On Wed, 27 Sep 2017 20:24, d...@fifthhorseman.net said:
> I've noted this as https://dev.gnupg.org/T3430
Thanks. My fix is
--check-signatures
--check-sigs
Same as --list-keys, but the key signatures are verified and
listed too. Note that for performance reasons the
On Tue, 26 Sep 2017 13:07, andr...@andrewg.com said:
> The gpg command itself should cryptographically verify signatures when
> performing --list-sigs, so that at least it can throw a warning when an
Actually --list-sigs is more of a debug command than a command users
should use to verify a key.
On Sun, 24 Sep 2017 19:55, g...@unixarea.de said:
> I will look for some slot next week. I will have to send it to you as I
> don't see a way to create an account in the blog...
Ack. The accounts on that box are only for regular gnupg commiters.
Shalom-Salam,
Werner
--
Die Gedanken sind
On Sun, 24 Sep 2017 10:59, g...@unixarea.de said:
> I would be happy to write something in this blog, but I never wrote
> something in 'org-mode' format, any pointer to some guide? I'm attaching
If you are on Emacs it is already included and part of Emacs help
system. It's website is
On Sat, 23 Sep 2017 10:47, g...@unixarea.de said:
> I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details
> here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3
Cool.
> I could post a small how-to to some place because due to the nature of
Would you like to
On Fri, 22 Sep 2017 20:48, g...@unixarea.de said:
> Ok. I will update to the most recent version. Btw: libcrypt is 1.7.0.
Please update to 1.7.9 - Libgcrypt is the most likely cause for a bus error.
> Linux ubuntu-phablet 3.4.67 #1 SMP PREEMPT Mon Jun 6 12:04:40 UTC 2016
> b75400e armv7l
On Fri, 22 Sep 2017 19:23, stefan.cl...@posteo.de said:
> O.k. i just tested a bit and this is a bug int the Web Interface and in
> GnuPG's CLI Interface.
I don't see a bug here.
However, given that you use Posteo, you are in the good position to use
the Web Key Directory feature. This
On Fri, 22 Sep 2017 17:24, g...@unixarea.de said:
> I instructed via gpg-agent.conf the gpg-agent to do a debug log which
> follows. The proc gpg-agent crashes with SIG_BUS.
That is why you see and EOF error from gpg.
We did a few more release after 2.1.19, which was released on March 1.
Not
On Thu, 21 Sep 2017 11:03, aheinl...@gmx.com said:
> Interesting. I haven't found anything smartcard related in the GPGME
> docs. I am really not good at C, but I took a look at the sources of
Yes, it is a generic interface to make a core libassuan function (which
is already used by gpgme)
ities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0
On Mon, 18 Sep 2017 23:37, d...@fifthhorseman.net said:
> modern versions of gpg should default to the hkps pool, and shouldn't
> need any explicit configuration.
Right, and it is also more future proof to use the keyserver option in
dirmngr.conf instead of gpg.conf. But as you say, no
On Thu, 14 Sep 2017 14:26, sandhya.sha...@morpho.com said:
> I am using GPG4Win and have to sign data with a specified key through
> my code in C++.But I didn't find much help on how to specify key for
> signing data in GPG
You need to put the signer into the context. See this secion in the
On Sat, 9 Sep 2017 14:54, philip.jack...@nordnet.fr said:
> Suggestions as to how to check and correct this situation would be
> appreciated.
Newer versions of gpg should print a better error message; at least with
-v. I guess that your pinentry is not installed or can't be used.
Do you have
On Tue, 5 Sep 2017 02:45, marioxcc...@yandex.com said:
> Are you sure that this is required in Solaris? At least in Debian
> GNU/Linux there is no need to setuid the gpg binary to root. Root setuid
> programs are a security problem. If an attacker can get control of this
> program, he can
From the /Common capital stock/ of 25000 Euro 50% are held by Walter
Koch and 50% by Werner Koch, the owners of g10^code. The /Net profit/
gained in 2015 is added to /Profit carried forward/.
The /Accounts payable other/ is my profit sharing bonus of 24739 and
VAT payable for the last q
oaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expire
On Sat, 26 Aug 2017 00:35, l...@anarc.at said:
> I'm in the process of reviewing performance of various security tokens
> (the Yubikeys, the FST-01, Nitrokey), and I am getting somewhat
Thanks for the numbers. However, the numbers Nitrokey are are missing.
Shall I send you a "standard"
On Sun, 13 Aug 2017 08:17, dani...@grinta.net said:
> Digging a bit more, it seems that the functionality got dropped because
> with GnuPG 2.x all key manipulations go through gpg-agent and it does
> not (yet?) support password reset on expert.
Unfortunately this is still an open bug:
On Thu, 10 Aug 2017 10:25, ine...@gnu.org said:
> I submitted a Russian update on 2017-08-05 to gnupg-i...@gnupg.org,
> but it looks like it was ignored; did I do anything wrong?
My fault sorry. I should really merge my translations@ and gnupg-i18n@
folders to have only one place to check.
On Wed, 9 Aug 2017 20:07, aheinl...@gmx.com said:
> after reading today's announcement of GNuPG 2.1.23, I had the idea of
> having a system-wide /etc/gnupg.conf, to disable the new
> auto-key-retrieve etc. User's gnupg.conf should still be used and
> override the same options in the system-wide
red by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406
On Sat, 29 Jul 2017 20:24, di...@webweaving.org said:
> Lovely. Is there any way one can suppress the fingerprint of the primary key
> (as when doing line oriented things; bith the ’sec’ and ’ssb’ line are
> followed by structurally identical ‘fpr’ lines)?
No. You should use a simple state
On Sun, 30 Jul 2017 14:52, di...@webweaving.org said:
> Replying to my own question — the man page of of gpg-preset-passphrase
> should perhaps suggest to use ‘gpg —with-keygrip ..’ or ‘gpg —with-colons ..’.
Thanks for the suggestion. However there is a gug in gpgsm which does
not print the
On Fri, 4 Aug 2017 14:36, roman.fied...@ait.ac.at said:
> Ah, that's great - and actually the first nice gpg-agent feature apart from
> gpg-agent being little annoying when running it on RAM-disks in early boot.
(And the ssh-agent support, which is one of the mos useful features I
have on my
On Wed, 2 Aug 2017 15:52, roman.fied...@ait.ac.at said:
> How to decrypt large files, e.g. gpg-encrypted backups, without copying them
> to the machine with the GPG private key?
With GnuPG 2.1 this is easy: You use ssh's socket forwarding feature to
forward gpg-agent's restricted remote
On Thu, 3 Aug 2017 19:24, gnupg-users@gnupg.org said:
> stderr=gpg: protection algorithm 3 is not supported gpg: encrypted with
Your private key is encrypted with CAST5 but you have disabled support
for CAST5 in gpg or you disabled CAST5 when you built libgcrypt.
> gpg (GnuPG) 2.0.14
>
On Thu, 3 Aug 2017 02:35, kgallag...@cloudflare.com said:
> Is anyone aware of any options or configurations which can increase the
> efficiency of memory resource usage, allowing us to quickly decrypt more
> things at once?
Don't use too many parallel sessions. gpg's --multifile option may
On Wed, 2 Aug 2017 03:05, r...@sixdemonbag.org said:
> At the command line a subkey can be specifically selected by appending
> an exclamation mark to the *subkey* key ID, but I don't believe GPGME
> supports this behavior.
That's right. I opened a wishlist item as
https://dev.gnupg.org/T3325
by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085
On Wed, 26 Jul 2017 02:21, gnupg-u...@niob.at said:
> One more question for this topic: Am I right that secret key export is
> not really implemented, even though there is the
> GPGME_EXPORT_MODE_SECRET flag to gpgme_op_export_keys()?
No, it is implemented. You may use the run-export test
On Tue, 25 Jul 2017 22:30, mar...@gmx.com said:
> I've been trying to understand gpg-agent cache behavior in the presence
> of two distinct keys with the same passphrase. Namely, why is that it
> only asks for the passphrase once, regardless of the key being used?
There is a kludge in gpg and
On Fri, 23 Jun 2017 10:02, madd...@madduck.net said:
> Are you saying that gnupg 2.1.18 added the self-signature in the
> wrong place?
There is no right or wrong place. gpg uses the latest valid
self-signature according to the timestamp in the self-signature. Use
--with-colons to see the full
On Mon, 24 Jul 2017 16:27, stefan.cl...@posteo.de said:
> macOS, i get the following message:
Please do
gpg --version
gpg -v --clearsign loremipsum.txt
and show us the full output.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Fri, 21 Jul 2017 10:05, di...@webweaving.org said:
> Thanks - that is a nice treasure trove you unearthed for me. Thanks !
Some examples are give at
https://gnupg.org/faq/whats-new-in-2.1.html#quickgen
> Ok - I’ll need to investigate as to why this does work for our setting (auto
>
On Wed, 19 Jul 2017 00:10, knaac...@gmx.de said:
> me2486 0.0 0.0 34028 3940 ?SL 21:46 0:00 gpg2
> --enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty
> --charset utf8 --enable-progress-filter --exit-on-status-write-error
> --display :0 --ttyname
On Tue, 18 Jul 2017 23:30, g...@mdsresource.net said:
> Further investigation reveals that Kleopatra is gnuTARring the ZIP file
> prior to encryption.
That should only happen when you select multipe files or a directory.
This invokes the pgp-zip method of encrypting multiple files. Despite
the
On Tue, 18 Jul 2017 22:49, r...@sixdemonbag.org said:
> random_seed is internal data belonging to the PRNG.
That is right. However we always add at least 128 bit of fresh random
which would be enough - at least on all systems with /dev/random or on
Windows. It is just that we are
erm keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key
On Mon, 17 Jul 2017 00:38, knaac...@gmx.de said:
> This is much better. Somehow of a problem is just, that the pinentry window
> is not resizable, so the window title gets cut off. I would say, all this
> information should better be put inside the window itself.
Too much info for most users.
On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said:
> I don't think there's currently any plan to do anything like this, but
Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18,
though) when used withwith a pinentry from Git after 2017-02-03. There
you will see in the
On Thu, 13 Jul 2017 15:08, dam...@cassou.me said:
> strace reveals the following. Does that ring a bell to anyone?
"debug-pinentry" in gpg-agent.conf would give you more info. Adding
also "debug ipc" will show you the communication between gpg and
gpg-agent; that is what you strace shows. Use
On Thu, 13 Jul 2017 12:49, g...@unixarea.de said:
> How is this supposed to be managed?
You can't do anything about it. The card protects your key against
compromise - but not the use of the key.
For the signing key we have a signature counter and if you can memorize
the count and the number
On Wed, 5 Jul 2017 21:39, gnupg-users@gnupg.org said:
>> libgcrypt v<=?
>
> Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
> is the oldest I could find).
Actaully starting at 1.6.0 which introduced the sliding window method to
catch up performance losses due to other
On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said:
> decrypt with cancel'ing the pinentry, one with missing private key and
> one with a truncated input file. All three gave
>
> print str(e): Invocation of gpgme_op_decrypt_verify: GPGME: Decryption
> failed
This has been fixed yesterday in
On Tue, 4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said:
> Is 1.4 vulnerable to this attack as well? I know it ows not use
> libgcrypt but I'm not sure about the vulnerability.
Maybe. And probably also to a lot of other local side channel attacks.
Shalom-Salam,
Werner
--
Die Gedanken
On Sat, 1 Jul 2017 16:46, linux_nutze...@mailbox.org said:
> When I tried to import a CentOS gpg key according to the manual from [1], I
> made the following observation:
>
> "gpg --quiet --with-fingerprint " does not return the fingerprint
> when using gnupg 2.1.17 (on ArchLinux and openSuse
On Fri, 30 Jun 2017 02:33, lewis...@gmail.com said:
> Do you know any time frame and significant changes of v5 specs?
Next year we will prepare GnuPG to handle v5 keys read-only. I assume
that we can create v5 keys by default in maybe 5 years.
Shalom-Salam,
Werner
--
Die Gedanken sind
3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key
On Fri, 23 Jun 2017 00:33, 2014-667rhzu3dc-lists-gro...@riseup.net said:
> I didn't know you could remove a usage flag once the key was on the
Those flags are tracked in self-signatures. When changing a flag a new
self-signature is used. This will be uploaded to the keyserver. gpg
uses the
On Thu, 22 Jun 2017 16:29, madd...@madduck.net said:
> updating the trustdb on update of key material, wouldn't it make
> much more sense to compute the information just-in-time? Provided
For a key listing this means computing it for every listed key. And the
majority of frontends first do a
On Wed, 21 Jun 2017 19:11, pe...@digitalbrains.com said:
> I think this is because of an expired certificate for versions.gnupg.org:
Sorry for this. Fixed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpLUBTrl8Z_C.pgp
Description: PGP
On Thu, 15 Jun 2017 14:13, ndk.cla...@gmail.com said:
> authentication and signing). Both ePass2003 and MyID implement PKCS#15,
> so IIUC they should be usable.
gpg expects an OpenPGP card. For pkcs#15 you need to use gpgsm. As a
starter do
gpgsm --learn-card
which imports the certificates
On Mon, 12 Jun 2017 20:12, g...@unixarea.de said:
> create some backup of the secret key into a file. It is totally unclear
> to me how to make something usefull out of this file, for example import
> it into a "normal" secret keyring to use it in case of the GnuPG acrd
To try it you best insert
On Mon, 12 Jun 2017 12:38, g...@unixarea.de said:
> Do you know of any other CCID reader for ID-000 size cards?
I have a sample of the Gemalto Shell Token here. It has been around for
quite some time and the kernelconcept folks that it works nicely. See
On Fri, 9 Jun 2017 08:39, g...@unixarea.de said:
> I know, this is not a GnuPG issue, but I wanted to mention it here to
> ask if others has similar experiences, even on Linux or other OS, or if
> it worth to get a new OMNIKEY device or even another device.
You better avoid everything with an
On Fri, 9 Jun 2017 08:23, g...@unixarea.de said:
> Thanks as well for the nice hint about X-message-flag: header line.
> The warning looks really nice in the crappy MS OutLook.
I learned that from Jens Link whom you may know.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen
On Sun, 11 Jun 2017 20:07, g...@unixarea.de said:
> How could I change the passphrase I have entered while generating the
> keys on the GnuPG card? I tried with no success:
To change the PINs on the card you need to use
gpg --card-edit
At the prompt you can directly change the PIN using
On Tue, 6 Jun 2017 14:39, ndk.cla...@gmail.com said:
> Is it possible to "extract" the used session key, so that the requester
> just ignores the asymmetric crypto and just uses the symmetric key to
> decode the file? Drawbacks? Other ideas?
Here is how I would do that:
( gpg --status-fd 1
On Thu, 8 Jun 2017 12:48, g...@unixarea.de said:
> Every time I write to gnupg-users@gnupg.org I get this crap from a robot
> or from Sarah about dating. Can someone do anything that he/she/it is not
That bot is subscribed. I enabled the moderation flag and disabled
delivery.
Shalom-Salam,
> The bad PIN counter in the card is not decremented. Switching the card
> back to 'forced' makes signing with PIN working again.
Interesting. Did you also try to reset the card (i.e. re-insert) whit
non-forced set?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
int
appended. How to configure this depends on your mailer. I do this in
Gnus:
--8<---cut here---start->8---
(setq gnus-posting-styles
'((".*"
(name "Werner Koch")
(address "w...@gnupg.org" )
On Wed, 7 Jun 2017 23:32, socal2...@gmail.com said:
> I installed libgcrypt 1.7.7 on this machine but it reverts to the
> distro installation of 1.6.6
Did you install the correct libgcrypt*-dev package (assuming you are
using a pre-packaged version) and can configure find it? Enter
g-term stability the new campaign focuses on recurring donations
and not one-time donations. Says lead developer Werner Koch: “We want
to continue our work in the long term. But, we want to do so in such
a way that our first loyalty is unambiguously to the general public.
This means makin
On Wed, 31 May 2017 19:34, ankos...@gmail.com said:
> More detailed, from the three standards supported, only the last one,
> XML-sig, supports PGP: https://www.w3.org/TR/xmldsig-core/#sec-PGPData
That looks pretty much like a re-specification of PKCS#15 which also has
provisions for PGP and
leases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF
On Mon, 22 May 2017 18:07, timemas...@sillydog.org said:
> Can someone please explain why I am getting a yellow bar on a LOT of
> signed msgs saying that the key type is unknown??
Some of these mails are probably also from me. By default I sign my
messages with an Ed25519 subkey which is a
es for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werne
On Thu, 11 May 2017 11:26, roger@matrix.ai said:
> All other dependencies of gnupg works on cygwin 64 bit, this is the
> only one that fails, and thus prevents building gpg2 on Cygwin 64 bit.
You will not be able to build a working GnUPG for 64 bit Windows - if
that is what Cygwin 64 bit is
On Thu, 6 Apr 2017 05:03, mogl...@gmx.net said:
> sec# 4096R/XAB 2017-XX-XX [expires: 20XX-XX-XX]
> uid My name
> ssb> 2048R/XBB 2017-XX-XX
> ssb> 2048R/XCB 2017-XX-XX
> ssb> 2048R/XDB 2017-XX-XX
The man page explains the '#' under
Hi!
On Thu, 6 Apr 2017 14:21, d...@00dani.me said:
> It's very confusing, as it seems to indicate my secret keyring contains
> keys that it definitely doesn't. Why the inconsistency? Can I somehow
Good catch. Thanks.
There is a stupid bug in the code:
--8<---cut
re
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
ed by the long term keys of
their respective owners. Current releases are signed by one or more
of these five keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [ex
On Mon, 27 Mar 2017 13:55, p...@jankoppe.de said:
> $ LANG=C gpg2 --version
> gpg (GnuPG) 2.1.19
> libgcrypt 1.7.6
Can you please run a
gpg-agent --version
too. That is just in case the agent is using a different Libgcrypt.
I guess we should also add an Assuan getinfo option to show the
On Thu, 23 Mar 2017 02:32, micha...@syapse.com said:
> 2017-03-22 21:25:14 gpg-agent[3624] DBG: rsa_decrypt res: [out of core]
> 2017-03-22 21:25:14 gpg-agent[3624] O j: ... this is a bug
> (sexp.c:1433:do_vsexp_sscan)
The bug diagnostic is a side-effect of the out of core error. I'll
On Wed, 22 Mar 2017 14:32, terry.stew...@mrc-bsu.cam.ac.uk said:
Hi,
The quoted part of the log is unfortunately not what I am looking for.
Please check the log for lines similar to this:
configure: checking for libraries
checking for gpg-error-config... /usr/local/bin/gpg-error-config
Hi,
On Wed, 22 Mar 2017 12:41, shrivastavasubha...@gmail.com said:
> What is the full form of GnuPG
GnuPG stands for GNU Privacy Guard
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpQmJUH8voo0.pgp
Description: PGP signature
On Wed, 22 Mar 2017 00:10, terry.stew...@mrc-bsu.cam.ac.uk said:
> *** You need libgcrypt to build this program.
> ** This library is for example available at
> *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
> *** (at least version 1.5.0 using API 1 is required.)
Did you install the development
On Thu, 16 Mar 2017 15:55, pe...@digitalbrains.com said:
> Perhaps we should either retire ciphers with a 64-bit block length or
> make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no
> longer up to the user to be prudent with large amounts of data.
Those who have large
I hit group reply in Thunderbird and at the top of this
> message is:
>
> On 03/11/2017 09:27 AM, Werner Koch wrote:
Right, because my From header has not been rewritten (no reject DMARC
policy at gnupg.org). But if you look above you can notice that Gnus
took the ML address - should be
On Wed, 15 Mar 2017 10:14, miro.ro...@croatiafidelis.hr said:
> keyserver hkps.pool.sks-keyservers.net:443
I guess we should better default to hkps:// if a scheme is not given. I
have not checked whether this is already the case.
> I record SSL-keys all the time, and I believe every
On Wed, 15 Mar 2017 12:11, jus...@g10code.com said:
> https://bugs.gnupg.org/gnupg/issue2959
This bug was reported by dkg a month ago but we unfortunately missed to
fix it for 2.1.19.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpzc3eMl7Bal.pgp
On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said:
> So long as you understand GnuPG will not make any changes that break RFC
> conformance... and dropping SHA1/3DES breaks RFC conformance.
Well, it is possible to use
--weak-digest SHA1 --disable-cipher-algo 3DES
with gpg.
Shalom-Salam,
On Sun, 12 Mar 2017 17:36, r...@sixdemonbag.org said:
> sig!31DCBDC01B44427C7 2015-07-16 Robert J. Hansen 14 good signatures
This is a diagnostic which goes to stderr.
The former is fully buffered, the latter is line
Hi!
You may have noted that the From address has been rewritten to show the
list address instead of your address. In addition a reply-to header has
been set so that your address is also known.
The reason for this is that some mail sites now have a DMARC reject
policy which leads to a bounce
On Fri, 10 Mar 2017 10:26, alexander.stro...@giepa.de said:
> What's the problem here?
Please add
verbose
debug network,dns,ipc
And a log file option to dirmngr.conf and check the log.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Hi!
On Fri, 10 Mar 2017 23:34, marcel.wag...@gmx.de said:
> lib and find this struct in a context.h header file, but this is not
> included in gpgme.h? My question is now, is the gpgme.h file complete?
Yes it is complete. Anonymous structures are the standard way in C to
hide implementation
On Wed, 8 Mar 2017 00:57, jeste...@microsoft.com said:
> I spotted the fact that I was (incorrectly) using
> gpgme_op_decrypt_verify() when I think I should be using
> gpgme_op_decrypt(), so I fixed that but I still get “Not Implemented”.
The reason why it shows "Not implemented" is that you
On Thu, 16 Feb 2017 15:31, tliko...@iki.fi said:
>> please be aware that if you switch from "trust-model direct" to
>> "trust-model tofu+pgp", then your previous assignments of "trust" will
>> transform into indications of "ownertrust".
>
> That has been my assumption. Thanks for verifying.
I'll
On Tue, 7 Mar 2017 21:03, tliko...@iki.fi said:
> Interesting. It seems that the feature is not documented. I tested
> version 2.1.18 in Debian testing and neither the man page nor
> --edit-key's "help" command tells anything about the feature.
One of the hidden commands to be revealed in case
On Tue, 7 Mar 2017 09:40, billdanger...@gmail.com said:
> I would like first to be sure that this process of migrating a master key
> to subkey is reliable ? Am I not breaking something, that I am going to
> regret ?
Please see the other comments.
> Is there a way (even if hacking gpg code is
On Tue, 21 Feb 2017 10:56, ra...@inputplus.co.uk said:
> I wonder if aiming for dead on the second is a good idea. If everything
> did that then there might silence until the next second boundary, but
> many cores would wake up to work for a short time.
I had the same concern but the folks who
On Tue, 28 Feb 2017 01:28, gl...@rempe.us said:
> What though is the benefit of using gnupg key as the crypto behind the
> client auth? Seems like you are more exposed by having a portable gpg
It is up to the user where to store the key. For obvious reasons the
user should use a token (e.g.
On Mon, 27 Feb 2017 15:20, jeste...@microsoft.com said:
> I'm working on re-implementing GMime to use libgpgme (1.8.0 on Fedora
> 25) instead of using my own custom logic for fork()ing/exec()ing gpg &
Great, we like the use of the GPGME API. I guess GMime is not used by
Evolution ;-)
Which
On Fri, 3 Mar 2017 18:28, thomas.jaro...@intra2net.com said:
> The support for multiple card readers sounds very promising.
Indeed, I do not anymore need to open the door to the server room to
change the card several times during release preparing (the commit key
and the releasing signing key
Hi Jeff,
On Fri, 3 Mar 2017 19:04, jeste...@microsoft.com said:
> Anyone have any thoughts on this?
Soneone of us will get back to you on Monday. We have been pretty busy
with the 2.1.19 release the last week.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Sat, 25 Feb 2017 16:26, pe...@digitalbrains.com said:
> I'd like to add to the bug report that I also observe this behaviour
> with GnuPG 1.4.18 on Debian jessie/stable (package 1.4.18-7+deb8u3) and
> GnuPG 2.0.26 on the same (package 2.0.26-6+deb8u1). So it is not just 2.1.
FWIW, it has been
On Wed, 1 Mar 2017 21:03, ankos...@gmail.com said:
> Would it be possible with the next release to build also the python-2
> & 3 bindings for Windows?
Good suggestion - we will look into it.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Fri, 3 Mar 2017 07:21, gnupg-us...@spodhuis.org said:
> Why is `export-clean` not dropping the expired subkey? Is it that
> export-clean only filters unusable userids, not unusable subkeys?
Right:
/* Always do the cleaning on the public key part if requested.
* Note that both
urrent releases are signed by one or more
of these four keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB
On Fri, 17 Feb 2017 14:59, ra...@inputplus.co.uk said:
> gnupg 2.1.18-1 on Arch Linux. I noticed powertop ranking the
> gpg-agents, one per user, quite highly, and their impact is multiplied
> by their number. strace(1) showed the two-second select(2) timing out
> with no syscalls in between,
901 - 1000 of 3672 matches
Mail list logo