Re: dirmngr cygwin resolv.conf

On Wed, 4 Jul 2018 09:11, gni...@fsij.org said: > The patch is: Don't try to look the error code, but fallback TOR_PORT2 > always. I don't like this patch because it is not specific enough. If Cygwin really returns EPERM, than this is a bug in the Cygwin emulation because all Unix systems (and

Re: Generating NIST/Brainpool subkeys with GPGME

On Mon, 2 Jul 2018 18:03, tookm...@gmail.com said: > Should I file a bug against GPGME? GPG? Not really sure where the > problem is here. Against gpg. I won't assign it a high priority, though. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die

Re: gpg2 --refresh-keys does not talk to dirmngr?

On Mon, 2 Jul 2018 21:22, dirk.gottschalk1...@googlemail.com said: > localhost. This is not my intention. I have a running server in my > network which rund Suid/Provoxy/TOR. Is it possible to connect to this > tor server on the socks port for doing LDAP, WKD, or DANE Lookups? No, this is

Re: Choice of ECC curve on usb token

On Fri, 29 Jun 2018 18:07, dam...@cassou.me said: > Moreover, Nitrokey Storage only supports NIST and Brainpool, nothing > else. That is because the Nitrokey token includes a Zeitcontrol card which only implements the government approved curves. If that ever changes we can close the feature

Re: dirmngr cygwin resolv.conf

On Sat, 30 Jun 2018 21:26, johndoe65...@mail.com said: > How can I force dirmngr to use port "9150"? So Tor ports are fixed. As Niibe-san already explained Dirmngr will first try port 9050 and if it is not able to connect (ECONNREFUSED) it will try port 9150. This is implemented for Dirmngr in

Re: gpg2 --refresh-keys does not talk to dirmngr?

On Fri, 29 Jun 2018 16:12, gnupg-users@gnupg.org said: > I have set up a local proxy server with a squid/privoxy/TOR chain and > set it up in dirmngr.conf. Now, after deleting the keyserver line from > gpg.conf, I found out that gpg2 seems not to talk to dirmngr when using > gpg2 --refresh keys.

Re: dirmngr cygwin resolv.conf

On Thu, 28 Jun 2018 17:05, johndoe65...@mail.com said: > dirmngr.conf: > > use-tor > http-proxy socks5://localhost:9150 Nobody said that you should configure a proxy ;-) Dirmngr has integrated Tor support which will be used automatically when Tor or the Tor Browser is up and running. --use-tor

Re: dirmngr cygwin resolv.conf

On Thu, 28 Jun 2018 11:54, johndoe65...@mail.com said: > Can you elaborate on how I would let "Cygwin dirmngr" use "Tor Browser > for Windows"? I have not tested it but given that the Tor browser is listening on localhost, TCP port 9150, I see no reason why a native Windows Tor Browser can't

Re: dirmngr cygwin resolv.conf

On Mon, 25 Jun 2018 10:50, johndoe65...@mail.com said: > On Cygwin '/etc/resolv.conf' is not needed, as ilustrated by the > below log dirmngr requires 'resolv.conf': Cygwin is Unix emulation on Windows and thus GnuPG considers the platform to be unix. In turn /etc/resolv.conf is required. >

Re: gpg show default / effective options

On Tue, 26 Jun 2018 12:31, gnupg-users@gnupg.org said: > Is it possible to print default or effective options used by GnuPG? You can run gpgconf --list-options gpg which prints the options and their current values in a format described in the gpgconf man page. Frontends like Kleopatra and

Re: uncompressing failed: Unknown compression algorithm

On Thu, 21 Jun 2018 11:40, lian.s...@virusbulletin.com said: > 1. Is it "normal" to hang like this or it is a bug ? No, that should not happen. Compression 42 is clearly an indication for a corrupt file. > 2. Is there any option I can pass to gnupg in command line so that it > goes on in case

Re: Upgrading 2.0.20 to 2.2.24

On Tue, 19 Jun 2018 22:31, fe...@crowfix.com said: > I tried both these steps, and neither changed anything. Import said it > imported, but I have a saved copy of .gnupg, and there was no difference after Did it say that an secret key was imported? You check your secret keys using gpg -K

Re: git repo won't build for lack of source files?

On Wed, 20 Jun 2018 20:45, ps...@ubuntu.com said: > Apparently you have to configure with --enable-maintainer-mode to avoid > this. autogen.sh actually told you this .-) Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen

Re: Upgrading 2.0.20 to 2.2.24

On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > is possible that 2.2.x no longer has the code in it to migrate to the 2.2 still has the migration code. However, once a migration is done it will not be done again.

Re: Silencing MDC Warning with gnupg 2.2.8.

On Thu, 14 Jun 2018 13:56, ra...@inputplus.co.uk said: > I see that --ignore-mdc-error downgrades the error to a warning allowing Right, this is the suggest method to decrypt old mails. > --no-mdc-warning is now a no-op and so doesn't work in concert with Right, this is on purpose. The

[Announce] Libgcrypt 1.8.3 and 1.7.10 to fix CVE-2018-0495

ned by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 D

Re: Pinentry: Permission Denied

On Tue, 12 Jun 2018 19:03, tookm...@gmail.com said: > That seems to be it. I was overriding getty and launching my own service > as a non-root user and tty1 was still owned by root If you run gpg with -v with the next released pinentry you will see a line like this (wrapped) gpg: pinentry

Re: Problem refreshing keys

On Wed, 13 Jun 2018 00:23, je...@seibercom.net said: > gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye The common problem on Windows: You can't use ' to quote; we Unix folks always forget about that. Use gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye Salam-Shalom,

Re: Problem refreshing keys

On Tue, 12 Jun 2018 22:42, gnupg-us...@spodhuis.org said: > provide more information, and AFAICT the "-->" line is "the order we'll > try them in, with the currently active server marked with "*"; this They are not tried in this order but they are picked randomly until one worked.

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 10:06, marco.maggi-i...@poste.it said: > I fixed this by upgrading to the latest libgpg-error. This means the > gnupg package does not detect the installed libgpg-error version > correctly? Merge fault, sorry. See https://dev.gnupg.org/T4012 for a fix.

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 11:07, pe...@digitalbrains.com said: > attempt to decrypt the block in the first message by Werner, as soon as > it was part of a quote, starting with "> ", Enigmail will try to > process it. Type in the passphrase "abc" without quotes, and you'll I'd call that a TB bug.

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Fri, 8 Jun 2018 20:29, d...@fifthhorseman.net said: > I'm having the same problem. Werner, what is the passphrase for this > test example? abc Sorry. I guess i rushed this thing out a bit too fast. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine #

[Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

y versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa20

Re: efail is imho only a html rendering bug

Hi! Thanks for responding. However, my question was related to the claims in the paper about using CRL and OCSP as back channels. This created the impression that, for example, the certificates included in an encrypted CMS object could be modified in a way that, say, the DP could be change in

Re: doc patches: spelling errors

Hi! Thanks for the fixes. I applied them to master and 2.2 > +++ gnupg.info-1 Sat May 19 19:02:04 2018 Noet that this is a generated file. The source is one of the *texi files. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind

Re: efail is imho only a html rendering bug

On Mon, 21 May 2018 19:11, r...@sixdemonbag.org said: > Efail is not just an HTML rendering bug. It includes very real > attacks against S/MIME as it's used by thousands of corporations. I have not yet seen any hints on how a back-channel within the S/MIME protocol can work. There are claims

Re: Breaking changes

On Wed, 23 May 2018 15:45, m16+gn...@monksofcool.net said: > 1. GPG is maintained by volunteers. If you have any complaint about how > this maintenance is progressing, get off your behind and be a volunteer That is fortunately not true. I work full time on GnuPG and related software, Gniibe is

end-of-life announcements (was: Breaking changes)

On Wed, 23 May 2018 13:56, d...@kegel.com said: >> So when talking about EOL, gpg community should consider writing down a >> consistent EOL strategy, similar to those of Ubuntu, Linux kernel or others >> or something like I tried to argue for in the middle of >>

Re: Forward gpg-agent to container

On Tue, 5 Jun 2018 08:56, andr...@andrewg.com said: > This sounds overly complicated. Once you have the extra socket visible > inside the container, it should be sufficient to set the environment > variable GPG_AGENT_SOCK. You don’t need to start an extra agent inside The envvar GPG_AGENT_INFO

Re: Problem signing git commits with smartcard key

On Fri, 1 Jun 2018 00:04, koo...@spacekookie.de said: > ssb> rsa4096 2018-05-30 [SEA] Remove the S capability from that key. gpg prefers a signing subkey over the primary key but that happens to be an encryption key on the card. You should also be able to specify the key as signingkey =

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 20:46, koo...@spacekookie.de said: > 2018-05-31 20:27:42 scdaemon[17755] DBG: chan_7 <- PKSIGN --hash=sha256 > OPENPGP.2 > 2018-05-31 20:27:42 scdaemon[17755] operation sign result: Invalid ID You are signing with the second key of the token. This is an encryption key and

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 16:12, koo...@spacekookie.de said: > [GNUPG:] FAILURE sign 100663414 > gpg: signing failed: Invalid ID $ gpg-error 100663414 100663414 = (6, 118) = (GPG_ERR_SOURCE_SCD, GPG_ERR_INV_ID) = (SCD, Invalid ID) This shows that the error originates from scdaemon. To look deeper

Re: GPGME export secret subkeys

On Wed, 30 May 2018 17:22, tookm...@gmail.com said: > GPGME has export and import functions that work well as alternatives to > "gpg --import" and "gpg --export". However, looking through the > documentation I cannot find an equivalent to "gpg > --export-secret-subkeys". Have I missed something,

Re: gpgme: environment variable not set

On Thu, 24 May 2018 21:46, trinh.ra...@gmail.com said: > I have recently cross compiled gpgme for a program I am working on but > gpgme fails to function as expected as I get an error saying an environment > variable cannot be found -- verbose in this case doesn't really elaborate > on what that

Re: A Solution for Sending Messages Safely from EFAIL-safe Senders to EFAIL-unsafe Receivers

On Thu, 24 May 2018 00:05, gnupg-us...@spodhuis.org said: > up at . Given that I see more and more mails with "Encrypted mail" as subject, this feature is getting more and more annoying. It will eventually not anymore possible to pre-sort mails as it is

Re: Efail or OpenPGP is safer than S/MIME

On Fri, 18 May 2018 12:18, patr...@enigmail.net said: > How far back will that solution work? I.e. is this supported by all > 2.0.x and 2.2.x versions of gpg? 2.0.19 (2012) was the first to introduce DECRYPTION_INFO In any case 2.0 is end-of-life. In theory we could backport that to 1.4 but I

Re: [GPGME] Repeated decrypt fails

On Thu, 17 May 2018 20:48, trinh.ra...@gmail.com said: > err = gpgme_op_decrypt_start(ctx, fileEncrypted, fileDecrypted); > ctx = gpgme_wait(ctx, , 1); > > std::cout << "Decrypt Status: " << gpgme_strerror(err) << std::endl; Here you show the result of the start operation which is usuallay

Re: AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 13:11, roman.fied...@ait.ac.at said: > How could that work together with the memory based "wipe" approach, you > envisioned in your message > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060379.html , last > paragraph? Tha is a different layer. Basically a part

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 11:21, luk...@gpgtools.org said: > Is there any particular reason why these have not been added to > doc/DETAILS? They don't make much sense. I can't remember why I added them. > If we check for DECRYPTION_INFO 0 X (0 being NO MDC) and the > BADMDC status line (in addition

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:45, roman.fied...@ait.ac.at said: > encryption/decryption gateways. In my opinion gnupg development has a > strong motion towards client-only use-cases, thus I started like Huh? Didn't you noticed all the new features we implemented to make the scripting of key managment

Re: Users GnuPG aims for?

On Thu, 17 May 2018 11:20, andr...@andrewg.com said: > More seriously though, properly marked-up text is demonstrably easier to > read. That's why people submit academic papers in Latex instead of Right. But there is nothing which inhibits a MUA to render a mail in a more appropriate way. But

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On Thu, 17 May 2018 10:24, andr...@andrewg.com said: > Content-type: text/markdown ;-) Content-type: text/org-mode But we need to disable Babel processing. So better stick with Content-type: text/plain and remember that mail is serious work and not for amusement. Salam-Shalom, Werner

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:11, bernh...@intevation.de said: > The technical and organisational difficulty is how to control backchannels It is not technical or organizational problem but a question on how to keep the marketing departments at bay. The need to avoid oracles is an old and standard

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > Within 12 hours after the release I got 5 bug reports/support requests Kudos to Enigmail for acting as our guinea pig. I implemented the same thing in GPGME this morning (see my mail to enigmail users). What shall we do now? Provide a

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:48, r...@sixdemonbag.org said: > While y'all are having this discussion, remember that GnuPG's 95% use > case is verifying Linux packages, and that number isn't expected to > change a whole lot. I am pretty sure that there are more Windows GPG users than users who run

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:39, miri...@riseup.net said: > However, I get that many users expect HTML, embedded images and links. Well they expect a bit of markup like *bold* or _underlined_ or /italics/ and links like https://gnupg.org but any decent MUA already supports this for plain text mails.

Re: Vulnerable clients

On Wed, 16 May 2018 10:02, g...@unixarea.de said: > Most (if not even all) of the MUA which are noted for Linux do run on > nearly any other UNIX flavor, FreeBSD, OpenBSD, ... and mutt in addition I would have written Unix instead of mentioning one specific flavor of Unix kernel software ;-)

Re: Efail or OpenPGP is safer than S/MIME

On Tue, 15 May 2018 11:56, andr...@andrewg.com said: > We should also be very careful to note that none of this discussion > thread applies to the MIME concatenation vulnerability, which is a > problem in Thunderbird and other mail clients, and which cannot be While we are at that point. Can we

Re: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said: > In my opinion it is hard to find such a "one size fits all" > solution. Like Werner's example: disabling decryption streaming The goal of the MDC is to assure that the message has been received exactly as the sender set it. Thus there

Re: Vulnerable clients

On Wed, 16 May 2018 10:48, o...@mat.ucm.es said: >> On Tue, 15 May 2018 03:31, je...@seibercom.net said: > >> My conclusion is that S/MIME is vulnerable in most clients with the >> exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the >> requirement for a user

Re: GPGME progress callback no current or total

On Tue, 15 May 2018 20:45, tookm...@gmail.com said: > PROGRESS UPDATE: what = primegen, type = 43, current = 0, total = 0 > > > Aren't current and total supposed to indicate progress? Why might they > be zero? Depends on the type of progress. For prime generation we can't do any estimation. f

Re: Don't Panic.

On Tue, 15 May 2018 17:06, mw...@iupui.edu said: > Heh. "We've discovered that locks can be picked, so you should remove > all the locks from your doors right now." "There are lot of benefits for members of the Mechanical Frontdoor Foundation. Rely on us for your social engineering tasks.

Re: Breaking MIME concatenation

On Tue, 15 May 2018 22:19, miri...@riseup.net said: > So why use HTML with gnupg? Even some of the journalist kicking that EFFective hype are using encrypted mails with HTML content. 's/ pgpaY0DPHbkw1.pgp Description: PGP signature ___ Gnupg-users

Re: AW: Efail or OpenPGP is safer than S/MIME

On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said: > The status line format should be designed to support those variants to > allow a "logical consistency check" of the communication with GnuPG There is a DECRYPTION_FAILED and that is all what it takes. If the integrity check fails

Vulnerable clients (was: US-CERT now issuing a warning for OpenPGP-SMIME-Mail-Client-Vulnerabilities)

On Tue, 15 May 2018 03:31, je...@seibercom.net said: > NCCIC encourages users and administrators to review CERT/CC’s Vulnerability > Note VU #122919. Doesn't CERT read the paper before produciong a report? The table of vulnerable MUAs is easy enough to read. To better see what we are

Re: Efail or OpenPGP is safer than S/MIME

On Mon, 14 May 2018 22:43, andr...@andrewg.com said: > If we believe that there will be more encrypted messages in the future than > there have been in the past, then protecting those future messages takes > priority, especially if an upgrade pathway exists. Unless you change the default

Re: Efail or OpenPGP is safer than S/MIME

On Mon, 14 May 2018 15:44, andr...@andrewg.com said: > This all exposes one of the difficulties with trying to manage security > software in a decentralised ecosystem. We end up in arguments over whose That is actually easy compared to a system which is also designed to protect data at rest.

Re: Mailpile on Efail

On Mon, 14 May 2018 13:47, r...@sixdemonbag.org said: > Short version: Mailpile isn't impressed, either, and is a little annoyed > they were mistakenly listed as being vulnerable. Yes, all green in the table for Mailpile. GgpOL (Gpg4win's Outlook plugin) is also claimed to be vulnerable but the

Re: Efail or OpenPGP is safer than S/MIME

Hi! I digged in my mail archives and found a discussion with Sebastian Schinzel about a work in progress thing which turned out to not being a GnuPG problem. Here is a timeline with my messages. On 2017-11-24 we were asked for the encryption keys of the security at gnupg.org address. On the

Efail or OpenPGP is safer than S/MIME

not fail hard on receiving a mail without an MDC. However, an error is returned during decrypting and no MDC is used: gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01 "Werner Koch <w...@gnupg.org>" [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_I

Re: smartcards and GPGME

On Mon, 14 May 2018 00:26, tookm...@gmail.com said: > the smartcard from an application. While this can be done from gpg, it > doesn't look like I can do so from GPGME or any other wrappers that > exist. Have I missed something or is this simply not possible yet? GPGME allows to do that. For

Re: Quick commands documentation

On Thu, 26 Apr 2018 11:05, andr...@andrewg.com said: > There's a suspiciously empty documentation page on the main site: I agree that it is pretty terse but it refers to another section with the actual description of the commands. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg

[Announce] GnuPG 2.2.7 released

licious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DE

Re: gpgsm --verify

On Tue, 1 May 2018 10:55, stefan.cl...@posteo.de said: > openssl cms -verify -in original.eml > message.txt && \ > openssl cms -cmsout -in original.eml | \ > sed "1,4d" | base64 -d > file.sig && \ > gpgsm --verify file.sig message.txt Adding --verbose to the gpgsm invocation may give you

Re: CRL server error with gpgsm

On Sun, 29 Apr 2018 22:27, m-guel...@phoenixmail.de said: > gpgsm: checking the CRL failed: Server indicated a failure > gpgsm: error creating signature: Server indicated a failure Dirmngr (the network access component of GnuPG) got an DNS error; that is it can't find the IP of the

Re: gpgsm --verify

On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: > i was wondering when receiving an S/MIME > message created with Thunderbird, how do > i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about

[Announce] GnuPG Made Easy (GPGME) 1.11.1 released

m keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint

Re: Importing existing key as subkey

On Sat, 31 Mar 2018 02:54, chrisbcouti...@gmail.com said: > Hello, > > I'm trying to consolidate my various master keys into a single master > with subkeys. On my 'old' computer with gpg2.0 (openSUSE 42.3) I was > able to export the secret key and split it up with `gpgsplit`. On my > new machine

[Announce] GnuPG Made Easy (GPGME) 1.11.1 released

The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [

Re: gpgme_op_verify regression with gnupg 2.2.6?

On Mon, 16 Apr 2018 11:44, thomas.jaro...@intra2net.com said: > I'm wondering how to prevent other people from running into this issue. I wondered whether I should send out a notice to the announce list but I doubt that those with problems will read it. I will add a pointer to the NEWS entry at

Re: gpgme_op_verify regression with gnupg 2.2.6?

lam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From 9aa33a99701e189d7fc0ff7322fc9e21e35b73fa Mon Sep 17 00:00:00 2001 From: Werner Koch <w...@gnupg.org> Date: Thu, 12 Apr 2018 20:36:30 +0200 Subjec

Re: dirmngr timeout

On Thu, 12 Apr 2018 15:45, lp...@kde.org said: [Full quote trimmed] > It looks like if I run dirmngr manually, as follows, with honor-http-proxy, > gpg works: > > dirmngr --daemon It will also work if dirnmnr is automatically started by gpg or via gpgconf --launch dirmngr. > But when it is run

Re: Errors while creating an g13 encrypted container.

On Fri, 13 Apr 2018 03:49, gnupg-users@gnupg.org said: > There is neither a command or package named userv, nor a script called > 'gnupg-g13-syshelp' in the repositories. The binary g13-syshelp is > available. apt-get install userv Frankly, I wonder why that immense useful tool is not part of

Re: Errors while creating an g13 encrypted container.

On Thu, 12 Apr 2018 17:16, gnupg-users@gnupg.org said: > g13: running '/usr/bin/encfs' in the background IIRC, the author of encfs said that it should not anymore be used. Given that, I have not tested encfs based container in a long time. I use dm-crypt containers instead. > g13: running

Re: gpgme_op_verify regression with gnupg 2.2.6?

On Thu, 12 Apr 2018 12:56, thomas.jaro...@intra2net.com said: > t-verify.c:239: GnuPG: General error > FAIL: t-verify That turns out to be more complicated than on first sight. This error is from checking that BAD signature - in this case gpg emits a BADSIG status line and calls exit with

Re: gpgme_op_verify regression with gnupg 2.2.6?

From: Werner Koch <w...@gnupg.org> Date: Thu, 12 Apr 2018 11:49:36 +0200 Subject: [PATCH GnuPG] gpg: Relax printing of STATUS_FAILURE. * g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed return code and not on the presence of any call to log_error. -- This fixes an actual regr

Re: packet syntax

On Thu, 12 Apr 2018 05:29, ed...@pettijohn-web.com said: > did a hexdump of the file and the first word is `99' which in binary > would be `10011001'. I was expecting to encounter `11000110'.  I'm OpenPGP (RFC-4880) has several ways to encode a packet header. This first byte is called the CTB

Re: gpgme_op_verify regression with gnupg 2.2.6?

On Thu, 12 Apr 2018 10:17, thomas.jaro...@intra2net.com said: > -> to me it seems gnupg 2.2.6 exits with failure > once it encounters an unknown public key. > > Is this behavior to be expected or considered a regression? Good question. I implemented the > "gpg: Emit FAILURE status lines in

Re: dirmngr timeout

On Tue, 10 Apr 2018 17:19, lp...@kde.org said: > Proxy request sent, awaiting response... 200 OK > Length: 58162 (57K) [application/pgp-keys] Okay that works. Now we need to see why dirmngr has a different idea. When we first talked on IRC, someone else reported that he had no problems with

Re: gpgme_op_createkey errors

On Wed, 11 Apr 2018 00:00, gnupg-users@gnupg.org said: > when writing C code using the GPG Made Easy library, the function > "gpgme_op_createkey" is always throwing the error "Not supported" and I can't > find any solution to resolve this. I would suggest to run this with GPGME_DEBUG set. For

[Announce] GnuPG 2.2.6 released

owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78

Re: dirmngr timeout

On Tue, 10 Apr 2018 14:29, lp...@kde.org said: > wget -4 -v -O/dev/null http://80.108.201.53:80 Please try this also: wget -vOx 'http://80.108.201.53:80/pks/lookup?op=get=mr=0x702353E0F7E48EDB' This is the actual request dirmngr does. 'x' has the key then; please check. > Yes, I do have a

Re: Again: Writing DER certificates to ZeitControl Cards

On Tue, 3 Apr 2018 00:47, gnupg-users@gnupg.org said: > By the way, I am using a ReinerSCT CyberJack RFID Standard via PCSCd. > Perhaps this is the source of my problems. Unfortunately I didn't get Reiner readers are a problem. That company does not provide any documentation for their readers,

Re: Features vs versions

On Tue, 27 Mar 2018 21:44, mangoc...@gmail.com said: > Is there an easy table of what features became stable in libgcrypt vs when? In general I would suggest to grep the NEWS file. However, I justed figured that we forgot to announce support for new modes in the NEWS file for 1.6. Support for

Re: Is signing a file with multiple keys possible

On Sat, 24 Mar 2018 00:31, gnupg-users@gnupg.org said: > For Example: John, Harry and Sally wrote a file, lets assume it is a > text file. Now all of them want to sign this file, so that when > verifying it, all three signatures are visible. If you use binary detached signatures (-sb) this is

Re: compilation error for libgpg-error-1.28 on armhf

On Sat, 24 Mar 2018 23:26, mac3...@gmail.com said: > it possible to easily make speedo use v1.27? After the first attempt modify the downloaded swdb.lst file and add CUSTOM_SWDB=1 to the make -f ... line. That should by pass the integrity check and download the version you entered there. I

Re: gpgme_set_passphrase_cb not cooperating...

On Thu, 22 Mar 2018 13:58, mangoc...@gmail.com said: > Now, my target environment is CentOS 7, and they resolve /usr/bin/gpg with > a link to /usr/bin/gpg2 - which does not play nice with > set_passphrase_cb(). Any suggestions on the best way to untangle that knot? Assuming this is GnuPG >= 2.1

Re: gpgme_set_passphrase_cb not cooperating...

On Wed, 21 Mar 2018 23:53, mangoc...@gmail.com said: > Which versions of gpg/gpgme support passphrase callback setting for > symmetric encryption? My gpgme_check_version returns 1.5.5 and gpg > --version returns 1.4.18 in Ubuntu 15.10 I doubt that it will work with 1.4. Note that gpgme prefers

Re: GPG is not working because of gpg.conf

On Tue, 6 Mar 2018 10:30, tliko...@iki.fi said: > The feature is not documented in 2.1.18. Is it documented in newer > versions? It is kind of an emergency option in case we accidently remove an option ;-) Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine

Re: GPG is not working because of gpg.conf

On Mon, 5 Mar 2018 19:30, b...@adversary.org said: > Good to know, but will a version of GPG always select the highest in a > listor the closest number to its own version number if there's not an > exact match? No, the algorithm views the version as a string simply trims the dot/dash delimted

Re: GPG is not working because of gpg.conf

On Mon, 5 Mar 2018 10:41, ba...@basix.tech said: > I don't think this error is because of that because error message says > gpg.conf. gpg searches for its configurarion file in this order (I use 1.4.23 as example): gpg.conf-1.4.23 gpg.conf-1.4 gpg.conf-1 gpg.conf The first existing

Re: GPG is not working because of log-file configuration

On Sun, 4 Mar 2018 17:33, kloec...@kde.org said: > Remove the timestamp at the end of line 6. Apparently, the (UTF-8-encoded?) > Unicode characters confuse gpg. That looks like a c+p error. The timestamp is an asctime and has no Unicode characters. But even then it won't harm because it is

Re: GPG is not working because of gpg.conf

On Sat, 3 Mar 2018 21:06, ba...@basix.tech said: > I think Kleopatra or another GPG frontend misconfigured my gpg.conf. How do I > fix it myself? My GnuPG version is 1.4.22. Create a possible empty file ~/.gnupg/gpg.conf-1 this will then be used for the 1.4 version. Shalom-Salam,

Re: New employment

On Sat, 3 Mar 2018 05:43, r...@sixdemonbag.org said: > I'm taking a new job with IronNet Cybersecurity, which is run by former > Director of the National Security Agency Keith Alexander. My work will > not overlap with GnuPG in any way. Thanks for letting us know and thanks for maintaining the

Re: entropy gathering daemon

On Fri, 2 Mar 2018 05:20, d...@fifthhorseman.net said: > Is there any chance that gcrypt will adopt this approach on GNU/Linux > systems, or at least make it available so that GnuPG can use it? This is already the case since libgcrypt 1.7.1; /etc/gcrypt/random.conf was only added with 1.8.0.

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Wed, 28 Feb 2018 15:02, w...@gnupg.org said: > Oh no, I don't want to promote create solutions of our complex API ;-) s/create/creative/ -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpGzDg0TYmpd.pgp

Re: openpgp smartcard: ssh auth speed vs. RSA key size

On Thu, 1 Mar 2018 18:18, thomas.jaro...@intra2net.com said: > We found this while creating our keys with 4096 bit and now reverted to 2048 > bit. It's secure enough and the speed hit is almost not noticeable. With a gnuk token and an ed25519 key it will even be much faster than with a RSA

Re: [FEATURE REQ] Keygrips in --card-status

On Thu, 1 Mar 2018 13:06, pe...@digitalbrains.com said: > So if --card-status would actually use the --with-keygrip option, it > would be much easier to look up the keygrip for an OpenPGP smartcard, Good suggestion. Here is the output you will see in 2.2.6 when --with-keygrip is used with

Re: gnupg SmartCard V3.3

On Thu, 1 Mar 2018 10:08, k...@glsys.de said: > i found this ct 2017-10 (german computer magazine) Article, > where they claim the reader to be working with the openpgp smartcard Version > 2.1 > by transfering precreated 4096-Bit keys. This is exactly what i am Well most drivers work on

Re: gpgsm as a CA

On Wed, 28 Feb 2018 18:57, andr...@andrewg.com said: > Is there any support for using gpgsm as a certificate authority? There is some basic support to create certificates: The format of the parameter file is described in the manual under "Unattended Usage". [...] This parameter

<    3   4   5   6   7   8   9   10   11   12   >