> envelope headers, namely the subject and intended recipients, and
Sure, mail headers are subject to changes. For example by mailing list
On Wed, 30 Jan 2019 20:44, s...@300baud.de said:
> On the other side i wish PGPfone would have been further developed.
> I found it, way back then, pretty cool and super easy to use, compared
> to PGP or GnuPG.
Please don't compare an online protocol with an offline (store+forward)
protocol -
On Thu, 24 Jan 2019 10:45, m.vet...@infotech.li said:
> 2. Which version of libgpgme-xx.dll is compatible to version 2.1.1.18
> of GnuPG tool suite? Is this version 1.9.0 or version 1.7.0 according
> to the release news on page https://www.gnupg.org/news.html?
The name of the DLL only reflects
On Tue, 8 Jan 2019 13:28, jc.gnupg...@unser.net said:
> I beg to differ. Given the classic Unix philosophy of chaining small tools
> which do their job well, GnuPG is already way too complex, especially for
> casual users. I generally prefer the ImageMagick concept of small tools
I would have
On Tue, 1 Jan 2019 08:36, g...@unixarea.de said:
> with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after
Take care: Usual Omnikey problems with creating and using large keys
apply.
> How can I meanwhile 'reset' the OpenPGP card so that on next request for
> the secrets
On Fri, 14 Dec 2018 16:41, phoeny...@gmail.com said:
> I was wondering if the pdf is going to be updated anytime soon? It's
> title page still says it's for version 2.2.7?
Done that.
>
> Also availabale should be available.
I use always the last announcement as a template. I see how I can
ne or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (
On Tue, 11 Dec 2018 19:27, art...@ulfeldt.com said:
> using openkeychain with a yubikey nfc is totally solid, and convenient.
> I've been using them for years. they also plug into the bottom of the
> phones which some people prefer.
You should keep in mind that you can eavesdrop on NFC
On Thu, 13 Dec 2018 00:00, t...@pobox.com said:
> /usr/bin/gpg1 for users who want to keep using it. Dropping
> the keyserver and photoviewer helpers is part of the next
> planned release from the 1.4.x branch, which is being
> tracked in https://dev.gnupg.org/T3443.
Right. Given that gpg1 is
On Tue, 11 Dec 2018 22:24, p...@sys4.de said:
> Is there any other infrastructure/tool I need to setup and configure to sign
> and encrypt messages in mutt?
set crypt_use_gpgme
and then use the S/MIME options in Mutt's menu: hit 'p', 'b' and 'm' to
encrypt and sign with S/MIME. ('m' switches
On Tue, 11 Dec 2018 09:28, fka...@posteo.net said:
> from September 2017 for configure.ac that allows to circumvent a
> huge performance regression with gnupg v2 keys in some contexts.
>
> This commit is not in stable though.
Right. The bug was closed so we forgot about it. Thanks for the
On Fri, 7 Dec 2018 14:51, per.tore.johan...@ecp.no said:
> Installed GnuPG from : gnupg-i5pase-1.4.10b.tar.Z on Power for I. OS
> release V7R3
That looks like a modified version of an old GnuPG 1 version from 2009.
Please do not use such an old version. The current 1.4 version 1.4.23
From
On Thu, 6 Dec 2018 14:05, stefan.cl...@posteo.de said:
> Understood. Please check this example, a key with with plenty of data,
> which only needs to be extracted.
>
> https://pgp.circl.lu/pks/lookup?op=get=0x73253A1F090C53B6
Surely you can put arbitrary data into into a user-id.
> That's
On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said:
> Well, my understanding would be that a least one (search) criteria
> would be needed to fetch a key, right? And if so i could also imagine
Right, the fingerprint. And maybe the long keyid for a transitional
period because not all
On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said:
> Can you give more details about the security aspect?
People believe that the keyservers magically return a matching key for a
mail address. There is no guarantee for this. In fact all people from
the strong had meanwhile expired faked
On Wed, 5 Dec 2018 10:31, c...@cod-web.net said:
> On pool.sks-keyservers.net eveything works well while on other
> keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I
> never signed and I don't know exactly why it's included in search
There are several problem with the
Hello!
On Thu, 29 Nov 2018 02:06, smck...@titaniummirror.com said:
> Today we set up a new Yubikey from a Windows 7 system running GnuPG
> 2.2.10. Its generate command did not ask us for key size, and the
With version 2.2.6 we had to introduce a new command to be more flexible
with chnaging
Hi!
Here is my reply to the Enigmail list which explains why this is indeed
not just a problem of gpg and that we can't have a perfect solution.
For security reasons Windows has strict rules on which process can put
itself into the focus. Enigmail needs to tell Pinentry, via gpg, that
it may
On Fri, 23 Nov 2018 15:18, gnupg-users@gnupg.org said:
> gcry_version_check(1.8.4)
gcry_check_version requires a string with the version number or NULL.
Thus
--8<---cut here---start->8---
const char *s;
if ((s=gcry_version_check ("1.8.4")))
printf
Hi,
if you can compile a not too old gpg version, you might be able to apply
this patch. It should show you the fingerprint of the cuplrit.
--8<---cut here---start->8---
diff --git a/g10/keyid.c b/g10/keyid.c
index a9034ee46..3694c26cc 100644
---
On Fri, 23 Nov 2018 18:56, dirk.gottschalk1...@googlemail.com said:
> I saw the Listing in the debugging log. I tried this also.
> gpg -k does not show this message, but two messages regarding two keys,
Hmmm, not easy to debug by mail.
> gpg: bad data signature from key 2894CD20EE47166D: Wrong
On Thu, 22 Nov 2018 16:38, gnupg-users@gnupg.org said:
> After listing the keys, gpg reports: gpg: error computing keygrip
Looks like you have a garbled key or one with an unknown encryption
algorithm. Not easy to pinpoint because that diagnostics comes from the
deep innards of gpg.
Do you see
On Wed, 14 Nov 2018 16:45, 2017-r3sgs86x8e-lists-gro...@riseup.net said:
> http://sites.inka.de/tesla/gpgrelay.html. A possible working link is
> https://sourceforge.net/projects/gpgrelay/.
Thanks, I fixed it.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Thu, 8 Nov 2018 18:34, stefan.cl...@posteo.de said:
> apartment and accidentally threw away the box
> in which the revocation cert was stored... :-(
:-(
> How would you procede now?
Fetch your backup which for you will have stored at a different
venue .-)
Call the locksmith to open the
On Thu, 8 Nov 2018 07:50, em...@andrewnesbit.org said:
> - Enigmail and GPGTools are orthogonal components re: Thunderbird.
> Enigmail is something like the interface to the underlying GPG
> implementation. In many cases on Mac OS X, including mine, this
> underlying implementation is indeed
On Tue, 6 Nov 2018 06:55, kaushalshri...@gmail.com said:
> I am using CentOS 7.5 Linux OS in my setup. I have compressed a folder
> using tar utility tar czvf backupfolder.tar.gz backupfolder. Is there a way
> to encrypt backupfolder.tar.gz using gpg? Are there any best practices to
Sure:
s. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 20
Hi!
Please do not post commercial advertisements to a gnupg mailing list.
There is no problem to _mention_ proprietary software on the GnuPG lists
if that mentioning is related to technical questions. But sales pitch
or ads are unwanted.
Thanks,
Werner
ps.
I removed the openssl list from
On Sun, 4 Nov 2018 23:20, juer...@bruckner.tk said:
> I for myself did configure MailDroid that way, that for each
> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
> each time.
That does not help. A bugged phone will for sure employ a keylogger and
thus you can also work
On Wed, 31 Oct 2018 01:33, alvaro@gmail.com said:
> It seems I was not looking at the right keywords when I searched, because I
> couldn't find that option before.
Note that the filename stored with the encrypted or signed data is not
even convered by the signature. Thus it is possible to
On Tue, 30 Oct 2018 15:13, zer...@gmail.com said:
> If I do a gpg --list-keys my keys all show up just fine.
Run
gpg-connect-agent 'keyinfo --ssl-list' /bye
to see the keys gpg-agent is aware of. See also
gpg-connect-agent 'help keyinfo' /bye
and as Gniibe wrote, you need to put a key
iles for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
W
On Mon, 22 Oct 2018 17:52, wik...@metacode.biz said:
> Is there a small bug in recent GPA (0.10.0)? I looked up:
> "test-...@metacode.biz" and got "No keys were found" but when I clicked
> "details" I got the correct "key imported" GnuPG log details. Sure
I noticed this as well but thought it
On Mon, 22 Oct 2018 14:22, gnupg-users@gnupg.org said:
> gpg --auto-key-locate clear,nodefault,wkd --locate-key u...@example.com
Here is why these auto-key-locate (AKL) parameters are required:
clear := Remove all existing AKL setting from a config file.
nodefault := Do not use the
releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6
test program t-mbox-utils.c has these
vectors:
/* input */ /* Output, NULL = invalid */
{ "Werner Koch ", "w...@gnupg.org" },
{ "", "w...@gnupg.org" },
{ "w...@gnupg.org", "w...@gnupg.org" },
{ &qu
On Wed, 10 Oct 2018 20:33, siem...@cleanfuels.nl said:
> gpg: decryption failed: No secret key
Well, you don't have the secret key (aka private key) to decrypt the
message.
> sec rsa2048 2009-09-27 [SCA]
> A5F3C219AB2601BEC1BCE4F2AEEC5E2ED87628F5
[..]
> ssb rsa2048 2009-09-27 [E]
>
On Wed, 10 Oct 2018 14:02, siem...@cleanfuels.nl said:
> I am using GPA with GnuPG 2.2.10.
IIRC, the latest released GPA version is way behind what we have in the
repo.
To figure out your problem, please run gpg on the command line:
gpg -vd -o OUTPUTFILE ENCRYPTED_FILE
check the error
espective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB
On Sun, 7 Oct 2018 10:57, patr...@enigmail.net said:
> - we will start on Saturday at 09:30. If you have any issues such as finding
> the location or with local logistics, here is my phone number: +41 78 631 6622
Huh, that is early. Andre and me might arrive a bit later.
Salam-Shalom,
u want to apply and test it in stable.
73 de DD9JN
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From b6275f3bda8edff34274c5b921508567f491ab9c Mon Sep 17 00:00:00 2001
From: Werner Koch
Date: Mon, 8 Oct 2018 16:14:17 +0200
Subject: [PATCH GnuPG] gpg: Fix extra check for sign
On Wed, 3 Oct 2018 14:44, keesdejong+b...@gmail.com said:
> I want to make use of PKA, I saw a few blogs [1] where they did this in TXT
> DNS records. However, this seems to not work anymore. When I issue `gpg2
Please don't use this anymore. It never got any kind of widespread
adoption and
On Tue, 2 Oct 2018 10:43, aheine...@intevation.de said:
> Any hints / documentation on how to achive this?
That is easy if you have the keygrip (gpg --with-keygrip -K)
--8<---cut here---start->8---
$ gpgsm --gen-key
gpgsm (GnuPG) 2.3.0-beta459; Copyright (C)
On Fri, 28 Sep 2018 09:52, gnupg-users@gnupg.org said:
> You can get a free certificate from Let's Encrypt, they are valid for 3
> months.
.. and you can automated the update of the certificates. There are lot
of tools for this; we at gnupg.org use the Dehydrated script.
Salam-Shalom,
On Thu, 27 Sep 2018 22:34, gnupg-users@gnupg.org said:
> OpenPGP ones. Likewise openssl is used to work with X.509 certs,
> /etc/ssl/certs/ca-bundle.crt contains X.509 certs too.
FWIW: GnuPG also supports X.509 and CMS (aka S/MIME) you have to use the
gpgsm tool, which is similar to gpg as far
On Tue, 25 Sep 2018 23:03, k...@dev.terastrm.net said:
> I would like to see the queries to gpg-agent that clients are
> sending. Like what key are they trying to access and whatever other
That is easy. Put
log-file socket://
debug ipc
into ~/.gnupg/gpg-agent.conf. Feed your monitor
On Thu, 20 Sep 2018 15:05, fka...@posteo.net said:
> When I change the passphrase of an existing 1.x generated key with
> gpg 2.2.8, the key gets somehow updated (slow).
So this is not about the key but about the protection of the private
key. That protection (teh passphrase) is there as a
On Tue, 18 Sep 2018 14:48, gnupg-users@gnupg.org said:
> Can I disable this service?
No, it is an important component of gnupg. It handles the private keys
and caches the passphrases.
> Can I de-install this service permanently?
No.
> I need gnupg only occasionally for on-demand
On Tue, 4 Sep 2018 18:31, roman.fied...@ait.ac.at said:
> At which byte offset should I find the signer key fingerprint?
That is an encrypted message and thus can you seen the the signature.
>> Leaving this out would not help because it is easy to
>> figure out the key by trial verification
On Wed, 5 Sep 2018 10:45, roman.fied...@ait.ac.at said:
> No, this is a signed AND encrypted message. Can gpgv only be
> used to verify signatures on signed-only but not signed AND
> encrypted messages, maybe due to encrypt AFTER sign scheme?
Correct. The signature is encrypted and thus it
On Tue, 4 Sep 2018 10:08, roman.fied...@ait.ac.at said:
> [GNUPG:] UNEXPECTED 0
The signature is corrupted in that it has a packet which is expected
only in a key. Or the provided key has a data signature packet etc.
How did you create the keyfile and the signature?
> Could it be, that
On Tue, 4 Sep 2018 09:52, roman.fied...@ait.ac.at said:
> Werner gave a good solution in another followup message. May I recommend
> updating the online docu/man page for "--verify" with something like this?
we have
Note: Sometimes the use of the @command{gpgv} tool is easier than
using
On Mon, 3 Sep 2018 19:25, pe...@digitalbrains.com said:
> It could be that recently an option was added to check a signature by a
> certificate in a file, but in general you need to import a certificate
No, that is nlot the case. We only added the option -f to encrypt to a
key taken from a
On Thu, 30 Aug 2018 16:26, d...@fifthhorseman.net said:
> I note that https://gnupg.org/ftp/gcrypt/gnupg/ does not list 2.2.10
> yet, though the file is already there.
It is there.
> Can you make refreshing that index a part of the standard release
> process? it would help automated tools that
provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 3
On Sun, 26 Aug 2018 00:31, gnupg-users@gnupg.org said:
> decrypted file itself could/would be read by a third party. The session
> key is, in this moment, the least problematic thing on your system.
Right. We assume physical security. The connection between the card
reader and the host is not
On Thu, 23 Aug 2018 17:50, gnupg-users@gnupg.org said:
> Related question: Do you have a file named "gpg-v21-migrated" in your
> .gnupg directory?
The file name is actually ".gpg-v21-migrated" (note the leading dot) and
thus only listed by ls with the option -a.
Shalom-Salam,
Werner
--
On Wed, 1 Aug 2018 21:28, tookm...@gmail.com said:
> generating a key without enough randomness, the whole application just
> locks up with no indication of what is happening. Is there anything else
> I could query to inform the user of what's occurring in this scenario?
You need to install a
On Sat, 11 Aug 2018 09:49, kar...@riseup.net said:
> $ gpg --debug-level=guru --recv-key 74A941BA219EC810
Instead of using that debug level (in any case use "--debug help" for
more specific levels) it would have been suffcient if you had used
$ gpg --verbose --recv-key 74A941BA219EC810
On Wed, 25 Jul 2018 11:00, hoelz...@mailbox.org said:
> Yes, please excuse my confusion.
Thanks. It turned out that printing a more visible warning will require
quite some code changes but they are straightforward. Thus I can't
promise that this will go into 2.2.
Salam-Shalom,
Werner
--
On Sat, 14 Jul 2018 14:09, heavyt...@hotmail.com said:
>> Use --batch or --no-tty to suppress this output
>
> both options worked. So you mean it's a bug in gpg2?
Yes. I created https://dev.gnupg.org/T4088 for this.
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday
On Tue, 24 Jul 2018 13:39, hoelz...@mailbox.org said:
> Thank you very much for your help! That indeed pointed me to the right issue
> (DNS resolver not running).
> For reference attached the output of the command below.
Can you you please post that attachment or send it by PM?. I will see
Hi agains
different subject so I didn't read that before replying to the other
mail.
> gpg: error searching keyserver: No such file or directory
> gpg: keyserver search failed: No such file or directory
Might be a DNS problem: Similar to the other report you mentioned,
please run
dirmngr -v
On Mon, 23 Jul 2018 18:33, hoelz...@mailbox.org said:
> Please find attached the ouput of 'env LANG=en_US.UTF-8 gpg -vvv --debug-all
> --search-keys Torvalds'.
Missing.
> The output of 'gpg-connect-agent --dirmngr 'KS_GET 0x4D1E900E14C1CC04' /bye'
> is as follows:
> ERR 167805009 No such file
On Sun, 22 Jul 2018 07:36, chandra.velp...@in.ibm.com said:
> AIX version: 7.2
> GPG version: gpg (GnuPG) 1.4.7
That version of GnuPG is more than 11 years old and should not be in use
anymore. Anyway, if you need paid support please see
https://gnupg.org/service.html for options.
On Sun, 22 Jul 2018 02:46, sh...@git.icu said:
> I really want the performance of single-route-trip handshakes, as this is
> important for my use case (distcc), which makes alot of new connections (as
I don't understand how this is related to GnuPG. Granted, we use TLS
for keyserver access but
On Wed, 18 Jul 2018 06:37, benjamin.d@gmail.com said:
> Practically, this means that once a key is added to gpg-agent it's unclear
> as to how to remove it. ssh-add -d/-D doesn't work, and you can't simply
> remove keys from ~/.ssh/ and restart the agent as gpg-agent's not referring
Right,
On Mon, 16 Jul 2018 09:51, w...@gnupg.org said:
> If you use a smartcard there is a hack in scdaemon which allows to work
> without a PIN.
Here is what scdaemon's code has to say about this hack:
GnuPG makes special use of the login-data DO, this function parses
the login data to store
On Sat, 14 Jul 2018 15:15, g...@unixarea.de said:
> Decrypting with GnuPG needs a passphrase, normally read from /dev/tty
It only needs passphrase if you set a passphrase. For public key
encryption it is perfectly fine not to set a passphrase because it is
expected that there are no other users
On Fri, 13 Jul 2018 20:27, heavyt...@hotmail.com said:
> [user@linuxbox ~]$ gpg2 -d .my_pwds.gpg 2>/dev/null
>
> You need a passphrase to unlock the secret key for
That output goes directly to the tty. Without a pinentry you will need
to enter the passphrase also directly via the tyy (because
s are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085
On Wed, 4 Jul 2018 21:48, gnupg-users@gnupg.org said:
> recognized but I don't see a function to mark
> "t...@metacode.biz=node-1" as a recognized notation for verification
> purposes.
>
> Is it possible?
Yes. Please create a feature request at dev.gnupg.org
Shalom-Salam,
Werner
--
#
Hi!
Are you setting the homedir in your code also for the Assuan context?
That might explain the behaviour.
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpGNpv0Jj7Xp.pgp
Description: PGP
On Wed, 27 Jun 2018 22:50, tookm...@gmail.com said:
> I have two gpgme contexts, one for openpgp and another for assuan
> commands to the smartcard. Pinentry triggered by the openpgp context
> works perfectly, but any pinentry launched in service of the assuan
> context fails with the error in
601 - 700 of 3672 matches
Mail list logo
